Hacker News new | past | comments | ask | show | jobs | submit login
My mouse driver is asking for a firewall exemption (2019) (twitter.com/foone)
1137 points by Tijdreiziger 56 days ago | hide | past | favorite | 556 comments

I have this same mouse. It works perfectly fine as an HID-compliant mouse on Linux, including the forward/back buttons. You only need all that crap if you want to control the rainbow RGB lighting. And if you really that, there's a reverse-engineered driver here: http://roccat.sourceforge.net/

You might want to add, that Roccat supported the reverse engineering effort in this case by providing hardware and approving the use of certain sound files:

> The reversed hardware is kindly provided by Roccat.

> The sound files and the Roccat logo are property of Roccat and are used with their approval.

A few years back, I owned a Roccat mouse myself and was delighted to find a decent Linux driver for it.

There's also libratbag, which contains RGB/DPI/extra-button/etc control for a variety of mice from many many vendors

If you want a graphical frontend for libratbag there's piper.

If you only cared about the basic functions, you could have got a much cheaper mouse.

Since when RGB Rainbow became Enhanced Function and dpi/buttons/accel/grip/etc became basic?

Well, since every mouse has dpi/buttons/axxel/grip/etc and not all mouses have RGB Rainbow.

When you buy the mouse with the RGB lighting over the one that doesn't include it

For anyone interested in open hardware mice, I have to recommend Ploopy: https://ploopy.co/

Plug-and-play, flash your own firmware if you like. Current models ship with QMK (open firmware), although I believe my older trackball didn't, I'd have to flash it.

I have both a left-handed trackball (rare!) and a right-handed mouse from them, I like to alternate.

Two obvious complaints:

- They're really expensive

- They're 3D-printed, which means manufacturing isn't polished. My trackball had a sticky mousewheel, which I ultimately had to buy a replacement for and swap out. My mouse has some rough edges I haven't filed down yet, and the 3D-printed texture may not be for everyone.

The good news is that it's easy to make replacement parts and repairs yourself!

Still, I wish they would make mass-produced versions with more conventional and precise manufacturing techniques, just with the option to 3D-print your own parts if you feel like it / need to. Maybe that would bring the price down while also improving build quality.

You can't have "really expensive" and "crap quality" without going out of business.

It's a pity they don't sell the electronic bits (preloaded with the firmware). I can probably fashion quite a nice trackball enclosure from a block of wood; probably much nicer than 3D printed cheap-feeling plastic.

Tesla is still in business.

I'd be very curious to hear more about how you would go about making a wood enclosure, because I thought the same thing, but I do not have any woodworking skills. I have gotten used to the 3D-printed texture but I wouldn't mind having a nice wooden enclosure instead.

I have been very impressed by Keyboardio's use of wood, for example: https://shop.keyboard.io/ I got an Atreus with a wooden palmrest for my partner, who loves it and uses it daily. I just haven't found an open hardware mouse with similar build quality yet.

> I'd be very curious to hear more about how you would go about making a wood enclosure, because I thought the same thing

Mill two halves, then screw them together with the electronics inside?

File/Sand/Plane down a block for the top, hollow out the interior and close off the hollow with a thin balsa sheet?

The way I made propellers - with a craft knife, cut the wafer thin sheets sold by model airplane stores with successive concentric overlapping ovals for each 1mm height of the enclosure. Glue them all together and sand it down smooth.

Why do nerds always give instructions as questions haha

Assuming this question is in good faith:

I think* it has to do with not wanting to say something as 100% truth without knowing it's 100% true. Which can be interpreted as weakness/insecurity among more business/marketing minded folks.

*see my own usage of "I think"

It was in good faith but I can see how it comes across as snarky, that's bad wording on my part

I can see how that fits, nice one

> It was in good faith but I can see how it comes across as snarky, that's bad wording on my part

I didn't take it as snarky[1], so I wouldn't worry about that if I were you.

[1] I even replied in kind, with a question :-)

> Why do nerds always give instructions as questions haha

Why don't you look it up and tell us?


Closest I got was: not being introduced to (or not inspired by) xkcd's ten thousand https://xkcd.com/1053/

Ever since I read that one I've loved being able to introduce people to things rather than doing the question mark "you should know this" sort of reply

It was a wild search tangent admittedly

It's all open hardware, so you can run off your own if your so inclined and design wood enclosures.

The draw of these is that they are fully (properly) programmable and can run QMK.

I get the appeal of that for keyboards, but what's the appeal of it for a mouse? Is it only for g*mers?

I don't game much anymore, but using a gaming mouse in my day-to-day workflow is huge. Besides the normal browser history-back/fwd, I have buttons for scrolling through tabs, closing/reopening tabs, alt-tabbing between windows, changing volume, etc. I don't make much use of macros or anything, but if I worked in CAD or Photoshop I'm sure I would. I think any kind of workflow that's hotkey or shortcut heavy could benefit.

I use a "gaming" mouse (Logitech G502) for day-to-day work. In additional to the usual left/right/middle click and up/down/left/right scroll, I have forward/back, copy/paste, next/previous tab, close/reopen tab, jump-to-first-tab, refresh, zoom reset, and microphone mute. It's useful enough that I find I really miss it when using a less-capable mouse.

How do you tolerate side movements when clicking side buttons and accidental side clicks when “rebasing” a mouse? How do you grip?

Every mouse I tried (suggested by reviews) does oops clicks sometimes, so I always turn off side buttons and live with the fact that they are just there discomforting my thumb.

Here's how I grip: https://i.imgur.com/QQcMrSR.jpeg

I don't touch the side buttons when gripping or rebasing the mouse. That's not a G502 but every mouse I've tried so far (except for the G600) has been grippable without touching any buttons.

With the G502 your thumb rests below the side buttons on a small rest - to click you move your thumb up a little and then squeeze. The force required to click is still small enough that very light pressure from the other side of your hand is enough not to move the mouse.

I don't know other people, but I personally have never in the 10+ years I used "gaming" mice accidentally mispressed a button because I wanted to move the thing. Maybe logitech makes weird mice where this doesn't happen?

Hardware drag scrolling, combos and snippets, more configuration then you can swing a stick at, layers and all of that. Half of the reason I use QMK boards is due to on-host configuration being so so terrible. At least if I bring my own hardware I _know_ it's going to work how I expect when I plug it in. That's a huge sell if you are jumping between computers all the time and have hardware that fits in your purse.

Also, the form factor and things like the Ploopy Nano are super cool. And because it's open source if you don't like the hardware/software you can easily change it. We use interface devices all day, everyday. Not having an ergonomic interface will catch up with you.

I never use the side buttons for forward/back, it would be useful to me to reassign them to something like next tab or page down.

Why did you censor "gamers"?

It's a meme, referencing the "gamers are the most oppressed minority" idea. The idea that "gamer" is a slur with a "hard R".

It's almost always used ironically, but there are probably a few edgy GamerGate types who take it to heart.

Last thing I want to hold a crappy 3d print textured mouse under my hands for 10 hours. I will take my chances with Logitech and stick to mx master. $130 for a mouse? Are you serious.

I'm making one with an outer shell of TPU after having this issue. It's just a bit soft and it feels like the 'textured grip' parts on my old Logitech, but sized for my considerable meat hooks.

Amazing that it's not only 200 and not high quality, but it's called "ploopy"

They have parts like PMW3360 in a mouse clearly intended for office use, judging by its shape; no wonder it's expensive. This is a sensor designed for extremely fast movements in games (faster than punches in most martial arts). It's not the latest and hottest model, but you won't be able to tell the difference from a cheap sensor during normal use.

Wow, those mice look truly horrible to use, and cost $200 to boot.

I think it's time for Chinese manufacturers to step up to the task. I've recently bought a (filament) 3D printer, and reading up on the domain, it was interesting to see how it developed:

The open source community figured out how to write software that can turn CAD drawings into CNC instructions and wrote firmware that could drive the printers. Meanwhile, multiple Chinese manufacturers built hardware, competing with each other to build better stuff and increasingly cheaper prices. The end result is that you can buy really decent 3D printers at around $250 with open firmware.

Can't reach their website here.

I wish they made alternative PCBs for existing mice. So you’d get the nice finish of molded parts, with an open firmware.

a) Cheap

b) Well made

c) Open source/hardware

Choose any two.

I can't connect to your link

Wordpress DB is down. Did we kill it?

Welp, LAMP stack doesn't scale. Time to hire some microservices teams and set up a k8s cluster.

>Welp, LAMP stack doesn't scale

Tell that wikipedia ;)

I first clicked the link only 2-4 minutes after it was posted and it was down so I doubt

Ah, mice...

"Need local admin and have physical access? ..."


Related post to the one you linked: https://twitter.com/an0n_r0/status/1429386474902917124

Yes, I saw that for the first time moments after I posted my comment!

It is pretty trivial to get local admin on any desktop or workstation with physical access, though typically doing so requires at least one reboot. User accounts are basically worthless, from a security standpoint, in that scenario.

It's not trivial, and even so that's not a reason to discredit this particular vulnerability just because others also exist.

What is the point of downplaying local privilege escalation vulnerabilities just because it's a hard scenario to defend against?

> It's not trivial

In my experience, it is in fact pretty trivial.

I'm not saying it shouldn't be fixed, I'm saying it isn't nrealy as big a deal as people are making it out to be. The infosec community likes to latch on to any little vulnerability it can and act like the sky is falling even if, when taken in context, said vulnerability is only a problem in narrow use cases or requires the target to pretty much already be completely exploited.

> The infosec community likes to latch on to any little vulnerability it can and act like the sky is falling

That's because while a given potential exploit might not be a huge deal, a collection of exploits become greater than the sum of their parts, so if you're security-minded, then you want as few of those parts as possible.

Sure, but you always have tradeoffs for implementation time, interface friction, etc. You need to scope things properly so people know how to prioritize them and, in my experience, infosec people are really bad at that. They're so ready to hype up whatever they found that they don't really care how it relates to the real world.

> In my experience, it is in fact pretty trivial.

If you are talking about scenarios where full disk encryption is not enabled, then that is irrelevant. You may as well say that privilege escalation is trivial because some users don't put passwords on their account. The user obviously needs to take care of the basic expectancies first before worrying about vulnerabilities.

> If you are talking about scenarios where full disk encryption is not enabled, then that is irrelevant.

That's fair, I was making that assumption because it is true in literally every case I've come across. But consider that if you have local access to a logged in account you've already got access to unencrypted files for that user anyway. You don't even need admin.

Sure, but consider how this will impact corporate or educational environments (which in my experience DO usually use full disk encryption). I believe full disk encryption is also on by default for most new OEM machines.

When I see the words "trivial" or "orthogonal" in a comment on HN, I become suspicious of the content.

It's made quite a bit more difficult with FDE dependent on TPM and Secure Boot (like Bitlocker). Can't mount the drive from another machine or the same machine with another OS running to modify the password file, can't run a bootkit like KonBoot to disable password checks.

> It's made quite a bit more difficult with FDE...

FDE is orthogonal to user accounts, but yes it would prevent the trivial local access methods of taking over the admin account.

Not that, you know, anything the user cares about requires an admin account to get at anyway, as ransomware has consistently proven.

What a ridiculous argument. User files are important, but locking down admin access has solved a whole host of virus/security issues that were present in, say, windows xp.

at the end of the day, users are responsible for the software they run on their machine. but viruses/worms that run amok are largely over thanks to restraining userland permissions.

Every time I’ve achieved domain admin on a pentest, it’s been predicated with local privesc.

Your opinion is dangerous, professional negligence.

What gets me the most is seeing something like piper:


Where its (mainly) one person in their spare time that is able to put these official drivers to shame.

Isn't it quite common for open source hardware drivers to have an effective bus factor of one? (as in, yes it's open source but only one dev has the deep familiarity with the topic required for fast updates) Like, weren't practically all Linux webcam drivers implemented by one French guy at some point?

> Isn't it quite common for open source hardware drivers to have an effective bus factor of one? (as in, yes it's open source but only one dev has the deep familiarity with the topic required for fast updates)

It's usually common for one person to be motivated enough to do the work, so they are the ones most knowledgeable yeah. But the code is out there, it doesn't stop anyone else from looking at it/understanding it just as well. From the looks of piper, it looks like several folks understood it enough to add drivers of their own.

> Like, weren't practically all Linux webcam drivers implemented by one French guy at some point?

I really don't know.

Finding a "good" mouse is really freaking difficult. First off, you don't know the state of the drivers and control software, as this thread demonstrates. Then you don't know the quality of the switches, as I found out with several Logitech mice that were well reviewed, but I suspect the hardware was switched for cheaper variants once the reviews were in. 2 separate Logitech mice started double clicking randomly, and their support was awful because they didn't have like-for-like replacements unless I wanted to wait for months. On top of all that, getting a good button layout, size, and shape is a real crapshoot too.

So I bought a sealed-in-box new Logitech G500 from ebay as a spare because of course none of the new mice are anything close to the quality of the older models. Especially after being burnt on switch quality.

The Ploopy mice have an awful name but are definitely intriguing to me. QMK firmware is pretty much perfect, and I wish I could use it on the Logitech G500.

I used to recommend Roccat mice to people, but their lack of Mac and Linux support is a dealbreaker these days.

FWIW it's not terribly difficult to replace the switches yourself on the G500 if you've got the soldering equipment already:

I know these switches work and can last a fair bit longer then the ones from the factory: https://www.digikey.com/en/products/detail/omron-electronics...

I replaced the switches in my G Pro wireless with these https://www.amazon.com/Kailh-GM-4-0-Mouse-Switches/dp/B08K9F...

Supposedly will last a good amount of time, though I only did the replacement a month ago so I can't confirm that. The mouse was easy to get open and it was a very easy soldering job to get the old switches out and the new ones in.

For a long time I have been a Logitech mice user. When the last mouse finally gave up ghost, a few years ago, it was time to look for a new one. I was unpleasantly surprised how expensive Logitech mice were! I told myself that no way I am paying that much for a simple mouse and I started looking for a quality replacement. I read some reviews and decided to try Gigabyte mice. After a few years I can honestly say this was the right choice - inexpensive, quality mice. I never looked back to Logitech (well... I am still still using G105 keyboard). My few years old, worn ECO500 mouse is still working great. For laptops I use M7700 (smaller and lighter) and other than the rubber grip on the left side needing re-gluing after a few years, no problems. The mouse works like new. No problems in Ubuntu and no need to install any vendor software/drivers. I thought I share my successful story of moving off Logitech. There is quality at lower price point out there. My 2 cents...

Zowie has an array of gaming mice that are all high quality and driverless.

I'm also very happy with my Zowie except for a strange thing with the mouse wheel - about a year after getting it it started making a faint squealing noise, then a few months later it miraculously went away. I have a second one at the office which has the exact same issue.

I had several Rival 110's before and was similarly happy, I like the Zowie a bit more because it's larger.

Following on from this fragmented thought:

I've ruined myself with regards to mice. Over the years I've become very used to the G500 format: 2 side buttons for page up and page down make web and code browsing very fast. And a button by the primary left button is mapped to "show all windows" which used to be called exposé on Mac, and the equivalent in Gnome 40. I've also started recently using another button to plain-text-paste, which is surprisingly useful when pasting code to coworkers in MS Teams.

All of Razer's products are like that. I've been boycotting them since their keyboard wanted me to sign in to use my function keys.

I can never forget this classic video of Jonathan Blow trying a new Razer keyboard (worth it to stay tuned to the very end)


> "My preferred keyboard is one that doesn't have a user experience."

Truer words have never been spoken. It's a crying shame that "caveat emptor" has become so thoroughly ingrained in the tech scene. More and more, I see some gizmo that seems interesting, take a deeper look, and run away screaming when I find out what a crawling horror it really is.

I dunno, ZSA (ergodox/moonlander) has a phenomenal UX. Online keyboard editor that generates hex code that you flash using their fully open source tool. And it's all QMK powered so I could program it by myself (it'll never be a brick), I just don't want to.

That was fantastic. I wish I could watch Razer's executive team react to this video. I feel like many of us have this kind of experience with hardware and software but it's always a private suffering.

The fact is that Razer sells a LOT of keyboards and they have been pushing Synapse on the users. I got out of that years ago and I currently run a custom keyboard running QMK.

The users are just fanatically tolerating Synapse 3 and are still giving Razer their money. Until they stop, this kind of stuff will continue to happen.

the little under breath "oh my god" is so heartfelt... I had a razor mouse and it enrages me every time it needed to restart my computer to install it's special driver. no drivers are that special.

Is there definitely no way to turn off those lights via a key-combo? I know that's the case for my Vortex POK3R rgb, though admittedly it took me a while to look it up in the manual because I don't use this functionality often. The driver software requiring a login really sucks, but I feel like this was more performative than anything.

But the nice thing about having a Razer mouse is that it lets you get local admin on any random computer just by plugging it in.


It’s a feature, not a bug ;)

Razer is a terrible company, which is tragic because they started out as an amazing hardware company. When they pivoted to being a spyware company I stopped buying their hardware. I've been happy with SteelSeries so far. Their Rival 500 is a great mouse if you want lots of buttons and configurability.

Most of Razer's hardware is garbage, always has been. The only exception is probably Blade and a narrow selection of their mice.

The Razer Blade laptop line should probably be avoided too, according to r/SuggestALaptop. Lots of quality control and battery issues. Some models appear to be designed around benchmarks, performing extremely well in short bursts but having much lower performance in longer sessions.

I had trouble believing you at first, but yeah... https://twitter.com/mark_roszko/status/1429459359554224135

Yep, don't forget that Razer were there first.

Does the Roccat software even require registration, or it's just bloated because that's all they could do?

I'd even say Razer wins on assholery.

I stopped using mine when I installed their software that requires login to use the mouse 2 extra buttons. It was brand new.

You don't buy Razer products because they have excellent build quality. You buy Razer because of the marketing, sadly.

It feels like you're allowing someone to install malware on your computer but their mice are sooo nice tho. I don't play any computer games, but the deathadder elite is like a hand ferarri for work.

I would love to not use Razer products, but for some reason Logitech still hasn't made a wireless G600.

If you are on Linux and using fancy gaming mouse, there is a chance you can configure it with the open source libratbag (console app) or Piper (GUI app). It won't make any network requests. :)

I wish not to tinker 3 days to setup my mouse.

The nature of these devices is that they're HID compliant but Microsoft lets them get away with demanding you should "improve" things by installing extra software on Windows.

Because they're HID compliant they do just work out of the box (on Windows or on Linux).

In Linux there is no "Oh! Oh! Install this proprietary bullshit to wring more money out of you. Please. Please! Come on, spare a few bucks!" step. If you don't want to do any tinkering the mouse Just Works™

But if you wish the little features worked, like apparently changing LED light colours, you can install third party software. At that point yes you are tinkering, but you aren't dealing with constant appeals to please let it change your default web browser, or whatever like in Windows, so that still seems like you're ahead.

I'm astonished Microsoft didn't just outright ban this nonsense. It's an awful user experience compared to Linux where all this stuff Just Works and Windows could have that too, not with more engineering work but with less by simply not allowing this crap.

Installing piper on linux and using it to configure your mouse will most likely be faster than using the manufacturer's software.

Also no tinkering required if your mouse is supported by libratbag.



it's a GUI app, it looks pretty nice. It's also in the Debian repos, so you can just install it with "apt install piper"

Looks pretty simple to me.

Logitech is similar, tries to auto-update most days and ~200MB "driver" install.

Why the heck does a few hundred KB in actual drivers and a simply configuration program need 200MB? When I had an MS mouse intellipoint was only ~20MB, and the current MS Mouse & Keyboard Center is still only about 50MB (which still seems much larger than necessary)

HP also has gone insane. We got a bunch of keyboards that had 3 defective keys on the numpad. Zero, slash and enter if I remember it, bog standard keys. HP Service desk says no problem, here's 512Kb of firmware update that will fix it. And it actually did. No hardware defect, just a software bug.

I have no idea why a keyboard without much interesting extras even needs 512K of firmware, let alone why the stock firmware fails on 3 of the buttons. They're only there since 1985 or so, you'd think they got around to test the numeric pad by now

At least they didn't make you pay to unlock those keys as "premium DLC".

The thing about Logitech (at least on Windows) is that it installs the updater as a device driver. So you cannot easily even block its internet access via firewall rules unless you define one for rundll32.exe

If you want to know more about it, just google "Logitech Download Assistant". There should be a device for it in your Device Manager and an LDA.exe process running.

I used to wonder about these things as well. But now that we are used to electron, I wonder why technical people still are surprised.

Not gonna lie, one of the nice (unintended I'm sure) consequences of no one making software for Linux is the extremely wide range of hardware drivers built-in. I've never had a mouse (and a bunch of other hardware) not work on Linux in the last 15 or so years.

Windows have built-in driver(s) for all the mouses too. You can just ignore these additional software and they work fine (as fine it gets in Linux, of course. Some additional feature may not work.)

Every single mouse supports the USB HID spec and will just work on any OS. The drivers let you configure macro keys, scroll speeds, rgb lights, dpi and other stuff which you just don't get to do on linux.

Yes, this is why I don't buy Razer equipment anymore. No, I do not want to sign up for a Razer account so I can control my DPI settings!

Not only that, it automatically installed the software somehow when I plugged it in, which I didn't want.

Guess what? Hot off the press.

"Razer mouse software bug easily grants Windows admin privileges"


I'd bet good money that there are hundreds if not thousands of other buggy installers lurking on windows update, just waiting for the right hardware id to appear. Yes, this is a bit of a shortcut, but not really any different than booting from a USB drive and changing the admin password. Adding Bitlocker to the mix is where it starts to get interesting.

Another article on the same topic discussed on HN:


Love Razer mice, but never install their software. And, yes, the way their installer starts via Windows Update should be prevented by Windows.

I can't imagine blaming this one on Razer. It's a fundamental defect in Windows.

I really enjoyed the progression of this thread's "Spite" hacking. I've gone down similar rabbit holes before.

I have been using Zowie mice for years. Plug and play NO software to download. Best mice for FPS I have ever used.

I'll second this. I've had a Zowie FK1 since 2015 (when I was serious about playing Dota 2) and it's still going strong.

I really wish Roccat would bring back the thumb paddle on their mice.

I had this with the Leadr model that they discontinued.

Yes, their software is horrible, but it's not necessary except for controlling the lighting. And the lighting is irritating. A lot of the custom buttons are superfluous for my needs..

But beyond that? It's a great mouse, the best I've had in decades. It's accurate, has great weight and traction, both wired/wireless options, and most importantly it has the thumb paddle so I can press down or up with my thumb to scroll.

No more repeated rolling of the scroll wheel, or pressing the wheel down while dragging the entire mouse forward or back...

Why don't more mice have this? And why'd they get rid of it on their newer mice?

I think it's all about branding, the same disgrace that plagues mobile operating systems: every software maker tries its best to force users install their logo on their screen, so that if yesterday one could use 100 services just by saving 100 bookmarks on a browser, now they need 100 apps, with all the implications wrt waste of space and resources, security etc. Although perfectly legit, it's a practice that cannot scale.

Drivers installers on Windows aren't exempt from this nonsense as well since years, so every driver started coming with its companion app, very often a huge VB "thing" that did nothing important except showing its shiny icon on the desktop. Then years later they started phoning home to profile users, attempt to offer purchases for consumables (as printer drivers do), etc. In the old days however one had a way to control it: the .exe was often a self extracting .zip, so it could be fed to 7Zip and the like to extract the archive without executing it, then one would throw away the unnecessary bloat except the relevant .inf file and a few dlls or other small files, point to that location when searching for drivers, and voila: driver installed without the cruft.

The question is if a giant ball of Electron bloat could be dissected in a similar fashion in order to extract the important stuff and throw away the rest. I hope so.

Avoiding this cycle of crap is my personal favorite thing about Linux.

The cycle of crap on Linux is different; less corporate and underhanded, but more of an ever-expanding bloat. Install Clang/LLVM. It's like 300MB. I remember when almost every system had a fairly small C compiler. It had to be small, because it was the basis of everything else. Now the base is enormous. OCaml is something like 200MB. And of course, it has its own package manager. So does Python, and Ruby, and all these other things that are supposed to be the base of so much other software.

Take another example. Install LaTeX. It's something like 5GB. It's huge because it bundles enormous numbers of packages.

It seems like there are zillions of Linux packages > 100MB. What does all this crap do? Why does everything depend on everything?

Take another example. Node. Building it from scratch takes a pretty beefy machine and a lot of time. (It takes over 20 mins on my 6-core workstation with 32GB RAM). Most of that is building V8. When I worked on V8, we periodically spent some time trying to get build times under control, but the needle barely moved until it got going again. We spent months and months of effort, over years, splitting V8 into more source files and more directories and enforcing header discipline, but all of it made build times worse. Despite how cool V8 is, I feel embarrassed in retrospect that the build system is so bonkers.

Linux is like this everywhere. Monstrous and labyrinthine. It really is impossible to understand it all now.

Linux has nothing to do with Node, though. Most of the Linux world (and the Windows world, and the OSX world, etc) wishes it would just go away forever. Javascript is unadulterated pain.

As for Linux package sizes go... why are you installing so many packages that you don't need just to complain about it?

On Debian and Ubuntu, `dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -n` will tell you the install size of things sorted by worst offender; for me, on one of my development machines, is git, followed by Perl packages required by the system, neovim, and then a bunch of normal things expected on any install. `df -h` minus `/home` is a hair over 600mb.

git, being the largest thing, has an install size of 38 megs. Indeed, I cannot tell you why git is 38 megs, there may or may not be bloat here.

As a comparison, Windows uses around 6GB of space, and a MSVC install that has a common set of toolchains may take up to 20GB and... arguably does less than my <1GB Linux install (when it comes to dev work, anyways).

> why are you installing so many packages that you don't need just to complain about it?

there are 1000s of packages, who has time to select a small subset of that? easier to install chubby swathes at a time.

and you can't install devel versions without bringing in many various forms of TeX

recently I install the emacs package on a system and it required python; that's sacrilege

Your dev linux machine is a gigabyte? That's kind of surprising. Just llvm+clang on my machine according to your query clocks in at over a gigabyte. Are you only developing using perl and not doing any from-source builds?

The machine I looked at doesn't have gcc installed. With gcc, it'd probably cross the 1GB line, but not by far.

dpigs from moreutils is also a nice way to find bloated packages on Debian-based systems.

While I share some of your resentment (especially as a Gentoo user who builds Chromium quite regularly), a few extra gigabytes of storage or a few more config files I don't grok are relatively easy to ignore compared to the kind of dark patterns I see happening with 3rd party software on Windows desktops. And Microsoft itself is increasingly willing to sink to that level as well.

>Install Clang/LLVM. It's like 300MB

Isn't this like a first computer world problem? How many gigabytes does current Visual Studio take? Not talking about VS Code, because it's only an IDE, which still requires the actual Visual Studio C++ as the compiler.

If anything, it seems like a non-first world problem. I assume they have older, less powerful hardware in developing countries.

It is possible to have “headless” MS compiler & build tools in Windows, by installing Windows SDK. It may be used with VSCode.

The full Visual Studio is not required.

How much space does it take?

A surprisingly large amount. Many gigs. I'm not on my Windows machine right now, so I can't give you any figures, but it's enormous.

>Install LaTeX. It's something like 5GB

if you install the full version that has every single package for everything, all with their own manuals etc. At least on debian-based distros there are options to just get the ones relevant to you.

Maybe, but it feels unfair to bring software bloat into a comparison between Linux and Windows. I don't think Linux could ever come close to the degree of software bloat in Windows. Your Clang install is 300MB? Sure. My Visual Studio install is 4.5GB, and it includes at least two versions of Clang (the DirectX shader compiler is a fork of an old version of Clang.) You think dependencies are a problem? You should be happy there's only one copy of each library on your computer (two if you have a multilib system.) I counted more than 25 copies of the C runtime on one Windows computer. You think Linux is monstrous and labyrinthine. Have you seen the scope of the Windows API? There's no comparison.

> It seems like there are zillions of Linux packages > 100MB. What does all this crap do? Why does everything depend on everything?

I dunno man, but software can get complicated, and a lot of these packages probably have features that people use. Why quibble over hundreds of megabytes when popular Windows packages like Office and Creative Cloud are multiple gigabytes? It all seems very unfair that Linux is subject to this level of scrutiny when other systems have worse bloat by literal orders of magnitude.

Modern Linux user space is monstrous and labyrinthine. Linux itself is not. I found it to be a really clean system.

The basis of everything is actually the Linux system call binary interface. We can actually trash the entire user space and start from scratch with nothing but Linux. We can even trash the ubiquitous GNU stuff if we want.

Why can't we have a compiler with built in system call support? Just add a system_call keyword that inlines Linux system call code using the supplied parameters. No need for libc bullshit in the middle. No need for C or any specific language. Someone could make a language today and that single feature would make it as capable as C is for systems programming. They could write software and boot Linux directly into it.

> Why can't we have a compiler with built in system call support?

Funny you should ask that. That is exactly how Virgil's compiler supports the Linux (and Darwin) kernels. Other than generating a small amount of startup assembly (10-20 ins), the compiler just knows the ELF (and MachO) binary formats and the calling conventions of the respective kernels. With some unsafe escape hatches (e.g. getting a pointer into the middle of a byte array), the rest is regular Virgil code that calls the kernel directly.

Take a look, I've been working on this for more than 10 years:


The "Linux.syscall" is a special operator know to the compiler and it will let you pass an int (the syscall number) and whatever arguments you want (any types--it is implemented with flattening and polymorphic specialization) to the kernel.

With this I have implemented all kinds of stuff, including the userspace runtime system and even a JIT compiler (for my new Wasm engine).

Thanks for this, it's extremely awesome! Really happy to see others have gone so much farther than I ever did.

I started looking into this myself some years ago. Even started developing a liblinux with process startup code and everything. Abandoned it after I found the kernel itself had an awesome nolibc.h file that was much more practical for my C programming needs:


My code is in a bad state but if you'd like to take a look:


It's amazing how this really lets you do everything... Want a JIT compiler? Map some executable pages and emit some code. You can statically allocate memory at process startup and use that for bootstrapping code. This lets you implement dynamic memory allocation and even garbage collection in your own language.

Nice work!

> Want a JIT compiler? Map some executable pages and emit some code.

Yep, this is exactly what Wizard does.

Targeting POSIX standard functions like open by going through the Linux syscall table looks like just making work for yourself when porting this to other systems.

Some syscalls don't correspond to standard library functions. As an exmaple, if you want to bind to opendir/readdir/closedir, you have to write those yourself in terms of the Linux-specific _NR_getdents64 system call.

Is your LinuxConst.SYS_open actually _NR_open? That's supposedly obsolete. glibc uses _NR_openat for open(). _NR_open is listed in the asm/unistd.h header in a section under the heading "All syscalls below here should go away really ..."

How about signal handling; are you dealing with sigreturn and all that?

You can get a small executable footprint (in terms of not requiring a dynamic C library) by maintaining all this yourself, though.

Oh, I know it's work, but I am not going to assume POSIX, as that's implemented in userspace with C code. In my universe, C code doesn't exist (except I use a little in some testing utilities in order to get going on a new platform). I never ported to Windows, but doing so would be as simple as teaching the compiler the Windows kernel calling convention, adding that little process entry code, and then writing an implementation of System using Windows calls. Oh, yeah, and generating COFF :)

Virgil has its own calling convention internally (though this is basically System V on x86-64). That only matters when getting into V3 code or out, e.g. process entry, calling the kernel, and signal entry. For signals, the compiler generates a tiny stub that copies the signal handler arguments into the V3 registers and then calls user code. To install signals, user code just needs to fill out the right sigaction buffer, as any other system call. To return from signals properly, I studied assembly examples I found online. The runtime doesn't use signals for anything other than catching fatal errors (DivideByZero and NullCheck), so it just prints a source-level stacktrace and then exits. But Wizard needs to recover from signals in order to do proper OOB handling of user programs, so it actually does the proper sigreturn dance, but Wizard only does the fancy stuff on 64-bit.

In my universe, only three things exist: Virgil, wasm, and machine code. I have no need of other languages except as means to test those others :)

Virgil runs on the JVM and on Wasm too, and those require slightly different ways of getting off the ground.

> porting this to other systems

Why care about this? I want Linux on everything instead.

> Why can't we have a compiler with built in system call support? Just add a system_call keyword that inlines Linux system call code using the supplied parameters

It can be implemented as a small function, that first appeared in 4 BSD. It's available in Linux.

$ man syscall

(Unfortunately, this function, lives in glibc. Obviously, though, it doesn't have to. All I'm saying is that this, or a similar function, can be a linkable symbol in some small compiled object file, and not an inline primitive that has to live in the compiler.)

You're of course correct about all this. I believe the glibc thing has created mainly cultural problems. People don't look at Linux as a separate thing.

If I look up Linux system calls on Wikipedia I get diagrams showing glibc wrapping the Linux system call interface because that's what you're supposed to be using. If I look at Linux man pages what I really get is glibc man pages with the actual system calls being almost an afterthought. Glibc wrappers actually do a ton of stuff like add cancellation mechanisms. Glibc also drops support for system calls that break their threading model such as clone.

It's the same problem with systemd. I look up Linux init system man pages and get systemd stuff instead. I expected to see kernel APIs useful for writing my own.

This isn't any different from any current or historic Unix. The system interface has been a C library going back to early Unix.

The library and kernel interface are more separated in Linux systems than in prior Unixes, with user space C libs being totally separate projects.

Over a Linux kernel you can find glibc, ucLibc, musl, Android s Bionic (newlib derivative from BSD), ...

My gcc is tens of KBs

$ wajig size | grep gcc gcc-5-multilib 6 installed gcc-multilib 8 installed gcc 44 installed gcc-6-base 60 installed gcc-5-base 66 installed libx32gcc1 98 installed libgcc1 105 installed lib32gcc1 125 installed libx32gcc-5-dev 6,280 installed lib32gcc-5-dev 7,020 installed libgcc-5-dev 12,193 installed gcc-5 23,648 installed

> attempt to offer purchases for consumables (as printer drivers do)

Or to brick knockoffs! FTDI blazed the trail, now printers are doing it too. First party malware!

What you described brings back distant memories of Windows. Since switching to macOS few years ago none of that behavior is a thing any more. Apps 'just work' and do so in a predictable way. There is no (noticeable) attempt from app makers to bundle bloat. This alone makes macOS much more comfortable to work with. And the bonus is there is an actual usable shell.

Try installing an HP printer on macOS by following the provided instructions

That's not macOS specific. My phone has HP crapware on it for some reason.

Logitech control center enters the chat.

Have you tried installing a gaming mouse driver on MacOS? Same deal.

When I used it, MacOS also had the issue that some software didn't even have uninstallers. So you have to drag the app to the trash bin, then go and manually remove the various system software that it installed. Or run a script off of the internet. Software management on MacOS is no better than Windows in my opinion, and in many cases much worse.

Nvidia’s bloated GeForce experience is about 99% advertising and 1% actual driver. I hate them so much.

You can just install the driver without installing GeForce experience.

The good news is, almost definitely! It's really hard to protect web apps from reverse engineering because a lot of decisions were made to make them out of human readable files ages ago, almost any electron app can be broken open and tinkered with, there are exceptions, though. VSCode, for instance, is an electron app, but basically only for their UI at this point, larges swathes of the app's interesting functionality is written in cross compiled C++. But for an electron app that's just tweaking settings in a Driver? Probably. Ultimately the electron code cannot be very tightly integrated since that's not how drivers work, but then it becomes an arms race of weird protocols to force you into using their app instead of an alternative and we're back to square 1, only now the device has this weird opaque, and possibly crypto signed api for controlling it instead of just bit banging values into memory

> every software maker tries its best to force users install their logo on their screen, so that if yesterday one could use 100 services just by saving 100 bookmarks on a browser, now they need 100 apps,

The other side of this is Android makes it really simple for users to drop a shortcut to your website on the home screen. Apple, to encourage people into their cash cow app store, does not. I was all set to get a company going with mobile web as their primary UI, but it was too hard to get users to put the home screen shortcut down on iOS, so we ended up having to pay to have apps built and now have triple the complexity.

> The question is if a giant ball of Electron bloat could be dissected in a similar fashion

If you could just assume Node and a modern browser already existed on the target machine you could just ship a node package and a minimal installer. But you’d need to deal with potential version and browser incompatibility.

Apparently bureaucracy is not just an office thing.

> The question is if a giant ball of Electron bloat could be dissected in a similar fashion in order to extract the important stuff and throw away the rest. I hope so.

Perhaps OSes could be smarter. After installing an app, it could monitor the "hot" paths in the code, and only load those instructions the next time the app is loaded. Also resources that are never used could be not loaded into memory. Etc. I know, it would be difficult to build this as you're basically instrumenting an app or driver and then rewriting it, but I guess it would be a great innovative feature in a time when OS research seems stagnant.

What you're describing is some combination of stuff language runtimes and linkers do (shared libraries, runtime loading, JITting) and demand paging.

It may be the case that one could optimize for the case where a bunch of applications ship that and are statically compiled but use the same underlying libraries. In this case, some agent on the system could analyze the code segments of these binaries and on demand construct shared libraries that strip the shared portion from the binaries. Subsequent invocations would load the constructed shared libraries for redundant sections.

Still, this probably wouldn't help much and would lead to its own issues. One of the problems with these flabby things is just how the runtimes are themselves constructed. You still have per process data structures you'd need to populate and they probably have fat data structures that are not very space efficient, and so on. The size of the instructions is probably not significant relatively speaking.

One trick could be to run the program in a "lazy" way. E.g. don't run a statement like "a=b+c", but evaluate it only when a is needed. This would require a complete and automatic rewrite at the assembly level, but you wouldn't be doing anything that you don't need. Then from this you could determine the "hot" paths, and optimize those for speed (translate back into non-lazy form).

Tracking all those dependencies is not free either.

Unfortunately there isn't a magic bullet to code bloat.

Optimizing hot paths is already done via PGO (https://en.wikipedia.org/wiki/Profile-guided_optimization).

I can’t find a reference now, but I believe Windows did (does?) have a page fault tracer that would preload from disk the pages that are observed to be needed. I can’t remember if this was just at boot time or for app launches too.

I think you are referring to Windows Superfetch.

It helps to load the required pages into memory fast to enhance application launch times and then usual memory paging handles the rest of keeping required paths in memory.

Google says Windows\Prefetch is the directory for the cache. You could look here and see if there are any references to applications rather than just windows boot stuff.

I remember the times when you would load the mouse driver into the memory above 640k of your 1Mb RAM PC. It was around 30kb in size.

That is 'one Megabyte' RAM, not Gigabyte.

So do I and it was crap because you had to load the mouse driver, as well as decide which one you needed and some programs had their own and some didn't work with the mouse even though they should. Now, you can just ignore mouse drivers and it's all automatic. It really is better. RAM is literally ten thousand times cheaper than then too, so it's no worse for a modern driver to occupy 300MB, which is already pretty huge.

My point was, that obviously it is possible to program a mouse driver very effciently.

And even if it were a full blown cross compatible mouse driver with a lot of device features it is hard to fathom why such a driver would require more than a megabyte or a couple of megabytes of space. The basic functionality can be realized in less than 30k.

We had the whole operating system with GUI (Win3, OS/2 and Linux)run in 4 Megabytes. Sure it was snappier with 8 Mb, but that is still a far cry from the minimum requirements the commercial OS offerings come today.

The way we are wasting ressources is simply insane

I doubt the default USB HID mouse driver in Windows is needlessly big. Just don't use the hideous bloatware that comes with the mouse. I've never had to worry about mouse drivers on Windows in the past probably 20 years, even wireless mice. They just work without thinking. It's much better than the 1980s-90s.

You probably don't use an ancient OS as a daily driver so maybe those extra megabytes really are needed for something important after-all. I'm not saying Windows is super well optimized for space but you can't count the whole growth as waste. Even the default Raspbian Linux for Raspberry Pi requires several GB of storage.

Meanwhile I wish they'd still sell the Roccat Savu. I bought it on a sale and it turned out to be the most ergonomic mouse I've used so far. Runs perfectly fine without the official drivers and the few extra buttons have decent default settings.

But I usually avoid "gaming" hardware. Even if it's not overpriced it rarely looks good and has the same quality at best.

The rest of the thread is an interesting look at how an attempt to protect their devices actually revealed several hidden ones.

This reminds me of Windows 10 itself. A fresh install of windows 10 has all its builtin apps including the calculator (for currency I am guessing) allowed through the firewall by default. In the security world, the default should be off and only upon request should an app allowed to talk over the network. Not to mention the fact that apps like Facebook messenger are installed by default in Windows. Microsoft can sell me their operating system in a minute if they just stop all the stupid telemetry, remove the bloat and by default turn all privacy and security options to on and not off. It's not a bad operating system for most people, it's just a privacy nightmare that Microsoft seems to be fine with somehow. Because no matter what your privacy 'policy' is, the best policy is to not collect any data at all.

> In the security world, the default should be off and only upon request should an app allowed to talk over the network.

I'd argue that reasonable defaults are better. Asking permission for everything, including features most to all people would find necessary, just creates decision fatigue and results in people clicking "allow" on every popup.

"Decision fatigue" is an apt phrase. Reminds me of Joel Spolsky's old essay on classic Windows help asking what kind of help db install I wanted ("compact", etc.) -- to which no normal user ever had an answer.

Don't ask people questions that they are going to answer one way 95% or more of the time, or for which they haven't the context to answer. Just make it easy to change later if you need to.

I think the only reasonable default is to not talk unless I've given permission for it to do so.

But I recognize that I'm in the minority. So much so that I can't trust software to behave itself, so I've had to use my firewall to disable all outbound traffic by default, so I can add exceptions as needed.

It's amazing how rarely such exceptions are actually needed.

I'm with you. Paranoid defaults should be the default defaults

Although I'd still like to be able to opt-in to reasonable defaults if I trust that my OS's non-default default decisions are indeed reasonable.

I agree and I think mobile got that part of sandboxing wrong. I think a better solution is to sandbox by default, give the application no way of being able to tell if it has permissions or not, and making the user manually go in and grant it permissions as they find they actually need them. This would incentivise application developers to try and use as few permissions as they could possibly get away with.

However, it would also require a really good, understandable interface for granting permissions to applications. Files are relatively straight forward, as the file open/save dialog can be handled by the OS and anything the user does with it can be considered explicit permission. For other resources something similar might work, or might need a completely different abstraction.

> I think a better solution is to ... give the application no way of being able to tell if it has permissions or not...

As an Android developer, I strongly disagree with this. Even if I never prompted for permissions, giving me the ability to determine what permissions I have allows me to make certain the application behaves properly with the permissions it does have.

Unfortunately it also allows you to pester the user to change them and, as we've learned, we can't trust applications not to act like they need permissions when they really don't.

Ok, how about a compromise: We'll let the application be able to tell by default, but the user can can choose to lie to it.

While it's taken Android some time, on newer APIs the system will simply prevent an app from requesting permissions if a user has denied it more than once. From https://developer.android.com/training/permissions/requestin...:

"At the same time, your app should respect the user's decision to deny a permission. Starting in Android 11 (API level 30), if the user taps Deny for a specific permission more than once during your app's lifetime of installation on a device, the user doesn't see the system permissions dialog if your app requests that permission again."

Maybe something in the middle. One time, during initial setup, the OS should have a single question with all of the reasonable defaults displayed (and uncheckable). Tell people why these are reasonable, give them an opportunity to opt-out, make it easy to move forward quickly.

reasonable defaults are way better, or you'd end up with something like SELinux where nothing works out of the box

> Microsoft can sell me their operating system in a minute if they just stop all the stupid telemetry, remove the bloat and by default turn all privacy and security options to on and not off

I don't think Microsoft is in the business of selling desktop OSs anymore, despite the fact that they still charge money for them. All of their behavior suggests complete disdain for the desktop and users of the desktop. I think Windows is only still being developed because it is a delivery platform for ads and telemetry. For the moment I'll still take it over the alternatives, but I'm confident Microsoft will eventually push me over the edge.

I have the opposite experience. MS has enabled our company to save tens of thousands of dollars because of their unwillingness to compromise on backwards compat. Literally we take CD's burned a decade(s) ago and the software installs and functions just fine. In our field, software tends to cost five digits and upwards so its a big F* deal. I can't imagine any other vendor coming even close. I don't particularly care for their other products, but Windows has earned a ton of respect from me.

Yeah, that's one of the reasons I still choose Windows over the other desktop OSs. PowerShell is also great. The problem is that they take this great base and plaster a slow, dysfunctional, half-thought-out, user-hostile interface on top of it stuffed with telemetry, ads, and dark patterns designed to push you to their cloud services.

Agreed, No argument there.

The question as always is what you could replace it with. We have an unfortunate situation where Microsoft had a near-monopoly on the desktop for so long that credible alternatives are lacking for many users. Even if they like some particular flavour of Apple or *nix as an OS, the applications they need might not be available on that platform. I wonder what the forever-defenders of Windows think they will do if Microsoft continues along the course set by Nadella and the current senior team and the situation with intrusions and lack of control over your own equipment continues to deteriorate.

Honestly I'm probably just going to stop using computers so much if that happens. Linux Desktop has consistently proven that it has no interest in doing anything in a sane or consistent manner, and Apple is just as bad as Microsoft in terms of fucking shit up for no reason, only in different ways.

If we're very very lucky, something like Haiku will gain a hypervisor, WINE port, and graphical acceleration, then take off in popularity and become the last refuge of the desktop. I'm pretty skeptical it'll go down like that though.

Who do you imagine this "Linux Desktop" is, that you attribute lack of interest to?

Various groups make desktop environments that may be used on Linux, as diverse as KDE, Gnome, Chrome, and Android. It could possibly make sense to complain about one or other of them, or even several. As it is your complaint is entirely nonsensical, a category error like saying red is too hot.

> Who do you imagine this "Linux Desktop" is

The community of people who make and distribute Linux distributions and software intended for the Desktop use case, when taken as a whole.

> Various groups make desktop environments that may be used on Linux, as diverse as KDE, Gnome, Chrome, and Android.

Calling Android or ChromeOS a Linux Desktop is incredibly disingenuous.

> It could possibly make sense to complain about one or other of them, or even several.

Every distribution has the same problems because they are all built with more or less the same hodgepodges of desperately developed software.

> Every distribution has the same problems because they are all built with more or less the same hodgepodges of desperately developed software.

In other words, slightly better than trying to change system settings in Windows 10?

Well no. The new settings panels in Windows 10 certainly do suck ass and contribute to the general UI fragmentation, but the systems that are the foundation of the Windows operating system are not disparately developed hodgepodges. The same cannot be said for Linux Desktop, although with SystemD taking over everything that might not remain true indefinitely.

> Honestly I'm probably just going to stop using computers so much if that happens.

The state of mobile software (including the OS) has become so awful that I've already decided to stop using a smartphone entirely.

> Linux Desktop has consistently proven that it has no interest in doing anything in a sane or consistent manner

Could you explain that a bit more?

This weekend I was traveling with my kubuntu machine and despite searching for at least 20 minutes, I was unable to find the controlpanel/settings page/widget/app that will allow me to connect a WiFi network, so I gave up and switched to gnome.

Yes, but I won't because I find that posts like yours are only interested in performative argumentation for the sake of convincing some nebulous group of "future readers" that Linux Desktop is worth considering.

I'll save you the trouble: Dear readers, Linux Desktop is fine if you like the way it works. I encourage using tools you like. If you haven't tried it, it might work for you.

I don't like the way works, I've expounded upon the details many times, and I'm not interested in further performative argumentation on the subject.

With ARM, the lack of control might deteriorate even further. While the underlying architecture might not have much to do with it, the accelerators in these SOCs just give more options for Microsoft to collect data and lock down devices even further.

Enterprise desktop is still a cash cow.


I'm curious if you think statements like this really help paint the Linux Desktop community in a good light. Because honestly as much as I don't like a lot of things about how Linux Desktop works the community is also a significant factor in driving me away.

The Linux community is incredibly diverse, some are nice and helpful, some are assholes, some just want to be left alone to do their work.

Generalizing the whole community from reading some forum posts is pretty unfair.

Kinda. I mean, yeah I shouldn't judge every Linux Desktop user by assholes, but it doesn't take very many asshole Linux Desktop evangelists to make somebody not want to deal with the Linux Desktop community because of the likelihood of running into an evangelical asshole.

It's like how women gamers talk about having to deal with misogynist assholes online. Sure, there aren't that many misogynists really, percentage wise, but there's plenty enough to make running in to one a near certainty.

I think it's odd that you think you can make comments like these repeatedly as if you're brand new and as if you don't appear everytime Linux is discussed anywhere on this site to rehash your same opinions over and over again.

It's like running into you is a near certainty.

Dude, I was complaining about Windows in this thread, offhandedly mention I didn't like MacOS or Linux either, and some fucking childish evangelist crawls out of the woodwork to liken me to a domestic abuse victim.


Filing bug reports is a exercise in getting abused.

I installed a clean install on a Raspberry PI, installed emcas (which I have used for about thirty years), and found a utility did not work (I will conceal the guilty - it is a common story)

I filed a bug report, and was abused because I was using a emacs distribution that was three years old - how could I possibly think that any problems I saw be anything but my fault , and didn't I have better things to do than waste their time with my idiot ramblings.

What sort of silly child acts like that? What a crock!

Some parts of the Free Software community are much better. (Rust, for example, nothing but respect for my idiot ramblings). But some parts are still full of the "bigger dick" egomaniacs....

Who "acts like that"? Maybe somebody unpaid and abused over a bug maybe already fixed, years ago.

What "silly child" abuses unpaid maintainers? Oh, right, you.

If you just want somebody whose job is to listen to you complain, there are companies that will sell you a contract for that.

> Who "acts like that"?

Large enough portions of the FOSS community that plenty of us can relate.

> What "silly child" abuses unpaid maintainers? Oh, right, you.

Filing a bug report is not abuse, it's literally why there are bug trackers. Take a good long look at what you're doing here and ask why it might be that people hate dealing with people like you.

>Filing a bug report is not abuse, it's literally why there are bug trackers. Take a good long look at what you're doing here and ask why it might be that people hate dealing with people like you.

Doing a quick search to see if the bug you are reporting has been reported before is a requirement on pretty much every single one of them though

Still not an excuse for being a dick to the person reporting it.

This is one of my pet peeves with the FOSS community: they want to be taken seriously as an alternative to proprietary software, but they are completely unwilling to act like professionals in any way, and then the complain that people are sticking with proprietary alternatives.

>they want to be taken seriously as an alternative to proprietary software

They are.

>but they are completely unwilling to act like professionals in any way, and then the complain that people are sticking with proprietary alternatives.

Yet, chances are you are using an open source web browser to access an open source web server through a lot of piping that is modern networking, with open source parts inside and out.

> Yet, chances are you are using an open source web browser

You mean this browser run by and for a gigantic multinational advertising corporation who's de-facto monopoly on the browser market is a subject of frequent griping?

I don't mind if you feel like you have been driven away. Your feelings are your business. Complaining about your feelings is pointless and rude.

It is nobody's responsibility to make you happy. Imagining otherwise is just a formula for remaining unhappy. Blaming others for it will not improve anybody's life, including your own.

My advice is, adopt responsibility. You might be able to improve somebody else's life along with your own.

You don't think likening someone's choice of non-ideal OS over your preferred one to domestic abuse might just be a little bit, I don't know, childish?

I mean, why do you care enough about what OS I choose to even bother insulting me anyway?

You were the one complaining, just as if any of us should care. You are a nuisance. I encourage you to go complain somewhere else, far, far away.

I was complaining about Windows, but apparently my offhand comment that I also didn't like Linux set you off and the rest of this thread resulted.

It's pretty clear here who was "set off".

I've never seen Facebook Messenger installed in Windows by default, having installed Windows 10 thousands of times. This sounds like it is included manufacturer bloatware.

Same here; I've installed emost variations of Win 10 (and all server editions, etc.) and seen lots of bloatware but never Facebook. Though I'm in the UK if that matters.

Apparently they had a telemetry setting they added a while back which they called "security" which they renamed a year or so ago to "Diagnostic Data Off" to better encompass what it is:

The "Diagnostic Data Off" — formerly Security — should be exactly that, as Microsoft has long defined the option as "only the diagnostic data info that is required to keep Windows devices ... protected with the latest security updates." The company admits to some collecting — OS, device ID, device class — but the option waives all user content and data that might finger the user, including company name.[1]

I think that option is only available in the Enterprise edition though, so if you want to pay them for it, it might be a bit pricey compared to other options, at ~$84/year (if you can even buy it for a single account, I have no idea).

1: https://www.computerworld.com/article/3532008/microsoft-elim...

Perhaps Microsoft want to know what numbers you are using, for marketing purposes /s.

Not to mention Candy Crush

That was a icon that initiated an install of the App from the App Store.

Kind of, however it was/is a bit more persistent than that, when you removed the icon trace (from menu and possbily add/remove), it would still re-instate itself on the next major windows update. It was kind of like the tellytubbies windows xp theme coming back every couple of weeks

I know it is sad, but I used to chuckle to myself every time it happened and say "time for tubby bye byes!" as I changed it to something else. I was younger then.

This is a problem with all proprietary software. For example, it's impossible to install most "bought" Windows software outside of dedicated VMs for me and stay happy because (a) most "enterprise" installers still want to run under elevated privileges (hell no), (b) as soon as elevated privileges are granted basically rape the registry and file system all over the place, touching everywhere they shouldn't and (c) cannot be contained because of this except on the OS level, hence multiple VMs and finally (d) cannot really be uninstalled without reinstalling the entire OS as the uninstallers (again, having privileges to delete everything) themselves cannot undo what the installers did.

I have not installed a lot of software on Windows, macOS and Linux in my "main" OS instance because it simply looked and/or behaved shady as fuck.

Refuse to buy products like this, please. We don't need our USB mice turning into printer-level headaches.

I'd love to but there mostly seem to be two separate markets now. You can have cheap junk with minimal features or you can have "gamer" hardware with an extra 0 on the price, components that might be much better but sometimes aren't, the kind of driver hell we're talking about, and lots of coloured lights.

I miss the days when Logitech made great, comfortable mice for normal desktop use, with a small number of useful extra controls and a minimal driver and UI to choose what they did. I miss the days when you could buy a comfortable typist's keyboard for a sensible amount of money.

I literally don't know a single brand that reliably makes good keyboards and mice for normal use any more. Every single one (and I've tried most of the big names) produces junk. Even in the £100+ range that is supposed to be high-end hardware, I have probably returned more than half of the products I've bought in the past few years because they had obvious serious defects out of the box or developed them within a few months of normal use.

FYI: Unicomp still makes Model M keyboards (with USB! and Windows keys! if you want them); and Elecom trackballs are wonderful

I'm hard on that stuff; i killed multiple original 90's manufactured Model M's and wore out a stack of MS trackballs over those 2 decades. One of the fancy logitech "G" blinky lights keyboards lasted less than 3mo under my hands. Kensington cheap trackballs quit moving right in days and stop working in months.

> i killed multiple original 90's manufactured Model M's

...how? I'm fairly sure I could bludgeon a man to death with my model M and run it over with a truck and it would still work.

severe hand psoriasis, and heavy use. Can't really abide gloves or keyboard condoms either.

I know many people aren't happy with Corsair but I bought the rather ridiculously expensive K95 keyboard years ago (it's different now), and haven't had any issue with it apart from killing some of the media buttons when I spilt coffee all over it recently. I don't think it's anywhere near getting replaced.

Other than that I have one of the cheaper models of Das Keyboard for work and have been nothing but happy with it. Also upgraded it with some o-rings so people around me don't want to kill me.

I use both without installing any junk.

I know many people aren't happy with Corsair

You're talking to one of them. Disappointing failures of both mouse and keyboard resulting in returning hundreds of pounds worth of supposedly high-end products within months of purchase. At least one of the problems I had was also getting reported by others by the time I sent that product back, so it also looks like a design flaw and not just bad luck. I think you also need to install their resource-hungry, crash-prone software to make use of most of the special features too, though that's hardly relevant if keys are falling off and buttons aren't registering presses anyway.

I wouldn't even consider buying more peripherals from Corsair for a while. The quality isn't there and they don't work properly in a you-had-one-job kind of way. Worst of a bad bunch in my experience.

I have a Ducky One keyboard, very simple, mechanical keys, well built, no RGB, no additional drivers, and doesn’t seem like it will quit working any time soon.

I too have a Ducky, RGB (though with no computer software, purely keyboard controlled). Spilled coffee over it 2 times, cleaned it, still works. Can recommend!

> I miss the days when Logitech made great, comfortable mice for normal desktop use

I've been using a $25 Logitech M535 (Bluetooth) for years now with my Mac. Works perfectly, no drivers needed. Not too big, not too small, not too heavy, not too light.

Curious what you don't like about it?

It's a personal taste thing I think. I've never been a fan of small mice myself.

For me, something like the Logitech Performance MX was the peak in terms of mouse comfort, allowing a natural palm grip. It had a couple of useful extra buttons by the thumb, and a few other controls I never used that weren't intrusive. I swore by those things for years and had them on every PC I used regularly.

More recent Logitech models have added a second wheel by the thumb for horizontal scrolling, which I do like. Sadly they also come with a long list of regressions. They try to be too clever with the main scroll wheel. They've added other controls that are easy to trigger unintentionally. Most importantly, the sensors really seem to struggle with some common surface types, something that was never an issue for me with the earlier models.

Somehow the shape for the later models has never quite matched the Performance MX generation either. For me they are mostly either too small for a comfortable palm grip or using some strange spiral effect that makes the middle part too high for comfort in prolonged use. I wonder if the spiral ones are meant to fit the claw grip popular with serious gamers. And the models like the MX Master that were supposed to be an improved Performance MX style somehow never quite fit either, though I struggle to put my finger on why that was.

I still use Logitech mice for most things, because they seem to be the best of a bad bunch for me at the moment. But I'd throw them all out in an instant if I could have the one I actually liked back again.

Agreed. This might be the right time to make recommendations as well though, I think a big part of people not buying nicer stuff (things that aren't spying on you) is simply that they don't know about it. Or that its too high-friction. Which again leads to they don't know about a solution that will actually work for them.

Looks like he had a lot of fun getting to the bottom of it :) https://twitter.com/Foone/status/1146136251449278466

(The bio lists pronouns - they had a lot of fun)

And all this BS where I have to sign in, and download 200 MB files... and still no "chords" features on mainstream mice. I have Macros... but those are limited to how many buttons my mouse has.

Like with Chords...

Press Button 1 = Macro 1.

Press Button 1 + Shift = Macro 2.

Press Button 1 + Button 3 = Macro 7

Chords are so powerful but haven't really been adopted... Razer just adds more buttons to their Mice. And there's a limit to how many buttons you can add! Ha.

I could do more with a three-button mouse and software that supports Chords than I can with their like 19-button monstrosities.


I have been in similar situation with ASUS ROG keyboad and I am so mad! Windows automatically installed crapware without my consent and it runs as a service. I uninstalled it but it keeps coming back.

Do NOT buy ASUS ROG keyboards.

I don’t have ASUS ROG keyboard, but I unfortunately have ASUS ROG motherboard. I experienced similar situation: in order to use some basic functionality of the motherboard I had to install a bloatware which, by the way, didn’t even work properly.

I absolutely agree with your last sentence.

One reason, among many, to avoid products marketed towards gamers.

In principle agree, but I recently switched to a Logitech G Pro X Superlight to use exclusively as a work mouse, and for me the 63g weight trumps everything about “business” mice. Over the years I’ve owned MX Masters, Marathons, Triathlons, Microsoft mice and others. The Superlight - for me personally - is substantially better for work applications than any other mouse I’ve ever used. It’s so comfortable and precise. Kicking myself for not switching earlier.

EDIT: Subject to my comments above about Logitech software on Macs.

It’s a shame they went with an outdated charging port. Probably to have something easy to upgrade on the next version.

IMO there are a lot of quality products in the gaming segment. The main problem is that the segment is bloated by so many "X but with LEDs and a higher price tag". You just have to do a bit more research before any purchase.

Gamer mouse are actually very tough and last a long time, like 5 to 10 years. The software usually is the first to break during the years of usage. Since 2000 I only bought 3 Logitech mouse and once tried Razor but the button double clicked broke in just a few months and never tried them again. All 3 Logitech mouse still works except for the oldest one because the drivers don't work anymore and I can't use the extra buttons, but as a mouse it still works.

Interestingly enough, the only reasonably high DPI mouse manufacturer I've found that actually has functional config software on Mac is Steelseries.

> todo item added: Figure out a way to mass-download all the auto-updating drivers

> todo item added: Start sniffing the protocol this tool uses to reprogram the mouse so I can build a cross-platform tool for it.

This does sound like an intriguing idea. For all those crappy Windows drivers that come with an 300 MiB+ Electron based configuration UI, auto updater, etc... figure out how to get the actual driver binaries and build a script that downloads and repackages them using NSIS.

One could in theory build some kind of Qemu based sandbox framework that snapshots the disk and extracts the binaries after installation. Tricking the updater into actually installing the driver inside a VM without the hardware might be a bit tricky, but depending on how they do the check (e.g. look if the USB ID is present?), I guess it should be doable and might be a bit easier than the reverse engineering approach in this Twitter thread (and also easier to automate, so it does not just work for this particular device).

I fear the biggest challenge for such a project would be dealing with the hardware vendors legal department though.

Or just reverse their stupid ass USB protocol, and don't run their software stack at all. No legal threats with that, because RE for interoperability is legal.

Controlling USB devices is rather simple, once you know the format of "packets" they send to their interface endpoints, to control the device. Format can often times be deduced from observing the URBs in wireshark while clicking around the vendor's app.

> Or just reverse their stupid ass USB protocol

My point is that gets a bit tedious for sufficiently large number of stupid ass USB devices. You might want a simpler to automate approach, and possibly something where you don't have to deal with binary driver signing yourself, which is rather expensive if you are doing this for a hobby.

> No legal threats with that, because RE for interoperability is legal.

The local copyright law where I live agrees with that assessment. I take it you did the necessary research for wherever you live?

But what if your reverse engineered driver infringes one of their stupid ass patents? What about trademarks (e.g. if you try to advertise it as a replacement for the official device driver)?

You do know that even if you are totally in the right, that does not necessarily stop them from suing you anyway? Regardless of who is actually right, this will end up costing you a lot of time, money and nerves.

I'd be very careful making legal assessments like that as an engineer. Responding to a legal threat totally unprepared and with a response like that will make the "sue you anyway" scenario very likely.

Good points.

Curiously enough, most apps talking to the network apparently don't even ask for firewall exemptions and just do it. The Windows-standard firewall exemption dialog window is suspiciously rare to be seen while almost everything today tries to contact network servers. This is why I installed Sphinx Software Windows 10 Firewall Control which apparently does a much better job detecting processes trying to reach the Internet (although it uses the same firewall engine built into Windows). I use it to block every app which doesn't really need the net to do the job I want it to do. Nevertheless it would be naïve to believe it gives 100% protection, there actually are plenty of ways to bypass a firewall.

> and an obvious question: if I do, will I get back any "secret" products that aren't in the "all products" list?

> "Beast Man Premium"

That has to be some sort of USB-controlled pneumatic dragon dildo

I use the Malwarebytes Windows Firewall Control. It's always interesting to see what applications or services are making internet requests. Much of it ends up being Windows services, but still.

We really should have some regulations regarding standard drivers for all devices and compatibility of them. I am dreaming I know, we don't even have right to repair yet.

The Microsoft IntelliMouse Optical is an amazing mouse. I've been trying to find a keyboard and mouse combo similar to the Apple Space Grey mouse and keyboard, and there is nothing to be found like it.

It's so depressing. You pay premium prices yet everything looks like it belongs in a 15 year olds room.

If I could have something like the apple mouse, with physical buttons and a scroll wheel - I would be in my happy place.

The Apple keyboard is such a pleasure to type on.

Yes "HP TouchPoint Assistant" I am looking at you. You have been so obnoxious that I have decided to never ever buy anything from HP.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact