Microsoft Archive
ActiveX is a powerful technology that enables rich interactions within Microsoft 365 applications, but its deep access to system resources also increases security risks. Starting this month, the Windows versions of Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Visio will have a new default configuration for ActiveX controls: Disable all controls without notification. ↫ Zaeem Patel at the Microsoft 365 Insider Blog Be honest: did any of you know ActiveX was still a thing? Heck, when was the last time you even thought of ActiveX? This technology acted a replacement for Windows’ COM and OLE 2.0, and was used to make controls in a whole slew of Microsoft applications. ActiveX controls from one application could also be embedded into another, like showing a toolbar from Word inside an image editor. ActiveX has several major downsides, the two biggest of which are its relative lack of portability, and most of all, its atrocious security record. I’m genuinely surprised it’s taken them this long to actively, fully disable the technology by default.
Microsoft is celebrating its 50th anniversary, and in honour of this milestone, Bill Gates has published a blog post about the first code the company ever wrote. In 1975, Paul Allen and I created Microsoft because we believed in our vision of a computer on every desk and in every home. Five decades later, Microsoft continues to innovate new ways to make life easier and work more productive. Making it 50 years is a huge accomplishment, and we couldn’t have done it without incredible leaders like Steve Ballmer and Satya Nadella—along with the many people who have worked at Microsoft over the years. ↫ Bill Gates There’s obviously no denying the impact Microsoft has had on the computer industry and the world as a whole, and a lot of that impact is not exactly what you would call positive. I find the fact that the blog post by Gates is nothing but JavaScript that slows down some browsers and devices, breaks page up/page down navigation for some people, does not allow for text selection, and whose source code is just a bunch of scripts without any of the actual text is a biting metaphor for the role Microsoft has played in the industry. Making today’s celebrations even more biting is the fact that Microsoft’s role in the ongoing genocide in Gaza is causing a lot of unrest within the company. Twice now today, presentations and talks by Microsoft’s current and former CEOs have been interrupted by Microsoft employees protesting Microsoft’s contributions to the genocide in Gaza, and before the day’s over there will probably be more incidents like these. One of the Microsoft employees who protested, Ibtihal Aboussad, also sent an email to thousands of Microsoft employees, detailing why Microsoft employees are protesting today. My name is Ibtihal, and for the past 3.5 years, I’ve been a software engineer on Microsoft’s AI Platform org. I spoke up today because after learning that my org was powering the genocide of my people in Palestine, I saw no other moral choice. This is especially true when I’ve witnessed how Microsoft has tried to quell and suppress any dissent from my coworkers who tried to raise this issue. For the past year and a half, our Arab, Palestinian, and Muslim community at Microsoft has been silenced, intimidated, harassed, and doxxed, with impunity from Microsoft. Attempts at speaking up at best fell on deaf ears, and at worst, led to the firing of two employees for simply holding a vigil. There was simply no other way to make our voices heard. ↫ Ibtihal Aboussad It goes without saying that Ibtihal Aboussad can probably go and clean out her desk after this, but giving up what must be a high-paying job – and possibly risking worse under the current Trump regime – for standing up and protesting an ongoing genocide is nothing but praise-worthy and noble. It obviously won’t stop the genocide or make Microsoft even blink, but it’s better than doing nothing, and it does painfully highlight how many other Microsoft employees remain silent while the company they work for does an IBM. I don’t really care about Microsoft’s 50th anniversary. Look at any of the company’s current products – Office, Windows, the “AI” stuff – and there’s clearly nothing left. They’re empty shells of what they used to be, hollowed out, their contents replaced with upsells, dark patterns, cruft, and “AI” nonsense nobody wants. But hey, at least Microsoft is creating synergies to make eradicating Gazans easier. Here’s your party popper.
Up until now, if you were subscribed to Office 365 – I think it’s called Microsoft 365 now – and you wanted the various “AI” Copilot features, you needed to pay $20 extra. Well, that’s changing, as Microsoft is now adding these features to Microsoft 365 by default, while raising the prices for every subscriber by $3 per month. It seems not enough people were interested in paying $20 per month extra for “AI” features in Office, so Microsoft has to force everyone to pay up. It’s important to note, though, that your usage of the features is limited by how many “AI credits” you have, to really nail that slot machine user experience, and you’re only getting a limited number of those per month. Luckily, existing Microsoft 365 subscribers can opt out of these new features and thus avoid the price increase, which is a genuinely welcome move by Microsoft. New subscribers, however, will not be able to opt out. Finally, we understand that our customers have a variety of needs and budgets, so we’re committed to providing options. Existing subscribers with recurring billing enabled with Microsoft can switch to plans without Copilot or AI credits like our Basic plan, or, for a limited time, to new Personal Classic or Family Classic plans. These plans will continue to be maintained as they exist today, but for certain new innovations and features you’ll need a Microsoft 365 Personal and Family subscription. ↫ Bryan Rognier at the Microsoft blog Microsoft wants to spread the immense cost of running datacentres for “AI” to everyone, whether you want to use these features or not. When not enough people want to opt into “AI” and pay extra, the only other option is to just make everyone pay, whether they want to or not. Still, the opt-out for existing subscribers is nice, and if you are one and don’t want to pay $35 per year extra, don’t forget to opt out.
The author of this article, Dr. Casey Lawrence, mentions the opt-out checkbox is hard to find, and they aren’t kidding. On Windows, here’s the full snaking path you have to take through Word’s settings to get to the checkbox: File > Options > Trust Center > Trust Center Settings > Privacy Options > Privacy Settings > Optional Connected Experiences > Uncheck box: “Turn on optional connected experiences”. That is absolutely bananas. No normal person is ever going to find this checkbox. Anyway, remember how the “AI” believers kept saying “hey, it’s on the internet so scraping your stuff and violating your copyright is totally legal you guys!”? Well, what about when you’re using Word, installed on your own PC, to write private documents, containing, say, sensitive health information? Or detailed plans about your company’s competitor to Azure or Microsoft Office? Or correspondence with lawyers about an antirust lawsuit against Microsoft? Or a report on Microsoft’s illegal activity you’re trying to report as a whistleblower? Is that stuff fair game for the gobbledygook generators too? This “AI” nonsense has to stop. How is any of this even remotely legal?
German journalist Martin Bernklau typed his name and location into Microsoft’s Copilot to see how his culture blog articles would be picked up by the chatbot, according to German public broadcaster SWR. The answers shocked Bernklau. Copilot falsely claimed Bernklau had been charged with and convicted of child abuse and exploiting dependents. It also claimed that he had been involved in a dramatic escape from a psychiatric hospital and had exploited grieving women as an unethical mortician. Copilot even went so far as to claim that it was “unfortunate” that someone with such a criminal past had a family and, according to SWR, provided Bernklau’s full address with phone number and route planner. ↫ Matthias Bastian So why did Copilot (which is just OpenAI’s ChatGPT with sparkles) claim Bernklau did all sorts of horrible things? Well, his occupation – journalist – is a dead giveaway. He has written a lot of articles covering court proceedings in Tübingen on abuse, violence, and fraud cases, and since Copilot is just spicy autocorrect, it has no understanding of context and pinned the various crimes he covered on Bernklau. Adding in his address, phone number, and a damn planned route to his home is just the very disgusting icing on this already disgusting cake. What makes matters even worse, if you can believe it, is that Bernklau has absolutely no recourse. He contacted the public prosecutor’s office in Tübingen, but they stated they can’t press charges because the accusations coming from Copilot aren’t being made by a real person. And to make it still even worse, Microsoft just threw its hands in the air and absolved itself of any and all responsibility by pointing to its terms of service, in which Microsoft discards liability for content generated by Copilot. Convenient. This is nothing short of a nightmare scenario that can utterly destroy someone’s life, and the fact that Microsoft doesn’t care and the law isn’t even remotely prepared to take serious matters like these on is terrifying.
After a number of very bug security incidents involving Microsoft’s software, the company promised it would take steps to put security at the top of its list of priorities. Today we got another glimpse of the step it’s taking, since the company is going to take security into account during performance reviews. Kathleen Hogan, Microsoft’s chief people officer, has outlined what the company expects of employees in an internal memo obtained by The Verge. “Everyone at Microsoft will have security as a Core Priority,” says Hogan. “When faced with a tradeoff, the answer is clear and simple: security above all else.” A lack of security focus for Microsoft employees could impact promotions, merit-based salary increases, and bonuses. “Delivering impact for the Security Core Priority will be a key input for managers in determining impact and recommending rewards,” Microsoft is telling employees in an internal Microsoft FAQ on its new policy. ↫ Tom Warren at The Verge Now, I’ve never worked in a corporate environment or something even remotely close to it, but something about this feels off to me. Often, it seems that individual, lower-level employees know all too well they’re cutting corners, but they’re effectively forced to because management expects almost inhuman results from its workers. So, in the case of a technology company like Microsoft, this means workers are pushed to write as much code as possible, or to implement as many features as possible, and the only way to achieve the goals set by management is to take shortcuts – like not caring as much about code quality or security. In other words, I don’t see how Microsoft employees are supposed to make security their top priority, while also still having to achieve any unrealistic goals set by management and other higher-ups. What I’m missing from this memo and associated reporting is Microsoft telling its employees that if unrealistic targets, crunch, low pay, and other factors that contribute to cutting corners get in the way of putting security first, they have the freedom to choose security. If employees are not given such freedom, demanding even more from them without anything in return seems like a recipe for disaster to me, making this whole memo quite moot. We’ll have to see what this will amount to in practice, but with how horrible employees are treated in most industries these days, especially in countries with terrible union coverage and laughable labour protection laws like the US, I don’t have high hopes for this.
Palestinians living abroad have accused Microsoft of closing their email accounts without warning – cutting them off from crucial online services. They say it has left them unable to access bank accounts and job offers – and stopped them using Skype, which Microsoft owns, to contact relatives in war-torn Gaza. Microsoft says they violated its terms of service – a claim they dispute. ↫ Mohamed Shalaby and Joe Tidy at the BBC Checking up on your family members to see if they survived another day of an ongoing genocide doesn’t seem like something that should be violating any terms of any services, but that’s just me.
When someone tells you who they are, believe them. Microsoft’s AI chief Mustafa Suleyman: With respect to content that is already on the open web, the social contract of that content since the ’90s has been that it is fair use. Anyone can copy it, recreate with it, reproduce with it. That has been freeware, if you like. That’s been the understanding. ↫ Mustafa Suleyman This is absolute bullshit from the first word to the very last. None of this is true – not even in the slightest. Content on the web is not free for the taking by anyone, especially not to be chewed up and regurgitated verbatim by spicy autocomplete tools. There is no “social contract” to that effect. In fact, when I go to any of Microsoft’s website, documents, videos, or any other content they publish online, on the open web, and scroll to the very bottom of the page, it’s all got the little copyright symbol or similar messaging. Once again, this underlines how entitled Silicon Valley techbros really are. If we violate even a gram of Microsoft’s copyrights, we’d have their lawyers on our ass in weeks – but when Microsoft itself needs to violate copyright and licensing on an automated, industrial scale, for massive profits, everything is suddenly peace, love, and fair use. Men in Silicon Valley just do not understand consent. At all. And they show this time and time again. Meanwhile, the Internet Archive has to deal with crap like this: The lawsuit is about the longstanding and widespread library practice of controlled digital lending, which is how we lend the books we own to our patrons. As a result of the publishers’ lawsuit, more than 500,000 books have been removed from our lending library. ↫ Chris Freeland at the Internet Archive Blogs Controlled lending without a profit motive is deemed illegal, but violating copyright and licensing on an automated, industrial scale is fair use. Make it make sense. Make it make sense.
The European Commission has informed Microsoft of its preliminary view that Microsoft has breached EU antitrust rules by tying its communication and collaboration product Teams to its popular productivity applications included in its suites for businesses Office 365 and Microsoft 365. ↫ European Commission press release Chalk this one up in the unsurprising column, too. Teams has infested Office, and merely by being bundled it’s become a major competitor to Slack, even though everyone who has to use it seems to absolutely despise Teams with a shared passion rivaling only Americans’ disgust for US Congress. On a mildly related note, I’m working with a friend to set up a Matrix server specifically for OSNews users, so we can have a self-hosted, secure, and encrypted space to hang out, continue conversations beyond the shelf life of a news item, suggest interesting stories, point out spelling mistakes, and so on. It’ll be invite-only at first, with preference given to Patreons, active commenters, and other people I trust. We intend to federate, so if everything goes according to plan, you can use your existing Matrix username and account. I’ll keep y’all posted.
It seems the success of the Framework laptops, as well the community’s relentless focus on demanding repairable devices and he ensuing legislation, are starting to have an impact. It wasn’t that long ago that Microsoft’s Surface devices were effectively impossible to repair, but with the brand new Snapdragon X Elite and Pro devices, the company has made an impressive U-turn, according to iFixIt. Both the new Surface Laptop and Surface Pro are exceptionally easy to repair, and take cues from Framework’s hardware. Microsoft’s journey from the unrepairable Surface Laptop to the highly repairable devices on our teardown table should drive home the importance of designing for repair. The ability to create a repairable Surface was always there but the impetus to design for repairable was missing. I’ll take that as a sign that Right to Repair advocacy and legislation has begun to bear fruit. ↫ Shahram Mokhtari The new Surface devices contain several affordances to make opening them up and repairing them easier. They take cues from Framework in that inside screws and components are clearly labeled to indicate what type they are and which parts they’re holding in place, and there’s a QR code that leads to online repair guides, which were available right away, instead of having to wait months to forever for those to become accessible. The components are also not layered; in other words,you don’t need to remove six components just to get to the SSD, or whatever – some laptops require you to take out the entire mainboard just to get access to the fans to clean them, which is bananas. Microsoft technically doesn’t have to do any of this, so it’s definitely praiseworthy that their hardware department is going the extra kilometre to make this happen. The fact that even the Surface Pro, a tablet, can be reasonably opened up and repaired is especially welcome, since tablets are notoriously difficult to impossible to repair.
Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others. ↫ Renee Dudley at ProPublica In light of Recall, a very dangerous game.
These sources, as clearly stated in the repo’s readme, are the 8088 assembly language sources from 10th Feb 1983, and are being open-sourced for historical reference and educational purposes. This means we will not be accepting PRs that modify the source in any way. ↫ Rich Turner I’m loving all these open source releases from Microsoft, but honestly, I’d wish the pace was a little higher and we’d get to some more recent stuff. Open sourcing early versions of MS-DOS and related software is obviously great from a software preservation standpoint, but at this rate we’ll get to more influential pieces of software by the time the sun experiences its helium flash. On a related note, about a month ago Microsoft released the source code to MS-DOS 4.00. Well, we’ve now also got access to the code for MS-DOS 4.01, a bugfix release that came out very quickly after 4.00. Due to various bugs, DOS 4.00 was a relatively short-lived release, and it was replaced by DOS 4.01 just a couple of months later. Howard M. Harte (hharte), who already fixed various flaws in the official source code release of MS-DOS 4.00, managed to figure out the differences between DOS 4.00 and 4.01 — we now have access to the improved version as well! ↫ Lothar Serra Mari We’re getting a pretty complete picture of early MS-DOS source code.
Microsoft is making security its number one priority for every employee, following years of security issues and mounting criticisms. After a scathing report from the US Cyber Safety Review Board recently concluded that “Microsoft’s security culture was inadequate and requires an overhaul,” it’s doing just that by outlining a set of security principles and goals that are tied to compensation packages for Microsoft’s senior leadership team. ↫ Tom Warren at The Verge The devil is in the details regarding tying executive pay to security performance, but it we take it at face value and assume good intent – which is a laughable assumption in our corporatist world, but alas – I would like to see more of this. It’s high time executives start paying – literally and figuratively – for the failings of the companies and teams they claim to run.
Years of accumulated security debt at Microsoft are seemingly crashing down upon the company in a manner that many critics warned about, but few ever believed would actually come to light. Microsoft is an entrenched enterprise provider, owning nearly one-quarter of the global cloud infrastructure services market and, as of Q1 last year, nearly 20% of the worldwide SaaS application market, according to Synergy Research Group. Though not immune to scandal, in the wake of two major nation-state breaches of its core enterprise platforms, Microsoft is facing one of its most serious reputational crises. ↫ David Jones at Cybersecurity Dive It’s almost like having the entire US government dependent on a single vendor is a bad idea. Just spitballing here.
Regarding the release of the MS-DOS 4.00 source code, Michal Necasek makes an excellent point about how just dumping the code in git is a terrible and destructive way to release older source code. It’s terrific that the source code for DOS 4.00/4.01 was released! But don’t expect to build the source code mutilated by git without problems. Historic source code should be released simply as an archive of files, ZIP or tar or 7z or whatever, with all timestamps preserved and every single byte kept the way it was. Git is simply not a suitable tool for this. ↫ Michal Necasek at OS/2 Museum The problems caused by dumping the code in git are quite real. Timestamps are not preserved, and the conversion to UTF-8 is deeply destructive, turning some parts of the code to literal gibberish. It’s a bit of a mess, and the people responsible for these release should be more careful and considerate.
Today, in partnership with IBM and in the spirit of open innovation, we’re releasing the source code to MS-DOS 4.00 under the MIT license. There’s a somewhat complex and fascinating history behind the 4.0 versions of DOS, as Microsoft partnered with IBM for portions of the code but also created a branch of DOS called Multitasking DOS that did not see a wide release. ↫ Scott Hanselman Not only did they release the source code to MS-DOS 4.00, they also released disk images of a very early version of Multitasking DOS, which did not see a wide release, as the article states. I’ve only vaguely heard of MT-DOS over the decades, so I had to do some minor reading and research to untangle what, exactly, MT-DOS really is. Much of this information is probably table stakes for the many older readers we have, but bear with me. MT-DOS, which has the official name MS-DOS 4.0 (often further specified by adding “multitasking” in brackets after the version number) was a version of MS-DOS developed by Microsoft based on MS-DOS 2.0, whose headlining feature was pre-emptive multitasking, which allowed specifically written applications to continue to run in a special background mode. Interestingly enough, it had to perform this multitasking with the same 640k memory limitation as other versions of DOS. Very few OEMs ended up licensing it, and most notably IBM wasn’t interested, so after one or two more OEM-specific versions, it was quickly abandoned by Microsoft. MS-DOS 4.0 (multitasking) is entirely unrelated to the “real” versions 4 of MS-DOS that followed later. The actual version 4 was called MS-DOS 4.00, and it’s the source code to this specific version that’s being released as open source today. MS-DOS 4.00 was quickly followed by 4.01 and 4.01a, but apparently OEMs would confusingly still label 4.01 disks as “MS-DOS 4.0”. The whole MS-DOS 4 saga is quite convoluted and messy, and I’m probably oversimplifying a great deal. Regardless, this code joins the open source releases of MS-DOS 1.25 and 2.0 that Microsoft released years ago.
In May and June 2023, a threat actor compromised the Microsoft Exchange Online mailboxes of 22 organizations and over 500 individuals around the world. The actor—known as Storm-0558 and assessed to be affiliated with the People’s Republic of China in pursuit of espionage objectives—accessed the accounts using authentication tokens that were signed by a key Microsoft had created in 2016. This intrusion compromised senior United States government representatives working on national security matters, including the email accounts of Commerce Secretary Gina Raimondo, United States Ambassador to the People’s Republic of China R. Nicholas Burns, and Congressman Don Bacon. The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations. ↫ Cyber Safety Review Board’s report The Cyber Safety Review Board reviewed the attack on Microsoft Exchange from last year, with Microsoft’s cooperation, and it turns out it was kind of a complete and utter shitshow inside Microsoft – a cascade of failures, as the report calls it – and concludes that it was an entirely preventable attack. The report is not kind to Microsoft, and it’s a very interesting read if you’re into this sort of post mortems of security breaches.
Microsoft is currently testing a new AI-powered Xbox chatbot that can be used to automate support tasks. Sources familiar with Microsoft’s plans tell The Verge that the software giant has been testing an “embodied AI character” that animates when responding to Xbox support queries. I understand this Xbox AI chatbot is part of a larger effort inside Microsoft to apply AI to its Xbox platform and services. ↫ Tom Warren at The Verge I’m convinced. This is the future. Artificial intelligence, AI, no quotation marks. Please, Microsoft. Train this AI on Xbox voice chat and messages. What could possible go wrong?
Microsoft will sell its chat and video app Teams separately from its Office product globally, the U.S. tech giant said on Monday, six months after it unbundled the two products in Europe in a bid to avert a possible EU antitrust fine. The European Commission has been investigating Microsoft’s tying of Office and Teams since a 2020 complaint by Salesforce-owned competing workspace messaging app Slack. ↫ Foo Yun Chee at Reuters I honestly misread this as Microsoft selling Teams off, which would’ve been far bigger news. Unbundling Teams from Office globally is just Microsoft applying its recent European Union policy to the rest of the world. All we need now is Microsoft to stop trying to make Teams for families and friends happen, because nobody will ever want to use Teams for anything, let alone personal use.
Microsoft Graveyard is the virtual graveyard for all products killed by Microsoft; a free and open source collection of dead Microsoft products built by a passionate and nostalgic community. Our objective as a community is to provide factual, historic information for the products listed here. If something is missing, inaccurate, or you have a suggestion, visit and contribute to the project on GitHub. ↫ Victor Frye Heavily inspired by Killed by Google, but definitely incomplete for now, especially the further back in time you go.