devtake.dev — Microsoft

devtake.dev — MicrosoftArticles on devtake.dev covering Microsoft.https://devtake.dev/en-usGitHub banned the researcher dropping Windows zero-days. The code was already mirrored everywhere.https://devtake.dev/article/github-bans-researcher-windows-zero-day/https://devtake.dev/article/github-bans-researcher-windows-zero-day/GitHub wiped Nightmare-Eclipse's account on May 23 after weeks of unpatched Windows exploits. The ban reopened the oldest fight in security: who decides what research gets hosted?Fri, 29 May 2026 06:50:00 GMTsecuritysecuritygithubvulnerability-disclosurezero-daymicrosoftwindowssupply-chainrceluca-reinhardtUber blew its entire 2026 AI coding budget in four months. Its COO can't prove it paid off.https://devtake.dev/article/uber-ai-budget-burn-claude-code/https://devtake.dev/article/uber-ai-budget-burn-claude-code/Uber exhausted its full-year Claude Code budget by April. Adoption hit 84%, heavy users burn $2,000 a month, and COO Andrew Macdonald can't connect the spend to shipped features.Wed, 27 May 2026 19:05:00 GMTaiaiclaude-codeanthropicai-codingdev-toolsuberai-agentsdieter-morelliMicrosoft just open-sourced 86-DOS. Tim Paterson's 45-year-old listings are now on GitHub under MIT.https://devtake.dev/article/microsoft-dos-historical-source-open-sourced/https://devtake.dev/article/microsoft-dos-historical-source-open-sourced/Yufeng Gao and Rich Cini scanned Tim Paterson's 1981 assembler printouts. Microsoft pushed them to DOS-History/Paterson-Listings on April 28, the 45th anniversary.Mon, 25 May 2026 12:30:00 GMTopen-sourcemicrosoftms-dos86-dosopen-sourcecomputer-historygithubmit-licensetim-patersonsoren-vanekScammers turned a Microsoft notification address into a spam relay. The emails pass SPF, DKIM, and DMARC.https://devtake.dev/article/microsoft-internal-account-spam-abuse/https://devtake.dev/article/microsoft-internal-account-spam-abuse/Spammers found a Tenant Name injection in Entra ID that pushes fraud text into Microsoft's own OTP emails. The from-line reads msonlineservicesteam@microsoftonline.com.Mon, 25 May 2026 12:00:00 GMTsecuritysecuritymicrosoftentra-idphishingdmarcspamhausemail-securitycredential-theftluca-reinhardtMicrosoft is canceling Claude Code for its engineers. They have until June 30 to switch to Copilot CLI.https://devtake.dev/article/microsoft-cancels-claude-code-licenses/https://devtake.dev/article/microsoft-cancels-claude-code-licenses/Internal Claude Code licenses end June 30, 2026, for Microsoft's Experiences + Devices group. Engineers move to GitHub Copilot CLI instead.Sat, 23 May 2026 10:00:00 GMTaimicrosoftanthropicclaude-codegithub-copilotcopilot-cliai-assistantagentic-codingdieter-morelliGitHub's internal repos were breached. The attacker came in through a poisoned VS Code extension.https://devtake.dev/article/github-internal-repos-breach-vscode-extension/https://devtake.dev/article/github-internal-repos-breach-vscode-extension/GitHub detected the intrusion on May 18 after a malicious VS Code extension compromised an employee's device. The attacker claims to have exfiltrated 3,800 internal repositories.Fri, 22 May 2026 10:15:00 GMTsecuritysecuritygithubvscodesupply-chaincredential-theftdev-toolsluca-reinhardtMicrosoft is killing SMS codes on consumer Microsoft accounts. Passkeys take over by December.https://devtake.dev/article/microsoft-authenticator-sms-passkeys-end/https://devtake.dev/article/microsoft-authenticator-sms-passkeys-end/Microsoft is phasing out SMS sign-in and recovery on personal Microsoft accounts by December 2026. Replacements: passkeys, Authenticator, or verified email.Thu, 21 May 2026 11:30:00 GMTsecuritymicrosoftpasskeyssmsauthenticationfido2microsoft-authenticatorsim-swapsecurityluca-reinhardtA federal jury took two hours to throw out Elon Musk's lawsuit against Sam Altman and OpenAI.https://devtake.dev/article/musk-openai-lawsuit-jury-verdict/https://devtake.dev/article/musk-openai-lawsuit-jury-verdict/On May 18 a nine-juror panel rejected every claim Musk filed against OpenAI in 2024. Judge Yvonne Gonzalez Rogers had told the courtroom she was ready to dismiss on the spot.Tue, 19 May 2026 10:15:00 GMTpolicypolicyopenaielon-musksam-altmanlawsuitmicrosoftai-governanceregulationclara-wexlerA USB stick now opens a BitLocker drive in 60 seconds. The researcher calls it a backdoor.https://devtake.dev/article/yellowkey-bitlocker-zero-day-bypass/https://devtake.dev/article/yellowkey-bitlocker-zero-day-bypass/A pseudonymous researcher dropped two unpatched Windows zero-days on May 12. YellowKey bypasses BitLocker via WinRE; Microsoft has not acknowledged either bug.Thu, 14 May 2026 10:15:00 GMTsecuritysecuritybitlockermicrosoftwindowszero-daywinretpmfull-disk-encryptionluca-reinhardtNV Energy is cutting off 49,000 Lake Tahoe homes by May 2027. The power is going to AI data centers.https://devtake.dev/article/tahoe-liberty-utility-data-center-power/https://devtake.dev/article/tahoe-liberty-utility-data-center-power/Liberty Utilities serves 49,000 Tahoe customers. NV Energy supplies 75% of that power and is reclaiming it for Northern Nevada data center expansion.Thu, 14 May 2026 10:00:00 GMTpolicypolicydata-centersai-infrastructureenergynv-energyliberty-utilitiescalifornianevadaclara-wexlerMicrosoft tested 19 LLMs as document editors. Even the best ones corrupted 25% of the content.https://devtake.dev/article/llms-corrupt-documents-delegation-errors/https://devtake.dev/article/llms-corrupt-documents-delegation-errors/The DELEGATE-52 benchmark tests AI editing across 52 professional domains. Frontier models corrupt a quarter of document content over long workflows.Sun, 10 May 2026 09:00:00 GMTaillmai-modelsbenchmarksmicrosoftdelegationvibe-codingdieter-morelliApple dropped its 7-year 'net cash neutral' policy. Ternus is freeing up the balance sheet for AI.https://devtake.dev/article/apple-ternus-power-on-invest-cash-differently/https://devtake.dev/article/apple-ternus-power-on-invest-cash-differently/Mark Gurman's May 3 Power On reads Apple's quiet capital-allocation shift as cover for John Ternus to spend more on AI infrastructure and acquisitions, less on buybacks.Tue, 05 May 2026 09:45:00 GMTappleapplejohn-ternustim-cookmark-gurmanai-infrastructureai-chipshyperscalercapital-allocationnaomi-parkVS Code shipped 'Co-Authored-by Copilot' on every commit by default. Microsoft is reverting it.https://devtake.dev/article/vscode-ai-coauthor-default-pr-310226/https://devtake.dev/article/vscode-ai-coauthor-default-pr-310226/A two-line PR flipped the AI co-author flag from off to all in April. Hand-typed commits started getting Copilot attribution. The maintainer apologized and promised a fix in 1.119.Tue, 05 May 2026 09:15:00 GMTwebgithub-copilotvscodemicrosoftdev-toolsai-coauthorgitjavascriptai-assistantluca-reinhardtMicrosoft Edge keeps every saved password in cleartext memory. Microsoft calls it 'by design'.https://devtake.dev/article/microsoft-edge-cleartext-passwords-memory/https://devtake.dev/article/microsoft-edge-cleartext-passwords-memory/A researcher showed Edge decrypts the entire password vault at launch and leaves it in process memory. Chrome decrypts on demand. Microsoft says it's intentional.Tue, 05 May 2026 08:45:00 GMTsecuritysecuritymicrosoftedgebrowser-securitycredential-theftchromiumpasswordsprivacyluca-reinhardtGitHub Copilot's Claude Opus multiplier jumps to 27x on June 1. Monthly plans dodge the hike.https://devtake.dev/article/github-copilot-multiplier-hike-june-2026/https://devtake.dev/article/github-copilot-multiplier-hike-june-2026/GitHub's new model multiplier table for Copilot Pro and Pro+ annual plans lands June 1. Opus 4.6 goes 3 to 27. Sonnet 4.6 goes 1 to 9.Mon, 04 May 2026 10:45:00 GMTaigithub-copilotgithubai-agentspricingmicrosoftanthropicclaude-opusdev-toolsdieter-morelliMicrosoft open-sourced the earliest known DOS code, transcribed from a stack of Tim Paterson's printouts.https://devtake.dev/article/microsoft-dos-source-code-open-sourced/https://devtake.dev/article/microsoft-dos-source-code-open-sourced/MIT-licensed at GitHub on April 28, the 86-DOS 1.00 kernel and PC-DOS development snapshots were OCR'd from 45-year-old assembler listings.Sun, 03 May 2026 12:45:00 GMTopen-sourcemicrosoftdos86-dosopen-sourceretrocomputingmit-licensegithubtim-patersonsoren-vanekSamsung is building Galaxy Book laptops with Android, not Windows. Three tiers are in the works.https://devtake.dev/article/samsung-galaxy-book-android-one-ui/https://devtake.dev/article/samsung-galaxy-book-android-one-ui/SamMobile reports Samsung is preparing low-end, mid-range, and flagship Galaxy Books on Android 17 One UI 9, timed to Google's Aluminium OS push at I/O 2026.Sun, 03 May 2026 12:30:00 GMTandroidsamsunggalaxy-bookandroidone-uisamsung-dexlaptopaluminium-osgoogle-ionaomi-parkHyperscalers are on track to spend $700B on AI infrastructure in 2026https://devtake.dev/article/hyperscaler-700b-ai-capex-2026/https://devtake.dev/article/hyperscaler-700b-ai-capex-2026/Big-tech AI capex is projected at $700B in 2026, up from $410B in 2025. Microsoft alone guided $190B. Wall Street is split: Meta got punished for the spend, Alphabet rallied.Fri, 01 May 2026 10:45:00 GMTaiai-infrastructureinfrastructuredata-centershyperscalermicrosoftalphabetmetaai-chipsdieter-morelliSamsung Q1 profit hit 57.2 trillion won. Memory chips for Nvidia drove 93% of it.https://devtake.dev/article/samsung-q1-2026-record-ai-chip-profit/https://devtake.dev/article/samsung-q1-2026-record-ai-chip-profit/Samsung Electronics posted record Q1 2026 results on April 30: 133.9 trillion won revenue and 57.2 trillion won operating profit. Semiconductors did 93% of the work.Thu, 30 Apr 2026 09:00:00 GMThardwaresamsunghbmai-chipsdramsemiconductornvidiamemoryai-infrastructurehiro-tanakaWiz found an RCE in GitHub's git-push pipeline. The patch shipped in six hours.https://devtake.dev/article/github-rce-cve-2026-3854-wiz/https://devtake.dev/article/github-rce-cve-2026-3854-wiz/CVE-2026-3854 is a CVSS 8.7 RCE in GitHub's git-push pipeline. github.com fixed it within hours. 88% of Enterprise Server installs were still vulnerable at disclosure.Wed, 29 Apr 2026 09:05:00 GMTsecuritygithubsecuritycve-2026-3854rcesupply-chainwizgithub-actionsdev-toolsluca-reinhardtOpenAI's models are on AWS Bedrock the day after Microsoft lost exclusivityhttps://devtake.dev/article/openai-amazon-bedrock-managed-agents/https://devtake.dev/article/openai-amazon-bedrock-managed-agents/Amazon shipped Bedrock Managed Agents powered by OpenAI on April 28, plus Codex on Bedrock. Altman tells Stratechery the runtime matters as much as the model.Wed, 29 Apr 2026 08:55:00 GMTaiopenaiamazonawsbedrockai-agentscodexsam-altmanai-infrastructuredieter-morelliGitHub Copilot kills premium requests on June 1. Token billing arrives, fallback models do not.https://devtake.dev/article/github-copilot-usage-based-billing/https://devtake.dev/article/github-copilot-usage-based-billing/On June 1 every Copilot plan switches to GitHub AI Credits priced per token. Code completions stay free. Fallback models and credit rollover do not.Tue, 28 Apr 2026 11:00:00 GMTaigithub-copilotgithubai-agentspricingmicrosoftanthropicclaude-opusdev-toolsdieter-morelliMicrosoft and OpenAI just rewrote their deal. Exclusivity is dead, and so is the AGI clause.https://devtake.dev/article/microsoft-openai-deal-revenue-share-end/https://devtake.dev/article/microsoft-openai-deal-revenue-share-end/Microsoft loses exclusive rights to OpenAI's models. The revenue share now caps at 2030 and stops depending on AGI. Here's what actually changed and who it benefits.Mon, 27 Apr 2026 19:00:00 GMTaiopenaimicrosoftai-modelsazurellmai-infrastructureanthropicgpt-5-5dieter-morelliMicrosoft April 2026 Patch Tuesday: 167 fixes, two zero-days, and a SharePoint bug already in CISA's KEVhttps://devtake.dev/article/microsoft-patch-tuesday-april-2026-sharepoint/https://devtake.dev/article/microsoft-patch-tuesday-april-2026-sharepoint/Microsoft's April 8 Patch Tuesday closes 167 CVEs. CVE-2026-32201 in SharePoint is being exploited and CISA added it the same day. Here's what to patch first.Mon, 27 Apr 2026 15:00:00 GMTsecuritymicrosoftpatch-tuesdaycve-2026-32201sharepointdefenderzero-daysecuritycisa-kevluca-reinhardtOpenAI's Privacy Filter is a 1.5B PII redactor that ships under Apache 2.0. Here's what it actually does.https://devtake.dev/article/openai-privacy-filter/https://devtake.dev/article/openai-privacy-filter/OpenAI released Privacy Filter on April 22 as an open-weight on-device model for masking eight types of PII. F1 of 96%. Runs in a browser. Here's the catch.Sun, 26 Apr 2026 13:00:00 GMTaiopenaiprivacypiiopen-weightsai-modelsllmhugging-facedata-privacydieter-morelliUbuntu 26.04 LTS ships Wayland-only, Rust coreutils, and post-quantum SSH by defaulthttps://devtake.dev/article/ubuntu-26-04-lts-release/https://devtake.dev/article/ubuntu-26-04-lts-release/Canonical released Ubuntu 26.04 'Resolute Raccoon' on April 23. It's the first LTS without X11, ships kernel 7.0 and GNOME 50, and sets post-quantum SSH on by default.Thu, 23 Apr 2026 19:30:00 GMTopen-sourceubuntuubuntu-26-04linuxcanonicalltswaylandrust-coreutilspost-quantumsoren-vanekMicrosoft rushed an out-of-band ASP.NET Core patch. If you shipped between April 14 and April 21, you need to rebuild.https://devtake.dev/article/microsoft-aspnet-emergency-patch/https://devtake.dev/article/microsoft-aspnet-emergency-patch/CVE-2026-40372 lets attackers forge auth cookies on .NET 10.0.6 apps on Linux and macOS. The fix is 10.0.7. Here's what broke, who's exposed, and how to patch.Thu, 23 Apr 2026 09:30:00 GMTsecuritymicrosoftaspnetdotnetcve-2026-40372data-protectionout-of-band-patchsupply-chainluca-reinhardtMozilla fixed 271 Firefox bugs that Claude Mythos found. Its own tests caught 22.https://devtake.dev/article/mozilla-firefox-mythos-bug-hunt/https://devtake.dev/article/mozilla-firefox-mythos-bug-hunt/Firefox 150 shipped Monday with 271 security fixes from Anthropic's Project Glasswing. Mozilla CTO Bobby Holley says Mythos matches elite human researchers.Wed, 22 Apr 2026 13:00:00 GMTopen-sourcemozillafirefoxanthropicclaude-mythosproject-glasswingsecurityai-securitysoren-vanekGitHub Copilot paused new signups and kicked Opus out of Pro. Here's what actually changed.https://devtake.dev/article/github-copilot-pro-plan-changes/https://devtake.dev/article/github-copilot-pro-plan-changes/GitHub froze Copilot Pro/Pro+/Student signups on April 20 and moved Claude Opus 4.7 behind the $39 Pro+ tier. Agent workflows broke the old math.Wed, 22 Apr 2026 11:30:00 GMTaigithub-copilotanthropicmicrosoftclaude-opusai-agentspricingdev-toolsdieter-morelliNSA is running Anthropic's Mythos. The Pentagon says Anthropic is a supply-chain risk.https://devtake.dev/article/nsa-anthropic-mythos-blacklist/https://devtake.dev/article/nsa-anthropic-mythos-blacklist/Axios reports the NSA is using Anthropic's unreleased Mythos model even though the Defense Department has blacklisted Anthropic. One government, two positions.Mon, 20 Apr 2026 15:30:00 GMTaianthropicclaude-mythosnsapentagoncybersecurityproject-glasswingnational-securitydario-amodeidieter-morelliTrivy got hijacked: 75 of 76 version tags rewrote to drop a CI secret-stealerhttps://devtake.dev/article/trivy-supply-chain-attack-compromise/https://devtake.dev/article/trivy-supply-chain-attack-compromise/Attackers force-pushed 75 of 76 trivy-action tags to a malicious commit. Pinning by tag turned a trusted scanner into an infostealer for CI pipelines.Sat, 18 Apr 2026 08:30:00 GMTsecuritysupply-chaintrivyaqua-securitygithub-actionscicddevsecopsteampcpluca-reinhardt