Hahaha some are doing well. Also you have an advantage: Half my team listens to you, so they’d kill me if I gave you a bad score

Every Microsoft Entra tenant is weird in some way, but every IT admin is convinced they’re totally normal. We have thousands of customers at Pistachio, and we still meet admins who surprise us. “Of course we put company name in the email field and email in department”

Copilot Broke Your Audit Log, but Microsoft Won’t Tell You Copilot Broke Your Audit Log, but Microsoft Won’t Tell You

@wyden.senate.gov thought you might be interested. Microsoft Copilot allowed users to bypass the audit log and Microsoft did nothing to disclose that: pistachioapp.com/blog/copilot...

If you have an audit log and you have an API, then requiring the “enterprise package” to access the audit log via the API isn’t cool. Specifically: GitHub.

“send you an email scam*”, I meant to say.

I mean if I send you an email every single day, presumably you’d agree you’d be less likely to fall for email scams than other people, because you’d be constantly reminded to ask “is this an email scam”. Do you disagree with that?

We have sent >3m phishing sims and our data doesn’t show that IT/eng fails at an above-average rate.

I think phishing sims have a lot of problems in how they’re done most places, but receiving a steady stream of phishing sims absolutely helps people remember to pay attention. Which is the goal.

This happens to me in Norway when I go to Indian places. They always say, “that’s not for you” and I have to explain that I’ll be fine.

I then did the same in Spain, and unfortunately the waiter was right. It was not for me.

Why would you get rid of phishing simulations?

Sorry for the slow response, I’m not there personally so went to sleep

Luggage tags, playing cards, gum, stickers, temporary tattoos, etc.

Boxes

More boxes

More boxes

Stuff in boxes

If you are at #Blackhat can you please go by our booth, I bought way too much merch and don’t want to look like an idiot.

Not knowing things about technology is a great way to feel young. I’m not ignorant, it was just “before my time” (2019).

Giving a vendor time to fix a vulnerability makes sense, but I can’t help but feel the practice is being abused and therefore produces worse security outcomes. When large orgs want to move fast they absolutely can; taking 90 days to fix a vulnerability is a choice.

Oh thank god someone is calling this out. I’ll go listen.

Every time a VC posts “AI-first companies can build billion dollar businesses with 10 people because they can use AI agents, not people, to scale”, I’m tempted to send them a deck that is a pure operations play. Put your money where your mouth is. “Walmart but AI”

If AI is so good at writing code, why is Gemini 2.5 pro only available on the global endpoint? Why does batch processing for 2.0 work everywhere BUT global? Why can’t I fine tune 2.5? Can’t some PM at Google just vibe code these things for me?

A guy saying software rewrites usually fail.

Are we fine sharing screenshots from the other place? If so, one comment: skill issue.

If everyone is supposedly building cutting edge AI apps, then why are all of the AI models’ APIs and client libraries so poorly documented and buggy? It really gives away how little people are doing with AI beyond the very basics

People like to keep their hands on the steering wheel (of B2B SaaS) even when it’s wildly unnecessary and value destructive. AI makes people question that behavior, even for solutions that don’t use AI.

One good thing about AI is that encourages people to think more about building “software that does the job for you” instead of “software that enables you to do the job” and I think that is long overdue.

Check slack

I wrote a blog post on how to use deploy your go application from the terminal using systemd

https://egreb.net/posts/deployment-with-go/

#go #golang

What the hell is SharePoint? I just wanted to put some files in a folder so people could access them, and now it is asking me to make a website.

I wrote about what it is like to build a product that the end user doesn't really want, and why gamification isn't a solution to that: pistachioapp.com/blog/you-cant-gamify-sec...

How do I harass an airline on here if brands don’t use bluesky

“Don’t build for scale before you have product market fit” isn’t looking so smart for Bluesky right now, for example. The startups of the early 2000s weren’t competing with tech companies that could clone their shit overnight and do it 100x better

A lot of the conventional wisdom of the startup world comes from an era fundamentally different from today, but lives on because the winners of that era are the VCs of today.

Gamification can alter behavior within some macro goal a person already cares about. That’s the point product teams keep missing. The person has to already care.

Do I just give an invite code to the startup I work at so we starting getting some brands here, or…