Personally, I use a solid color background. It was the default in Windows 95,¹ and I’ve stuck with that bluish-green background color ever since. It’s sort of like my comfort food.

Imagine my surprise when someone pointed me to a support article titled “The Welcome screen may be displayed for 30 seconds during the logon process after you set a solid color as the desktop background in Windows 7 or in Windows Server 2008 R2.” Why is logon slower with a solid background?

After your logon has been authenticated, Windows sets up your desktop. There are a lot of things going on. The taskbar gets created. The components that are responsible for various system services are loaded and initialized. The desktop window is created and filled with icons. And the desktop background window loads up the desktop wallpaper and paints it to the screen.

The logon system waits for all of these pieces to report that they are ready, and when the all-clear signal is received from everybody, or when 30 seconds have elapsed, the logon system switches away from the Welcome screen.

Given that design, you can imagine the reason for the 30-second delay: It means that one of the pieces failed to report. Perhaps it was written like this:

InitializeWallpaper()
{
    if (wallpaper bitmap defined)
    {
        LoadWallpaperBitmap();
    }
}

LoadWallpaperBitmap()
{
    locate the bitmap on disk
    load it into memory
    paint it on screen
    Report(WallpaperReady);
}

The code to report that the wallpaper is ready was inside the wallpaper bitmap code, which means that if you don’t have a wallpaper bitmap, the report is never made, and the logon system waits in vain for a report that will never arrive.

Later in the article, it notes a related article that calls out that if you have the “Hide desktop icons” group policy enabled, then you might also suffer from the 30-second delay.

Group policies are susceptible to this problem because they tend to be bolted on after the main code is written. When you have to add a group policy, you find the code that does the thing, and you put a giant “if policy allows” around it.

// Original code
InitializeDesktopIcons()
{
    bind to the desktop folder
    enumerate the icons
    add them to the screen
    Report(DesktopIconsReady);
}

// Updated with group policy support

InitializeDesktopIcons()
{
    if (desktop icons allowed by policy)
    {                                   
        bind to the desktop folder
        enumerate the icons
        add them to the screen
        Report(DesktopIconsReady);
    }                                   
}

Oops, the scope of the “if” block extended past the report call, so if the policy is enabled, the icons are never reported as ready, and the logon system stays on the Welcome screen for the full 30 seconds.

Note that in both of these cases, it’s not that the logon is extended by 30 seconds. Rather, the Welcome screen stays on for the full 30 seconds rather than the actual time it took for all systems to report ready (which could be 5 seconds, or it could be 25 seconds, depending on your system’s performance).

If you look at the timestamps on the articles, you can see that the problem was fixed in November 2009, just a few months after Windows 7 was released in July 2009.

¹ Originally, I avoided bitmap backgrounds because they took up a lot of memory, and when you had only 4 or 8 megabytes of memory, eating three quarters of a megabyte of memory just for wallpaper was not a good return on investment.

Also, I tend to stick with default configurations because it makes bug filing easier. If the repro instructions are “install a system from scratch, then perform these steps”, you’re more likely to get traction than if you say “install a system from scratch, change these 50 settings from their defaults, and then perform these additional steps.” It’s much easier to justify a bug fix that affects the default configuration than a bug fix that requires that the user have changed settings from the default, particularly if those settings are obscure.

The post Why did Windows 7, for a few months, log on slower if you have a solid color background? appeared first on The Old New Thing.

“I think we essentially have become a kleptocracy that would make Putin blush. I mean, keep in mind that in the first three months, the Trump family has become $3 billion wealthier, so that’s a billion dollars a month.”

— Business school professor Scott Galloway, quoted by the New Republic.

'Giant Bomb has new owners, and you're looking at them'

The post Giant Bomb Has Been Sold To Giant Bomb appeared first on Aftermath.

A messaging service used by former National Security Advisor Mike Waltz has temporarily shut down while the company investigates an apparent hack. The messaging app is used to access and archive Signal messages but is not made by Signal itself.

404 Media reported yesterday that a hacker stole data "from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the US government to archive messages." 404 Media interviewed the hacker and reported that the data stolen "contains the contents of some direct messages and group chats sent using [TeleMessage's] Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat."

TeleMessage is based in Israel and was acquired in February 2024 by Smarsh, a company headquartered in Portland, Oregon. Smarsh provided a statement to Ars today saying it has temporarily shut down all TeleMessage services.

"TeleMessage is investigating a recent security incident," the statement said. "Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation. Out of an abundance of caution, all TeleMessage services have been temporarily suspended. All other Smarsh products and services remain fully operational."

Last week, Waltz was photographed using the TeleMessage Signal app on his phone during a White House cabinet meeting. Waltz's ability to secure sensitive government communications has been in question since he inadvertently invited The Atlantic Editor-in-Chief Jeffrey Goldberg to a Signal chat in which top Trump administration officials discussed a plan for bombing Houthi targets in Yemen.

Waltz was removed from his post late last week, with Trump nominating him to serve as ambassador to the United Nations.

TeleMessage website removes Signal mentions

The TeleMessage website until recently boasted the ability to "capture, archive and monitor mobile communication" through text messages, voice calls, WhatsApp, WeChat, Telegram, and Signal, as seen in an Internet Archive capture from Saturday. Another archived page says that TeleMessage "captures and records Signal calls, messages, deletions, including text, multimedia, [and] files," and "maintain[s] all Signal app features and functionality as well as the Signal encryption."

The TeleMessage home page currently makes no mention of Signal, and links on the page have been disabled.

The anonymous hacker who reportedly infiltrated TeleMessage told 404 Media that it took about 15 to 20 minutes and "wasn't much effort at all." While the hacker did not obtain Waltz's messages, "the hack shows that the archived chat logs are not end-to-end encrypted between the modified version of the messaging app and the ultimate archive destination controlled by the TeleMessage customer," according to 404 Media.

"Data related to Customs and Border Protection (CBP), the cryptocurrency giant Coinbase, and other financial institutions are included in the hacked material, according to screenshots of messages and backend systems obtained by 404 Media," the report said. 404 Media added that the "hacker did not access all messages stored or collected by TeleMessage, but could have likely accessed more data if they decided to, underscoring the extreme risk posed by taking ordinarily secure end-to-end encrypted messaging apps such as Signal and adding an extra archiving feature to them."

Read full article

Comments

The Trump administration filed an emergency application on Friday asking the Supreme Court to restore DOGE's access to Social Security Administration records. A lower-court order that prohibited DOGE's access is causing "irreparable harm to the executive branch" and thwarting DOGE's attempts to "eliminate waste and fraud," US Solicitor General John Sauer wrote in the appeal.

"The government cannot eliminate waste and fraud if district courts bar the very agency personnel with expertise and the designated mission of curtailing such waste and fraud from performing their jobs," Sauer told the Supreme Court. The preliminary injunction that is currently in place halted "the Executive Branch's critically important efforts to improve its information-technology infrastructure and eliminate waste," the brief said.

The appeal was lodged in a case filed by the American Federation of State, County and Municipal Employees; the Alliance for Retired Americans; and American Federation of Teachers. Chief Justice John Roberts asked them to file a response to the US by May 12.

In March, the plaintiffs obtained an order that required the Social Security Administration (SSA) to block DOGE's access to records. US District Judge Ellen Lipton Hollander's order said the DOGE entity created by President Donald Trump "is essentially engaged in a fishing expedition at SSA, in search of a fraud epidemic, based on little more than suspicion."

Trump admin lost at appeals court

Hollander ordered the SSA to cut off DOGE's access and ruled that Elon Musk and other DOGE members must "disgorge and delete all non-anonymized PII [personally identifiable information] data in their possession or under their control." The District of Maryland judge found that Social Security officials "provided members of the SSA DOGE Team with unbridled access to the personal and private data of millions of Americans, including but not limited to Social Security numbers, medical records, mental health records, hospitalization records, drivers' license numbers, bank and credit card information, tax information, income history, work history, birth and marriage certificates, and home and work addresses."

Before turning to the Supreme Court, the Trump administration went to the US Court of Appeals for the Fourth Circuit and sought an order to stay the lower-court ruling pending appeal. The appeals court voted 9–6 on April 30 to deny the government's motion.

Sauer's appeal to the Supreme Court was filed on behalf of the SSA, the Department of Government Efficiency (DOGE), DOGE Acting Administrator Amy Gleeson, and Musk, who is described in the brief as "senior advisor to the president." Sauer asked the Supreme Court to stay Hollander's injunction and grant "an immediate administrative stay of the district court's order pending the Court's consideration of this application."

"This emergency application presents a now-familiar theme: a district court has issued sweeping injunctive relief without legal authority to do so, in ways that inflict ongoing, irreparable harm on urgent federal priorities and stymie the Executive Branch's functions," Sauer wrote.

No “concrete injury,” US says

Sauer argued that the organizations suing the government lack standing because their "members furnished their information with the understanding that government employees could access it for a number of purposes, as those employees are permitted to do pursuant to various exceptions in the Privacy Act of 1974." The US brief said the plaintiffs' members "cannot plausibly claim any concrete injury from having particular agency employees—i.e., members of the SSA DOGE team—access their information when those employees are subject to the same legal and ethical obligations against further dissemination that bind all agency employees."

Hollander wrote in March that the government "never identified or articulated even a single reason for which the DOGE Team needs unlimited access to SSA's entire record systems, thereby exposing personal, confidential, sensitive, and private information that millions of Americans entrusted to their government."

In the 4th Circuit's 9–6 ruling against the Trump administration, the majority was composed of judges appointed by Democratic presidents while the judges in the minority were appointed by Republicans. An opinion signed by seven of the circuit judges who voted to uphold the lower-court ruling said that "the very able district judge has carefully and thoughtfully examined the evidence and the legal issues" and found that "the evidence demonstrates that DOGE's work could be accomplished largely with anonymized and redacted data, along with discrete pieces of non-anonymized data in limited, appropriate circumstances—as has long been typical at SSA for the type of technology upgrades and waste, abuse, and fraud detection that DOGE claims to be doing."

“Need” to know

DOGE members were granted data access without being hired by the SSA and without passing background checks, the circuit judges wrote.

"Moreover, the evidence shows that DOGE's unfettered access exceeded that allowed to all but the few most experienced and trusted SSA employees; that such access contravened SSA policy and practices of access limitations and separation of duties; and that DOGE affiliates were granted unfettered access without being properly hired by or detailed to SSA, without standard training, and without mandated background investigations," the opinion said.

The Privacy Act states that a federal agency may disclose records "to those officers and employees of the agency which maintains the record who have a need for the record in the performance of their duties." Sauer argued that Hollander overstepped her authority when determining that DOGE members didn't need the records.

"That standard is clearly met here; employees charged with modernizing government information systems and routing [sic] out fraud, waste, and abuse in data systems plainly need access to those systems," he wrote. "Yet the district court instead viewed agency employees within the SSA DOGE team as the equivalent of intruders who break into hotel rooms. District courts should not be able to wield the Privacy Act to substitute their own view of the government's 'needs' for that of the President and agency heads."

Read full article

Comments