惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

宝玉的分享
宝玉的分享
博客园 - 【当耐特】
NISL@THU
NISL@THU
IT之家
IT之家
博客园 - 叶小钗
M
MIT News - Artificial intelligence
博客园_首页
Hugging Face - Blog
Hugging Face - Blog
量子位
The Register - Security
The Register - Security
爱范儿
爱范儿
酷 壳 – CoolShell
酷 壳 – CoolShell
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Security Affairs
W
WeLiveSecurity
S
Security @ Cisco Blogs
Apple Machine Learning Research
Apple Machine Learning Research
V2EX - 技术
V2EX - 技术
The Last Watchdog
The Last Watchdog
Blog — PlanetScale
Blog — PlanetScale
美团技术团队
J
Java Code Geeks
P
Proofpoint News Feed
大猫的无限游戏
大猫的无限游戏
Vercel News
Vercel News
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Last Week in AI
Last Week in AI
腾讯CDC
Cisco Talos Blog
Cisco Talos Blog
C
Check Point Blog
人人都是产品经理
人人都是产品经理
Forbes - Security
Forbes - Security
SecWiki News
SecWiki News
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
B
Blog
S
Secure Thoughts
T
Threat Research - Cisco Blogs
P
Privacy & Cybersecurity Law Blog
N
News | PayPal Newsroom
The GitHub Blog
The GitHub Blog
Recorded Future
Recorded Future
Google DeepMind News
Google DeepMind News
博客园 - 聂微东
V
Visual Studio Blog
L
LINUX DO - 最新话题
Recent Commits to openclaw:main
Recent Commits to openclaw:main
O
OpenAI News
Webroot Blog
Webroot Blog
Hacker News: Ask HN
Hacker News: Ask HN

Swift for Visual Studio Code comes to Open VSX Registry | InfoWorld

Notion courts developers with a platform for AI agents and workflow automation Using continuous purple teaming to protect fast-paced enterprise environments A better way to work with SQL Server Evidence-driven workflows: Rethinking enterprise process design AWS debuts Graviton-powered Redshift RG instances to cut analytics costs SAP’s AI promises last year? Most are still rolling out First look: Lemonade serves up local AI with limitations GitLab CEO sees developer tool bill increasing 100-fold Red Hat adds support for agentic AI development What’s new and exciting in JDK 26 Kill the loading spinner with local-first data and reactive SQL A networking revolution at AWS Tokenmaxxing is super dumb How to add AI to an existing product (without annoying users) Your AI doesn’t need another database What happens when engineering teams reorganize around AI agents Python isn’t always easy When cloud giants meddle in markets 12 model-level deep cuts to slash AI training costs The best new features in Python 3.15 Teradata launches platform for enterprise AI agents moving beyond pilots Three skills that matter when AI handles the coding MongoDB targets AI’s retrieval problem Building AI apps and agents with Microsoft Foundry Designing front-end systems for cloud failure No, AI won’t destroy software development jobs Diskless databases: What happens when storage isn’t the bottleneck Vibe coding or spec-driven development? The agentic AI distraction Vibe coding or spec-driven development? How to choose Cloud providers are blinded by agentic AI SAP to acquire data lakehouse vendor Dremio Small language models: Rethinking enterprise AI architecture Making AI work through eval hygiene Improving AI agents through better evaluations AI in the cloud is easy but expensive Running AI in the cloud is easy – and expensive Making AI work for databases Harness teams of agentic coders with Squad Harness teams of coding agents with Squad Oracle NetSuite announces AI coding skills for SuiteCloud developers Why it’s so hard to create stand-alone Python apps A new challenge for software product managers The hidden cost of front-end complexity GitHub shifts Copilot to usage-based billing, signaling a new cost model for enterprise AI tools OpenAI’s Symphony spec pushes coding agents from prompts to orchestration The front-end architecture trilemma: Reactivity vs. hypermedia vs. local-first apps Enterprise AI is missing the business core The best JavaScript certifications for getting hired Google begins putting the guardrails on agentic AI Why world models are AI’s next frontier Where to begin a cloud career Google pitches Agentic Data Cloud to help enterprises turn data into context for AI agents How open source ideals must expand for AI Is your Node.js project really secure? How I doubled my GPU efficiency without buying a single new card SpaceX secures option to acquire AI coding startup Cursor for $60B Google’s Gemma 4 shines on local systems – both big and small AI is upending the SaaS game How AI is upending SaaS tools Snowflake offers help to users and builders of AI agents From the engine room to the bridge: What the modern leadership shift means for architects like me Addressing the challenges of unstructured data governance for AI The cookbook for safe, powerful agents Enterprises are rethinking Kubernetes GitHub pauses new Copilot sign-ups as agentic AI strains infrastructure Best practices for building agentic systems Making agents dull Oracle delivers semantic search without LLMs When cloud giants neglect resilience Exciting Python features are on the way Ease into Azure Kubernetes Application Network The agent tier: Rethinking runtime architecture for context-driven enterprise workflows The two-pass compiler is back – this time, it’s fixing AI code generation MuleSoft Agent Fabric adds new ways to keep AI agents in line Salesforce launches Headless 360 to support agent‑first enterprise workflows Tap into the AI APIs of Google Chrome and Microsoft Edge Where will developer wisdom come from? GitHub adds Stacked PRs to speed complex code reviews The hyperscalers are pricing themselves out of AI workloads HTMX 4.0: Hypermedia finds a new gear Google Cloud introduces QueryData to help AI agents create reliable database queries Hands-on with the Google Agent Development Kit Are AI certifications worth the investment? AWS targets AI agent sprawl with new Bedrock Agent Registry Cloud degrees are moving online Swift for Visual Studio Code comes to Open VSX Registry AI agents aren't failing. The coordination layer is failing How Agile practices ensure quality in GenAI-assisted development Anthropic rolls out Claude Managed Agents Meta’s Muse Spark: a smaller, faster AI model for broad app deployment Bringing databases and Kubernetes together Rethinking Angular forms: A state-first perspective Minimus Welcomes Yael Nardi as CBO to Facilitate Strategic Growth Microsoft announces end of support for ASP.NET Core 2.3 Get started with Python’s new frozendict type AWS turns its S3 storage service into a file system for AI agents Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents The winners and losers of AI coding GitHub Copilot CLI adds Rubber Duck review agent
Microsoft’s reauthentication snafu cuts off developers globally
by Evan Schuman Contributor · 2026-04-09 · via Swift for Visual Studio Code comes to Open VSX Registry | InfoWorld

Some ISVs never saw the notice that they had to re-authenticate, whereas others say that Microsoft reauthenticated them and they were blocked anyway.

Microsoft officials have confirmed, and are trying to correct, a reauthentication snafu with developers in its Windows Hardware Program which has blocked an unknown number of independent software vendors (ISVs) from access to Microsoft systems. That in turn has interrupted operations for the their customers globally.

The process started in October, when Microsoft began account verification for its Windows Hardware Program. Notices were sent to corporate email accounts, or at least they were supposed to have been, and account holders were suspended if they didn’t respond to the request by the deadline. Suspended accounts included a mix of businesses that never received the Microsoft notices, those that received the email but either didn’t notice it or didn’t act on it, and some ISVs who claim they were fully reauthenticated but had services cut off anyway.

Microsoft executives communicating with customers on the X social media platform were quick to confirm that glitches had occurred, but noted that the company wasn’t entirely at fault. 

Scott Hanselman, a Microsoft VP overseeing GitHub, posted on X: “Hey, I love dumping on my company as much as the next guy, because Microsoft does some dumb stuff, but sometimes it’s just ‘check emails and verify your accounts.’ Not every ‘WTF micro$oft’ moment is a slam dunk. I’ve emailed [one major ISV] personally and we’ll get him unblocked. Not everything is a conspiracy. Sometimes it’s literally paperwork.”

At one point in the discussion, Hanselman seemed frustrated with users complaining that Microsoft enforced the deadline it had been telling people about since October. “It’s almost like deadlines are date based,” he said. 

Hanselman also said the flood of urgent requests made the reinstatement process seem to move more slowly. 

“In all these scenarios, [the ISVs] either didn’t see emails or didn’t take action on emails going back to October of last year and until now. Spam folder, didn’t see them, lots of valid reasons that can be worked on. Then they open tickets and the tickets don’t move fast enough–days or weeks, not hours,” Hanselman said. “Once the deadlines hit, then folks complain on social and then folks have to manually unblock accounts with urgency. Things become urgent, but were not always urgent.”

A more senior Microsoft executive, Pavan Davuluri, the EVP overseeing Windows and Devices, also weighed in on X. “We worked hard to make sure partners understood this was coming, from emails, banners, reminders. And we know that sometimes things still get missed,” Davuluri said. “We’re taking this as an opportunity to review how we communicate changes like this and make sure we’re doing it better. If anyone needs help with reinstatement, they can request support here.”

Making the problem worse was the cascading effect on global businesses. As the developer companies were locked out, their customers would also feel the pain as their operations were also disrupted due to reliance on the vendors.

Developers also complained about the limited Microsoft support available to unravel the mess. The company told visitors on X that they could use that app to message it and ask to be reinstated.

Onus on both vendors and ISVs

Consultant Brian Levine, executive director of FormerGov, said some of the onus has to fall on the ISVs.

“Developers should treat vendor recertification as a mission‑critical dependency and implement redundant monitoring, such as multiple emails, portal checks, and automated reminders, to avoid silent lockouts,” Levine said. “This poses real operational risk because a sudden vendor lockout can break integrations, halt workflows, and create cascading outages that look like internal failures rather than upstream policy triggers.”

He noted that vendors should surface critical compliance alerts directly inside their portals and consoles, where developers actually work, “so no one’s business hinges on whether a single automated email landed in [the] spam [folder].”

Carmi Levy, an independent technology analyst, said enterprises often give insufficient attention to their suppliers’ software suppliers. Enterprise IT and developers “need to be asking the hard questions” about vendor dependencies. “Ideally, vendor relations capabilities would be far more proactive,” he noted.

Asked if that means that enterprise IT should be asking their suppliers’ suppliers questions such as “Have you recertified with Microsoft yet? The deadline is almost here,” Levy said that might be asking too much. “Most organizations do not communicate at that level, unfortunately,” Levy said. 

“Summarily having an account terminated after years of regular and proper use is an unthinkable outcome for a developer whose very lifeblood relies on access to that very same account,” Levy said. “Likewise, the countless customers of this developer, who rely on [their ISV] for their own careers and businesses, are potentially left in the dark because Microsoft either can’t or won’t implement better development management technologies and protocols. This case reinforces the power imbalance between major tech platformers like Microsoft and the independent developers who rely on them to keep their own lights on.”

Implicit trust

Another complicating factor is the increasing reliance that systems have on other systems and executables, said Flavio Villanustre, CISO for the LexisNexis Risk Solutions Group. That is what forces Microsoft to be so strict in re-authenticating the players that control these software elements. 

There is “implicit trust put on those organizations providing computing components that must be executed before the operating system loads. Since all anti-malware controls are part of and start with the loading of the operating system, anything that executes before [them] could potentially jeopardize the integrity of the entire system,” Villanustre said. “To do this, UEFI requires those components executed at boot time, including the operating systems, to be cryptographically signed with private keys whose certificates are known and can be validated by the UEFI system.”

This is what puts so much power in the hands of the OS vendor, he noted. “Unfortunately, developers have little recourse. If their software component relies on pre-boot execution, they will need a key signature, and that’s tightly controlled by the UEFI/OEM manufacturers and Microsoft,” Villanustre said. “Even Linux distributions rely on Microsoft for key signature. This situation effectively creates a monopoly, where Microsoft controls what runs at boot time through their Certificate Authority.”

However, he observed, “it would probably require regulatory pressure to force that responsibility to be split among more organizations, but you could argue that doing so could potentially weaken the security of the overall system.”