Read on Twitter
Issue escalated by executive. Critical employee PC impossibly slow. Fairly decent laptop. I reimage it. Same issue.
Request remote session. See Chrome at 1 frame per second.
Uninstall Grammarly which does DLL injection to processes. Issue fixed.
Seriously fuck 3rd party code.
Request remote session. See Chrome at 1 frame per second.
Uninstall Grammarly which does DLL injection to processes. Issue fixed.
Seriously fuck 3rd party code.
If your PC is shit it's probably not Microsoft code. It's probably some other fucker's garbage you put on there.
Thread: The printer that broke our [redacted] million dollar CRM system https://twitter.com/SwiftOnSecurity/status/829077400361254912
Thread: The bluetooth driver that broke our executive's Outlook https://twitter.com/SwiftOnSecurity/status/802636615281614848
Also note: Word/Outlook 2016 now have EXTENSIVE but DEFAULT OFF grammar and sentence styling assistance. You don't need writing assistance tools like Grammarly.
Most 3rd-party Windows utilities are just duplicated features.
Most 3rd-party Windows utilities are just duplicated features.
Wow it really sounds like I know what I'm talking about.
WANT WRITING STYLE HELP? Microsoft COMPLETELY REBUILT their Office grammar engine two years ago. However, it's OFF BY DEFAULT. Here's how to get extensive, free writing style assistance in Outlook 2016 and Word 2016:
File > Options > Editor Options > Proofing > Writing Style.
File > Options > Editor Options > Proofing > Writing Style.
Business computers exist to OFFLOAD WORK. You can't just say NO to OFFLOADING WORK.
Instead of saying NO to this user, I offered AN ALTERNATIVE.
If you don't KNOW THE ENVIRONMENT you CAN'T SECURE IT because you DON'T HAVE ALTERNATIVES.
Instead of saying NO to this user, I offered AN ALTERNATIVE.
If you don't KNOW THE ENVIRONMENT you CAN'T SECURE IT because you DON'T HAVE ALTERNATIVES.
Information Security is mostly just defensive administration.
It’s pretty weird how passionate I am about computer administration. This is weird.
Security is mysterious to people.
People fear mysterious things.
They blame problems they don’t understand on security.
And that’s how unhealthy, poorly managed endpoints are the rocks in the gears of an enterprise. If they don’t work, IT security cannot be effective.
People fear mysterious things.
They blame problems they don’t understand on security.
And that’s how unhealthy, poorly managed endpoints are the rocks in the gears of an enterprise. If they don’t work, IT security cannot be effective.
An often un-recognized historical note:
Although Chrome was indeed very fast, a lot of user dissatisfaction with Firefox in 2008 was rooted in the number of extensions users had installed. Lots of issues and performance issues were self-inflicted. Many users ran 15+ extensions.
Although Chrome was indeed very fast, a lot of user dissatisfaction with Firefox in 2008 was rooted in the number of extensions users had installed. Lots of issues and performance issues were self-inflicted. Many users ran 15+ extensions.
The problem of extensibility in general-purpose computers is a recurring theme. The majority of issues with user experience in Windows is rooted in how extensible it is by 3rd-party code. But users don’t see that, they literally can’t, and blame the entire operating system.
History repeats. You have to wonder how many people raving about the new Firefox is because they are experiencing a browser, for the first time in years, without any bloated extensions running. 10 years later, the same dynamic as 2008, in reverse.
A huge amount of work Microsoft has been performing since Windows 8 is to try to undo the damage to their ecosystem by unfettered application developers. Even in classical Win32, they are slowly squeezing out detrimentally-used featuresets where applications interfere with others
Mozilla, Microsoft, Google, Facebook, have all discovered that in the end a customer issue may not be caused by your code, and it’s not your responsibility, but you still suffer the blame. Nobody really cares or understands. You have to be much more guarded about extensibility.
The original vision of so many systems is infinity extensibility. Developer control. User control. It was pure religion for decades in computing.
That’s how we got adware.
It’s how we got Cambridge Analytica.
This user freedom turns out to be a... very squishy concept at scale.
That’s how we got adware.
It’s how we got Cambridge Analytica.
This user freedom turns out to be a... very squishy concept at scale.
The tech world demanded Facebook not be a closed garden. They shouldn’t hide YOUR data. They shouldn’t stop developers having equal abilities as Facebook themselves. Users should be given freedom.
Cambridge Analytica is the ultimate vision of user freedom and data portability.
Cambridge Analytica is the ultimate vision of user freedom and data portability.
The balance between user control, and the demand users be protected from themselves, is sometimes irreconcilable.
Critics never actually have to execute their vision at scale. Or outside their bubble.
Critics never actually have to execute their vision at scale. Or outside their bubble.
Your friends agreed to add Cambridge Analytica data sourcing apps.
They agreed to the permissions requested.
They agreed to the permission to scrape your profile.
Of course, this is a nonsensically strict interpretation of what happened. But it’s not strictly wrong, either.
They agreed to the permissions requested.
They agreed to the permission to scrape your profile.
Of course, this is a nonsensically strict interpretation of what happened. But it’s not strictly wrong, either.
People will always demand the right to hurt themselves and blame you for it.
No, it’s not fair. Yes, it’s impossible to solve correctly. But you’re getting paid to figure it out.
Welcome to the real world. Here’s your nail gun and some bubble wrap.
No, it’s not fair. Yes, it’s impossible to solve correctly. But you’re getting paid to figure it out.
Welcome to the real world. Here’s your nail gun and some bubble wrap.
Thread on how Vista was hugely about removing developer ability to harm the computer, and was hated for it. https://twitter.com/swiftonsecurity/status/851867162516103168?s=21
Worth noting, some of this pain had to happen. The absolute computing freedom advocacy as demonstrated by FSF/GNU was birthed fighting a very problematic and detrimental computing environment. Antitrust against MSFT was a very mixed results bag, but it shaped the industry.
These questions of balance of control between OS developer, computer manufacturer, developers, and users don’t have perfect answers. I’m definitely not advocating the removal of control. But users hurting themselves with freedom requires a lot of purposeful design to address.
Sometimes the world can’t just jump to the best possible result. It has to seesaw between extremes and get fought out. Norms are built in response. There is a lot of that in the history of computing. And it continues.
Addendum to root cause thread: https://twitter.com/swiftonsecurity/status/959268928437420037?s=21
Addendum to troubleshooting thread: https://twitter.com/swiftonsecurity/status/834898142692851712?s=21
All your file copies into the ProgramFiles folder are failing.
Freaking Microsoft.
Oh wait it’s actually the version control software you installed that hooks Explorer.exe.
https://marc.durdin.net/2015/07/the-case-of-the-uac-that-just-wouldnt/
Freaking Microsoft.
Oh wait it’s actually the version control software you installed that hooks Explorer.exe.
https://marc.durdin.net/2015/07/the-case-of-the-uac-that-just-wouldnt/
