|
|
|
|
|
|
by inglor
795 days ago
|
|
|
Hi, I work for Microsoft (just a dev), all (most?) our apps are actually designed to work with third party compliant hosting with an open protocol called WOPI. So for example you can use Excel online with Sharepoint/OneDrive (two different hosts btw) but you can also use many maany third party hosts. Additionally third party tools can programmatically access the first party hosts (like sharepoint). I don't like Microsoft-esque APIs and the company sure has issues here and there but I doubt you'd get the same level of data privacy with a startup (e.g. everything goes through privacy review, security review, devs can't access customer data, data is separated by region etc) |
|
|
And if you argue with Andres Freund and the XZ discovery recently, he is really a Citus guy. Yes, that is now part of Microsoft but I guess you get my point of him not being directly hired by Microsoft AFAIK.
Microsoft as an organization could and should really do a lot more for security and privacy than they do. But first the culture would need to be that there actually is a lot of low hanging fruit instead of searching for excuses. [3] For instance, Windows Updates could be more reliable, predictable in how long they run and much faster overall. Windows could detect and stop ransomware much better. Microsoft could make Windows Server Core cheaper and have a separate more expensive license for the "full fat" Windows Server with desktop services. That would put some pressure on organizations to do the right thing and reduce the attack surface area.
[0] https://arstechnica.com/information-technology/2024/04/micro... [1] https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-a... [2] https://msrc.microsoft.com/blog/2023/09/results-of-major-tec... [3] https://blog.royalsloth.eu/posts/it-takes-a-phd-to-develop-t...