March 31, 2025

Microsoft Azure Is Retiring Your Admin Access | Tech News of the Week

Microsoft Azure Is Retiring Your Admin Access | Tech News of the Week

It's a wild week in tech and we're taking you on a ride through the most ridiculous and revealing stories from the digital frontier. Buckle up.

šŸŽµ Remember Napster? Of course you do. It was the soundtrack to many of our teenage years, sneaking MP3s over college Ethernet networks and dodging Metallica-shaped lawsuits. Well, guess what? It's back... again. Sort of. Another Web3 company has paid *$207 million* for the name and logo of a brand that hasnā€™t made a dime since Bush was in office. We break down the hilariously tragic life and times of Napster and why, in 2025, someone still thinks it's worth salvaging. https://www.theregister.com/2025/03/27/napster_gets_new_owner/

ā˜ļø Microsoft Azure is quietly retiring legacy services, and one of them could break your whole environment. Classic Subscription Administrators are officially on the chopping block, and if you donā€™t migrate to RBAC by April 30, 2025, youā€™re out of luckā€”and out of your own account. Chris takes you through the Azure Service Retirement Workbook (yes, thatā€™s a real thing) and how not to get nuked by an expired admin setting. https://learn.microsoft.com/en-us/azure/advisor/advisor-workbook-service-retirement?tabs=impacted-services

šŸš€ Fermyon and Akamai just teamed up to drop *Wasm Functions*, a WebAssembly-based service with lightning-fast cold starts and a whole lot of polyglot potential. Think apps spinning up in half a millisecond, edge deployment, and basically a glimpse at the future of serverless. Ned explains why this might be WASMā€™s breakout momentā€”and why Azure should probably start taking notes. https://cloudnativenow.com/features/akamai-allies-with-fermyon-to-advance-wasm-adoption/

šŸ“Ø And finally, Troy Huntā€”yes, *that* Troy Hunt from HaveIBeenPwnedā€”got pwned himself. A very convincing phishing attack stole his Mailchimp credentials and leaked 16,000 email addresses. While the fallout isnā€™t catastrophic, itā€™s a humbling reminder that no one is immune. Chris breaks down what went wrong, what to do better, and throws a little shade in the name of cybersecurity hygiene. https://www.darkreading.com/cyberattacks-data-breaches/security-expert-troy-hunt-lured-mailchimp-phish

Chapters

00:00 - - Intro

00:09 - - The Tragic Odyssey of Napster

03:31 - - Azureā€™s Service Retirement Surprise

06:28 - - Wasm Functions: WASM Hits the Edge

08:25 - - Troy Hunt Gets Phished

Transcript

[00:00:00.00]
Announcer: Welcome to Tech News of the Week with your host, Richard Linklater on a Pogo Stick. Welcome to Tech News of the Week.


[00:00:09.28]
Ned: This is our weekly Tech News podcast, where Chris and I discuss four interesting stories that we found in last week's news. I'm going to kick this one-off. It's going to be a little bit of a trip down memory lane. What a long, strange, sad trip that Napster has had. Before the age of streaming music, before you could easily just search for and listen to any song recorded ever on platforms like Spotify, Apple Music, and YouTube, there was a time when you had to purchase physical media from a store if you wanted to check out, say, the latest Cranberries album. Then came the rise of the MP3 and the concomitant rise of file sharing on college campuses. This was due to two things. Number one, college kids are notoriously poor, and number two, colleges started to have Ethernet in their dorms. Once these enterprising youth realized they could easily share files across the network, computer science dweebs wrote software to help facilitate that sharing, and thus, Napster was born in 1999 by Touchan's. Different spellings, but Touchan's nevertheless. That was, um... Brace myself, Chris. That was 26 years ago. I'm so sorry. Record companies were generally opposed to youths stealing music, and with the help of Metallica and one Lars Ulrich, Napster was quickly sued into oblivion by 2001.


[00:01:48.16]
Ned: But the technology was in the air, and clones like LimeWire, Kaza, and Nutella quickly followed, each more filled with spam and spyware than the one before. Eventually, streaming would supplant peer-to-peer file sharing, and record companies would have their profits restored. But whatever happens to the Irswile Napster? It was bought by Roxio, passed to Best Buy, turned into Rapsody, and then renamed back to Napster by 2016. Despite all of these name changes, it never managed to reclaim its former glory. Then in 2022, two Web3 companies, hey, you remember Web3? They purchased Napster for a blockchain VR metaverse experience that never even slightly materialized, like every other blockchain VR metaverse experience. Not to be deterred by that abject failure, the empty husk of the early 'ots' has been sold again to a different Web3 company called Infinite Reality. What does Infinite Reality plan to do with a name no one cares about on technology widely derided as a complete farce? Fourteenth verse, same as the first. Napster has never made money, and at this point, I have to seriously question if there's any value in the name and logo, especially the $207 million infinite reality paid for the name.


[00:03:21.23]
Ned: Reality may, in fact, be infinite, but I fear that Napster's reality may finally be at a merciful close.


[00:03:31.21]
Chris: Did you know that there was such a thing as the Azure Service Retirement Workbook? Me neither. This page in the Azure portal lets you know of upcoming services that Azure is, well, retiring. Now, most of the retirements are basically migrations of a certain functionality to a more modern functionality. So for example, there used to be classic reserved IP addresses. They were actually called that. Now that has been retired, and there are Azure research manager-based public IP addresses. In most cases, the migration is quite simple, and you end up with the same type of service with just whatever, a more modern approach, which I already said, and you probably already figured out. They'll probably also charge you more for the new thing, but hey, that's life in the cloud, baby. I I think that this is a good idea. I do wish that all the links that are shared in the Azure Service Retirement Workbook worked, but what can you do? Why something like this is still in preview is a question for Microsoft for another day. Anyway, this was all brought to my attention because there's a pretty important service offering that is going to be completely shut down on April 30th of 2025, and that is Classic Subscription Administrators.


[00:05:08.15]
Chris: They've been warning about this for a while now, I think over a year. But basically, if you created your Azure environment a while ago, you may or may not have an old school administrator or co-administrator account in charge of a lot of stuff in your environment. And you're going to go ahead and need to change that to the Azure Rbac model, like now. Failure to do so by April 30th, 2025, we'll see those accounts lose all privileges and you'll effectively be permanently disabled forever. Permanent as in, quote, if you don't do the migration and you don't have another admin account, you are going to lose all access to your account and its resources forever, unquote. That is a direct quote from Microsoft. That's This is, as you probably guessed, pretty non-negotiable. So even if you're pretty sure that all your admins are modern with our back, it is best to double check. Guess who's got two thumbs and is super glad that he double-checked because his admin wasn't migrated, even though he totally would have sworn it was. That's right, folks. It was Ned. He's so, so irresponsible.


[00:06:28.16]
Ned: Like, It was a good joke, but also 100% true because I did this last week. Fermion and Akamai team up for Wazam. Webassembly Pioneers Fermion have teamed up with CDN Specialist Akamai to offer WebAssembly as a service through their Edge workers. The platform is being called Wazam Functions, and it runs on hosted nodes in Akamai's core and distributed Edge points, similar to Cloudflare trackers. The two main selling points of WASM functions are the polyglot nature of WASM to begin with and the incredibly fast cold start times of WASM applications. Typical functions in a service like Lambda or Azure functions, have a slight delay when being invoked due to the back-end needing to spin up a run time and load the code for the function. You can reduce the startup time by using a compiled application and a minimal run time Think of a Rust program, but you may still see startup times in the range of 2 to 500 milliseconds, according to Matt Butcher from Fermion. Usually, that's not a big deal. But if you require a more responsive function, Butcher claims that WASM functions can bring cold starts down to half a millisecond. The acceleration has to do with the sandbox nature of WASM, which obviates the need for a fire cracker VM or a container to load the one time, and the fact that WASM is compiled into bite code, which reduces dependencies and the need for an interpreter layer.


[00:08:07.25]
Ned: I've been watching the WASM space closely, and I suspect this is going to be the service that finally pushes WASM into the forefront. With Akamai leading the way, Wazam functions on other platforms are certain to follow quickly. Azure, I'm looking at you.


[00:08:25.10]
Chris: Troy Hunt of haveibeenpwn. Com falls victim to a well-crafted phishing attack. You know that old saying, It happens to the best of us? Well, here is what we in the business call a case in point. Troy Hunt has been running the Have I Been Poned website for well over a decade. The site lists information gathered from dumps of data stolen by bad actors to let you know that your info is out there for the taking. Most of the time this is gotten because somebody fell victim to a fishing attack or unsecured S3 bucket. Anyway, this week, Troy is going to have to add a breach of his own website to this list. Troy himself personally fell for a quote, well-crafted phishing attack that simulated a request from Mailchimp to log in. If he didn't, it would have interfered with his mailing list. The login he was sent to, of course, was not actually Mailchimp's website, but a false one. The attackers promptly took the real password and downloaded a full export of data from Mailchimp about his mailing list. That's about 16,000 people. Now, in this case, the breach itself does not constitute a massive security issue.


[00:09:54.09]
Chris: The export only contained email addresses and IP-based location information, which is a guess. But it's notable because this is a successful attack that was carried out against someone who absolutely should have known better. To his credit, Troy owned up to it immediately, saying that the fear inspired from the fish was enough that his brain overrode the normal paranoia that anyone who does anything online ever should have as their default position. There was also no talk about the Mailchimp login being protected by MFA, which if that's true, shame, Troy. Shame. This is all just to say that even though it's 2025 and we think that we have fishing under control, we really don't. It would be like saying, I went to the doctor for a while and I only have a little cancer. You You still have to deal with the cancer. Standard rules apply. Apply MFA to everything. Use a password manager. Don't repeat passwords. And if anything about a login page ever triggers a red flag, take 10 and then reassess. Whatever it is, it's not that important. As a great philosopher once said, Just because you're paranoid, it doesn't mean they aren't out to get you.


[00:11:28.25]
Ned: Computers were a mistake. That's it. We're done. Going now. Bye.