Ello

There was an error saving your image, please try again.

Upload a header image Change your header image

Recommended image size: 1800 x 1013

Upload

(drag & drop)

@fearthecowboy

Garrett Serack

Posts 9 • Following 4 • Followers 12

I'm an Open Source Software Engineer at Microsoft and seem to live a charmed life full of luck, fun and toys.

The Lenovo idiotic blunder with SuperFish - and what I want do about it.

No doubt you have heard of Lenovo ...

The Lenovo idiotic blunder with SuperFish - and what I want do about it.

No doubt you have heard of Lenovo including some very questionable software preinstalled on their laptops

They just posted Removal Instructions for that, but what's really irritating is the typical insulting 'reasons' for having SuperFish loaded in the first place:

To be clear, Superfish technology is purely based on
contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. Users are given a choice whether or not to use the product. The relationship with Superfish is not financially significant; our goal was to enhance the experience for users. We recognize that the software did not meet that goal and have acted quickly and decisively.

Um. Lenovo? Shoving advertising down user's throats for your financial benefit is not enhancing you user's experience. That's you betraying your user's trust while lining your pockets.

Look. I realize that for some insane reason, people (well, other people, not me) tend to put up with advertising as some sort of 'fair-exchange' of services for their time. But nobody is seeking out extra advertising to 'enhance their experience'. To even suggest so is again, betray your customer's trust.

I've had enough

You've now pushed me to the point where I'm starting a new open source project to get pro-active about eliminating software that's only motivation is to degrade the user experience. This includes, malware, adware, crapware, software that uses questionable practices in it's implementation, or in any way betrays the users's trust.

This is a new spare-time initiative that I'm starting; I'm not promising instantaneous results, but I think we can make some valuable progress.

I've created the github repo for the project at https://github.com/CryHavok/Core . Stay tuned as I get started putting some stuff together.

    I'd like to have a moment of silence.

    Yesterday afternoon, at 2:33PM my beloved work disk passed away. He is survived by his younger brother, the SSD...

    I'd like to have a moment of silence.

    Yesterday afternoon, at 2:33PM my beloved work disk passed away. He is survived by his younger brother, the SSD boot disk, who, like our whole family of components is experiencing shock and grief in the passing of our deeply loved friend.

    Moments after committing my last set of changes to source control, my work disk experienced some sort of catastrophic failure. While his passing was indeed quick, it would appear that from the god-awful sound that the disk makes when attempting to spin up, the last moments of his life would have been extreme agony.

    At this time, technicians do not suspect foul play, merely an unforeseen and unknown defect laying in wait in his heart was a ticking time bomb, awaiting an opportunity to strike.

    While the vast majority of data on the disk is backed up on other volumes, there are no doubt some ancient memories that have been lost forever.

    I treasure the moments I had with this disk, and I will always remember him fondly. We've shared so much with each other, from vast ambitious projects, to stashing data that I surely meant to come back to one day.

    Even in this hour of grief, our family looks to the future, and in doing so, would like to remind others, that all life is indeed precious and finite, and for the love of all information and knowledge everywhere:

    BACK YOUR DATA UP. BACK IT UP NOW.

    EVERY SINGLE DISK YOU HAVE WILL ABSOLUTELY DIE ONE DAY.

      Listen all! This is the truth of it. Fighting leads to killing, and killing gets to warring. And that was damn near the death of us all. Look at us now! Bust...

      Listen all! This is the truth of it. Fighting leads to killing, and killing gets to warring. And that was damn near the death of us all. Look at us now! Busted up, and everyone talking about hard rain! But we've learned, by the dust of them all... Bartertown learned. Now, when men get to fighting, it happens here! And it finishes here! Two men enter; one man leaves.

        The markdown support is bigger than Ello mentions:

        namespace Microsoft....

        The markdown support is bigger than Ello mentions:

        namespace Microsoft.OneGet.Utility.Collections {
            using System;
            using System.Collections;
        
            public class ByRefEnumerable : MarshalByRefObject, IEnumerable {
                // we don't want these objects being gc's out because they remain unused...
        
                protected readonly IEnumerable _enumerable;
        
                public ByRefEnumerable(IEnumerable originalEnumerable) {
                    _enumerable = originalEnumerable;
                }
        
                IEnumerator IEnumerable.GetEnumerator() {
                    return GetEnumerator();
                }
        
                public override object InitializeLifetimeService() {
                    return null;
                }
        
                public virtual IEnumerator GetEnumerator() {
                    return new ByRefEnumerator(_enumerable.GetEnumerator());
                }
            }
        }

          Establishing an ecosystem that works together.

          (This was originally written when I started to cobble together the ideas for OneGet.)

          ...

          Establishing an ecosystem that works together.

          (This was originally written when I started to cobble together the ideas for OneGet.)

          I started thinking about how all of this fits together and how we (as an ecosystem) need to be able to work together--and more importantly--still allow different systems to work how they please.

          Many years ago, Kim Cameron came up with a list of "7 Laws of Identity". They outline some core fundamental principles that any Identity system should follow to ensure that everyone's (users, identity providers, and relying parties) security is maximized.

          It occurred to me, that concepts from the Laws could be recycled in a way that reflects how we can define the general parameters for an installation ecosystem:

          1. USER CONTROL AND CONSENT
          Users must always be able to make the ultimate decisions about their system, and installers must never do unauthorized actions without the user's consent. Essentially, we really want to ensure that changes that the user doesn’t want aren't being applied to their systems. This means that the that installers should always provide a clear and accurate description of the product being installed, and ensure that the user is in control of their systems. User interfaces or tools that obscure or break this trust with the user should be avoided. Ideally, user interfaces should strive for some amount of minimalism, not be serving up a collection of pedantic screens which users tediously press 'next' thru. Less UI means that users are far more likely to pay attention to what's said.

          Personal Opinion: I guess at the same time, I should point out a particular gripe of mine, especially with open source software installation on Windows. The proliferation of EULAs and Licenses masquerading as EULAs in the installation process should stop. Many OSS licenses don't actually have any requirement upon the end-user to agree to the terms of them before installation, so please stop asking for people to 'agree' just to make it look like you have a 'professional' installer. 
          
          If you actually have a requirement to record an acceptance of license, perhaps you should be doing that upon first use, or whatever activity actually requires the acceptance of the license
          

          2. MINIMAL IMPACT FOR A CONSTRAINED USE
          Changes to a system should aim to offer the least amount of disruption to the system. Installing unnecessary or unwanted components adds to bloat, and will increase the potential attack surface for malware.

          Personal Opinion: There is a category of software out there that has opted to provide their software free, but heavily--and often with great vigilance--attempts to install toolbars, add-ins, or other pieces of trash software that serve only to funnel advertising to the user. Others nag the user to change their default search settings, or their browser home page for similar purposes. These behaviors are abusive to customers, and should be avoided at all costs. 
          

          3. PLURALISM OF OPERATORS AND TECHNOLOGIES
          The ecosystem should easily support many different technologies, there is no one-size-fits-all answer. Software comes in all shapes and sizes. Any well-behaved individual packaging or installation technology should be welcome to participate. Choosing one technology over another should be left to the publisher. Pushing this to the logical ends means that any attempt to unify these should permit and encourage use of any part of the ecosystem.

          4. TRANSPARENCY, ACCOUNTABILITY, AND REVERSABILITY
          Installation technologies should never obfuscate what is being done, should never place the system in a state that can't be undone. Again, keeping in mind that the target system belongs to the user, not the publisher, end users should be able to expect that un-installation should remove without issue or require any additional work to clean up.

          Personal Opinion: On a slightly tangential note, I'd like to talk about rebooting the system. Windows Installers seem to be overly-eager to reboot the OS, either on installation or uninstallation. Now look--there is a very small class of software that can actually justify having to reboot the system. 99%+ of software should be able to deal with file conflicts, proper setup, manage their running processes or services, manipulating locked files, remove their temporary files, and all of those other things that you think you need to reboot the system in order to finish the work. If you need help on doing this, ask. You'll be doing everyone a great service. 
          

          5. FLEXIBILITY OF INSTALLATION SCOPE
          Ideally, a given package should be able to install into different installation scopes (OS/Global scope, Restricted/User scope, and Local/Sandboxed scope) and support installation into online and offline (VM Images) systems. Packaging systems should consider how they can help products to be fully installed in these scopes.

          6. CONFIGURATION IS NOT INSTALLATION
          Software installation on Windows has since time began, been conflating configuration with installation. This approach introduces several painful problems into the software installation process:

          • This increases the amount of UI during installation, which only leads to additional confusion for the end user.

          • Users may not know the answers to configuration questions, and are now blocked until they can find answers.

          • Configuration during installation is nearly always significantly different than the process to configure (or 're-configure') the product after installation. Again, confusing to the user.

          • Migrating a working configuration to another system is harder when you have to answer during installation. Configuration should be easily portable between installations.

          • Increases friction for end-users who are trying to automate the installation of software for large numbers of systems. -- Really, don't be that guy.

          7. RESPECT THE RESOURCES OF THE TARGET SYSTEM
          Software publishers need to respect the system to which their software is being installed. You don't own that system, the end user does. Common scenarios that can be disrespectful

          • Launching straight from the installer -- Installation should not be considered good opportunity to launch your application. Similar to configuration issues, this is frustrating to end-users who are looking to automate the installations, and can introduce confusion for users who may not have expected that.

          • Automatically starting software at system start -- The proliferation of software that insists on starting up with the OS automatically is getting out of control. Software that wishes to launch at start-up should get explicit opt-in consent from the user (after the user has launched the application), not require the user to hunt down the option from a sea of configuration settings to disable it. Oh, and not providing a method to trivially disable auto-start is very bad.

          • Checking for software updates -- There are two acceptable methods for automatically checking for software updates. Preferred: checking from within the application itself (ie, at startup) and elegantly handling update and restart. Acceptable: Launching an update checker via a scheduled task, checking and then exiting. Wrong: Auto-starting a background or tray-application to constantly check for updates.

          Personal Opinion: This last one is particularly frustrating.  Since Windows doesn't currently have a built-in 3rd party update service (like Windows Update) that will on a schedule check for updates, download and install them, many companies have resorted to running bloated, wasteful apps in the background, waiting for updates.  This is terribly disrespectful to the end user's system, and offers absolutely nothing of value to the user that a scheduled task wouldn't accomplish with less effort. 
          

          8. CONSISTENT EXPERIENCE ACROSS CONTEXTS
          Finally, regardless of underlying technology, there should be a common set of commands, tools and processes that allows users to install whatever software in the way that they'd like. Currently, we see that individual installation technologies are all headed in different directions, which makes automating the installation of some pieces of software a nightmare. We as a community need to have the ability to bring all of these pieces of software together without having to manually script each individual combination.

            Nice that I can write a message here, and get a public link.

            And apparently, you can have bold and italics in messages. Hmmm

            ...

            Nice that I can write a message here, and get a public link.

            And apparently, you can have bold and italics in messages. Hmmm