And yet another reminder of why industry standard for pretty much any software is to delay non-security patches for a set period of time.

It’s just extra bullshit that Microsoft’s QA department is so godawful. No excuse for a company their size to not have these patches thoroughly "dog food"ed before they even think about pushing them to the public.

Remember to always use plugs with a flared base

Not sure the exact age, but it’s xkcd 1288, they’re up to 3195 now, and they’re usually posted every Monday Wednesday and Friday.

Napkin math says roughly 12 and a quarter years ago. (3195 - 1288 for total comics since, / 3 for number of weeks since, / 52 for number of years since, gets you 12.22 ish)

There’s some slightly more recent ones that are still many years old:

1625:

And 1697:

Lord, Channing Tatum. The Big Bang Theory. Truly from a different time.

I don’t get why these lazy one-off text replacement extensions keep making “tech news”. You can do this shit easily with a short userscript, and there are plenty of extensions for practically every browser that let you set your own text replacement settings. No need for individual extensions for each.

• slams -> literally disintegrates the bloodline of
• keyboard -> leopard
• cloud -> butt
• microsoft -> microslop
• 

Lol, Palantir doesn’t care remotely enough to make an excuse like that. They’re openly proud of what they do.

You can’t seriously be suggesting that lying to people about the sitaution is in any way helpful.

Fuck off and sow FUD elsewhere.

Lol, lmao even. That’s some careful word play for the sake of unneccesary hyperbole.

They have shot innocent white American citizens. In some other places they have gone door to door. Those are independent actions, not a combined reality. We can all agree they’re god awful as a massive understatement without lying about door to door murder squads.

Inb4 “if you have to make that kind of distinction you’re already fucked” yeah, we are, but accurate information about the ground situation is vital for any forward movement.

I don’t disagree, but corps are going to push the settings in their software and products that makes them the most money. It sucks but should be expected.

It’d be better if there were competitve open source options with the same ease of use, of implementation at scale, and ease of management at scale, but unless you’re willing to do custom forking and dev work, most of the time it’s easier to go with whatever is the overwhelming standard is and work around the rough spots, as at least then you’ll almost never be in completely uncharted waters.

I spent a few years building a custom solution for integrating a semi-popular but still relatively new HRIS system with a hybrid AD/Entra environment with a somewhat unique hybrid Exchange (email) setup. Doing it live, no real documentation to speak of because the few other places that had done it turn out to be consulting groups that sell their solutions for ridiculous amounts of money. My workplace has now hired an entire team and spent at least half a mil on a new software suite that will replace my solution eventually, after more dev work by this new team.

That was after I burned a year trying to figure out how in the hell I could programatically try to clean up a horribly misconfigured and mismanaged old SolarWinds Orion setup that had accumlated tech debt for years, only to be stymied because they don’t allow public discussion of their fucking database structure, and what I found out myself was batshit. Don’t trust software that use their own custom bastardization of SQL.

After those experiences I’m pretty damn content to stay in the land of “well documented and popular” and just work around the rough edges. Keeping up with patch and update news and delaying updates a little usually gives plenty of time to effectively opt-out by changing the settings before it hits our environment at large.

Fuck Microsoft’s bullshit, but at some point it’s the enemy you know, especially in a corporate environment. I’m no stranger to masochism through tech work, but I’ve gotten used to MS’s brand of fuckery, as a lot of us have.

No… then they don’t do what I’m talking about. I’m sorry you deal with the suck, but your IT team still gets hammers.

My workplace backs up to OneDrive itself. No requirement of work VPN, just sign in on a work machine with internet connection and confirm the MFA prompt.

Technically OneDrive is some unholy patchwork on top of Sharepoint Online, as evidenced by a ton of back end settings going through the SharePoint admin UI, but that’s not relevant to the discussion.

I didn’t even know it was possible to hijack Onedrive to point to SharePoint Server. For that matter who in the absolute fuck is still using Sharepoint Server? It went out of support two years ago, and extended support (at significantly extra cost) ends July 14th.

There is technically another On-Prem version past 2019, but it’s obvious bare minimum life support.

Plus, Microsoft locks so many of their security and other features baked into Azure behind Office 365 E5 licenses that most places are just using those for Office etc, and those come with a shit ton of storage per-user in OneDrive and SharePoint online.

We also don’t have auto-deletion turned on (yet). I’ve already done what I can to talk my boss out of it, but we will have options to prevent it on specific files and folders, as we already do with email (auto delete past certain age, unless it’s in the archove folder. you can set up auto archive rules if you need, but there’s rules on max space).

TL;DR- Your workplace does not in fact do “essentially what I described”, which is a large contributor to the issues you’ve seen. Go get hammers and beat your IT staff with them.

Especially the Sharepoint Server shit. That’s horrifying. No one should have to even think about touching that. Ewwww.

I’m sorry, that sucks. It really only takes about ten minutes to search up the settings to turn off the saving redirection in Office programs and toss it in the default Group Policy settings, but I’m sure that at a huge org that would end up stuck in absurd change review hell that IT folk seem to try and avoid.

Go beat your IT department with hammers. I have roughly a decade in IT with primarily Windows in our environment. There’s no reason for it to suck so bad in a corporate environment. They can disable it entirely very easily, or make it work amazingly well with some effort.

My workplace:

• We redirect/sync My Documents and My Pictures to OneDrive seamlessly. If it’s saved in either of those, autosave is on and it’s the same file locally and on onedrive. Files saved follow to any machine. Viewable in explorer always, actually downloaded locally on the fly as needed. Obvious overlaid icon on every file to indicate if it’s synced, syncing, or not available locally (when you’re offline and can’t connect to one drive). You can right click files and folders to easily adjust if they’re always downloaded up to date locally or just on demand.

• If there are any conflicts it can’t auto-merge (usually only non-office docs) it saves them with the source computer name appended to the end of the file name so you have each version available, and it pops up a notification that stays until it is manually dismissed, so you know it happened.

• If for some reason you’re working on a document outside of the synced folders, office programs do not default to saving in one drive, they default to where the document was opened from or to “My Documents” for new docs, so shit doesn’t get silently moved on you. I can and have had the same doc opened on multiple machines at once, made edits on each, and it worked just like live collaboration with other users.

It doesn’t have to suck, and it’s also easily disableable entirely in enterprise environments if your IT doesn’t want to configure it well. We kept it entirely disabled from our environment until we had our config planned and thoroughly tested with a pilot group for a few months before we let it hit the company as a whole.

Where meme?

Edit: Here’s a quick image for posts like this, enjoy.

Pardon the pedanticness: Phones do NOT completely power down. The jury is out on if they are still traceable in “standby”/psuedo-powered off mode. The generally accepted advice is to treat them like they are still tracable.

There’s plenty of blame to go around on this, no need to only go after one party in the whole chain that allows this to occur.

Lol, this is why we don’t tend to give software engineers local admin, and why most places hire separate UX designers.

Don’t even need to go that far. Pro and using Group Policy covers most of it. A registry entry here, a powershell command for uninstalling some bloat there… LTSC just saves uninstalling some of the bloat still on Pro.

If your laptop doesn’t have enough ports built in.

I don’t know what this guy is smoking. Copilot had administrative controls before it rolled out, through Intune and Group Policy.

I won’t deny it’s godawful to have shit split across AD, Group Policy, Regedit, and Azure/Entra/Intune.

But they very much still have controls for all this shit, almost always available before the feature rolls out. I’ve literally never seen this shit make it through to our end user devices in an un-intended fashion.

Hell, just hold non-security updates for a period of time for review before pushing it to your entire environment if this (not actually happening) issue is a concern. That’s like basic table stakes for Windows environment administration: update cadence management and pilot machines.

Please don’t claim to speak from a place of authority on this and then spread falsehoods. There’s plenty of shit to hate without making things up.

Like the third party app approvals in Azure and Teams defaulting to allow any non-admin user to be able to approve any azure app access to all of their data with no oversight. You can (and should) lock that the fuck down. It’s a batshit default, not a lack of controls.

With PXE boot you don’t even need a USB. Boot into the imaging “OS” over the network.

My workplace has a couple of dedicated network switches on a dedicated “imaging” VLAN in the hardware room, that way normal users can’t accidentally reimage their own machine. I think the desktop guys can get 32 going at once, and the complete automated setup time for one is like 40 minutes.