Calendaring and mail server
POPULARITY
⚠️ Wichtiger Hinweis: In dieser Folge geht es nicht um Victim Blaming. Cyberangriffe können jedes Unternehmen treffen – entscheidend ist, wie man damit umgeht.Diesmal ohne Max, dafür mit zwei Gästen, die den Mut hatten, offen über den Ransomware-Angriff auf ihr Unternehmen zu sprechen. Solche Gespräche sind leider selten, weil viele Betroffene schweigen – umso wertvoller sind die Einblicke von Thorsten und Tom. Keine Theorie, kein Whitepaper, sondern Praxis pur. Ein großes Dankeschön für diese so seltene Offenheit!
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
CVE-2017-11882 Will Never Die The (very) old equation editor vulnerability is still being exploited, as this recent sample analyzed by Xavier shows. The payload of the Excel file attempts to download and execute an infostealer to exfiltrate passwords via email. https://isc.sans.edu/diary/CVE-2017-11882%20Will%20Never%20Die/32196 Windows Kerberos Elevation of Privilege Vulnerability Yesterday, Microsoft released a patch for a vulnerability that had already been made public. This vulnerability refers to the privilege escalation taking advantage of a path traversal issue in Windows Kerberos affecting Exchange Server in hybrid mode. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53779 Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images Some old Debian Docker images containing the xz-utils backdoor are still available for download from Docker Hub via the official Debian account. https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images FortiSIEM / FortiWeb Vulnerablities Fortinet patched already exploited vulnerabilities in FortiWeb and FortiSIEM https://fortiguard.fortinet.com/psirt/FG-IR-25-152 https://fortiguard.fortinet.com/psirt/FG-IR-25-448
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Mass Internet Scanning from ASN 43350 Our undergraduate intern Duncan Woosley wrote up aggressive scans from ASN 43350 https://isc.sans.edu/diary/Mass+Internet+Scanning+from+ASN+43350+Guest+Diary/32180/#comments HTTP/1.1 Desync Attacks Portswigger released details about new types of HTTP/1.1 desync attacks it uncovered. These attacks are particularly critical for organizations using middleboxes to translate from HTTP/2 to HTTP/1.1 https://portswigger.net/research/http1-must-die Microsoft Warns of Exchange Server Vulnerability An attacker with admin access to an Exchange Server in a hybrid configuration can use this vulnerability to gain full domain access. The issue is mitigated by an April hotfix, but was not noted in the release of the April Hotfix. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786 Sonicwall Update Sonicwall no longer believes that a new vulnerability was used in recent compromises https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430 SANS.edu Research: Wellington Rampazo, Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components https://www.sans.edu/cyber-research/shift-left-awareness-detection-developers-using-vulnerable-open-source-software-components/
Microsoft warns of a high-severity vulnerability in Exchange Server hybrid deployments. A Dutch airline and a French telecom report data breaches. Researchers reveal new HTTP request smuggling variants. An Israeli spyware maker may have rebranded to evade U.S. sanctions. CyberArk patches critical vulnerabilities in its secrets management platform. The Akira gang use a legit Intel CPU tuning driver to disable Microsoft Defender. ChatGPT Connectors are shown vulnerable to indirect prompt injection. Researchers expose new details about the VexTrio cybercrime network. SonicWall says a recent SSLVPN-related cyber activity is not due to a zero-day. Ryan Whelan from Accenture is our man on the street at Black Hat. Do androids dream of concierge duty? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We continue our coverage from the floor at Black Hat USA 2025 with another edition of Man on the Street. This time, we're catching up with Ryan Whelan, Managing Director and Global Head of Cyber Intelligence at Accenture, to hear what's buzzing at the conference. Selected Reading Microsoft warns of high-severity flaw in hybrid Exchange deployments (Bleeping Computer) KLM suffers cyber breach affecting six million passengers (IO+) Cyberattack hits France's third-largest mobile operator, millions of customers affected (The Record) New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites (SecurityWeek) Candiru Spyware Infrastructure Uncovered (BankInfoSecurity) Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities (SecurityWeek) Akira ransomware abuses CPU tuning tool to disable Microsoft Defender (Bleeping Computer) A Single Poisoned Document Could Leak ‘Secret' Data Via ChatGPT (WIRED) Researchers Expose Infrastructure Behind Cybercrime Network VexTrio (Infosecurity Magazine) Gen 7 and newer SonicWall Firewalls – SSLVPN Recent Threat Activity (SonicWall) Want a Different Kind of Work Trip? Try a Robot Hotel (WIRED) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
2025 年に Microsoft Exchange Server のサポート終了が予定されています。本記事では、サポート終了によるリスクを明確にし、安全で効率的なメール環境を維持するための具体的な回避策をご紹介いたします。
In this episode, we're joined by Greg Baribault, who leads the HP business and brings a 26-year legacy from Microsoft, offering unique insights into the evolution and future of collaborative technology.Greg reflects on his transition from Microsoft, where he worked across Exchange Server, Skype for Business, and Microsoft Teams, to leading hardware innovation at HP.He discusses the evolution of Skype Room Systems to Microsoft Teams Rooms and the importance of seamless, instant meeting starts.Greg shares how HP is integrating technologies from Polycom, Plantronics, HP, and now Vyoppta to create a cohesive, user-friendly experience in both physical and virtual meeting spaces.Thanks to Landis, this episode's sponsor, for their continued support and for helping to make content like this possible
Paul Robichaux and Steve Goodman discuss Exchange Server's 2025 H1 update and cut through the hype around AI agents, questioning whether they're living up to the marketing. Then, cybersecurity expert Paula Januszkiewicz shares fascinating red team stories, including modifying a water cooler to gain network access, and offers practical security advice for organizations of all sizes. Paula explains how AI is transforming both sides of the cybersecurity battlefield, warns about "productive script kiddies," and emphasizes why even small businesses need basic security measures like MFA. A must-listen for IT pros concerned about modern security threats.Want to stay up to date on all things Practical 365? Follow us on Twitter, Facebook, and Linkedin to stay up to date on all things Microsoft!
Week D - If a preview update falls in the woods and no one downloads it, did it really happen? Plus, what is going on with AI for free? Isn't this stuff expensive? Windows 23H2/24H2: Taskbar share, Spotlight updates, Windows Backup snooze in File Explorer, etc. Dev and Beta - Semantic search adds OneDrive photo search to Search (was in File Explorer previously), plus the Recall reboot no one is explaining. And Trim comes to Snipping Tool (Canary and Dev) Beta (23H2) - Share gets a drag tray and Start All apps gets new Grid and Category views Lenovo revenues surge 20 percent Framework announces Ryzen AI-based Laptop 13, plus Laptop 12 and Desktop Opera adds Bluesky, Discord, and Slack to the sidebar Microsoft 365 Microsoft confuses us with a test of a free, ad-supported core Office suite for Windows Amazon kills Chime, will use Zoom, Teams, and more Amazon kills Appstore for Android Google to drop SMS-based 2FA, move to QR codes Paul continues with his SSO removals, an update on whether this impacts account availability AI/Dev Following up the previous discussion with an interesting way to use an AI chatbot Alexa enters the AI era OpenAI now has 400 million weekly active users Microsoft cancels some AI datacenter leases, but it's not done spending billions on AI Anthropic releases first reasoning model, with a twist Gemini Code Assist is now free for individuals! ThinkDeeper and Voice in Copilot no longer have usage restrictions OpenAI makes Deep Research available to all paid customers Apple delays biggest Siri advances past iOS 18.4 - Math is hard, but AI is even harder Spotify expands into AI-narrated audiobooks NVIDIA partners to bring free ASL training to everyone .NET 10 Preview 1 arrives with the promise of LTS and not much else Xbox Xbox Cloud Gaming gets its first update in a while, and it's a big one Microsoft delays Fable reboot to 2026 Tips and Picks Tip of the week: You can view the source code for the oldest machine-readable version of Unix App pick of the week: Adobe Photoshop for iPhone RunAs Radio this week: Exchange Server in 2025 with Michel de Rooij Brown liquor pick of the week: Glenrothes 15 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/windowsweekly cachefly.com/twit
Week D - If a preview update falls in the woods and no one downloads it, did it really happen? Plus, what is going on with AI for free? Isn't this stuff expensive? Windows 23H2/24H2: Taskbar share, Spotlight updates, Windows Backup snooze in File Explorer, etc. Dev and Beta - Semantic search adds OneDrive photo search to Search (was in File Explorer previously), plus the Recall reboot no one is explaining. And Trim comes to Snipping Tool (Canary and Dev) Beta (23H2) - Share gets a drag tray and Start All apps gets new Grid and Category views Lenovo revenues surge 20 percent Framework announces Ryzen AI-based Laptop 13, plus Laptop 12 and Desktop Opera adds Bluesky, Discord, and Slack to the sidebar Microsoft 365 Microsoft confuses us with a test of a free, ad-supported core Office suite for Windows Amazon kills Chime, will use Zoom, Teams, and more Amazon kills Appstore for Android Google to drop SMS-based 2FA, move to QR codes Paul continues with his SSO removals, an update on whether this impacts account availability AI/Dev Following up the previous discussion with an interesting way to use an AI chatbot Alexa enters the AI era OpenAI now has 400 million weekly active users Microsoft cancels some AI datacenter leases, but it's not done spending billions on AI Anthropic releases first reasoning model, with a twist Gemini Code Assist is now free for individuals! ThinkDeeper and Voice in Copilot no longer have usage restrictions OpenAI makes Deep Research available to all paid customers Apple delays biggest Siri advances past iOS 18.4 - Math is hard, but AI is even harder Spotify expands into AI-narrated audiobooks NVIDIA partners to bring free ASL training to everyone .NET 10 Preview 1 arrives with the promise of LTS and not much else Xbox Xbox Cloud Gaming gets its first update in a while, and it's a big one Microsoft delays Fable reboot to 2026 Tips and Picks Tip of the week: You can view the source code for the oldest machine-readable version of Unix App pick of the week: Adobe Photoshop for iPhone RunAs Radio this week: Exchange Server in 2025 with Michel de Rooij Brown liquor pick of the week: Glenrothes 15 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/windowsweekly cachefly.com/twit
Week D - If a preview update falls in the woods and no one downloads it, did it really happen? Plus, what is going on with AI for free? Isn't this stuff expensive? Windows 23H2/24H2: Taskbar share, Spotlight updates, Windows Backup snooze in File Explorer, etc. Dev and Beta - Semantic search adds OneDrive photo search to Search (was in File Explorer previously), plus the Recall reboot no one is explaining. And Trim comes to Snipping Tool (Canary and Dev) Beta (23H2) - Share gets a drag tray and Start All apps gets new Grid and Category views Lenovo revenues surge 20 percent Framework announces Ryzen AI-based Laptop 13, plus Laptop 12 and Desktop Opera adds Bluesky, Discord, and Slack to the sidebar Microsoft 365 Microsoft confuses us with a test of a free, ad-supported core Office suite for Windows Amazon kills Chime, will use Zoom, Teams, and more Amazon kills Appstore for Android Google to drop SMS-based 2FA, move to QR codes Paul continues with his SSO removals, an update on whether this impacts account availability AI/Dev Following up the previous discussion with an interesting way to use an AI chatbot Alexa enters the AI era OpenAI now has 400 million weekly active users Microsoft cancels some AI datacenter leases, but it's not done spending billions on AI Anthropic releases first reasoning model, with a twist Gemini Code Assist is now free for individuals! ThinkDeeper and Voice in Copilot no longer have usage restrictions OpenAI makes Deep Research available to all paid customers Apple delays biggest Siri advances past iOS 18.4 - Math is hard, but AI is even harder Spotify expands into AI-narrated audiobooks NVIDIA partners to bring free ASL training to everyone .NET 10 Preview 1 arrives with the promise of LTS and not much else Xbox Xbox Cloud Gaming gets its first update in a while, and it's a big one Microsoft delays Fable reboot to 2026 Tips and Picks Tip of the week: You can view the source code for the oldest machine-readable version of Unix App pick of the week: Adobe Photoshop for iPhone RunAs Radio this week: Exchange Server in 2025 with Michel de Rooij Brown liquor pick of the week: Glenrothes 15 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/windowsweekly cachefly.com/twit
Week D - If a preview update falls in the woods and no one downloads it, did it really happen? Plus, what is going on with AI for free? Isn't this stuff expensive? Windows 23H2/24H2: Taskbar share, Spotlight updates, Windows Backup snooze in File Explorer, etc. Dev and Beta - Semantic search adds OneDrive photo search to Search (was in File Explorer previously), plus the Recall reboot no one is explaining. And Trim comes to Snipping Tool (Canary and Dev) Beta (23H2) - Share gets a drag tray and Start All apps gets new Grid and Category views Lenovo revenues surge 20 percent Framework announces Ryzen AI-based Laptop 13, plus Laptop 12 and Desktop Opera adds Bluesky, Discord, and Slack to the sidebar Microsoft 365 Microsoft confuses us with a test of a free, ad-supported core Office suite for Windows Amazon kills Chime, will use Zoom, Teams, and more Amazon kills Appstore for Android Google to drop SMS-based 2FA, move to QR codes Paul continues with his SSO removals, an update on whether this impacts account availability AI/Dev Following up the previous discussion with an interesting way to use an AI chatbot Alexa enters the AI era OpenAI now has 400 million weekly active users Microsoft cancels some AI datacenter leases, but it's not done spending billions on AI Anthropic releases first reasoning model, with a twist Gemini Code Assist is now free for individuals! ThinkDeeper and Voice in Copilot no longer have usage restrictions OpenAI makes Deep Research available to all paid customers Apple delays biggest Siri advances past iOS 18.4 - Math is hard, but AI is even harder Spotify expands into AI-narrated audiobooks NVIDIA partners to bring free ASL training to everyone .NET 10 Preview 1 arrives with the promise of LTS and not much else Xbox Xbox Cloud Gaming gets its first update in a while, and it's a big one Microsoft delays Fable reboot to 2026 Tips and Picks Tip of the week: You can view the source code for the oldest machine-readable version of Unix App pick of the week: Adobe Photoshop for iPhone RunAs Radio this week: Exchange Server in 2025 with Michel de Rooij Brown liquor pick of the week: Glenrothes 15 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/windowsweekly cachefly.com/twit
Week D - If a preview update falls in the woods and no one downloads it, did it really happen? Plus, what is going on with AI for free? Isn't this stuff expensive? Windows 23H2/24H2: Taskbar share, Spotlight updates, Windows Backup snooze in File Explorer, etc. Dev and Beta - Semantic search adds OneDrive photo search to Search (was in File Explorer previously), plus the Recall reboot no one is explaining. And Trim comes to Snipping Tool (Canary and Dev) Beta (23H2) - Share gets a drag tray and Start All apps gets new Grid and Category views Lenovo revenues surge 20 percent Framework announces Ryzen AI-based Laptop 13, plus Laptop 12 and Desktop Opera adds Bluesky, Discord, and Slack to the sidebar Microsoft 365 Microsoft confuses us with a test of a free, ad-supported core Office suite for Windows Amazon kills Chime, will use Zoom, Teams, and more Amazon kills Appstore for Android Google to drop SMS-based 2FA, move to QR codes Paul continues with his SSO removals, an update on whether this impacts account availability AI/Dev Following up the previous discussion with an interesting way to use an AI chatbot Alexa enters the AI era OpenAI now has 400 million weekly active users Microsoft cancels some AI datacenter leases, but it's not done spending billions on AI Anthropic releases first reasoning model, with a twist Gemini Code Assist is now free for individuals! ThinkDeeper and Voice in Copilot no longer have usage restrictions OpenAI makes Deep Research available to all paid customers Apple delays biggest Siri advances past iOS 18.4 - Math is hard, but AI is even harder Spotify expands into AI-narrated audiobooks NVIDIA partners to bring free ASL training to everyone .NET 10 Preview 1 arrives with the promise of LTS and not much else Xbox Xbox Cloud Gaming gets its first update in a while, and it's a big one Microsoft delays Fable reboot to 2026 Tips and Picks Tip of the week: You can view the source code for the oldest machine-readable version of Unix App pick of the week: Adobe Photoshop for iPhone RunAs Radio this week: Exchange Server in 2025 with Michel de Rooij Brown liquor pick of the week: Glenrothes 15 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/windowsweekly cachefly.com/twit
Week D - If a preview update falls in the woods and no one downloads it, did it really happen? Plus, what is going on with AI for free? Isn't this stuff expensive? Windows 23H2/24H2: Taskbar share, Spotlight updates, Windows Backup snooze in File Explorer, etc. Dev and Beta - Semantic search adds OneDrive photo search to Search (was in File Explorer previously), plus the Recall reboot no one is explaining. And Trim comes to Snipping Tool (Canary and Dev) Beta (23H2) - Share gets a drag tray and Start All apps gets new Grid and Category views Lenovo revenues surge 20 percent Framework announces Ryzen AI-based Laptop 13, plus Laptop 12 and Desktop Opera adds Bluesky, Discord, and Slack to the sidebar Microsoft 365 Microsoft confuses us with a test of a free, ad-supported core Office suite for Windows Amazon kills Chime, will use Zoom, Teams, and more Amazon kills Appstore for Android Google to drop SMS-based 2FA, move to QR codes Paul continues with his SSO removals, an update on whether this impacts account availability AI/Dev Following up the previous discussion with an interesting way to use an AI chatbot Alexa enters the AI era OpenAI now has 400 million weekly active users Microsoft cancels some AI datacenter leases, but it's not done spending billions on AI Anthropic releases first reasoning model, with a twist Gemini Code Assist is now free for individuals! ThinkDeeper and Voice in Copilot no longer have usage restrictions OpenAI makes Deep Research available to all paid customers Apple delays biggest Siri advances past iOS 18.4 - Math is hard, but AI is even harder Spotify expands into AI-narrated audiobooks NVIDIA partners to bring free ASL training to everyone .NET 10 Preview 1 arrives with the promise of LTS and not much else Xbox Xbox Cloud Gaming gets its first update in a while, and it's a big one Microsoft delays Fable reboot to 2026 Tips and Picks Tip of the week: You can view the source code for the oldest machine-readable version of Unix App pick of the week: Adobe Photoshop for iPhone RunAs Radio this week: Exchange Server in 2025 with Michel de Rooij Brown liquor pick of the week: Glenrothes 15 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/windowsweekly cachefly.com/twit
What is it like to take care of an Exchange Server in 2025? Richard chats with Michel de Rooij about his work with Exchange, including the many scripts he has written and published over the years to help sysadmins solve problems. Michel discusses how staying on-premises with Exchange is getting harder - the new version will be subscription-based! The conversation also digs into the new version of Outlook, the challenges of securing email, and Michel's latest book Pro Exchange Administration.LinksRemove DuplicateItems ScriptUnarchive ScriptPro Exchange AdministrationOffice 365 for IT ProsMicrosoft Defender for Office 365Recorded January 9, 2025
Cybersecurity Today: GitHub Attacks & Microsoft's November Patch Tuesday Updates In this episode of Cybersecurity Today, host Jim Love highlights critical cybersecurity updates. The episode covers malicious attacks on GitHub projects, including an orchestrated attempt to frame Texas-based security researcher Mike Bell, and the associated impact on open-source repositories. Additionally, Microsoft's November Patch Tuesday is discussed in detail, with over 90 security issues disclosed, including four critical zero-day vulnerabilities. The episode also addresses a new ransomware strain exploiting vulnerabilities in Veeam backup software, and the disruptions caused by Microsoft's flawed Exchange Server security update. Stay informed on the latest cybersecurity trends and threats. 00:00 Introduction and Sponsor Message 00:29 Cybersecurity Headlines 00:46 GitHub Malicious Code Attack 03:24 Microsoft November Patch Tuesday 05:17 Veeam Backup Software Vulnerability 07:02 Microsoft Exchange Server Update Issues 08:47 Conclusion and Sign-Off
In our first of two Practical 365 Podcasts before Ignite begins, Steve Goodman and Paul Robichaux dive deep into what was best in Microsoft's Wave 2 release and chat about Copilot Pages - is it a good move from Microsoft?In other crucial news, we address the approaching end of support for Exchange Server 2016 and 2019, and what organizations need to consider as they plan their migration strategy. Plus, we look at the latest Teams meeting features, including new Copilot controls, meeting recap integrations with Outlook and new device support.Want to stay up to date on all things Practical 365? Follow us on Twitter, Facebook, and Linkedin to stay up to date on all things Microsoft!
Blue Alpine Cast - Kryptowährung, News und Analysen (Bitcoin, Ethereum und co)
Linux kernel developers were infected with malware for 2 years, another nail in the coffin of proper federated email as Exchange Server moves to a subscription model, followup on zfsbootmenu and IPv6, and learning unfamiliar topics. Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes News/discussion Linux […]
Linux kernel developers were infected with malware for 2 years, another nail in the coffin of proper federated email as Exchange Server moves to a subscription model, followup on zfsbootmenu and IPv6, and learning unfamiliar topics. Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes News/discussion Linux... Read More
On this week's episode, Paul and Steve cover several major Microsoft announcements impacting the future of AI, Exchange Server, and identity solutions. We discuss Microsoft's development of a massive in-house AI model called MAI-1 to potentially reduce reliance on OpenAI. And, we break down the newly released roadmap for Exchange Server, including details on the upcoming Subscription Edition launch. Finally we chat about Microsoft's unveiling of external authentication methods for Entra ID, enabling third-party MFA integration. Want to stay up to date on all things Practical 365? Follow us on Twitter, Facebook, and Linkedin to stay up to date on all things Microsoft!
Microsoft warns of new Exchange Server zero-day Neuberger: Pace of ransomware takedown operations isn't enough Gold Pickaxe malware steals your face Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
Join us on this exciting episode of the Practical365.com podcast where hosts Steve Goodman and Paul Robichaux sit down with Tim McMichael, a seasoned Support Escalation Engineer at Microsoft. Known for his prowess in tackling complex issues, Tim will delve into the intricacies of identity management, shedding light on the challenges and solutions in the realm of Exchange Server, Exchange Online, and Azure AD.We'll explore his innovative contributions to the tech community, including his insightful blog and his groundbreaking GitHub projects. Tim will share the inspiration behind his modules for distribution list migrations, offering a glimpse into how these tools are facilitating seamless transitions to Office 365.But that's not all! We'll also discuss the future of identity management, the evolving landscape of cloud technology, and how professionals can equip themselves to navigate these changes. Plus, Tim will share some of his most challenging cases and how he managed to crack them.Don't miss this opportunity to gain invaluable insights from one of Microsoft's leading engineers. Want to stay up to date on all things Practical 365? Follow us on Twitter, Facebook, and Linkedin to stay up to date on all things Microsoft!
In this episode of the PowerShell Podcast, featuring guest Sam Erde, we delve into a myriad of topics starting with Andrew's successful acceptance of his talk at PowerShell Summit. The episode unfolds with a spotlight on community resources. Sam Erde, our esteemed guest, shares insights into his blogging journey and his contributions to open-source projects, with a particular focus on the Locksmith module designed to uncover misconfigurations in ADCS Certificate Services. Sam also provides his unique perspective on leveraging PowerShell for various tasks. The hosts engage in a discussion about the community ethos, underscoring the importance of creating more value than capturing, and Sam shares personal experiences that have shaped his approach to community involvement. Tune in for an episode packed with valuable insights, community highlights, and the power of PowerShell in action. Guest bio and Links: Sam Erde is a senior yak shaver and semi-professional squirrel hunter with 20+ years of experience in IT. His preferred species of yak speaks PowerShell and the squirrels are most often found huddled around Microsoft bird feeders. Much of his career has had a strong focus on Active Directory, GPOs, Exchange Server, and Microsoft 356; however, it would not be complete without an equally strong focus on coffee, puns, Oxford commas, and cybersecurity. Sam's mission is to help IT teams grow towards operational maturity around these platforms. This includes a focus on culture, technical growth, and identifying not just as systems administrators, engineers, or analysts--but as infosec professionals who may happen to work in operations. He is incredibly grateful for everything the community has taught him and hopes to contribute back at least as much as he has learned from this amazing group of people. Watch The PowerShell Podcast on YouTube: https://www.youtube.com/watch?v=8HEhXQE3GNw https://github.com/DanGough/PoshCVE https://powershellisfun.com/2023/11/23/using-a-specific-powershell-profile-for-a-console-session-windows-terminal-powershell-ise-or-visual-studio-code/ https://discord.gg/pdq https://day3bits.com/ https://github.com/SamErde/PowerShell-Pre-Workout https://github.com/trimarcJake/Locksmith https://www.youtube.com/watch?v=4yt_oIEq1wA https://github.com/PoshCode/PowerShellPracticeAndStyle https://github.com/cunninghamp https://www.powershellgallery.com/packages/ORCA/2.8.0 https://github.com/EvotecIT/GPOZaurr https://github.com/TrimarcJake/BlueTuxedo https://github.com/techspence/ScriptSentry https://twitter.com/SamErde https://linktr.ee/SamErde
Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit
Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit
Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit
Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit
Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit
Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit
Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit
Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores Ace Hardware suffered a cyberattack impacting servers and systems Google abandons controversial "Web DRM" proposal to let sites restrict browser extensions Analysis of "BadCandy" malware infecting vulnerable Cisco routers Bitwarden password manager adds support for FIDO2 passkeys in browser extension Rescuing a severely degraded SSD and bringing it back to life with SpinRite Feedback from listeners on IPv6 adoption, factors for choosing crypto primes, installing Windows 11, and more The brewing battle in the EU over proposed eIDAS regulation Article 45 that could ban security checks on root certificates and undermine encrypted web traffic Show Notes - https://www.grc.com/sn/SN-947-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com canary.tools/twit - use code: TWIT Melissa.com/twit
It's episode 900! Richard brings friend Dana Epp onto the show to talk a bit about the last one hundred episodes of RunAs Radio - and a little look to the future as well. With Dana around, you know there will be lots of security conversation. Over the past hundred shows, ransomware has had quite the story arc, especially around Exchange Server and other products. The conversation then turns to more future-looking topics, including the various Microsoft Copilots being built - could these be tools to help sysadmins? Probably a topic for episode 1000!Links:Windows SandboxMicrosoft VivaMicrosoft Purview Data Loss PreventionRecorded September 15, 2023
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Analysis of RAR Exploit Files (CVE-2023-38831) https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164 Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847 https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/ Microsoft Will Enabled Extended Protection for Exchange Server by Default https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849 Rust Malware Stages on Crates.io https://blog.phylum.io/rust-malware-staged-on-crates-io/ SANS Community Night London Signup https://www.sans.org/mlp/community-night-cloud-security-london-september-2023
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Analysis of RAR Exploit Files (CVE-2023-38831) https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164 Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847 https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/ Microsoft Will Enabled Extended Protection for Exchange Server by Default https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849 Rust Malware Stages on Crates.io https://blog.phylum.io/rust-malware-staged-on-crates-io/ SANS Community Night London Signup https://www.sans.org/mlp/community-night-cloud-security-london-september-2023
Levi McCormick, Cloud Architect at Jamf, joins Corey on Screaming in the Cloud to discuss his work modernizing baseline cloud infrastructure and his experience being on the compliance side of cloud engineering. Levi explains how he works to ensure the different departments he collaborates with are all on the same page so that different definitions don't end up in miscommunications, and why he feels a sandbox environment is an important tool that leads to a successful production environment. Levi and Corey also explore the ethics behind the latest generative AI craze. About LeviLevi is an automation engineer, with a focus on scalable infrastructure and rapid development. He leverages deep understanding of DevOps culture and cloud technologies to build platforms that scale to millions of users. His passion lies in helping others learn to cloud better.Links Referenced: Jamf: https://www.jamf.com/ Twitter: https://twitter.com/levi_mccormick LinkedIn: https://www.linkedin.com/in/levimccormick/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. A longtime friend and person has been a while since he's been on the show, Levi McCormick has been promoted or punished for his sins, depending upon how you want to slice that, and he is now the Director of Cloud Engineering at Jamf. Levi, welcome back.Levi: Thanks for having me, Corey.Corey: I have to imagine internally, you put that very pronounced F everywhere, and sometimes where it doesn't belong, like your IAMf policies and whatnot.Levi: It is fun to see how people like to interpret how to pronounce our name.Corey: So, it's been a while. What were you doing before? And how did you wind up stumbling your way into your current role?Levi: [laugh]. When we last spoke, I was a cloud architect here, diving into just our general practices and trying to shore up some of them. In between, I did a short stint as director of FedRAMP. We are pursuing some certifications in that area and I led, kind of, the engineering side of the compliance journey.Corey: That sounds fairly close to hell on earth from my particular point of view, just because I've dealt in the compliance side of cloud engineering before, and it sounds super interesting from a technical level until you realize just how much of it revolves around checking the boxes, and—at least in the era I did it—explaining things to auditors that I kind of didn't feel I should have to explain to an auditor, but there you have it. Has the state of that world improved since roughly 2015?Levi: I wouldn't say it has improved. While doing this, I did feel like I drove a time machine to work, you know, we're certifying VMs, rather than container-based architectures. There was a lot of education that had to happen from us to auditors, but once they understood what we were trying to do, I think they were kind of on board. But yeah, it was a [laugh] it was a journey.Corey: So, one of the things you do—in fact, the first line in your bio talking about it—is you modernize baseline cloud infrastructure provisioning. That means an awful lot of things depending upon who it is that's answering the question. What does that look like for you?Levi: For what we're doing right now, we're trying to take what was a cobbled-together part-time project for one engineer, we're trying to modernize that, turn it into as much self-service as we can. There's a lot of steps that happen along the way, like a new workload needs to be spun up, they decide if they need a new AWS account or not, we pivot around, like, what does the access profile look like, who needs to have access to it, which things does it need to connect to, and then you look at the billing side, compliance side, and you just say, you know, “Who needs to be informed about these things?” We apply tags to the accounts, we start looking at lower-level tagging, depending on if it's a shared workload account or if it's a completely dedicated account, and we're trying to wrap all of that in automation so that it can be as click-button as possible.Corey: Historically, I found that when companies try to do this, the first few attempts at it don't often go super well. We'll be polite and say their first attempts resemble something artisanal and handcrafted, which might not be ideal for this. And then in many cases, the overreaction becomes something that is very top-down, dictatorial almost, is the way I would frame that. And the problem people learn then is that, “Oh, everyone is going to route around us because they don't want to deal with us at all.” That doesn't quite seem like your jam from what I know of you and your approach to things. How do you wind up keeping the guardrails up without driving people to shadow IT their way around you?Levi: I always want to keep it in mind that even if it's not an option, I want to at least pretend like a given team could not use our service, right? I try to bring a service mentality to it, so we're talking Accounts as a Service. And then I just think about all of the things that they would have to solve if they didn't go through us, right? Like, are they managing their finances w—imagine they had to go in and negotiate some kind of pricing deal on their own, right, all of these things that come with being part of our organization, being part of our service offering. And then just making sure, like, those things are always easier than doing it on their own.Corey: How diverse would you say that the workloads are that are in your organization? I found that in many cases, you'll have a SaaS-style company where there's one primary workload that is usually bearing the name of the company, and that's the thing that they provide to everyone. And then you have the enterprise side of the world where they have 1500 or 2000 distinct application teams working on different things, and the only thing they really have in common is, well, that all gets billed to the same company, eventually.Levi: They are fairly diverse in how… they're currently created. We've gone through a few acquisitions, we've pulled a bunch of those into our ecosystem, if you will. So, not everything has been completely modernized or brought over to, you know, standards, if you will, if such a thing even exists in companies. You know [laugh], you may pretend that they do, but you're probably lying to yourself, right? But you know, there are varying platforms, we've got a whole laundry list of languages that are being used, we've got some containerized, some VM-based, some serverless workloads, so it's all over the place. But you nailed it. Like, you know, the majority of our footprint lives in maybe a handful of, you know, SaaS offerings.Corey: Right. It's sort of a fun challenge when you start taking a looser approach to these things because someone gets back from re:Invent, like, “Well, I went to the keynote and now I have my new shopping list of things I'm going to wind up deploying,” and ehh, that never goes well, having been that person in a previous life.Levi: Yeah. And you don't want to apply too strict of governance over these things, right? You want people to be able to play, you want them to be inspired and start looking at, like, what would be—what's something that's going to move the needle in terms of our cloud architecture or product offerings or whatever we have. So, we have sandbox accounts that are pretty much wide open, we've got some light governance over those, [laugh] moreso for billing than anything. And all of our internal tooling is available, you know, like if you're using containers or whatever, like, all of that stuff is in those sandbox accounts.And that's where our kind of service offering comes into play, right? Sandbox is still an account that we tried to vend, if you will, out of our service. So, people should be building in your sandbox environments just like they are in your production as much as possible. You know, it's a place where tools can get the tires kicked and smooth out bugs before you actually get into, you know, roadmap-impacting problems.Corey: One of the fun challenges you have is, as you said, the financial aspect of this. When you've got a couple of workloads that drive most things, you can reason about them fairly intelligently, but trying to predict the future—especially when you're dealing with multi-year contract agreements with large cloud providers—becomes a little bit of a guessing game, like, “Okay. Well, how much are we going to spend on generative AI over the next three years?” The problem with that is that if you listen to an awful lot of talking heads or executive types, like, “Oh, yeah, if we're spending $100 million a year, we're going to add another 50 on top of that, just in terms of generative AI.” And it's like, press X to doubt, just because it's… I appreciate that you're excited about these things and want to play with them, but let's make sure that there's some ‘there' there before signing contracts that are painful to alter.Levi: Yeah, it's a real struggle. And we have all of these new initiatives, things people are excited for. Meanwhile, we're bringing old architecture into a new platform, if you will, or a new footprint, so we have to constantly measure those against each other. We have a very active conversation with finance and with leadership every month, or even weekly, depending on the type of project and where that spend is coming from.Corey: One of the hard parts has always been, I think, trying to get people on the finance side of the world, the engineering side of the world, and the folks who are trying to predict what the business was going to do next, all speaking the same language. It just feels like it's too easy to wind up talking past each other if you're not careful.Levi: Yeah, it's really hard. Recently taken over the FinOps practice. It's been really important for me, for us to align on what our words mean, right? What are these definitions mean? How do we come to common consensus so that eventually the communication gets faster? But we can't talk past each other. We have to know what our words mean, we have to know what each person cares about in this conversation, or what does their end goal look like? What do they want out of the conversation? So, that's been—that's taken a significant amount of time.Corey: One of the problems I have is with the term FinOps as a whole, ignoring the fact entirely that it was an existing term of art within finance for decades; great, we're just going to sidestep past that whole mess—the problem you'll see is that it just seems like that it means something different to almost everyone who hears it. And it's sort of become a marketing term more so that it has an actual description of what people are doing. Just because some companies will have a quote-unquote, “FinOps team,” that is primarily going to be run by financial analysts. And others, “Well, we have one of those lying around, but it's mostly an engineering effort on our part.”And I've seen three or four different expressions as far as team composition goes and I'm not convinced any of them are right. But again, it's easy for me to sit here and say, “Oh, that's wrong,” without having an environment of my own to run. I just tend to look at what my clients do. And, “Well, I've seen a lot of things, and they all work poorly in different ways,” is not uplifting and helpful.Levi: Yeah. I try not to get too hung up on what it's called. This is the name that a lot of people inside the company have rallied around and as long as people are interested in saving money, cool, we'll call it FinOps, you know? I mean, DevOps is the same thing, right? In some companies, you're just a sysadmin with a higher pay, and in some companies, you're building extensive cloud architecture and pipelines.Corey: Honestly, for the whole DevOps side of the world, I maintain we're all systems administrators. The tools have changed, the methodologies have changed, the processes have changed, but the responsibility of ‘keep the site up' generally has not. But if you call yourself a sysadmin, you're just asking him to, “Please pay me less money in my next job.” No, thanks.Levi: Yeah. “Where's the Exchange Server for me to click on?” Right? That's the [laugh]—if you call yourself a sysadmin [crosstalk 00:11:34]—Corey: God. You're sending me back into twitching catatonia from my early days.Levi: Exactly [laugh].Corey: So, you've been paying attention to this whole generative AI hype monster. And I want to be clear, I say this as someone who finds the technology super neat and I'm optimistic about it, but holy God, it feels like people have just lost all sense. If that's you, my apologies in advance, but I'm still going to maintain the point.Levi: I've played with all the various toys out there. I'm very curious, you know? I think it's really fun to play with them, but to, like, make your entire business pivot on a dime and pursue it just seems ridiculous to me. I hate that the cryptocurrency space has pivoted so hard into it, you know? All the people that used to be shilling coins are now out there trying to cobble together a couple API calls and turn it into an AI, right?Corey: It feels like it's just a hype cycle that people are more okay with being a part of. Like, Andy Jassy, in the earnings call a couple of weeks ago saying that every Amazon team is working with generative AI. That's not great. That's terrifying. I've been playing with the toys as well and I've asked it things like, “Oh, spit out an IAM policy for me,” or, “Oh, great, what can I do to optimize my AWS bill?” And it winds up spitting out things that sound highly plausible, but they're also just flat-out wrong. And that, it feels like a lot of these spaces, it's not coming up with a plausible answer—that's the hard part—is coming up with the one that is correct. And that's what our jobs are built around.Levi: I've been trying to explain to a lot of people how, if you only have surface knowledge of the thing that it's telling you, it probably seems really accurate, but when you have deep knowledge on the topic that you're interacting with this thing, you're going to see all of the errors. I've been using GitHub's Copilot since the launch. You know, I was in one of the previews. And I love it. Like, it speeds up my development significantly.But there have been moments where I—you know, IAM policies are a great example. You know, I had it crank out a Lambda functions policy, and it was just frankly, wrong in a lot of places [laugh]. It didn't quite imagine new AWS services, but it was really [laugh] close. The API actions were—didn't exist. It just flat-out didn't exist.Corey: I love that. I've had some magic happen early on where it could intelligently query things against the AWS pricing API, but then I asked it the same thing a month later and it gave me something completely ridiculous. It's not deterministic, which is part of the entire problem with it, too. But it's also… it can help incredibly in some weird ways I didn't see coming. But it can also cause you to spend more time chasing that thing than just doing it yourself the first time.I found a great way to help it—you know, it helped me write blog posts with it. I tell it to write a blog post about a topic and give it some bullet points and say, “Write in my voice,” and everything it says I take issue with, so then I just copy that into a text editor and then mansplain-correct the robot for 20 minutes and, oh, now I've got a serviceable first draft.Levi: And how much time did you save [laugh] right? It is fun, you know?Corey: It does help because that's better for me at least and staring at an empty page of what am I going to write? It gets me past the writer's block problem.Levi: Oh, that's a great point, yeah. Just to get the ball rolling, right, once you—it's easier to correct something that's wrong, and you're almost are spite-driven at that point, right? Like, “Let me show this AI how wrong it was and I'll write the perfect blog post.” [laugh].Corey: It feels like the companies jumping on this, if you really dig into what we're talking about, it seems like they're all very excited about the possibility of we don't have to talk to customers anymore because the robots will all do that. And I don't think that's going to go the way you want to. We just have this minor hallucination problem. Yeah, that means that lies and tries to book customers to hotel destinations that don't exist. Think about this a little more. The failure mode here is just massive.Levi: It's scary, yeah. Like, without some kind of review process, I wouldn't ship that straight to my customers, right? I wouldn't put that in front of my customer and say, like, “This is”—I'm going to take this generative output and put it right in front of them. That scares me. I think as we get deeper into it, you know, maybe we'll see… I don't know, maybe we'll put some filters or review process, or maybe it'll get better. I mean, who was it that said, you know, “This is the worst it's ever going to be?” Right, it will only get better.Corey: Well, the counterargument to that is, it will get far worse when we start putting this in charge [unintelligible 00:16:08] safety-critical systems, which I'm sure it's just a matter of time because some of these boosters are just very, very convincing. It's just thinking, how could this possibly go the worst? Ehhh. It's not good.Levi: Yeah, well, I mean, we're talking impact versus quality, right? The quality will only ever get better. But you know, if we run before we walk, the impact can definitely get wider.Corey: From where I sit, I want to see this really excel within bounded problem spaces. The one I keep waiting for is the AWS bill because it's a vast space, yes, and it's complicated as all hell, but it is bounded. There are a finite—though large—number of things you can see in an AWS bill, and there are recommendations you can make based on top of that. But everything I've seen that plays in this space gets way overconfident far too quickly, misses a bunch of very obvious lines of inquiry. Ah, I'm skeptical.Then you pass that off to unbounded problem spaces like human creativity and that just turns into an absolute disaster. So, much of what I've been doing lately has been hamstrung by people rushing to put in safeguards to make sure it doesn't accidentally say something horrible that it's stripped out a lot of the fun and the whimsy and the sarcasm in the approach, of I—at one point, I could bully a number of these things into ranking US presidents by absorbency. That's getting harder to do now because, “Nope, that's not respectful and I'm not going to do it,” is basically where it draws the line.Levi: The one thing that I always struggle with is, like, how much of the models are trained on intellectual property or, when you distill it down, pure like human suffering, right? Like, this is somebody's art, they've worked hard, they've suffered for it, they put it out there in the world, and now it's just been pulled in and adopted by this tool that—you know, how many of the examples of, “Give me art in the style of,” right, and you just see hundreds and hundreds of pieces that I mean, frankly, are eerily identical to the style.Corey: Even down to the signature, in some cases. Yeah.Levi: Yeah, exactly. You know, and I think that we can't lose sight of that, right? Like, these tools are fun and you know, they're fun to play with, it's really interesting to explore what's possible, but we can't lose sight of the fact that there are ultimately people behind these things.Corey: This episode is sponsored in part by Panoptica. Panoptica simplifies container deployment, monitoring, and security, protecting the entire application stack from build to runtime. Scalable across clusters and multi-cloud environments, Panoptica secures containers, serverless APIs, and Kubernetes with a unified view, reducing operational complexity and promoting collaboration by integrating with commonly used developer, SRE, and SecOps tools. Panoptica ensures compliance with regulatory mandates and CIS benchmarks for best practice conformity. Privacy teams can monitor API traffic and identify sensitive data, while identifying open-source components vulnerable to attacks that require patching. Proactively addressing security issues with Panoptica allows businesses to focus on mitigating critical risks and protecting their interests. Learn more about Panoptica today at panoptica.app.Corey: I think it matters, on some level, what the medium is. When I'm writing, I will still use turns of phrase from time to time that I first encountered when I was reading things in the 1990s. And that phrase stuck with me and became part of my lexicon. And I don't remember where I originally encountered some of these things; I just know I use those raises an awful lot. And that has become part and parcel of who and what I am.Which is also, I have no problem telling it to write a blog post in the style of Corey Quinn and then ripping a part of that out, but anything that's left in there, cool. I'm plagiarizing the thing that plagiarized from me and I find that to be one of those ethically just moments there. But written word is one thing depending on what exactly it's taking from you, but visual style for art, that's something else entirely.Levi: There's a real ethical issue here. These things can absorb far much more information than you ever could in your entire lifetime, right, so that you can only quote-unquote, you know, “Copy, borrow, steal,” from a handful of other people in your entire life, right? Whereas this thing could do hundreds or thousands of people per minute. I think that's where the calculus needs to be, right? How many people can we impact with this thing?Corey: This is also nothing new, where originally in the olden times, great, copyright wasn't really a thing because writing a book was a massive, massive undertaking. That was something that you'd have to do by hand, and then oh, you want a copy of the book? You'd have to have a scribe go and copy the thing. Well then, suddenly the printing press came along, and okay, that changes things a bit.And then we continue to evolve there to digital distribution where suddenly it's just bits on a disk that I can wind up throwing halfway around the internet. And when the marginal cost of copying something becomes effectively zero, what does that change? And now we're seeing, I think, another iteration in that ongoing question. It's a weird world and I don't know that we have the framework in place even now to think about that properly. Because every time we start to get a handle on it, off we go again. It feels like if they were doing be invented today, libraries would absolutely not be considered legal. And yet, here we are.Levi: Yeah, it's a great point. Humans just do not have the ethical framework in place for a lot of these things. You know, we saw it even with the days of Napster, right? It's just—like you said, it's another iteration on the same core problem. I [laugh] don't know how to solve it. I'm not a philosopher, right?Corey: Oh, yeah. Back in the Napster days, I was on that a fair bit in high school and college because I was broke, and oh, I wanted to listen to this song. Well, it came on an album with no other good songs on it because one-hit wonders were kind of my jam, and that album cost 15, 20 bucks, or I could grab the thing for free. There was no reasonable way to consume. Then they started selling individual tracks for 99 cents and I gorged myself for years on that stuff.And now it feels like streaming has taken over the world to the point where the only people who really lose on this are the artists themselves, and I don't love that outcome. How do we have a better tomorrow for all of this? I know we're a bit off-topic from you know, cloud management, but still, this is the sort of thing I think about when everything's running smoothly in a cloud environment.Levi: It's hard to get people to make good decisions when they're so close to the edge. And I think about when I was, you know, college-age scraping by on minimum wage or barely above minimum wage, you know, it was hard to convince me that, oh yeah, you shouldn't download an MP3 of that song; you should go buy the disc, or whatever. It was really hard to make that argument when my decision was buy an album or figure out where I'm going to, you know, get my lunch. So, I think, now that I'm in a much different place in my life, you know, these decisions are a lot easier to make in an ethical way because that doesn't impact my livelihood nearly as much. And I think that is where solutions will probably come out of. The more people doing better, the easier it is for them to make good decisions.Corey: I sure hope you're right, but something I found is that okay we made it easy for people to make good decisions. Like, “Nope, you've just made it easier for me to scale a bunch of terrible ones. I can make 300,000 more terrible decisions before breakfast time now. Thanks.” And, “No, that's not what I did that for.” Yet here we are. Have you been tracking lately what's been going on with the HashiCorp license change?Levi: Um, a little bit, we use—obviously use Terraform in the company and a couple other Hashi products, and it was kind of a wildfire of, you know, how does this impact us? We dove in and we realized that it doesn't, but it is concerning.Corey: You're not effectively wrapping Terraform and then using that as the basis for how you do MDM across your customer fleets.Levi: Yeah. You know, we're not deploying customers' written Terraform into their environments or something kind of wild like that. Yeah, it doesn't impact us. But it is… it is concerning to watch a company pivot from an open-source, community-based project to, “Oh, you can't do that anymore.” It doesn't impact a lot of people who use it day-to-day, but I'm really worried about just the goodwill that they've lit on fire.Corey: One of the problems, too, is that their entire write-up on this was so vague that it was—there is no way to get an actual… piece of is it aimed at us or is it not without very deep analysis, and hope that when it comes to court, you're going to have the same analysis as—that is sympathetic. It's, what is considered to be a competitor? At least historically, it was pretty obvious. Some of these databases, “Okay great. Am I wrapping their database technology and then selling it as a service? No? I'm pretty good.”But with HashiCorp, what they do is so vast in a few key areas that no one has the level of certainty. I was pretty freaking certain that I'm not shipping MongoDB with my own wrapper around it, but am I shipping something that looks like Terraform if I'm managing someone's environment for them? I don't know. Everything's thrown into question. And you're right. It's the goodwill that currently is being set on fire.Levi: Yeah, I think people had an impression of Hashi that they were one of the good guys. You know, the quote-unquote, “Good guys,” in the space, right? Mitchell Hashimoto is out there as a very prominent coder, he's an engineer at heart, he's in the community, pretty influential on Twitter, and I think people saw them as not one of the big, faceless corporations, so to see moves like this happen, it… I think it shook a lot of people's opinions of them and scared them.Corey: Oh, yeah. They've always been the good guys in this context. Mitch and Armon were fantastic folks. I'm sure they still are. I don't know if this is necessarily even coming from them. It's market forces, what are investors demanding? They see everyone is using Terraform. How does that compare to HashiCorp's market value?This is one of the inherent problems if I'm being direct, of the end-stages of capitalism, where it's, “Okay, we're delivering on a lot of value. How do we capture ever more of it and growing massively?” And I don't know. I don't know what the answer is, but I don't think anyone's thrilled with this outcome. Because, let's be clear, it is not going to meaningfully juice their numbers at all. They're going to be setting up a lot of ill will against them in the industry, but I don't see the upside for them. I really don't.Levi: I haven't really done any of the analysis or looked for it, I should say. Have you seen anything about what this might actually impact any providers or anything? Because you're right, like, what kind of numbers are we actually talking about here?Corey: Right. Well, there are a few folks that have done things around this that people have named for me: Spacelift being one example, Pulumi being another, and both of them are saying, “Nope, this doesn't impact us because of X, Y, and Z.” Yeah, whether it does or doesn't, they're not going to sit there and say, “Well, I guess we don't have a company anymore. Oh, well.” And shut the whole thing down and just give their customers over to HashiCorp.Their own customers would be incensed if that happened and would not go to HashiCorp if that were to be the outcome. I think, on some level, they're setting the stage for the next evolution in what it takes to manage large-scale cloud environments effectively. I think basically, every customer I've ever dealt with on my side has been a Terraform shop. I finally decided to start learning the ins and outs of it myself a few weeks ago, and well, it feels like I should have just waited a couple more weeks and then it would have become irrelevant. Awesome. Which is a bit histrionic, but still, this is going to plant seeds for people to start meaningfully competing. I hope.Levi: Yeah, I hope so too. I have always awaited releases of Terraform Cloud with great anticipation. I generally don't like managing my Terraform back-ends, you know, I don't like managing the state files, so every time Terraform Cloud has some kind of release or something, I'm looking at it because I'm excited, oh finally, maybe this is the time I get to hand it off, right? Maybe I start to get to use their product. And it has never been a really compelling answer to the problems that I have.And I've always said, like, the [laugh] cloud journey would be Google's if they just released a managed Terraform [laugh] service. And this would be one way for them to prevent that from happening. Because Google doesn't even have an Infrastructure as Code competitor. Not really. I mean, I know they have their, what, Plans or their Projects or whatever they… their Infrastructure as Code language was, but—Corey: Isn't that what Stackdriver was supposed to be? What happened with that? It's been so long.Levi: No, that's a logging solution [laugh].Corey: That's the thing. It all runs together. Not it was their operations suite that was—Levi: There we go.Corey: —formerly Stackdriver. Yeah. Now, that does include some aspects—yeah. You're right, it's still hanging out in the observability space. This is the problem is all this stuff conflates and companies are terrible at naming and Google likes to deprecate things constantly. And yeah, but there is no real competitor. CloudFormation? Please. Get serious.Levi: Hey, you're talking to a member of the CloudFormation support group here. So, I'm still a huge fan [laugh].Corey: Emotional support group, more like it, it seems these days.Levi: It is.Corey: Oh, good. It got for loops recently. We've been asking for basically that to make them a lot less wordy only for, what, ten years?Levi: Yeah. I mean, my argument is that I'm operating at the account level, right? I need to deploy to 250, 300, 500 accounts. Show me how to do that with Terraform that isn't, you know, stab your eyes out with a fork.Corey: It can be done, but it requires an awful lot of setting things up first.Levi: Exactly.Corey: That's sort of a problem. Like yeah, once you have the first 500 going, the rest are just like butter. But that's a big step one is massive, and then step two becomes easy. Yeah… no, thank you.Levi: [laugh]. I'm going to stick with my StacksSets, thank you.Corey: [laugh]. I really want to thank you for taking the time to come back on and honestly kibitz about the state of the industry with me. If people want to learn more, where's the best place for them to find you?Levi: Well, I'm still active on the space normally known as—formerly known as Twitter. You can reach out to me there. DMs are open. I'm always willing to help people learn how to cloud better. Hopefully trying to make my presence known a little bit more on LinkedIn. If you happen to be over there, reach out.Corey: And we will, of course, put links to that in the [show notes 00:30:16]. Thank you so much for taking the time to speak with me again. It's always a pleasure.Levi: Thanks, Corey. I always appreciate it.Corey: Levi McCormick, Director of Cloud Engineering at Jamf. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, and along with an insulting comment that tells us that we completely missed the forest for the trees and that your programmfing is going to be far superior based upon generative AI.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.
Microsoft's recent decision to throttle traffic from old and outdated versions of On-Premises Exchange has sent shockwaves through the tech community. In today's episode, Andy and Paul Schnackenburg delve into the details of Microsoft's plans to protect Exchange Online against persistently vulnerable on-premises Exchange Servers by throttling and blocking emails from these unsupported servers. Tune in to understand the reasoning behind Microsoft's strategy with this change, how organizations can keep themselves protected through process, and where third-party vendors can plug in and provide value. Timestamps: 4:00 – Microsoft's plan details and communication 10:50 – Paul and Andy's thoughts on why Microsoft is making this change 18:40 – Is it “Ethical” for Microsoft to block on-prem Exchange traffic? 26:31 – What should affected organizations do? Episode Resources: Microsoft's Announcement SMB1 Changes at Microsoft Hornetsecurity's 365 Total Protection Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter
Nelumbo nucifera, or the sacred lotus, is a plant that grows in flood plains, rivers, and deltas. Their seeds can remain dormant for years and when floods come along, blossom into a colony of plants and flowers. Some of the oldest seeds can be found in China, where they're known to represent longevity. No surprise, given their level of nitrition and connection to the waters that irrigated crops by then. They also grow in far away lands, all the way to India and out to Australia. The flower is sacred in Hinduism and Buddhism, and further back in ancient Egypt. Padmasana is a Sanskrit term meaning lotus, or Padma, and Asana, or posture. The Pashupati seal from the Indus Valley civilization shows a diety in what's widely considered the first documented yoga pose, from around 2,500 BCE. 2,700 years later (give or take a century), the Hindu author and mystic Patanjali wrote a work referred to as the Yoga Sutras. Here he outlined the original asanas, or sitting yoga poses. The Rig Veda, from around 1,500 BCE, is the oldest currently known Vedic text. It is also the first to use the word “yoga”. It describes songs, rituals, and mantras the Brahmans of the day used - as well as the Padma. Further Vedic texts explore how the lotus grew out of Lord Vishnu with Brahma in the center. He created the Universe out of lotus petals. Lakshmi went on to grow out of a lotus from Vishnu as well. It was only natural that humans would attempt to align their own meditation practices with the beautiful meditatios of the lotus. By the 300s, art and coins showed people in the lotus position. It was described in texts that survive from the 8th century. Over the centuries contradictions in texts were clarified in a period known as Classical Yoga, then Tantra and and Hatha Yoga were developed and codified in the Post-Classical Yoga age, and as empires grew and India became a part of the British empire, Yoga began to travel to the west in the late 1800s. By 1893, Swami Vivekananda gave lectures at the Parliament of Religions in Chicago. More practicioners meant more systems of yoga. Yogendra brought asanas to the United States in 1919, as more Indians migrated to the United States. Babaji's kriya yoga arrived in Boston in 1920. Then, as we've discussed in previous episodes, the United States tightened immigration in the 1920s and people had to go to India to get more training. Theos Bernard's Hatha Yoga: The Report of a Personal Experience brought some of that knowledge home when he came back in 1947. Indra Devi opened a yoga studio in Hollywood and wrote books for housewives. She brought a whole system, or branch home. Walt and Magana Baptiste opened a studio in San Francisco. Swamis began to come to the US and more schools were opened. Richard Hittleman began to teach yoga in New York and began to teach on television in 1961. He was one of the first to seperate the religious aspect from the health benefits. By 1965, the immigration quotas were removed and a wave of teachers came to the US to teach yoga. The Beatles went to India in 1966 and 1968, and for many Transcendental Meditation took root, which has now grown to over a thousand training centers and over 40,000 teachers. Swamis opened meditation centers, institutes, started magazines, and even magazines. Yoga became so big that Rupert Holmes even poked fun of it in his song “Escape (The Piña Colada Song)” in 1979. Yoga had become part of the counter-culture, and the generation that followed represented a backlash of sorts. A common theme of the rise of personal computers is that the early pioneers were a part of that counter-culture. Mitch Kapor graduated high school in 1967, just in time to be one of the best examples of that. Kapor built his own calculator in as a kid before going to camp to get his first exposure to programming on a Bendix. His high school got one of the 1620 IBM minicomputers and he got the bug. He went off to Yale at 16 and learned to program in APL and then found Computer Lib by Ted Nelson and learned BASIC. Then he discovered the Apple II. Kapor did some programming for $5 per hour as a consultant, started the first east coast Apple User Group, and did some work around town. There are generations of people who did and do this kind of consulting, although now the rates are far higher. He met a grad student through the user group named Eric Rosenfeld who was working on his dissertation and needed some help programming, so Kapor wrote a little tool that took the idea of statistical analysis from the Time Shared Reactive Online Library, or TROLL, and ported it to the microcomputer, which he called Tiny Troll. Then he enrolled in the MBA program at MIT. He got a chance to see VisiCalc and meet Bob Frankston and Dan Bricklin, who introduced him to the team at Personal Software. Personal Software was founded by Dan Fylstra and Peter Jennings when they published Microchips for the KIM-1 computer. That led to ports for the 1977 Trinity of the Commodore PET, Apple II, and TRS-80 and by then they had taken Bricklin and Franston's VisiCalc to market. VisiCalc was the killer app for those early PCs and helped make the Apple II successful. Personal Software brought Kapor on, as well as Bill Coleman of BEA Systems and Electronic Arts cofounder Rich Mellon. Today, software developers get around 70 percent royalties to publish software on app stores but at the time, fees were closer to 8 percent, a model pulled from book royalties. Much of the rest went to production of the box and disks, the sales and marketing, and support. Kapor was to write a product that could work with VisiCalc. By then Rosenfeld was off to the world of corporate finance so Kapor moved to Silicon Valley, learned how to run a startup, moved back east in 1979, and released VisiPlot and VisiTrend in 1981. He made over half a million dollars in the first six months in royalties. By then, he bought out Rosenfeld's shares in what he was doing, hired Jonathan Sachs, who had been at MIT earlier, where he wrote the STOIC programming language, and then went to work at Data General. Sachs worked on spreadsheet ideas at Data General with a manager there, John Henderson, but after they left Data General, and the partnership fell apart, he worked with Kapor instead. They knew that for software to be fast, it needed to be written in a lower level language, so they picked the Intel 8088 assembly language given that C wasn't fast enough yet. The IBM PC came in 1981 and everything changed. Mitch Kapor and Jonathan Sachs started Lotus in 1982. Sachs got to work on what would become Lotus 1-2-3. Kapor turned out to be a great marketer and product manager. He listened to what customers said in focus groups. He pushed to make things simpler and use less jargon. They released a new spreadsheet tool in 1983 and it worked flawlessly on the IBM PC and while Microsoft had Multiplan and VisCalc was the incumbent spreadsheet program, Lotus quickly took market share from then and SuperCalc. Conceptually it looked similar to VisiCalc. They used the letter A for the first column, B for the second, etc. That has now become a standard in spreadsheets. They used the number 1 for the first row, the number 2 for the second. That too is now a standard. They added a split screen, also now a standard. They added macros, with branching if-then logic. They added different video modes, which could give color and bitmapping. They added an underlined letter so users could pull up a menu and quickly select the item they wanted once they had those orders memorized, now a standard in most menuing systems. They added the ability to add bar charts, pie charts, and line charts. One could even spread their sheet across multiple monitors like in a magazine. They refined how fields are calculated and took advantage of the larger amounts of memory to make Lotus far faster than anything else on the market. They went to Comdex towards the end of the year and introduced Lotus 1-2-3 to the world. The software could be used as a spreadsheet, but the 2 and 3 referred to graphics and database management. They did $900,000 in orders there before they went home. They couldn't even keep up with the duplication of disks. Comdex was still invitation only. It became so popular that it was used to test for IBM compatibility by clone makers and where VisiCalc became the app that helped propel the Apple II to success, Lotus 1-2-3 became the app that helped propel the IBM PC to success. Lotus was rewarded with $53 million in sales for 1983 and $156 million in 1984. Mitch Kapor found himself. They quickly scaled from less than 20 to 750 employees. They brought in Freada Klein who got her PhD to be the Head of Employee Relations and charged her with making them the most progressive employer around. After her success at Lotus, she left to start her own company and later married. Sachs left the company in 1985 and moved on to focus solely on graphics software. He still responds to requests on the phpBB forum at dl-c.com. They ran TV commercials. They released a suite of Mac apps they called Lotus Jazz. More television commercials. Jazz didn't go anywhere and only sold 20,000 copies. Meanwhile, Microsoft released Excel for the Mac, which sold ten times as many. Some blamed the lack os sales on the stringent copy protection. Others blamed the lack of memory to do cool stuff. Others blamed the high price. It was the first major setback for the young company. After a meteoric rise, Kapor left the company in 1986, at about the height of their success. He replaced himself with Jim Manzi. Manzi pushed the company into network applications. These would become the center of the market but were just catching on and didn't prove to be a profitable venture just yet. A defensive posture rather than expanding into an adjacent market would have made sense, at least if anyone knew how aggressive Microsoft was about to get it would have. Manzi was far more concerned about the millions of illegal copies of the software in the market than innovation though. As we turned the page to the 1990s, Lotus had moved to a product built in C and introduced the ability to use graphical components in the software but not wouldn't be ported to the new Windows operating system until 1991 for Windows 3. By then there were plenty of competitors, including Quattro Pro and while Microsoft Excel began on the Mac, it had been a showcase of cool new features a windowing operating system could provide an application since released for Windows in 1987. Especially what they called 3d charts and tabbed spreadsheets. There was no catching up to Microsoft by then and sales steadily declined. By then, Lotus released Lotus Agenda, an information manager that could be used for time management, project management, and as a database. Kapor was a great product manager so it stands to reason he would build a great product to manage products. Agenda never found commercial success though, so was later open sourced under a GPL license. Bill Gross wrote Magellan there before he left to found GoTo.com, which was renamed to Overture and pioneered the idea of paid search advertising, which was acquired by Yahoo!. Magellan cataloged the internal drive and so became a search engine for that. It sold half a million copies and should have been profitable but was cancelled in 1990. They also released a word processor called Manuscript in 1986, which never gained traction and that was cancelled in 1989, just when a suite of office automation apps needed to be more cohesive. Ray Ozzie had been hired at Software Arts to work on VisiCalc and then helped Lotus get Symphony out the door. Symphony shipped in 1984 and expanded from a spreadsheet to add on text with the DOC word processor, and charts with the GRAPH graphics program, FORM for a table management solution, and COM for communications. Ozzie dutifully shipped what he was hired to work on but had a deal that he could build a company when they were done that would design software that Lotus would then sell. A match made in heaven as Ozzie worked on PLATO and borrowed the ideas of PLATO Notes, a collaboration tool developed at the University of Illinois Champagne-Urbana to build what he called Lotus Notes. PLATO was more more than productivity. It was a community that spanned decades and Control Data Corporation had failed to take it to the mass corporate market. Ozzie took the best parts for a company and built it in isolation from the rest of Lotus. They finally released it as Lotus Notes in 1989. It was a huge success and Lotus bought Iris in 1994. Yet they never found commercial success with other socket-based client server programs and IBM acquired Lotus in 1995. That product is now known as Domino, the name of the Notes 4 server, released in 1996. Ozzie went on to build a company called Groove Networks, which was acquired by Microsoft, who appointed him one of their Chief Technology Officers. When Bill Gates left Microsoft, Ozzie took the position of Chief Software Architect he vacated. He and Dave Cutler went on to work on a project called Red Dog, which evolved into what we now know as Microsoft Azure. Few would have guessed that Ozzie and Kapor's handshake agreement on Notes could have become a real product. Not only could people not understand the concept of collaboration and productivity on a network in the late 1980s but the type of deal hadn't been done. But Kapor by then realized that larger companies had a hard time shipping net-new software properly. Sometimes those projects are best done in isolation. And all the better if the parties involved are financially motivated with shares like Kapor wanted in Personal Software in the 1970s before he wrote Lotus 1-2-3. VisiCalc had sold about a million copies but that would cease production the same year Excel was released. Lotus hung on longer than most who competed with Microsoft on any beachhead they blitzkrieged. Microsoft released Exchange Server in 1996 and Notes had a few good years before Exchange moved in to become the standard in that market. Excel began on the Mac but took the market from Lotus eventually, after Charles Simonyi stepped in to help make the product great. Along the way, the Lotus ecosystem created other companies, just as they were born in the Visi ecosystem. Symantec became what we now call a “portfolio” company in 1985 when they introduced NoteIt, a natural language processing tool used to annotate docs in Lotus 1-2-3. But Bill Gates mentioned Lotus by name multiple times as a competitor in his Internet Tidal Wave memo in 1995. He mentioned specific features, like how they could do secure internet browsing and that they had a web publisher tool - Microsoft's own FrontPage was released in 1995 as well. He mentioned an internet directory project with Novell and AT&T. Active Directory was released a few years later in 1999, after Jim Allchin had come in to help shepherd LAN Manager. Notes itself survived into the modern era, but by 2004 Blackberry released their Exchange connector before they released the Lotus Domino connector. That's never a good sign. Some of the history of Lotus is covered in Scott Rosenberg's 2008 book, Dreaming in Code. Others are documented here and there in other places. Still others are lost to time. Kapor went on to invest in UUNET, which became a huge early internet service provider. He invested in Real Networks, who launched the first streaming media service on the Internet. He invested in the creators of Second Life. He never seemed vindictive with Microsoft but after AOL acquired Netscape and Microsoft won the first browser war, he became the founding chair of the Mozilla Foundation and so helped bring Firefox to market. By 2006, Firefox took 10 percent of the market and went on to be a dominant force in browsers. Kapor has also sat on boards and acted as an angel investor for startups ever since leaving the company he founded. He also flew to Wyoming in 1990 after he read a post on The WELL from John Perry Barlow. Barlow was one of the great thinkers of the early Internet. They worked with Sun Microsystems and GNU Debugging Cypherpunk John Gilmore to found the Electronic Frontier Foundation, or EFF. The EFF has since been the nonprofit who leads the fight for “digital privacy, free speech, and innovation.” So not everything is about business.
On the show, we get into the detail on Microsoft 365 Copilot announcements - what is the Semantic Index and how does it relate to the content-generation features? We decipher and dissect where the value in Copilot lies both for a user of the software and for Microsoft; and we discuss the capabilities of more Copilot features announced too. In other news - SharePoint has some really useful features on the way; Loop gets it's hooks into Outlook, and.. two, big new features in Exchange Server on-premises. Plus there's even a few new Microsoft Teams features coming your way on the roadmap too.Want to stay up to date on all things Practical 365? Follow us on Twitter, Facebook, and Linkedin to stay up to date on all things Microsoft!
On this week's episode, Adam and Andy talk about some Microsoft news including the newly unveiled Security Co-Pilot. They also talk about Microsoft's Incident Response Retainer and their takes on the new that the Exchange team is throttling and blocking emails from on-premises Exchange servers. ------------------------------------------- Youtube Video Link: https://youtu.be/hl6YddFqxpo ------------------------------------------- Documentation: https://blogs.microsoft.com/blog/2023/03/28/introducing-microsoft-security-copilot-empowering-defenders-at-the-speed-of-ai/ https://www.microsoft.com/en-us/security/blog/2023/03/27/microsoft-incident-response-retainer-is-generally-available/ https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078 ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message
For many companies, the pretenses of separation between work and home have completely disappeared. This has huge security implications for organizations, but creates some opportunities as well. How should organizations and vendors approach the new paradigm of shared devices and identities? Economic tides are changing, making profitability and identifying efficiencies a priority for many IT teams. Reducing IT costs by modernizing and migrating identity infrastructure to the cloud is one of those projects to be considered. No more wasted time and effort on maintenance, patching, and upgrades. Join us as VP of Product Management at Ping Identity, Jason Oeltjen, will discuss cloud migration benefits, timelines, and how you can improve TCO by migrating your identity to the cloud as leadership seeks the most critical initiatives to fund. Segment Resources: https://www.pingidentity.com/en/lp/migrate-to-pings-cloud.html This segment is sponsored by Ping. Visit https://securityweekly.com/ping to learn more about them! Finally, in the enterprise security news, The company behind Basecamp and the Hey.com email service pulls anchor and exits the cloud, Your self-hosted Exchange Server might be a problem…Is Confidential Computing for suckers? Gen Z and Millennials found not taking things seriously in, survey fielded by Boomers, Industrial Cybersecurity Market expected to take off, Github adds fine-grained personal access tokens, Australia not playing around anymore, jacks up breach fines more than 20x, Layoffs and exit troubles, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw294
For many companies, the pretenses of separation between work and home have completely disappeared. This has huge security implications for organizations, but creates some opportunities as well. How should organizations and vendors approach the new paradigm of shared devices and identities? Economic tides are changing, making profitability and identifying efficiencies a priority for many IT teams. Reducing IT costs by modernizing and migrating identity infrastructure to the cloud is one of those projects to be considered. No more wasted time and effort on maintenance, patching, and upgrades. Join us as VP of Product Management at Ping Identity, Jason Oeltjen, will discuss cloud migration benefits, timelines, and how you can improve TCO by migrating your identity to the cloud as leadership seeks the most critical initiatives to fund. Segment Resources: https://www.pingidentity.com/en/lp/migrate-to-pings-cloud.html This segment is sponsored by Ping. Visit https://securityweekly.com/ping to learn more about them! Finally, in the enterprise security news, The company behind Basecamp and the Hey.com email service pulls anchor and exits the cloud, Your self-hosted Exchange Server might be a problem…Is Confidential Computing for suckers? Gen Z and Millennials found not taking things seriously in, survey fielded by Boomers, Industrial Cybersecurity Market expected to take off, Github adds fine-grained personal access tokens, Australia not playing around anymore, jacks up breach fines more than 20x, Layoffs and exit troubles, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw294
On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss a recent blog we published on the Witchetty (aka LookingFrog) espionage group, which has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa, including a new tool that employs steganography. We also discuss the recently discovered Microsoft Exchange Server zero days, the U.S. defense sector being targeted by multiple APT groups, and a newly discovered espionage actor called Metador, which was spotted operating in recent weeks. We also discuss the breach of Australian telecoms giant Optus, and some new information that has emerged about the takedown of the REvil/Sodinokibi ransomware gang.
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: More Exchange 0days cause more havoc A look at some earlier Exchange hack incidents How the CIA got its agents killed with its truly awful online opsec Ex NSA staffer arrested for espionage Much, much more This week's show is brought to you by Proofpoint. Ryan Kalember, Proofpoint's EVP of cybersecurity strategy, joins the show this week to talk about some overlooked detection opportunities – some simple stuff you can look for in your environment that should raise gigantic flashing red flags. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Microsoft confirms two Exchange Server zero days are being used in cyberattacks - The Record by Recorded Future CISA: Multiple government hacking groups had ‘long-term' access to defense company - The Record by Recorded Future Mexican president confirms ‘Guacamaya' hack targeting regional militaries - The Record by Recorded Future Mexican journalists targeted by zero-click spyware infections - The Record by Recorded Future Ex-NSA employee charged with violating Espionage Act, selling U.S. cyber secrets Putin grants citizenship to Edward Snowden, who disclosed US eavesdropping - The Washington Post U.S. fails in bid to extradite Brit for helping North Korea evade sanctions with cryptocurrency - The Record by Recorded Future Bill Marczak on Twitter: "NEW REPORT today from @Reuters @JoelSchectman providing more detail about fatal flaws in the CIA's defunct communications network. Iran and China compromised the network in 2011, and killed dozens of CIA assets https://t.co/AwN8pQtWL2" / Twitter Numerous orgs hacked after installing weaponized open source apps | Ars Technica 'Poisoned' Tor Browser tracks Chinese users' online history, location Mystery Hackers Are ‘Hyperjacking' Targets for Insidious Spying | WIRED A Matrix Update Patches Serious End-to-End Encryption Flaws | WIRED LA officials confirm ransomware group leaked students' personal data - The Record by Recorded Future Nearly 700 ransomware incidents traced back to wholesale access markets: report - The Record by Recorded Future Semiconductor industry faced 8 attacks from ransomware groups, extortion gangs in 2022 - The Record by Recorded Future CISA directs federal agencies to track software and vulnerabilities - The Record by Recorded Future Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security House Democrats debut new bill to limit US police use of facial recognition | TechCrunch EP000: Operation Aurora | HACKING GOOGLE - YouTube
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: More Exchange 0days cause more havoc A look at some earlier Exchange hack incidents How the CIA got its agents killed with its truly awful online opsec Ex NSA staffer arrested for espionage Much, much more This week's show is brought to you by Proofpoint. Ryan Kalember, Proofpoint's EVP of cybersecurity strategy, joins the show this week to talk about some overlooked detection opportunities – some simple stuff you can look for in your environment that should raise gigantic flashing red flags. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Microsoft confirms two Exchange Server zero days are being used in cyberattacks - The Record by Recorded Future CISA: Multiple government hacking groups had ‘long-term' access to defense company - The Record by Recorded Future Mexican president confirms ‘Guacamaya' hack targeting regional militaries - The Record by Recorded Future Mexican journalists targeted by zero-click spyware infections - The Record by Recorded Future Ex-NSA employee charged with violating Espionage Act, selling U.S. cyber secrets Putin grants citizenship to Edward Snowden, who disclosed US eavesdropping - The Washington Post U.S. fails in bid to extradite Brit for helping North Korea evade sanctions with cryptocurrency - The Record by Recorded Future Bill Marczak on Twitter: "NEW REPORT today from @Reuters @JoelSchectman providing more detail about fatal flaws in the CIA's defunct communications network. Iran and China compromised the network in 2011, and killed dozens of CIA assets https://t.co/AwN8pQtWL2" / Twitter Numerous orgs hacked after installing weaponized open source apps | Ars Technica 'Poisoned' Tor Browser tracks Chinese users' online history, location Mystery Hackers Are ‘Hyperjacking' Targets for Insidious Spying | WIRED A Matrix Update Patches Serious End-to-End Encryption Flaws | WIRED LA officials confirm ransomware group leaked students' personal data - The Record by Recorded Future Nearly 700 ransomware incidents traced back to wholesale access markets: report - The Record by Recorded Future Semiconductor industry faced 8 attacks from ransomware groups, extortion gangs in 2022 - The Record by Recorded Future CISA directs federal agencies to track software and vulnerabilities - The Record by Recorded Future Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security House Democrats debut new bill to limit US police use of facial recognition | TechCrunch EP000: Operation Aurora | HACKING GOOGLE - YouTube
Two Microsoft Exchange zero-days exploited in the wild. A supply chain attack, possibly from Chinese intelligence services. There's new Lazarus activity: bring-your-own-vulnerable-driver. The Mexican government falls victim to apparent hacktivism. Flying under partial mobilization's radar. Betsy Carmelite from Booz Allen Hamilton talks about addressing the cyber workforce skills gap. Our guest Rachel Tobac from SocialProof Security brings a musical approach to security awareness training. How's your off-boarding program working out? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/190 Selected reading. Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server (CISA) Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center) Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server (GTSC) URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different” (Naked Security) Microsoft confirms two Exchange Server zero days are being used in cyberattacks (The Record by Recorded Future)Microsoft confirms new Exchange zero-days are used in attacks (BleepingComputer) Two Microsoft Exchange zero-days exploited in the wild. (CyberWre) CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) Suspected Chinese hackers tampered with widely used customer chat program, researchers say (Reuters) Report: Commercial chat provider hijacked to spread malware in supply chain attack (The Record by Recorded Future) CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer (crowdstrike.com) Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium (WeLiveSecurity) Lazarus & BYOVD: evil to the Windows core (Virus Bulletin) Lazarus hackers abuse Dell driver bug using new FudModule rootkit (BleepingComputer) Mexican government suffers major data hack, president's health issues revealed (Reuters) Mexican president confirms ‘Guacamaya' hack targeting regional militaries (The Record by Recorded Future) Analysis: Mexico data hack exposes government cybersecurity vulnerability (Reuters) Russians dodging mobilization behind flourishing scam market (BleepingComputer) Honolulu Man Pleads Guilty to Sabotaging Former Employer's Computer Network (US Department of Justice)
This episode reports on fixes for Exchange Server, the Comm100 support chat application, a survey of Canadian post-secondary students' attitudes towards cybersecurity and more
Alex Kipman leaves Microsoft, Windows 11 gets updates, Microsoft unions Report: Toxicity Continues at Nadella's Microsoft HoloLens chief Kipman is out. So what's next for Microsoft's metaverse strategy? Microsoft is Leaving Russia Microsoft Will Respect Unionization Efforts from its Employees Windows 11 Microsoft begins rolling out Windows 11 22H2 to testers in the Release Preview channel Microsoft Releases Windows 11 Insider Build 25131 and ARM64 Microsoft Store Windows 11 Version 22H2 is Showing Up on Some Unsupported PCs Microsoft 365 Microsoft: Next version of Exchange Server not until 2025 Apple Revamps the iPad Multitasking Experience with iPadOS 16 Dev Microsoft Releases Windows App SDK 1.1 Xbox Minecraft: Java & Bedrock Edition Launches on PC Today E3 is Coming Back as a Physical and Digital Event Next Year Announcing Call of Duty: Modern Warfare II - Xbox Wire Tips and Picks Tip of the week: Learn about the new features in Windows 11 Tip of the week: Add Windows 11 visual style to Microsoft Edge Tip of the week: Transcribe any audio or video file with Word for Web Enterprise pick of the week: Windows Customer Connection Program Enterprise pick of the week: IE users — June 15 is the day Beer pick of the week: Hudson Valley Demiurge sour IPA Hosts: Leo Laporte, Mary Jo Foley, and Paul Thurrott Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com Check out Mary Jo's blog at AllAboutMicrosoft.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: plextrac.com/twit Nuvei.com hover.com/twit
Alex Kipman leaves Microsoft, Windows 11 gets updates, Microsoft unions Report: Toxicity Continues at Nadella's Microsoft HoloLens chief Kipman is out. So what's next for Microsoft's metaverse strategy? Microsoft is Leaving Russia Microsoft Will Respect Unionization Efforts from its Employees Windows 11 Microsoft begins rolling out Windows 11 22H2 to testers in the Release Preview channel Microsoft Releases Windows 11 Insider Build 25131 and ARM64 Microsoft Store Windows 11 Version 22H2 is Showing Up on Some Unsupported PCs Microsoft 365 Microsoft: Next version of Exchange Server not until 2025 Apple Revamps the iPad Multitasking Experience with iPadOS 16 Dev Microsoft Releases Windows App SDK 1.1 Xbox Minecraft: Java & Bedrock Edition Launches on PC Today E3 is Coming Back as a Physical and Digital Event Next Year Announcing Call of Duty: Modern Warfare II - Xbox Wire Tips and Picks Tip of the week: Learn about the new features in Windows 11 Tip of the week: Add Windows 11 visual style to Microsoft Edge Tip of the week: Transcribe any audio or video file with Word for Web Enterprise pick of the week: Windows Customer Connection Program Enterprise pick of the week: IE users — June 15 is the day Beer pick of the week: Hudson Valley Demiurge sour IPA Hosts: Leo Laporte, Mary Jo Foley, and Paul Thurrott Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com Check out Mary Jo's blog at AllAboutMicrosoft.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: plextrac.com/twit Nuvei.com hover.com/twit
Alex Kipman leaves Microsoft, Windows 11 gets updates, Microsoft unions Report: Toxicity Continues at Nadella's Microsoft HoloLens chief Kipman is out. So what's next for Microsoft's metaverse strategy? Microsoft is Leaving Russia Microsoft Will Respect Unionization Efforts from its Employees Windows 11 Microsoft begins rolling out Windows 11 22H2 to testers in the Release Preview channel Microsoft Releases Windows 11 Insider Build 25131 and ARM64 Microsoft Store Windows 11 Version 22H2 is Showing Up on Some Unsupported PCs Microsoft 365 Microsoft: Next version of Exchange Server not until 2025 Apple Revamps the iPad Multitasking Experience with iPadOS 16 Dev Microsoft Releases Windows App SDK 1.1 Xbox Minecraft: Java & Bedrock Edition Launches on PC Today E3 is Coming Back as a Physical and Digital Event Next Year Announcing Call of Duty: Modern Warfare II - Xbox Wire Tips and Picks Tip of the week: Learn about the new features in Windows 11 Tip of the week: Add Windows 11 visual style to Microsoft Edge Tip of the week: Transcribe any audio or video file with Word for Web Enterprise pick of the week: Windows Customer Connection Program Enterprise pick of the week: IE users — June 15 is the day Beer pick of the week: Hudson Valley Demiurge sour IPA Hosts: Leo Laporte, Mary Jo Foley, and Paul Thurrott Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com Check out Mary Jo's blog at AllAboutMicrosoft.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: plextrac.com/twit Nuvei.com hover.com/twit
The NSO Group is back in the headlines, and it's maybe, the worst allegations of hacking for hire yet. The US and NATO blame China for the Exchange Server hacks. Does iOS now split the market with Android, at least in the US? And is Tesla charging customers for hardware they already paid for?Sponsors:Streak.com/techmemeTinyCapital.comLinks:Private Israeli spyware used to hack cellphones journalists, activists worldwide (Washington Post)U.S. and key allies accuse China of Microsoft Exchange cyberattacks (Axios)Zoom is buying cloud contact center provider Five9 for $14.7 billion (CNBC)CIRP: iPhone catches up to Android, now accounts for 50% of new smartphone activations in the US (9to5Mac)Tesla is charging owners $1,500 for hardware they already paid for (Electrek)See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.