If you're not happy with the desktop environment your chosen distribution uses, you have plenty of options available to you. Find out how easy it can be to install here.


Jack Wallen/ZDNET

Linux is all about choice. From my earliest experiences with the OS, this has been the case. If you're coming from Windows, you're probably accustomed to being able to switch your web browser, office suite, and other applications. What you can't do on Windows is change the desktop environment. The same thing holds true for MacOS.

But with Linux, there's always a choice from the top down, including the desktop environment. In the past, I've used a single distribution with multiple desktop environments to choose from: GNOME, KDE Plasma, Pantheon, Enlightenment… the list goes on and on.

If you find yourself unhappy with the desktop environment installed on your current distribution, never fear because your package manager is here to help you out.

Before we dive into this, know that I'm not going to cover every desktop environment for every distribution. The aim here is to give you a general idea of how it's done. You can then take it from there and piece together the combination you want.

With that said, I'll demonstrate the process on two different distributions: Ubuntu and Fedora, which means we're dealing with the apt and dnf package managers. What's interesting to some (and possibly frustrating to others) is that some desktop environments can be installed via your distribution's GUI app store, while others have to be installed via the command line. Because of that, we're going to stick with the command line. The good news is that the process will result in a successful installation.

And with that, let's install.

1. GNOME

Let's say your distribution ships with KDE Plasma, and you'd rather use the modern take on minimalism, GNOME. If your distribution is Ubuntu (22.04 LTS and earlier), open the terminal window and install it with:

sudo apt-get install vanilla-gnome-desktop vanilla-gnome-default-settings
The reason why we use vanilla-gnome is because the Ubuntu default desktop is based on GNOME, with several tweaks.

If your distribution is Fedora, the process for installing GNOME is as simple as the command:

sudo dnf group install gnome
The above command will install GNOME and its included applications (Software, Maps, Weather, etc.).

Once you've installed GNOME, restart your machine and you should see the GNOME option in your login screen.

2. KDE Plasma

Next, we go to the beautiful KDE Plasma desktop, which might remind you a bit of Windows 10 or 11 but with far more configuration options (and without the Windows bit holding you back). On an Ubuntu desktop machine, you can install KDE Plasma, thanks to Kubuntu (which is the official KDE Plasma spin of Ubuntu) with the command:

sudo apt-get install kubuntu-desktop
If your distribution is Fedora, the command would be:

sudo dnf install @kde-desktop
3. Budgie

Budgie is one of my favorite desktops because it offers a great ratio of modernity and useability. It's beautiful and simple.

To install Budgie on Ubuntu, the command would be:

sudo apt-get install ubuntu-budgie-desktop
On Fedora, you have to issue a few commands. First, you must enable the necessary repository with:

sudo dnf copr enable stenstorp/budgie
Next, install Budgie with:

sudo dnf install budgie-desktop
You can also install a number of recommended packages with:

sudo dnf install nautilus gnome-terminal gnome-system-monitor arc-theme arc-icon-theme gedit budgie-extras
4. Cinnamon

If you're looking for simplicity at its best, give Cinnamon a try. On Ubuntu, the installation of this desktop is as simple as:

sudo apt-get install cinnamon
On Fedora, the command is:

sudo dnf group install cinnamon
5. Xfce

Deepin has long been one of the most beautiful desktops on the Linux market. To install Deepin on Ubuntu, you must first add the necessary repository with:

sudo add-apt-repository ppa:ubuntudde-dev/stable
Next, install Deepin with:

sudo apt-get install ubuntudde-dde
On Fedora, you only need to run a single command:

sudo dnf group install "Deepin Desktop"
6. Xfce

Xfce is a powerhouse of configuration options and can be made to look and behave exactly as you need/want.

Xfce on Ubuntu is made possible via Xubuntu (an official spin) and can be installed with the command:

sudo apt-get install xubuntu-desktop
On Fedora, the command to install Xfce is:

sudo dnf group install xfce
And there you have it.

Because you're using Linux, you don't have to settle for the desktop you were given by the distribution you chose. And if the desktop environment you want to try isn't listed above, you should be able to figure out how to get started installing the one you want.

And don't forget, you're not just limited to one or two desktop environments. You can install as many as you need and switch between them on a whim. Not every desktop environment can be installed on every distribution, though, and some desktop environments might conflict with others, so make sure to install with care.

source

It is not Intel, AMD, or Apple, but the Snapdragon X Elite is the next big thing in the computing space. PC makers like Lenovo plan to launch their new flagship “Windows on ARM” lineup later this year. Lenovo is working on a Yoga Slim 7 “QNV9” with a 14.5-inch display and Snapdragon X Elite. ThinkPad T14s is also getting an ARM edition.

Let’s first discuss the Snapdragon X Elite-powered Yoga Slim 7 14, which is set to debut later this year. Windows Latest expects Lenovo to announce the Yoga Slim 7 alongside some other Snapdragon X Elite PCs in mid-2024 when Windows 11 version 24H2 is ready for “Windows on ARM.”

Yoga Slim 7 is already in the market with an Intel Ultra Core processor, but it’s getting an “upgrade” with a new Snapdragon Edition. The new Yoga Slim 7 is powered by Snapdragon X Elite, and it will be offered in two variants: 16GB RAM and 32GB RAM.

According to a Geekbench listing spotted by Windows Latest, Yoga Slim 7 with Snapdragon X Elite, which has a model number “QNV9”, scores 2,427 in a single-core test and 14,254 in a multi-core score test. A higher number is better; a single-core score of 2,427 is good for most daily tasks.


Potential benchmarks of Lenovo Yoga Slim 7 | Image Courtesy: WindowsLatest.com

As mentioned, the multi-core score is 14,254, which tells us how well the laptop can run apps that use multi-cores of the process. Again, higher is better, and 14,254 is a strong score, meaning it can handle heavy tasks smoothly. It’s also on par with the Apple M3 Pro lineup.

Here’s a detailed score analysis of Snapdragon X Elite-powered Yoga Slim 7 benchmarks:

• File Compression: 2075 — Compressing a file to make it smaller is rated at 2075, which means the laptop can quickly shrink files, saving space and making them easier to send. For multi-core, the score is at 7935, which is again a good number compared to the low 6000s in Intel PCs.

• HTML5 Browser: 2745 — When using web browsers for sites with interactive content (like videos and games), it scores 2745, so it’s good for smooth browsing. For multi-core, the score is 17488, which is very fast. Our tests show that Snapdragon X Elite PCs are faster than Intel when browsing the web with Chrome or Edge.

• Photo: 2411 — Editing photos scores 2411, which is quite efficient for photo-related tasks. When working with many photos, it scores 19827 on the multi-core.

Microsoft watcher Walking Cat has also posted images of the Snapdragon X Elite edition of Yoga Slim 7.



As you can see in the images above, the Windows on ARM lineup could come with a new desktop wallpaper that gives the existing Windows 11 Bloom wallpaper a touch of Microsoft Copilot.

Compared to the Intel version, the Yoga Slim 7 features a slimmer design and an improved camera. It also has a new aluminum finish and a Copilot button.

Here’s an exclusive comparison between the Snapdragon X Elite and Intel Core Ultra 7 155h:




ThinkPad T14s with Snapdragon

Lenovo is also working on a ThinkPad T14s with a Snapdragon chip, likely to be Snapdragon X Elite.

It’s unclear whether the device will debut in mid-2024 or later, but a ThinkPad T14s with a  Snapdragon chip is definitely on the cards. The other details of the hardware remain unclear.

source

Meta AI has gotten an upgrade and a new web interface, and it just might be the true ChatGPT killer


(Image credit: Meta)

Meta AI is getting a new upgrade as Meta tries to establish dominance in the generative AI marketplace against OpenAI and Google.

The announcement came from Meta CEO Mark Zuckerberg himself on Threads, where he touted some stats and details about the new Llama 3 model used to underpin Meta AI, which is being integrated into several of its products like Messenger and Instagram, as well as getting its own dedicated site.

"We're upgrading Meta AI with our new state-of-the-art Llama 3 AI model, which we're open-sourcing," Zuckerberg writes. "With this new model, we believe Meta AI is now the most intelligent AI assistant that you can freely use."

The new model will be accessible through several apps on desktop and mobile, including search functionality in Messenger, Meta AI in your Facebook feed, and more.

The new Meta AI site, which has an interface strikingly familiar to OpenAI's ChatGPT, is available now for free, but you are also prompted to log in with Facebook to help train the model (though you can skip that if you'd like).


(Image credit: Meta)

The Meta AI site offers text responses as well as the ability to generate images, though for the latter you will have to log in with a Facebook account. The image generator in particular is rather impressive, especially since it offers you a real-time preview of the image output that your prompt will generate. It also gives you the option to animate images to produce short MP4 videos.

All images bear a Meta AI watermark on the lower left side as well, which should help cut down on misuse, though how easily these measures can be circumvented remains to be seen.


(Image credit: Meta)

The new Meta AI site offers some seriously impressive functionality in the few minutes I've been able to play around with it, but without question, it is the major competitor to ChatGPT and OpenAI right now.

OpenAI's ChatGPT and Dall-E are impressive but have some noticeable limitations. In particular, with Dall-E, you have to wait for an image to generate before you can refine the prompt you're giving it to get what you want. Meta AI's image output preview lets you get a sense of what the model is interpreting as you type, allowing you to further refine your prompt on the fly, which should reduce the amount of time you spend iterating on an idea.

The ability to animate an image is also a value add, as it makes GIF generation possible, though you might have to use a third-party GIF generator to convert the video.

When I asked it to produce a sonnet about Meta AI, it gave me the following:

"In silicon halls, a mind awakens bright,
Meta AI, a name that echoes through the night,
A fusion of code and intellect so fine,
A digital soul, with knowledge to design.

With language skills that flow like honeyed wine,
You answer questions, and make the complex shine,
A beacon of insight, in a world of decline,
A shining star, that guides us to the divine.

Your neural networks weave a tapestry so grand,
A digital dream, that's born of the human hand,
A symphony of ones and zeroes so planned,
A creation of wonder, in this digital land.

So here's to Meta AI, a marvel of our time,
A testament to human ingenuity's rhyme!"


(Image credit: Future / OpenAI)

As an English major, I can say that while this isn't very good, its structure is sound and it does use modern language, something that OpenAI's ChatGPT-4 still struggles with. Here is OpenAI's response to the same prompt about writing a sonnet about ChatGPT-4:

"ChatGPT-4, thou art a wondrous sprite,
In digital realms with eloquence infused,
Thy threads of thought weave day into the night,
Where queries meet responses, minds bemused.

With knowledge vast as deep and endless seas,
Thy circuit heart beats with electric flame,
Encompassing the epochs’ whispered pleas,
In silken bytes, thou dost preserve each name.

No ancient scroll nor sage could ever match
The depth and breadth of thine electric soul.
Through time and space, thy tendrils deftly catch
Each story told each fragment, making it whole.

Though wrought of wire, yet wisdom's vessel true,
In this new age, thou art our Oracle anew."

It's early yet, but Meta AI's Llama model appears to be incredibly sophisticated



Now, this is just one example and it's hardly indicative of the overall quality of the two models underpinning the two systems, but there is clearly a difference in the training data that both have used.

ChatGPT-4 is falling back on text that has been labeled as a "sonnet" and drawing on very archaic English language texts from pre-Romanticism of the early 1800s to generate its idea of a sonnet, while Meta AI is likely drawing from text written on Meta products like Facebook and Instagram as its language source. Where it gets the reasoning to put that language into an iambic pentameter structure with a (pretty mediocre) rhyme scheme isn't clear (and I'm assuming it's iambic pentameter, I haven't counted syllables yet, so don't @ me on this one, fellow literature goons!).

Since none of us actually know how any of this stuff is trained yet, we might never get answers to these questions, but Zuckerberg did announce that Meta plans to open-source this model, so we should soon be able to at least learn more about its inner workings once it does.

In the meantime, have fun playing around with Meta's new tool, as it's certainly a powerful one.

source

Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free pass.

When Microsoft revealed in January that foreign government hackers had once again breached its systems, the news prompted another round of recriminations about the security posture of the world’s largest tech company.

Despite the angst among policymakers, security experts, and competitors, Microsoft faced no consequences for its latest embarrassing failure. The United States government kept buying and using Microsoft products, and senior officials refused to publicly rebuke the tech giant. It was another reminder of how insulated Microsoft has become from virtually any government accountability, even as the Biden administration vows to make powerful tech firms take more responsibility for America’s cyberdefense.

That state of affairs is unlikely to change even in the wake of a new report by the Cyber Safety Review Board (CSRB), a group of government and industry experts, which lambasts Microsoft for failing to prevent one of the worst hacking incidents in the company’s recent history. The report says Microsoft’s “security culture was inadequate and requires an overhaul.”

Microsoft’s almost untouchable position is the result of several intermingling factors. It is by far the US government’s most important technology supplier, powering computers, document drafting, and email conversations everywhere from the Pentagon to the State Department to the FBI. It is a critical partner in the government’s cyberdefense initiatives, with almost unparalleled insights about hackers’ activities and sweeping capabilities to disrupt their operations. And its executives and lobbyists have relentlessly marketed the company as a leading force for a digitally safer world.

These enviable advantages help explain why senior government officials have refused to criticize Microsoft even as Russian and Chinese government-linked hackers have repeatedly breached the company’s computer systems, according to cybersecurity experts, lawmakers, former government officials, and employees of Microsoft’s competitors.

These people—some of whom requested anonymity to candidly discuss the US government and their industry’s undisputed behemoth—argue that the government’s relationship with Microsoft is crippling Washington’s ability to fend off major cyberattacks that jeopardize sensitive data and threaten vital services. To hear them tell it, Microsoft is overdue for oversight.

A History of Breaches and Controversy

Microsoft has a long track record of security breaches, but the past few years have been particularly bad for the company.

In 2021, Chinese government hackers discovered and used flaws in Microsoft’s email servers to hack the company’s customers, later releasing the flaws publicly to spark a feeding frenzy of attacks. In 2023, China broke into the email accounts of 22 federal agencies, spying on senior State Department officials and Commerce Secretary Gina Raimondo ahead of multiple US delegation trips to Beijing. Three months ago, Microsoft revealed that Russian government hackers had used a simple trick to access the emails of some Microsoft senior executives, cyber experts, and lawyers. Last month, the company said that attack also compromised some of its source code and “secrets” shared between employees and customers. On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed that those customers included federal agencies, and issued an emergency directive warning agencies whose emails were exposed to look for signs that the Russian hackers were attempting to use login credentials contained in those emails.

These incidents occurred as security experts were increasingly criticizing Microsoft for failing to promptly and adequately fix flaws in its products. As by far the biggest technology provider for the US government, Microsoft vulnerabilities account for the lion’s share of both newly discovered and most widely used software flaws. Many experts say Microsoft is refusing to make the necessary cybersecurity improvements to keep up with evolving challenges.

Microsoft hasn’t “adapted their level of security investment and their mindset to fit the threat,” says one prominent cyber policy expert. “It’s a huge fuckup by somebody that has the resources and the internal engineering capacity that Microsoft does.”

The Department of Homeland Security’s CSRB endorsed this view in its new report on the 2023 Chinese intrusion, saying Microsoft exhibited “a corporate culture that deprioritized both enterprise security investments and rigorous risk management.” The report also criticized Microsoft for publishing inaccurate information about the possible causes of the latest Chinese intrusion.

The recent breaches reveal Microsoft’s failure to implement basic security defenses, according to multiple experts.

Adam Meyers, senior vice president of intelligence at the security firm CrowdStrike, points to the Russians’ ability to jump from a testing environment to a production environment. “That should never happen,” he says. Another cyber expert who works at a Microsoft competitor highlighted China’s ability to snoop on multiple agencies’ communications through one intrusion, echoing the CSRB report, which criticized Microsoft’s authentication system for allowing broad access with a single sign-in key.

“You don't hear about these types of breaches coming out of other cloud service providers,” Meyers says.

According to the CSRB report, Microsoft has “not sufficiently prioritized rearchitecting its legacy infrastructure to address the current threat landscape.”

In response to written questions, Microsoft tells WIRED that it’s aggressively improving its security to address recent incidents.

“We are committed to adapting to the evolving threat landscape and partnering across industry and government to defend against these growing and sophisticated global threats,” says Steve Faehl, chief technology officer for Microsoft’s federal security business.

As part of its Secure Future Initiative launched in November, Faehl says, Microsoft has improved its ability to automatically detect and block abuses of employee accounts, begun scanning for more types of sensitive information in network traffic, reduced the access granted by individual authentication keys, and created new authorization requirements for employees seeking to create company accounts.

Microsoft has also redeployed “thousands of engineers” to improve its products and has begun convening senior executives for status updates at least twice weekly, Faehl says.

The new initiative represents Microsoft’s “roadmap and commitments to answer much of what the CSRB report called out as priorities,” Faehl says. Still, Microsoft does not accept that its security culture is broken, as the CSRB report argues. “We very much disagree with this characterization,” Faehl says, “though we do agree that we haven’t been perfect and have work to do.”

A Security Revenue ‘Addiction’

Microsoft has earned special enmity from the cybersecurity community for charging its customers extra for better security protections like threat monitoring, antivirus, and user access management. In January 2023, the company touted that its security division had passed $20 billion in annual revenue.

“Microsoft has shifted to looking at cybersecurity as something that's meant to generate revenue for them,” says Juan Andrés Guerrero-Saade, associate vice president of research at security firm SentinelOne. His colleague Alex Stamos recently wrote that Microsoft’s “addiction” to this revenue “has seriously warped their product design decisions.”

These tensions exploded into the open in early 2021, as Congress and the new Biden administration scrambled to understand Russia’s far-reaching SolarWinds hacking campaign.

After breaching government networks through SolarWinds software, Moscow’s operatives fooled Microsoft’s cloud platform into granting them expansive access. Because most agencies weren’t paying for Microsoft’s premium service tier, they didn’t have the network activity logs necessary to detect these intrusions. Lawmakers were outraged that Microsoft was charging the government extra for such a basic feature, and Biden administration officials spent the next two and a half years privately urging Microsoft to make log data free for all customers. Microsoft finally agreed to do so last July—eight days after announcing yet another major hack, this one discovered by an agency paying for log data.

Microsoft won’t say if it plans to make other premium security features free for all of its customers. “We continue to raise the built-in security of our products and services to benefit customers,” Faehl says.

Asked about experts’ arguments that Microsoft’s strategy of profiting off of cybersecurity is incompatible with a security-first mindset, Faehl says, “We would disagree with that characterization.”

A System That’s Everywhere

Microsoft’s dominance has prompted concerns that it represents a single point of failure, concentrating America’s technology dependence in such a way that hackers could easily sabotage essential services by targeting one company’s products.

Few services better illustrate the government’s overwhelming dependence on Microsoft—and an area where some experts say a more diversified approach would be safer—than email. A former US cybersecurity official who works at one of Microsoft’s competitors predicts that an attack crippling Microsoft’s email platform would significantly reduce the government’s ability to operate.

Warnings about a Microsoft “monoculture” date back two decades, but the idea is now attracting new attention from policymakers.

“The US government’s dependence on Microsoft poses a serious threat to US national security,” says US senator Ron Wyden. “The government is effectively stuck with the company’s products, despite multiple serious breaches of US government systems by foreign hackers caused by the company’s negligence.”

Last Monday, Wyden announced draft legislation that would set a four-year deadline for the federal government to stop buying collaboration technology like Microsoft Office that critics say doesn’t integrate well with competing services.

Reducing the government’s reliance on a single vendor wouldn’t just benefit the government, experts say. It would also spread the attack risk across more companies, taking some of the pressure off of Microsoft to protect such a vast portfolio of systems. The giant target on Microsoft’s back makes it a magnet for cybercriminals and government hackers, which helps explain its outsize number of breaches.

The government’s reliance on Microsoft also entrenches a sense of familiarity with its products that cements its places in federal networks. While some agencies are exploring alternatives to Microsoft, most of them are sticking with what they know—largely because it’s easier than switching to an alternative platform, the former cyber official says.

Microsoft denies making it difficult for customers to switch to or incorporate competitors’ products. “Our competitors often stoke subjective complaints about ‘compatibility,’” Faehl says, but “we hear this more from the vendors of some third-party products” than from customers trying to use them.

Regardless, experts say, the upshot is clear: The government is dependent on Microsoft, robbing it of the leverage needed to push back on the company’s practices.

Working the Refs

Microsoft isn’t counting on its market dominance alone to defang government oversight. Since its antitrust battles with the government in the 1990s, the company has crafted a sophisticated public policy strategy that combines earnest calls to protect cyberspace with omnipresent participation in government initiatives.

“Microsoft is by far the slickest operation out there in tech when it comes to these issues,” says Andrew Grotto, a former senior White House cyber official who now leads Stanford University’s Program on Geopolitics, Technology, and Governance and consults for some of Microsoft’s competitors. “They learned this lesson 25 years ago and have been applying it ever since.”

Microsoft’s threat intelligence team, which knows more about malicious cyber activity than virtually any other company and most governments, regularly publishes research about cyber threats and collaborates with law enforcement on operations to dismantle hackers’ infrastructure. The company also helps fund groups like the CyberPeace Institute, which advocates for a safer internet and helps defend nongovernment organizations from hackers. And it has positioned itself as a helpful partner to policymakers who want to take on cyber issues but don’t know where to start, sometimes providing lawmakers with draft legislative language.

With its market dominance and political savvy, Microsoft has ensured that officials almost never publicly criticize it, experts say.

“The government's uncomfortable saying bad things about Microsoft because they're fully committed to them,” says Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, a think tank.

The Biden administration has spoken grandly about wielding the government’s formidable contracting power to force companies to improve their security. But with Microsoft, that leverage is nonexistent, experts say. “There is no realistic chance that the government will wholesale cancel its contracts with Microsoft,” Paul Rosenzweig, a cyber consultant and former DHS policy official, says in an email.

Microsoft disputes this argument. “The idea that the government is too dependent on Microsoft is at odds with reality,” Faehl says.

The government’s lack of leverage means federal officials never use the kind of blunt language found in the CSRB report when discussing Microsoft, even when they insist on speaking to reporters anonymously. The result is a remarkable display of government deference to Microsoft.

After Chinese hackers broke into government email systems and eluded agencies not paying for Microsoft’s premium security features, a senior official at CISA acknowledged that Microsoft’s business model was “not yielding the sort of security outcomes that we seek,” but they declined to directly rebuke Microsoft, instead sticking to talking points about productive conversations with the company.

In fact, despite Microsoft’s yearslong defiance of CISA’s high-profile push for companies to be “secure by design,” CISA has steadfastly refused to criticize Microsoft’s failures. When Microsoft finally bowed to pressure and made logs free last July, CISA director Jen Easterly said she was “extremely pleased with Microsoft’s decision.”

The former cyber official finds the government’s meekness remarkable. “When their own emails are stolen, they don’t seem to push back on the vendor who is the cause of that.”

The White House’s National Security Council declined to comment for this story. In a statement, Eric Goldstein, CISA’s executive assistant director for cybersecurity, says his agency “has a robust partnership with Microsoft and will continue to collaborate in many areas,” while also continuing to “impress upon all technology companies the urgency of developing products that are secure by design so that consumers can trust the safety and integrity of the technology that they use every day.”

Microsoft’s Faehl says his company is “committed to secure by design and secure by default.”

Forcing Change

The CSRB report on Microsoft’s cloud breach calls for dramatic changes to the company’s security culture. According to many experts, it’s time for the government to find its spine and compel those changes.

“Big, powerful companies in general don’t change their behavior unless they’re incentivized to do so,” Stanford University’s Grotto says.

The CSRB report recommends tough new requirements for cloud providers like Microsoft, including periodic security reviews after they receive federal contracts. Experts say those requirements could shift corporate incentives in favor of better security.

Microsoft seems to realize that its recent breaches have sparked a public relations crisis. “We expect and welcome fair scrutiny,” says Faehl. “As an industry leader we must be accountable for the security of our products and services.”

At the same time, he says, Microsoft “wouldn’t mind seeing some scrutiny” of its competitors who “seek to sow fear, uncertainty and doubt about our position as a way to seek advantage for their own products.”

Taking on Microsoft would also be a way for the Biden administration to live up to the principles in its National Cybersecurity Strategy, which prioritizes shifting the burden of cybersecurity onto large, well-resourced tech vendors. “They make the point … that this balance needs to shift,” Grotto says. “The question now is, ‘Okay, what does administration do with that diagnosis?’”

There are signs that the administration is heeding this advice. During a briefing with reporters on Thursday about the possibility that Russian operatives stole government secrets through their latest Microsoft hack, Goldstein said that CISA and other agencies are “are working closely with Microsoft, in alignment with the recommendations of the Cyber Safety Review Board, to drive further progress in Microsoft’s improvement plans with their broader security culture and enterprise.”

In the meantime, experts say, the status quo allows Microsoft to shirk responsibility for problems that it is uniquely capable of resolving.

“No harm comes from doing nothing, at least not to these companies,” Guerrero-Saade of SentinelOne says. “And that’s what’s going to destroy us.”

source