The Year of Disconnect

13 minute read Published: 2024-12-26

What a year huh? I thought about doing a broad review of the year in cyber news. Over a year of running the TTI Intel Feed has given me a front-row seat to the weirdest show on earth. Problem is, there's just too much. 0-days, ransomware, nation state activity, cybercrime—any one area would take more time than I have to write, certainly more time than you have to read.

But as I read through article after article, one thought kept popping into my head:

"Boy, Microsoft sure ate a lot of shit this year."

My second thought was: "Boy, none of that mattered at all to their performance."

There's a fundamental disconnect between major tech company performance as creators of products and services, and their net worth/market capitalization. One does not appear to impact the other. As a result, the decisions made by these companies have almost nothing to do with consumer demand. Investor confidence is about something else, and that's what these companies are chasing.

But first, what happened with Microsoft this year?

Microsoft's Horrible, No-Good, Very Bad Year

Let's start with January 2024 disclosure of a 2023 breach—specifically, the long-running infiltration by Russian hacking group Midnight Blizzard. Password spraying led to widespread disclosure of customer emails across multiple sectors. This report would have several knock-on effects, including another crisis of confidence in Microsoft's cloud services.

Bear in mind, this crisis was limited to customers. Investors seemed to care not a whit.

That confidence took another hit in April 2024, when the Cybersecurity Safety Review Board released its report about the previous compromise of Microsoft by the Chinese hacking group known as Storm-0558, in the summer of 2023. If you haven't read this report, it's a barn burner. It's extra spicy. It's Nashville hot. Check out this passage from the conclusion:

Microsoft’s products and services are ubiquitous. It is one of the most important technology companies in the world, if not the most important. This position brings with it utmost and global responsibilities. It requires a security-focused corporate culture of accountability, which starts with the CEO, to ensure that financial or other go-to-market factors do not undermine cybersecurity and the protection of Microsoft’s customers.

Unfortunately, throughout this review, the Board identified a series of operational and strategic decisions that collectively point to a corporate culture in Microsoft that deprioritized both enterprise security investments and rigorous risk management. These decisions resulted in significant costs and harm for Microsoft customers around the world. The Board is convinced that Microsoft should address its security culture.

Woof. That's the US federal government saying Microsoft doesn't care about its customers. No punches are pulled.

Senator Ron Wyden (D-OR) piled on with draft legislation to untangle the federal government from vendor lock-in—basically a law that would prevent the stranglehold Microsoft has had on government systems for decades. A recent ProPublica report highlights some of the sketchy tactics used by Microsoft to ensure that lock-in, including providing "free" trials of critical software that become indispensable to agencies, and then ratcheting the price up once the crucial data was locked into Microsoft tools.

Plainly, the federal government was not Microsoft's biggest fan in 2024. Don't worry though—investors were undisturbed.

Microsoft responded to the report by expanding the extant Secure Future Initiative and, per CEO Satya Nadella, "prioritizing security above all else," in May. The closing 'graph is quite the directive:

If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security. In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems. This is key to advancing both our platform quality and capability such that we can protect the digital estates of our customers and build a safer world for all.

Cool. Cool cool cool. Did they deliver? Let's go to the end of May!

Kevin Beaumont headline: Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

Freakin' yikes! Recall, a feature of new "Copilot + PCs" that captured screenshots every five seconds from your desktop and stored the screenshots and metadata, including OCR text from captured images, was an unmitigated disaster in its first outing. The database was unencrypted, the default was opt-in, and as Kevin Beaumont points out, the database's accessibility by the local user made it a goldmine for malicious actors, especially for malware like infostealers. And of course, such a tool is bidirectionally risky: it's not just whether you have it enabled, it's whether anyone you interact with has it enabled.

So Microsoft quickly shelved the initial release, although it has since re-released a more secure version. Still, the reputational damage was done—at least in theory. But not in share price!

Then came July, and the biggest cyber incident in history, in terms of systems impacted. A faulty update from cybersecurity vendor Crowdstrike disabled Windows systems across the globe, grounding flights and halting commerce. I'm unsure of the official count at this point, but early estimates put the number of impacted systems in the millions. While not an "attack" per se, the faulty update to definitions in the Crowdstrike Early Launch Anti-Malware (ELAM) driver had the same result as a widespread, coordinated attack.

But wait, why is this Microsoft's problem? Many blamed Microsoft for allowing vendors to access the Windows kernel (the core of the operating system) without sufficient safeguards to maintain operation in the event of a driver failure. As it was, many systems in remote, hard-to-reach locations had to be manually power cycled and recovered.

Now this one did in fact have a stock price impact, as well as promises to rethink kernel security. As of this writing, nothing substantive has come of those considerations.

We're almost done. Before finishing our review of Microsoft's Year of Hell, I wanted to call out the abominable state of patch stability. By my count from the Intel Feed, there were at least 9 breaking updates from Microsoft. They were:

Windows 11 24H2 upgrades blocked on some PCs due to audio issues: 19 December 2024
Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls: 21 November 2024
Microsoft says recent Windows 11 updates break SSH connections: 9 November 2024
Microsoft confirms August updates break Linux boot in dual-boot systems: 22 August 2024
August Windows security update breaks dual boot on Linux systems: 20 August 2024
July Windows Server updates break Remote Desktop connections: 26 July 2024
June Windows Server updates break Microsoft 365 Defender features: 15 July 2024
Microsoft says April Windows updates break VPN connections: 1 May 2024
Recent Windows updates break Microsoft Connected Cache delivery

9 might not seem bad, until you remember that these updates come out monthly, and, oh yeah, there are only 12 months in a year. 9/12 updates with serious issues for users is a pretty awful record. I'm not sure what kind of Quality Assurance process is in place for these patches, but it's clearly insufficient.

None of it Mattered

I didn't run you through all that just to thoroughly dunk on Microsoft (although, y'know, side benefit). I did it to make clear how utterly detached from customer reality the market value of Microsoft (and, really, most big tech companies) is.

You might think that these constant blow to Microsoft's reputation resulted in a battered stock price. Quite the opposite.

Microsoft's doing better than ever. July 7, 2024 saw the stock's all-time high. Here's an annotated 1-year chart of stock price:

Yahoo finance chart showing Microsoft stock price through 2024

Those numbers are:

Midnight Blizzard disclosure
CSRB report
Recall
Crowdstrike

Of these, only the Crowdstrike incident shows a significant impact on price, although the stock soon recovered. What accounts for all this investor confidence?

Microsoft's latest earnings statements show considerable growth. Of particular note is the growth in what Microsoft internally refers to as "Intelligent Cloud," aka Azure. 20% growth in 2024 is nothing to sneeze at, and it far outpaces other areas of the business.

slide from Microsoft earnings statement Q4 2024 deck, highlighting Server product revenue up 21%

Growth is everything. That's not a tech idiosyncrasy; that's a capitalist axiom. Ford Motor Company hit its 5-year high in January 2022.

Stock chart of Ford showing 5 year high on 1/13/22 at 23.63

Sales were not the highest then (they've increased since), and neither was revenue (also now higher). What was particularly strong was year-over-year quarterly growth, with 4 quarters of pandemic rebound bolstering the company.

Near as I can tell—I admit to being no business expert—it is growth that spurs investor confidence, which would be fine when you're expanding into new markets or territories. But Microsoft, in terms of end users, has no more worlds to conquer. But that's not where Microsoft's growth is—remember, its growth is in cloud services.

You Don't Matter (To Big Tech)

If you're still thinking of Microsoft as a software business, you missed the memo, probably because Outlook crashed again. Microsoft is a cloud services business, and Windows is simply a way to onboard you—and every business on earth—to those services.

You, dear end user, are not Microsoft's customer. Well, I guess you are if you're one of the twelve people who directly bought an Office or Windows license outside of school or work (have you seen what a Server license costs??). But if you are one of those twelve, Microsoft doesn't give a rat's ass about you, and it certainly doesn't about the millions—billions?—of people forced to use their products by work, school, or circumstance. If Windows and Office continue to rake in licensing fees from businesses, then they are achieving their objective. Meanwhile, Azure continues to grow its cloud footprint, and especially mature its LLM offerings. Heck, where do you think ChatGPT resides, after all?

Microsoft's true customers are the businesses paying for their cloud services, and secondarily (an insane idea for anyone born before 2000), businesses paying to license their software. Individual users get what they get, and they'll use it no matter how awful, insecure, or just broken it is. That's the beauty of monopoly, baby: when you're the only game in town, you don't need to do better. Or rather, you do, but not for the end user.

Isn't it odd that suddenly generative AI is everywhere, in everything, despite almost nobody asking for it?

red banner with yellow text, in propaganda style: stop forcing AI into fucking everything. Nobody asked for it. Everyone hates it.

Source

Let's distinguish the direct chatbot products, for which there is a considerable, lamentable market, from every other tech product in existence that suddenly includes large language model components for no reason. In every case, their utility is questionable at best, if not outright detrimental. Google Search is the exemplar here. The AI Overview responses were not just unhelpful, but potentially dangerous. Nobody wanted the liebots to provide summaries of search, nor did they want the top results to routinely be nothing but LLM garbage, and yet here we are.

Apple, often considered the last bastion of products-over-services, of useful design, has not escaped this plague. The launch of Apple Intelligence has garnered more ridicule than anything. Plus, ironically, the integration with ChatGPT (with other models on the way), means the user experience is inexorably linked to rival products. This is a state of affairs Apple used to bend over backwards to avoid. Arguably, that's why we even have the App Store. So in addition to sucking, Apple's AI product strategy would appear to compromise core principles for the company.

Why? Whom does this change benefit? Put another way, where is the growth?

Microsoft. Apple. Google. Amazon. What are they making new? What are they making more of?

The Real Game

Data. Centers. This is the game now: building compute capacity and competing to sell it to the highest bidder—all business-to-business transactions. The end user is effectively lubrication for the transaction. As long as you continue to use the services, you are fulfilling what these companies need from you. And since these companies are borderline (or complete) monopolies, you will.

I'm not sure which way it goes, but "AI" requires data center expansion for its snake-oil salesmen to have any hope of realizing their empty promises, and meanwhile companies like Microsoft and Google require AI to justify their cloud expansions to offer new services to companies that they've already milked dry in other market sectors. I really don't know which came first: the desire to build more cloud compute, or the supposed need for more compute for LLMs, but it's a match made in a dry, cooked, hell on earth.

Oh, but the growth!

Meanwhile, your needs or wants as a consumer? Who cares! Big tech has you, and they know it, and so they're pursuing whatever growth they can find, not whatever matters to you.

2024, more than any year before it, was the Year of Disconnect. The Invisible Hand was marionette-stringed by an Invisibler Hand. Consumer preference as perceived by the individual lost influence on corporate strategy. All that matters now is compute growth. Whether that's for LLMs or whatever comes next, they want you buying those CPU cycles, and they'll make sure whatever they put in your hands requires them.

It's not like you're gonna stop using the services, after all.