I can already see a bunch of managers aggressively giving orders to implement account organizations while deflecting all questions from the ones implementing it.
Microsoft's organisation vs use of accounts is certainly a hot mess.. I'll be watching responses here and hopefully find out why my personal account sometimes says certain settings are managed by "my organisation".
What freaking organisation is always my response; I've never been able to figure it out.
I've changed things in Group Policy (e.g., disable Bing/web search in Windows search) because there's no user-facing setting to disable some things and mine says the same. If you've done similar or used any debloat/privacy tools/scripts, that's probably the cause.
Additionally, go to Accounts in Settings and double-check that you're not logged into any "work or school" accounts.
The one thing I can't stand is that if you log into a non-personal Microsoft account in an app, there's a dialog that is very confusing[1]. It asks if you want to use that account everywhere on your device, but there's a box checked by default to let the organization manage your device, a button that says "Yes", and what looks like a hyperlink that says "This app only". I always uncheck the box before clicking "This app only", but I wonder if keeping that box checked would still enable organizational device administration. It screams "dark pattern" to me.
Just to add a tip for others: If you want to use Edge for the Windows optimizations and PlayReady support for streaming services, but don't want to deal with all the annoyances, you can disable many of them via Group Policy[2]. For example, you can disable the "Search Bing in sidebar" option that shows up in context menus[3] that I always seem to accidentally click when I'm trying to search for something I highlighted. I also use Group Policy to set the default search and homescreen settings because then it won't annoy you with the recommendation to set it to Microsoft defaults every time it updates.
Firefox is my main browser, but I use Edge for streaming Netflix and the like because I don't get 4K playback via Widevine. It annoys me because Edge would actually be a great browser if the Bing folks weren't constantly trying to shove things down my throat and filling it with dark patterns.
I didn't even notice that the dialog title, "Use this account everywhere on this device", isn't really presented as a question. Thanks for pointing that out.
Windows is full of dark patterns, so I don't really know why I had even a modicum of doubt.
That's not even the title either --- it's just bigger text within the dialog. The actual dialog title in the titlebar is blank!
Between the aforementioned dark pattern with the buttons/not-buttons (they didn't even bother to vertically align "This app only" and the button), the not-a-question "do what we tell you" phrasing, the blank title, and a dialog that's overall around twice as tall as it needs to be, it seems recent Windows is unfortunately full of user-hostile and also disgustingly amateurish WTFs like this.
It probably isn't actually "your organization". Some MS products just use that as a generic "this is disabled in some config or the other", (perhaps correctly) assuming that in most cases, it actually is turned off by the organization.
Very random example: SharePoint has a MS Word integration - you can open a .docx file from there, it opens in Word and you are actually able to edit the file on the server as if it was on your computer. At least in the older on-prem versions, this actually used the Word installed on your computer, not some web version.
If you used a custom authentication provider, a little browser opened within Word and you had to log in there. But Word needed to "trust" the domain. On a personal computer, you could just edit the trust settings in some Word menu, yet the error message still said "your organization..." if you didn't.
By the way if you are installing google chrome with linux packages, it says the same. It frightened me at first I was like, whose organization is managing my "google-chrome" install? Then realized my organization was just the root account on my linux vs installing chrome a different way (flatpak, manual install in homedir).
Large corporations with a captive market inevitably reach the digital bureaucracy stage, where the exaggerated mass of their workforce breaks under its own weight, and they become inept at doing basic things.
This is a great thing for small startups, else we would only have a single huge corporate conglomerate doing everything with cutthroat efficiency.
It's not just the company bureaucracy, it's also laws and regulations. It's great to be a startup in the US where you have a large and fairly rich customer base. But when you go international and have to deal with all the myriad laws there, often contradictory or poorly defined, your code will be messy. Very messy. Plus these laws keep changing and your customers keep moving to different jurisdictions or giving you wrong information.
Add to that various attempts at fixing problems, adding features, partially removing unsuccessful features, supporting old systems, framework/library migrations in various states of completeness, different developer's ideas of how to do things, and that rockstar developer who wrote really obscure code and then left to grow pomelos, and you have an incredible mess without even having to bring in company bureaucracy.
The way Microsoft accounts work is almost completely opaque to users.
I’ve been in similar scenarios — the switch directory or switch organisation technique usually worked for me - but wasn’t enough for this person.
They never really give you enough information to tell what’s going on… maybe it’s a security risk to have consumers who are anything other than bewildered Kafkerian characters struggling against a faceless bureaucracy? I suppose we should not question their wisdom and be thankful that we can log in at all.
Atlassian manage to make it even more confusing than Microsoft. So there’s that.
Now, if Microsoft bought Atlassian — that would be absolute theoretical maximum limit of peak confusion when logging into an app.
“Warning: You are about to login to Microsoft Atlassian Fogbugz Trello. Have you cleared sufficient space in your calendar, notified your next of kin, put your affairs in order, and taken your sedatives?”
Atlassian ID was a negative point when choosing software.
We, as an Atlassian plugin maker, chose GitLab internally, and Notion, both because at least it was properly integrated and didn’t have the awful Atlassian ID and switch between apps…
Ha. You have two factor on MS, main atlassian, and former bitbucket?
Prepare for peak confusion. Three different MFAs will be needed but we wont tell you which one is for which step. Oh and if you make a mistake you get to start all over!
Try having a kid and segregating funds for them while paying for their Xbox Game Pass and a Minecraft Realm with your account. I have 25 years of Windows software development experience and I was almost reduced to tears just trying to understand what I'm even trying to accomplish.
Realms is still in some kind of half subscribed, half not subscribed state and it still asks for my account's PIN for purchases but actually only accepts my kid's PIN. And every game warns me that my setup is questionable (store account doesn't match game account) even though it's exactly what Microsoft tells parents to do. Even Microsoft's own Minecraft app complains every 30 days!
I suggest this area for any web2 bug bounty hunters looking to make a fortune.
Setting up my kids to play on a realms account is horrid experience! And nevermind explaining how to do it to the parents of my kids' friends. Most of the kids still haven't managed to get on.
Also parental controls seems to suck in general on most services. Nintendo Switch seems to get it right for the most part.
I witnessed an egregious bug once - where logging in with one users name and a different users 2FA let me in. I just looked for my notes on it and can’t find them. I’m happy for you not to take my word on it other than to say — I concur that there are some egregious bugs in this area!
I completely believe you - I have performed this setup twice, on different machines, and in both cases the end result is that it uses the kids PIN to authenticate despite requesting the adult's PIN.
I have no idea where to report the issue to (Microsoft store? Minecraft support? Microsoft Windows support?), and having dealt with Microsoft support in a professional capacity I know that even if I do figure out where to report it that they will waste weeks of my time asking me to explain the issue and then claim it's working as designed without understanding the problem at all.
Ok - that sounds like the exact thing. It was so very odd when it happened. I’m sure I tweeted about it at the time, or put it on mastodon if it was more recent.
> result is that it uses the kids PIN to authenticate despite requesting the adult's PIN
That's been a thing for a long time. I hit it when trying to share games with child accounts. IIRC, the high level process was:
- Set up child computer with a child account.
- Add parent account as family member on child computer.
- Set up a PIN for the parent account on the child computer.
- On the child OS account, open the Windows Store and log in as the parent.
- Log back in to the Windows Store using the child account.
At that point when the child tries to buy something via the Windows Store it should be asking for the parent's PIN, but accepts the child PIN. As far as I could tell it was authenticating the parent account with the child's PIN.
When I ran into the issue, I could buy anything I wanted with the child PIN and it bypassed all restrictions.
I was so surprised by the way it worked that I spent an entire afternoon testing it. I got a prepaid credit card, set up fresh MS accounts for the parent + child, set up a clean OS install, and recorded everything using VirtualBox by using the on-screen keyboard to show the PINs.
At the time there was a bug in VirtualBox's video recording that caused it to record random garbage and I got so frustrated that I set it aside and never went back to it.
It seems like an auth bypass issue to me and it's been a problem for over 7 years. It's been around so long it's even made it's way from an unofficial blog into official MS docs [1]:
> As of Dec 25 2015, there seems to be a bug in the Windows Store sign in process as it may ask for your PIN code but it actually wants your family member’s PIN code. That is, at least at the time of this writing, use the PIN of the signed in family member even though it asks for your PIN!
The switch over the Microsoft login for Minecraft was so bad that I just gave up and got the kids using MineTest instead.
And MS login for work is a complete shambles. I have to do a tactical login to Outlook with a different work account to switch login when I try to use Azure as that's the only obvious way to move to a different org account. It's horrible.
Minecraft is so broken that I’ve removed it from all family devices.
I would frequently have to reinstall on PS5 to get it to boot, it would lose purchases constantly, and there is no cross play for mac hilariously because Mac doesn’t have a bedrock port, despite it having “Minecraft for education” which is based on bedrock.
Microsoft turned Minecraft into a steaming pile of garbage.
I had 2 mojang accounts for my kids, attached to 2 separate Java game licenses (because i couldn't buy 2 licenses for 1 account) used on Linux. When Microsoft forced the authentication conversion, I had to disassociate 1 of the 2 emails from the combined MS account (that I had worked really hard to combine in 2020) reincarnate that email as a separate MS account, associate it with the separate Mojang account (because MS also has no way of supporting 2 licenses on 1 MS account, even if the account listed multiple emails) and then I was promptly banned by Microsoft for breach of TOS, whatever that might have been. 12 hours later and a dozen support contacts to Mojang, I was unbanned... but my kids didn't play Minecraft that day.
To any MS/Mojang folks lurking,- great game but the authentication merge was an unforced error.
MS also banned me from playing Halo Infinite after a few days due to "Fraud (please insert phone number)" even though I'd done absolutely nothing suspicious --just played the game. So, naturally I deleted it and haven't looked back.
Couldn't you buy Microsoft Store gift cards so you can use your kid's account to keep the subscription active while not using your credit card directly?
my general approach to this garbage is to just keep making new accounts/email addresses (on my domain) for each purpose
this keeps everything from being comingled at the expense of maintaining all of those credentials
also, as a bonus, if you organize this by subdomain you can sort your email by it automatically since most emails from this stuff don't really need to hit your inbox
Until they ban all of your alts when some obscure ToS sentence about creating multiple accounts starts being enforced (or one of them gets taken over when you don't pay close enough attention) and if you happen to use any of them for anything critical you come to HN complaining how MS just killed your life or business. I truly think that's what happens behind the scenes of half of those cry for help posts
When I saw Minecraft for the Nintendo Switch I bought it, thinking it'd be a solution for the MS login madness and my kid could play easily with it.
Wrong!
It's even worse! You still have to log in with some MS account, but on top it's buggy, slow, laggy, and crashed a few times on me generating the world. What a disaster.
Same story here. Thought it would be great for kids to play. Takes 30 minutes of me screwing with it every time they want to play it. I gave up and put linux on an old laptop and them bought another copy of minecraft for it.
Arghhh... I swear I only have one Microsoft account, but it randomly seems to use either one password or an older one. I've been round loops several times resetting the password and all seems well, until it seems to want an older one again.
I didn't bother porting my Mojang account to Microsoft, it was too stressful to use.
We took on a client on Azure 4-5 years ago. something happened to my MS account at that time, that made it impossible to sign in to a random subset of MS services (it would either report that the pw was invalid, or I didn’t have permissions).
It was something like two accounts existed in the system with the same email address and one of them had permissions, but we couldn’t sign in to it and the other we could sign in to, but didn’t have permissions and there was no way to grant it permissions.
I spent several hours with MS support over a few days while they tried to sort it out, reset passwords, sign in via different systems, etc. Eventually they recommend we create a new account.
Correct. If you didn't mind having a Mojang account (small, indie, Swedish company; respectable privacy policy) but would prefer not to create a Microsoft account, your money is as good as gone and there is no way to play the game officially.
if you just want to play offline, the prism launcher still lets you authenticate using the old mojang accounts. (which is not to contradict your claim, as it's not an official launcher).
I held out for a really long time, but a friend wanted to play minecraft with me so I finally caved. If they ask me to add a phone number I'll probably just abandon the account though, and look into piracy of the game I purchased.
After converting, my brand new MS account got locked for 'suspicious activity' within minutes. To get back access to the game I had paid money for, I had to... you guessed it: add my phone number.
Really makes me consider just not playing anymore.
The Mojang accounts weren't great for security. No 2FA or anything (just security questions), and if you lost your account / it was stolen, you were pretty stuffed. The only way to recover it was to present the transaction ID of your purchase of the game to support, which most people don't have and you were never told to keep. I saw lots of people get permanently locked out of their accounts.
I guess it also doesn't make sense for them to maintain a parallel login system when the Microsoft one gets (presumably) millions of dollars of investment every year. Though Microsoft accounts are more complicated to use, with configuration being split across Microsoft, Xbox, and Mojang/Minecraft itself. And it seems they like locking people out for opaque reasons.
>The Mojang accounts weren't great for security. No 2FA or anything (just security questions), and if you lost your account / it was stolen, you were pretty stuffed. The only way to recover it was to present the transaction ID of your purchase of the game to support, which most people don't have and you were never told to keep. I saw lots of people get permanently locked out of their accounts.
It was in fact super easy to just search my email Inbox for emails from Mojand and find the proof or purchase.
With MS I have 3 fucking accounts and not by choice, they bought Skype and Mojand and forced me into their super shitty system, I spent 30 minutes 1 year ago to migrate the Minecrtaft accoutn and more then 30 minutes a few weeks back to login back into Minecraft because I needed to detective my way to figureout what Microsoft account they connected to my Mojang purchase.
I hope in a few years someone leaks what greedy motives were behind this forced migrations, probably to sell more shit.
The mojang accounts were superior in every way in terms of security. Hahha, microsoft is a huge attack surface. And with microsoft, you also need to secure your account against microsoft itself, which isn't easy, they will randomly extort previously unknown personal information like phone numbers to access your account. If you only have 1 number, and its linked to a different account, you just lost your account.
I don't understand why people think a microsoft account could ever possibly be more secure.
Reliability is probably about the same, but the Microsoft account signup process is a nightmare compared to the old Mojang system. There's like 4 different X-Box or Game like websites with slightly different usernames and they don't talk with one another and various features are scattered across all of them. Even flipping the switch that lets you join an online game is buried half a dozen menus deep in the bowels of the system and is labeled in a way that you'll never find it if you didn't Google for the instructions first. It's so unnecessarily complex and confusing.
The worst part is that some bot years ago signed up for the X-Box account using the same email I used for the Mojang account so converting the account first required me to take over the bot account with a password reset. But the bot set the account in up German and it's apparently impossible to switch the language settings for everything. I got most of it switched over (across four completely different configuration pages), but stuff like the emails are still sent in German. I'm pretty sure my account is going to be locked sometime in the future once they figure out that it was originally a bot account and there is no chance I'm going to be able to get my alpha Minecraft account back when that happens.
As a random example, if your Microsoft account is OAuthed to a GitHub login, and you log in through that, the popup browser just takes you back to a Microsoft account settings page instead of handing the OAuth flow back to Minecraft
Is this a surprise? I assumed everyone's experience of Microsoft accounts was something like this. Every single detail seems designed by someone who read Kafka and took the wrong lesson out of it.
You don't need to accept it. Just don't use Microsoft. (If your school forces you to, create a throwaway account for that, and let the principal know that you are not a happy customer)
And then your child has a Mojang account, and then you can't use Minecraft because the throwaway account is associated with your phone number, and it's tied into the Active Directory of .....
Having an account for your child schools is kind of a necessity. Using Minecraft is not. It seems to be a nice game and children like it; it sucks that Microsoft bought it. Still not a good enough reason to use Microsoft.
That's why my kids now play MineTest. Despite having bought them Java Minecraft before that was an issue. Shame the money was wasted. Product changed. Ought to be able to get our money back.
You jump to questionable conclusions here. They just meant that Microsoft messing something up to this degree is not a big shock to people who already had MS related issues.
Some of their designs are downright malicious (like locking the email account until you give them your phone number), more often it's amazingly bad software/UI, and sometimes they'll ruin your weekend by rolling out a Windows update without asking which wipes your partitions or throws bluescreens on boot.
I decided a while ago it's not worth it for me and stopped using as much MS related stuff as possible, and I'm glad I did.
Despite the implication of malice that other comments seem to be directing at Microsoft, this just seems like a bit of an oversight (i.e. inexperience) on behalf of the school’s IT team.
Nonetheless, I would have expected MS to ensure that the process includes clearer guidance for the account owner, and for deliberate decisions to be made by the school to enable this type of action.
They did a very good job of providing clear advice to BYOD users during the MDM onboarding process in InTune, and it’s confusing that this didn’t occur in this case.
> this just seems like a bit of an oversight (i.e. inexperience) on behalf of the school’s IT team.
No matter how inexperienced they are, it shouldn’t be possible to put an external Microsoft account into this weird state without the account holder’s permission. And the “leave organisation” button shouldn’t leave the account in some weird unrecoverable state.
This all reeks of sloppy product design on Microsoft’s part. Is my Microsoft account one bad domain administrator away from being taken from me? That’s unacceptable.
But the schools IT team shouldn't have been able to do this! I don't ascribe malice to them, but if, in the regular course of me doing my every day normal business at my bank, their website ended up with me taking your money out of your account somehow, the blame wouldn't lie with me or you, it would be the bank's fuckup.
How does that work? Is there some evil villian at Microsoft, twirling his mustache maniacally laughing himself to sleep because Mr Jeff here can't create an Azure app? This is a case for Hanlon's razor.
If we take the legal definition of malice then it might. I like this definition of malice[1]:
> malice is a condition of the mind which shows a heart regardless of social duty and fatally bent on mischief, the existence of which is inferred from acts committed or words spoken.
Negligence and recklessness are often considered acts of malice, especially when stemming from wilful blindness.
The mischief here is the problem with the account, we (those commenting on this page) have no confidence in Microsoft to improve it (they are fatally bent), as they clearly don't consider it a social duty and are surely wilfully blind to it. Does anyone here think they want to know, let alone care?
For every policy and priority there is one or more humans somewhere who decided them. They aren't sourceless and ineffectable natural phenomenon like the weather. A person somewhere knowingly decided them, and continued to do so in the face of plenty of argument. It doesn't require Ming the Merciless mustaches, it only requires normal differences in priorities.
One wonders why one would pretend not to know this.
Maybe, but it's a behaviour that shouldn't be possible to happen. If I have a personal account it's my account, and should be considered distinct from the account of a school/organization, there shouldn't be the possibility that joining one of them will limit what my account could do.
That is a personal account shouldn't even be possibly converted into an AzureAD one: if you want it's another account, with another email and another password. This possibility of mistake should never happen.
Yes, it's confusing that the UI doesn't highlight that "Jeff's MSA" and "Jeff's MSA at This School" are different accounts when it makes statements about the school owning the account. By adding him, the school set up a "Jeff at This School" account (a unique ID inside their Azure Active Directory) which Jeff can access using his MSA account. They didn't take any ownership over his MSA, but they do control the data for his school account (i.e. anything he creates in their Azure Portal, SharePoint, etc.)
And then Jeff is confused about the state of his account. Keep in mind that he's using a developer tool (the Azure portal) and account federation is not a beginner-level feature of Azure AD. There are sharp edges. He just jumped to a lot of conclusions and wow the Fud level on this comments thread is off the charts.
I know this because I set up an OAuth2 based web portal for my friends to access my Minecraft server using Azure AD B2C and by god the hardest part was figuring out how to explain the login experience to users, and disable the secondary 2FA requirements for MSA/Gmail users (because I know my friends are smart enough to use 2FA)
Some company that offered services to us used Azure AD for their authentication into their portal, so when you registered with them it actually created an Azure AD tenant. The user was not aware of this, but this started to become a real headache not only because users could apparently create Azure AD tenants out of nowhere, in some weird way I still don't understand, but certainly through user interaction, other users that had nothing to do with that portal also got added into this Azure AD! It took some shady workarounds to get control over this rogue Azure AD tenant and clean up the mess it caused. At this point we keep the Azure AD around not because we want to use it, but to stop anyone else from creating one with one of our domain names.
I'm realizing more and more that relying on a large organization for a service where you are 1 of hundreds of millions of customers is a bad idea.
First customer service will be automated or even non existant, and very poor. Secondly the product will have been 'tweaked' so many times for new markets and product extensions that it will be very fragile when you do something at the edges of its functionality (not what the other hundreds of millions are doing).
It shouldn't really be this way - it tells a lot about software engineering that a product run by a few enthused people alone can often (but by no means must) have better support and service than a product with huge resources.
A father with a daughter that goes to a school, and the father has a Microsoft account, is nowhere near an "edge of functionality". Sounds more like Microsoft has a too-complex login system on their hands, one that needs a ton of backend rework to happen in order to simplify the system for the user (and the developer)'s sanity.
Also, a software engineering product run by a large organization is going to have tons more functionality under its much bigger umbrella compared to a small team with a much smaller product. Consider AWS vs Digital Ocean. Both great companies, but AWS's umbrella of offerings is vast compare to Digital Ocean.
No, but something unusual went wrong and getting it fixed will be harder at MS than a smaller company. There probably isn't a single person who understands why without a fair amount of research. Without the publicity, MS would be inclined not to spend the effort to fix.
> Also, a software engineering product run by a large organization is going to have tons more functionality
This was exactly my point - the large product with tons more functionality will likely be more brittle, harder to use, and get support for if something breaks. If you aren't using that functionality, you often won't be well served by the company. I had this experience with EverNote. I'm also a very happy AWS customer, but I think that is because their products are a set of (fairly) independent products, rather than one huge system.
Ah. It's because it's nowhere near the edge of functionality, I don't think something particularly unusual actually went wrong here. Mr Jeff just hit a bug. But because Microsoft is such a huge company, and fathers with daughters who go to a school is such a large segment of users (and because Microsoft is not as obtuse as Apple, where Apple pretends their software has no bugs), I bet there's already a product manager spinning up a customer service bulletin going out to reps to school IT departments and a team of developers to add the fix to a roadmap and fix the problem globally.
Or maybe the bug's just going to languish and our friend Jeff here is going to be forced to create a new Microsoft account.
--
As far as AWS' products being independent products. I have the opposite view, as their products would be rather useless if they didn't interoperate with each other. How useless S3 would be if it couldn't talk to anything else!
The problem is not that there is no one person it's that the team that knows the details are insulated from end users by layers of layers of bureaucracy needed to keep them from being flooded in identical/trivial tickets to the point where they never get to look at the actual product they are developing.
With smaller outfit's the L2 tech support might actually be having a line of communication directly to engineering, where in large companies there might be an L3-6 plus different product owners and escalation managers involved before a case gets in front of the engineering team.
Even in large companies it depends a lot on the product. For Microsoft, if something has an issue tracker on GitHub (e.g. VSCode, C#, Windows Terminal), the bugs that get filed there are usually looked at directly by the team that owns it.
> It was created when I transitioned my Xbox LIVE account to a Microsoft account on 2014-03-07 (the LIVE account was created back in 2006, and neither it nor my Microsoft account were ever joined to any other domains).
Hoping this raised issue helps cleaning up some of the mess, I find it fascinating how bizantine microsoft have become.
I also have a skype account that became some other other account, but was using the same email as my mojang account that got ported to live accounts. I kinda hope everything is neatly bound in the backend as I login through the live.com portal, but it feels like a miracle that it still works at all.
It was the same kind of fun trying to log to flickr with a old converted yahoo account. Or dealing with amazon after merging multi-coutry accounts.
Amazon used to allow having multiple accounts with the same email, but different passwords.
And don’t ask what happens to personal accounts that get accidentally invited to corporate accounts via email adresses formerly used for the personal account.
I think it's still complicated. I wouldn't try to play too much with it, but you can use the "same" account across each of their national portals except parts of it seem to be local to the country, and many amazon apps don't have a notion of country (e.g. when logging to the prime app you only use the email and password, and it guesses from there. It actually finds the right item from an app downloaded from a different country's app store).
I made a point to separate mail addresses by country to avoid getting hosed, but I'd imagine the fun trying to access Prime or kindle purchases from an account that has them in multiple national stores.
Yeah, at some stage I had accounts on Amazon.de, Amazon.co.uk and Amazon.com with the same email. My .de and .co.uk accounts eventually got merged (no notification, just found one day I needed to start using my .co.uk password to log into .de), but my .com one is still semi-seperate and I need to go to amazon.com to manage my kindle ebooks still.
This really goes to show what depending on online authentication from a large corp can do.
Even worse, Microsoft is now trying to force online accounts onto Windows machines.
Google already does it with Android. Which means for some reason if you lose access to your email, you are locked out of not only your online accounts but your local devices also.
We really need to separate authentication from services and devices. With strong safe guards around that account and an actually support system.
Yeah, that shit is why I took a brand-new NVIDIA Shield back to the store immediately after getting it home - it literally cannot be used without signing into a Google account. I bought it thinking, "hey nice, I can use this 4K Android home theatre device without Google being involved, since it's from NVIDIA and thus hopefully free of all that crap". I even did my homework on this: no material included with the product, nor NVIDIA's online product page, indicated that an Android account is strictly required to actually use the product. I ended up doing some more searching after returning the product, and finally found a singular customer support page that happens to mention it. Gotta love it...
It does.
"Google search sucks" returns what you'd expect.
What GP is getting at is that Google Search breaks down often when you're looking for a very specific result, but one that is uncommon enough. Instead, you're often diverted to a "related" query result without them telling you.
If you search "What is the world record for crossing the English Channel entirely on foot?" Google would respond with swimming, boats, pedalling etc but miss the ones where people crossed on foot through the Channel Tunnel.
An improbable search is almost impossible to do on Google. They will replace it with unrelated but similar results. Even when you specify a strong condition, it will just ignore it and return the exact opposite. It's no better than LLM hallucination.
There are pairs of words that are very similar, but semantically different. Like "latitude" and "longitude" or "first name" and "last name". Google's model can't make fine distinctions between related (like latitude and longitude) and semantically equivalent (like last_name and family_name). You search for a semantic match, it will give you a related result that is exactly not matching your search.
Google should be surfacing what its policies actually are, period. If those policies paint Google in a bad light, it should reconsider them, not be coy about them.
Why does an Android TV device requiring a Google account paint Google in a bad light?
If I’m all-in on the Google/Android ecosystem, this is a positive! It works even better!
The alternative is that the people behind the Nvidia Shield are intentionally user hostile / acting with malice, in cooperation with Google?
The idea that the account requirement is positive or negative is a hugely subjective one. The fact is it’s needed. Whether it’s positive or negative is largely irrelevant. The fact should be surfaced.
> That's the kind of results Google should be surfacing
Indeed and when I try it, it does surface it when I search for Does Nvidia Shield require an Android account? [1] For comparison, ChatGPT also gets it right. [2]
I was looking at a media center/gaming emulation device and to be honest i dont see the benefit of these android based TV devices or Apple TV anymore.
You can buy a good mini-pc for a couple hundred bucks and its much more powerful and flexible. You can run windows or linux etc and hook up any keyboard, controller, remote, and do whatever you like.
I'd be interested to hear how you'd get the usability to be as good as an operating system designed to be used with a remote running apps designed to be run with a remote.
Having to use a mouse and keyboard is a pain point for me when I use my desktop on my TV from the couch. For the mouse I use the trackpad on a ps5 controller, so the mouse isn't so bad.
Possibly you could:
* Not require passwords for everyday operation of your computer
* Boot into some sort of launcher designed for televisions
* Have a fairly narrow set of apps and services that work well with your setup. For example I don't know how you'd use Netflix or Disney plus with a remote on Linux.
I've been running Kodi for over a decade now. It starts on boot, so all I have to do is start the desktop. Remote works with an open source Anroid app, it also allows streaming from Kodi to your phone and vice versa. Youtube works fine, never tried Disney+/Netflix, I'm not sure that's possible.
Kodi has YouTube? YT was the only reason I didn't just set up a Pi 4 or whatever. Already got one LibreELEC system for the home theatre, but wanted YT for the "daily driver" TV display. I assumed any YT plugin for Kodi would be persistently behind API changes and often not working, etc... is my assumption wrong? Would be great to hear if so haha
You need to setup your own set of API keys (fairly easy) but it canl break for a week or so at a time when YT make changes that need updates for but it's reasonably rare (one every couple of years).
I've never added API keys and it mostly works fine, need to retry a link sometimes (youtube a/b testing things I guess?) and I imagine it can't play age-gated videos.
You can configure linux to directly boot into Kodi with zero interaction very easily[1]. If you pickup a machine with an IR sensor (some Intel NUCs for example) then you can configure it to use a remote[2]. RPis have HDMI-CEC which mean you can use your TV remote[3]. With that said I just use a mini keyboard[4] as it's the easiest and moat versatile for me, definitely not the most user friendly for people who don't know the keys though!).
Admittedly I only have local media and YouTube (via a Kodi Plugin)and don't use any streaming services so Kodi fulfils my needs perfectly.
There exist a couple of wireless media keyboards with integrated trackpads like a large one from logitech or microsoft or some small ones from obscure chinese companies on amazon. There are also remotes that you can connect over bluetooth.
The obvious response to this is that the non-techy family members wouldn't be able to use it, but honestly most home entertainment setups are already crazy complicated, whereas everyone knows how to use a PC (for now)
Mash any of the four buttons on the Apple TV remote until the TV turns on, then use the top third of the remote as a touch surface to pick the app logo you want (Netflix, Youtube, etc.). If your iPhone is in the same wifi, a notification will tell you you can use it to type instead of the on-screen keyboard if you get into a free text field like for search. Apple products have their faults, and they are expensive, but that experience is as simple and smooth as it gets.
We also have an old laptop attached to the TV. We set that up in the lockdowns so we could use a webcam on the TV and a wired microphone on the coffee table to "get together" with friends and family, still use it occasionally for Dungeons & Dragons with friends who live too far away to visit often. The Apple TV doesn't support webcams, but wins at everything else, hands down. Even for desktop-y stuff, streaming my Macbook or my girlfriend's iPad to the Apple TV is less hassle.
Desktop ergonomics just don't work on the couch, at least for us, even with a nice-ish wireless keyboard with touchpad. Having a touchpad remote with just four buttons that have very predictable functions and a simple mobile-ish UI is nice, even to me, and I'm a desktop power user otherwise. Desktop OSes are for work, school or uni, most people aren't inclined, encouraged and/or enabled to explore and play in those, so they don't get them the way desktop power users do and tend to expect everyone else to, or the way people get mobile UX.
If you want something nearly everyone can pick up quickly, even older children and some seniors, make it touch-based, responsive, give it proper apps and the same core animations mobile phones have and you're 80% there.
You can get a streaming stick with the remote for like $50. It will come with all the stupid DRM in place required to stream 1080p/4K/HDR whatever and it'll be designed to be used from 10 feet away with a remote. Plus it'll use like 3W of power.
Setting that all up on PC is much more of a chore.
> You can buy a good mini-pc for a couple hundred bucks and its much more powerful and flexible. You can run windows or linux etc and hook up any keyboard, controller, remote, and do whatever you like.
More flexible, yes, but are you really getting more powerful than an A15 for that price, especially when running a general purpose OS?
That last point is really hurting why media PCs disappeared: you’re paying considerably more - a whole number multiple - for an experience which isn’t designed for a TV, and in return you get the fun of playing sysadmin when you’re trying to relax. Most people are not going to pay a significant premium so they can deal with drivers and trying to figure out why their HDR isn’t working. Device lifetime theoretically could counter that out but I’m skeptical that hardware won’t be what sets the timing for that in either case, and the dollars per year metric isn’t favorable there.
Performance-wise? Yeah, I bet you could. A Ryzen 5 mini PC is well under $200 and will probably have hardware acceleration for 4k60. If you're the sort of person that already has SFTP plugged into your "media backup drive", Kodi on a cheap low-power box is kinda a no-brainer.
There are certainly better push-button solutions on the market, but arguing in the AppleTV's favor for performance is probably a phyrric victory at-best. If you want an AppleTV, get an AppleTV - if you want a streaming box for your ripped Blu-Rays and legally-dumped retrogames, you can build it yourself for roughly the same price.
> Ryzen 5 mini PC is well under $200 and will probably have hardware acceleration for 4k60.
The cheapest one Google knows about is an AliExpress no-name brand at $159 and that’s because it includes no storage or RAM, and uses a 3750H which benchmarks at less than half the speed. Once you add memory, it’s over $200. It does match the Apple TV on 4K@60 HDR support so I’d assume it must have hardware support.
Amazon has a couple of off-brand Intel devices, also around $200 for around half the Apple device’s performance.
Again, if you really want a PC you certainly can make it work but the reason it’s unpopular is that you’re paying a lot more – this is starting at 150% for hardware which is unlikely to last as long – and you then have to support a full PC, buy remotes, etc. If you enjoy that as a hobby, sure, but it’s hardly surprising that most people buy something which just works out of the box.
There exist general purposes OSes that don't just fall apart randomly, you know. For instance if I have a problem with my Kodi box, I just reboot and choose the previous generation in the NixOS boot menu.
Judging by the threads on those proprietary embedded devices, I think my setup passes the "just works when you want it to" test even better than those appliance things, which market an illusion of stability but are doing the same mutable update dance behind the scenes (with the added complication of corporate whims).
> There exist general purposes OSes that don't just fall apart randomly, you know. For instance if I have a problem with my Kodi box, I just reboot and choose the previous generation in the NixOS boot menu.
As someone who started using desktop Linux and supported it professionally before the turn of the century, yes, I’m aware and you’ll note that I never claimed otherwise. The reason I mentioned general purpose operating systems is that they’re not optimized for non-keyboard/mouse UI and you’re more likely to get in a situation which requires more work to sort out via the CLI.
The other concern I raised was drivers. Support for hardware video decoding, colorspaces & depth, high-quality sound, etc. is certainly technically possible but also something which not-uncommonly ends with angry rants. If you are passionate about open source and eager to take on that responsibility, great, but it’s not a popular choice.
The focus of those points feels completely irrelevant to the reality of my using a general PC to drive my TV. They seem to simultaneously assume the use of a generic point and click operating environment, while rejecting the additional functionality that would necessitate doing so.
My Kodi box boots straight into Kodi. I have a mini wireless keyboard on it (Rii X8?), but the alphanumeric functionality isn't particularly used and it could just as easily be a video game controller or even an IR remote.
There is no "situation which requires more work to sort out via the CLI", beyond when I deliberately choose to make changes to the system. If I ever did want to pop out of Kodi and run a general desktop + browser - say for sports streams - then the additional input hassle would be due to doing something I couldn't do with an appliance anyway. You can't really characterize this as a drawback.
And sure if some driver functionality doesn't exist, then obviously you can't use it - you set your expectations to what is available and how much you want to tinker. And the real answer to "angry rants" is to use an operating system with reliable change control, so that if you start tinkering with something, it cannot end up in a broken state when you want to use it to relax.
Look, I’m not saying you can’t use a PC for a TV if you want. I was specifically responding to the assertion that it was both cost-competitive and better performing when neither is true. It certainly allows you to do different things but it’s unclear how many people care about those more than the extra cash.
IMO there's this weird tendency for technologists to create a model of "normies" with no bespoke interests or self-actualization, and then argue that they're following fully-fleshed-out "normie" incentives rather than the actuality of advertising and product placement.
Also I find it a bit disingenuous when people argue for the "less expensive" options that put you at the mercy of streaming companies. My amd64+Kodi+zfs+VPN setup certainly isn't the cheapest, but neither is a corporate puck with several monthly fees for streaming services. If one wanted to be entertained for the least money possible, I suspect that would just consist of using your current laptop/computer running a general purpose OS to play dodgy streaming sites. But most people seemingly want something more than that (which ties back in to my first paragraph).
As a technologist who’s run a fully fledged media PC since the days of Xbox Media Centre (before XBMC or Kodi or even Plex I think) with both Windows and Linux flavours, along with a USB IR remote control and wireless keyboard options… I simply got fed up of things randomly not working every year or two when a major upgrade was required, and the amount of effort that typically became required at the exact point that I was exhausted and just wanted to relax.
So I gave in, switched to Plex, paid for a Plexpass lifetime account, and bought embedded devices that could stream content off my server.
I have way less flexibility now that I’m on an AppleTV 4K. I also continue to get occasional headaches (e.g. recently the remote control randomly stops being able to control the volume), but the size of the headache is limited to pulling out a different remote control / turning all the things off and on again. Mental effort not required.
I have a laptop that goes into the 4x2 HDMI splitter, and I occasionally whip that out if there’s a real desperate need. But it’s the absolute last resort. It’s just easier to use the ATV.
It’s not that I lack the ability to produce a better PC based solution today, it’s that I lack the interest, and the $200 ATV is good enough that I’d rather throw money at the problem than time.
> dont see the benefit of these android based TV devices or Apple TV anymore.
My point was simply that an Apple TV is significantly cheaper ($100-120 vs. the $200+ PCs people mentioned) and it has roughly a factor of two better performance. Now, it’s inarguably less flexible but most of that flexibility doesn’t help with things many people want to do, which was the original point: people buy these because “spend less, everything you actually use just works” is actually a pretty good sales pitch.
This is probably not a helpful answer for most people, but the Shield has an unlocked bootloader, and it's popular enough to have lots of custom ROMs that you could flash that don't have that problem.
Don't mix up poop and chocolate - while Google's accounts aren't really that great (the whole GSuite mish-mash of nonsense doesn't really help), they are several orders of magnitude better than whatever MS is trying to do here. You have a million different ways to permanently screw yourself with a MS account, especially since they basically kept all the "account types" hidden while applying over them a veneer of homogeneity. You can basically use any Google account everywhere a Google account is required, but personal and corporate MS accounts are basically two different things that reuse some infrastructure while not being compatible the slightest. Even when logging in in Windows, there are a dozen ways to enroll a MS account, and most if not all of them are not compatible with each other. There's always a very high chance of getting your Windows account messed up, not accessible, or impossible to log in to.
> You can basically use any Google account everywhere a Google account is required
This is not true if it is a Google Workspace (or whatever they are calling it now) account. Learned this the hard way when getting YouTubeTV. To be fair, it was just a couple of hours of frustration and annoyance but still, for whatever reason, the workspace accounts that you pay for are second class citizens.
I had to abandon my Google workspace account with my main email domain after they booted the free GSuite status (I migrated before they changed their mind unfortunately). Not only is that account gimped because it is a Google Workspace account (with little things all over that refuse to work with those style accounts at all) now it's even more gimped because it has no active subscription tied to it.
I can't downgrade it to a personal account without deleting the account and recreating it, but there's not even a guarantee that will work. Deleting the account will also mess up family photo albums and other items. Photo storage is full but I'm also unable to pay for storage without adding a subscription to the account. It's so risky to try and fix it that I just had to migrate to a new google account, re-purchase all my android apps, and just ignore that account forever.
A Google Workspace account does not work for Nest. I signed up for the free Google-email-but-with-your-domain thing more than a decade ago. A bit more recently but back when I was still a Google fanboy I bought a Nest thermostat and was astonished that my account could not be used for Nest.
Do you mean when using Google email? I don't see how being locked out of my personal email would lead to me being locked out of my Android, even if I would log into Google Play Services with an account (which I have not but let's go with the common lay person scenario).
I have seen this on HackerNews multiple times. I bought a Google Pixel this past week and set it up. I have not logged into a Google Account. Maybe if you give the phone internet access during setup, it doesn't give you the local account option. But I can attest that Google has not (yet?) closed the "offline account" loophole.
Its honestly shocking to me how fragmented Microsoft's authentication system can be and how many quirks it has. Knowing how enterprise software is built, you know under the hood their auth system is complete fragmented mess. Every login looks the same but is subtly different so you can literally log into one service if your account is setup a certain way and that would instantly screw you when it comes to logging into 5+ other services.
Auth with MS accounts is a giant mess. When I was a city councillor I had a corporate O365 account from the council (used for council email and virtual meetings over teams) and simply trying to sign out of the thing or switch to another account was always fraught (I've got a personal account that's basically just to associate my windows license with and a work account used for azure access). You'd often end up in a state where teams would just refuse to sign in and you'd need to reinstall it to get it to work again.
Trying to be actively signed out is also a mess. You can use the teams app to join teams meetings others have setup and invited you too without teams access yourself. Though of course if you have an MS account teams can see it ends up trying to use it and then saying you don't get teams access via that account and trying to sign out and join the meeting with an account associated with it often just doesn't work. A colleague actually ended up requesting he got an o365 account with teams associated with his corp email because of this issue as he had occasional meetings with external people over teams. We have a corp o365 setup for our ops/admin team that engineering normally doesn't touch but because he had a teams invite sent to his corp email he got dragged into it.
Yeah, the identity side of MS products is really dysfunctional. Every time I try to use teams or azure it ends up in hours of finding out the right procedure to log in or switch an account effectively.
And then you get the people asking naively "why are you getting so mad at them"...
Solution: run Windows in a VM, one machine per account, nuke it from orbit when-not-if something goes awry. Hundreds of hours of frustration prevented from a system that is not even able to have the same UI across all its windows.
The problem is that Windows 11 and above (try very hard to) require a Microsoft account, because these orcas of computing want to remind you with every step that you don't own the device you bought. Hence it's simpler/better to just virtualize everything.
Besides, there is a very satisfactory feeling when something doesn't work for whatever reason, you do a quick search and see that apparently you must edit some awfully named HKEY_LOCAL_MACHINE register or rename some <username>/AppData to .old (just had to do this yesterday, wild), and then, when the quick fix doesn't work, instead of trying to look for more fixes you just give up and start cussing until the VM is restored to a working backup.
> The problem is that Windows 11 and above require a Microsoft account
It is not quite a requirement, I have my Windows 11 Pro running just fine with no Microsoft account. They do attempt really hard to make it look like it's required though. Even going as far as showing a fullscreen app after Windows update that only has options for registering or login, but luckily Alt+F4 closes that abomination.
They can never “close the loopholes” entirely, because there are customers that want machines with zero access to public Internet (embedded systems, national security, etc), where a Microsoft account is an absolute non-starter. Closing all the loopholes would be abandoning those market segments (many of which are already trending towards Linux/etc anyway)
I suppose they might make it mandatory unless you have some special version of Windows which is hard to buy (like LTSC). But make it too hard they risk that market. Anyway, now bypassing it involves opening a command prompt window, only the more technical users will do so, and that’s a small enough minority they probably aren’t missing much.
They actually already make a special version of windows for those purposes and it isn't available to the open market. Government editions that have no telemetry, advertising, or integrated cloud products at all.
I know it is a pipe dream but I wish they could be forced to sell this to the general public.
I have looked into buying LTSC. Apparently you need a business (I own a “shelf” company which has never done anything, but legally it counts), and a Microsoft volume license agreement. I looked into the later. Supposedly there is this trick where you order all these useless-but-cheap Identity Manager CALs to cheaply meet the minimum order requirement for a volume license. But I got a bit stuck working out what to order (or even if it was still available through resellers in my country). I lost interest at that point.
Yes it is different, and the difference between gov edition and ltsc is that. The gov edition isn't designed for long term support without change, but to increase security of windows and remove all the telemry and forced integrated services from Microsoft.
This info is publicly available so more detailed info should be easy to find.
All the sources I can find say that Enterprise G is China-only. The US Government (among others) doesn’t use it, even for classified stuff.
Telemetry is a bit of a non-issue for many national security applications-they run on special air-gapped networks with zero direct access to the public Internet, Windows can try to phone home to Microsoft all day long, it’ll never get through.
And disabling telemetry doesn’t require LTSC or Enterprise G. All Enterprise, Education and Server editions support “Diagnostic data off” telemetry level. Even if that’s not the default, most enterprises who want that will build their own install images with that setting configured.
The last time I tried to do this it was impossible to sign into Office or Xbox on that same PC without logging into a Microsoft Account which subsequently takes over your local login. No way around it other than to not use those apps at all or only running office through a browser. It went like:
Install flight simulator on a Win10 PC with local login only and launch -> sign into an xbox account -> after you enter your name and password, you get a dialog box where you have to agree to sign your Microsoft Account on that PC with two dark pattern options that lead to the same result.
I couldn't find any combination of group policy editor, registry, and services.msc around it. You can either close it and lose access to the game you just paid for, or proceed and then you get your account signed into email and a bunch of other crap you dont want and have to spend hours getting rid of all traces of that account in your system(but it's never 100% gone). Only way to bypass it is to buy the game through Steam.
Between MacOs Linux and Microsoft, Microsoft has the last respect for you as a user and nobody should use it if they don't have to.
I haven't used windows for 20 years and yesterday I had a teams teleconference using Firefox on Linux. It works noticeably more poorly than most similar systems (jit.si for the win) but it works.
It actually worked decently once I used wired networking. Probably gobbles up bandwidth, typical Microsoft :D
The main problem is that randomly, Teams invite end in some "an unkown error occurred" and when this happens there's no recourse. It never happened with Zoom, Jit.si, Goto Meeting, Google Meet or whatever else I've used.
The absolutely worst of all is WebEx, fortunately it's rapidly disappearing.
Well I still have a non-signed-in local account on my Windows 11 Pro install, but of course every time I boot up I get a full screen “finish setting up your device” before I’m allowed to sign in. The only options are “continue” and “remind me in three days”. Better yet, I once clicked on continue by accident and the computer hang for three minutes before I shut it down. Now I only reboot when the machine BSODs, which (I kid you not) happens every three to five days.
Thankfully I only use it for some cross-platform testing and occasional gaming.
I have the same issue with "finish setting up your device". I don't understand how this can be legal. In the early 2000 MS got fined for bundling IE as default, but I seriously think they have even more evil patterns now baked into Windows and all it's entangling into 365 etc.
I was thinking the same thing. I heard somewhere that nobody wants to prosecute Microsoft now because their systems are so tied into our our financial and political infrastructure that nobody wants to rock the boat. I also heard that Microsoft uses this as leverage against business that want to speak out against the dark patterns and deceptive practices Microsoft is involved in.
"The New Goliaths: How Corporations Use Software to Dominate Industries, Kill Innovation, and Undermine Regulation"[1] looks like a good book on the subject that I plan on reading.
I absolutely detest Microsoft, but I think that same argument could be made for most of big tech but especially Google, Microsoft, Apple, Oracle or even the link you provided there selling the book, Amazon.
Yes thats true. I think Microsoft is in a special position though because the have the dominate share in the business market. I'm not too interested in focusing on the "Other the bad apples to" as it distracts from the actual problem: "Dark Patterns" and our allowing of them as a society. I take the approach that external manifestations come from our inner states of being from every human on the planet. We allow these things to happen because of where we are at as humans in society, at this current state of our evolution. Maybe it will change someday, maybe not.
That, and the opposite of 'continue' (making this permanent change) being 'remind me in three days' or Google's 'not now' comes with this nasty implication that we're all just foolish users who don't know what's best for us and that we'll eventually come around to what we really want to do.
> The problem is that Windows 11 and above (try very hard to) require a Microsoft account, because these orcas of computing want to remind you with every step that you don't own the device you bought. Hence it's simpler/better to just virtualize everything.
Then they do absolutely crazy weird things!
I recently got a new laptop. My account is `adavis@<domain>.com`, my user name on my old laptop using that account is `adavis`.
What did Windows 11 do when I create my user on laptop. Oh it makes my user name `adavi`, yes it truncated my username.
After scouring the internet, trying a few different things to rename my account to no avail, nothing worked! Until I found a command to bring up an account management window that looked dated to the win 2k era ish (and can't be found via any settings window). It allowed me to create a local account with the name `adavis`. I then logged into it, deleted my `adavi` account then was able to associate my new local account with my Microsoft account.
Only "proper" solution is to /not/ sign into your MS account when seeting up the new machine for the first time. Create a local account with the name as you want it, and then only afterwards link it with your MS account (if you have to).
Only problem is, latest Win11 installer does not allow you to create a local account anymore at all. So you need to install Win10, do the work-around-dance, and then upgrade to Win11. I only relaized this after halway through my most recent format.
Every time when I ssh into one of my other boxen, I have to remember now to go 'SSH myname@ip' else windows helpfully defaults to 'mynam@IP'
You can create a file ".ssh/config" in your user directory, just like under linux, and inside of it put "User myname", and ssh will use that as a default and you won't have to specify it with @ everytime.
I once tried doing the prudent thing and give them an individualized email address on a catchall subdomain, now my user name on Windows 11 is "win10". Because why ask for a username if you have an email address, right? Might get interesting when your email is administrator@ or guest@, I don't get the impression that anyone at Microsoft has even the slightest idea what actually goes on in their schizophrenic SSO multiverse.
> The problem is that Windows 11 and above (try very hard to) require a Microsoft account, because these orcas of computing want to remind you with every step that you don't own the device you bought. Hence it's simpler/better to just virtualize everything.
During the pandemic, a key security component of our remote work architecture was to use Azure AD Conditional Access to restrict users to login in M365 apps from AD joined laptops + some Inutne compliance rules.
A weird situation was that, for a new laptop, we could not login using a domain account, as it was not joined in our domain. We also could not create a local account to join it. Not sure how IT solved that.
Windows 11 allows for the creation of local accounts, it sounds like someone signed in with a azureAD account (work email) joining the azure AD basically drops a lot of default policies on the machine, one of those is disabling local admin.
They can either remove that policy from their azure AD, or remove the machine from the azure ad.
Or update their policies to allow for azureAD joined machines.
No, you're not. Specifically, unless you configure things juuuust right, then the alt-tab behavior and the taskbar/dock behavior is different. Not a show stopping "bug", but let's not pretend it's entirely workflow transparent to use it from Chrome.
As someone who has to do that (one work account with my company, one with our customer) the UX is miserable. Notifications work sometimes, delay can be significant and I don’t trust the auto-away feature when Teams run in a browser.
Multi-accounts are really painful with most chat clients I have encountered. It sometimes makes me miss e-mail where the inside/outside distinction doesn’t exist.
Browsers have come a long way in this regard, you are right. Even before containers, I love having a ff profile for work and one for personal stuff, they are ultra portable too.
This doesn't work perfectly well if you are on multiple calls at the same time.
Desktop Teams allows you to join multiple calls at once, and switch between them is easy.
Web browser teams disconnects you from one meeting to join another. The only solution is to open multiple browser profiles, each for different call, and then manage the 'mute tab' manually. Additionally, web browser edition has something to detect if tab is active, and will downscale / delay video stream if tab is not active. This is extremely annoying when you have meeting active on one monitor, and want to double check what is being discussed on another.
Saying all this, web browser teams at least works. Desktop one stops working because as the whole discussion here points out, accounts get mixed up. I can't join team meetings anonymously because desktop edition thinks I have an account, but when I try to login it tells me my account doesn't have Teams enabled.
Of course, the problem is that in the last 38 years [1] plenty of programs have been developed for Windows-only, especially when you have to interact with the state [2]: there are still tutorials out there that require you open a website in Internet Explorer (!) if you want to validate a tax form or whatever other trivial task.
So you think Azure is the only "cloud"-platform that can run windows? I talked about Azure not an OS, this has nothing todo with Windows, DOS or Xenix.
Yeah, this would be my preffered way as well. I dont use any MS products any more in my personal life or my own ventures but if I would, that would be the way. But this is not a global cure. This probably will work fine in a household or small business environment but there are tons of reasons why it most probably probably will not work in a corporate environment.
> Solution: run Windows in a VM, one machine per account, nuke it from orbit when-not-if something goes awry. Hundreds of hours of frustration prevented from a system that is not even able to have the same UI across all its windows.
Better solution: don't use M$ product, if you can. Despite the efforts and resources Microsoft spends in improving its products, languages, tools, they are just an enterprise company: very expensive buggy products.
this is true; they look at dollar amounts first and do not look at quality; repeated over and over by people .. and it feels nobody seems to even care.
Linux was not and is not cheap at all. Downloading it might be free, but the initial price doesn't matter compared the cost of running it for a whole organization.
We are literally in a threat complaining that the cost of Windows is wildly higher than the cost of buying a box copy of the software. So yeah, in this context Linux is free.
This statement says next to nothing but may give the impression that it does to anyone who doesn't think twice on what it actually says. OS X and OS Y both have their good and bad sides but not necessarily near similar in terms of features and execution.
It's not an argument not should it be used as such.
Microsoft's dark patterns philosophy and how that translates into real-world user experiences is the worst I have ever seen. And since they are implementing these dark patterns into the OS it has the potential to make using Windows very difficult. I understand that, with knowledge, you can get around that.. But I dont see why anyone would want to any more.
Apple is really bad too, but there not as bad in the dark patterns market at least in the OS. But they are way strict with their walled garden approach to everything so I wont support them either.
Linux can be buggy at times, but I feel much safer using this OS then I do Windows or MacOS because Microsoft and Apple don't really seem to care to much about the ramifications of their end-user hostile decisions.
What are the ramifications of apples “end-user hostile decisions” aside from the walled garden on iOS? And having to click security -> run anyway for unsigned apps?
I think how their approach to usability and security actually translates to a lack of user-freedom. We had a discussion recently about activation lock on hackernews. On paper and in the world of security, its a great mechanism to prevent theft. But it also causes friction for device re-use with people that don't understand they need to decouple their online identity from their device, this has a negative impact on recycling. It also seems like Apple wants to herd people into purchasing new devices sooner than they should, when the should be doing all they can to make devices last.
This is also related to trying to control the circulation of replacement parts by attempting to force independent repair centers to regulate how parts are distributed. Apple takes more of a "You don't know what you are doing, so we have to guide you in the right direction" approach that doesn't sit too well with me. Apple can be wrong, a lot, about how their decisions effects people's freedom to decide how to implement there own security and ways of retiring devices. Apple should be in the business of making hardware and making it usable. Not being a parent, deciding how people are going to use and secure their devices. Maybe leaving that to an impartial organization that works with apple. Too many conflicts of interest for me.
The lost hours are totally invisible (most companies wouldn't even allow you to report them. they don't WANT to see them) and the alternative world without lost hours with more productivity can also not be imagined by those in charge.
For all it's terrible bugs and login issues, is there even alterative with similar functionality that would be as "user friendly" (as in: non-tech people would know how to use it as well as they use Microsoft garbage?).
I literally can't think of any alternatives that comes close in functionality OR has the same ease of use for non tech people and wouldn't waste even more time.
I think Linux + Wine should be fine for most people (with a little guidance, of course).
ReactOS isn't stable enough even in a VM right now – but the progress is nice, and I hope it will be a viable alternative for embedded applications (like ATMs or factory automation stuff). Maybe consumer use one day, too?
Mac is not an alternative functionality to: Teams, Outlook, MS Office, etc? It doesn't solve the MS crappy auth system, it doesn't give (large) businesses the same functionality that MS is giving them.
On the Mac, you can use those MS products without it taking over your user account.
You can also use any of various other products that compete with them (Google Apps, iWork, Zoom, etc).
Just because MS makes a specific package that businesses like doesn't mean that they can't use something else if MS is becoming more of a problem than they're worth.
I am a linux guy, always have been. But when I went from a Windows environment company to a Mac company I was absolutely shocked by how much less work I had to do with Mac to get everything working. Authentication, logging in, slack vs teams, just everything worked so much better.
Enterprise IT is conservative and full of strange politics that make it really dangerous for an admin team or it department to stick their head out and do something independent other then follow the "mythical industry best practice" and MS is extremely good at manipulating what gets considered "industry best practice" to their advantage and then give just enough discount on the more visible parts of the costs to look cheaper.
And it's a open secret that individual employee productivity don't matter all that much in the kind of back end work where a PC was ever a feasible tool, as what really counts for profitability is the non-pc using frontline staff's productivity, who is far more likely to be issued either no computers or mobile phones or tablet then wintel laptops.
Is moving a personal account to a different country an insanely obscure edge case?
Because I tried to do that recently with O365 and I literally couldn't move my subscription without killing the old one and creating a new one.
Every other software service I use somehow managed to make it easy: fill in the new billing details. Done.
But not Microsoft. Billing and fulfilment details are on different pages, there's no obvious way to get from one to the other, and if you want to change country you can't.
I have literally received (temporary) work visas for other countries, travelled, etc etc with greater ease than moving some online accounts I have (Apple).
Even having physical copies of The Economist follow me, with the same subscription, was easier.
I’m blown away by this. I’ve come back to a full MS stack after years away and it’s grim. Machine shave to be restarted once or more times per day. My personal MacBook is restarted every month or two. I used to moan about Apple’s software quality, but maybe we are actually in Isaac Asimov’s accelerating decline to a dark age.
Not to support Windows, but what are you doing that requires restarts multiple times per day?
I leave my personal Windows 10 desktop running for about a month at a time so I don't have to reopen 5 different windows and arrange them across three screens for uni work every evening. It works fine.
Mind you, if it was a Mac I'd not even have to reopen or arrange them after restarting the machine - they'd still be there. Although my work Mac loves to randomise which display gets which windows and desktop background... And randomly pan all bluetooth audio to the left ear once a week. I guess all OS's have their issues.
> I leave my personal Windows 10 desktop running for about a month at a time
My Win10 Home desktop downloads updates when I'm not looking - and sometimes when I'm actually using the thing - and then reboots all on its own. I have no control over this; there have been occasions when the reboot has happened while I was working.
I've been using this method for years and it works great. It uses a windows debug feature to launch cmd instead of the reboot scheduler. You never see the cmd window, as it's launched by SYSTEM. This prevents Windows update from scheduling a reboot, otherwise the system function as normal. You do need to reboot periodically, but now it's on your schedule.
> what are you doing that requires restarts multiple times per day?
Outlook, Teams, Chrome, COMRAD (radiology RIS), Spotify and InteleViewer (DICOM viewer). Without restarts Spotify stops working, the software loses track of what day it is (it assumes the day prior) and things get slow or unresponsive.
Maybe it’s the software and not the OS. I run all those except COMRAD on a Mac ok though.
Mac and multi display and window location is a special hell. My father is a heavy Photohop user and palette organisation is a daily battle with multi screen. When screens wake up windows and palettes reorganise if the system detects one screen and not two briefly. It’s a big drain on productivity.
Yea I dont support Microsoft either but I do have to run it on multipule machines for work and I don't need to restart unless to switch into Linux. It sounds like one of your apps has a memory leak or something. Do you check task manager for resource hogging?
We have 80k Windows users we have to force to reboot every couple of weeks to make sure updates to all the software take (yeah...that's a problem but a different problem). If you're rebooting once a day, you have problems other than Microsoft.
Because as someone who has done support for a 28000 person organisation, 27500 of which are using mostly Microsoft products on windows for 90% of the time and 500 of which are using Mac or Linux and doing other stuff I can tell you that at least 50% of the security incidents and second line support issues came from those 500 users.
As I said they took up about 50% of the second line support capacity for the entire organisation. So yes they were properly supported, unless you want a dedicated tech to hold the hand of every exec, dev and bioinformatician.
Or the technical infrastructure doesn’t support them well. Or the support team doesn’t know MacOS or Linux, so it becomes a lot harder to provide support. There could be many reasons.
MS makes it very easy to secure and admin at massive scale. You can roll out policies and updates to hundreds of thousands of machines with like 1-2 admins, and the other 8 IT people manage 200 Linux and Mac machines.
They also make it really easy to screw things up. I work at Microsoft, and a few weeks ago they rolled out a botched group policy change for our whole org that somehow deleted all O365 apps and Docker from most people’s machines. The best part is you’d try to launch, say, Excel and you’d get an error about it being removed for being possibly malicious.
Oh, so it's not the users at all, it's that you have tools to manage Windows and didn't set up tools to manage anything else even though they exist; like a Linux admin complaining that Windows is unmanageable because ansible doesn't work well on it.
You're maliciously misunderstanding. The tools available to manage Windows are simply either much, much better, or much better value.
And everything just works out of the box with like... 3 lines of PowerShell.
You can replicate some of it with Ansible, sticky tape and a few spare weeks, but it's not the same at all.
I'm actually Linux admin, grew up with open source and spent my career serving pages and automating myself out of a job. I dislike Microsoft as much as the next guy, but for enterprise use they are _next fucking level_.
While it is entirely possible the problem here is those execs, devs and bioinformaticians. There do seem to be many other common factors than the macs here.
Maybe they all need nonstandard software? God forbid, maybe they need administration permissions, but the org doesn’t want to give it to them, so they end up calling in every other day to get something unlocked (I know that’d be true for me).
Maybe it’s the problem solving skills of the IT team when it comes to mac, so people keep coming back with the same issues (good ones are Outlook/Teams being permanently broken, or VPN not connecting).
On the whole, I’d steer away from any explanation that would require all 500 mac users to be idiots.
This seems like a clear case of selection bias. People with Linux and Mac are probably devs and technical people who will obviously utilize a much broader range of functionality of their machines and thus encounter more edge cases.
A few years ago, there was a video game developer who pointed out the disproportionate number of bug reports that came from their Linux players, and how grateful they were for it. The majority of the bugs reported by Linux users were not Linux-specific, and frequently had detailed descriptions of expected via observed behavior, exact steps to reproduce, core dumps, etc. Because the bug reports were coming from a group who is used to making effective bug reports, they could be used more effectively.
Try and talk the C-suite and Accounts people at $NonTechBusiness into using LibreOffice or Google Docs instead of Excel and Outlook and let me know how you go.
Have you tried the competing software in a business environment, it is pretty easy to see why MS productivity software dominates.
For like $12/u/month you get full web and desktop office software, MFA, and AzureAD, which you can use as a SSO indentity provider for free, for one lisc that cost $4/m you can then make use of conditional access policies that give you massive options over how you manage an access all aspects of the tenant.
They now are giving teams (slack knockoff) a free dialing number so it now can be used for phone conferencing without non-organizational people.
Onedrive gives you 1Tb of syncable storage per user, and 1TB per user pool for shared office resources.
I spent years as a google apps advocate, but seriously for the money, no one touchs what MS is offering right now.
Google had MS hands down 10 years ago, and let google apps die on the vine. It is a damn shame too, because they were the only ones that have anything comparable.
Having just been put through the switch from google apps + slack to the full ms365 suite including teams I have to agree and disagree.
On paper microsoft absolutely has the best offering. The ms365 suite has everything anyone could ever need. But, in practice it feels more like a downgrade than an upgrade. Teams does everything, and all of it just as poorly. Office does everything, but the web version and collaboration features are so far behind google they are not comparable. Sharepoint and onedrive seem superior to google drive, but in practice there are many papercuts and people struggle to understand where to put documents and how to properly share them.
What microsoft seems to lack is caring about user experience as they slather feature layer after feature layer on top of their products. What google seems to lack is incentive to actually meaningfully improve their product, because I couldn‘t tell you a single meaningful feature they added to g suite over the last five years.
> What microsoft seems to lack is caring about user experience as they slather feature layer after feature layer on top of their products.
That's the problem of selling something to the supervisor and not the actual user. MS has had that corporate world as a cash cow for three decades now. They don't care about the end user they just care that their product looks better in the slide that compares it to the best alternative.
Can you give more details on the "1 TB per user pool for shared office resources"? I always thought there was a user-level limit of 1 TB for OneDrive, and a organization-level limit of 1 TB + (10 GB)*(number of users) for Sharepoint.[0]
And I've never found any documentation as to whether shared OneDrive folders count against the owner's quota, all of the users with permissions quota, or the sharepoint quota.
Firstly this is complex, it depends on what plans and tiers you have, your resell partner, and what region you are in.
But the basics each user gets their own quota of 1 to 5tb,then there is also a shared quota (share point, Ms group storage, powershell online environment, dataverse, etc... ) of 1 to 25tb + (x size per user) the size per user depends on a multitude of factors.
I did not mean to imply that users limits are connected to the shared pool, it is in addition to the user quotas.
> but seriously for the money, no one touchs what MS is offering right now. Google had MS hands down 10 years ago, and let google apps die on the vine
You're right, for the money MS gives the user a lot of fairly crappy products (other than the office desktop suite). Google was positioned to own this, and they let is drop. It shows what it means to be a product driven company (MS) vs. whatever Google does nowadays (milk search ads?).
There are teams of people in MS whose only job is to think about how to package something for sale. If Google had a single person doing that they would have beat Slack before it got huge, and could have owned office collaboration software as it all moved to the web.
I am in a position at $dayjob where I have been mandated to find savings wherever possible. Currently a Google workspace company, I absolutely loathe Microsoft's offerings but after doing my due diligence there is no way I can avoid recommending migration. The pricing is just too good even with the warts, and the extra features are things we already need.
Fuck teams, though. I will leave this company before migrating Slack into teams. Actively recommending that product is nothing short of professional negligence.
They have actually made a lot of improvements to this process recently allowing for multi tenant login in a single browser.
If you use firefox, you can use each other the container types to host different login accounts, it makes it easier than switching between private windows and doesn't require you to enable extensions on your private tabs
I just want to point out that this entire described scenario, by a company with decades and decades of security products being shoehorned into "just good enough" cloud infrastructure....
Sure the security folks will say hardened infrastructure with fine grained least privilege is doable ... if you're at greenfield ... maybe. But the issue with lots of IT orgs is that they are MESSY, and fine grained least privilege is fragile. Messy + fragile = not good things.
I agree with least privilege as an aspiration, but security is a top-down authoritarian entity in organizations, and fundamentally they don't care if their policies disrupt your daily work process. IMO this is because most security orgs don't provide solutions.
Specifically, by solution I do not mean "picked an enterprise security product bam we have a solution", I mean you have a security architecture and then have the people with bandwidth to help boots on ground devs get the job done quickly so security isn't a blocker).
I mean, this sounds to me exactly like what happens when trying to mix normal Google accounts and Google Workspace ones, especially if the admin enabling all the service is not yourself. It's not just Microsoft, this is a problem all these service providers have because they can't cope with hybrid use
With Google you change the ID in the URL and you're in whatever account you want. All the urls usually have /u/<id> where ID starts at 0 with the first account you're logged in into, 1 the second etc.
I've got a number of Google accounts, two work ones (associated with different domains with distinct permissions and access to things, using drive, gdocs, Gmail and GCP with both) and a number of personal ones (some of which are associated with a Google workspace that I use for email under my personal domain) and it all works just fine for the most part. Groups and GCP console can sometimes get stuck on one account but Chrome with profiles can side step that one.
Doing the same thing with MS accounts has been an utter nightmare by comparison.
This is obviously done on purpose. In the same way that Google ties users to Android devices when you add a Gmail account, MS takes every opportunity to assign their online account whenever they catch you off guard (installing a local Teams app instead of joining through the browser, signing into Minecraft at your school etc.). At this point you need to go through all the steps of dissociating your account from these devices. Sometimes they will reassign them after an update, so you need to watch out.
For that reason I never use MS online apps on my private devices and whenever I need to sign in online, I always use the private mode or a dedicated Firefox container.
Although I agree that companies (Microsoft, Google, etc.) deliberately seek to authenticate you across the web, I do not think that the general mess with Microsoft authentication is on purpose.
It looks like generations of implementations (and likely generations of product management and development teams) layering on top of each other, "replacing" the "old" systems only to do the half of it, and integrating with acquired products.
Seen from outside, it just doesn't look like there exists a single team that understands the authentication and permission system end-to-end.
> I do not think that the general mess with Microsoft authentication is on purpose.
Microsoft has been dealing with online identity almost since the consumer web exists. MSN launched in 1995, Outlook was the poster child of webmail, ActiveDirectory is the behemoth of enterprise user management.
I don’t see Hanlon’s razor relevant when it’s on one of their core competency. They at least committed to throw part of their users under the bus to pursue their goals.
In my case, my personal and professional Microsoft addresses are the same (same email, different accounts) which means that in many cases I end up in impossible situations when the login screen doesn’t correctly guess if I want to sign in personal or with my “work” account. I also do client work for organisations where I need to sign into their O365 and honestly the only way to manage all that is to keep a dedicated browser “per account”.
Teams is a different story, I avoid account switching because exactly like you describe, sometimes I need to uninstall it in order to sign out.
If you go to live.com and click on the hamburger icon at the top, then under 'Apps' click on the "To-Do" app, you will be asked to enter the password for your work account, even though you are on live.com, not on office.com, and you are currently logged in with your personal account.
The only way to get past this is to click "use another account" then log in again with your personal account (even though you are already logged in!!).
Same on Gmail. I’m not logged in on my private account as I don’t use it anymore, but it always suggests to log me in on the private account when accessing, even though I am logged in on a corporate account, which is the only one I’m actively using at the moment. Silly.
I don't get your scenario but I have to say I never had any issue with using multiple Google accounts on the same browser. I used to have 5+ accounts logged in at once (personal + work + school) and it always worked flawlessly, switching between accounts was always a breeze using the drop down menu on the top right, and not just for Gmail but any Google apps. Microsoft on the other hand gave me endless issues when trying to use just 1 personal account and 1 work account on the same browser.
First mistake is using any of the Microsoft knock off services whose primary purpose is to trick “deciders” in the C-suits and in halls of bureaucratic hell that can confirm that the box for things like “to do” functionality is checked on their list. Every single Microsoft service, including email, several decades later, is still deep into subpar.
I agree. It is surprising that we don't see similar issues more often. It is *so* confusing to both users and the developers, to the point where it's too easy to make some naive mistakes. And it is one of most critical parts of the systems!
It’s much worse than just auth too. Microsoft’s security policy around email is so bad that using Office 365 email should be considered a security problem.
They’re actively enabling phishing because they choose to rollback standards support.
Because of a quirk of my employment, my AAD account was deleted and recreated, which means I now have two Azure DevOps accounts with the same email, one of which is unlicensed (and not attached to an AAD identity). It is fairly random which one it tries to sign me in with, and every once in a while clicking on a link in ADO will sign me out because it got confused about who I was. It’s insane, and there’s no way to nuke the old account.
I have the same issue. I’ve had a support call with an engineer about this and they have no idea how to fix this. If you sort the user list ascending it lists the one account and if you sort descending it lists the other. So changing the sorting should at least show _some_ license.
My son has a personal Windows 11 Lenovo laptop and he is signed in with his personal Microsoft account. The laptop went away for repairs because the touchpad no longer worked. When it returned, it turned out they replaced the main board so the bit locker keys needed to be entered again. These are typically stored in your Micsosoft account only they were nowhere to be found. Some help article on the MS website explained that sometimes it could happen that the keys are migrated to a school account. He only ever used his school account from the Teams app. Sure enough, the bit locker keys were there!!
If he would have graduated or otherwise no longer have access to his school account, he would never have been able to recover the drive. Of course he has his important files in cloud storage anyway but it’s very annoying nonetheless
All this discussion makes me glad I'm sticking to local logins for the Windows devices I still have to use. Once that option is gone, I guess that's the end of Windows on my devices.
Yup, Microsoft can't even keep straight their account management, yet they are insisting on depreciating the local-only accounts.
I strictly use the local-only setup. I'm sort of OK if they still leave a relatively trivial backdoor to do this, but if they ever flat require an online account, I'm out, hard.
This is partially due to wanting to avoid the hassle and management of yet-another-forking-online-acct-IDGAF-about, but also because I have some machines controlling industrial processes (CNC machines, custom cutting machines, etc.) that I keep entirely off any network for security & safety reasons (yes, moving anything to/from those machines is all sneaker-net; simple, works, and my shop doesn't yet have the scale to justify that kind of networking/security/admin overhead).
I just hope that MS engineering is not stupid or powerless enough to allow MS marketing & MBAs to fully kill off the local account.
This entire attitude of exploiting customers by requiring spurious internet accounts & connections is making me start to think that the Internet is all a huge mistake. If that approach takes over, the world will literally be worse than before the Internet in every important way (and there are some solid arguments that it already is worse).
You already need to open the command line and disconnect the internet at just the right moment to be able to install windows 11 without an account. You can't start without an online connection, so it's not as as easy as just airgapping the install from the get go (at least on the normal ISO provided by microsoft). I like windows but that was extremely annoying when I needed Win11 in a VM.
Primarily because the CAD app I use (Rhino3D) doesn't have a native Linux version ('tho it supposedly runs on WINE), and the CAM software doesn't seem to have anyone running it on Linux.
Plus, at the outset of another startup, we decided to go Open-Source everything, and tried to setup a real-time version of Linux and the CNC control software. All of it supposedly up and running with only a few dozen steps to setup in the people supposedly running it. Despite decades in networking and a bit of Linux experience, I quickly got swamped in the massive undocumented bugs in setup/config/complile, and brought in a guy who had a full-time Linux shop, and who I knew from working with him previously that he was very good. He thought 'it's a new version, but no problem'. A month later, we still had nothing running and the investor/partner pulled the plug. So the swamp of poorly-documented / undocumented / mis-documented hiccoughs literally killed that startup — death by 1000 cuts.
Sure, it is probably better now, 15 years later. But so is this environment, UNLESS they tie it to another online acct.
So, basically, I'm pretty much now in the business of slinging atoms instead of bits, and the overhead is no fun, and just not worth it (yet). Plus, the overhead of working around the MS carp turned out to be pretty small. Just disable the Wireless at the right time in the W11Pro install (I think it is worse in teh Home version).
Games are the main reason for me. I want max performance on my high end gaming pc and I want all the things to just work, including 7.1 surround sound (and atmos later) and HDR and gsync and all my accessories and all the anticheat etc.
I know valve have done great stuff but is it good enough yet to run everything on a AAA game on 4k ultra with hdr, gsync and 144hz?
I left windows for ps4/5 and mac a decade ago but have been toying with the idea of a beefy proxmox server with pci passthrough for a nice windows gaming setup which going by LTT videos is more then capable enough to run AAA game. It’s still windows but at least it’s a vm and your hardware can be shared with a primary Linux desktop vm etc
Not yet at all anticheet just working but you may be surprised. Where Wine works it can even give higher framerates; rarly lower. Whilst I am sure some accessories are better in windows; an old gameport Sidewinder (ms hardware) works better in Linux.
HDR no (although it's progressing). 4K Ultra, gsync and 144Hz on a AAA game, yes. Anti-cheat is going to continue being a problem so long as Microsoft allows these kernel level things and devs keep doing it.
The internet was not designed to deal with money, or security. The internet is designed strictly for information transfer from one place to another with extreme efficiency.
At that, it still excels and is no mistake. The problem is all the people using it for money.
Someone said a long time ago that "The love of money is the root of all evil".
I'm not a follower of any particular religion, but that guy sure got it right on that point! Also, the only time he was recorded being violent was when he kicked the money-changers out of the temple.
How do we kick out the money-changers from the Internet?
Back to the roots of info transfer... it seems the tagging devices+apps tell us that we have achieved critical mass of node/relay density for an underground mesh network to work, if we can get enough people to run it . . .
I have no solutions, I'm not even convinced that my statement really encapsulates the problem in a real way. Humans are very difficult. I'm reminded of that speech made by Hugo Weaving's character in The Matrix, about how the original matrix had been very utopian, with everyone living happy and harmonious lives, and the subjects rejected the illusion on a deep enough level to break it. I don't think one should look to Hollywood for good philosophical thinking, but I think he was onto something there.
If I could make one law get passed, I would outlaw algorithms on social media feeds (edit: and search engine results). Let them collect the data, let them target ads. I don't think those things are inherently harmful, or at least, no moreso than the old ads and surveillance.
But the seizing and algorithmic manipulation of the feeds, with the accompanying incentive that the whole thing fails if it doesn't turn a profit, is far more toxic than the gatekeeping of the old media emperors. The great promise of the internet in the 90s was that consumers of internet media would have complete control over our feeds, and get only the things we want and demand.
We have received the exact opposite, because people with money want to put their money to work, rather than work.
It makes me glad I fled to Linux years ago (after a Windows 10 forced, behind-your-back-after-you-locked-your-computer-and-walked-away-thinking-you-wouldn't-notice update restart made me lose some homework) and never looked back. ¦)
That happened to me as well[1]. Exact same reason why I switched to Linux. It took Windows 11 forced online accounts and an integrating one-drive into the OOBE experience to finally wake me up.
This is the main reason I switched to Linux[1]. Online accounts, that are not in your direct control, shouldn't be connected directly to device sign-ins. Changes to the account, or the details of the account can cause loss of data and the ability to sign-in to your own device.
They are pushing more and more people into the perception of renting a experience rather then owning a device. Its great money for me to help people figure all this out though.
Your article resonated with me. The last straw for me was when MS Edge signed me into itself without my input or permission. I don’t know why that was the last straw but I just felt really violated by that. Thankfully Linux on the desktop has come really far. It truly is a breath of fresh air.
You can also backup your Bitlocker key to an USB-Stick or external HDD. When installing Win11 they even ask you if you want to back it up on your MS-Account or an external device.
security is getting to be worse than what is protects against. its a daily bane, especially for work stuff as everything is locked down extra hard
they tried to simplify it by tying everything to yubi keys, but just this week some things stopped going to the yubikey and wanted me to auth on my phone like we used to instead.
Letting an organization grab control of resources that do not belong to it, without the consent of the actual owners of those resources, is not "security".
>>Of course he has his important files in cloud storage anyway
So MS's defective key system is pushing people to keep their files in the MS cloud? When a defect in one product pushes users towards are more profitable/addictive product, that isn't a defect. It sound like the plan to keep users hooked into the MS ecosystem is progressing nicely. Once upon a time it was Apple getting its hooks into users while at school. Now it is MS.
Does one still need an MS account to play minecraft?
"... Of course he has his important files in cloud storage anyway but it’s very annoying nonetheless ..."
That doesn't sound reassuring if the cloud storage is, itself, Microsoft connected ... or even using auth/login mechanisms that connect to the Microsoft account.
So good luck with Google customer support when Google's algorithms decide that your login attempt is suspect or your usage violated whatever terms of services they might have buried in their legalize.
Bitlocker is such a freaking user-hostile mess. I know what I'm doing with it and I still screw it up - I have no idea how non-technical people are supposed to have any idea what's going on. They're either totally unprotected or constantly at risk of losing everything even with professional help.
Using Edge (Microsoft flavored Chrome) and the account personas will let you keep these M365/O365/Live identities separate, in the same way Chrome does a first class job of keeping Google Accounts separate.
Arguably, if you're one of the 85% of SMBs in O365/M365 instead of Google Workspaces, or if your "Login with..." personal account is Microsoft instead of Google or Apple, you should be using Edge.
It’s not just MS, auth is a mess everywhere. Everyone wants to own your identity and we’ve ended up with an insane web of trust.
The many standards around identity management makes the web more complex. Most of us have many identities and we end up with a multidimensional web of tokens and cookies.
I think at some point something will have to give. This seems like a space where some more provider consolidation or collaboration would help.
Security is so important to get right, yet too easy to get wrong.
After spending three months trying to migrate legit accounts to MSFT Auth, I agree with this comment completely. Their account migration approach is broken from the start, but more importantly, there is absolutely no customer support. What should have been a 5 minute phone call turned into a 3 month long chat and email nightmare, with multiple support reps telling me there was nothing they could do.
Apple is not really any better. God help you if you accidentally lock your Apple ID, you will be subject to a month-long wait before it can be fixed. Why that long? No idea. Nobody at Apple has any idea why it couldn't just be 2 days, and they will frankly admit to you that it makes no sense, then spout some meaningless 'because of GDPR regulations' nonsense that has absolutely nothing to do with GDPR regulation.
You have only seen the tip of an iceberg. Try working as an IT-consultant. You have a half trillion different accounts. You can't work in multiple spaces while using the app. So you have to use a browser. Then, the problem is that you get logged off more or less instantly if the tab is not active.
We also have some (a lot) problem with Teams, to the point that I started recommending my colleagues to use it from a browser and nuke cookie and other data every time the authentication stopped working.
Basically when we login we need to use the "personal account" but sometimes it will not ask what account to use and automatically choose the wrong one, and once it gets stuck in this state i didn't find a way to fix it.
This gave me flashbacks I was happy to forget about. Microsoft's SSO is nuts, at least with the browsers I used at the time. Might work better with Edge.
Unfortunate, it sounds like a mess and a half. Does any one know. If I found myself in the same situation would creating different windows accounts, one for each teams/azureAD account help keep them separate?
I gave Atlassian my school email address as verification that I worked at a university to get a free Bitbucket account. Ten years later, they not only locked me out of the Bitbucket account and gave access to someone at the university, and then refused to tell me what they'd done, they also gave my Trello account to them.
The thing about the Trello account is that I used a non-school email account for that. I never at any point gave them information about my school account. I opened the account on the day Trello was announced, when they didn't even have paid plans. I'm guessing they were able to link me somehow, and they used that information to give my account away.
Clearly Atlassian is not a company that should ever be trusted with important data. In my case, if I had any information about grades in my account, it would have been a violation of FERPA. You can't casually hand out that information to random strangers.
I had similar problems with Microsoft's accounts starting with MSDN many years ago. What I do now is creating a new email account when I need to access Azure on behalf of a client.
My kids' school and high school use Teams for some stuff. I have to use it occasionally for work too. The thing is that's nigh impossible to simply log out as one user and back in as another, so we have to take a lot of care of who used this or that device last.
And don't get me started on the nightmare that is dealing with Minecraft accounts older than the Mojang acquisition.
It's not only Microsoft. Trying to subscribe to third party stuff like Just Dance on the Switch is a kafkian experience that I couldn't solve. My daughter is angry with me for giving up.
My son gave me a hard time for Valorant secure boot requirement on Windows 11 (but not 10). As a triple boot user (Haiku and Linux), secure boot is a no go on my box, since I reboot frequently.
I assume most anti-cheat systems will sooner or later require Secure Boot and TPM, which makes a lot of sense. Additionally, it's more secure to have them enabled, and similar solutions have been used on iOS/Android/macOS for a long time now.
Many Linux distributions have signed bootloader and kernel, to support secure boot, but otherwise I think you could either add your own signing keys for the Secure Boot, or chain either Linux or Haiku from a signed grub bootloader.
I'm assuming "deletion of your data" only includes any information that might be associated with the school... hopefully not the rest of my Microsoft account!
Whenever I see such a serious warning, I will almost always take a long period of consideration before proceeding. Remember that you're dealing with a company which acts like they believe you shouldn't own your computer. If a company with that attitude believes they should warn you about something, it's certainly serious.
It's infuriating too because they're foisting the burden of queuing / testing a backup onto the user and across the entire user base it's probably a massive amount of wasted time.
Also, Microsoft's UIs are filled with misused terminology. They use create, open, add, (delete, close, remove) etc. interchangeably. For example, in the OWA the process for removing a calendar you don't own is called delete.
Since most of the relevant training data is likely to be punters kvetching about Microsoft, it'd be amusing to see if this would propel it into an angry rant about its boss.
I may have jinxed it; the other day i was thinking how impressive it is that Microsoft handles their decades old AD/azure/live/xbox/etc auth systems and that they all work together well.
In this case, is there another company with a similarly old and complex auth system that does exemplary work?
Am I missing something or where is the part where he contacted the school or spoke to his daughter about it, _before_ writing blog posts and getting on Twitter?
It's strange to me to take the discussion like this to public forums before talking to the people involved. It could be his daughter "gave" it to the school as an act of generosity for example.
It happened during the weekend, so there is none of the school administrators to help with - but that's not the worst. Such behavior should not be possible and his daughter should not be able to grant such permissions either. The school =should= know it's not a kid's account to begin with. None of the blame should be attributed to the school but Microsoft - there is no feasible way for the person to reclaim his account.
The solution is definitely to find someone in the school IT who can help unravel this mess.
But the fact that it's even possible to reach a failure state like this is still worth public discussion. You're probably right, odds are his daughter hit "okay" on some screen... but it shouldn't even be possible to irrevocably hand over the keys to a private account.
489 comments
[ 3.3 ms ] story [ 383 ms ] threadWhat freaking organisation is always my response; I've never been able to figure it out.
Additionally, go to Accounts in Settings and double-check that you're not logged into any "work or school" accounts.
The one thing I can't stand is that if you log into a non-personal Microsoft account in an app, there's a dialog that is very confusing[1]. It asks if you want to use that account everywhere on your device, but there's a box checked by default to let the organization manage your device, a button that says "Yes", and what looks like a hyperlink that says "This app only". I always uncheck the box before clicking "This app only", but I wonder if keeping that box checked would still enable organizational device administration. It screams "dark pattern" to me.
1: https://i.stack.imgur.com/gmp00.png
---
Just to add a tip for others: If you want to use Edge for the Windows optimizations and PlayReady support for streaming services, but don't want to deal with all the annoyances, you can disable many of them via Group Policy[2]. For example, you can disable the "Search Bing in sidebar" option that shows up in context menus[3] that I always seem to accidentally click when I'm trying to search for something I highlighted. I also use Group Policy to set the default search and homescreen settings because then it won't annoy you with the recommendation to set it to Microsoft defaults every time it updates.
Firefox is my main browser, but I use Edge for streaming Netflix and the like because I don't get 4K playback via Widevine. It annoys me because Edge would actually be a great browser if the Bing folks weren't constantly trying to shove things down my throat and filling it with dark patterns.
2: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-...
3: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-...
Windows is full of dark patterns, so I don't really know why I had even a modicum of doubt.
Between the aforementioned dark pattern with the buttons/not-buttons (they didn't even bother to vertically align "This app only" and the button), the not-a-question "do what we tell you" phrasing, the blank title, and a dialog that's overall around twice as tall as it needs to be, it seems recent Windows is unfortunately full of user-hostile and also disgustingly amateurish WTFs like this.
Very random example: SharePoint has a MS Word integration - you can open a .docx file from there, it opens in Word and you are actually able to edit the file on the server as if it was on your computer. At least in the older on-prem versions, this actually used the Word installed on your computer, not some web version. If you used a custom authentication provider, a little browser opened within Word and you had to log in there. But Word needed to "trust" the domain. On a personal computer, you could just edit the trust settings in some Word menu, yet the error message still said "your organization..." if you didn't.
This is a great thing for small startups, else we would only have a single huge corporate conglomerate doing everything with cutthroat efficiency.
Add to that various attempts at fixing problems, adding features, partially removing unsuccessful features, supporting old systems, framework/library migrations in various states of completeness, different developer's ideas of how to do things, and that rockstar developer who wrote really obscure code and then left to grow pomelos, and you have an incredible mess without even having to bring in company bureaucracy.
I’ve been in similar scenarios — the switch directory or switch organisation technique usually worked for me - but wasn’t enough for this person.
They never really give you enough information to tell what’s going on… maybe it’s a security risk to have consumers who are anything other than bewildered Kafkerian characters struggling against a faceless bureaucracy? I suppose we should not question their wisdom and be thankful that we can log in at all.
Atlassian manage to make it even more confusing than Microsoft. So there’s that.
“Warning: You are about to login to Microsoft Atlassian Fogbugz Trello. Have you cleared sufficient space in your calendar, notified your next of kin, put your affairs in order, and taken your sedatives?”
It's once your sessions start expiring or you're trying to use the other services in meaningful ways that the journey begins.
We, as an Atlassian plugin maker, chose GitLab internally, and Notion, both because at least it was properly integrated and didn’t have the awful Atlassian ID and switch between apps…
Realms is still in some kind of half subscribed, half not subscribed state and it still asks for my account's PIN for purchases but actually only accepts my kid's PIN. And every game warns me that my setup is questionable (store account doesn't match game account) even though it's exactly what Microsoft tells parents to do. Even Microsoft's own Minecraft app complains every 30 days!
I suggest this area for any web2 bug bounty hunters looking to make a fortune.
Also parental controls seems to suck in general on most services. Nintendo Switch seems to get it right for the most part.
I have no idea where to report the issue to (Microsoft store? Minecraft support? Microsoft Windows support?), and having dealt with Microsoft support in a professional capacity I know that even if I do figure out where to report it that they will waste weeks of my time asking me to explain the issue and then claim it's working as designed without understanding the problem at all.
That's been a thing for a long time. I hit it when trying to share games with child accounts. IIRC, the high level process was:
At that point when the child tries to buy something via the Windows Store it should be asking for the parent's PIN, but accepts the child PIN. As far as I could tell it was authenticating the parent account with the child's PIN.When I ran into the issue, I could buy anything I wanted with the child PIN and it bypassed all restrictions.
I was so surprised by the way it worked that I spent an entire afternoon testing it. I got a prepaid credit card, set up fresh MS accounts for the parent + child, set up a clean OS install, and recorded everything using VirtualBox by using the on-screen keyboard to show the PINs.
At the time there was a bug in VirtualBox's video recording that caused it to record random garbage and I got so frustrated that I set it aside and never went back to it.
It seems like an auth bypass issue to me and it's been a problem for over 7 years. It's been around so long it's even made it's way from an unofficial blog into official MS docs [1]:
> As of Dec 25 2015, there seems to be a bug in the Windows Store sign in process as it may ask for your PIN code but it actually wants your family member’s PIN code. That is, at least at the time of this writing, use the PIN of the signed in family member even though it asks for your PIN!
1. https://learn.microsoft.com/en-us/archive/blogs/henrikn/shar...
And MS login for work is a complete shambles. I have to do a tactical login to Outlook with a different work account to switch login when I try to use Azure as that's the only obvious way to move to a different org account. It's horrible.
I would frequently have to reinstall on PS5 to get it to boot, it would lose purchases constantly, and there is no cross play for mac hilariously because Mac doesn’t have a bedrock port, despite it having “Minecraft for education” which is based on bedrock.
Microsoft turned Minecraft into a steaming pile of garbage.
To any MS/Mojang folks lurking,- great game but the authentication merge was an unforced error.
FWIW, I had the same thing happen and found out the ban reason was "fraud (please insert phone number)".
this keeps everything from being comingled at the expense of maintaining all of those credentials
also, as a bonus, if you organize this by subdomain you can sort your email by it automatically since most emails from this stuff don't really need to hit your inbox
Wrong!
It's even worse! You still have to log in with some MS account, but on top it's buggy, slow, laggy, and crashed a few times on me generating the world. What a disaster.
I didn't bother porting my Mojang account to Microsoft, it was too stressful to use.
It was something like two accounts existed in the system with the same email address and one of them had permissions, but we couldn’t sign in to it and the other we could sign in to, but didn’t have permissions and there was no way to grant it permissions.
I spent several hours with MS support over a few days while they tried to sort it out, reset passwords, sign in via different systems, etc. Eventually they recommend we create a new account.
I stopped working with Azure clients, instead.
I so regret converting my Minecraft account. The old Mojang stuff was so much more reliable.
I held out for a really long time, but a friend wanted to play minecraft with me so I finally caved. If they ask me to add a phone number I'll probably just abandon the account though, and look into piracy of the game I purchased.
Really makes me consider just not playing anymore.
In what way? Does the microsoft.com login system go down often?
I guess it also doesn't make sense for them to maintain a parallel login system when the Microsoft one gets (presumably) millions of dollars of investment every year. Though Microsoft accounts are more complicated to use, with configuration being split across Microsoft, Xbox, and Mojang/Minecraft itself. And it seems they like locking people out for opaque reasons.
It was in fact super easy to just search my email Inbox for emails from Mojand and find the proof or purchase.
With MS I have 3 fucking accounts and not by choice, they bought Skype and Mojand and forced me into their super shitty system, I spent 30 minutes 1 year ago to migrate the Minecrtaft accoutn and more then 30 minutes a few weeks back to login back into Minecraft because I needed to detective my way to figureout what Microsoft account they connected to my Mojang purchase.
I hope in a few years someone leaks what greedy motives were behind this forced migrations, probably to sell more shit.
I don't understand why people think a microsoft account could ever possibly be more secure.
The worst part is that some bot years ago signed up for the X-Box account using the same email I used for the Mojang account so converting the account first required me to take over the bot account with a password reset. But the bot set the account in up German and it's apparently impossible to switch the language settings for everything. I got most of it switched over (across four completely different configuration pages), but stuff like the emails are still sent in German. I'm pretty sure my account is going to be locked sometime in the future once they figure out that it was originally a bot account and there is no chance I'm going to be able to get my alpha Minecraft account back when that happens.
Just accepting every horrible thing in the world must be so sad.
This sort of scenario. Or a million others.
Some of their designs are downright malicious (like locking the email account until you give them your phone number), more often it's amazingly bad software/UI, and sometimes they'll ruin your weekend by rolling out a Windows update without asking which wipes your partitions or throws bluescreens on boot.
I decided a while ago it's not worth it for me and stopped using as much MS related stuff as possible, and I'm glad I did.
Nonetheless, I would have expected MS to ensure that the process includes clearer guidance for the account owner, and for deliberate decisions to be made by the school to enable this type of action.
They did a very good job of providing clear advice to BYOD users during the MDM onboarding process in InTune, and it’s confusing that this didn’t occur in this case.
The school's IT team should never have had the means to do that.
No matter how inexperienced they are, it shouldn’t be possible to put an external Microsoft account into this weird state without the account holder’s permission. And the “leave organisation” button shouldn’t leave the account in some weird unrecoverable state.
This all reeks of sloppy product design on Microsoft’s part. Is my Microsoft account one bad domain administrator away from being taken from me? That’s unacceptable.
It's a long time pattern of behavior from Microsoft about their utter lack of any care or thought for how to manage their MS Accounts system.
Giving such permissions to a 3rd party could be just a gross incompetence instead of malice. Yet, it should never happen.
> malice is a condition of the mind which shows a heart regardless of social duty and fatally bent on mischief, the existence of which is inferred from acts committed or words spoken.
Negligence and recklessness are often considered acts of malice, especially when stemming from wilful blindness.
The mischief here is the problem with the account, we (those commenting on this page) have no confidence in Microsoft to improve it (they are fatally bent), as they clearly don't consider it a social duty and are surely wilfully blind to it. Does anyone here think they want to know, let alone care?
[1] https://thelawdictionary.org/malice/
One wonders why one would pretend not to know this.
That is a personal account shouldn't even be possibly converted into an AzureAD one: if you want it's another account, with another email and another password. This possibility of mistake should never happen.
And then Jeff is confused about the state of his account. Keep in mind that he's using a developer tool (the Azure portal) and account federation is not a beginner-level feature of Azure AD. There are sharp edges. He just jumped to a lot of conclusions and wow the Fud level on this comments thread is off the charts.
I know this because I set up an OAuth2 based web portal for my friends to access my Minecraft server using Azure AD B2C and by god the hardest part was figuring out how to explain the login experience to users, and disable the secondary 2FA requirements for MSA/Gmail users (because I know my friends are smart enough to use 2FA)
First customer service will be automated or even non existant, and very poor. Secondly the product will have been 'tweaked' so many times for new markets and product extensions that it will be very fragile when you do something at the edges of its functionality (not what the other hundreds of millions are doing).
It shouldn't really be this way - it tells a lot about software engineering that a product run by a few enthused people alone can often (but by no means must) have better support and service than a product with huge resources.
Also, a software engineering product run by a large organization is going to have tons more functionality under its much bigger umbrella compared to a small team with a much smaller product. Consider AWS vs Digital Ocean. Both great companies, but AWS's umbrella of offerings is vast compare to Digital Ocean.
No, but something unusual went wrong and getting it fixed will be harder at MS than a smaller company. There probably isn't a single person who understands why without a fair amount of research. Without the publicity, MS would be inclined not to spend the effort to fix.
> Also, a software engineering product run by a large organization is going to have tons more functionality
This was exactly my point - the large product with tons more functionality will likely be more brittle, harder to use, and get support for if something breaks. If you aren't using that functionality, you often won't be well served by the company. I had this experience with EverNote. I'm also a very happy AWS customer, but I think that is because their products are a set of (fairly) independent products, rather than one huge system.
Or maybe the bug's just going to languish and our friend Jeff here is going to be forced to create a new Microsoft account.
--
As far as AWS' products being independent products. I have the opposite view, as their products would be rather useless if they didn't interoperate with each other. How useless S3 would be if it couldn't talk to anything else!
With smaller outfit's the L2 tech support might actually be having a line of communication directly to engineering, where in large companies there might be an L3-6 plus different product owners and escalation managers involved before a case gets in front of the engineering team.
Hoping this raised issue helps cleaning up some of the mess, I find it fascinating how bizantine microsoft have become.
I also have a skype account that became some other other account, but was using the same email as my mojang account that got ported to live accounts. I kinda hope everything is neatly bound in the backend as I login through the live.com portal, but it feels like a miracle that it still works at all.
It was the same kind of fun trying to log to flickr with a old converted yahoo account. Or dealing with amazon after merging multi-coutry accounts.
Amazon used to allow having multiple accounts with the same email, but different passwords. And don’t ask what happens to personal accounts that get accidentally invited to corporate accounts via email adresses formerly used for the personal account.
I made a point to separate mail addresses by country to avoid getting hosed, but I'd imagine the fun trying to access Prime or kindle purchases from an account that has them in multiple national stores.
Even worse, Microsoft is now trying to force online accounts onto Windows machines.
Google already does it with Android. Which means for some reason if you lose access to your email, you are locked out of not only your online accounts but your local devices also.
We really need to separate authentication from services and devices. With strong safe guards around that account and an actually support system.
That's the kind of results Google should be surfacing, but it lost the game, it is so useless now for precision searching.
What GP is getting at is that Google Search breaks down often when you're looking for a very specific result, but one that is uncommon enough. Instead, you're often diverted to a "related" query result without them telling you.
An improbable search is almost impossible to do on Google. They will replace it with unrelated but similar results. Even when you specify a strong condition, it will just ignore it and return the exact opposite. It's no better than LLM hallucination.
There are pairs of words that are very similar, but semantically different. Like "latitude" and "longitude" or "first name" and "last name". Google's model can't make fine distinctions between related (like latitude and longitude) and semantically equivalent (like last_name and family_name). You search for a semantic match, it will give you a related result that is exactly not matching your search.
If I’m all-in on the Google/Android ecosystem, this is a positive! It works even better!
The alternative is that the people behind the Nvidia Shield are intentionally user hostile / acting with malice, in cooperation with Google?
The idea that the account requirement is positive or negative is a hugely subjective one. The fact is it’s needed. Whether it’s positive or negative is largely irrelevant. The fact should be surfaced.
Indeed and when I try it, it does surface it when I search for Does Nvidia Shield require an Android account? [1] For comparison, ChatGPT also gets it right. [2]
--
[1] https://imgur.com/a/cLpFj6i
[2] https://imgur.com/a/x6AP0jf
You can buy a good mini-pc for a couple hundred bucks and its much more powerful and flexible. You can run windows or linux etc and hook up any keyboard, controller, remote, and do whatever you like.
That’s about it though.
Having to use a mouse and keyboard is a pain point for me when I use my desktop on my TV from the couch. For the mouse I use the trackpad on a ps5 controller, so the mouse isn't so bad.
Possibly you could: * Not require passwords for everyday operation of your computer * Boot into some sort of launcher designed for televisions * Have a fairly narrow set of apps and services that work well with your setup. For example I don't know how you'd use Netflix or Disney plus with a remote on Linux.
Admittedly I only have local media and YouTube (via a Kodi Plugin)and don't use any streaming services so Kodi fulfils my needs perfectly.
1. https://kodi.wiki/view/HOW-TO:Autostart_Kodi_for_Linux
2. https://kodi.wiki/view/Remote_controls
3. https://pimylifeup.com/raspberrypi-hdmi-cec/
4. http://www.riitek.com/product/k08x.html
https://www.amazon.com/Microsoft-Wireless-Media-Keyboard-N9Z...
https://www.amazon.com/Logitech-Wireless-Multi-touch-Certifi...
https://www.amazon.com/Rii-Wireless-Bluetooth-Backlight-RTi8...
We also have an old laptop attached to the TV. We set that up in the lockdowns so we could use a webcam on the TV and a wired microphone on the coffee table to "get together" with friends and family, still use it occasionally for Dungeons & Dragons with friends who live too far away to visit often. The Apple TV doesn't support webcams, but wins at everything else, hands down. Even for desktop-y stuff, streaming my Macbook or my girlfriend's iPad to the Apple TV is less hassle.
Desktop ergonomics just don't work on the couch, at least for us, even with a nice-ish wireless keyboard with touchpad. Having a touchpad remote with just four buttons that have very predictable functions and a simple mobile-ish UI is nice, even to me, and I'm a desktop power user otherwise. Desktop OSes are for work, school or uni, most people aren't inclined, encouraged and/or enabled to explore and play in those, so they don't get them the way desktop power users do and tend to expect everyone else to, or the way people get mobile UX.
If you want something nearly everyone can pick up quickly, even older children and some seniors, make it touch-based, responsive, give it proper apps and the same core animations mobile phones have and you're 80% there.
Setting that all up on PC is much more of a chore.
If all you want is netflix and youtube then of course a 50$ chrome stick is fine.
More flexible, yes, but are you really getting more powerful than an A15 for that price, especially when running a general purpose OS?
That last point is really hurting why media PCs disappeared: you’re paying considerably more - a whole number multiple - for an experience which isn’t designed for a TV, and in return you get the fun of playing sysadmin when you’re trying to relax. Most people are not going to pay a significant premium so they can deal with drivers and trying to figure out why their HDR isn’t working. Device lifetime theoretically could counter that out but I’m skeptical that hardware won’t be what sets the timing for that in either case, and the dollars per year metric isn’t favorable there.
There are certainly better push-button solutions on the market, but arguing in the AppleTV's favor for performance is probably a phyrric victory at-best. If you want an AppleTV, get an AppleTV - if you want a streaming box for your ripped Blu-Rays and legally-dumped retrogames, you can build it yourself for roughly the same price.
The cheapest one Google knows about is an AliExpress no-name brand at $159 and that’s because it includes no storage or RAM, and uses a 3750H which benchmarks at less than half the speed. Once you add memory, it’s over $200. It does match the Apple TV on 4K@60 HDR support so I’d assume it must have hardware support.
Amazon has a couple of off-brand Intel devices, also around $200 for around half the Apple device’s performance.
Again, if you really want a PC you certainly can make it work but the reason it’s unpopular is that you’re paying a lot more – this is starting at 150% for hardware which is unlikely to last as long – and you then have to support a full PC, buy remotes, etc. If you enjoy that as a hobby, sure, but it’s hardly surprising that most people buy something which just works out of the box.
Judging by the threads on those proprietary embedded devices, I think my setup passes the "just works when you want it to" test even better than those appliance things, which market an illusion of stability but are doing the same mutable update dance behind the scenes (with the added complication of corporate whims).
As someone who started using desktop Linux and supported it professionally before the turn of the century, yes, I’m aware and you’ll note that I never claimed otherwise. The reason I mentioned general purpose operating systems is that they’re not optimized for non-keyboard/mouse UI and you’re more likely to get in a situation which requires more work to sort out via the CLI.
The other concern I raised was drivers. Support for hardware video decoding, colorspaces & depth, high-quality sound, etc. is certainly technically possible but also something which not-uncommonly ends with angry rants. If you are passionate about open source and eager to take on that responsibility, great, but it’s not a popular choice.
My Kodi box boots straight into Kodi. I have a mini wireless keyboard on it (Rii X8?), but the alphanumeric functionality isn't particularly used and it could just as easily be a video game controller or even an IR remote.
There is no "situation which requires more work to sort out via the CLI", beyond when I deliberately choose to make changes to the system. If I ever did want to pop out of Kodi and run a general desktop + browser - say for sports streams - then the additional input hassle would be due to doing something I couldn't do with an appliance anyway. You can't really characterize this as a drawback.
And sure if some driver functionality doesn't exist, then obviously you can't use it - you set your expectations to what is available and how much you want to tinker. And the real answer to "angry rants" is to use an operating system with reliable change control, so that if you start tinkering with something, it cannot end up in a broken state when you want to use it to relax.
Also I find it a bit disingenuous when people argue for the "less expensive" options that put you at the mercy of streaming companies. My amd64+Kodi+zfs+VPN setup certainly isn't the cheapest, but neither is a corporate puck with several monthly fees for streaming services. If one wanted to be entertained for the least money possible, I suspect that would just consist of using your current laptop/computer running a general purpose OS to play dodgy streaming sites. But most people seemingly want something more than that (which ties back in to my first paragraph).
So I gave in, switched to Plex, paid for a Plexpass lifetime account, and bought embedded devices that could stream content off my server.
I have way less flexibility now that I’m on an AppleTV 4K. I also continue to get occasional headaches (e.g. recently the remote control randomly stops being able to control the volume), but the size of the headache is limited to pulling out a different remote control / turning all the things off and on again. Mental effort not required.
I have a laptop that goes into the 4x2 HDMI splitter, and I occasionally whip that out if there’s a real desperate need. But it’s the absolute last resort. It’s just easier to use the ATV.
It’s not that I lack the ability to produce a better PC based solution today, it’s that I lack the interest, and the $200 ATV is good enough that I’d rather throw money at the problem than time.
> dont see the benefit of these android based TV devices or Apple TV anymore.
My point was simply that an Apple TV is significantly cheaper ($100-120 vs. the $200+ PCs people mentioned) and it has roughly a factor of two better performance. Now, it’s inarguably less flexible but most of that flexibility doesn’t help with things many people want to do, which was the original point: people buy these because “spend less, everything you actually use just works” is actually a pretty good sales pitch.
Nvidia Shield was great, but they upgraded the user interface and shat ads all over it.
This is not true if it is a Google Workspace (or whatever they are calling it now) account. Learned this the hard way when getting YouTubeTV. To be fair, it was just a couple of hours of frustration and annoyance but still, for whatever reason, the workspace accounts that you pay for are second class citizens.
I can't downgrade it to a personal account without deleting the account and recreating it, but there's not even a guarantee that will work. Deleting the account will also mess up family photo albums and other items. Photo storage is full but I'm also unable to pay for storage without adding a subscription to the account. It's so risky to try and fix it that I just had to migrate to a new google account, re-purchase all my android apps, and just ignore that account forever.
I have seen this on HackerNews multiple times. I bought a Google Pixel this past week and set it up. I have not logged into a Google Account. Maybe if you give the phone internet access during setup, it doesn't give you the local account option. But I can attest that Google has not (yet?) closed the "offline account" loophole.
Trying to be actively signed out is also a mess. You can use the teams app to join teams meetings others have setup and invited you too without teams access yourself. Though of course if you have an MS account teams can see it ends up trying to use it and then saying you don't get teams access via that account and trying to sign out and join the meeting with an account associated with it often just doesn't work. A colleague actually ended up requesting he got an o365 account with teams associated with his corp email because of this issue as he had occasional meetings with external people over teams. We have a corp o365 setup for our ops/admin team that engineering normally doesn't touch but because he had a teams invite sent to his corp email he got dragged into it.
And then you get the people asking naively "why are you getting so mad at them"...
Teams is written using web technologies so you're getting the same experience as the app.
Besides, there is a very satisfactory feeling when something doesn't work for whatever reason, you do a quick search and see that apparently you must edit some awfully named HKEY_LOCAL_MACHINE register or rename some <username>/AppData to .old (just had to do this yesterday, wild), and then, when the quick fix doesn't work, instead of trying to look for more fixes you just give up and start cussing until the VM is restored to a working backup.
It is not quite a requirement, I have my Windows 11 Pro running just fine with no Microsoft account. They do attempt really hard to make it look like it's required though. Even going as far as showing a fullscreen app after Windows update that only has options for registering or login, but luckily Alt+F4 closes that abomination.
I suppose they might make it mandatory unless you have some special version of Windows which is hard to buy (like LTSC). But make it too hard they risk that market. Anyway, now bypassing it involves opening a command prompt window, only the more technical users will do so, and that’s a small enough minority they probably aren’t missing much.
Sounds more likely to me that they'll just abandon those market segments.
I know it is a pipe dream but I wish they could be forced to sell this to the general public.
I have looked into buying LTSC. Apparently you need a business (I own a “shelf” company which has never done anything, but legally it counts), and a Microsoft volume license agreement. I looked into the later. Supposedly there is this trick where you order all these useless-but-cheap Identity Manager CALs to cheaply meet the minimum order requirement for a volume license. But I got a bit stuck working out what to order (or even if it was still available through resellers in my country). I lost interest at that point.
Is there a “US Government Edition”? Is it different from the Chinese one?
How does G differ from LTSC?
This info is publicly available so more detailed info should be easy to find.
Telemetry is a bit of a non-issue for many national security applications-they run on special air-gapped networks with zero direct access to the public Internet, Windows can try to phone home to Microsoft all day long, it’ll never get through.
And disabling telemetry doesn’t require LTSC or Enterprise G. All Enterprise, Education and Server editions support “Diagnostic data off” telemetry level. Even if that’s not the default, most enterprises who want that will build their own install images with that setting configured.
Install flight simulator on a Win10 PC with local login only and launch -> sign into an xbox account -> after you enter your name and password, you get a dialog box where you have to agree to sign your Microsoft Account on that PC with two dark pattern options that lead to the same result.
I couldn't find any combination of group policy editor, registry, and services.msc around it. You can either close it and lose access to the game you just paid for, or proceed and then you get your account signed into email and a bunch of other crap you dont want and have to spend hours getting rid of all traces of that account in your system(but it's never 100% gone). Only way to bypass it is to buy the game through Steam.
Between MacOs Linux and Microsoft, Microsoft has the last respect for you as a user and nobody should use it if they don't have to.
The main problem is that randomly, Teams invite end in some "an unkown error occurred" and when this happens there's no recourse. It never happened with Zoom, Jit.si, Goto Meeting, Google Meet or whatever else I've used.
The absolutely worst of all is WebEx, fortunately it's rapidly disappearing.
Thankfully I only use it for some cross-platform testing and occasional gaming.
"The New Goliaths: How Corporations Use Software to Dominate Industries, Kill Innovation, and Undermine Regulation"[1] looks like a good book on the subject that I plan on reading.
[1]: https://www.amazon.com/New-Goliaths-Corporations-Industries-...
You're welcome.
Not a Windows user, but that wording of the setting is making me irrationally angry
It really, really irks me.
Then they do absolutely crazy weird things!
I recently got a new laptop. My account is `adavis@<domain>.com`, my user name on my old laptop using that account is `adavis`.
What did Windows 11 do when I create my user on laptop. Oh it makes my user name `adavi`, yes it truncated my username.
After scouring the internet, trying a few different things to rename my account to no avail, nothing worked! Until I found a command to bring up an account management window that looked dated to the win 2k era ish (and can't be found via any settings window). It allowed me to create a local account with the name `adavis`. I then logged into it, deleted my `adavi` account then was able to associate my new local account with my Microsoft account.
Only "proper" solution is to /not/ sign into your MS account when seeting up the new machine for the first time. Create a local account with the name as you want it, and then only afterwards link it with your MS account (if you have to).
Only problem is, latest Win11 installer does not allow you to create a local account anymore at all. So you need to install Win10, do the work-around-dance, and then upgrade to Win11. I only relaized this after halway through my most recent format.
Every time when I ssh into one of my other boxen, I have to remember now to go 'SSH myname@ip' else windows helpfully defaults to 'mynam@IP'
You can create a file ".ssh/config" in your user directory, just like under linux, and inside of it put "User myname", and ssh will use that as a default and you won't have to specify it with @ everytime.
In the "Let's connect you to a network" page, use these steps:
* Use the Shift + F10 keyboard shortcut to open Command Prompt.
* Type the following command to release the current network configuration and press Enter: oobe\bypassnro
Note: The command is a single phrase without spaces.
Note2: This will reboot the machine and restart the installer again (why?? because fu for not wanting a MS account that's why)
https://rufus.ie/en/
During the pandemic, a key security component of our remote work architecture was to use Azure AD Conditional Access to restrict users to login in M365 apps from AD joined laptops + some Inutne compliance rules.
A weird situation was that, for a new laptop, we could not login using a domain account, as it was not joined in our domain. We also could not create a local account to join it. Not sure how IT solved that.
They can either remove that policy from their azure AD, or remove the machine from the azure ad.
Or update their policies to allow for azureAD joined machines.
Multi-accounts are really painful with most chat clients I have encountered. It sometimes makes me miss e-mail where the inside/outside distinction doesn’t exist.
Desktop Teams allows you to join multiple calls at once, and switch between them is easy.
Web browser teams disconnects you from one meeting to join another. The only solution is to open multiple browser profiles, each for different call, and then manage the 'mute tab' manually. Additionally, web browser edition has something to detect if tab is active, and will downscale / delay video stream if tab is not active. This is extremely annoying when you have meeting active on one monitor, and want to double check what is being discussed on another.
Saying all this, web browser teams at least works. Desktop one stops working because as the whole discussion here points out, accounts get mixed up. I can't join team meetings anonymously because desktop edition thinks I have an account, but when I try to login it tells me my account doesn't have Teams enabled.
[1] https://en.wikipedia.org/wiki/Microsoft_Windows_version_hist...
[2] All the backroom deals for Windows/Office licenses for state-use certainly helped in this regard, https://www.zdnet.com/article/linux-not-windows-why-munich-i...
[1] https://geekflare.com/windows-11-in-virtual-box.
Better solution: don't use M$ product, if you can. Despite the efforts and resources Microsoft spends in improving its products, languages, tools, they are just an enterprise company: very expensive buggy products.
This, at least, is a thing I have never even had to consider as a remote possibility on Linux.
It's not an argument not should it be used as such.
It’s not an argument nor should it be used as such.
Apple is really bad too, but there not as bad in the dark patterns market at least in the OS. But they are way strict with their walled garden approach to everything so I wont support them either.
Linux can be buggy at times, but I feel much safer using this OS then I do Windows or MacOS because Microsoft and Apple don't really seem to care to much about the ramifications of their end-user hostile decisions.
This is also related to trying to control the circulation of replacement parts by attempting to force independent repair centers to regulate how parts are distributed. Apple takes more of a "You don't know what you are doing, so we have to guide you in the right direction" approach that doesn't sit too well with me. Apple can be wrong, a lot, about how their decisions effects people's freedom to decide how to implement there own security and ways of retiring devices. Apple should be in the business of making hardware and making it usable. Not being a parent, deciding how people are going to use and secure their devices. Maybe leaving that to an impartial organization that works with apple. Too many conflicts of interest for me.
Which is like, wow, half a mil a month, but... also alarmingly little!~
Apparently the backward compatibility monster is not the size it used to be?
Now I understand why Win11's designers used Macs... wow the moat got small
For all it's terrible bugs and login issues, is there even alterative with similar functionality that would be as "user friendly" (as in: non-tech people would know how to use it as well as they use Microsoft garbage?).
I literally can't think of any alternatives that comes close in functionality OR has the same ease of use for non tech people and wouldn't waste even more time.
https://reactos.org/
ReactOS isn't stable enough even in a VM right now – but the progress is nice, and I hope it will be a viable alternative for embedded applications (like ATMs or factory automation stuff). Maybe consumer use one day, too?
Mac is not an alternative functionality to: Teams, Outlook, MS Office, etc? It doesn't solve the MS crappy auth system, it doesn't give (large) businesses the same functionality that MS is giving them.
You can also use any of various other products that compete with them (Google Apps, iWork, Zoom, etc).
Just because MS makes a specific package that businesses like doesn't mean that they can't use something else if MS is becoming more of a problem than they're worth.
We recently discussed this "shadow work": https://news.ycombinator.com/item?id=34612697
Enterprise IT is conservative and full of strange politics that make it really dangerous for an admin team or it department to stick their head out and do something independent other then follow the "mythical industry best practice" and MS is extremely good at manipulating what gets considered "industry best practice" to their advantage and then give just enough discount on the more visible parts of the costs to look cheaper.
And it's a open secret that individual employee productivity don't matter all that much in the kind of back end work where a PC was ever a feasible tool, as what really counts for profitability is the non-pc using frontline staff's productivity, who is far more likely to be issued either no computers or mobile phones or tablet then wintel laptops.
you can try to find as many edge cases,
but at the end of the day I just log into the account that's inside domain and everything:
email, teams, network accesses, auth thru web apps goes thru that domain account
Because I tried to do that recently with O365 and I literally couldn't move my subscription without killing the old one and creating a new one.
Every other software service I use somehow managed to make it easy: fill in the new billing details. Done.
But not Microsoft. Billing and fulfilment details are on different pages, there's no obvious way to get from one to the other, and if you want to change country you can't.
Superb.
Even having physical copies of The Economist follow me, with the same subscription, was easier.
I leave my personal Windows 10 desktop running for about a month at a time so I don't have to reopen 5 different windows and arrange them across three screens for uni work every evening. It works fine.
Mind you, if it was a Mac I'd not even have to reopen or arrange them after restarting the machine - they'd still be there. Although my work Mac loves to randomise which display gets which windows and desktop background... And randomly pan all bluetooth audio to the left ear once a week. I guess all OS's have their issues.
My Win10 Home desktop downloads updates when I'm not looking - and sometimes when I'm actually using the thing - and then reboots all on its own. I have no control over this; there have been occasions when the reboot has happened while I was working.
It happens roughly once a week.
Source: https://lazyadmin.nl/it/how-to-stop-automatic-restart-win-10...
Outlook, Teams, Chrome, COMRAD (radiology RIS), Spotify and InteleViewer (DICOM viewer). Without restarts Spotify stops working, the software loses track of what day it is (it assumes the day prior) and things get slow or unresponsive.
Maybe it’s the software and not the OS. I run all those except COMRAD on a Mac ok though.
Mac and multi display and window location is a special hell. My father is a heavy Photohop user and palette organisation is a daily battle with multi screen. When screens wake up windows and palettes reorganise if the system detects one screen and not two briefly. It’s a big drain on productivity.
Awkward… no, I haven’t dug into it at all. I now will.
If my org doesn’t give me a supported way to do absolutely necessary thing X, then I’ll find my own way to do it.
MS makes it very easy to secure and admin at massive scale. You can roll out policies and updates to hundreds of thousands of machines with like 1-2 admins, and the other 8 IT people manage 200 Linux and Mac machines.
And everything just works out of the box with like... 3 lines of PowerShell.
You can replicate some of it with Ansible, sticky tape and a few spare weeks, but it's not the same at all.
I'm actually Linux admin, grew up with open source and spent my career serving pages and automating myself out of a job. I dislike Microsoft as much as the next guy, but for enterprise use they are _next fucking level_.
Maybe they all need nonstandard software? God forbid, maybe they need administration permissions, but the org doesn’t want to give it to them, so they end up calling in every other day to get something unlocked (I know that’d be true for me).
Maybe it’s the problem solving skills of the IT team when it comes to mac, so people keep coming back with the same issues (good ones are Outlook/Teams being permanently broken, or VPN not connecting).
On the whole, I’d steer away from any explanation that would require all 500 mac users to be idiots.
You more or less need to be a dev-ish person to prove IT is at fault. The lusers have to live with the unplug the computer and reboot workarounds.
They now are giving teams (slack knockoff) a free dialing number so it now can be used for phone conferencing without non-organizational people.
Onedrive gives you 1Tb of syncable storage per user, and 1TB per user pool for shared office resources.
I spent years as a google apps advocate, but seriously for the money, no one touchs what MS is offering right now. Google had MS hands down 10 years ago, and let google apps die on the vine. It is a damn shame too, because they were the only ones that have anything comparable.
It's just too good to ignore.
On paper microsoft absolutely has the best offering. The ms365 suite has everything anyone could ever need. But, in practice it feels more like a downgrade than an upgrade. Teams does everything, and all of it just as poorly. Office does everything, but the web version and collaboration features are so far behind google they are not comparable. Sharepoint and onedrive seem superior to google drive, but in practice there are many papercuts and people struggle to understand where to put documents and how to properly share them.
What microsoft seems to lack is caring about user experience as they slather feature layer after feature layer on top of their products. What google seems to lack is incentive to actually meaningfully improve their product, because I couldn‘t tell you a single meaningful feature they added to g suite over the last five years.
That's the problem of selling something to the supervisor and not the actual user. MS has had that corporate world as a cash cow for three decades now. They don't care about the end user they just care that their product looks better in the slide that compares it to the best alternative.
And I've never found any documentation as to whether shared OneDrive folders count against the owner's quota, all of the users with permissions quota, or the sharepoint quota.
[0] https://learn.microsoft.com/en-us/office365/servicedescripti...
But the basics each user gets their own quota of 1 to 5tb,then there is also a shared quota (share point, Ms group storage, powershell online environment, dataverse, etc... ) of 1 to 25tb + (x size per user) the size per user depends on a multitude of factors.
I did not mean to imply that users limits are connected to the shared pool, it is in addition to the user quotas.
You're right, for the money MS gives the user a lot of fairly crappy products (other than the office desktop suite). Google was positioned to own this, and they let is drop. It shows what it means to be a product driven company (MS) vs. whatever Google does nowadays (milk search ads?).
There are teams of people in MS whose only job is to think about how to package something for sale. If Google had a single person doing that they would have beat Slack before it got huge, and could have owned office collaboration software as it all moved to the web.
Fuck teams, though. I will leave this company before migrating Slack into teams. Actively recommending that product is nothing short of professional negligence.
If you use firefox, you can use each other the container types to host different login accounts, it makes it easier than switching between private windows and doesn't require you to enable extensions on your private tabs
I just want to point out that this entire described scenario, by a company with decades and decades of security products being shoehorned into "just good enough" cloud infrastructure....
Sure the security folks will say hardened infrastructure with fine grained least privilege is doable ... if you're at greenfield ... maybe. But the issue with lots of IT orgs is that they are MESSY, and fine grained least privilege is fragile. Messy + fragile = not good things.
I agree with least privilege as an aspiration, but security is a top-down authoritarian entity in organizations, and fundamentally they don't care if their policies disrupt your daily work process. IMO this is because most security orgs don't provide solutions.
Specifically, by solution I do not mean "picked an enterprise security product bam we have a solution", I mean you have a security architecture and then have the people with bandwidth to help boots on ground devs get the job done quickly so security isn't a blocker).
Doing the same thing with MS accounts has been an utter nightmare by comparison.
For that reason I never use MS online apps on my private devices and whenever I need to sign in online, I always use the private mode or a dedicated Firefox container.
It looks like generations of implementations (and likely generations of product management and development teams) layering on top of each other, "replacing" the "old" systems only to do the half of it, and integrating with acquired products.
Seen from outside, it just doesn't look like there exists a single team that understands the authentication and permission system end-to-end.
Microsoft has been dealing with online identity almost since the consumer web exists. MSN launched in 1995, Outlook was the poster child of webmail, ActiveDirectory is the behemoth of enterprise user management.
I don’t see Hanlon’s razor relevant when it’s on one of their core competency. They at least committed to throw part of their users under the bus to pursue their goals.
I think some people are mixing up Hanlon's razor with "if it is bad, the malice part can't be on purpose".
In my case, my personal and professional Microsoft addresses are the same (same email, different accounts) which means that in many cases I end up in impossible situations when the login screen doesn’t correctly guess if I want to sign in personal or with my “work” account. I also do client work for organisations where I need to sign into their O365 and honestly the only way to manage all that is to keep a dedicated browser “per account”.
Teams is a different story, I avoid account switching because exactly like you describe, sometimes I need to uninstall it in order to sign out.
Now, 4 years later I still get to choose wether I want to login in their tenant or mine everytime.
Microsoft solution? Change my email on the personal account.
Not kidding.
It's the only way I can keep my personal, work, and alma mater email separate and not falling into login loops.
It is indeed a giant mess.
If you go to live.com and click on the hamburger icon at the top, then under 'Apps' click on the "To-Do" app, you will be asked to enter the password for your work account, even though you are on live.com, not on office.com, and you are currently logged in with your personal account.
The only way to get past this is to click "use another account" then log in again with your personal account (even though you are already logged in!!).
This bug has been present for months now.
I agree. It is surprising that we don't see similar issues more often. It is *so* confusing to both users and the developers, to the point where it's too easy to make some naive mistakes. And it is one of most critical parts of the systems!
They’re actively enabling phishing because they choose to rollback standards support.
https://www.brightball.com/articles/how-microsoft-became-phi...
https://news.ycombinator.com/item?id=34911811
If he would have graduated or otherwise no longer have access to his school account, he would never have been able to recover the drive. Of course he has his important files in cloud storage anyway but it’s very annoying nonetheless
I strictly use the local-only setup. I'm sort of OK if they still leave a relatively trivial backdoor to do this, but if they ever flat require an online account, I'm out, hard.
This is partially due to wanting to avoid the hassle and management of yet-another-forking-online-acct-IDGAF-about, but also because I have some machines controlling industrial processes (CNC machines, custom cutting machines, etc.) that I keep entirely off any network for security & safety reasons (yes, moving anything to/from those machines is all sneaker-net; simple, works, and my shop doesn't yet have the scale to justify that kind of networking/security/admin overhead).
I just hope that MS engineering is not stupid or powerless enough to allow MS marketing & MBAs to fully kill off the local account.
This entire attitude of exploiting customers by requiring spurious internet accounts & connections is making me start to think that the Internet is all a huge mistake. If that approach takes over, the world will literally be worse than before the Internet in every important way (and there are some solid arguments that it already is worse).
That's just.... Insane. This is going to be a disaster. I'm so sorry, Windows users.
Sounds like a huge pain to deal with. Why not switch to Linux and be done with it? Genuine question.
Plus, at the outset of another startup, we decided to go Open-Source everything, and tried to setup a real-time version of Linux and the CNC control software. All of it supposedly up and running with only a few dozen steps to setup in the people supposedly running it. Despite decades in networking and a bit of Linux experience, I quickly got swamped in the massive undocumented bugs in setup/config/complile, and brought in a guy who had a full-time Linux shop, and who I knew from working with him previously that he was very good. He thought 'it's a new version, but no problem'. A month later, we still had nothing running and the investor/partner pulled the plug. So the swamp of poorly-documented / undocumented / mis-documented hiccoughs literally killed that startup — death by 1000 cuts.
Sure, it is probably better now, 15 years later. But so is this environment, UNLESS they tie it to another online acct.
So, basically, I'm pretty much now in the business of slinging atoms instead of bits, and the overhead is no fun, and just not worth it (yet). Plus, the overhead of working around the MS carp turned out to be pretty small. Just disable the Wireless at the right time in the W11Pro install (I think it is worse in teh Home version).
I know valve have done great stuff but is it good enough yet to run everything on a AAA game on 4k ultra with hdr, gsync and 144hz?
At that, it still excels and is no mistake. The problem is all the people using it for money.
Someone said a long time ago that "The love of money is the root of all evil".
I'm not a follower of any particular religion, but that guy sure got it right on that point! Also, the only time he was recorded being violent was when he kicked the money-changers out of the temple.
How do we kick out the money-changers from the Internet?
Back to the roots of info transfer... it seems the tagging devices+apps tell us that we have achieved critical mass of node/relay density for an underground mesh network to work, if we can get enough people to run it . . .
If I could make one law get passed, I would outlaw algorithms on social media feeds (edit: and search engine results). Let them collect the data, let them target ads. I don't think those things are inherently harmful, or at least, no moreso than the old ads and surveillance.
But the seizing and algorithmic manipulation of the feeds, with the accompanying incentive that the whole thing fails if it doesn't turn a profit, is far more toxic than the gatekeeping of the old media emperors. The great promise of the internet in the 90s was that consumers of internet media would have complete control over our feeds, and get only the things we want and demand.
We have received the exact opposite, because people with money want to put their money to work, rather than work.
[1]: https://www.scottrlarson.com/publications/publication-transi...
They are pushing more and more people into the perception of renting a experience rather then owning a device. Its great money for me to help people figure all this out though.
[1]: https://www.scottrlarson.com/publications/publication-transi...
they tried to simplify it by tying everything to yubi keys, but just this week some things stopped going to the yubikey and wanted me to auth on my phone like we used to instead.
ugh
>>Of course he has his important files in cloud storage anyway
So MS's defective key system is pushing people to keep their files in the MS cloud? When a defect in one product pushes users towards are more profitable/addictive product, that isn't a defect. It sound like the plan to keep users hooked into the MS ecosystem is progressing nicely. Once upon a time it was Apple getting its hooks into users while at school. Now it is MS.
Does one still need an MS account to play minecraft?
That doesn't sound reassuring if the cloud storage is, itself, Microsoft connected ... or even using auth/login mechanisms that connect to the Microsoft account.
Arguably, if you're one of the 85% of SMBs in O365/M365 instead of Google Workspaces, or if your "Login with..." personal account is Microsoft instead of Google or Apple, you should be using Edge.
The many standards around identity management makes the web more complex. Most of us have many identities and we end up with a multidimensional web of tokens and cookies.
I think at some point something will have to give. This seems like a space where some more provider consolidation or collaboration would help.
Security is so important to get right, yet too easy to get wrong.
Apple is not really any better. God help you if you accidentally lock your Apple ID, you will be subject to a month-long wait before it can be fixed. Why that long? No idea. Nobody at Apple has any idea why it couldn't just be 2 days, and they will frankly admit to you that it makes no sense, then spout some meaningless 'because of GDPR regulations' nonsense that has absolutely nothing to do with GDPR regulation.
- Use different browser profile for each account
- 2nd and subsequent account - use Teams in the browser - in the respective browser profile (teams.office.com).
Teams in the browser is not substantially different than the desktop app.
Basically when we login we need to use the "personal account" but sometimes it will not ask what account to use and automatically choose the wrong one, and once it gets stuck in this state i didn't find a way to fix it.
The thing about the Trello account is that I used a non-school email account for that. I never at any point gave them information about my school account. I opened the account on the day Trello was announced, when they didn't even have paid plans. I'm guessing they were able to link me somehow, and they used that information to give my account away.
Clearly Atlassian is not a company that should ever be trusted with important data. In my case, if I had any information about grades in my account, it would have been a violation of FERPA. You can't casually hand out that information to random strangers.
Many Linux distributions have signed bootloader and kernel, to support secure boot, but otherwise I think you could either add your own signing keys for the Secure Boot, or chain either Linux or Haiku from a signed grub bootloader.
So usually pressing the wrong option while logging with a new one and existing cookies from another one can land on this mess.
Usually the only way out of the mess is somehow via Microsoft support, which I only saw being successful via MSDN sales contacts.
Whenever I see such a serious warning, I will almost always take a long period of consideration before proceeding. Remember that you're dealing with a company which acts like they believe you shouldn't own your computer. If a company with that attitude believes they should warn you about something, it's certainly serious.
Also, Microsoft's UIs are filled with misused terminology. They use create, open, add, (delete, close, remove) etc. interchangeably. For example, in the OWA the process for removing a calendar you don't own is called delete.
In this case, is there another company with a similarly old and complex auth system that does exemplary work?
It's strange to me to take the discussion like this to public forums before talking to the people involved. It could be his daughter "gave" it to the school as an act of generosity for example.
That shouldn't possible in the first place.
In short - you are missing a lot.
But the fact that it's even possible to reach a failure state like this is still worth public discussion. You're probably right, odds are his daughter hit "okay" on some screen... but it shouldn't even be possible to irrevocably hand over the keys to a private account.