> This situation has.. no precedent as far as I can tell..
Microsoft has been allowing this sort of ludicrous behavior for decades at this point, it's not a new issue. What's new is how visible LG made their malware, compared to previous auto-installs that happen like this, where they try to make the thing not so in your face, as they know there will be a huge backlash.
I don't know what Microsoft is thinking even allowing and enabling this sort of thing, they've lost all touch when it comes to building things for users.
Maybe some decision makers do indeed have negative aspirations…
If you have been reading the news about Windows 11 then I will enlighten you -- they view the Windows 11 consumer business as a cost center that must be mitigated.
As such, all manner of monetization has been approved and it will continued to be approved without regard for user experience.
This article obviates that this is not an LG problem, it is a Microsoft problem.
Also, don't fool yourself if you think this won't come to the Linux world.
Just look at Microsoft’s revenue breakdown that they publish. Windows revenue is alarmingly small.
I don’t think it’s a loss leader but Microsoft gets almost nothing from OEM Windows licenses and basically nobody buys it retail.
This is not coming to the Linux world. The moment this sort of thing happens, distros get forked.
Aren’t ms completely dependent on consumer windows for mindshare?
I doubt anyone would bother getting into programming with ms tech unless they just happened to run it on their desktop.
I don't think they are anymore. The vast majority of ordinary person computer/internet use has already moved to smartphones, tablets, smart TVs and other such devices. It seems nowadays many people don't even know the basics about how to use a desktop operating system.
I find this hard to believe considering how bad the UIs are on phones and TVs. Even google.com does not offer feature parity between their desktop and mobile websites.
My phone still didn't come with a functional paint or notepad apps. Google docs is a horrible experience on phones (but at least it works now - a few years ago it was straight up unusable).
And you're telling me that this is the only computing platform for a lot of people? How is everything still so unusable about it then?
My experience tells me that everything mobile is basically an afterthought outside of a few dozen websites and I guess phone games.
All that stuff actually works decently well on mobile... as long as one is willing to accept certain compromises.
Note-taking works fine, in Google Keep, Apple Notes, or some other cloud equivalent. Yup, your data is in the cloud and owned by one of those tech megacorps, but most people just don't care.
Basic photo editing works okay too, in Google Photos, Apple Photos, etc. Ditto the cloud stuff.
What really makes most desktop users outliers is caring about, or even being aware at all of the concept of, actually owning your own data versus trusting cloud providers for everything.
> My phone still didn't come with a functional paint or notepad apps [...] And you're telling me that this is the only computing platform for a lot of people? How is everything still so unusable about it then?
Not to sound harsh, but you come at this with an somewhat old perspective, the same one I grew up with too and probably also retain too much of.
People don't open their phones looking for something like paint or notepad apps, they want a messenger/social network to connect with their family/friends which is most likely why they got the phone in the first place, and if they're "advanced", they'll even edit their own photos and images but via a whole host of various phone image editors. Sometimes the social network offers those things too, sometimes as separate apps, people use that sort of stuff instead of looking for "paint.exe" or tools to crop/edit images in a more, I guess "crude" way that you and I might be used to and favor still today.
My kid was in a ECE program at a top 25 university. About a third of their first year classmates did not know how to navigate a desktop file system. And these are the kids interested in tech. It’s far, far worse for the ones with no interest in tech. Tablets in school have left a generation of kids behind where the previous generation was.
That fact that you're posting on a web forum makes you an outlier. Most people only passively consume, and mobile devices are good enough for that.
My phone still doesn't have a calculator app. The thought of trying to add one that isnt wolfram alpha is anxiety-producing.
Calculator Note apps are much better anyway
Right. Laptops are basically work (or school) tools now for a lot of people. They might have one tucked away that they pull out now and then when they need it, similar to a power drill or a sewing machine. It’s not a daily use device.
I think it helped Microsoft historically that people used their operating systems at home, although even then a lot of people would have learned Windows at work or school first.
Microsoft will happily sell you someone else’s tech stack on Azure.
My macOS-using employer gives much more money to Microsoft than Apple.
Cloud SaaS things they’re using: Entra ID, Power BI, Sharepoint, corporate email (365), OneDrive.
Microsoft applications installed by my employer on my PC: Teams, Office including Outlook, Defender.
Our applications are Java running on Linux and we could migrate 100% of our platform to Azure without any issue if we had a reason to do that.
MS owns Typescript and NPM and Azure and LinkedIn. I know you meant programming on Windows, but even if Windows disappears, many of us will owe our job to Microsoft.
Dont forget they own github too. The vast majority of open source software is on there these days.
Yes there are other options: gitlab.com, some project specific gitlab instances (freedesktop for example), forejo / codeberg, and the Linux kernel is off doing it's own thing with mailing lists instead. I even come across code on SourceForge every now and then still. But all of these are super niche.
They own Typescript? I wasn’t aware that they control the organization, but that ought to be easy enough to fork. NPM is a bigger one, but also not too huge. Azure is only used by people who already have Microsoft/Windows buy-in.
They created TypeScript, and maintain it now. It's not exactly a business for them, no one is buying "TypeScript Enterprise" subscriptions. It's all under the Apache License 2.0 and certainly big enough that if they started pulling anything untoward, it would see a fork. Sometimes Microsoft produces an unalloyed good, they're not a monolith.
> They own Typescript? I wasn’t aware that they control the organization,
I genuinely don't know, got curious and went to typescriptlang.org to find some "About" page or "Governance" or something else, but couldn't find anything at all about it. It was exclusively developed by Microsoft for two years, and with no other clear governance/decision structure today as far as I can see, doesn't that exactly mean that Microsoft controls the entire "organization"? It's not clear what "organization" you're referring to either, the GitHub organization? I'd assume that's also 100% Microsoft controlled.
And VS Code, and Github...
Soooo... Not anything we couldn't miss.
>This is not coming to the Linux world. The moment this sort of thing happens, distros get forked.
I installed Debian 13 recently. The first time I opened Firefox ESR (installed by default), I got something that looked like adverts on the home page (banner blindness means I have no memory of what they actually were, only of the feeling of disgust). The Home section of the Settings page had options for "Sponsored shortcuts" and "Sponsored stories" enabled by default. Changing a default setting is a lot easier than forking software, yet it was not done.
thats entirely on Firefox
As long as you have a computer that can run unsigned software, or software signed by yourself, this won't come to Linux as non-optional features: you can always recompile your kernel removing things you do not want like this.
And before anyone goes "but I can't patch that!", all it takes is one clever guy to write the patch.
This is also why the bazaar model of Linux distributions is beneficial. You get more choice.
Ubuntu snap
Just use Debian. It's just as easy to install and use nowadays, and does not come with bloatware/malware.
Neither does Ubuntu.
snaps auto-update
Yes, and?
and "minimal" ubuntu install is like 12GB
It hasn’t come for the much larger Mac world yet.
I think literally the only driver I’ve installed for any accessory of any kind is the config utility for a Stream Deck. I certainly never install mouse (thank you Steermouse!) or printer drivers, let alone a monitor driver of all things.
> don't fool yourself if you think this won't come to the Linux world.
I'm curious what you mean by this. I'm not necessarily rejecting the point, but I also don't see how this could happen without substantial shifts in the industry first.
Yeah, curious here too. Torvalds would need to pass first I think, and I just don't see other major players like RedHat, Google, Canonical, or Valve introducing this themselves or agreeing to do it in aggregate. And as end users we could still fork and patch it out. Some shitty company might try but I don't think it would stand.
Lots of bad ideas have come to Linux, like non-consensual telemetry, mobile-first interfaces etc. Don’t believe? Run OpenSnitch.
Traditional CADT means features get lost over time.
It is not immune from these forces, just not a focus by the powers that be. Fewer developers remember the good old days of Y2Kas as well, meaning they don’t resist these forces instinctively, since they grew up in iOS captivity.
Telemetry is anything including a process list. If you're talking about eBPF it's also used for debugging and server fleets and recently in basic task managers. Any data can be used to take a magnifying glass to the system. The kernel has literally thousands of toggles for this from networking to threading. And yes a program can see what your kernel supports and yes it can refuse to run if you're not running a specific kernel with a specific feature. How do you think programs like open snitch even work?
https://github.com/evilsocket/opensnitch/wiki/monitor-method...
>I don't know what Microsoft is thinking even allowing and enabling this sort of thing
This has been a feature since Windows 7, and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.
Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.
>and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.
A driver shouldn't be a front-facing program that shows ads of any kind. It should be sandboxed and follow strict APIs to talk to the OS and that's it - any extra options should be shown inline in the main e.g. printer or mouse dialog.
And then what, ever single gaming mouse/keyboard config is going to appear in the Windows UI dialog? I think extra options in an app is fine, but you should have to download it. At which point who knows what you’ve opened yourself to but at least you chose to do it.
> And then what, ever single gaming mouse/keyboard config is going to appear in the Windows UI dialog?
Actually, why not? The driver could declare a list/tree of extra configurable options, and windows could generate a configuration dialog for them. I think this is already is thing in Windows for NICs, I remember seeing TCP offload options when I go into properties for a NIC in the device manager.
You just need to make it a bit more accessible to non-tech users and with more modern control options such as colour wheels for RGB.
And the Linux software for these sort of devices (when such software exist) don't tend to be as bloated. Usually the driver just exposes some control files under /sys and someone else builds a GUI or such on top. But there is no reason you couldn't also expose a schema that describes what the options do to make a more generic GUI for those.
As a user I agree, but I think this misunderstands the Windows market. Forget about mice for a second, if you look at GPU drivers between Linux and Windows on Linux they... just work, and you can use some apps to modify exposed features, like you said.
On Windows out of the box they kind of work, but you really need a manufacturer's software suite to take full advantage of them, and that software suite is, surprise, an advertising and analytics platform, a situation I think both Microsoft and the peripheral manufacturers are very happy with.
>On Windows out of the box they kind of work, but you really need a manufacturer's software suite to take full advantage of them, and that software suite is, surprise, an advertising and analytics platform, a situation I think both Microsoft and the peripheral manufacturers are very happy with.
What we're saying is this shouldn't be allowed by the OS to begin with. Not to merely use the peripheral in any case.
Whether Microsoft is happy with allowing it, is another matter.
Perhaps some law accompanied with hefty fines can make them less happy doing it.
Configurable peripherals should store their configurations entirely on-board, and they should be configurable using a well-understood protocol. Users can then use either the vendor's application, a common third-party application, or the configuration interface native to their desktop environment to configure them. When they plug them into a new machine, they should just keep working without having to install any configuration software.
Many generations of Roccat peripherals were usable this way on Linux, thanks to the work of one generous volunteer who reverse-engineered them.
Companies like Logitech don't store their devices' configs in firmware in a way that "forces" you to run some additional shit to use all of their features (some features aren't implemented in software). It's a convenient excuse that allows them to push their spyware onto users, but it's totally unnecessary.
A vendor that was actually "user friendly" in the deep sense (opposite of "user hostile") would do this themselves; configuration would be upstream-first via libratbagd or whatever, and then they'd provide their own configuration interface as a value-add for a uniform cross-platform experience, or in areas where they thought they could provide a better UI than the design principles of KDE and GNOME, or so that they could have a uniform interface to refer to in their documentation.
>And then what, ever single gaming mouse/keyboard config is going to appear in the Windows UI dialog?
Yes. Via some standard protocol to show checkboxes, radio buttons, drop down selections, etc.
Drivers should just make my stuff work. If I want to configure my hardware, I download the app from the manufacturer's website.
Yes! Extra apps suck.
Linux users think of a driver as the thing that makes my silently hardware do the existing things its supposed to do like every other item in its class.
Windows users think of the driver as what makes the hardware do what everything in its class does but subtly different and somehow glued to a command center with its own unique and bad GUI auto started, in the tray, with its own update schedule, and ads.
How exactly do you propose to sandbox drivers running in kernel space? Do you even know how drivers work? (I'm guessing no, based on this comment)
There are people working on this problem honestly. The general solution 10 years ago was a micro kernel. Today, I’m not sure. The linux model is starting to look dated, with similar problems elsewhere. Modern hardware design looks less and less like classic textbook design, with all kinds of random chips having direct memory access to memory the cpu uses on some shared bus. Where even things like on board blue tooth chips can become attack vectors on the system.
There was a good keynote on the topic 5 years ago By Timothy Roscoe
https://www.usenix.org/conference/osdi21/presentation/fri-ke...
Agree with all of those points and there are some partial solutions (IOMMU, userspace drivers, virtualization,...), but we're still quite far from being able to safely connect untrusted hardware and load its driver without effectively giving it privileged access.
The User-Mode Driver Framework is a thing. Most plug-in devices do not need (or have) a kernel-mode driver.
Yes, but unless all 3rd party drivers can run in userspace (which is not really feasible), Microsoft needs to give vendors the option to install a kernel driver, at which point a vendor can always decide to ship a kernel driver and bypass any restrictions.
Imo, the only thing Microsoft can meaningfully do here from their side is threaten LG with pulling all their drivers if they keep doing this.
Drivers still need to pass certification & get signed. Microsoft does get to reject them.
I can't imagine the group doing this validation is sufficiently manned/funded; it's a cost centre, and the effects of cutting it don't show up for years.
I expect that process to be mostly automated, I wouldn't expect the MS folks at the testing lab to do much (if any) manual testing, especially for a new version of a previously approved driver.
I'm not surprised that the driver got approved, especially if the previous versions already had some user UI and this update "just" added the ads. What I would hope now is for MS to either pull the updated driver or ask LG to roll the change back themselves, possibly under the thread of pulling their drivers altogether (iirc they done that with other companies in the past).
Microsoft has a program to do static and dynamic analysis of drivers... not a sandbox, but better than nothing. Of course, wonky drivers plus wonky hardware can still do bad things (io-mmu can help, a bit).
The problems tend to be in the userspace software that's also installed with the driver. Sometimes there's also some pretty derpy stuff where the driver wants to talk to the userspace software but there's no validation/verification and that opens up a big hole.
First of all, drivers don't have to run in kernel space. Do you know that? I'm guessing no, based on your comment.
Second, we're not talking about the drivers per se, as those aren't what shows you ads, it's the configuration software and accompanying crapware. Did you get that? I'm guessing no, based on your comment.
Third, there are capability-based kernels, microkernels, drivers that are allowed into as restricted bytecode, IOMMU, and several other layers of security. Do you know that? I'm guessing no, based on your comment.
To answer in a more constructive way:
No mainstream desktop OS tries very hard to sandbox drivers. Some drivers on both Windows and Linux (not very familiar with Mac) can be implemented as userspace drivers, as long as the performance hit is acceptable, but for many devices (e.g., graphics drivers), you need a kernel driver to get reasonable performance.
Therefore, if your OS supports loading 3rd party binary drivers (Windows do, Linux technically does as well, but tries to make them hard to use in practice), it cannot really refuse to load kernel drivers and only allow userspace ones without breaking a lot of machines.
Even if you have a userspace driver, the device may still get DMA access to RAM. IOMMU is a thing, but due to backwards compatibility, the driver chooses whether to enable IOMMU protection for the specific device on Windows.
If you're willing to write your own microkernel and bootstrap its driver ecosystem from scratch, your claims would be reasonable. With current desktop OS architecture, not really.
As for the accompanying software, there is a good explanation in another comment of all the valid use cases it has (printer dialogs, audio interface configuration,...). LG abusing that to show ads is primarily LG's problem.
You don't have to counterbalance every useful sentence with a toxic message.
You do, when you're responding to "Do you even know how drivers work? (I'm guessing no, based on this comment)". I'm merely giving them back their toxic comment right back.
I'm not sure how I missed they did it first, but doing it more isn't really helping. Oh well, I shouldn't have said anything, it's not great but it's not worth fussing about.
Though there is a limit to how much you can effectively sandbox a driver for most devices. They do have a point even if they made it badly. I know you listed some methods but they don't generalize to arbitrary devices very well.
You're right regarding the tone, it just rubbed me off the wrong way. Especially since I (originally) made a neutral comment and didn't insult anybody.
>Though there is a limit to how much you can effectively sandbox a driver for most devices. They do have a point even if they made it badly. I know you listed some methods but they don't generalize to arbitrary devices very well.
Likely not, but the rarer cases could always be exceptions.
Most devices, screens, printers, mice, audiocards, etc should not have to go through this, at least not for basic functioning.
Which is why I like e.g. "class compliant" devices for example, whereas the configurations can be managed directly from the OS with no third party driver loaded. Some of those do come with the custom proprietary driver, but for most I don't even bother installing it.
Read sibling comments to get answers to all your (non)questions.
Strange how you didn't read them then, based on your rude and false response to my comment.
> Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.
Except for every printer, some popular GPUs, Microsoft's peripherals...
Auto-run when inserting a CD worked great, until people realized you could do bad stuff with it. User action must be required to run or install new software.
OK so you get a pop-up that says "install driver or it won't work" and so you do and then you're at the same situation.
Or you don’t and you return this piece of garbage for a refund. I hope you can see how this is much superior to auto-installing malware.