As far as I can tell, the databases on Azure are all either slow, expensive, or both.
And of course it means we hand over all of our highly sensitive data to a company that has said that US law will overrule EU law. How can anyone trust a company that says they will not obey the law?
Type the same id number into a bug related links twice. It'll have no match, and then a match.
It really feels like ADO was just quickly patched together to they can offer it as part of a complete package.
And regarding Microsoft, it's easy: paying for the whole package is much easier in terms of contract overhead and with MS the discounts are quite advantageous as soon as you increase the width of the package.
Short term and if you only look at the bill, it makes sense.
Long term, forcing your teams to work with shitty services is a terrible idea.
Add public key infrastructure support, make ldap the default store and you got AD. Even better, you can throw all the OAuth crap down the drain.
now, starting services with a password becomes an issue of booting the machine.
Depending on the use-case, Kerberos (/this imagined x509 Kerberos) or Oauth2 still seems suitable for single-authenticator/multiple-services paradigm.
Kerberos is not a great protocol, though.
When it works. And when it doesn't work (which is most of the time if you're outside of corporate LAN) you simply can't debug what's happening.
> MIT Kerberos on Linux is not really compatible with Windows Kerberos
It actually is! Long, long time ago I managed to join Windows into a pure Kerberos domain. Everything worked, including things like GSSAPI authentication in Putty or MySQL. It involved some `ksetup.exe` incantations, I think this guide might be still relevant: https://docs.oracle.com/cd/E19316-01/820-3746/gisqf/index.ht...
Of course, there was no group synchronization (because no AD).
That was about 20 years ago. Back then, I was working on helping companies migrate to Linux, and I toyed with an idea of having a background service to periodically sync groups from the Linux SMB server with the local users.
Understatement of the week
and you really need to read the kerberos book before picking up sssd.
i may be naive a bit, i'll accept that, but I really like how AD works (which is essentially kerberos + ldap)
Ultimately I gave up and used samba instead, but it does seem like there's a big gap in linux offerings for "home/small business network file sharing" with shared auth
I also want to share the home printer/scanner, which I believe samba can do, but obviously sshfs won't. Side note - I would love to see a standard protocol and server for a 3d printer. We have a Bambu and the software is... alright... but doesn't play nice sharing an account between computers.
Ultimately I set up samba on the server, with mapped users, and a line in fstab on the desktop. Plain old NFS might have worked for the desktop but the users don't have the same UIDs between the desktop and the server and... reconciling that seemed painful.
I did try to make kerberos work with NFS for a few days but the experience was akin to staring into the sun.
I used to run a Microsoft productivity ops team. Email/SharePoint/etc. Our headcount was about 20-24. O365 dropped that to ~8. Now? I’m told it’s about 60, much of it relating to security.
Why does windows 11 show stock values in the task bar by default? Why does it show ads, games and yellow press headlines when you click on it? On the enterprise edition! Xbox services are installed and running by default. Why?
I saw a great Blackhat talk this year about Entra misconfiguration that got Microsoft's own sensitive internal services owned by a researcher, one of them owned by their security team. After the report they reconfigure their services, didn't pay a bounty and considered the problems solved. What about their customers making the same config errors as the Microsoft team... no changes planned.
There's much much more...
Essentially you need to pay double license for admin users so they can have two logins; and it's a pain to quickly elevate privilege to do day to day admin tasks.
So if your friendly domain admin clicks the wrong link, your entire network is owned.
I feel like the current ignorance of the average computer user was a deliberate outcome they've been working towards for more than 20 years. As someone who has been using computers since the late 80's, I find their current offerings harder to use than ever.
For a small business without a dedicated IT team, simply hire a IT contractor to harden the tenant (MFA etc…), have them review every six months and be done with it and focus your resources on running your business.
How do you know that they wouldnt be more productive if they were using Windows and Office bundle all the time?
Im also a logistics consultant… try to parse a multi-million line orderlines extract in Google Sheets compared to excel.
I’m also on Mac but to be honest it’s a challenge - there are still enough industry specific tools that are windows only so I have to run a parallels VM to get by.
More importantly, using Microsoft at scale can leave your organization fundamentally insecure. The obscure, insecure defaults are, at best, dangerous missteps and, at worst, borderline negligent. I’m convinced that only a small fraction of enterprises using Microsoft have the expertise and budget required to secure it properly.
My personal view is that if your organization depends heavily on Microsoft, it’s not serious about security, whether they’re aware of it or not.