Microsoft loves sending emails with "Action required" in the subject, when actually no action is required, or it doesn't apply to you, or whatever. Such corporate speak. It's fun searching your email for "Action required" and finding all the things you were supposed to do and it turns out didn't need to do anything about.
"Crying wolf" constantly like this is so frustrating. It waters down the message until they send something you really need to worry about, which you ignore like the rest of the pointless messages.
I saw someone had an idea to have a ticket system where the user chose the priority, and it displaced the current ticket at that priority, with the catch being that this ticket was sent back to the user with "are you sure?"
CEO can't login during a demo. Sandra from accounting can't print from the closest printer and confirmed this is higher priority
This is why the user can’t be trusted to assign severity. Incentives across teams aren’t aligned and they don’t have visibility into other issues even if they were aligned.
This is a bit off topic, but I always say that priority is a ranking of actual demands, it is an ordering, one that needs curating and keeping updated based on context and changes in environment.
Nothing else works for prioritisation, any other categorising into "High/Medium/Low" just fails.
By doing so you end up with the nonsense we had at a company I once worked for, where stories were all put in medium.
This was because stories in low were simply never actioned, they'd never ever get done, everyone came to implicitly understand this. It was still a useful dumping ground for the kinds of stories you know you ought to do, but no-one wanted to do, but it was useful to have noted on record. But for prioritising actual work, it was useless.
Stories in High had a special process defined in a handbook that no-one wanted the hassle of dealing with.
So everything was Medium.
This had obvious problems, and it grew larger than could be managed.
So "Just Above Medium" was born, for stories that were higher priority than your everyday stories in Medium.
This in time grew too, so "Just Above Just Above Medium" (aka JAJAM) was born.
By the time I started, there was even a "JAJAM+" category, for stories that had to be fast-tracked through the process too.
The whole thing essentially fell back to having the product/development leads come to an understanding of what work needed to be done. Which is the right way to do it, but that should simply be made more explicit and part of the process by simply having all stories ranked.
Then you don't need the mental overhead of trying to decide in a design meeting if something is "Just above Medium" or just above that...
Early on in my career my manager told me "a monitoring system that sends more than a dozen notifications a day actually sends zero notifications". Words to live by.
I unfortunately took part in their startup program. I was awarded the credits. However, I noticed that everything was super pricey, especially the AI services and the azure interface is basically garbage. It is very easy for you to enable a service and never be able to find it later until you have been billed for it later in the month. Maybe the GCP interface has spoilt me too much.
Long story short: I discontinued their program and it's been 2 years and I still receive those action required emails only to find out that there is absolutely no action required on my side. Harassing users is their favorite past time I swear. Ask the Github desktop folks. On Mac OS, there is no option to disable automatic updates. It loves installing a helper that runs 24/7 with admin privileges. If you click on deny, it will keep harassing you - every. single. day. First thing in the morning - 3 times, 3 times in the evening. You could be in the middle of something important, like a meeting or a screen share or running some serious stuff like CNC milling (which I do) and this thing will just popup and ask you for admin privileges until you accept.
And even if you accept and give it permissions, it just buys you a few days time. People have tried before to open an issue on Github - their response was simply "This isn't a priority for us right now" and they just closed the issue.
Same story with Windows too. I wish there was a law to prevent this kind of bullying behaviour.
I think the laws would need to be generally around not hindering competition. If competition were high, and you had a dozen operating systems to choose from, then you’d move away from this annoying one (Windows). And thus Windows would have a lower incentive to engage in this behavior. But current laws don’t discourage monopolies/oligopolies.
My spam folder is full of "Action Required" emails. So many of them are phishing attempts that I would never even open such an email even if it really truly came from Microsoft.
Google famously just did this with their Captcha service. Had lots of people signing up for a more complicated version on Google Cloud that they didn't need to do.
Because it absolves them of liability of anything goes wrong. They can point to the email say "we warned you". Having to filter and target the specific set of customers that a notice applies to carries risk and costs to them and they wanna pass it to you.
Same with GCP. I have Private test account with nothing on it. I get emails about actions being required regarding APIs I have never used, a few times per year.
You’ll typically only get that for APIs that are enabled in one of your projects. That’s a bit different - those emails are strictly for technical changes that are actually necessary if you’re affected, it’s not part of any sort of marketing scheme.
I literally have a rule to automatically mark as read any email that has "important update" in the subject, because 99% of these "important updates" are various types of inconsequential "lawyers made us do this" bullshit.
In the tech world, security is mostly just a theater , it is used to push though unwanted and unpopular things, like access control, privacy invasion, etc...
All this signing business, leads to one party having the final say, and guess what, they are going to abuse that power...
Because some people realised that insurance is the ultimate form of security? Why prevent failure when the consequences of failure can simply be offloaded to others?
Passkeys are here to improve your login security! All you have to do is give complete control over your ability to log in to a service to one of three American big tech companies. Yay!
I've no idea whether MS either has a veeeeery clever plan about what they are doing, and I just don't get it, or whether that's just completely stupid in the current times when Windows' fanbase is somewhat declining anyways.
On the other hand, people always have a hard time understanding the trouble they order when they let things centralize too much. When they are too okay with depending on e.g. BigTech companies too much.
And in that regard, those news are probably actually good news... It helps people learning about how things work... So they can make better decisions in the future. Better for all of us.
> Wednesday, Microsoft Vice President Scott Hanselman said the developer accounts were automatically suspended because they failed the "mandatory account verification for all partners in the Windows Hardware Program who have not completed account verification since April 2024" that the company had been emailing "everyone" about since October 2025.
It doesn't sound like suspention, because they would be able to fill out the form and get unsuspended. This is closer to account termination.
> The list of affected projects includes, but is not limited to, Virtual Private Network (VPN) software WireGuard, on-the-fly encryption (OTFE) utility VeraCrypt, the MemTest86 Random Access Memory (RAM) testing and diagnosis tool, and the Windscribe VPN software.
This, on top of the recent mystery app updates pushed by Apple, has me concerned. So much of security relies on the assumption that, say, Apple, Google, or Microsoft can't be coerced into pushing an update that undermines the entire security model. The "Apple gets hit with a wrench attack" is more salient nowadays.
Hopefully this is nothing but I think it's worth being vigilant. But judging by Microsoft's response, it seems more likely to be an administrative error commensurate with the state of their company rather than something more nefarious.
I can see some justification for not notifying developers of their actual pending suspension if they have not acted on prior notifications requiring verification steps.
Suppose a developer account, say that associated with VeraCrypt, had been compromised and the compromiser knew or feared they were unable successfully pass verification.
The compromiser could be exploiting their access to modify the product in profitable but fairly benign ways (say making VeraCrypt part of a botnet that didn't do any damage to the host beyond consuming some resources). However, if they got a message saying "Your account will be suspended in 12 hours if you do not pass verification", the compromiser would know that their profit would/could drop or go away. In response, they might push out one last "mandatory auto install" update with a nuclear bomb (perhaps with a delayed trigger) to just do malicious damage to hosts out of spite.
Well, Microsoft is evil so no surprise - but this seems like targeted censorship:
"The list of affected projects includes, but is not limited to, Virtual Private Network (VPN) software WireGuard, on-the-fly encryption (OTFE) utility VeraCrypt, the MemTest86 Random Access Memory (RAM) testing and diagnosis tool, and the Windscribe VPN software."
It seems to go against VPN right? Is there a connection to other things such as the mem-test tool? This one is the only one that does not fit here. Or perhaps we don't have the full picture.
FYI: on macOS you can’t even ship VPN software that uses the modern APIs outside of the app store for self-distribution. An ADP membership is required, full stop.
Modern computing does not make me feel good. Really hate this signing business controlled by the OS vendors. I get the added security benefits, but I'm not sure the tradeoff is worth it.
I feel like Hanselman is one of the few old generation Microsoft people. When he leaves it’ll be young people who don’t know Microsoft and have no understanding of or connection with Microsoft products.
Alongside talk from the UK Labour government about intervening on VPNs, I'm getting uneasy vibes about this move, especially since Microsoft is one of the most government-friendly corporations in the big tech arena.
The surveillance state is growing more sinister every day (especially in the UK), but the efforts are somewhat thwarted by the existence of VPNs.
Once they find a way to undermine VPNs, the UK govt will have literal CCP-level control over our access to information and communication.
"I've been using the same account doing the same actions for 10 years what changed"
"We updated our policy 2 years ago. We have been sending you vaguely worded emails this would happen for 2 years, straight to your junk hotmail account you setup for this, why didn't you read them?"
I read elsewhere (here?) that it was the main developer of WireGuard who had their account suspended. If true, and based on what I read seems it is true, I am surprised this did not reach the "mainstream" press.
All I can say is this is another proof of M/S abuse of their users:
136 comments
Microsoft terminates VeraCrypt account, halting Windows updates (575 points, 239 comments)
https://news.ycombinator.com/item?id=47690977
https://news.ycombinator.com/item?id=47686549
CEO can't login during a demo. Sandra from accounting can't print from the closest printer and confirmed this is higher priority
Ticket A: Elevated Response times for Server A outside of allowed tolerance, people experiencing timeouts
Ticket B: Change the colour of a button
I wish Ticket B Submitter could see the ticket before them to gauge what critical actually means.
Nothing else works for prioritisation, any other categorising into "High/Medium/Low" just fails.
By doing so you end up with the nonsense we had at a company I once worked for, where stories were all put in medium.
This was because stories in low were simply never actioned, they'd never ever get done, everyone came to implicitly understand this. It was still a useful dumping ground for the kinds of stories you know you ought to do, but no-one wanted to do, but it was useful to have noted on record. But for prioritising actual work, it was useless.
Stories in High had a special process defined in a handbook that no-one wanted the hassle of dealing with.
So everything was Medium.
This had obvious problems, and it grew larger than could be managed.
So "Just Above Medium" was born, for stories that were higher priority than your everyday stories in Medium.
This in time grew too, so "Just Above Just Above Medium" (aka JAJAM) was born.
By the time I started, there was even a "JAJAM+" category, for stories that had to be fast-tracked through the process too.
The whole thing essentially fell back to having the product/development leads come to an understanding of what work needed to be done. Which is the right way to do it, but that should simply be made more explicit and part of the process by simply having all stories ranked.
Then you don't need the mental overhead of trying to decide in a design meeting if something is "Just above Medium" or just above that...
Long story short: I discontinued their program and it's been 2 years and I still receive those action required emails only to find out that there is absolutely no action required on my side. Harassing users is their favorite past time I swear. Ask the Github desktop folks. On Mac OS, there is no option to disable automatic updates. It loves installing a helper that runs 24/7 with admin privileges. If you click on deny, it will keep harassing you - every. single. day. First thing in the morning - 3 times, 3 times in the evening. You could be in the middle of something important, like a meeting or a screen share or running some serious stuff like CNC milling (which I do) and this thing will just popup and ask you for admin privileges until you accept.
And even if you accept and give it permissions, it just buys you a few days time. People have tried before to open an issue on Github - their response was simply "This isn't a priority for us right now" and they just closed the issue.
Same story with Windows too. I wish there was a law to prevent this kind of bullying behaviour.
Even MS's staff couldn't figure out what resources the "Action Required" email had to do with.
>
We're taking this as an opportunity to review how we communicate changes like this and make sure we're doing it better.As I'm sure the Vogons did after they blew up Earth for the hyperspace bypass road and realized the planet had inexplicably still been inhabitated.
All this signing business, leads to one party having the final say, and guess what, they are going to abuse that power...
Most security is done badly, but it doesn't mean that security is unnecessary.
But I agree: TooBigTech has TooMuchPower.
> But I agree: TooBigTech has TooMuchPower.
Passkeys are here to improve your login security! All you have to do is give complete control over your ability to log in to a service to one of three American big tech companies. Yay!
I've no idea whether MS either has a veeeeery clever plan about what they are doing, and I just don't get it, or whether that's just completely stupid in the current times when Windows' fanbase is somewhat declining anyways.
On the other hand, people always have a hard time understanding the trouble they order when they let things centralize too much. When they are too okay with depending on e.g. BigTech companies too much.
And in that regard, those news are probably actually good news... It helps people learning about how things work... So they can make better decisions in the future. Better for all of us.
Microsoft response at the end of that article.
At this point people will move to MacOS or Linux because so much damage to their brand can’t simply be ignored anymore.
Apparently nobody at Microsoft considered that blocking critical software hurts Microsoft more than the open source developers being blocked.
> Wednesday, Microsoft Vice President Scott Hanselman said the developer accounts were automatically suspended because they failed the "mandatory account verification for all partners in the Windows Hardware Program who have not completed account verification since April 2024" that the company had been emailing "everyone" about since October 2025.
It doesn't sound like suspention, because they would be able to fill out the form and get unsuspended. This is closer to account termination.
> The list of affected projects includes, but is not limited to, Virtual Private Network (VPN) software WireGuard, on-the-fly encryption (OTFE) utility VeraCrypt, the MemTest86 Random Access Memory (RAM) testing and diagnosis tool, and the Windscribe VPN software.
This, on top of the recent mystery app updates pushed by Apple, has me concerned. So much of security relies on the assumption that, say, Apple, Google, or Microsoft can't be coerced into pushing an update that undermines the entire security model. The "Apple gets hit with a wrench attack" is more salient nowadays.
Hopefully this is nothing but I think it's worth being vigilant. But judging by Microsoft's response, it seems more likely to be an administrative error commensurate with the state of their company rather than something more nefarious.
Suppose a developer account, say that associated with VeraCrypt, had been compromised and the compromiser knew or feared they were unable successfully pass verification.
The compromiser could be exploiting their access to modify the product in profitable but fairly benign ways (say making VeraCrypt part of a botnet that didn't do any damage to the host beyond consuming some resources). However, if they got a message saying "Your account will be suspended in 12 hours if you do not pass verification", the compromiser would know that their profit would/could drop or go away. In response, they might push out one last "mandatory auto install" update with a nuclear bomb (perhaps with a delayed trigger) to just do malicious damage to hosts out of spite.
"The list of affected projects includes, but is not limited to, Virtual Private Network (VPN) software WireGuard, on-the-fly encryption (OTFE) utility VeraCrypt, the MemTest86 Random Access Memory (RAM) testing and diagnosis tool, and the Windscribe VPN software."
It seems to go against VPN right? Is there a connection to other things such as the mem-test tool? This one is the only one that does not fit here. Or perhaps we don't have the full picture.
The surveillance state is growing more sinister every day (especially in the UK), but the efforts are somewhat thwarted by the existence of VPNs.
Once they find a way to undermine VPNs, the UK govt will have literal CCP-level control over our access to information and communication.
"I've been using the same account doing the same actions for 10 years what changed"
"We updated our policy 2 years ago. We have been sending you vaguely worded emails this would happen for 2 years, straight to your junk hotmail account you setup for this, why didn't you read them?"
Nothing nefarious unless you consider bureaucracy
All I can say is this is another proof of M/S abuse of their users:
https://news.ycombinator.com/item?id=47710149