Comment by john_strinlai
10 hours ago
>The comments that followed were a bit off the rails. There's no conspiracy here from Microsoft. But the Internet discussion wound up catching the attention of Microsoft, and a day later, the account was unblocked, and all was well. I think this is just a case of bureaucratic processes getting a bit out of hand, which Microsoft was able to easily remedy. I don't think there's been any malice or conspiracy or anything weird.
it was a bit crazy how quickly people got conspiracy-minded about it.
microsoft fucked up, and as per typical big-tech, only fixed it when noise got made on social media. but not everything is a grand conspiracy orchestrated by microsoft or the government or whatever. incompetence is always more likely than malice.
any news from the veracrypt maintainers? i would imagine whatever microsoft employee got tasked with resolving this issue would have also seen that one.
---
edit: well, i certainly underestimated the response to this comment. my mistake for using a common saying rather than being extremely explicit when it comes to something as emotionally charged as microsoft. i dont think i have seen a comment of mine go up and down points so many times before.
what i intended to get across was: "this was not a deliberate, coordinated, purposeful attack on the wireguard project, at the behest of some microsoft executive, to accomplish some goal of making encrypted communication impossible or whatever. instead, this was the result of a stupid system, with a stupid resolution process (social media), that is still awful, but different in important ways from a deliberate attack. this is the typical scenario (stupid system, stupid resolution). the non-typical scenario would be a deliberate choice made and executed by microsoft employees to suddenly destroy a popular project".
i shortened the above paragraph to the common saying "incompetence is always more likely than malice". i shouldnt have. my bad.
> incompetence is always more likely than malice.
"Incompetence" of this degree is malice. It is actively malicious to create a system that automatically locks people out of their accounts with absolutely no possibility for human review or recourse short of getting traction in the media. "No sir, I didn't grind those orphans up. It was this orphan grinding machine I made that did it, teehee!"
i am positive that you understand the spirit of what that saying means.
incompetence is always more likely than [intentional, directed] malice.
microsoft employees did not deliberately attack the wireguard project with a goal of taking it down for whatever grand scheme people's hatred cooks up. if you have evidence that microsoft did this deliberately to ruin the wireguard project, please forward it along to jason (the wireguard maintainer) and several news outlets.
Where possible I recommend not caring because figuring out whether malice was present is difficult and you can likely address a problem without needing to be sure.
For example by creating working processes which never end up "accidentally" causing awful outcomes. This is sometimes more expensive, but we should ensure that the resulting lack of goodwill if you don't is unaffordable.
Worst case there is malice and you've now made it more difficult to hide the malice so you've at least made things easier for those who remain committed to looking for malice, including criminal prosecutors.
8 replies →
And I'm positive that you understand the spirit of the post you're replying to.
The saying implies that incompetence and malice are polar opposites. They're not.
1 reply →
Microsoft's incompetence is certainly reckless at a minimum, and often manifests in ways that come across as misanthropic toward their users. They don't really fit the pattern of mere bumbling fools.
3 replies →
And the person you are responding is asserting that the response to incompetence of this level should be the SAME as if it directed and intentional malice. Which is a completely valid way to view a fuckup like this.
6 replies →
Malicious people are quite good at feigning incompetence.
I mean, sure, but at a certain point negligent incompetence is directly harmful and the motives or lack thereof are just context.
6 replies →
Except that the system that removes culpability, visibility and consequences of this kind of abuse is set up deliberately to avoid liability and consequences of such actions.
This isn't a tee-hee accident, this is deliberate organizational design which removed any kind of bad consequences or even thought about what the software does to user from the engineers at Microsoft. They're happy about that. They now don't need to deal with that. And if you'll ask them, they will refuse a change that will make them responsible for abuse of their users.
So, to hell with them :)
1 reply →
With the way things are going right now with all the corruption in governments and corporations were way past the point of giving the benefit of the doubt. These organizations are clearly making changes to their OS's to slowly remove user control.
Everything should be treat as suspicious moving forward and I am glad of the skepticism.
The question is, did they notify the user that the account was blocked, or was it done silently? My money is on the latter, obviously I don’t know, just my guess. Was there a reason? Blocked is semantically harsher, than it has been disabled.
It was done silently. I am one of the affected developers and my software is the open source file system driver WinFsp:
https://github.com/winfsp/winfsp
1 reply →
Society is a bit fatigued of big tech companies making their various accounts essential and then locking people out of them without any due process.
yes, i am in agreement. i tried to be extremely clear in my edit that i think that the whole social media being the only way to get an account back is crazy stupid.
All this doesn't matter. What matters is the destructive potential and a breach of trust. CAs have been distrusted for less.
>CAs have been distrusted for less.
root programs are super specific about root cause analysis, what actions lead up to distrust, differentiating deliberate maliciousness from systemic incompetence, etc.
its like the exact opposite of "all this doesnt matter".
of course they still look at the outcome (danger to users, etc.), typically as a first step. but they take great care to determine exactly what lead up to a specific outcome.
It really depends on the scale of the breach, for example DigiNotar was immediately killed for their gross incompetence. In this case even the scale is unclear, with heavy suspicion towards malice and little hope on fixing any process inside that monstrous bureaucracy or even making it meaningfully care if it's not. I see no reason to trust Microsoft anymore, regardless of it being a fuckup or malice.
Microsoft lost the benefit of the doubt decades ago.
Who needs conspiracy?
Microsoft has entitled itself to decide what I can and cannot run on the computer and OS that I paid for, this earns them no additional revenue, so they don't care to do a good job.
This system will never work properly.
> it was a bit crazy how quickly people got conspiracy-minded about it.
That's just the side effect of the Soross tracking chips hidden in vaccines activated by 5g towers
Conspiracy 1: rules from on-high about encryption projects to be suppressed. Debunked.
Conspiracy 2: Copilot all the things! Probably not too far off.
i think they have explicitly made it clear that they want to copilot all of the things (unfortunately), so i dont quite file it under the conspiracy label.
If it's not a conspiracy (and to be clear, I don't think it is one) its still a failure on multiple levels of the organisation
We can probably blame copilot for the email about new verification reqirements not going out to everyone. Maybe even for the reports of people who jumped through all the hoops and still got blocked as if they hadn't. But rolling out new verification reqirements, then not monitoring how many developers fulfill your new reqirements and following up is entirely on Microsoft employees. That's management failure and disregard for developers on their platform