Visual Studio compiler inserts telemetry into compiled code without users knowledge
-
BryanFazekas wrote:
Executables bloated with unnecessary code that does not help with the software's purpose
Bloated seems like an overstatement. But OK.
BryanFazekas wrote:
Potential for adware and anything else to get inserted into or called from executables. If one unnecessary thing is slipped in, what is next?
That just sounds like paranoia. I can brake into your house and murder you anytime I want to, but the reality is, it won't ever happen. No reason to worry about all possible bad things in life. You'll go nuts.
BryanFazekas wrote:
Microsoft (or whoever) can record all types of things about each executable and its usage.
Again, who cares?
BryanFazekas wrote:
You become a vendor for spyware, not knowing what is being recorded about users of your software
You already are. Read Microsoft's software agreements sometime.
BryanFazekas wrote:
this issue is going to push people away from their products.
And who would people go to instead of Microsoft?
There are only 10 types of people in the world, those who understand binary and those who don't.
-
RyanDev wrote:
And who would people go to instead of Microsoft?
:doh: You do realize there are other compilers on the market?
-
BryanFazekas wrote:
Do you lock your car when you park it? Do you lock your doors at night or when you're not at home?
Of course. But I don't care if anyone is taking pictures of my car or if there is a security camera in the parking lot recording video for others to see. And many of us have written code that sends us information about the performance of our software or sends us error reports, etc. So what?
There are only 10 types of people in the world, those who understand binary and those who don't.
RyanDev wrote:
But I don't care if anyone is taking pictures of my car or if there is a security camera in the parking lot recording video for others to see.
That sounds reasonable, but in this case taking pictures of your care or a security camera would be something the OS or anti-virus/anti-malware would be doing. This is more like Ford or GM deciding to make your car honk and flash the lights every time you change the radio station.
-
RyanDev wrote:
But I don't care if anyone is taking pictures of my car or if there is a security camera in the parking lot recording video for others to see.
That sounds reasonable, but in this case taking pictures of your care or a security camera would be something the OS or anti-virus/anti-malware would be doing. This is more like Ford or GM deciding to make your car honk and flash the lights every time you change the radio station.
Member 2652715 wrote:
This is more like Ford or GM deciding to make your car honk and flash the lights every time you change the radio station.
Actually, it isn't like that at all. My application will not behave any differently because of their code.
There are only 10 types of people in the world, those who understand binary and those who don't.
-
BryanFazekas wrote:
Executables bloated with unnecessary code that does not help with the software's purpose
Bloated seems like an overstatement. But OK.
BryanFazekas wrote:
Potential for adware and anything else to get inserted into or called from executables. If one unnecessary thing is slipped in, what is next?
That just sounds like paranoia. I can brake into your house and murder you anytime I want to, but the reality is, it won't ever happen. No reason to worry about all possible bad things in life. You'll go nuts.
BryanFazekas wrote:
Microsoft (or whoever) can record all types of things about each executable and its usage.
Again, who cares?
BryanFazekas wrote:
You become a vendor for spyware, not knowing what is being recorded about users of your software
You already are. Read Microsoft's software agreements sometime.
BryanFazekas wrote:
this issue is going to push people away from their products.
And who would people go to instead of Microsoft?
There are only 10 types of people in the world, those who understand binary and those who don't.
RyanDev wrote:
BryanFazekas wrote:
Executables bloated with unnecessary code that does not help with the software's purpose
Bloated seems like an overstatement. But OK.
The unstated thing is that, while MS claims they added this instrumentation to keep an eye on the performance of your applications, what is the performance and behavior of this telemetry logging functionality (and how will it change as they update their OS)? Can it cause app slowdowns? crashes? Fill your customer's disk? How does it change the attack surface of your app? If you don't know it's there, how will you be able to address any of this? Worse, MS will feel free to change that code at any time, so you may wake up one day to find out that installed versions of your application are suddenly doing very bad things to your customers computers, and you didn't make any change at all to your code that could have caused it. You can deny all you want, but your customers are still going to blame you and your code. And remember, Microsoft had no plans to tell you about this addition, they've been forced to remove it because their attempt to slip unwanted code into everybody's applications was discovered by a user and the community pushed back.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
-
RyanDev wrote:
BryanFazekas wrote:
Executables bloated with unnecessary code that does not help with the software's purpose
Bloated seems like an overstatement. But OK.
The unstated thing is that, while MS claims they added this instrumentation to keep an eye on the performance of your applications, what is the performance and behavior of this telemetry logging functionality (and how will it change as they update their OS)? Can it cause app slowdowns? crashes? Fill your customer's disk? How does it change the attack surface of your app? If you don't know it's there, how will you be able to address any of this? Worse, MS will feel free to change that code at any time, so you may wake up one day to find out that installed versions of your application are suddenly doing very bad things to your customers computers, and you didn't make any change at all to your code that could have caused it. You can deny all you want, but your customers are still going to blame you and your code. And remember, Microsoft had no plans to tell you about this addition, they've been forced to remove it because their attempt to slip unwanted code into everybody's applications was discovered by a user and the community pushed back.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
patbob wrote:
what is the performance and behavior of this telemetry logging functionality (and how will it change as they update their OS)? Can it cause app slowdowns? crashes? Fill your customer's disk? How does it change the attack surface of your app? If you don't know it's there, how will you be able to address any of this?
But that's true about the entire .net stack as well as any 3rd party code you use.
patbob wrote:
Microsoft had no plans to tell you about this addition,
Again, so? Many of us have written code that gives us feedback so that we know how our software is running, or not. It's their software, I don't see why we should be trying to dictate how it works.
There are only 10 types of people in the world, those who understand binary and those who don't.
-
Member 2652715 wrote:
This is more like Ford or GM deciding to make your car honk and flash the lights every time you change the radio station.
Actually, it isn't like that at all. My application will not behave any differently because of their code.
There are only 10 types of people in the world, those who understand binary and those who don't.
RyanDev wrote:
My application will not behave any differently because of their code.
Sorry to be pedantic, but do you mean that your application by design was already sending telemetry information to microsoft telemetry service or that you don't care that it does?
-
patbob wrote:
what is the performance and behavior of this telemetry logging functionality (and how will it change as they update their OS)? Can it cause app slowdowns? crashes? Fill your customer's disk? How does it change the attack surface of your app? If you don't know it's there, how will you be able to address any of this?
But that's true about the entire .net stack as well as any 3rd party code you use.
patbob wrote:
Microsoft had no plans to tell you about this addition,
Again, so? Many of us have written code that gives us feedback so that we know how our software is running, or not. It's their software, I don't see why we should be trying to dictate how it works.
There are only 10 types of people in the world, those who understand binary and those who don't.
RyanDev wrote:
But that's true about the entire .net stack as well as any 3rd party code you use.
True, it is. Its a risk we all take. However, while we don't know how the library is implemented, we do know what parts of it we're using because we're explicitly calling it. If there's issues with their library code, we can work around it.. somehow.
RyanDev wrote:
It's their software, I don't see why we should be trying to dictate how it works.
I agree that we don't necessarily get a say in how their software works. It was unstated, but I didn't say they shouldn't collect their telemetry. I merely want to be informed about any changes they are making to my code that might affect it. After all, when my code breaks for my customers, they'll be holding my feet to the fire to get it fixed, not Microsoft's. It is far easier for me to fix code that I've written and can see, than some hidden addition that Microsoft inserts behind my back, and I don't even know is there until I get down and dirty with the generated assembly code. I guess the real problem is that the compiler team has an implied "contract" with us, their users -- one clause of which is that they won't add any unnecessary garbage to our code. They violated that. They didn't tell us about that violation. They didn't give us any way to control that addition. In short, the compiler team violated the implied "contract".
We can program with only 1's, but if all you've got are zeros, you've got nothing.
-
RyanDev wrote:
My application will not behave any differently because of their code.
Sorry to be pedantic, but do you mean that your application by design was already sending telemetry information to microsoft telemetry service or that you don't care that it does?
-
RyanDev wrote:
But that's true about the entire .net stack as well as any 3rd party code you use.
True, it is. Its a risk we all take. However, while we don't know how the library is implemented, we do know what parts of it we're using because we're explicitly calling it. If there's issues with their library code, we can work around it.. somehow.
RyanDev wrote:
It's their software, I don't see why we should be trying to dictate how it works.
I agree that we don't necessarily get a say in how their software works. It was unstated, but I didn't say they shouldn't collect their telemetry. I merely want to be informed about any changes they are making to my code that might affect it. After all, when my code breaks for my customers, they'll be holding my feet to the fire to get it fixed, not Microsoft's. It is far easier for me to fix code that I've written and can see, than some hidden addition that Microsoft inserts behind my back, and I don't even know is there until I get down and dirty with the generated assembly code. I guess the real problem is that the compiler team has an implied "contract" with us, their users -- one clause of which is that they won't add any unnecessary garbage to our code. They violated that. They didn't tell us about that violation. They didn't give us any way to control that addition. In short, the compiler team violated the implied "contract".
We can program with only 1's, but if all you've got are zeros, you've got nothing.
patbob wrote:
I merely want to be informed about any changes they are making to my code that might affect it.
Serious? You want to read through release notes from a company that has 100's of software products and is releasing updates all the time? Not me. :sigh:
patbob wrote:
the compiler team violated the implied "contract".
If you thought there was an implied contract that there would be no garbage in your code, then I have a bridge to sell you. :-\
There are only 10 types of people in the world, those who understand binary and those who don't.
-
How many times are they going to shoot themselves in the foot before an amputation is required?
New version: WinHeist Version 2.2.2 Beta
I told my psychiatrist that I was hearing voices in my head. He said you don't have a psychiatrist! -
How many times are they going to shoot themselves in the foot before an amputation is required?
New version: WinHeist Version 2.2.2 Beta
I told my psychiatrist that I was hearing voices in my head. He said you don't have a psychiatrist!MS plotting their next income stream, give the tools and libs away free then charge based on usage - including use of your apps [which use their libs = their justification to do so]. Jus like they want to do with W10. At the moment their major income stream is from releasing new versions, by charging for use they only need to create the product once and then just sit back and count the money that rolls in forever (even if they do nothing except release the occasional bug fix). So come on people, chill... all they want is your money, is that really so bad? :^)
-
Unbelievably, the latest version of Visual Studio inserts "telemtry" into compiled code: Reviewing Microsoft's Automatic Insertion of Telemetry into C++ Binaries[^] :mad:
Well, I stopped using Visual Studio and C# several years ago (except on occasion when I deal with legacy software) for a variety of reasons, including their dodginess over privacy, but also for practical reasons (MS only really caters for selected audiences). I have no regrets about leaving C# behind. That's not to see it's all bad, it has some nice features, but too much proprietary crap comes with it.
-
MS plotting their next income stream, give the tools and libs away free then charge based on usage - including use of your apps [which use their libs = their justification to do so]. Jus like they want to do with W10. At the moment their major income stream is from releasing new versions, by charging for use they only need to create the product once and then just sit back and count the money that rolls in forever (even if they do nothing except release the occasional bug fix). So come on people, chill... all they want is your money, is that really so bad? :^)
Robert den Hartog wrote:
So come on people, chill... all they want is your money,
Considering Bill Gates is the richest man in the world I think he's done a pretty good job of it!
New version: WinHeist Version 2.2.2 Beta
I told my psychiatrist that I was hearing voices in my head. He said you don't have a psychiatrist! -
So, do you have an answer?
There are only 10 types of people in the world, those who understand binary and those who don't.
MinGW-w64 (GCC) and Clang are two that are commonly used.
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
-
Unbelievably, the latest version of Visual Studio inserts "telemtry" into compiled code: Reviewing Microsoft's Automatic Insertion of Telemetry into C++ Binaries[^] :mad:
