Lots of things are popping up as sovereign alternatives to M365. Very few of them seem to focus on the things that lock corporate users into the M365 ecosystem. For anyone looking at these things, here are a few things I’d regard as table stakes for a lot of current M365 users (note: not a complete list):

• Autosaving to an organisation-controlled (and backed up) storage location. Can be hosted by a third party (small companies don’t want to do this themselves).
• Version tagging of documents.
• Native apps for Windows, macOS, Android and iOS.
• Web apps for all of the same functionality as the native apps.
• Collaborative editing that works between both web and native views of the same document.
• Integrated account management.
• Sharing with both anonymous (anyone with the link) and externally authorised (partner org via OAuth or whatever) entities outside the company
• Auditable access control, with mechanisms for revoking access to, or limiting sharing of, documents, at different granularities.
• Easy integration with third-party document management systems (for ISO 9001 and similar compliance).
• Presenter mode for the presenter app in the video conferencing system, so the slides are rendered locally at the other end and work with accessibility tools (this is a legal requirement in some jurisdictions).
• Easy file sharing in the integrated chat system.
• Server-side search across documents (the SharePoint one isn’t good, but it’s better than nothing).
• Easy extension mechanism adding in-house workflow-specific behaviours.
• Export and import of OOXML (yes, OOXML sucks. But I often need to send a PowerPoint presentation to be compiled in someone else’s deck at a different company or at a conference and I need to know it will work. Keynote, impressively, can export PowerPoint files that crash the PowerPoint web viewer).
• GDPR-compliant ways of deleting things.
• Multi-factor authentication.
• Automatic updates for security patches.
• Don’t send everyone 30 emails to everyone not in your ecosystem when someone adds an agenda to a meeting invitation (yes, Google Calendar, I’m looking at you).

Note that a couple of these effectively preclude anything AGPL’d. If a company adds some extensions to the system and shares a link with another company, AGPL means that they have to share the code for those extensions. Even without extensions, AGPL imposes conditions that mean someone needs to talk to a lawyer before allowing link sharing with external entities. GPL is fine for this (extensions are not distributed, so the issues don’t arise) but AGPL comes with too much legal risk to be considered.

Some things that M365 does that probably aren’t essential but are nice:

• Integration with OS remote-file mechanism on macOS and Windows so sets of files can be locally ‘sync’d’ but actually loaded on demand and automatically excluded from backups.
• Collaborative editing of all documents in the video-conferencing system. Sometimes it’s really useful to bring up a shared view and let everyone type in, say, a spreadsheet.

Some people use InTune for Cyber Essentials and ISO 27001 but it’s such a complete security disaster that no one should ever deploy it in any situation, especially not for security certification. Something written by people who actually know what the principle least privilege is would be useful.

And a few things where M365 is bad (there are many of these, but from the top of my head) and you could easily do much better:

• Calendars with events owned by a team, not an individual, so anyone can cancel a meeting if there isn’t quorum, or can reschedule it if the organiser leaves the company.
• Search that actually works.
• An Improv-like spreadsheet.
• Proper semantic markup in the word processor with clear separation of stylesheets.
• A modern typesetting system. And, by modern, I mean ‘algorithms designed for 1970s minicomputers’, not the more limited versions cut down for 1980s microcomputers.
• A consistent set of editing tools, along the lines of ClarisWorks, so drawing in a word processor and a presenter aren’t different, and a table view in a word processor or presentation is a spreadsheet.
• PowerPoint has morph transitions for doing key frame animation. This is better than PowerPoint used to be, but it’s worse than Flash was in 1996. Catch up with 30-year-old technology.
• Actually respect the HIGs on macOS.
• Don’t be Exchange. This one is easy. But Exchange remains the absolute worst at everything it does.
• Add a mechanism for flagging personal info in emails. Outlook has no way of being GDPR-compliant if, for example, someone emails a CV. At MS, we were told to simply delete the email and tell the person to apply through another system. But what I want is to be able to tag the email as personal information for the sender and have it deleted and expunged if a GDPR request to do so is filed.
• Actually, better GDPR-compliance tooling throughout would be nice.
• Anomaly detection in the back end to trigger reauthentication if a client device appears to be accessing things unusually, including out-of-band notification of what the user has accessed so they can confirm that it’s intentional.
• Default to opening files in ‘view only’ mode.
• An integrated document-management system so you don’t need to buy a third-party one for ISO 9001.
• A clear export flow for sharing a version of a document with no history, while the internal version has complete history available.

#Russia invented a completely made-up ‘expert’ - ‘Dr Manuel Godsin’ - complete with a stolen photo from a real Russian guy, fake PhD claims, and zero real existence.

They used OpenAI’s ChatGPT to ghostwrite dozens of pro-Russia, anti-West articles under his name, planting them in #Africa newsrooms across #SouthAfrica, #Kenya, #Nigeria & more.

73 publications. 27 sites. 8 countries.

https://disinfo.africa/warning-bells-openais-operation-no-bell-86aa3c113170

If you don’t have the resources to write and understand the code yourself, you don’t have the resources to maintain it either.

Any monkey with a keyboard can write code. Writing code has never been hard. People were churning out crappy code en masse way before generative AI and LLMs. I know because I’ve seen it, I’ve had to work with it, and I no doubt wrote (and continue to write) my share of it.

What’s never been easy, and what remains difficult, is figuring out the right problem to solve, solving it elegantly, and doing so in a way that’s maintainable and sustainable given your means.

Code is not an artefact, code is a machine. Code is either a living thing or it is dead and decaying. You don’t just write code and you’re done. It’s a perpetual first draft that you constantly iterate on, and, depending on what it does and how much of that has to do with meeting the evolving needs of the people it serves, it may never be done. With occasional exceptions (perhaps? maybe?) for well-defined and narrowly-scoped tools, done code is dead code.

So much of what we call “writing” code is actually changing, iterating on, investigating issues with, fixing, and improving code. And to do that you must not only understand the problem you’re solving but also how you’re solving it (or how you thought you were solving it) through the code you’ve already written and the code you still have to write.

So it should come as no surprise that one of the hardest things in development is understanding someone else’s code, let alone fixing it when something doesn’t work as it should. Because it’s not about knowing this programming language or that (learning a programming language is the easiest part of coding), or this framework or that, or even knowing this design pattern or that (although all of these are important prerequisites for comprehension) but understanding what was going on in someone else’s head when they wrote the code the way they wrote it to solve a particular problem.

It frankly boggles my mind that some people are advocating for automating the easy part (writing code) by exponentially scaling the difficult part (understanding how exactly someone else – in this case, a junior dev who knows all the hows of things but none of the whys – decided to solve the problem). It is, to borrow a technical term, ass-backwards.

They might as well call vibe coding duct-tape-driven development or technical debt as a service.

🤷‍♂️

#AI #LLMs #vibeCoding #softwareDevelopment #design #craft

Cattails at sunset.

March 19, 2026. Wolverine Lake, Michigan.

#photography #sunset #reflection #michigan #spring #art #MastoArt

"Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.

The user is never asked. Never told. LinkedIn’s privacy policy does not mention it."

https://browsergate.eu/