June 25, 2021
Forget the Windows 10 (the last version of Windows once). Forget the SolarWinds’ misstep. Forget the complexity of Teams for a consultant used to Zoom. Think about this milestone. Fortune has named the Redmond outfit the big dog in diversity and inclusion.
For a big tech firm, the company is refreshingly free of discrimination-based scandals. Windows Central reports, “Microsoft Tops Fortune 500 Charts for Diversity and Inclusion.” Writer Sean Endicott shares some data from this year’s Fortune 500 report on the subject:
Fortune and Refinitiv partnered together to gather data and rank organizations based on 14 key metrics, including the percentage of minorities on a company’s board, the percentage of employees that are women, and the percentage of employees with disabilities. This list also includes Measure Up, a ranking of the most progressive companies based on diversity and inclusivity. Microsoft measures well in several key areas. Fortune highlights that it provides day-care services and has an employee resource group voluntarily formed by workers. The company also has targets for diversity and inclusion and policies regarding gender diversity. According to Fortune, 39.7% of Microsoft’s board is made up of racial and ethnic minorities. Overall, Microsoft’s workforce is 49.8% racial or ethnic majorities. 41.3% of managers at Microsoft are racial or ethnic minorities. While Microsoft has positive figures regarding racial and ethnic diversity, it falls behind in gender diversity. According to 2020 data reported by Microsoft, only 28.6% of its employees were women. 26.3% of managers at Microsoft were women in the same timeframe.”
The Windows cheerleaders may see some room for improvement. The write-up reminds us Microsoft makes a habit of emphasizing diversity and inclusion, linking to examples here, here, here, and here. Perhaps Google could learn a thing or two from that company. For example, reduce the management goofs that lead to global awareness of stuff like the Timnit Gibru and ethical AI matter. And Fortune knows a lot about diversity and inclusion, right?
Stephen E Arnold, June 25, 2021
June 23, 2021
How about the way Word handles images in a text document? Don’t you love the numbering in a Word list? And what about those templates?
Microsoft loves features. It is no surprise that Teams is collecting features the way my French bulldog pulls in ticks on a warm morning in the woods in June.
Here is an interesting development in search. We learn from a very brief write-up at MS Power User that “Microsoft Search Will Soon Be Able to Find Teams Meeting Recordings Based on What Was Said.” It occurs as the company moves MS Teams recordings to OneDrive and SharePoint. (We note Zoom offers similar functionality if one enables audio transcription and hits “record” before the meeting.) Writer Surur reports:
“Previously, Teams meeting recordings were only searchable based on the Title of the meetings. You will now be easily able to find Teams meeting recordings based on not just the Title of the meeting, but also based on what was said in the meeting, via the transcript, as long as Live Transcription was enabled. Note however that only the attendees of the Teams meeting will have the permission to view these recordings in the search results and playback the recordings. These meetings will now be discoverable in eDiscovery as well, via the transcript. If you don’t want these meetings to be discoverable in Microsoft Search or eDiscovery via transcripts, you can turn off Teams transcription.”
This is a handy feature. It does mean, however, that participants will want to be even more careful what they express in a Teams meeting. Confirmation of any surly utterances will be just a search away. How does the system index an expletive when the dog barks or a Teams’ session hangs?
Cynthia Murrell, June 23, 2021
June 21, 2021
I read “State of the Windows: How Many Layers of UI Inconsistencies Are in Windows 10?” I found the listing of visual anomalies interesting. I don’t care much about Windows. We run a couple of applications and upgrade to new versions once the point releases and bugs have been identified and mostly driven into dark holes.
The write up points out:
As you may know, Microsoft is planning on overhauling the UI of Windows with their “Sun Valley” update, which aims to unify the design of the OS. However, as we can see, Windows is one behemoth of an operating system. Will their efforts to finally make a cohesive user experience succeed?
My answer to this question is that Microsoft has embraced processes which tolerate inconsistencies. I see this as a strategic or embedded function of the company’s management attitude: Good enough. If a company cannot make interfaces consistent, what about getting security issues, software update processes, and code quality under control.
I want to mention the allegation that Microsoft may have been signing malicious drivers. For more on this interesting assertion, navigate to Gossi The Dog at this link. One hopes the information in this sequence of messages and screenshots is fabricated. But if there are on the money, well …
If you can’t see it, perhaps “good enough” becomes “who cares.” Obviously some at Microsoft hold both of these strategic principles dear.
Stephen E Arnold, June 21, 2021
June 16, 2021
From my point of view, the defining event of 2021 was the one-two punch of SolarWinds and the Microsoft Exchange Server breaches. I call these “missteps” because the jargon of the cyber wizards at the Redmond outfit and the legions of cyber security vendors talk around compromising systems in ways which are mind boggling. Yep, a “misstep.” Not worth worrying about.
I scanned the research data in “Unsuccessful Tech Projects Get Axed During the Pandemic” and checked with my trusty red ink ball point pen, these items. Let’s just assume these data are close enough for horse shoes, shall we?
That what I thought when I read “Windows 11 Has Leaked Online: What the Next Version of Windows Looks Like.” This write up does not talk about addressing the software update methods, the trust mechanisms within the Windows ecosystem, nor the vulnerabilities of decades old practices for libraries and dynamic linked libraries, among others. Nope. It’s this in my opinion:
Image source: Noemi P.
A new look, snappy dance moves, and distraction. The tune is probably going to be a toe tapper. The only hitch is that the missteps of SolarWinds and Microsoft Exchange Server missteps might throw the marketing routine off beat.
Stephen E Arnold, June 16, 2021
June 9, 2021
Yep, now it is a “new” Windows. And Teams, the feature rich Word software which struggles to number stuff and keep text and images where the author put them. Plus the security system that will prevent SolarWinds’ missteps and Exchange Server from becoming the lap dog of bad actors. “How Microsoft Fumbled Skype – and Let Zoom Flourish” is an interesting article. The implicit messages in the document are intriguing: Microsoft is big but not really able to handle opportunities like Skype in a way that avoids head shaking and hand wringing.
I marked this passage in the source document:
Although Skype, launched in 2003, has been available nine years longer than Zoom and is owned by tech titan Microsoft, Zoom has effectively left it in its dust. People don’t say “I’ll Skype you” as often as they say “I’ll Zoom you” anymore.
The write up provides some historical color but nailed the reason for Microsoft’s Skype fumble:
In 2011, when Microsoft acquired Skype for US$8.5-billion, Zoom had just launched and Skype already had 100 million users. By 2014, Skype was popular enough to merit inclusion as a verb in the Oxford English Dictionary. And by 2015, it had 300 million users. But Skype’s technology wasn’t well-suited to mobile devices. When Microsoft set about to address that problem, it introduced a host of reliability nightmares for users. It gave them further headaches by redesigning Skype frequently and haphazardly while integrating messaging and video functions.
My experience with the new Skype is that the Teams’ environment is pretty darned confusing. This comment illustrates what happens when management guard rails are not in place for programmers who may have good ideas but cannot cope with the outstanding Microsoft operating systems:
When Microsoft set about to address that problem, it introduced a host of reliability nightmares for users. It gave them further headaches by redesigning Skype frequently and haphazardly while integrating messaging and video functions.
Could this Skype example provide some insight into the security issues Microsoft’s core systems face. I know which company will win the prize for most loved software from a coalition of Eastern European bad actors. Do you? Let’s ask a JEDI knight.
Stephen E Arnold, June 9, 2021
June 9, 2021
I got a kick out of “Microsoft Blames Human Error Amid Suspicion It Censored Bing Results for Tiananmen Square Tank Man.” The tank man reference refers to an individual who stood in front of a tank. Generally this is not a good idea because visibility within tanks is similar to that from a Honda CR-Z. Hold that. The tank has better visibility. Said tank continued forward, probably without noticing a slight impediment.
The story talks not about visibility; its focus is on Microsoft (yep, the SolarWinds’ and new Windows’ outfit). I read:
Throughout Friday afternoon, using the image search function on Microsoft-operated Bing using the words “Tank Man” returned the message, “There are no results for tank man / Check your spelling or try different keywords.” (According to Motherboard, the same is true in other countries outside the U.S., including France and Switzerland.)
DuckDuck and Yahoo search presented a similar no results message. These are metasearch systems eager to portray themselves as much, much more.
Why? The article reports:
Microsoft has done business in China for decades, and Bing is accessible there. Like competitors such as Apple, the company has long complied with the whims of Chinese censors to maintain access to the country’s massive market, and it purges Bing results within China of information its government deems sensitive. However, the company said that blocking image results for “Tank Man” in the U.S. was not intentional and the issue was being addressed. “This is due to an accidental human error and we are actively working to resolve this…”
Could a similar error been responsible for recent security lapses at the Redmond Defender office?
And no smart software, no rules-based instruction, and no filters involved in this curious search result?
Nope. I believe everything I read online about Microsoft. Call me silly.
Stephen E Arnold, June 9, 2021
June 7, 2021
Are there security gaps in new cyber solutions? No one knows. “Expel for Microsoft Automates Security Operations across the Microsoft Tech Stack” states:
Expel for Microsoft automates security operations across the Microsoft tech stack, including Active Directory, AD Identity Protection, Azure, MCAS, Microsoft Defender for Endpoint, Office 365 and Sentinel. Expel connects via APIs and ingests security signals from Microsoft’s products into Expel Workbench, along with other third-party signals you have in place. Expel then applies its own detection engine along with threat intelligence gathered from across its broad customer base to quickly find activity that doesn’t look right – like suspicious logins, data exfiltration, suspicious RDP activity or unusual inbox rules. Specific context and business rules that are unique to your environment enhance these built-in detections as Expel’s detection engine learns what “normal” looks like for your organization.
A third party – Expel in this case – has developed a smart software wrapper with “rules” able to bring order to the rich and somewhat interesting Microsoft security solutions. Think of this as wrapping five or six Radio Shack kits in a single box, affixing appropriate wrapping paper, and delivering it to the lucky person.
With breaches seemingly on the rise, will this solution stem the tide? But what if the kits within the wrapped box have their own issues?
Worth watching because if bad actors come up with new angles, cyber security firms are in the uncomfortable position of reacting and spending more on marketing. Marketing is, as most know, more difficult than creating cyber security solutions which work.
Stephen E Arnold, June 7, 2021
June 2, 2021
Here’s the good news in “SolarWinds Hackers Are Back with a New Mass Campaign, Microsoft Says.” Microsoft and other firms are taking actions to cope with the SolarWinds’ misstep. That’s the gaffe which compromised who knows how many servers, caught the news cycle, and left the real time cyber security threat detection systems enjoying a McDo burger with crow.
I circled this positive statement:
Microsoft security researchers assess that the Nobelium’s spear-phishing operations are recurring and have increased in frequency and scope,” the MSTC post concluded. “It is anticipated that additional activity may be carried out by the group using an evolving set of tactics.
The good news is the word “evolving.” That means that whatever the cyber security wizards are doing is having some impact.
However, the bulk of the write up makes clear that the bad actors (Russian again) are recycling known methods and exploiting certain “characteristics” of what sure seem to be Microsoft-related engineering.
There are some clues about who at Microsoft are tracking this stubbed toe; for example, a vice president of cust0omer security and trust. (I like that word “trust.”)
Several observations:
What’s my take away from the explanation of the security stubbed toe: No solution. Bad actors are on the offensive and vendors and users have to sit back and wait for the next really-no-big-deal breach. Minimization of an “issue” and explaining how someone else spilled the milk will be news again. I think the perpetual motion machine has been discovered in terms of security.
Stephen E Arnold, June 2, 2021
May 28, 2021
The article “How to Disable Telemetry and Data Collection in Windows 10” reveals an important fact. Most Windows telemetry is turned on by default. But the write up does not explain what analyses occur for data on the company’s cloud services or for the Outlook email program. I find this amusing, but Microsoft — despite the SolarWinds and Exchange Server missteps — is perceived as the good outfit among the collection of ethical exemplars of US big technology firms.
I read “Three Years Until We’re in Orwell’s 1984 AI Surveillance Panopticon, Warns Microsoft Boss.” Do the sentiments presented as those allegedly representing the actual factual views of the Microsoft executive Brad Smith reference the Windows 10 telemetry and data collection article mentioned above? Keep in mind that Mr. Smith believed at one time than 1,000 bad actors went after Microsoft and created the minor security lapses which affected a few minor US government agencies and sparked the low profile US law enforcement entities into pre-emptive action on third party computers to help address certain persistent threats.
I chortled when I read this passage:
Brad Smith warns the science fiction of a government knowing where we are at all times, and even what we’re feeling, is becoming reality in parts of the world. Smith says it’s “difficult to catch up” with ever-advancing AI, which was revealed is being used to scan prisoners’ emotions in China.
Now about the Microsoft telemetry and other interesting processes? What about the emotions of a Windows 10 user when the printer does not work after an update? Yeah.
Stephen E Arnold, May 28, 2021
May 26, 2021
How easy will it be for frisky developers and programmers to surf on Microsoft GitHub’s new video feature? My hunch is that it will be pretty easy. The news of this Amazon and YouTube type innovation appears in “Video Uploads Now Available across GitHub.”
The write up states:
At GitHub, we’ve utilized video to more concisely detail complex workflows, show our teammates where we’re blocked, and inspire our colleagues with the next big idea. Today, we’re announcing that the ability to upload video is generally available for everyone across GitHub. Now you can upload
.mp4and.movfiles in issues, pull requests, discussions, and more.
A number of video sites present fascinating technical information. Some of those videos include helpful pointers to even more interesting content. Here’s an example of a screenshot I made from a YouTube video:
The video’s title is “How to Get Sony Vegas Prog 18 for Free *2021* Permanent Activation Pack.” Other services offer similar technical work flow videos.
GitHub is a go to resource for a wide range of content, including penetration testing software similar to that used by some bad actors.
But video is hot, and Microsoft is going for it.
Stephen E Arnold, May 26, 2021
