Patch Lady – Panos we need transparency

Earlier today two things happened.  Thing one:  Panos Panay was named in charge of Windows both in terms of hardware and software.

The second thing occurred is that we all found out that our local search boxes are somehow dependent on some service working at Microsoft.

A few weeks ago Microsoft announced that they were going to insert a search extension in Chrome to redirect the search from google to bing for users of Office 365 Pro Plus.   They plan to do the same for Firefox.  As of today I have not heard any word that this decision – that I haven’t seen a single person or customer of Microsoft think this is a good idea – has been pulled back and reconsidered.

This is my blog post to Panos Panay as he starts this new journey.

Dear Mr. Panay.   Let me introduce myself.   My name is Susan Bradley and I’ve been working with computers since I was in high school years ago.  Microsoft has been a key part of my personal success and business success.  We wouldn’t be able to do what we do without Microsoft paving the way of bringing technology out of the datacenter and to my desk.  I want to congratulate you on this new position and hope that you will pave the way for a new transparency that is sorely needed in Microsoft.  As the computer has moved from the datacenter (when I was in college I worked on computer coding in Basic on dumb terminals in the college datacenter) to my desk (IBM 8088) and now back to the data center, you need to realize that the journey where our data is there to here and now back at there means that you need to earn  AND maintain our trust.

We have to trust that you are keeping our data safe.  We have to trust you on Patch Tuesday to patch and protect our systems.  Microsoft has long taken the stance that patching our systems is the best way to keep ourselves safe.  Your staff has often explained that the old way of individual patching led to fragmentation of the operating system.  If one person opted to not install an update, they would forever have a system that was not “whole”.  They’d forever have an operating system that would be different and unique from another system.  Thus rolling up all of the updates into a single installable patch each month would ensure that we were all patched, all protected, all “whole”.  It also assured us that we’d have less issues with detection and supercedence.

But rolling up all of these updates into one patch meant that we had to trust that you’d done enough quality checks to ensure that we’d not only be protected when we patch, that we’d also get patches that didn’t hurt us in the process of updating.  I STILL get constantly asked about which patches should be skipped because people don’t trust that Microsoft is doing enough to ensure that patches are tested in advance.  The Windows health release dashboard that was released goes to help this trust process.

But you need to do more.  I still cannot in good conscience tell people to patch immediately.  I still feel more comfortable telling people to wait at least a week (if not more) to give time for issues to be discovered and patches fixed.

Today’s search issue is an example where transparency of what happened here needs to be talked about.  Most of us had no idea that our shiny new Windows 10 search box had a dependency on something that broke.  Most of us had no idea that you are not only updating our operating system with patching updates, with store updates and now apparently another updating mechanism that none of us really had a clue was being updated on a regular basis.

And please.  Please sit down with Joe Belfiore (who is taking over the Office side of Microsoft) and do not hijack the search engine of a third party browser.  Doing so means that you are setting a bad precedent.  An entry in wikipedia now list Office 365 as a browser hijacker.   It saddens me to see that.  This isn’t how software should be written and deployed.  And this REALLY isn’t how Microsoft should be deploying software in 2020.

A while ago I had put in place a “Pinocchio” scale.  I’d put a graphic on a post when I felt Microsoft wasn’t being transparent enough.    I think I need another graphic.  One that represents when your Company hasn’t earned our trust.

It’s not enough to post up whitepapers on how your cloud services provide privacy and security.  Your firm has to earn our trust in the actions of your firm.  Your firm can’t go back to the behavior of a software bully.   Microsoft, remember not THAT long ago you had to pay penalties and fees for doing monopolistic behavior.  Don’t do that again.

So please.  As you take over the reins of this company, your shareholders aren’t the only important people you need to cater to.  Your customers, those of us that have to trust you with our data, our businesses, our future endeavors deserve better behavior than this.