"It’s relatively easy for software developers to use and it’s rather difficult to secure."
Well.. that's a depressing sentence to read. Sounds like they've set novice developers up to fail with that one.
Earlier this year, peripheral maker Kensington patched its desktop software to close a vulnerability that could have been exploited by malicious websites to quietly hijack victims' computers. Now the programmer who found this remote-code-execution hole, and reported it to the manufacturer, has identified a similarly serious …
Ideally, yeah, and that would put pressure on the OS developer to implement the genuinely useful features that are currently present in, for example, Logitech's mouse config software. Maybe it's moving that way - see Microsoft's recent efforts in defining the way a trackpad should work (as opposed to tiny track pads many laptops once had). Apple of course has greater control over trackpads (usually very good) and mice ( to a sometimes note mixed reception)
Until that day, however, some users derive great benefit from the extra features and options that only found in the mouse vendors' config suites. Other users will use devices that aren't mice ( graphics tablets, accessibility devices). Gamers will always delight in a bespoke config suite.
"Microsoft's recent efforts in defining the way a trackpad should work"
You mean like how, quite recently on an old Acer laptop, My Ubuntu 18.04 live USB environment quite happily supported full functionality including scrolling edges on the built in trackpad yet the built in Windows 10 driver has no support for scrolling using the trackpad and all my googling efforts turned up was that it's older hardware so there's no driver support and tough luck.
Microsoft could include decent support for older kit but they don't care.
Their idea of defining how a trackpad should work would probably include the addition of a Windows button on every mouse, and built in obsolescence that would render hardware older than a 5 years to be unusable. No thanks
I totally agree with you. What is this madness ? You need a webserver to manage your mouse configs ?
Is this another case of a job being given to the summer intern who just finished a web development course ?
Get your ducks in a row and make a proper DLL in C++ to do job.
Oh, right, that means you're actually going to have to learn a proper programming language. Sorry.
1) A scripting language when we have had real ones for 40 years.
2) A web server other than a proper one to actually serve web pages on the Internet or Intranet.
They should be banned from distributing software.
This is crazy on so many levels.
You also don't need lured. I use uMatrix because companies such as CNN and the BBC have served adverts with Malware. Google doesn't seem to really care.
Adverts need to be an image served from the main page's domain with simply an ordinary clickable link. Or links. A client side pure HTML image map is OK.
Also web sites using 3rd party code loaded a page load rather than having their own local checked copy is a privacy and security fail.
BUT A STUPID DESKTOP APPLICATION!!!!!!
Adverts need to be an image served from the main page's domain with simply an ordinary clickable link. Or links. A client side pure HTML image map is OK.
Duly upvoted!
Allowing active content in adverts that are shown to the user whether without the user's consent is an atrocity. A simple text-and-image(s) panel with clickable link(s) should suffice.
...using it for some lousy mouse configuration app seems like massive overkill. Electron is Chromium and NodeJS lashed together just so somebody can adjust their mousewheel sensitivity.
The use of browser engines is so pervasive in some applications (e.g. most game launchers like Steam, Epic etc.) that I wouldn't be surprised that people unwittingly have 10 or 20 of them installed on their machine bloating out the disk.
I haven't installed the "configuration apps" since I bought a Gravis gamepad in the 90s, and found it worked better without it.
For example I have a Logitech MX Master 2S here running perfectly with no utilities etc installed, all the buttons/features that I know about/need all work, what am I missing out on that merits the install?
Genuine question by the way, not an "ooooh look at me" post.
If you works for you, that's grand. I've not used my MX Master mouse without the Setpoint software, so in a way my ignorance is the mirror image of yours! :)
That said, the Logitech Setpoint software for Windows includes a clone of OSX's 'Exposé' task-switcher which I value greatly and map to one of the mouse's many buttons. It's only selectable if Setpoint detects you're using an MX mouse, oddly.
Beyond that, I've only used the software to configure buttons, which I assume Windows can do natively. There's also an option in Setpoint to have different button configs for different applications, and I attempted to map keyboard keys to various mouse buttons to streamline my Civ 5 experience (turns out I was playing it wrong).
I don't need any software to tell me the mouse's battery level, since the mouse has LEDs for this purpose.
I'm not really a gamer, but someone who is might have a different response to your question.
I think it's just a symptom that some manufacturers think having their software look & feel like other software is for squares. This was always an issue in Windows mostly with software like drivers, antivirus and media players. We'd see all kinds of terrible UIs with windows with rounded corners, non-standard controls, brushed metal, horrible fonts etc.
In the past they might have rendered their weird GUI in C++ with Win32 APIs, but these days they'll use Qt / QML or they'll wrap a browser to do it. Qt / QML costs money for commercial use so I assume many are cheaping out by using Electron. And so it is they write some glorified dialog box in JS, HTML and CSS and users suffer a massive install and runtime for it. And clearly in some cases it comes with a free exploit on the side.
Anyway, I much prefer it when Windows supports a device out of the box because there is no need to deal with this BS. I'm sick of bloated drivers, or worse, ones that run constantly with embedded nagvertisements, spyware, e.g. many printer drivers.
The first rule of programming should always be to assume someone will abuse the system. So you must always think about how the software can be hacked and what can happen if it was hacked. You must work around security, and never assume nobody will bother to hack the software.
> “Presumably Kensington didn’t add authentication because they didn’t expect anything to try to talk to the server other than their own, trusted UI.”
Developer: There's the proof of concept working... [and goes on to demo the functionality]
Product owner: That's great, we'll GM on Friday.
Developer: But there's been no volume testing, compatibility testing, nor security hardening?
Product owner: That's great, we'll GM on Friday.
It sounds like a case of "when all you have is a hammer, everything looks like a nail": going for the bad solution that they know, rather than doing a quick search online to see if there are any better options out there. Or it was a stack decision forced onto the developers by management.
For example, Qt Quick is an excellent, mature framework designed for doing secure cross-platform JavaScript desktop apps. Maybe Electron can do it properly too, without the local server, for all I know.
Oxymoron.
Real production applications of any kind for local execution should not be written in javascript, or indeed anything else really intended to help the functionality of a website. They should use a proper programming language, the minimum being the kind compiled to an intermediate code.
And here I was thinking that the nightmare scenario of cd, ls, ln and other CLI tools was just an exaggeration and could never happen.
After config tools and utilities switching to Electron/JS, might we soon see the successor to systemd: NodeD? Or maybe NodeOS will suddenly become the dominant Linux distribution.
Is this modern software development now?
I fear so. There is a sustained theme of inappropriate choices of language for many projects. Systemd is of course a horrible pile of manure in concept, execution and success, but to cap it all off they chose to write it in C. Now C is a systems language, but systemd is not an OS kernel and might have used something other than the language that is hardest to get things right in. Rust would nowadays be a far superior option (there's even just such a project here), but back then even just using C++11 (or even older C++ and Boost) with smart pointers would have been viable and a whole lot more straightforward than C.
I've seen various many projects in my time where the overriding reason to pick a particular language was "because it'll be fun", not important reasons associated with efficiency, support, etc.
My 2 cents worth for the modern era: systems and native code: Rust. Web (if we must): Typescript. There's no real place for Java, C# I think now, Rust has most of the same benefits, an expanding and well thought out ecosystem, and doesn't need a runtime. Anyone who mentions "dynamic languages like Python" ought to be shot.
Electron, as stated before, is a "developers first, users later" framework. It allows rapid development thanks to its reliance on such an accessible language as Javascript.
End of the story. It's not for elegant applications, it's not for secure applications. It's the product of the ship fast fix later (maybe) mentality the folks in silicon Valley gifted us with.