I hope the EU sues the shit out of MS some time for this “feature”. Write protection is one of the few things Libreoffice can’t handle well, and from my perspective, that is the entire reason they have it. Also, funny enough, Office 362, their own fucking product, also can’t handle it. So you need a computer where you can install the desktop version, just to untick the fucking “write-protected” box and do your job.
In academic research, you often have to apply for money from funding agencies, using write-protected templates. If you don’t use the exact template or if it looks distorted in some way, you’re out (of consideration for the funding, and long-term out of your job).
Nothing compares to the foolish audacity of excel to switch numbers to scientific notation by default. This can’t possibly be the most commonly desired outcome. Its the most annoying “feature” they have that has existed forever.
Hey. Look at that column of dates you got. Would be a shame if they got converted to random numbers.
Hey that’s a cool sequence of genes. Would be a shame if we converted a few into date format when you try to save as .csv
Sure but at the same time they shouldn’t be using Excel as a database.
Nobody does that?
In the example you’re talking about the scientists were using it as a database. A Microsoft executive even came out and told them that you shouldn’t use it as a database.
Occasionally there’s even articles in scientific journals explaining why you shouldn’t use Excel as a database and suggesting alternatives. But for some reason people still turn to their favourite not database database software.
This isn’t a live or massive dataset. It’s a table of data from the samples that were sequenced.
CSV is a perfectly adequate format for the work being done. Actually, Excel’s bug-as-a-feature is the only reason you wouldn’t want to use it.
Im sorry, the auto date formating is by far the worst. Just leave my numbers the fuck alone man, numbers are supposed to be precise, judt dont fucking touch em. Rant over lol
This behavior is annoying as hell, but I also think it’s for the best. Excel specifically was way too trusting, has a full development environment with the ability to auto-run macros, and has become a convenient vector for delivering malicious code.
I once made an xlsx with a VBA module and put it in my often-late coworkers’ startup folder. It would check log-on time and if it was between 9:01am and 9.59am it would send an email to the rest of the team apologizing for being late that day.
Stunning that I could do that on what was supposedly a locked-down internal system.
what an incredible jackass
What in the actual fuck.
I once used VBA to script and automate 90% of my old desk job. I just needed a way to automate keyboard input and some basic conditional controls.
I couldn’t install python or run batch scripts as the machine was heavily locked down, but luckily MS provided all the tools I needed inside excel. System admins hate this one trick, thanks microsoft!
haha yeah same. We had this terrible internal CMS that I would automate the hell out of.
LOL pls say more
You just enable the VB script to check the system time on launch and auto close silently if outside those times.
Excel integrates with all Microsoft products so it can access Outlook and send an email. You populate the email fields as you want and put it inside an if loop of the times and exit. Even without outlook I think it might be able to send emails with some plug-ins or via a browser window, navigate to mail, and do basic webscraping and clicking like you’d do with Beautiful Soup or AHK.
The whole setup can just be worked out with some googling and stack exchange threads.
It was a running joke he was always late and it wasn’t exactly the best run company so there was no negative outcomes really, just harmless fun.
My workplaces malwarebyte’s settings end the excel process tree if it tries to run a script that accesses other M$ products.
Was super annoyed when I discovered that while trying to script in an email template for the form I was making, since at the time staff never cc’d the correct people and would then bitch out finance for not paying them.
I mean, if people weren’t desensitized to warnings like this by getting them constantly, I think you’d be right
In IT we have to consider the signal to noise ratio of warning users.
Well before it people were getting hacked by VBS macros so yeah it makes sense…
More profitable to sell the disease and the cure!
Yeah, better to gut Excel from usefull features because they can be abused /s
There is malware that can infect you simply by opening an office document. One of the cooler security trainings I’ve been through was a recorded demo of it. Opened a doc on one computer, enabled editing, then another computer was able to extract credentials from ram or something.
They’re borderline works of genius, some of them
Not really that genius pretty script kiddy stuff now. U can create ur own in like 5minutes with metasploit.
Ya but the OGs who figured it out
Fair
Just TODAY I generated a text file via a bash script, and when attempting to open it in Notepad++ Windows insisted on warning me about potential hazards because it couldn’t verify who created the file. A text file! Heavens. I wonder how long I’ll last in that blasted Windows centric environment.
Not so far-fetched when you realize that Windows crams AI into everything and the text file might contain malicious instructions.
It was a text file with 80 rows of `username=“username username@example.com” mappings (for an svn to git conversion). Nothing nefarious.
Yeah, but honestly it wouldn’t even need AI to have this issue with the kind of bloated spaghetti code that MS seems to produce.
I call BS. More likely notepad++ attempted to update and their new installer is no longer signed as the developer has been having issues getting a new signing certificate based on the app name (they want a legal identity).
No, Windows Explorer itself does this when attempting to access network files under some byzantine set of conditions I’ve never been able to get to the bottom of. For instance, my machine at work bitches at me whenever I attempt to open or copy any log file (which is obviously just a text file) from either of my Linux based servers.
I use Notepad++ also, and trying to open one of these files either from Explorer or the file open dialog in NP++ triggers the warning.
I literally did it just now to generate this screenshot.
Okay that is a common error when accessing unknown network shares and network settings are misconfigured. Need to add whatever IP or network name to intranet zone. It’s not to do with the file type or contents.
It was most certainly not Notepad trying to update, it very definitely was Windows intercepting the file open process.
the ongoing security nightmare that is the np++ auto-update mechanism continues to generate content
Instead of asking why your word processor should have the ability to run arbitrary code, you just inconvenience everyone else on the chance it might. What even.
Yep.
A constant stream of creating problems and then creating solutions for those problems, which cause more problems…ad infinitum.
Go back and fix the root cause?
Impossible!
Then our 2nd and 3rd tier ‘solutions’ would have all the ‘solutions’ based on them not work!
Yup, it’s a shit bandaid to mitigate a shit design. The MS specialty.
Scripting is great in Excel, but I’ve never encountered or heard of a use for it in Word.
I used to work at a place where one of their test machines generated a cert in Microsoft Word with test results. They were having their lab technicians manually type in something like eight fields of information to flesh put the cert. I managed to hack together a Word VBA plus Python script to interface with the OpenOffice database I had set up so the techs only had to type in one field, and the script filled in the rest.
It was kind of a monstrosity under the hood, but it worked pretty slickly, and given the available tools I was glad the option existed.
That’s partly because the API for manipulating word docs with VBA is incredibly awful.
VBA for Word is bad, but VBA for Excel graphs is worse. At small companies that can’t justify the cost of any software outside Office, people will go to great lengths to get Excel to support data analysis. Not being in that situation anymore is one of my top satisfaction items with having changed jobs from a small to a large company.
Like trying to have sex in a full body plaster cast.
The chafing…
at least you’re havin’ sex …
Not in a full body plaster cast I’m not.
They didn’t leave a hole for peepee and poopoo?
While we could have a serious academic discussion about the logistics of full body plaster cast sex dynamics, we could also… not.
As someone who doesn’t use microsoft stuff… anyone here have an explanation? lol
For me, when I open an Excel file from our business partner, it will always open in protected view which limits the functions the document can do. I then have to tell it to open in regular view which closes the doc and reopens it, wasting my time.
But sometimes even doing that won’t solve the problem. It will say I have to go into the doc’s properties and mark it as “safe”. That requires closing it yet again. Right clicking it in file explorer, and checking a box in the properties tab. Then I get to reopen it yet again.
And I have to do this nearly every single time. Fun stuff.I then have to tell it to open in regular view which closes the doc and reopens it,
How can you know if a document is safe to open in this “regular view”?
Microsoft office documents not running in protected mode can run arbitrary code on your computer. Given VBA that arbitrary code can pretty much access anything any installed application can.
There’s a load of Office malware written that can infect all the documents on your system with keyloggers and password scrapers.
It’s a pain in the ass yeah, but it exists to mitigate a very real risk.
It doesn’t mitigate anything when it pops every single time. Microsoft on its own has rendered scary messages useless with how often they use them.
U would want to install a rat or do a browser token theft. Why bother with a keyloggers when u can steel access codes from the browser directly.
Thamks :3… I can see why that would be annoying lol
What company do u work at? Cos one well placed email with a dodgy file attached could destroy the entire company.
Microsoft managed to build a file format for spreadsheets, text documents and such, which can be used to run arbitrary code on the PC where it’s opened (via VBA). In a move that no one could have predicted, this is used to distribute malware.
And their bandaid fix is this “Protected Mode”, which is entered when you receive a document from another organization. In Protected Mode, it does not run VBA code until you exit it.Unfortunately, their solution has conditioned users to basically always exit Protected Mode.
The annoying part is, they could check if the file even contains malicious code. But they don’t and instead default to protected mode, even for basic files.
It’s probably spaghetti enough that just loading it to check would be exploitable.
As someone who never did anything dodgy with a computer in my time. Its cos Microsoft files opened not in protected views can embed and execute macros. These macros are essentially a remote code execution. Mostly not used anymore (defaults to disabled macros) but plenty of large orgs still have macros enabled cos legacy bullshit.
U can do similar with some font formats, screensavers, and a multitude of unexpected things that most people think are completely safe. That’s how linustechtips was got rce through screensaver disguised as PDF that installed a rat and token stealer that stole live YouTube session tokens. U can also use the victim device as an exit for routing traffic as a reverse proxy so tokens appear to be coming from the same device to avoid triggering security warnings.
Tldr don’t enable it for random files from dubious sources and check the file extensions else u will get hacked.
So disable macros until enabled. But protected view won’t even let you edit a text document.
Yeah Idk why that is all I know is macros will ruin ur life if ur not careful. Luckily I run QubesOS so not a problem I’m too concerned with.
Microsoft documents can contain macros (scripts). While there are legitimate uses for macros, bad actors can use them for malicious purposes.
Protected mode prevents the macros from running.
I’m so glad I don’t work in industries like that.
Send me a doc file? In an email? Nah.
Just send me a webpage or PDF I can open in the browser. I’m not opening anything that requires downloading software.
Malicious PDFs are a thing.
Also malicious web pages. You might need to do slightly more than opening the page, but with all the captcha and similar prompts people are click happy today.
Personally surprised there aren’t more attacks that mimic the click to prove you aren’t a robot and other captcha prompts.
U still need to get someone to download or install something. The browser engine is incredibly locked down in terms of messing up ur system.
When opened in a web browser not really. They can’t jump the v8 engine and can’t access remote services without explicit permission due to CORS.
“Here’s the draft, please mark up and return.” And it’s a fucking PDF print of the word or excel doc.
Every damn week.
Wait you’re the guy that actually opens shit on the web version of SharePoint? You fucking monster
But it will just close and reopen and act like nothing happened, except your work is gone. Just switching meeting room? Well, who does that!?
Is it ribbed for her pleasure?
