Microsoft suspends dev accounts for high-profile open source projects (opens in new tab)

"Crying wolf" constantly like this is so frustrating. It waters down the message until they send something you really need to worry about, which you ignore like the rest of the pointless messages.

I unfortunately took part in their startup program. I was awarded the credits. However, I noticed that everything was super pricey, especially the AI services and the azure interface is basically garbage. It is very easy for you to enable a service and never be able to find it later until you have been billed for it later in the month. Maybe the GCP interface has spoilt me too much.

Long story short: I discontinued their program and it's been 2 years and I still receive those action required emails only to find out that there is absolutely no action required on my side. Harassing users is their favorite past time I swear. Ask the Github desktop folks. On Mac OS, there is no option to disable automatic updates. It loves installing a helper that runs 24/7 with admin privileges. If you click on deny, it will keep harassing you - every. single. day. First thing in the morning - 3 times, 3 times in the evening. You could be in the middle of something important, like a meeting or a screen share or running some serious stuff like CNC milling (which I do) and this thing will just popup and ask you for admin privileges until you accept.

And even if you accept and give it permissions, it just buys you a few days time. People have tried before to open an issue on Github - their response was simply "This isn't a priority for us right now" and they just closed the issue.

Same story with Windows too. I wish there was a law to prevent this kind of bullying behaviour.

My spam folder is full of "Action Required" emails. So many of them are phishing attempts that I would never even open such an email even if it really truly came from Microsoft.

I once filed a support ticket against one of those emails because I couldn't figure out what they were telling us to do.

Even MS's staff couldn't figure out what resources the "Action Required" email had to do with.

I was told by awareness training that e-mails titled "Action required" are phishing mails.

Google famously just did this with their Captcha service. Had lots of people signing up for a more complicated version on Google Cloud that they didn't need to do.

Because it absolves them of liability of anything goes wrong. They can point to the email say "we warned you". Having to filter and target the specific set of customers that a notice applies to carries risk and costs to them and they wanna pass it to you.

Same with GCP. I have Private test account with nothing on it. I get emails about actions being required regarding APIs I have never used, a few times per year.

That's actually a good case for a LLM going through it and deciding: "nah, overblown" and "Oh, yeah, this one can close the account"

I literally have a rule to automatically mark as read any email that has "important update" in the subject, because 99% of these "important updates" are various types of inconsequential "lawyers made us do this" bullshit.

And also consider moving some of your repos to Forgejo. I’m running it for more than a year now and it is by far my favorite service. Way faster and essential features do not require monthly payment (branch protection for example). It can easily run on a Raspberry Pi 4 1 GB RAM.

Use Docker Compose and put Caddy in front of it for HTTPS. For backups the easy way is to just git pull your repos via cron on some remote systems. Or use syncthing to also move the server configs over. For the runner, 1 GB RPi 4 should be fine for many situations. It can compile and run many Rust/Python tests fine or build static sites. You could also setup an old x86 next to it (this is essentially what GitHub Runners are too: old x86 cpu’s).

Apple has done the exact same with its iphone app store, lots of companies got shut down because of their app not beeing available anymore with no explanation. The problem is with exclusive app stores.

> At this point people will move to

I think most people just don't care about their computer. Most people just use whatever they are told to use at work.

No they won't, because Apple is out of reach for their pockets, and most OEMs still don't sell Linux powered devices on the shops people go to.

Writing this from a corporate win11 computer, the whole thing is so laggy, it's unbelievable. Last year, I had revived my old desktop from 2007 with an intel Q6600, windows xp and a clicky dying HDD, and that thing flied compared to this. Dear Microsoft and its partners (Especially DELL!), what the hell happened?!

Have gone back to Linux after 23 years, Ive only had to go to the console once to make all hardware of my framework 12 work since i chose to use a non supported distro. That's definitely a breath of fresh air compared to the old times, where getting wifi to work was a major hassle, anyone remember ndiswrapper? ouch.

People: Windows is too centralized. Let's move to MacOS.

Don't know who those people are or if they exist, but not the brightest ones for sure.

I mean, we have been saying that exact thing for close to 30 years at this point.

Yet, they are still around, they are still deeply embedded in most businesses, and no matter how much they screw up, it just keeps going.

I spent 20 minutes trying to log in to Teams on my phone today and I just couldn’t. After my username and password, it would redirect to Microsoft Authenticator, then ask me to create a passkey for some reason, show a loader, and then bug out and restart the flow in an infinite loop.

I’m being told we are in the incredible age of fully automated AI programming and yet Microsoft can’t even get login to work.

Satya Nadella had built up so much Microsoft goodwill from 2014 - 2022. When they first purchased Github, it looked like Microsoft was opening up and was going good things.

The first sign things were souring was when Microsoft dumped their gaming plans after just buying up all he major studios. First sign they only cared about Azure and AI.

Now it's blatantly obvious they're giving up everything to chase enterprise AI.

> but I'm not sure the tradeoff is worth it.

Well corporations decide on that. I abandoned rubygems.org when they added the 100.000 download limit; past that point I was no longer able to remove old gem. Then came the new corporate laws for rubygems.org and mass-firing of about 8 open source developers who were involved with the ruby ecosystem.

We simply need to accept that corporations controlling an ecosystem can lead to HUGE problems. We need an alternative here. I don't have a good alternative either to suggest - money is influential. People adjust their behaviour and how they think with regards to money all the time. We could need some kind of model that also handles the economy. And, again - I have absolutely no clue how that could or should look like.

True, but there is yet a one major OS that allows you to run whatever you see fit on your computer.

If you are really disgusted by those moves, you have a time to switch. If enough people switch, then we can just forget about that garbage.

Because some people realised that insurance is the ultimate form of security? Why prevent failure when the consequences of failure can simply be offloaded to others?

I think it's just like in software in general: most software is bad, but it doesn't mean that all software is bad and unnecessary.

Most security is done badly, but it doesn't mean that security is unnecessary.

But I agree: TooBigTech has TooMuchPower.

Sacrifice principles for pragmatism and you lose both.

CCP-level control over access to information is not actually very tight, technologically nor ideologically, but it does enable a form of rule-by-law which is far more useful.

The problem is that the social media companies have not been dealing with abusive posts of various sources. Governments can't take action against the bad posters are they are from another Government (and in some cases are employed by that government to cause trouble). Thus Governments have to take actions which they can control, unfortunately these actions will affect more than the bad abusers.

It seems to go against developers of Windows drivers (which includes VPNs) - apparently there was a “mandatory account verification for all partners in the Windows Hardware Program who have not completed account verification since April 2024”, but for some reason it looks like no one notified these guys that they have to verify their accounts.

I wonder if they were compelled by someone in the government.

This is preemption, I believe, in the US for what's coming. Given the states trying to ram in "age verification" (mass surveillance propaganda, same agenda as CSAM) I no doubt believe that the only VPNs the USG wants people to have access to are corporate (easy entry point) and pwn'd VPNs [0] (in the media lately).

Fuck Microsoft (aka Microslop).

[0] https://www.wired.com/story/using-a-vpn-may-subject-you-to-n...

The real discussion prior to that with input from devs and the update from Microsoft that came after that techcrunch article came out:

https://news.ycombinator.com/item?id=47686549

this source is a bit better and answers a couple questions.

first the verification wasn't just "click this link to prove you own this email"

>That account verification process meant that developers were required to upload their government-issued ID before they were allowed to publish potentially highly sensitive code to the broader Windows user base.

Also according to at least one affected user they didn't actually get notified of the process.

> “Microsoft never sent me any notification at all about this. I’ve looked in every inbox in every spam folder in every mail log, and zero, nothing, zilch,” Donenfeld said.

> I was ready to login to the Partner Portal and submit my...

I used to work for companies that were Microsoft Partners. One of Microsoft's rules was that they required Partners to employ one (or more) developers that have some Microsoft certification. As an MSCD, I met those requirements (for silver and gold levels). That cert is no longer offered, so I wonder if some exception/rule got removed and now all the partners without "certified" developers got kicked to the curb?

I wouldn't install that update if I were you

Horseshit. Wireguard, tunnelblick, aws vpn client all self distribute

Dave Cutler and Raymond Chen might like a word.

I don't know about his career in general, but Hanselman once spoke at a conference I was helping organize here in Thessaloniki, and he was great. Really knowledgeable and very down to earth.

Even if they did, it didn't work.

No one considers anything in these tech companies. It’s all some bot automatically banning people who are then faced with a brick wall looking for a contact to get unbanned.

lol.

Yeah, but you're not allowed to call it "abuse" because that's too "baity" according to the cabal.

Please don't. We have to ban accounts that do this repeatedly.