thank you. ive been wanting to say this for 10 years but nobody will listen.
- powershell: packet logs, wtf you can do that? invisible os layers (invisible os is there, invisible shell, invisible user accounts, invisible logging)? admin priveledges and remote shells? cannot disable? wtf
- services: disable a service and risk breaking the OS? wtf? no depency list, disabling one breaks everything. dont let user land shit in here then.
- svchost: hosts a dll as an exe, but average user cannot find out what the dll name is? cannot close the process, cannot tell what installed it? wtf.
- rootable samba file sharing: most versions of windows are vulnerable once they connect to the internet, wtf
- preinstalled open ports: um i dont really care what media player library wants i dont want port 443 and 52000 and 999 open.
- netbios vulnerable for unpatched versions: nothx
- 9 places to put a startup app and have it run silently
- registry is fucking spookware: just let me uninstall shit, from /usr/apps/appname, i dont need it modifying windows defaults in the registry
I worked in Windows division for 3 years. It was one of the best experiences I've had in my professional career. Even though I worked on IO (which was never my kink), it was great environment to be a part of. I've learned a lot, made quite a few friends and basically grew as a developer. I witnessed first hand, that some of the decisions that seem weird from the outside, make a lot of sense internally given all the data we've had. Basically any question like "why did MS do A instead of B" could be answered. And I feel that people from the outside could come to the same conclusions have they spent some time pondering about the problem at hand.
That was 10 years ago.
So when Windows 10 came I was reluctant to agree with people complaining about telemetry in the OS. I mean, look, I did some Dr. Watson crash dump analysis back at MS so I know how immensely useful that is. I also knew how paranoid MS was about not leaking any private data in the dumps exposed to developers. You'd only get dumps with internal stack state that matches perfectly (+/- addresses, obviously) with other dumps. So if a 1000 users experienced crash that a piece of heuristic deemed the same type of problem, you'd get like 1 or 2 64kB anonymized dumps to analyze. So yeah, it seemed inconceivable to me that the same organization would do something aggressively harmful.
But enough of this. It's the third time I get this KB (and there are other KB# that push Windows 10 - 3035585 is just one of them) and I'm absolutely positive that it's not the last time this happens. What happened? 10-15 years ago Windows started being cannibalized by other divisions so e.g. DevDiv didn't mind doing something to the Windows ecosystem that would cost it $X just so that they make $Y more, even though Y<X. Balmer's reorg was a last ditch effort to change this.
But things only got worse. And there was nobody at the helm to steer Windows out of shallow waters.
It's now clear to me that mismanagement in Windows org is pathological. The way Windows is moving forward is monumentally stupid, lacks focus and verges on cannibalizing itself (no external help needed, what a relief!) with prioritizing short-term gain over business sustainability. Quality suffers and people migrate (but no, not towards Linux - as much as I don't like its UX, OSX will replace Windows everywhere it matters today). A lot of developers internally saw this and moved a long time ago. Smart developers, ones that are crucial to Windows' maintenance.
So Windows is dead to me. It will remain relevant for the next 10-20 years due to sheer momentum, but boy would I not invest in Windows software stack these days. With even internal developer and server solutions gradually moving from Windows, it's a death of thousand cuts. A painful one to someone with warm spot for Windows division like me. But mismanaged projects deserve exactly this. Death.
3 comments
[ 4.1 ms ] story [ 16.5 ms ] thread- powershell: packet logs, wtf you can do that? invisible os layers (invisible os is there, invisible shell, invisible user accounts, invisible logging)? admin priveledges and remote shells? cannot disable? wtf
- services: disable a service and risk breaking the OS? wtf? no depency list, disabling one breaks everything. dont let user land shit in here then.
- svchost: hosts a dll as an exe, but average user cannot find out what the dll name is? cannot close the process, cannot tell what installed it? wtf.
- rootable samba file sharing: most versions of windows are vulnerable once they connect to the internet, wtf
- preinstalled open ports: um i dont really care what media player library wants i dont want port 443 and 52000 and 999 open.
- netbios vulnerable for unpatched versions: nothx
- 9 places to put a startup app and have it run silently
- registry is fucking spookware: just let me uninstall shit, from /usr/apps/appname, i dont need it modifying windows defaults in the registry
- worddoc, excel doc, pdf doc, flash doc exploits
and about 5 more i am forgetting
I worked in Windows division for 3 years. It was one of the best experiences I've had in my professional career. Even though I worked on IO (which was never my kink), it was great environment to be a part of. I've learned a lot, made quite a few friends and basically grew as a developer. I witnessed first hand, that some of the decisions that seem weird from the outside, make a lot of sense internally given all the data we've had. Basically any question like "why did MS do A instead of B" could be answered. And I feel that people from the outside could come to the same conclusions have they spent some time pondering about the problem at hand.
That was 10 years ago.
So when Windows 10 came I was reluctant to agree with people complaining about telemetry in the OS. I mean, look, I did some Dr. Watson crash dump analysis back at MS so I know how immensely useful that is. I also knew how paranoid MS was about not leaking any private data in the dumps exposed to developers. You'd only get dumps with internal stack state that matches perfectly (+/- addresses, obviously) with other dumps. So if a 1000 users experienced crash that a piece of heuristic deemed the same type of problem, you'd get like 1 or 2 64kB anonymized dumps to analyze. So yeah, it seemed inconceivable to me that the same organization would do something aggressively harmful.
But enough of this. It's the third time I get this KB (and there are other KB# that push Windows 10 - 3035585 is just one of them) and I'm absolutely positive that it's not the last time this happens. What happened? 10-15 years ago Windows started being cannibalized by other divisions so e.g. DevDiv didn't mind doing something to the Windows ecosystem that would cost it $X just so that they make $Y more, even though Y<X. Balmer's reorg was a last ditch effort to change this.
But things only got worse. And there was nobody at the helm to steer Windows out of shallow waters.
It's now clear to me that mismanagement in Windows org is pathological. The way Windows is moving forward is monumentally stupid, lacks focus and verges on cannibalizing itself (no external help needed, what a relief!) with prioritizing short-term gain over business sustainability. Quality suffers and people migrate (but no, not towards Linux - as much as I don't like its UX, OSX will replace Windows everywhere it matters today). A lot of developers internally saw this and moved a long time ago. Smart developers, ones that are crucial to Windows' maintenance.
So Windows is dead to me. It will remain relevant for the next 10-20 years due to sheer momentum, but boy would I not invest in Windows software stack these days. With even internal developer and server solutions gradually moving from Windows, it's a death of thousand cuts. A painful one to someone with warm spot for Windows division like me. But mismanaged projects deserve exactly this. Death.
"Microsoft re-releases KB 3035583 Get Windows 10 installer -- again"
(MS has defeated existing user blocks against this update)