Many brilliant people have serious mental health issues that preclude their ability to regulate their emotions and act maturely in serious situations e.g. responsible vulnerability disclosure.
I've watched genius-level IQ people get fired time and again because they don't know how to work with others at a basic kindergarten level.
To be honest if I got fired in a mean or unfair way I'd definitely hit back at my employer in such a manner if I'd have the ability to. I'm unlikely to have that though as I'm not aware of any saucy company secrets. But if this is what happened I think it's pretty justified.
The secret here seems to be that Microsoft caches the key somewhere even when it's supposed to be only in the TPM! That's a pretty big revelation IMO.
> The secret here seems to be that Microsoft caches the key somewhere even when it's supposed to be only in the TPM!
Not what happened here (I reserve my judgment wrt the promised TPM+PIN exploit).
In the default TPM-only mode of BitLocker, the secret is in fact in the TPM, which will (as instructed by Windows upon key creation) release it to the correct OS running on the correct computer. Notably not in the picture is any user-provided data: measured boot is the only protection. It is only the correct programming of the OS that makes it request an account password (completely unrelated to the disk-encryption cryptography) before letting the user poke at the disk, which the OS can at that point already decrypt.
Well, turns out the programming is such that if you ask politely it’ll just pop an Administrator(?) shell.
> Not what happened here (I reserve my judgment wrt the promised TPM+PIN exploit).
Yes this is the one I'm referring to.
I have noticed it myself, it has happened to me that my system rebooted to install updates and it did not pass through the blue TPM pin entry screen at that point. That was a big red flag for me. A normal reboot always does that, even a 'hot' reboot.
> BitLocker is now suspended, which means the drive remains encrypted, but Windows temporarily stores the unlock information so firmware changes won’t immediately trigger recovery.
> A normal reboot always [forces the TPM pin entry screen], even a 'hot' reboot.
In TPM-only mode, I only see the screen—which asks for an recovery key that serves an alternative to the TPM-borne secret, not for whatever you are calling the “TPM PIN” here—whenever I update the firmware or the bootloader (the latter from the other side of the dual-boot setup). Otherwise it boots straight to the login screen, which meshes with the measured-boot-only theory of operation I’ve described above. There’s nothing nefarious in this part, even if I think it exposes an unwisely large attack surface (e.g. the USB stack). I suspect you simply reboot so rarely you’re never hitting the happy path.
No I have the explicit PIN turned on. That means it requires a Pin entry on each boot. It's not the recovery screen though it looks similar. It's also not a password that's then hashed. It unlocks the TPM with a short pin, the number of attempts is limited by the TPM itself so that it doesn't get brute forced.
This is not a standard option, I think it can only be set through a group policy.
> To be honest if I got fired in a mean or unfair way I'd definitely hit back at my employer in such a manner if I'd have the ability to.
I knew a contractor that developed a habit of not paying his workers for a short time. After people started walking off job sites with his tools and showing up at his house demanding to get paid, he magically found the money to pay them.
It’s pretty unsurprising how vindictive regular people rapidly become when they’ve been ripped off.
Reporting wrongdoing to the ones doing it doesn't work. Perhaps they relied on Microsoft a bit too much for their livelihood and are just beginning to reevaluate their decisions. It's not so rare for brilliant people to live a life of the mind and not pay enough attention to their material conditions. But defining that as "serious mental health issues" is such a cheap shot.
> Reporting wrongdoing to the ones doing it doesn't work.
Most large companies — including Microsoft [1] — have an internal affairs call center where you can anonymously report issues of malfeasance — assuming that's what happened here.
Yeah I'm getting a lot of pressure to be a "team player" lately. I've told them over and over I'm not capable of that and that has never been a problem before. But we have a hipster new VP who is really pushy and wants to generalise everything.
"Not being a team player" doesn't mean the person is a nuisance, but they can be an introvert who has a limited interaction budget and can work silently and efficiently otherwise.
This generally means the person might not leave their cubicle much or give feedback frequent enough, but this doesn't mean they are not motivated to help others or share knowledge. One can approach and ask a question and get tons of help immediately.
How I know? That's me. I look like a cave dweller from a distance, but I'm not. The only difference I have is human interaction sometimes drains me a lot, so I just concentrate and work, yet everybody get their help immediately if they need them.
Also, no, I don't bite or belittle people. On the contrary.
Assuming the worst in others is bad. If I worked with you, I'd be looking for somewhere else the moment I found out how you think about me.
Remember. People don't leave bad jobs, but bad managers.
I have worked with lots of introverts and my empirical observation is that the introversion/extraversion axis is completely orthogonal to whether or not someone can be a team player.
You require both team players and "rockstar" individuals. It's not one or the other or a competition, because they do different things.
Yes if you put a someone who can't work on a team on a team and expect team work then that will not work. But that's obvious, so then don't do that. Expecting a homogeneous workforce isn't realistic or optimal.
I'm not a software engineer at all. And I tend to take on projects nobody else wants because they are too complicated or esoteric.
And I didn't say I'm not capable of being part of a team. Just that I need to have my own responsibilities within a team. I can't deal with micromanagement or excessive coordination like 'standups' every day.
Yeah you've completely misread this. The phrase "not being a team player" is a euphemism for someone not willing to do dubiously unethical or illegal (or things that go against internal company policy) things in support of a low level supervisor or manager's wishes. Or more favourably, someone who's unwilling to do things outside of what he's actually paid for or to do things unpaid (or outside working hours etc.). Also known as wage theft.
The guy saying that he has been accused of "not being a team player" isn't literally quoting his management here. He's summarizing that his immediate supervisors don't like him because he's unwilling to enter in some patronage like relationship with them.
The fact that you gave the benefit of the doubt to some faceless employer here instead of an actual person recounting his experiences is really sad and maybe ought to be reason for you to rethink your biases to jump to the conclusion that this guy is a toxic loner. Sounds like you're projecting hard here from some other experience.
That is also a thing yeah. It's not really unethical or illegal but our VP has a huge preference for snazzy glitzy projects and never wants to tackle the problems that cause real pain in the organisation because they are not spectacular and don't make him look good. And yes I bring that up whenever it comes into play. I'm definitely not an order-follower.
> I've told them over and over I'm not capable of that
I can relate and empathize. And also provide this suggestion based on my own similar experience: if you can't provide evidence (e.g. doctor's diagnosis) that you are "special" or "not capable of that", then they don't have to care and will take steps to force you out. I wish you all the best.
Here in Europe it's different, we have more rights. Unfortunately I don't have an official diagnosis but I'm definitely neurodivergent. I've been meaning to get one but it is difficult.
I was once (12 years ago) told: "they debate, they decide, we deliver" along with other "teamwork" pablum. This evil has been with us for a very long time, unfortunately.
Nonsense. there are way more accommodations for people who wouldn't have had a place 20 years ago... those accommodations have changed what a "standard IC" is. There never was a place for run-of-the-mill geniuses who couldn't be bothered to spend a few hours researching P2P (Person to Person) protocols. They were always pushed off to small companies where the risk was much lower. This hasn't, won't, and shouldn't change. If that makes you salty, I got some things I'd recommend you research.
Adults pay rent in money, not feelings. The answer to “how could Microsoft leave you homeless?” is “by not paying you”, not some bizarre “by making you feel so bad you lose your house, which you pay for with good feelings”
This is an oddly passive-aggressive comment when a much more likely read is they were relying on the funding and the large tech company did what large tech companies do and started moving slowly.
And I can see others already blaming them for relying on the vulnerability for living expenses, but if we can hold the hyper-rationalization for a second, we shouldn't be against the person who expected an organization with more money than God to uphold a deal for relative peanuts, right?
Like yes we all get that large orgs make spending $5 very hard, many claps for being the in-group, but their frustration would be understandable.
I'm supposed to feel bad that Microsoft didn't immediately wire him an advance on the bounty before validating anything? Have you ever tried to get anything corrected with a corporate payroll department? Try three months minimum.
It's like suggesting someone was relying on a lottery ticket to payout to survive.
I tried to be as coddling with my language as possible.
Acknowledged how orgs work, separated blaming the org from sympathizing with their reaction, tried to separate the prudence of their actions from the sticky situation they'd still be left in by the orgs actions...
But it was for naught: people are really ingrained in a weird "might-makes-right" model of corporate operations. "Larry Ellison is a lawnmower" was supposed to be a jeremiad but now it's more like a guiding principle that we browbeat anyone for questioning.
> we shouldn't be against the person who expected an organization with more money than God to uphold a deal for relative peanuts, right?
You're assuming that there was a deal that wasn't upheld. I don't think we have enough information to assess that. This person's blog posts do read as being somewhat unstable. There's even someone in the comments seemingly genuinely trying to be helpful: "Just wondering if you’re BiPolar (like me) and see a different reality than what is real. Been there."
If you take the statement at face value, that does not appear to be the case. If you don’t take it at face value, the underlying presumptions might be a lot of why they may not be employable.
Really depends on your background doesn't it? You could have convictions, be sanctioned, have visa problems, or all kinds of things that are not easily solvable.
Indeed, and this guy's personality seems a little "difficult" which might make the interview process short. I've known people with insane skills who have such weird personalities that they never get hired. Doing remote bug bounty stuff is a blessing for them.
We are, quite notably, in a huge hiring crisis where vast numbers of programmers and researchers can't even get interviews. It really is not that simple
Sure sounds like rhetorical questions or attacking the messenger. Someone can think the bounty industry is going to reward them for actually being exceptional and not look soon enough for other options then pivot to a stance that should give them some quick job offers. If I thought I found an intentional back door I would not engage with an embargo system from the same vendor but I am also not them.
> Someone can think the bounty industry is going to reward them for actually being exceptional and not look soon enough for other options then pivot to a stance that should give them some quick job offers
Sure. And that’s a meaningful answer to the question.
“people with values different from yours, presumably” is a condescending nonanswer.
If someone has this kind of exploit and can't get a bug bounty for it, and desperately needs the money, he can sell it for 100k+ in a shady black market
I've watched genius-level IQ people get fired time and again because they don't know how to work with others at a basic kindergarten level.