It’s probably the best book on the topic I’ve ever come across. It’s just an incredibly good mix of practical and approachable and does a great job of teaching you how to think on your own two feet about security which I think is one of the most important aspects.
For big companies like Microsoft it is normal to have both some employees who may be security experts and also thousands of others who not only are ignorant about security but they also do not seek the advice of those who may be more knowledgeable.
So without other information, the fact that some document about security comes from Microsoft cannot be used to guess anything about whether it is valuable or not.
Haha. This. Except it wasn't stolen they flat out gave it away and sold out America to China. That's why they put so much effort into trying to spin Microsoft as some forward fighter in infosec these days even though anyone with a half of a brain knows that Microsoft is the greatest liability in security/democracy and engaged in espionage against the US. They should stick to what they do best, steal other people's ideas/concepts/some current trend in tech, try and rebrand it as a Microsoft thing and weaponize litigation to capitalize on it.
There is no doubt Microsoft is in cahoots with all US 3 letter agencies. They have connections and systems in place to make it easy for data collection.
However, I don’t think I ever heard of Microsoft engaged in espionage against the US. Elaborate?
That's like judging the Blue Angles pilots to be the worst in the world, based upon the fact that they have the highest death rate per flight hour. The judgement should be a bit more nuanced than that.
It's fair to say Microsoft doesn't have a great track record over the last several decades with security of their flagship OS. A lot of the nightmares customers have suffered are a direct result of this, either inherent bugs or failing to nudge developers on their platform in the right direction with well thought out, friction-free best practices and tooling.
For sure they have a lot of insight to share but it would be nice to see them address before touting their laurels. (Yes they've gotten a lot better, but in my opinion still nowhere near as bulletproof as it should be).
> It's fair to say Microsoft doesn't have a great track record over the last several decades with security of their flagship OS.
Nope, not fair or accurate at all. Their track record has been great, and it's likely you are judging them for transparency mixed with a reputation from >20 years ago. They have a good record of patching security holes; if we all assumed that more patches = worse security, it would only incentivize companies to be quiet.
As for development, again over the past decade, they've been completely different from the past, and are fully embracing and pushing best practices. As other commenters like to point out, this is not your grandpa's microsoft.
> but in my opinion still nowhere near as bulletproof as it should be).
Assuming that security should be bulletproof is a misunderstanding of how security works.
I would agree, the Windows OS has really matured since XP, from a security perspective at least.
I would definitely expect better than this from a tech giant like MS. When was the last time Google, Meta, or Apple got breached like this?
Edited to add, I think them open sourcing some security training is good, it benefits everyone whether or not MS themselves are a great example of a secure company.
The slingshot penetrating your tank armor is not a helpful failure. Except for telling you that your processes are so wildly off base that you need to start over.
People who claim this kind of failure is useful are clueless. Failures are interesting in exploratory processes and useful when occurring within a predicted failure regime (i.e testing to failure). Unexpected failures in predicted success regimes just indicate process weaknesses. Repeated and continuous failures in similar fashions do not indicate strength, they indicate structural process deficiencies despite what cybersecurity bozos would like you to believe.
Yes, but people forget faster than they blink.
And all the ransomware putting down utilities is attributed to user error, not to the OS happily running every URL from the internet.
Look at the number of vulnerabilities introduced by Windows version. It's good that they're fixing them frequently, but the fact that they need to do so in the first place (and there's more and more of them with each new version) is itself a problem.
Can you even link to a single technically competent offensive specialist that states a Microsoft system would be difficult to break into? Just to make it concrete, let’s go with a really low bar like one skilled person over one year.
For that matter, can you link to anybody technically competent at Microsoft who would dare to make a claim like that and then actually back it up with experimental evidence? No point listening to the blather of the Microsoft PR team when the silence of the technical team tells you all you need to know.
their flagship OS has an administrative culture of "ClickOps" and effective security is built around practices that are antithetical to that sort of culture.
Microsoft does take security pretty seriously with windows. There have been times they make mistakes, but historically, they are doing better now than they were in the early 2000s before Bill Gates sent a memo noting that they needed to take security seriously. You could argue they take security as serious as any major play like apple and google, seeing they touch a lot of private user data.
Criticising someone’s accent, “non-professional” room background comes across at best as snarky gatekeeping.
The real question is whether, for the desired audience, the presenter’s accent, the background scene, the delivery of content or anything else is a blocker.
I’m assuming that parent is not a beginner in the field, and is absolutely not the target of this fundamentals course.
Let’s welcome more and different people into the field. God knows, we need some optimists and fresh thinkers sometimes, not just the crabby people from one specific demographic squatting in their senior roles shouting at clouds.
> I think she needs some training on how to speak neutral without much of an accent.
> Also, I don't understand why her background behind her is so... non-professional.
You focus on very superficial details. There's a reason true geniuses don't really fit into society, they don't care about and don't have time for petty details.
When they change the world the vultures come and package it into a pretty product for the masses to throw their money at and it inevitably turns into crap. Most of the money goes into PR, HR and Chief title officers for no other reason than to satisfy the gullible masses.
I'll give an example: crypto-currencies can change the world in many ways, but the killer feature that the masses adopted was fucking NFTs... Humans are depressing.
Choose for yourself where on this journey you want to adopt a product or idea. Do you act on ideas or shiny packaging?
The outward appearance and concept of something can indicate bias or quality where there may not be any. See hype around Yeezye shoes, or Kayne's white shirt, or the utilization of netlify essentially repackaging Amazon. An idea is meaningless without the ability to act.
People ripped this comment to shreds, meanwhile the brain-swell of folks here would absolutely criticism if something was posted that showed lack of due diligence and due care. Watching the videos of this content, the videos are just scripted versions of the text in the markdown files, with no slides or auxiliary content to show value. Impressive really.
Further, I don't think anyone took my comment holistically as it sits. I fondly remember seeing a lot of developer advocates talking about Azure and how wonderful the Cloud is, but they showed a demo, their own personal PC was poorly configured and managed, and they were using incorrect taxonomy for quite a few things -- leading people down the wrong path of growth and learning. So yeah, the details that are on the shiny package matter, for sure.
> I think she needs some training on how to speak neutral without much of an accent
This is an absurd expectation. I've watched plenty of videos by people with an accent. That's just how the world is and doesn't reflect on her negatively in any way.
> I'm positive the emojis all over the GitHub page would drive older folks crazy
I've seen a bunch of repos with emojis like this and I'm not a fan. I've also seen repos that are a lot worse, where the emojis can be quite distracting. That said, it's way down near the bottom on my list of things that bother me. If the documentation is otherwise useful and has all the substance I need or expect, I ignore the fluff around it.
[0]: https://github.com/microsoft/IoT-For-Beginners