Entra Hardening Tip #9 🔐

Don’t use client secrets for app authentication.

Use this decision tree when a developer or vendor asks for an app registration to be created in your tenant. 👇
1/14

Threat intel and Cybersecurity research firms: if you're not providing RSS feeds to your blog, you're hurting your brand.

Whatever traffic you think you're driving to the site by preventing analysts from ingesting feeds is outweighed by the reputational damage of not providing a service we expect and rely on.

And if your reason is because it's hard behind Cloudflare, well, you're telling on yourself twice.

Imagine if someone photocopied every book in the public library, burned the library down, and then opened a subscription service for the copies.

That's the AI business model.

And here's how they're pitching their slop to us.

Sam Altman: “We see a future where intelligence is a utility, like electricity or water, and people buy it from us on a metre."

#AI #SamAltman #AIslop #TechBrosAreInsane

I bought a car. I’m trying to get Toyota to stop sending telemetry. I call support. They tell me I can just sign in with the app and make changes.

I point out that installing and using the app binds me to terms and conditions, one of which is binding arbitration. So I will not be installing the app.

No, no. The customer service agent confidently contradicts me. You don’t sign a contract by installing the app. It’s just like making a Facebook or google account.

🤦🏻

If someone wants to leak me a copy of this app (either .apk or .ipa), please reach out on Signal — my username is zackwhittaker.1337 — and I would be keen to run this app through Burp Suite to see how it works. Happy to grant anonymity.

https://www.govexec.com/management/2026/05/white-house-ordering-agencies-place-its-new-app-all-employees-government-phones/413738/

In Yesterday's IO Keynote Google declared war on the remnants of the Web.

While they packaged it as a lot of "AI" talk what their whole approach of decontextualizing information, of taking away links to sources and instead producing some LLM generated response means is that they want to establish a new abstraction layer on the web. Where Zuckerberg with his Metaverse failed Google is starting the next attack: Your website, your work no longer matters.

Well it matters as (unpaid) raw material for their synthetic text extruders but not as cultural artifact you can share with others.

This is a literal revolution but one against the participatory web, against us: The goal is to take away the web and guide people into Google's abstraction on top of it. An abstraction they control and moderate. It's about monopolizing access to information.

If you care about the web, about people's ability to participate in it as more than mere passive consumers, this needs to be taken seriously. De-Googlifying your mental apparatus becomes more urgent today. Find other search engines, don't use their browser. Or wake up in a slopified AOL kind of environment.