[HN Gopher] Microsoft Dependency Has Risks
___________________________________________________________________
Microsoft Dependency Has Risks
Author : ArcHound
Score : 51 points
Date : 2025-06-25 20:08 UTC (2 hours ago)
(HTM) web link (blog.miloslavhomer.cz)
(TXT) w3m dump (blog.miloslavhomer.cz)
| throwaway48476 wrote:
| In the era of globalization businesses expected to only follow a
| set of harmonized global laws set through treaty. TPP etc. Now
| globalization is reversing and business is expected to follow the
| law of the nation they're from wherever they're operating.
|
| Such risks will have to be factored in now.
| velcrovan wrote:
| Businesses have never been exempt from the laws of the nation
| they're from.
| sammyoos wrote:
| I'd argue that the laws that must be obeyed form an odd
| superset of the laws of the nation from where the organization
| is operating and the laws where the users are located. Where
| those laws intersect nicely, the mode of operation is clearly
| defined, where they do not intersect, the mode of operation
| becomes very tricky. (As we've seen with privacy, cookie laws,
| etc.)
| firesteelrain wrote:
| For most businesses, the cost and difficulty of shifting away
| from Microsoft outweigh the benefits
| marcodiego wrote:
| It is a good thing Trump is helping to change that.
| firesteelrain wrote:
| I wasn't aware of any major Trump-era policies that
| significantly reduced Microsoft's dominance. Curious what
| you're referencing?
| slantaclaus wrote:
| I also haven't read the article but apparently reading the
| comments the article has to do with Trump-era policies
| affecting Microsoft
| firesteelrain wrote:
| Yeah, I skimmed the article too, but didn't see much on
| Trump's policies directly impacting Microsoft.
|
| From what I gather, the bigger challenges for businesses
| are more about the tech ecosystem Microsoft has built.
| It's hard to just swap out core services like AD without
| huge disruptions.
| throwaway_2121 wrote:
| _> Yeah, I skimmed the article too, but didn't see much
| on Trump's policies directly impacting Microsoft._
|
| The first paragraph links to an article about how the
| International Criminal Court 's chief prosecutor has lost
| access to his email.
|
| This has caused some governments to worry. What if MS was
| ordered to block access to their software because the US
| wanted to apply pressure?
| Modified3019 wrote:
| Trump has been outrageously hostile to our supposed
| European allies, and is extremely petty, vindictive, and
| doesn't give a damn about security or privacy. Furthermore,
| the checks that would normally provide counter this like
| congress or the Supreme Court are currently stacked such
| that he can do horrendous things without consequence. Our
| media and tech companies are also more than happy to avoid
| challenging him.
|
| Other countries reliant on US based cloud giants are
| understandably alarmed at his behavior, and it is now a
| strong possibility that Trump will attempt to use their
| reliance on our tech companies to wring from them whatever
| he wants.
|
| So the idea of escaping US tech monopolies has become very
| popular among those paying attention.
| firesteelrain wrote:
| Thanks for the context!
|
| Still seems like, for most businesses, the biggest hurdle
| is how deeply Microsoft's services are embedded rather
| than politics
| thewebguyd wrote:
| And the hardest part of it often ends up being "We can
| replace most of Microsoft's apps and services except one
| (and it's usually Excel) so we might as well just keep
| everything else."
|
| Microsoft is king at "Good enough." It's rarely the best
| option of anything, but what they do put out is bundled
| aggressively and is generally "good enough."
|
| So, you have a business where a large portion of the user
| base needs Excel. So you have licensing for that. Sure
| you can still use other services - you can use Okta
| instead of EntraID, some other MDM besides InTune, some
| other EDR besides Defender but once you have 1 product,
| why would you, when it's significantly cheaper (both in
| terms of actual cost per user per month and in terms of
| employing talent that can administer a MS ecosystem) to
| just go all in with Microsoft.
|
| Because of the way Microsoft designed their suite of
| software and services, the only realistic choice is
| either all in on Microsoft, or no Microsoft at all, and
| to fix that we need antitrust action.
| smaudet wrote:
| Maybe.
|
| Some things go deep, true. However most businesses don't use
| most of Microsoft products - even the ones that do, the usage
| of the more complicated products is far more minuscule than
| imagined by e.g. CFOs, etc.
|
| The real thing keeping many "in the fold" as it were would be
| authentication services.
|
| Which are overcomplicated and probably easier to manage
| without...
| firesteelrain wrote:
| Right, it's stuff like Active Directory and how everything's
| tied together. Once you're using that for auth, it's really
| tough to back out without a lot of effort.
|
| We've looked into FreeIPA and similar options, but honestly,
| nothing really holds a candle to Active Directory yet.
| AnonymousPlanet wrote:
| AD and Domain Servers are like a cancer that _will_ grow
| metastases around your org, costing user and client cals
| all over the place, even for every desk phone if you 're
| not careful. The only winning move is never to play their
| game in the first place.
| firesteelrain wrote:
| I'm in a situation where due to staff skillsets and ease
| of management then GPOs are required. Local GPOs would be
| insane to manage across thousands of PCs
| thewebguyd wrote:
| InTune/MDMs are finally eating away at the need for GPOs
| for most use cases. Someone already familiar with AD &
| Group Policy should be able to easily transition to
| InTune Configuration Policies. MS even has a tool now to
| import your GPOs.
|
| There's still a few that don't have direct equivalents,
| but the list is growing smaller and smaller.
| mnadkvlb wrote:
| genuinely interested, what are the alternatives ? i know
| ping/forgerock and some old ibm stuff.
|
| what is state of the art today that compares to
| ActiveDirectory (not talking azureAd - or whatever they
| call it these days) ?
| cyberax wrote:
| AD is one of the few good MS projects. But you can use it
| with Macs and Linux just fine!
|
| Just keep a couple of Windows servers running AD, and
| migrate everything else.
| okanat wrote:
| It really depends on the size of the business. With smaller
| businesses it is easy to use alternatives. However any
| business beyond 1000 employees will give in to shareholder
| pressure and adopt distrust as its core value.
|
| Microsoft Active Directory has excellent tooling for middle-
| management-heavy businesses. For better or for worse it
| provides the most integrated solution to reduce a desktop PC
| to a perfect thing for repetitive, boring, soul crushing
| office work. No other software solution comes close.
|
| While I like Windows as a desktop platform, the reasons that
| it was designed as it is are very clear. To make cheapest
| laptops as dystopian as possible, you need systems that can
| run the same boring software for decades. Not for the good
| for the environment but for profits.
|
| Windows provides all APIs to deeply integrate with Active
| Directory and MS Office. All engineering, accounting and
| finance software are deeply integrated with them. They
| literally run entire countries. I have seen engineering
| software that used Visio diagrams for designing factory
| pipelines. It is near impossible to pull the bigger
| businesses and governments out of this trap without
| completely upending entire sectors worth trillions. I think
| only very determined regimes like China can pull it off.
| andyferris wrote:
| Out of curiosity, how hard would it be to copy Active
| Directory in an open source project (like how Excel is
| copied by LibreOffice)?
|
| Like if orgs need this capability why is there no good open
| source solution?
| JamesBarney wrote:
| And Microsoft is not unique in following court orders. You have
| to switch to businesses without an American presence to get
| around sanctions.
| kenjackson wrote:
| Fundamentally it's hard to pushback against an authoritarian
| government. There is very little to stop Trump from sending Doge
| into MS headquarters with Marines and demanding admin access so
| they can make the change. Thinking the dependency on Microsoft
| (or any company) is the risk then you haven't been paying
| attention.
| mulmen wrote:
| That's the point of federation. If there's no centralized
| target then the Marines have a much harder job.
| munchler wrote:
| The incident in question targeted someone outside of the US,
| where DOGE has no direct influence (yet).
| axus wrote:
| "I was horrified to learn that there's an Azure container behind
| every cell of a spreadsheet executing the python code instead
| of... you know, my PC doing the work."
| hooverd wrote:
| > There was a recent incident where Microsoft somehow allegedly
| blocked a mailbox of a sanctioned individual. Any organization
| highly depending on MS products that might come into the
| crosshair should ask - can this happen to me? What would be the
| cost? How much I invest into prevention of this scenario? In this
| article I try to get the facts straight and use a return on
| security investment calculation to try and judge this situation
| in a rational way. Let's grab our tinfoil hats and find out if
| it'll be fine.
|
| for people who didn't RTA
| bob1029 wrote:
| The trick with Microsoft is to very carefully separate the good
| parts from the bad ones.
|
| Labeling all of Microsoft as banned is really constraining your
| technology options. This is a gigantic organization with a very
| diverse set of people in it.
|
| There aren't many things like .NET, MSSQL and Visual Studio out
| there. The debugger experience in VS is the holy grail if you
| have super nasty real world technology situations. There's a
| reason every AAA game engine depends on it in some way.
|
| Azure and Windows are where things start to get bad with
| Microsoft.
| gerdesj wrote:
| "There aren't many things like .NET, MSSQL and Visual Studio
| out there. The debugger experience in VS is the holy grail if
| you have super nasty real world technology situations. There's
| a reason every AAA game engine depends on it in some way."
|
| I'm not interested in AAA games engines writing and nor is most
| of the world. If that is it, then you have damned MS with
| (very) faint praise.
| privatelypublic wrote:
| I think you misunderstand- game engines are complex beasts
| and visual studio and/or .Net (in any of its incarnations)
| have the best debugging workflow I've seen.
|
| Typescript is also Microsoft. So is ONNX.
| gerdesj wrote:
| "I think you misunderstand- game engines are complex beasts
| and visual studio and/or .Net (in any of its incarnations)
| have the best debugging workflow I've seen."
|
| I think you misunderstand: the market, ie the number of
| people who actually care about developing game engines, is
| tiny.
|
| How many games developers do you know as a subset of the
| people you know of?
|
| OP only managed to find a niche product area for MS to
| shine in and maintain traction - the moat thing. Nothing
| else apparently.
|
| I for one would not miss MS one jot. I wasted so much time
| with things like autoexec.bat and config.sys back in the
| day. I got good at it - Novell gave me a T shirt on Cool
| Solutions for a boot floppy image that managed to try
| several popular NIC drivers (3c595, 3c905, 3c509, ne1000
| and a few others) and get you to a network connection for
| imaging or whatever. Later on I get to ignore SFC /SCANNOW
| answers to searches. Do you remember WINS? What about the
| horror of time sync? The PDC emulator FSMO role is
| basically a NT domain controller. AD was a bodge from day
| one, tacked onto ...
|
| Sorry, got carried away there.
|
| Again, Typescript is cared about by whom and what on earth
| is ONNX?
| jiggawatts wrote:
| To paint a picture: I've worked with Microsoft technologies
| almost exclusively for decades but recently I was forced to
| pick up some Node.js, Docker, and Linux tooling for a
| specific app.
|
| I can't express in words what a giant step backwards it is
| from ASP.NET and Visual Studio. It's like bashing things with
| open source rocks after working in a rocket manufacturing
| facility festooned with Kuka robots.
|
| It's just... end-to-end _bad_. Everything from critical
| dependencies developed by one Russian kid that's now getting
| shot at in Ukraine so "maintenance is paused" to everything
| being wired up with shell scripts that have fifty variants,
| no standards, and none of them work. I've spent _more time
| just getting the builds and deployments to work_ (to an
| acceptable standard) for Node.js than I've spent developing
| entire .NET applications! [1]
|
| I have had similar experiences every few years for decades. I
| touched PHP once and recoiled in horror. I tried to get a
| stable build going for some Python ML packages and learnt
| that they have a half-life measured in days or hours after
| which they become impossible to reproduce. Etc...
|
| Keep on assuming "Microsoft is all bad" if you like. You're
| tying both hands behind your back and poking the keyboard
| with your nose.
|
| PS: The dotnet SDK is open source and works fine on Linux,
| and the IntelliJ Rider IDE is generally very good and cross-
| platform. You're not forced to use Windows.
|
| [1] The effort required to get a NestJS app to have barely
| acceptable performance is significantly greater than the
| effort to rewrite it in .NET 9 which will immediately be
| faster _and_ have a far bigger bag of performance tuning
| tools and technologies available if needed.
| cyberax wrote:
| I tried developing an MS .NET app and it's indescribably
| bad. The deployment story is non-existent, monitoring,
| tracing, alarming is barely there. You have to work with MS
| libraries that are on life-support with glaring bugs still
| present.
| th0ma5 wrote:
| I have a lot of respect for organizations that get a lot
| done with Microsoft technologies. I think your perspective
| could be thought of as the benefits of vertical integration
| and vendor lock in. These do help people get things done!
|
| In the academic and open source world those things are
| fought against because you don't want to be at the mercy of
| the software developer in the context of certain rights.
|
| I think for every negative you mention on either side a
| positive could be found on either side. And like many
| things on the net, you're not wrong but not necessarily
| talking about the same kinds of things.
|
| My remaining complaints about Microsoft are the
| inflexibility of their solutions that command abstractions
| that just don't work for many organizations, and the
| general viral nature of software sales in general of which
| they are one of many with similar issues, however Oracle is
| the worst of course.
| nordsieck wrote:
| > There aren't many things like .NET, MSSQL and Visual Studio
| out there. The debugger experience in VS is the holy grail if
| you have super nasty real world technology situations. There's
| a reason every AAA game engine depends on it in some way.
|
| The reason all the AAA games are on it is because they're on
| the Windows platform, and more importantly their customers are
| on the Windows platform.
|
| If 95% of gamers ran MacOS instead of Windows, you'd see a very
| different tech stack among game developers.
| jongjong wrote:
| I can't understand why people are still using proprietary
| software like Windows or OSX when superior free software exists.
| It's a testament to the hidden monopolizing forces which exists
| in our society.
___________________________________________________________________
(page generated 2025-06-25 23:00 UTC)