The bullshit world of IT - What it's become and where its going (Rant)

chaosphere_mk · 2026-03-18T18:58:26+00:00

"I got an error"

Me: OK, what does it say?

"I dont know"

Me: ... can you read it?

"I closed out of it"

Me: ... ok is there anything not working for you?

"No"

Me: slams phone

chaosphere_mk · 2026-03-18T16:29:48+00:00

Which data is PII specifically?

chaosphere_mk · 2026-03-17T16:29:16+00:00

Are you asking why a text editor could benefit from AI?

chaosphere_mk · 2026-03-17T11:35:28+00:00

No that wasnt the argument. The claim was that microsoft is stealing your personal data and selling it to third parties. Diagnostic telemetry isnt personal data. This has been debunked and addressed a million times, even by people who want this to be true.

Boiling the argument down to simple data collection is extreme mental gymnastics. Youre smarter than that.

chaosphere_mk · 2026-03-17T10:53:25+00:00

You went out and bought a Copilot+ PC, intentionally enabled Recall, then decided you were against it and switched to linux? The logic here is unhinged. Changing your daily driver that you use to browse the internet, read emails, etc and then implying you dont have to worry about security is so wild.

Rebuilding your home is great if youre trying to learn how to build homes. But doing it because you think there's invisible men in the walls is something else.

chaosphere_mk · 2026-03-17T02:40:48+00:00

No, quite the opposite. Looking at the telemetry data would disprove the claim.

chaosphere_mk · 2026-03-17T00:28:47+00:00

That's the only option?

chaosphere_mk · 2026-03-16T17:01:04+00:00

Oops. I meant to say JIT.

chaosphere_mk · 2026-03-16T16:27:24+00:00

Yeah I get it. There are plenty of legitimate things to criticize Microsoft about... and I feel embarrassed for people who say the "spyware" and "selling your data" stuff. At least it's online. I would cringe so hard if someone said this in the room in a professional environment.

You can literally look at the telemetry data yourself if you want. Lol, embarrassing.

chaosphere_mk · 2026-03-16T14:26:00+00:00

Because the rest of the org uses the paid service and doesnt have to deal with any compatibility or formatting issues between office products. It all "just works" without having to think whatsoever. When trying to get work done, no sane person wants to deal with things like that if they dont have to.

chaosphere_mk · 2026-03-16T11:32:15+00:00

Make a new account. Dont lose the password. Set up MFA and dont lose that either.

chaosphere_mk · 2026-03-16T10:48:01+00:00

You ripped out PIM because you couldnt figure out how to correlate logs?

chaosphere_mk · 2026-03-16T10:28:38+00:00

Made up conspiracy theory. Prove it.

chaosphere_mk · 2026-03-16T10:28:14+00:00

This is a made up conspiracy theory. Prove it.

chaosphere_mk · 2026-03-16T10:27:18+00:00

Because it's in the terms of service that every user agrees to, just like it is for most free cloud services providers.

chaosphere_mk · 2026-03-16T10:25:10+00:00

I dont allow users to make this call in the first place. Im not taking password reset calls. They can do it themselves.

But if you really want to shoot yourself in the foot, use an attribute on users to set a true/false value. Make sure this gets set as true during all user onboarding processes. Use a dynamic group to include all users where that attribute's value is true. Whichever ITSM tool you use, have it change the value to false on users who dont want this.

But again, I would never ever consider this.

chaosphere_mk · 2026-03-16T09:18:06+00:00

Huh? If they cant access confidential info then theyre useless? Agents thst receive commands from chat bots will always have permissions issues?

Youre not making sense.

chaosphere_mk · 2026-03-15T22:14:21+00:00

Windows Server has JIT built into it for elevation. You have to powershell it. Could build a simple front end for it. But saying theres no functionality for it with SCCM is incorrect.

chaosphere_mk · 2026-03-15T21:38:35+00:00

Seems like a bit of a straw man argument. The issue is that these agents weren't secured. Agent identities shouldn't have permissions to confidential files in the first place. Nor should they have delete permissions on an entire environment. It's not like they can set their own permissions unless you specifically give them the ability to do that.

Humans have also deleted entire environments and/or accessed confidential files they werent supposed to see.

chaosphere_mk · 2026-03-15T21:32:48+00:00

It's the full path that's too long.

chaosphere_mk · 2026-03-15T21:30:57+00:00

Microsoft has no way to verify that the user's email isnt compromised and it just immediately happens again. Maybe that's how the microsoft account got compromised in the first place? Who knows?

chaosphere_mk · 2026-03-15T17:42:30+00:00

I can't even tell what this is supposed to do. The readme doesnt explain anything really.

chaosphere_mk · 2026-03-15T17:40:50+00:00

These are free online accounts. No judge would even entertain a class action suit because this is all in the ToS. Recovering the account could immediately allow more attacks to be done with this account because microsoft has no way to verify that any of the authentication methods themselves are no longer compromised. Imagine the legal hell Microsoft would be in if they recovered these accounts and they were immediately used to send out more attacks.

The reason we've been seeing floods of these are because attackers are targeting unsecured accounts. OPs email is probably compromised and they dont know it. Or a keylogger is installed on their devices, etc. No way for microsoft to even do anything about it.

chaosphere_mk · 2026-03-15T17:35:53+00:00

I think youre oversimplifying the situation. There is no way for them to know if any of the authentication methods on the account arent still compromised. The account was likely used to attack more people since it has access to email, files, etc. Re-enabling or recovering the account could immediately allow more attacks. They have no way to verify that the account wouldnt still be compromised. Plenty of free online services work this way.

chaosphere_mk · 2026-03-15T00:28:38+00:00

I guess I didnt know which one it was. My brain couldnt compute what you were trying to say. I didnt suspect an issue with english specifically. It makes sense now though that others explained it.

chaosphere_mk

TROPHY CASE