Category Archives: Things that are bad

Crowdstrike update kills millions of Windows computers worldwide

If you don’t have Crowdstrike security software on your Windows 10+ computers, you’re one of the lucky ones, along with folks running Linux or macOS.

If you do run Crowdstrike on Windows, this is a bad day, because manual, in-person intervention is the only way to get past the infinitely-looping Blue Screen Of Death affecting millions of computers this morning.

Of course, even if you’ve managed to avoid Crowdstrike on Windows, you’re likely to be affected by this bug, because there’s a good chance that services you use are going to be dealing with it today, and in the meantime will be unusable. That includes 911 call systems, airlines, healthcare providers, and banks.

What happened?

In the early hours of July 19, Crowdstrike pushed out an update for its security software. Crowdstrike client software on millions of computers dutifully applied the update, and the nightmare began.

Microsoft’s advice is apparently to try rebooting affected computers… up to 15 times. Apparently, eventually Windows figures out something is wrong and reverts the problematic update. Or possibly Windows runs long enough to download and install the fixed update from Crowdstrike. I don’t know if this is serious advice or not.

IT folks who manage hundreds or even thousands of affected computers are going to have a very bad day. It will be even worse if those computers are using full disk encryption. Some people are opting to recover from backups, but that gets tricky when encryption is used.

The part that really bugs me about this mess is that Crowdstrike staff clearly did not test the problematic update at all before pushing it out. If they had tested it even once, the problem would have been revealed.

Crowdstrike’s stock is apparently tumbling today, and I’m okay with that, because it will provide ample motivation for the company to improve its testing process.

In the meantime, it might be a good idea to take the next few days off, cancel travel plans, and pick up a good book. Unless you’re an IT person, in which case you’re going to be very busy today.

More about this from The Verge.

Brian Krebs reports on the problem.

Followup analysis from The Verge.

A new recovery tool from Microsoft can help with remediation efforts.

Crowdstrike’s Remediation and Guidance Hub.

Automattic sold your site data for years

If you installed and activated the popular Jetpack plugin on a self-hosted WordPress web site after 2013, and didn’t bother to read the fine print when accepting Jetpack’s Terms of Service, Automattic (the company that makes Jetpack) surreptitiously gathered your site’s data and sold it to social media and data analytics companies.

Jetpack is a free plugin that adds a useful collection of features to WordPress, including social media buttons and sharing, Markdown support, security, backups, anti-spam, stats, and so on. Some of these features have been very useful for the sites I’ve managed over the years.

How was Automattic able to do this?

There’s a somewhat hidden setting that controls whether Jetpack siphons data from your site and sends it to the Automattic mothership. Navigate to the Jetpack Dashboard, scroll to the bottom of the page, and click ‘Modules’. The setting you’re looking for (prior to Jetpack 13.3) is ‘Enhanced Distribution’. It should be named ‘Donate your content to Automattic and allow them to sell it and keep all the proceeds’.

Even if all the more obvious Jetpack features are disabled, if ‘Enhanced Distribution’ is enabled, Jetpack is sending your data to Automattic.

Making matters even worse, Jetpack updates have a nasty habit of re-enabling previously-disabled features or reverting to default settings. Whether this affected ‘Enhanced Distribution’ or not is unclear.

The Firehose

Automattic sold your site data as part of a product called Firehose, which potentially contained all of the original content from your site. Here’s the first paragraph from the Firehose product page:

WordPress publishers and visitors produce thousands of new posts and comments every hour. These content streams are available in three real-time formats from redundant servers. These streams are intended for partners like search engines, artificial intelligence (AI) products and market intelligence providers who would like to ingest a real-time stream of new content from a wide spectrum of publishers.

What does Automattic say about this?

A recent post on the wordpress.org support forum asked about Jetpack Backup & AI. Here’s how Automattic responded:

They will retire Firehose, but…

We have sold our Firehose to social and data analytics companies, and we have also used some distribution partners (like Socialgist) to sell the Firehose to these types of end users.

The release notes for Jetpack 13.3 (2024-April-03) shows this: “Enhanced Distribution: begin deprecation process as the Firehose is winding down.” The only obvious difference is that ‘Enhanced Distribution’ is no longer listed on Jetpack’s Modules page. Hopefully that means the option is now also disabled for all sites, not just further hidden.

They never sold to AI companies and don’t plan to

Neither we or our distribution partners sell the Firehose to any companies that are training LLMs or to any generative AI companies.

Enhanced distribution is a feature that was released in 2013 with the purpose of driving traffic by giving blogs additional readership in the WordPress.com Reader. Content from those sites were gathered with approval by accepting the terms of service. Our partners were social and data analytics companies.

Automattic also published an article titled ‘Protecting User Choice’, a response to concerns about selling data to AI companies.

Okay, but…

If you were about to point out that posting anything on a public-facing web site makes it available for anyone to use: okay, sure, but Automattic SOLD the data they gathered. I never expected to make any money from this site, but that doesn’t mean I’m happy about anyone else making money from it.

Recommendations

Stop using Jetpack. Automattic has done, is doing, and will in all likelihood continue to do some shady things. I regret ignoring the advice I received years ago to stop using Jetpack, and can only hope that any damage caused to clients due to my recommendation and use of Jetpack is minimal.

If you can’t avoid using Jetpack, please disable the ‘Enhanced Distribution’ module. Unfortunately, if you’re using version 13.3, it’s not clear how this can be accomplished.

Most of the features provided by Jetpack can be found in other free plugins. Switching to alternatives for the functions you actually need has the additional advantage of eliminating the overhead of what is now quite a bulky Jetpack.

Here are a few alternatives to Jetpack for specific functionality:

And there are many more possibilities. Jetpack certainly was a handy and simple way to add a lot of useful functionality to WordPress. But Automattic has demonstrated that they are willing to sneakily sell your site data, and I just can’t trust them anymore.

Microsoft’s Edge-related shenanigans continue

There’s apparently a team of people at Microsoft who spend all their time trying to come up with sneaky ways to get Windows users to switch to Edge as their default web browser. To be clear, I have no direct evidence that such a team exists, but it seems likely.

The latest trick? Automatically importing Chrome bookmarks into Edge, then sneakily running Edge instead of Chrome, presumably in the hope that some users will fail to notice the difference.

In practise, though, I doubt many people will be fooled, because site passwords are not imported along with the bookmarks. They will, I think, realize that something funny is going on when their site passwords are missing.

I wonder how far Microsoft is willing to go with these tricks. They’ve been doing this kind of thing since the early Internet Explorer days, so it’s nothing new. The company has been spanked from time to time for these shenanigans, but those spankings don’t seem to have been much of a deterrent.

Tom Warren over at The Verge has the details of his own encounter with this latest trick.

UPDATE 2024Feb16: The Verge reports that Microsoft has quietly changed this behaviour in Edge, calling it a ‘bug’. Riiiiiiiight.

Microsoft can’t stop bugging us about Edge

They just can’t help themselves. Microsoft’s latest attempt to prevent Windows users from switching away from their browser of choice takes the form of a large panel that appears in Edge when you download another browser.

I suppose that as long as what they’re doing is legal, they’re just being pushy. Still, one could argue that they have an unfair advantage: the user has to use Edge to download another browser on Windows. But regardless of its legality, this behaviour is very annoying.

The Verge posted a useful summary of Microsoft’s recent attempts to steer Windows users away from other web browsers.

At least this latest intrusion seems like a sincere attempt to understand why many Windows users run Edge only to download a different browser. However, there are a few obvious answers missing from the poll:

  1. Edge won’t let me run an ad blocker or a script blocker (not actually true, but commonly believed).
  2. I hate Microsoft, and only use Windows grudgingly. I avoid Microsoft software as much as possible.
  3. I don’t trust Microsoft any more than I have to.
  4. Edge is just another way for Microsoft to shove ads down my throat.
  5. Edge doesn’t support the plugins I want to use.
  6. Windows is already more intrusive than I would like.
  7. I can’t really control how much Edge communicates with the Microsoft mothership.

And of course it could be much worse. Microsoft could nag you every time you start a non-Edge browser, when you start Windows, or even at random intervals. This latest nag screen only appears once, when you run Edge that first and only time you need it, to download a non-Edge browser.

What else will Microsoft try? Will they actually pay any attention to the results of this intrusive poll?

Dear Microsoft: if you want people to use Edge, try making it better than the other available browsers. You know, compete.

Bug causes clock problems on Windows 10, 11, Windows Server

A recently-discovered bug in newer versions of Windows is causing bizarre local time shifts.

Keeping accurate time on computers is important for a lot of reasons, many of which are not obvious to non-technical users. Update schedules, scheduled background tasks, synchronization with server and cloud resources, and many other time-sensitive processes depend on your PC maintaining accurate time.

Because it’s so important, and because various factors can sometimes cause a PC’s clock to drift, operating systems use a variety of methods to check and adjust it. The most obvious of these in Windows can be seen in Windows 10 and 11 in Settings > Time & Language. Windows regularly compares the PC’s clock with an Internet-based clock, such as time.windows.com. When a discrepancy is observed, the PC’s clock is updated.

Between a PC’s internal clock and Windows’ time synchronization, most Windows-based computers are able to maintain accurate time.

But at some point, someone at Microsoft decided that Windows needed additional time checks. So they created something called Secure Time Seeding. This function regularly analyzes secure network traffic from a ‘known good’ host computer, and calculates the current time based on what it sees.

Sounds good, right? Anything that makes the clock more accurate is good, right? Well, no. There’s at least one major problem with Secure Time Seeding, which causes it to get confused about the date and time, and can set your computer’s time based on random values. This has been observed to incorrectly change the Windows clock by minutes, hours, days, or more. As you can imagine, this causes all manner of strange problems.

Microsoft’s response to the report of this bug has been disappointing: they are downplaying its scope and effects. And while it’s true that there are very few reports of this happening, the problems it can cause are bad enough that anyone running Windows 10 and up or Windows Server 2016 and up should disable Secure Time Seeding.

To disable Secure Time Seeding on a Windows 10 or 11 PC, follow the instructions provided by Microsoft.

Trying to make sense of the actions and statements of a corporate behemoth like Microsoft is an exercise in futility. It’s possible that they will realize that this bug is actually very bad, and fix it, or they may find a way to limit its effects, or they may change the feature so that it’s disabled by default. But in the meantime, there are potentially millions of computers out there that might start exhibiting strange clock problems for the forseeable future.

Microsoft’s empty promises

I was just talking about a recent announcement from Microsoft, in which they assured the general public that their days of messing around with user settings and defaults on Windows were behind them.

In that post, Microsoft claimed that they are “reaffirming our long-standing approach to put people in control of their Windows PC experience”. Which I called out as baloney, since Microsoft has a long history of reverting user settings and defaults when it suits Microsoft.

That was on March 18. Yesterday, a mere six weeks later, The Verge reported that “Microsoft is forcing Outlook and Teams to open links in Edge”.

So this is Microsoft once again changing the way Windows works, to favour their own applications. I’m sure there are workarounds, but I’d be willing to bet that these workarounds will need to be reapplied after Windows updates.

Look, I understand that once a corporation gets to a certain size, it can be very difficult for one hand to know what the other is doing. But as I pointed out in my earlier post, Microsoft has engaged in these problematic behaviours for years. For them to a) claim that they’re innocent; b) “reaffirm their approach”; then c) keep right on doing this stuff… is incredibly annoying.

UPDATE: And the shenanigans continue. As of August 2023, Microsoft is showing annoying popups in Windows 11, urging users to switch to Bing for search. These things are appearing on top of games, presentations, and in other extremely inconvenient contexts. Come on, Microsoft, this is some serious bullshit.

UPDATE 2023Sep11: Ctrl.blog has additional details. It looks like Microsoft’s recent announcements about improving Windows’ behaviour were complete bullshit.

What is a worm?

In computing, a worm is a type of malicious software (malware) that replicates itself and spreads to other computers or networks without the need for human interaction. Unlike viruses, worms do not require a host program to attach themselves to, and can propagate independently through computer networks, usually by exploiting vulnerabilities in operating systems or other software.

Once a worm infects a computer, it can perform various malicious actions, such as stealing sensitive data, sending spam emails, launching distributed denial-of-service (DDoS) attacks, or installing additional malware. Worms can also consume a large amount of network bandwidth, causing network slowdowns or outages.

To protect against worms, it’s important to keep software up-to-date with the latest security patches, use antivirus software, and avoid downloading or opening suspicious attachments or links in emails.

(Ed: written by ChatGPT; verified by jrivett.)

What is spyware?

Spyware is a type of malicious software designed to gather sensitive information from a computer system without the user’s knowledge or consent. This information can include personal information such as passwords, credit card numbers, and online browsing habits, as well as system information such as installed software and hardware specifications. Spyware can be installed on a computer through a variety of means, such as email attachments, infected websites, and bundled software. Some spyware is designed to monitor a user’s activities for advertising purposes, while others are used for more malicious purposes such as identity theft and financial fraud. Spyware can cause a number of problems for a computer user, including decreased system performance, slow internet speeds, and a loss of privacy. It is important to protect your computer from spyware by using anti-virus software and avoiding downloading suspicious files from the internet.

(Ed: written by ChatGPT; verified by jrivett.)

What is a vulnerability?

A vulnerability is a weakness or gap in a system’s security that can be exploited by an attacker to gain unauthorized access or perform malicious actions. It can refer to a flaw in software, hardware, or a combination of both, that can be exploited to compromise the confidentiality, integrity, or availability of a system or its data. Vulnerabilities can be discovered through various means such as penetration testing, code reviews, or by being reported by external parties.

(Ed: written by ChatGPT; verified by jrivett.)

What is a DoS attack?

A Denial of Service (DoS) attack is a type of cyber attack in which the attacker attempts to make a network resource or website unavailable to users by overwhelming it with a flood of traffic or requests. This can be accomplished by using multiple computers or devices to send a large amount of traffic to the targeted resource, or by exploiting vulnerabilities in the software or hardware running the resource. The goal of a DoS attack is to disrupt normal traffic and make the targeted resource unavailable to legitimate users.

(Ed: written by ChatGPT; verified by jrivett.)