A message to application programmers

[steer]

Your program is not the most important program in the world. It's not the most important program on my computer. It's probably not even in my top 10. Maybe at best I run it once a month. More likely I ran it once because I needed something to do that task and I'll get round to uninstalling it in due course. Please therefore

Comments

[mjl]

I agree with pretty much all of that, but I'm not sure your target is right, in many cases. It's not going to be the programmers that want all that stuff, it's the marketers. They do not want you to just run the program once, or even once a month. They want you to use it instead of other programs or services that can do something similar. They want you to use it when you were just looking for something to do. Almost nobody pays anything significant for software, so they need to get that fraction of a penny from almost everybody instead.

Many people don't know how to launch a program if there isn't a desktop shortcut. Many people don't know there is a minimise button. And, at least in the case of internet-related software (which is most of it these days), pretty much every update is a security update. If you look at the counts from Secunia, most people should be installing dozens of updates each month.

[steer]

It's not going to be the programmers that want all that stuff, it's the marketers. They do not want you to just run the program once, or even once a month. They want you to use it instead of other programs or services that can do something similar

You're probably right with some of these -- though often I'm thinking of relatively small programs which are likely just 1-2 coders yet which take up inordinate amounts of time updating, and putting junk all over the computer. I realise it's all about the money so their revenue stream is pretty much "irritate your user" (with toolbars, adverts and suchlike... for a few months it seemed like every third program I installed also wanted me to install a helpful monkey sidekick).

Many people don't know there is a minimise button.

For users who don't know there's a "minimize" button that's even more reason not to deviate from the default behaviour. These are the users most likely to be surprised that skype is still running, think they've hung up and not done so.

in the case of internet-

[mjl]

"it's the 20 separate update mechanisms I mind

[steer]

Well, VLC has 9 advisories on Secunia's site in 2011.

Christ on a crutch. I stand corrected on this one then. Thanks. Application programmers stop writing code with massive security holes. :-) (OK, that's more difficult.) Weirdly utorrent and tortoisesvn (which also both pester me a lot) I was giving the benefit of the doubt to (well, complex interaction with many other users -- probably lots of security holes) seem to have relatively few security updates (if I'm searching right). Get yourselves together vlc.

If Reader just displayed documents rather than aiming to be an application platform in itself, including media player and script engine and whatever else, it might have less security issues. The latest version of Reader doesn't bundle the Flash plugin any more, at least...

It's getting better -- but god it has a lot of better to get.

[mjl]

"Application programmers stop writing code with massive security holes. :-) (OK, that's more difficult.)"

I haven't looked through the whole list, but I think the issue is partly that VLC plays a huge number of formats without needing separate codecs or whatever installed in addition, which means they are bundling a whole bunch of third-party code.

utorrent may enable complex interaction, but it's a relatively small program doing basically one protocol. It's pretty easy to get people to open a non-program file, which means that people writing malware can throw stuff at pretty much any application. Basic firewalls, which pretty much everyone has now, have sorted out the sort of stuff that used to spread itself over networks - much easier these days to get users to use a browser to download the malware themselves.

[steer]

You're probably right re: vlc. It was just completely against my intuition. svn and utorrent are (in my mind) network programs which make connections to other people (who may themselves be untrusted). vlc is (in my mind) just playing videos.

I'm convinced your reasoning is absolutely correct about why. It just led me to think that vlc was producing many spurious (non security) upgrades whereas tortoisesvn and utorrent were being reasonable. The truth appears to be quite the reverse.

[tvor]

Acrobat is one of the worst offenders. I use Foxit for opening pdf files. It's small and fast and works ever bit as well as acrobat reader.

[randomstring]

This. Acrobat is a steaming pile of security fail. Don't use it.

[steer]

It's dreadful but then you get the odd "weird document" that seems to prefer to render in it.

[steer]

Good tip.

[kissmeforlonger]

I'm not so sure it's the marketers - who are generally pretty concerned not to piss off users. In app design meetings I've been in, it's just as likely to be a programmer who thinks things should logically work a certain way because: some very narrow technical reason.

Rule of life: Everyone sees their own perspective first.

[mjl]

Fair point. I'm not sure I even meant "marketers" really - managers of some kind would also be a possibility.

I imagine there is an amount of "everyone else does it, so we have to as well". If the user has 15 applications loading on start-up and yours doesn't, then you're probably going to be hurt by that. And there are a lot more users with 15 applications loading on start-up than users who spend their time making sure that things don't load on start-up.

[steer]

Lots of the crapware is just there because the company who wrote it pays to have it installed. That's why when you buy a new PC these days it's got lots of stupid utilities. It's also why a lot of software comes with spurious and unrelated browser toolbars.

[You likely know this already.]

[steer]

Marketers is the wrong term -- he means the finance people. A lot of programs make their money from ad revenue or bundled crap. The programmers don't really want their code to install that junk but it's not their choice. However, every time you can sneak some of it onto the users computer you get a bit of cash from the company. (That's why when you buy a new PC it comes loaded with buggy rubbish software with titles like EZPCsetupwizzard -- the company has been paid to ship to users with that crap installed).