A Windows Update bug is renaming everyone's printers to HP M101-M106(xda-developers.com)
xda-developers.com
A Windows Update bug is renaming everyone's printers to HP M101-M106
https://www.xda-developers.com/windows-update-bug-renaming-printers-m101-m106/
49 comments
Even worse HP scanners need an account for scanning!
On linux there is at least the https://hplipopensource.com/ library which contains the `hpscan` command line utility, which can scan flawlessly without an account or any other weird stuff.
On linux there is at least the https://hplipopensource.com/ library which contains the `hpscan` command line utility, which can scan flawlessly without an account or any other weird stuff.
Any printer that has to have special software (including proprietary drivers) is not fit for purpose, in my opinion.
This explains the confusing email I got from Microsoft Family Safety last week saying that my child (who uses a locked down Windows PC for gaming) had purchased the HP Smart application from the Microsoft store for $0.00.
Great, I can’t wait for the promised utopia when things are all “joined up” and my PC automatically orders me ten litres of unwanted HP toner when this happens.
Even better, it'll happen while you own a Brother printer. lol
It seems that the QA on Windows is getting worse and worse, this kind of high visibility bug should be caught beforehand.
There hasn't been any QA for years now. The old QA team that gave us masterpieces like Windows 7 has since been laid off.
That explains why it's going downhill then. It's sad to see what Windows has become even if I'm really not their biggest user.
Eliminating QA was one of Nadella's first substantive acts as CEO. There has been no such thing as QA at Microsoft for the better part of a decade.
Exactly, and it was the right move too. It's saved MS lots of money, and eliminated a function that just wasn't necessary. The users can do the QA; why should MS pay money for professionals to do it? My Microsoft stock price has done great as a result of smart cost-cutting moves like this, and also adding more advertising to the OS.
And it isn't like the users are going to stop using Windows anyway. Some of them will whine and make empty threats about switching their OS "if they keep it up" but nobody actually believes them because they've been keeping it up for almost 10 years now.
Exactly. MS has finally figured out these people aren't changing OSes, probably ever, no matter how much MS abuses them. So why shouldn't MS do this stuff?
QA elimination was a Terry Meyerson decision. There's a multitude of reasons he was asked to step down (allegedly).
But then why didn't they put QA back in place after he left?
Presumably because it was a cost saving measure and they agreed with the cost savings, but I wasn't in the room where it happened. So all I can do is speculate unfortunately.
Finding someone to blame for a mistake is much easier than fixing it.
Thank you for the clarification/correction. I see that Myerson is now a corporate raider at the Carlyle Group. Fitting destination for such a capital fellow.
QA? You mean the users?
QA on Windows? Is that a thing?
Imagine hacking into a key supplier's driver software and sneaking in defective metadata to Windows Update. Wouldn't this result in mass installation on various systems? Sounds like a serious vulnerability in security.
No worries - if word gets out, you can simply deny the windows update! Oh wait, you can't.
This may be an attack vector, for sure
This may be an attack vector, for sure
chaining accessing a likely air-gapped rsa private key to sign the malformed update with an already unlikely attack vector of a metadata parsing exploit itself means this is pretty pie in the sky
> chaining accessing a likely air-gapped rsa private key
Unfortunately, who knows if that's the case? Whoever was behind Stuxnet managed to steal the crown jewels of not just one but two different companies. There's a lot of companies with credentials to sign Windows kernel level code out there... which is also the reason why Apple is so insistent on getting rid of kext's - they want to get rid of the entire business model of allowing anyone but themselves to run kernel-level code on ordinary macOS machines.
[1] https://en.wikipedia.org/wiki/Stuxnet
Unfortunately, who knows if that's the case? Whoever was behind Stuxnet managed to steal the crown jewels of not just one but two different companies. There's a lot of companies with credentials to sign Windows kernel level code out there... which is also the reason why Apple is so insistent on getting rid of kext's - they want to get rid of the entire business model of allowing anyone but themselves to run kernel-level code on ordinary macOS machines.
[1] https://en.wikipedia.org/wiki/Stuxnet
I expect that many of the players have their private keys not only on accessible machines but also likely under version control. Probably on a cloud platform.
I always liked imagining big players like Apple, Sony, Microsoft, Nintendo, etc.. taking absurd measures to protect their private signing keys, something like that Coca-Cola recipe vault.
That was my assumption considering that is exactly what we did do for our covid certificates. Ran on the same infra as passports which is gold standard.
Microsoft? YOLO with their crown jewels:
https://techcrunch.com/2023/07/17/microsoft-lost-keys-govern...
Microsoft? YOLO with their crown jewels:
https://techcrunch.com/2023/07/17/microsoft-lost-keys-govern...
You can split any key into x/n pieces that require x outta n keys to approve a transaction.
All senior dev's, physical locations, board members, hell, even all stock holders, could cryptographically vote via an agreed upon method for any actions.
All senior dev's, physical locations, board members, hell, even all stock holders, could cryptographically vote via an agreed upon method for any actions.
I've seen some documentaries implying that about some of the root keys for things like certificates, but you know that there are some laying around in easy to use format ...
Didn't Sony get hacked and had a nearly completed film leaked? I hope the others you listed have far better security.
Even for a state-level actor?
The more "oops" things like this get pushed in automatic updates, the more I begin to despise our modern culture of continual updates. This is by no means just a Microsoft/Windows problem either, this affects everything nowadays. My damn Pixel watch suddenly has a bug where if I turn around and walk back down the road I just came on, it rolls back my distance, like an old school odometer that is just tied to wheel rotations.
I'm so sick of having working software one time, and the next time I open it it's broken or worse, has a completely overhauled UI and I don't have time to learn the new way to use it.
As a dev I love CI/CD, but as a user I'm beginning to actively despise it for the UX that it's led to. I think too many people have decided that QA isn't needed anymore because "we'll get bug reports and can patch and deploy them quickly." That's a terrible philosophy and you are bad and you should feel bad if that's how you ship your software.
I'm so sick of having working software one time, and the next time I open it it's broken or worse, has a completely overhauled UI and I don't have time to learn the new way to use it.
As a dev I love CI/CD, but as a user I'm beginning to actively despise it for the UX that it's led to. I think too many people have decided that QA isn't needed anymore because "we'll get bug reports and can patch and deploy them quickly." That's a terrible philosophy and you are bad and you should feel bad if that's how you ship your software.
I've always despised it. I demand control over the timing of updates, and I allow only very few exceptions in any of what I consider my critical infrastructure.
It means I pass on buying or using a lot of modern hardware / software. It also means my PC won't fail the night before a big delivery deadline for a multimillion dollar project for a client (and yes, I also keep duplicate spare hardware and backups to mitigate against regular failure).
It means I pass on buying or using a lot of modern hardware / software. It also means my PC won't fail the night before a big delivery deadline for a multimillion dollar project for a client (and yes, I also keep duplicate spare hardware and backups to mitigate against regular failure).
Absolutely. I don't trust any software these days. It might work today, but it's only a matter of time before the company outgrows the need to satisfy my requirements and I get left behind.
At least with local software you could keep an older version if you needed to. With everything in the cloud with a subscription model, you can't get off the ride before they drive it off a cliff. Which it feels like they will do more often than not.
At least with local software you could keep an older version if you needed to. With everything in the cloud with a subscription model, you can't get off the ride before they drive it off a cliff. Which it feels like they will do more often than not.
> I begin to despise our modern culture of continual updates.
I started fully despising it a number of years ago. I think it's one of the worst fads that has swept through the industry. I hope that eventually it will die a horrible death.
I started fully despising it a number of years ago. I think it's one of the worst fads that has swept through the industry. I hope that eventually it will die a horrible death.
> bug where if I turn around and walk back down the road I just came on, it rolls back my distance, like an old school odometer that is just tied to wheel rotations.
Ah, they must be using the classic physics definition of work, where if you start and end in the same position you didn’t do any work.
(…does nobody at Google actually look at the step number? Isn’t that half the use of these watches?)
Ah, they must be using the classic physics definition of work, where if you start and end in the same position you didn’t do any work.
(…does nobody at Google actually look at the step number? Isn’t that half the use of these watches?)
Displacement: 0
My Samsung phone once bricked itself with a forced update. That was fun.
It also downloads updates totally unprompted overnight and gives me a non-dismissable notification about it. I also get toasts at random intervals demanding I restart immediately for the 15 minute update process.
It lets me defer the update for anywhere between 5 and 9 hours before rebooting with no warning and leaving me with a dead phone for 15 minutes.
Absolutely no way to stop it or disable updates. I've gone so far as trying to MiTM the network traffic and blocking the IP it connects to, but it seems to use different addresses sometimes.
I'm never buying a Samsung device again. For that matter, I'm never buying a phone that I can't control.
Not a fan of some corporation remotely bricking my phone with no warning.
It also downloads updates totally unprompted overnight and gives me a non-dismissable notification about it. I also get toasts at random intervals demanding I restart immediately for the 15 minute update process.
It lets me defer the update for anywhere between 5 and 9 hours before rebooting with no warning and leaving me with a dead phone for 15 minutes.
Absolutely no way to stop it or disable updates. I've gone so far as trying to MiTM the network traffic and blocking the IP it connects to, but it seems to use different addresses sometimes.
I'm never buying a Samsung device again. For that matter, I'm never buying a phone that I can't control.
Not a fan of some corporation remotely bricking my phone with no warning.
[deleted]
the move to windows being a service has been a disaster. I swear task manager lists some new useless daemon taking 3% of cpu after every update
>the move to windows being a service has been a disaster.
No, it hasn't, it's been quite the opposite. The company is more profitable than ever, so much that now instead of saying "FAANG", people are saying "MAANG" or "GAMMA" or some variation.
>I swear task manager lists some new useless daemon taking 3% of cpu after every update
What's wrong with that? Microsoft isn't paying your power bill, you are. It's not their problem. Are you going to stop using Windows because it's slow and hogging the CPU to show you ads in the home screen?
No, it hasn't, it's been quite the opposite. The company is more profitable than ever, so much that now instead of saying "FAANG", people are saying "MAANG" or "GAMMA" or some variation.
>I swear task manager lists some new useless daemon taking 3% of cpu after every update
What's wrong with that? Microsoft isn't paying your power bill, you are. It's not their problem. Are you going to stop using Windows because it's slow and hogging the CPU to show you ads in the home screen?
Microsoft updates are also really bloated. Fortunately, Microsoft was able to solve this problem by implementing a feature so your PC uploads updates to other PCs for them. No need to improve update size, users can just share the cost of the update infrastructure. Microsoft updates were always large but then they found out some users weren't installing updates because they didn't have enough hard drive space since the update process is so bloated. Microsoft innovation solved this as well, they just force reserved 7GB of end users (Microsoft's) hard drive so there would always be room. Mark that one as resolved.
These innovations are why Microsoft is such a profitable powerhouse. Maybe Microsoft can install a cryptominer to run on your PC when it is idle and send the money back to Microsoft. It would help pay for the cost of all the improvements Microsoft is always making to Windows. The possibilities are endless.
These innovations are why Microsoft is such a profitable powerhouse. Maybe Microsoft can install a cryptominer to run on your PC when it is idle and send the money back to Microsoft. It would help pay for the cost of all the improvements Microsoft is always making to Windows. The possibilities are endless.
>Maybe Microsoft can install a cryptominer to run on your PC when it is idle and send the money back to Microsoft.
I think thats what “antimalware service executable” is
I think thats what “antimalware service executable” is
Tangential, but I absolutely hate printers that force you to install an app (or should I say spyware?) along with their drivers.