63 comments

[ 5.2 ms ] story [ 81.7 ms ] thread
Eh, well, Microsoft Teams is so much better than Skype for Business (originally known as Microsoft Lync). Now that was a horrible video conference application!
I always found Skype for Business pretty unreliable - it would drop out regularly enough and would struggle if too many people were on a call. I have no idea what the backend was like but I wondered whether it was due to poor self-hosting?
Yeah Teams is probably one of if not the worst pieces of software I've had to use in the last 5~ years.
They have the clout to hire the best engineers in the world who could make fast native versions of Teams for each platform and instead they hired the Healthcare.Gov team from Oregon to write the garbage we currently have.
Exactly, Electron is complete garbage but they could have at least thrown the same effort into Teams as they did Visual Studio Code (which is probably about the best or perhaps only "good" Electron app I've seen).
I can't say I'm a huge fan of Teams, but my god, have you used Zoom?
At the risk of taking this off topic, yes, Teams is by far worse. Just the authorization process is shockingly bad.

Here is a previous comment from k_sze about it. This is for a security process, so there is no excuse.

https://news.ycombinator.com/item?id=30368431

> MFA fatigue wouldn't be such a big problem if their MFA and SSO implementation was not so utter shit.

> Whenever I get a signin prompt, there is literally no way to tell what I'm signing in for.

> When the MS Authenticator app receives a MFA request notification, there is, yet again, no way to tell what service the request is for.

> To add insult to injury, when I need to signin again for a SharePoint guest account, it consistently fails to correctly redirect me back to the SharePoint folder.

> Microsoft's MFA is just security theatre. Take MS Teams for instance. Why does it ask me to sign in again, and yet still allow me to read messages that are already on the screen? Worse yet, the MS Teams desktop app can still receive new message notifications and display them while I have not re-logged in yet.

I can't really refute any of that, but I'm ok with Teams on balance.

Our team used WebEx before, which was pretty bad, IMO, but some of that was probably due to it not being as tightly integrated as Teams was (we're a MS place).

The one thing I agree is bad and irritating is the inboxing. I'll be actively conversing on my PC and suddenly my phone will regurgitate the last 20 messages.

In case anyone is interested and can control their Azure Active Directory tenant, there are now fixes for the unbelievable lack of information in the MFA popup prompt:

"How to use additional context in Microsoft Authenticator app notifications (Preview)": https://docs.microsoft.com/en-us/azure/active-directory/auth...

... and:

"How to use number matching in multifactor authentication (MFA) notifications (Preview)": https://docs.microsoft.com/en-us/azure/active-directory/auth...

But note the "PREVIEW" status, which seems to be the permanent state of affairs for any Microsoft security feature.

This doesn't excuse Microsoft in any way, but for any customers that are security conscious, at least now there are some options!

Teams is awesome at checking HR compliance boxes: surveilling, controlling, and driving employee conversations, and giving CIO's with low standards a win.

It's not designed for effective communication.

I think this is not about Teams. Probably more about security critical backend code.
This article isn't about the app called Microsoft Teams. It's about a lowercase-T team of people.
(comment deleted)
Great job here.

But what about the rest of the platform? It's knee deep in layers of crap accumulated over 20 years due to schizophrenic product management. Nothing is finished. Everything is broken or limping or painful to use. Every major release just adds another layer of crud.

I want to come back to the platform but it hurts me. Every bloody day I have to use anything Microsoft it is literally a productivity draining nightmare.

I personally feel like Windows in the past 3-4 years has been slowly unifying to at the very least be more consistent. Part of this was the introduction of Windows Terminal, the rebuild of Notepad, tweaks to Explorer, rebuild of Task Manager coming in 22H2, and the huge overhaul to Settings which is slowly rendering Control Panel obsolete.
These things are pretty much just bike shedding though in the scale of the problems with Windows.

They are very easy to market as improvements though and MSFT is entirely driven by marketing now rather than quality and engineering.

That they have released any version of windows without 100% consistency is itself an abomination. We’re not even talking about a nit, there are literally completely different paradigms within Settings itself as you click around, and that’s just one example of many. Perhaps it’s my Apple-bias, but every time I go to use Windows I just go “wow how could they say yup ship it?!”
extreme backwards compatability is my guess. There is probably some ancient program a business is running somewhere out there which depends on the control panel, or that random button, being there for whatever reason.
Even System Preferences (Settings now?) in macOS is a complete mess.
It’s become more coherent with the rest of the platform and iOS, even if you don’t like the design.
notepad could be built by a smart 12 year old over a weekend

and a terminal is a pretty common single person open source project

meanwhile the shell has something like 7 different styles of context menu, with several new ones added with every major release

Notepad uses bare Win32 API calls. If a 12 year old can handle that in a weekend, I'm Rihanna.
it's an edit control inside a window

take the standard example of how to create a window and add one more CreateWindow() call

Ah, simple like this: https://github.com/genuinelucifer/mypad

I like that part:

       hEdit = CreateWindowEx (
            WS_EX_CLIENTEDGE,                   /* Extended possibilites for variation */
            "EDIT",         /* Classname */
            "",       /* Title Text */
            WS_CHILD|WS_VISIBLE|WS_VSCROLL|WS_HSCROLL|ES_MULTILINE|ES_AUTOHSCROLL|ES_AUTOVSCROLL , /* default window */
            1,       /* Windows decides the position */
            1,       /* where the window ends up on the screen */
            100,                 /* The programs width */
            100,                 /* and height in pixels */
            hwnd,        /* The window is a child-window to hwnd */
            (HMENU) IDC_EDIT,                /* No menu */
            GetModuleHandle(NULL),       /* Program Instance handler */
            NULL                 /* No Window Creation data */
            );
yes?

notepad's entire front end is an edit control slapped onto the barebones minimal Win32 example

they wouldn't need to understand all of it, only to make small additions based on modifying what's already there:

    - adding the edit control (as discussed)
    - add Open/Save items to the existing example menu
    - a few lines in the event loop to implement that functionality
as a kid I had a "games programming" book that showed how to do everything necessary to do this

admittedly kids these days aren't going to be interested in programming for a dead API (Win32)

I taught myself coding Win32 API in C as a young teenager, nothing magic about it. And Notepad is a very basic app.
(comment deleted)
(comment deleted)
"the huge overhaul to Settings which is slowly rendering Control Panel obsolete."

I bet we'll have nuclear fusion before the Control Panel is obsolete.

What the fuck
Whoa. That commenter's history is WILD! Most fun I've had on HN all day.
That is at least 40dB over my level of insanity.
It's a good reminder that HN is just as much a garbage dumpster fire as any other mid size forum
"Isn't that what QA is for?"
In a sense, finding security bugs is a very specialized QA sub-discipline, which often requires a far deeper understanding about security than many QA engineers or developers possess. However, there is also a part of that organization which does feature work to systemically address the kinds of security issues they find.

Also, many large organizations like MS don't have many QA teams, preferring to push QA tasks onto developers, but still need specialized security teams. If you dig into the deep history of morse, they barely escaped being sacked when MS laid off the QA org circa 2017.

(I used to work on that team, but now work at another company doing a similar job)

Agreed - none of the QAs I have ever worked with have done security testing (unless called out in the test plan). One of the companies I have worked for does annual penetration tests which seems reasonable.
You mean, the job description they ended in 2006? Sure
> At Microsoft, we have everything from silicon to compilers to the operating system

In what way does Microsoft "have silicon"? They don't own a fab, FAFAIK. Do they design their own processors like Amazon does, or is this simply referring to the amount of datacenters Microsoft is operating for their Azure platform?

Xbox and Pluton, at least.
Also, technically the SQ* chips (like SQ1 used in Surface X) are also Microsoft chips, though they look more like slightly tweaked / rebranded Qualcomm devices.
Both are specs though. AMD does the design according to Microsoft's requirements but you can't really call that silicon design on behalf of Microsoft.
Gotta be thinking they’re working on their own graviton given how much aws claims it’s saving them.
They have custom FPGAs in Azure to offload networking and storage from the host CPU. There's an internal team designing and deploying all these, and the eventual goal is to have all this on ASICs for even more efficiency. Though you are right that they'll be subcontracting out the actual fabrication.
Does Microsoft pay for this kind of story, or is more one of those quid pro quo kind of things? As a real interview with the security team would be somewhat interesting, but this empty praise reads more like a press release then any kind of article
I'm inclined to believe this is an unpaid story by a naively passionate technologist.

Parents name their kids after Apple products. Reason dictates some of them would be passionate enough to write about it, and if it gets clicks it'll end up on one outlet or another - this time its Wired.

I do believe people pay for stories and awards and all kinds of stuff to hype their brand, startups in particular.

I also think it's unpaid, because the consequences are too significant if it's leaked that there was collusion for Wired to publish a puff piece in exchange for money from Microsoft, and Wired didn't mark it as "sponsored content" or similar.

It's bad for the writer because it shows the writer can be bought, reducing the credibility of previous and future work (though this does happen). It's also bad for Wired as it will be seen as biased for future reports on Microsoft. And it's bad for Microsoft because unpaid positive articles are worth more than positive articles that are suspected to be paid for.

At the most cynical, it's possible the writer wrote this in exchange for building relationships with the sources for future interviews and getting scoops (payment in a different way). More optimistically, the writer was naively passionate as you rote. Still, in any case, the writer could've asked at least some hardball or technically interesting questions for the report.

The fact that it reads as paid, means that Wired leadership failed.
> Does Microsoft pay for this kind of story

I think we all do.

FWIW, Microsoft security was talking about the same thing 20 years ago but they were under DOJ scrutiny and couldn't get positive press from then-hip Wired. So I guess positive spin that reads like Microsoft wrote it is new . . .

https://www.wired.com/2002/11/u-s-v-microsoft-timeline/

do you ask that kind of question of other companies who get articles about them in magazines?

I suspect that you don't, and I also suspect that you do not see the problem with that. I apologize if I am wrong.

I suspect that people just like to complain about Microsoft. any opportunity to shart on them will be gleefully taken, and carefully camouflaged to look more insightful, and less like the disdain that it actually is.

it's popular to crap on Microsoft today because over 20 years ago they bundled a browser and complained openly about Linux.

no one shits on Google or Facebook at every opportunity, because bending the entire earth and all of its economies to get people to click on advertisements isn't viewed as the absolutely disasterous activity it truly is. no one shits on Amazon because they make people sign in and out of the bathroom, actively crush organization efforts (which is blatantly illegal) or make people piss in bottles.

all that stuff gets a pass here BECAUSE YOU FOOLS WORK AT THOSE PLACES and "my team doesn't do any of that".

complain about fluff pieces for every company or complain about none. "there ain't no third direction."

>do you ask that kind of question of other companies who get articles about them in magazines?

Yes. Not audibly every time, but this article was particularly shallow, containing nothing but praise even though their security history is hardly immaculate.

By comparison, the last article about Amazon I read here was about their leaked document on trying to crush unions. The last about Google was either them shutting down some other product I've never heard of or a complaint about how their search is now worse.

> no one shits on Google or Facebook at every opportunity

They don't? I feel like I see ten times as much shitting on Google and Facebook these days, on HN, compared to Microsoft.

look again. people come out of the woodwork to crap on Microsoft. you'll see SOME of that for FB or Google, and nowhere nearly as much. people are ANGRY at Microsoft, and they merely recognize that Google and FB and Amazon are problems without anger or any real call to action about it.

it's very weird. things Microsoft did over 20 years ago anger people a lot more than things happening today, and I don't understand why at all.

This kind of piece usually happens because of the following common industry practice:

A company's PR department (usually via an outside publicist) approaches a friendly (or likely friendly) journalist with an idea for the story. They promise special access to company information and lots of quotes for the story. Serious outlets won't let the company "help" with the drafting, but sometimes the company will provide proposed language for all or some of the story.

It's a good arrangement for the company and journalist. The company controls the narrative and plants stories that fit its current PR goals.

The journalist gets an easy piece--more or less pre-packaged and with minimal need to do their own investigation. Journalists have an incentive not to pose difficult questions or push back too hard: Those who do get a "bad" reputation with publicists, leaving them out of the running for future pre-packaged stories.

There are lots of variations on the above. Some aren't nefarious and the result is still good journalism.

And sometimes the result is a transparent puff piece.

Haha, as if Microsoft cares whether bugs happen!

Any that do and affect Microsoft profits can be fixed later. Most never end up obviously affecting Microsoft profits, however badly they might harm somebody else. Some of those might get fixed eventually, if a reason ever turns up. More commonly, whatever they are in gets retired or anyway superseded first.

It is a waste of profits to spend time fixing what might not end up needing to be.

Every time Microsoft issues a patch for Windows, there're bugs.
Not necessarily. For example, the official name of Turkey recently changed to Türkiye. That may require issuing a patch, but I wouldn’t call having outdated information a bug. The same may happen with the time zone database.

Of course, they may have a different mechanism for keeping such lists up to date, but even then, they can be caught by surprise. Let’s say some country decides to move to X hours and 5 minutes relative to GMT, while the built-in mechanism assumes that’s done in 15 minute intervals.

(comment deleted)
> A Microsoft team racing to catch bugs before they happen

Is there a Microsoft team "racing to catch bugs after they happen" ? Because there are a lot of ugly bugs not fixed for years.