The Pulse is a series covering insights, patterns, and trends within Big Tech and startups. Notice an interesting event or trend? Send me a message.

Today, we cover:

1. Industry pulse. An unacceptable Microsoft Authenticator bug has been unaddressed for years; Hardware startup Nothing explains why it is going back to 5-days-a-week working from office; Ban on US noncompetes reversed; AI startup acquired for 2,000x its annual revenue; and more.

2. A ‘startup purge event’ has, unfortunately, arrived. A year ago, we deduced why we can expect startups to go bankrupt, en masse, starting in 2024. This event seems to be happening, with startup shutdowns rising quickly.

3. Sonos’ app rewrite was a YOLO release. Sonos wants to bring back its old app because the new one is so buggy: however, it cannot. A series of self-inflicted missteps are now hurting sales at the company, and could have been the reason for recent cuts.

4. Similarities between AI companies and telcos. AI startups have more in common with capital-heavy businesses like telecommunications companies than they do with software startups. We can expect to see some businesses with lots of capital going under thanks to intense competition, and more complex pricing structures to emerge.

5. What's it like to test compilers? QA engineer Alex Zakharenko tests compilers, full-time. He shares interesting details on what this is like: from how automated tests are handy in this area as well, to examples of what his day-to-day testing tasks look like.

1. Industry pulse

Unacceptable Microsoft Authenticator bug gone unaddressed

The most commonly used two-factor authentication apps are Authy, Google Authenticator, Microsoft Authenticator, Duo Mobile, and LastPass Authenticator. These apps need to work reliably – or else users will be locked out of their accounts. It turns out that Microsoft’s Authenticator has a major flaw that has gone unaddressed for years, which overwrites existing accounts when adding a new account via a QR code. CSO Online shares:

“The core of the problem? Microsoft Authenticator will overwrite an account with the same username. Given the prominent use of email addresses for usernames, most users’ apps share the same username. Google Authenticator and just about every other authenticator app add the name of the issuer — such as a bank or a car company — to avoid this issue. Microsoft only uses the username.”

It’s mind-boggling to hear that Microsoft has not addressed a longstanding and known issue that creates a major headache for its users. Such a glaring bug is a reason I would avoid using Microsoft Authenticator until this issue is fixed.

This fiasco is yet another example showcasing how Microsoft keeps under-investing in security – and security tooling.

Hardware startup explains why it is going back to 5-days-a-week working from office