Yesterday ProPublica and ArsTechnica published a takedown of Azure: "Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway" ...
In those types of reviews/audits, documentation is the first indicator of whether a security organization has their act together. It's about building a trust relationship between the accreditor and contractor that will have to endure for years, as nation-state level actors throw their resources at finding vulnerabilities. MS couldn't do this or couldn't be bothered to do this. So shit documentation -> shit security processes and operations -> shit security -> shit cloud product in a government context. So the title wasn't that much of a stretch.
They still lied, because they didn't say "X is shit" but "Z said that X is shit", however Z apparently never said that.
I have become very cautious of such stories for this very reason. Who gets how much blame has a lot to do with "culture" or momentum. Bashing Microsoft for example is always super fine, but at multiple occasions I found the facts to be much more nuanced.
It's true, they lied. But, paradoxically, in this case, while they lied about details, the conclusion is still true: Azure is very far from AWS and GCP as far as security is concerned. I have my own suspicions why it is so, but the reasons are not important, what counts is the final conclusion: if you really care for security, you'd better chose one of the other two.
Azure looks worse right now. AWS and GCP still ship plenty of auth bugs, bad defaults, and policy footguns, so if you care about securty the sane move is to assume every cloud will fail in ways the marketing page forgot to mention and build your controls around that, not around a brand ranking.
Well, yeah, their agenda is reporting on fraud and illegal actions. If you do more fraud or illegal actions, you will have more stories about you. Trump does more fraud and illegal actions, objectively. If you’re a Trump supporter, reality may make you sad and angry when in conflict with the mental model.
I don’t mind pension bailouts, compared to tax cuts for the very wealthy and unnecessary military action in the Middle East (which has cost ~$50B as of this comment). Compare the costs.
Teamsters members in a majority voted for Trump. Google it. Biden helped people who didn’t value it. You blame Biden for “buying support” when it didn’t help Democrats; he did it because it was the right thing to do to protect the retirement promises made to union workers.
Can’t fix uneducated, unsophisticated voters I suppose.
I’m not arguing the merits of the policy. I’m arguing that if the Big Beautiful Bill contained a $70B slush fund for the administration to hand out to its tech buddies, ProPublica would have gone wall to wall.
Every security engineer I know working at Azure is on the verge of self-harm because of the current situation, or is the dumbest IC I've ever met and somebody I think should have never become a security engineer. Sample size ~12.
I am not very close with every one of these engineers, and some no longer work at MSFT, but yes talking to employees in Seattle working on security made me never want to use Azure.
No mention of starting with a design specification & then tied to formal verification the whole way?
It sounds interesting and a step forward (never heard of library Os itll now), but why won't this run into hundreds of the same security bugs that plague Windows if it's not spec'd and verified?
Am I the only one cynically thinking that "Russia, Iran, DPRK, PRC, etc" is the "But think of the chiiildren!!!" excuse for doing this?
And when Google say
"IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors."
What they really mean is " ... leveraged by actors indiscriminately scraping the web and ignoring copyright - that are not us."
I can't help but feel this is just Google trying to pull the ladder up behind then and make it more difficult for other companies to collect training data.
>I can't help but feel this is just Google trying to pull the ladder up behind then and make it more difficult for other companies to collect training data.
I can very easily see this as being Google's reasoning for these actions, but let's not pretend that clandestine residential proxies aren't used for nefarious things. The vast majority of social media networks will ban - or more generally and insiously - shadow ban accounts/IPs that use known proxy IPs. This means that they are gating access to their platforms behind residential IPs (on top of their other various blackboxes and heuristics like fingerprinting). Operators of bot networks thus rely on residential proxy services to engage in their work, which ranges from mundane things like engagement farming to outright dangerous things like political astroturfing, sentiment manipulation, and propaganda dissemination.
LLMs and generative image and video models have made the creation of biased and convincing content trivial and cheap, if not free. The days of "troll farms" is over, and now the greatest expense for a bad actor wishing to influence the world with fake engagement and biased opinions is their access to platforms, which means accounts and internet connections that aren't blacklisted or shadow banned. Account maturity and reputation farming is also feeling a massive boon due to these tools, but as an independent market it also similarly requires internet connections that aren't blacklisted or shadow banned. Residential proxies are the bottleneck for the vast majority of bad actors.
> The vast majority of social media networks will ban - or more generally and insiously - shadow ban accounts/IPs that use known proxy IPs. This means that they are gating access to their platforms behind residential IPs (on top of their other various blackboxes and heuristics like fingerprinting)
Social media will ban proxy IPs, yet gleefully force you to provide your ID if you happen to connect from the wrong patch of land. I find it difficult not to support any and all attempts to bypass such measures.
The fact is that there's now a perfectly legitimate use for residential proxies, and the demand is just going to keep growing as more websites decide to "protect their content", and more governments decide to pass tyrannical laws that force people to mask their IPs. And with demand, comes supply, so don't expect them to go away any time soon.
This really just sounds like a rehash of the argument against encryption. "Bad people use it, so it should go away" - never mind that there are completely legitimate uses for it. Never mind that using a residential proxy might be the only way to get any privacy at all in a future where everyone blocks VPNs and Tor, a future where you may not even be able to post online without an ID depending you where you live, a future which we're swiftly approaching.
It's already here, in fact. Imgur blocks UK users, but it also blocks VPNs and Tor. The only way somebody living in the UK can access Imgur is through a residential proxy.
> The only way somebody living in the UK can access Imgur is through a residential proxy.
And very little of value was lost.
> This really just sounds like a rehash of the argument against encryption. "Bad people use it, so it should go away" - never mind that there are completely legitimate uses for it.
Except that almost everything that uses encryption has some legitimate use. There are pretty much no legitimate uses for residential proxies, and their use in flooding the Internet with crap greatly outweighs that.
If I plumbed a 30cm sewage line straight into your living room would you be happy with it? Okay, well, tell you what, let's make it totally legit - I'll drop a tasty ripe strawberry into the stream of effluent every so often, how about that?
No, what they're saying is what they said, what you're implying reveals a strange bias. Web scraping through residential proxies? Please think through your thoughts more. There's much more effective and efficient ways to do so. Multiple bad actors, like ransomware affiliates, have been caught using residential proxy networks. But by all means, don't let facts and cyber threat intelligence get in the way.
> Am I the only one cynically thinking that "Russia, Iran, DPRK, PRC, etc" is the "But think of the chiiildren!!!" excuse for doing this?
Maybe. But until I dropped all traffic from pretty much every mobile network provider in Russia and Israel, I'd get up every morning to a couple of thousand new users of whom a couple of hundred had consistently within a few hundred milliseconds created an account, clicked on the activation link, and then posted a bunch of messages in every forum category spreading hate speech.
If they said "could" then I would agree but they said it did happen. those actors DID do it, not could. So it's not a think of the children excuse. Unless they are outright lying but I doubt the security team came up with a business type excuse
I would love to see this same analysis with a gut probiotic! I am never convinced if I'm wasting my money, which strains are best, should I do refrigerated or shelf-stable, etc.
Anecdata/placebo/whatever: I use BioGaia's Gastrus tablets and they increase my quality of life noticeably, and I can tell when I've been off them for a while. I got refrigerated deliveries of probiotic yoghurt drinks for a while previously and in addition to the faff, didn't notice as good results.
Additional Anecdata: I head about BioGaia's Gastrus tablets here on HN a couple of years ago and they have dramatically improved my wife's quality of life as well. She suffered from significant GI problems. We bought a pack of the BioGaia tablets based on an anecdote here. Within about 3 weeks her year-long GI problems were gone. She discontinued the tablets and the GI issues stayed away. About 18 months later, after a period of heavy stress and travel, her GI issues returned and then disappeared again after another round of BioGaia tablets.
As far as I am aware, fiber has infinitely superior research behind it with far more drastic effects. Just take fiber if you're worried about gut health imo.
I agree, but if one has ever taken an antibiotic then they should replace the bacteria that they lost? Strong antibiotics completely destroy the gut biome
I haven't logged into Plex in a while but did decide that the next time I need it will just setup Jellyfin instead. Nice to see they support all my devices iOS AndroidTV FireTV
> Six years later, Hammersmith Bridge remains closed to vehicles. The solution proposed by local authorities costs £250m and has no funding.
If this is not a failure of Mayor of London Sadiq Khan, then who? Where I grew up, new bridges were paid for by tolls until the building cost was paid then taxes covered occasional maintenance.
https://arstechnica.com/information-technology/2026/03/feder...
reply