this post was submitted on 23 Sep 2025

729 points (98.5% liked)

Microblog Memes

9285 readers

2548 users here now

A place to share screenshots of Microblog posts, whether from Mastodon, tumblr, ~~Twitter~~ X, KBin, Threads or elsewhere.

Created as an evolution of White People Twitter and other tweet-capture subreddits.

Rules:

Please put at least one word relevant to the post in the post title.
Be nice.
No advertising, brand promotion or guerilla marketing.
Posters are encouraged to link to the toot or tweet etc in the description of posts.

Related communities:

founded 2 years ago

MODERATORS

ReadyUser31@lemmy.world

aeronmelon@lemmy.world

needanke@feddit.org

729

Protection (infosec.pub)

submitted 2 days ago by Track_Shovel@slrpnk.net to c/microblogmemes@lemmy.world

69 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] udon@lemmy.world 7 points 18 hours ago

I hope the EU sues the shit out of MS some time for this "feature". Write protection is one of the few things Libreoffice can't handle well, and from my perspective, that is the entire reason they have it. Also, funny enough, Office 362, their own fucking product, also can't handle it. So you need a computer where you can install the desktop version, just to untick the fucking "write-protected" box and do your job.

In academic research, you often have to apply for money from funding agencies, using write-protected templates. If you don't use the exact template or if it looks distorted in some way, you're out (of consideration for the funding, and long-term out of your job).

[–] Sarmyth@lemmy.world 31 points 1 day ago (2 children)

Nothing compares to the foolish audacity of excel to switch numbers to scientific notation by default. This can't possibly be the most commonly desired outcome. Its the most annoying "feature" they have that has existed forever.

[–] BanMe@lemmy.world 24 points 1 day ago (1 children)

Hey. Look at that column of dates you got. Would be a shame if they got converted to random numbers.

[–] piecat@lemmy.world 13 points 1 day ago (1 children)

Hey that's a cool sequence of genes. Would be a shame if we converted a few into date format when you try to save as .csv

[–] echodot@feddit.uk 1 points 18 hours ago (1 children)

Sure but at the same time they shouldn't be using Excel as a database.

[–] piecat@lemmy.world 0 points 15 hours ago (1 children)

Nobody does that?

[–] echodot@feddit.uk 1 points 12 hours ago (1 children)

In the example you're talking about the scientists were using it as a database. A Microsoft executive even came out and told them that you shouldn't use it as a database.

Occasionally there's even articles in scientific journals explaining why you shouldn't use Excel as a database and suggesting alternatives. But for some reason people still turn to their favourite not database database software.

[–] piecat@lemmy.world 2 points 1 hour ago

This isn't a live or massive dataset. It's a table of data from the samples that were sequenced.

CSV is a perfectly adequate format for the work being done. Actually, Excel's bug-as-a-feature is the only reason you wouldn't want to use it.

[–] MycelialMass@lemmy.world 13 points 1 day ago

Im sorry, the auto date formating is by far the worst. Just leave my numbers the fuck alone man, numbers are supposed to be precise, judt dont fucking touch em. Rant over lol

[–] laserm@lemmy.world 6 points 1 day ago (1 children)

Well before it people were getting hacked by VBS macros so yeah it makes sense..

[–] TroublesomeTalker@feddit.uk 2 points 1 day ago (1 children)

More profitable to sell the disease and the cure!

[–] Honytawk@lemmy.zip 2 points 1 day ago

Yeah, better to gut Excel from usefull features because they can be abused /s

[–] CaptDust@sh.itjust.works 132 points 2 days ago* (last edited 2 days ago) (2 children)

This behavior is annoying as hell, but I also think it's for the best. Excel specifically was way too trusting, has a full development environment with the ability to auto-run macros, and has become a convenient vector for delivering malicious code.

[–] funkless_eck@sh.itjust.works 82 points 2 days ago (4 children)

I once made an xlsx with a VBA module and put it in my often-late coworkers' startup folder. It would check log-on time and if it was between 9:01am and 9.59am it would send an email to the rest of the team apologizing for being late that day.

Stunning that I could do that on what was supposedly a locked-down internal system.

[–] laserjet@lemmy.dbzer0.com 4 points 17 hours ago

what an incredible jackass

[–] TempermentalAnomaly@lemmy.world 7 points 1 day ago

What in the actual fuck.

[–] CaptDust@sh.itjust.works 62 points 2 days ago* (last edited 1 day ago) (1 children)

I once used VBA to script and automate 90% of my old desk job. I just needed a way to automate keyboard input and some basic conditional controls.

I couldn't install python or run batch scripts as the machine was heavily locked down, but luckily MS provided all the tools I needed inside excel. System admins hate this one trick, thanks microsoft!

[–] funkless_eck@sh.itjust.works 13 points 2 days ago

haha yeah same. We had this terrible internal CMS that I would automate the hell out of.

[–] parody@lemmings.world 7 points 2 days ago (1 children)

LOL pls say more

[–] funkless_eck@sh.itjust.works 23 points 2 days ago (1 children)

You just enable the VB script to check the system time on launch and auto close silently if outside those times.

Excel integrates with all Microsoft products so it can access Outlook and send an email. You populate the email fields as you want and put it inside an if loop of the times and exit. Even without outlook I think it might be able to send emails with some plug-ins or via a browser window, navigate to mail, and do basic webscraping and clicking like you'd do with Beautiful Soup or AHK.

The whole setup can just be worked out with some googling and stack exchange threads.

It was a running joke he was always late and it wasn't exactly the best run company so there was no negative outcomes really, just harmless fun.

[–] DarkSirrush@lemmy.ca 7 points 1 day ago

My workplaces malwarebyte's settings end the excel process tree if it tries to run a script that accesses other M$ products.

Was super annoyed when I discovered that while trying to script in an email template for the form I was making, since at the time staff never cc'd the correct people and would then bitch out finance for not paying them.

[–] TrickDacy@lemmy.world 31 points 2 days ago (1 children)

I mean, if people weren't desensitized to warnings like this by getting them constantly, I think you'd be right

[–] shalafi@lemmy.world 9 points 2 days ago

In IT we have to consider the signal to noise ratio of warning users.

[–] chisel@piefed.social 75 points 2 days ago (1 children)

There is malware that can infect you simply by opening an office document. One of the cooler security trainings I've been through was a recorded demo of it. Opened a doc on one computer, enabled editing, then another computer was able to extract credentials from ram or something.

[–] NKBTN@feddit.uk 33 points 2 days ago (3 children)

They're borderline works of genius, some of them

load more comments (3 replies)

[–] noughtnaut@lemmy.world 48 points 2 days ago (2 children)

Just TODAY I generated a text file via a bash script, and when attempting to open it in Notepad++ Windows insisted on warning me about potential hazards because it couldn't verify who created the file. A text file! Heavens. I wonder how long I'll last in that blasted Windows centric environment.

[–] bleistift2@sopuli.xyz 43 points 2 days ago (2 children)

Not so far-fetched when you realize that Windows crams AI into everything and the text file might contain malicious instructions.

[–] noughtnaut@lemmy.world 3 points 1 day ago

It was a text file with 80 rows of `username="username username@example.com" mappings (for an svn to git conversion). Nothing nefarious.

[–] TrickDacy@lemmy.world 11 points 2 days ago

Yeah, but honestly it wouldn't even need AI to have this issue with the kind of bloated spaghetti code that MS seems to produce.

[–] lazynooblet@lazysoci.al 6 points 2 days ago (3 children)

I call BS. More likely notepad++ attempted to update and their new installer is no longer signed as the developer has been having issues getting a new signing certificate based on the app name (they want a legal identity).

[–] dual_sport_dork@lemmy.world 3 points 1 day ago

No, Windows Explorer itself does this when attempting to access network files under some byzantine set of conditions I've never been able to get to the bottom of. For instance, my machine at work bitches at me whenever I attempt to open or copy any log file (which is obviously just a text file) from either of my Linux based servers.

I use Notepad++ also, and trying to open one of these files either from Explorer or the file open dialog in NP++ triggers the warning.

I literally did it just now to generate this screenshot.

[–] noughtnaut@lemmy.world 3 points 1 day ago

It was most certainly not Notepad trying to update, it very definitely was Windows intercepting the file open process.

load more comments (1 replies)

[–] nek0d3r@lemmy.dbzer0.com 57 points 2 days ago (3 children)

Instead of asking why your word processor should have the ability to run arbitrary code, you just inconvenience everyone else on the chance it might. What even.

[–] sp3ctr4l@lemmy.dbzer0.com 6 points 1 day ago

Yep.

A constant stream of creating problems and then creating solutions for those problems, which cause more problems....ad infinitum.

Go back and fix the root cause?

Impossible!

Then our 2nd and 3rd tier 'solutions' would have all the 'solutions' based on them not work!

[–] CaptDust@sh.itjust.works 30 points 2 days ago

Yup, it's a shit bandaid to mitigate a shit design. The MS specialty.

[–] shalafi@lemmy.world 9 points 2 days ago (1 children)

Scripting is great in Excel, but I've never encountered or heard of a use for it in Word.

[–] SirActionSack@aussie.zone 6 points 2 days ago

That's partly because the API for manipulating word docs with VBA is incredibly awful.

[–] xxce2AAb@feddit.dk 24 points 2 days ago (5 children)

Like trying to have sex in a full body plaster cast.

load more comments (5 replies)

[–] TabbsTheBat@pawb.social 14 points 2 days ago (3 children)

As someone who doesn't use microsoft stuff.. anyone here have an explanation? lol

[–] Pirky@lemmy.world 39 points 2 days ago* (last edited 2 days ago) (4 children)

For me, when I open an Excel file from our business partner, it will always open in protected view which limits the functions the document can do. I then have to tell it to open in regular view which closes the doc and reopens it, wasting my time.
But sometimes even doing that won't solve the problem. It will say I have to go into the doc's properties and mark it as "safe". That requires closing it yet again. Right clicking it in file explorer, and checking a box in the properties tab. Then I get to reopen it yet again.
And I have to do this nearly every single time. Fun stuff.

[–] darklamer@lemmy.dbzer0.com 2 points 17 hours ago

I then have to tell it to open in regular view which closes the doc and reopens it,

How can you know if a document is safe to open in this "regular view"?

[–] 9point6@lemmy.world 19 points 2 days ago (2 children)

Microsoft office documents not running in protected mode can run arbitrary code on your computer. Given VBA that arbitrary code can pretty much access anything any installed application can.

There's a load of Office malware written that can infect all the documents on your system with keyloggers and password scrapers.

It's a pain in the ass yeah, but it exists to mitigate a very real risk.

[–] Miaou@jlai.lu 7 points 2 days ago* (last edited 2 days ago)

It doesn't mitigate anything when it pops every single time. Microsoft on its own has rendered scary messages useless with how often they use them.

load more comments (1 replies)

load more comments (2 replies)

[–] muntedcrocodile@hilariouschaos.com 10 points 2 days ago* (last edited 2 days ago) (2 children)

As someone who never did anything dodgy with a computer in my time. Its cos Microsoft files opened not in protected views can embed and execute macros. These macros are essentially a remote code execution. Mostly not used anymore (defaults to disabled macros) but plenty of large orgs still have macros enabled cos legacy bullshit.

U can do similar with some font formats, screensavers, and a multitude of unexpected things that most people think are completely safe. That's how linustechtips was got rce through screensaver disguised as PDF that installed a rat and token stealer that stole live YouTube session tokens. U can also use the victim device as an exit for routing traffic as a reverse proxy so tokens appear to be coming from the same device to avoid triggering security warnings.

Tldr don't enable it for random files from dubious sources and check the file extensions else u will get hacked.

load more comments (2 replies)

load more comments (1 replies)

[–] VitoRobles@lemmy.today 7 points 2 days ago (3 children)

I'm so glad I don't work in industries like that.

Send me a doc file? In an email? Nah.

Just send me a webpage or PDF I can open in the browser. I'm not opening anything that requires downloading software.

[–] onslaught545@lemmy.zip 9 points 2 days ago (3 children)

Malicious PDFs are a thing.

load more comments (3 replies)

load more comments (2 replies)

[–] Randelung@lemmy.world 4 points 2 days ago

But it will just close and reopen and act like nothing happened, except your work is gone. Just switching meeting room? Well, who does that!?

load more comments