I think we ARE hackers. If you have ever been in hacker culture, you know they don't mean cracker, or even cyber security culture.
We definitely have cracking articles here from time to time (legal ones with responsible discosure or hacks of defunct games or software), even cyber writeups.
Hacking just means, hacking together. Its your weekend project to wire up your flower beds to your computer so you can monitor on your phone.
The majority of hackers are not people in cyber gangs perpetrating crimes, they are more like tinkerers.
There are lots of software people who absolutely do not hack in their free time, and lots of hackers who are nor software engineers. Hackers tend to build some great stuff, though, so you do see it in industry stuff a lot.
Though I've been enjoying WT, there are some limitations that have bit me:
1) As a 'Store' app, it can be a pain to install in locked-down corpo networks that block Windows Store. Winget can be a workaround, or you can extract the exe from packages, but an installer would be nice.
2) Since it's a UWP app, there's no way to launch it as another user-identity (i.e. runas)
How do you get that to work? I've tried changing the settings to open new terminal windows using a different identity (runas), but they are then separate from the terminal app.
I basically would just like to be able to dock that new window in the existing terminal tabs, as otherwise, I might as well just launch a PoSH prompt.
You can launch into any security context but merging multiple contexts under a single window is not supported. It has to do with Windows lacking session elevation for pipes but supporting it for window handles https://github.com/microsoft/terminal/blob/main/doc/Niksa.md...
If you want to get real hacky in the meantime you can run the ssh server service and have a short alias to ssh to localhost as a user but now you have that extra abstraction between to deal with.
> Since it's a UWP app, there's no way to launch it as another user-identity (i.e. runas)
This is possible, the only issue is that the app needs to also be installed on the other user’s profile. Once installed for the user you can use runas.exe to start wt.exe as another user. I believe the UX from the right menu needs improvement but it is possible.
Note: Windows Terminal requires Windows 10 2004 (build 19041) or later
Microsoft Store [Recommended]
Install the Windows Terminal from the Microsoft Store. This allows you to always be on the latest version when we release new builds with automatic upgrades.
This is our preferred method.
Other install methods
Via GitHub
For users who are unable to install Windows Terminal from the Microsoft Store, released builds can be manually downloaded from this repository's Releases page.
Download the Microsoft.WindowsTerminal_<versionNumber>.msixbundle file from the Assets section. To install the app, you can simply double-click on the .msixbundle file, and the app installer should automatically run. If that fails for any reason, you can try the following command at a PowerShell prompt:<<
I am glad to see scoop called out in the list of installation methods. I use scoop and like the idea behind scoop. Applications should install in my user_profile when possible and should only require sudo when it isn't possible.
All new application in $current_year should install as $current_user_scope by default. I hate how applications (looking at you, Google Chrome) try to install a scheduled task to keep itself updated. All of this should be up to the package manager. If I want to update the client application, I will do so myself.
And the winget version updates automatically with the Microsoft Store (not that that matters much if you are into using scoop/choco, since you know to just scoop upgrade)
Apple should follow MS's example and open source its Terminal.app
It's a decent terminal emulator, but could use several enhancements and the community could help.
For some reason I haven't changed to iTerm yet, even though it's been objectively better in every way for years.
Even the minor gripe I had with font rendering is fixed.
There's something about using default apps as much as possible that appeals to me. But Terminal.app is lagging compared to the competition.
> It's a decent terminal emulator, but could use several enhancements and the community could help.
It's the only modern terminal that passes the VT torture test. It supports double width and double height characters (great for terminal error messages).
It doesn't support overline (which is awesome for status lines at the bottom of the screen) and requires font support for line drawing and block graphics (Unicode 13 introduced 2x3 blocks and the next one will introduce 2x4s).
> There's something about using default apps as much as possible that appeals to me
For me it's one less thing to distract my distraction-prone brain.
Better keyboard only text selection, vertical/horizontal splits (I know about tmux, I still prefer scrolling and searching on true app), true color support, image visualizing would be nice.
> Apple should follow MS's example and open source its Terminal.app
This is bellyaching about nothing. Instead, Microsoft should follow Apple's example and open source the operating system. The only part of macOS that is not open source is the GUI, i.e. Quartz Compositor, and the gui applications. Microsoft, meanwhile, is an incredible slouch when it comes to open source, only very recently changing their hostile "embrace, extend, extinguish" stance towards OSS.
>Microsoft should follow Apple's example and open source the operating system
1. Apple did not open-source MacOS. Hell, I can't even buy a copy of it and run it on a PC but instead I have to buy Apple HW to get it, while at least I can download a copy of Windows and run it (even unregistered) on any cheap PC HW and develop SW for it, without paying for Microsoft hardware, or even for the OS itself (gray legal area), unlike Apple where the only way I can run MacOS and develop SW for it is by buying Apple hardware which is a far more restrictive way, from a monetary perspective, to get someone on board
2. Microsoft cannot open-source Windows as it contains a lot of third party code for which it has no licensing rights to open source. They've explained this multiple times. I assume the same applies to modern MacOS.
I probably shouldn't dignify this with a response, but yeah, you don't know what you're talking about. The kernel XNU is OSS. The BSD userland is OSS. This means that technically, the operating system is open source. If you go by file count, there is far more OSS in macOS than not. But if you want to go by file sizes, then the only closed source parts of macOS, again, are the GUI, the Quartz Compositor, and a lot of Apple's installed applications, which are bound to have large file sizes. So it is deceptive and frankly false to claim speciously there are, plural, "orders of magnitude more closed source than open in macOS."
But every release Apple releases more open source software.[1] No other proprietary operating system vendor releases more open source than Apple.
I think a lot of value comes with the Frameworks, with them you get at least source compatibility with macOS and without them the core operating system will just be another Unix operating system without much hardware supports.
So I personally put much more weight on the Frameworks over XNU and BSD userland. There is a reason GNUStep is less dead than PureDarwin :D
That's fine, but the frameworks are not installed with macOS. In order to get them, one must sign up for a free developer account, at least, and install Xcode, which is massive, but I'm not sure how you can say it is part of the OS when most people never install it.
The system frameworks e.g. Cocoa, Foundation, CoreServices come with every installation as binaries. These are the building blocks of the GUI and mac default apps. They act as the abstractions to the underlying BSD and Mach system and basically what define a macOS system. [1][2]
My point is I put more value on the closed source parts more than the core OS and even the GUI itself. If these were to be open sourced, practically means possibility of source compatibility (even binary compatibility) on Linux and that is huge deal for the public. On the other hand, I'm not sure how can anyone besides compiler and driver developers can benefits from Darwin being open source.
Cocoa/UIKit, Quartz, Core*, drivers, etc are all closed source and much larger (by line count) than the kernel and BSD stuff.
You can even throw WebKit and LLVM (which are humongous) in the mix and it won't change the balance.
But since I can't link to them and neither can you, we're just going to keep saying the other one is wrong in a web forum.
And that is expected, because graphics takes up a lot of space, so this comparison is not intellectually honest. But I'd like to see you try running just the "Cocoa/UIKit, Quartz, Core*, drivers, etc" without the kernel and BSD userland. Without the GUI, we still have an operating system that is entirely OSS. With only the GUI, we have nothing that works.
> But I'd like to see you try running just the "Cocoa/UIKit, Quartz, Core*, drivers, etc" without the kernel and BSD userland
That's the point we can't because they are binaries (with strict EULA at that) but make it open source I can guarantee they will be ported to Linux within a year :D
> Without the GUI, we still have an operating system that is entirely OSS. With only the GUI, we have nothing that works.
entirely OSS operating system that lacked hardware supports to be useful, what is the point over something like Linux. Even FreeBSD supports more hardware.
>because graphics takes up a lot of space, so this comparison is not intellectually honest
I've written “by line count”. It's more code, lots of it, not binary size.
>Without the GUI, we still have an operating system that is entirely OSS. With only the GUI, we have nothing that works.
You're discussing merits, I've been arguing about an absolute value: lines of code.
But if you want to discuss merit, here's another objective data: Darwin has been open source for 20 years. No one runs it. Because all the value is at the top layers and lower closed source ones. See the trouble folks at Asahi Linux are going through to reverse engineer the M1's GPU graphic driver.
This is a straw man, and also not entirely accurate. Darwin is BSD, and in theory just as useful as BSD, or FreeBSD, NetBSD, and useful to developers, and to anyone that can figure out how to install it and use it. [1] Meanwhile, Windows without hardware less than 2 years old is absolutely worthless. Thus, Linux.
If it were not true, Linux would never have become popular. Linux evolved beyond quickly fixing what Microsoft broke to take over the server space, but that was Linux's first practical reason for existing, to mitigate the problems with Windows slowly dying after about 2 years of being installed and used daily.
> Meanwhile, Windows without hardware less than 2 years old is absolutely worthless
This seems like a massive exaggeration. I am currently running Windows 10 on a refurbished laptop I bought in 2012! (So, actual hardware is even older).
I was a Terminal.app user since Tiger, only recently had to switch to iTerm 2 as since Big Sur it forces anti-aliasing on non-HiDPI displays, even when turned off in the settings (I like non anti-aliased Monaco 10pt). It looks like a bug, but hasn't been fixed since.
If you use a font which doesn't have outline data Terminal.app and you set the rendered size to whatever is the native size of the font, Terminal.app will show you the unadulterated bitmap (if you use a multiple of the size, Terminal.app should scale it up without anti-aliasing).
I generate a .dfont without outline data based on a tweaked version of my favorite bitmap font, in Font Forge.
Now, if there is a way you can pre-render your favorite outline font to a bitmap and write it as a .dfont without outlines (other extensions may be fine, not sure though), you could switch back to Terminal.app. But font tools on GitHub etc. are very very few and never work that well, if they even do what they advertise at all.
There's an excellent blog post by the product manager I believe that explains the history of the CMD command, how terminal emulation works in Windows, and the work they were doing.
The way I understand this project is essentially "an interface" to the new ConPTY they developed (which IIRC is closed source, naturally).
That doesn't make it any lesser. I've used it since a build was available, 4 years ago or something. I love it.
So, one of the cool things about this repository (Hi! I’m the engineering lead for the Terminal/Console/… team. I’m biased!) is that it also contains the source for ConPTY and the rest of the Windows console host[1]. Every change made here flows back into Windows, and vice-versa.
In this repo, you can find some of our terrible secrets and workarounds and debugging hooks and perhaps even some explanation for why things work the way they do. Or don't work the way they should.
If you’re looking for a good[2] way to spend a few minutes, search for “LOAD BEARING” :)
[1]: If you build the “Host.EXE” project and copy the resulting OpenConsole.exe over %WINDIR%\System32\conhost.exe, it’ll work just fine and you’ll pick up a bunch of the console changes we’ve made in the past few years.
[2] Goodness not guaranteed, void where prohibited, etc.
EDIT: Oh, kaelinl mentioned this in a sibling comment to yours. Sorry about that! I've also reworded parts of the main comment body to flow better.
Oh man, my memory must be bad. I remember the conhost.exe and the whole PTY stuff being closed source for some reason. Either way it will make for a very nice rabbit hole for one of those week-ends :D
Thank you and every one of your team members for the excellent work you guys have been doing on this. You have brought so much joy to working and living w/ Windows.
There are multiple projects in this repo. Windows Terminal, which the other commenters focus on, is a relatively new standalone app and not (yet?) bundled with the OS. They opted to open source it from the start, more or less. The other part is conhost, which is the classical terminal that has existed in Windows for decades. Some of the layout and rendering logic was pulled out of conhost to be shared with Terminal, and the two projects are maintained by the same team, so they open-sourced both. As I understand it, they then ship conhost and its shared components in Windows releases.
Probably the same reason they've opened sourced some other components lately: community feedback and updates.
There are a bunch of bugs in Windows core that I can't even get anyone to look at (and I'm an MVP). With these little bits they've opened sourced you can actively participate in helping the team fix the bugs, and add features as needed.
I know the team on Terminal had a whole muddle of problems to do with rendering recently that probably still needs some outside input. Even Microsoft's developers can't and don't know all the best ways to carry out tasks with their own APIs - there is just too much to learn.
Why pay employees to fix bugs when some random can fix it for free? It makes perfect corporate business sense. (Not saying its a good thing, but it does make sense from a business POV)
That's definitely the cynical way of looking at it :) And sure, if they threw more bodies at the problem they would definitely catch some of them. But in my experience the community has found and fixed some weird bugs that probably would have been hard to bubble up through normal channels, or would have just been deemed too low priority under normal circumstances.
Not sure I'd really call this a component of the OS. It is a new app that works with various shells (including cmd, powershell, and WSL) to create a better experience using them including tabbed view so you can have multiple terminals from a single window.
the code has been open since the beginning of the project, IIRC... back when it was announced first, to get it to build, you needed to build it locally...
It might have vulnerabilities that a motivated attacker could discover by reading the source code. It might contain copied code that Microsoft doesn't have the right to distribute.
Not saying these are good reasons, but in a company whose main products are closed-source software, I'd expect some PM to make these objections.
> It might have vulnerabilities that a motivated attacker could discover by reading the source code.
I'm sure the flipside of that, that lots of people looking at the code will uncover the vulnerability and fix it, more than compensate for that.
> It might contain copied code that Microsoft doesn't have the right to distribute.
This is why opensourcing an existing codebase can be complicated, but, if you start something managing the licenses of included code, then it's not a huge issue.
> in a company whose main products are closed-source software, I'd expect some PM to make these objections.
I'm sure they'll never opensource Exchange, SharePoint, or SQL Server.
That's not true. MS-DOS and Amiga supported ANSI escape sequences, I remember that very clearly. Through MS-DOS, Windows and OS/2 would have had some form of support available. No clue about the ST
Since Windows Terminal application doesn't care about Concurrent DOS ever existing, and Windows Terminal Server is actually the Windows version of X Windows based on DirectX and grown out of Citrix networking protocol, they don't apply here.
Wikipedia says Windows 10.. but that was the previous terminal emulator in Windows, right? There was MS-DOS prompt and then cmd in NT (4?) and HyperTerminal..
> When did people stop calling them terminal emulators?
I don’t know when, but since their features have increasingly become divorced from any terminal (other than similar software) that they might be “emulating”, it makes sense.
It shall be noted, that it does not work on Windows Server up to and including 2019.
I would also like to add, that I am puzzled, that Microsoft has not been able to deliver a proper shell, that is comparable to …sh and delivers remote access like ssh. Yes, Powershell, but not by a long shot. And for some things you still need cmd!
Note that this is not the source code for the command shell utility (command.com, cmd.exe, etc). This is a new (-ish) project for creating a modern terminal
It works really nice with WSL, for example I have configured each OS to have its default font and wallpaper :)
winterm looks very nice but it often screws up character alignment if you resize the window. it happens so frequently that i gave it up, because at least once a day i could no longer tell what i was typing or trying to copy. i'm a happy customer with alacritty windows builds, but i wish it had tabs.
You're probably already aware of this, but just in case you're not (or someone else reads this that's curious), running tmux (src: https://github.com/tmux/tmux/wiki) inside alacritty will give you tab functionality along with the ability to horizontally/vertically split and a host of other fun features.
Worth watching Casey Muratori's series of videos on terminals, and how to implement them, where he often makes specific comparison to Windows Terminal. He has some specific criticisms that are easy to disagree with, but the vast majority are well warranted. His broader series of videos on the topic are even worthwhile from a purely "software engineering education" standpoint.
I feel a bit bad about posting comments about it relatively frequently on HN, but it's just so very very good, and snark aside, his perspective is extremely valuable.
I hope someone can take his demo and implement the idea for Windows Terminal. This would prove that such performance boost is indeed doable for a real world production level terminal.
The Terminal team is very aware of this code, and are not able to use it due to how Casey licensed it. They aren't even allowed to look at it. Casey deliberately licensed it as GPL so that Microsoft could not use it, actually. That's his choice, of course.
The Terminal team have a path forward to implement strong performance improvements based on techniques like those Casey described, and are working on those improvements now, I'm told.
Microsoft haters will continue to say all kinds of stuff no matter what Microsoft does, so Microsoft isn't doing this to appease anyone; it's just performance work that they didn't understand was as easily reached as it is, and they built the Terminal in wrong ways the first time around. Anyway, it's being fixed.
I've never worked at Microsoft but I've worked with a lot of MS employees throughout my career and I wish I could convey just how much the goals of the individual employees line up with people like us. The developers at Microsoft are people like us. Extremely and intentionally caustic feedback on Microsoft stuff does nothing but give those employees good reason to stop working on the projects they love, but which also get the most attention, like Terminal. This necessarily produces a worse outcome for the project.
I wish I could make the extremely vocal and vitriolic people understand that their vitriol is counterproductive in the extreme, and makes everything worse.
I think Casey's somewhat caustic exasperation can be a major distraction at times, especially if you are exposed to it the first time you listen to him. But I have to say, his frustration is justified. He has valid complaints about almost the entire industry and educational system, so it's not just directed at Microsoft, and certainly not just at the individual grunts working there (almost all of use are grunts). I do know some of the backstory behind Casey starting this reference project/experiment (I won't post the GitHub issue "lore" here, as it'll just create even more of a "he started it, no he did" back-and-forth), so I think there is some mutual animus with these particular grunts, but I think that's not at all interesting, and I don't think knowing the backstory changes anything.
Instead of just personalizing his critique (ignoring that Casey makes it easy to do that), think of it this way: why hasn't Microsoft leadership, running a multi-billion dollar company for decades, already devoted appropriate resources to create an essentially perfect terminal/console, something so discrete and simple and fixed in feature-set?
Also, I don't put much stock in the complaint about Casey's license choice. He made plenty of educational content delving into the design and implementation details, and one of his major points is that non-pessimisation implementations such as his have so little code in the first place.
> why hasn't Microsoft leadership, running a multi-billion dollar company for decades, already devoted appropriate resources to create an essentially perfect terminal/console, something so discrete and simple and fixed in feature-set?
competing priorities, lack of customer interest, lack of need, desire to keep backwards compatibility, additional support workload, probable belief that they had a good enough terminal, they couldn't find the right people (the project lead for the new terminal was hired into Microsoft specifically for that position, leading me to believe they didn't have anyone internally who was qualified or interested enough to take the job), and because a fully compatible terminal is not trivial to make.
they can't go back in time and make it, they can only change what they're doing now, and Terminal is getting better all the time.
complaint about behavior that is no longer happening is just masturbation, plain and simple.
yes, Casey has shown that, and I am thankful for it, and for him, because I didn't know it was as easy as it is. It turns out that a lot of people didn't know it could be so easy.
The approach Casey took is very obvious to game developers, and very foreign to other people, I would think. We're all still so poisoned by OOP and the normalization of unnecessary complexity that straight-forward solutions often don't occur to us.
Casey's misstep here is the same misstep that many of us make, and have made; the assumption that everyone should know something or understand it just as well. It is often hard for an individual to believe that something which they find obvious could be so out of reach of another person.
One might respond to that with "A Microsoft employee should know this kind of thing," and to that I would ask where they're supposed to get this "Microsoft people should know" knowledge. Where's this "Microsoft should know" academy? What is the list of things that an employee of a company like Microsoft should always know in order to be forgiven by the argumentative HN patron? There isn't a place for them to go, of course, they can only rely on their experience and their colleagues to help them do their work, the same as everyone else, and every person, team, and company has blind spots. Every last one.
I think the best part of Casey’s critique is pointing out that trends indicate that those blind spots are only getting bigger. Individual/personal corrections are absolutely possible, but they’re not going to stop this accelerating blind spot growth problem (especially if just as many individuals are turned off by the tenor of the critique as are convinced by its substance — this aspect is where most of my many qualifications about his critique come from).
Personally, even taking his caustic critique as given, he’s more criticizing MS than the MS developers. If you know Casey’s opinions on FAANG companies, you’d know that when he says what a MS employee “should” know, it does not come from a position of holding MS in high esteem. He means, “how is this multi-billion dollar company getting it so wrong” not “how are these pitiable developers letting down the honorable MS corporation”.
Lawyers concerned in-house code may become virally GPL licensed (I think, it has been a while since I had insight into MS inner workings).
Same sort of thing as many/most companies won't allow their employees to look at patents.
Without reusing any of that code, simply by osmosis? I don't know what the legal theory could be, but is that something that has ever happened in the entire history of the GPL?
no, by writing similar \ equal code somewhere that later other people looking at it could argue is a re-use of the GPL code they looked at and thus causing the whole project to became GPL.
it is just them thinking it is better being safe then sorry. if they don't even look at the code there is no way to argue that they are copying it.
Just a small correction/clarification - using GPL code inside a non-GPL project doesn't magically cause it to become GPL, it just means you would be committing copyright infringement if you distributed your project afterwards.
It's still something you want to avoid, but the outcome would potentially be a lawsuit from the copyright holder, rather than forcing you to relicense your project.
M$ is long time GPL hater. They use lot of GPL code, but stil hate it, because they cannot make profit from it. Commercial companies like BSD-style licenses, because they are free as in "free work".
they don't use any GPL code in stuff that they license in any other way. it isn't a matter of liking the license or not, it's a matter of license compatibility.
Just to clarify, I do not hate MSFT. I just don't have the ability to implement such things and just curious whether it is feasible (in reasonable time) or not. If the actual code is not available maybe someone can fork the Terminal code? Or if that does not get around the legal stuffs, maybe take the idea and go from there?
You cannot use Casey's code (GPL) in Terminal (MIT). But he has explained his model. Issue is iirc what he proposed and how Terminal works significantly differ.
Yes, I’m skeptical that WT will incorporate his design, as it is a big design change. There’s no way to just “plug it in” somewhere, without replacing the beating heart of WT. It would be great if they did that though, and I’d applaud them for it.
I think Casey did a lot of other great work on more correct and speedy non-ASCII support, and very efficient scrollback (in both memory and time cost), etc. It's been a while, but I think the atlas approach is also different. But kudos for what seems to be a good step. I'm curious to see some data on the resulting performance and memory usage (presuming the latter is mostly unchanged).
Microsoft the business creates those caustic relationships.
I’ve managed 9-figure relationships with different software companies. Microsoft plays dirty, both with their own people, who have unachievable goals that encourage douche behavior, and with the customer.
I feel for the folks on the ground. The engineers crank out amazing work. But part of working for a company that essentially taxes every global
business and government is having a thick skin.
> part of working for a company that essentially taxes every global business and government is having a thick skin.
no. people are people, and if the human race is going to survive its own actions, the actions must change. no part of any job should require that harassment be tolerated, and it's not feasible to ask for that.
No, I say there are some specific parts that I find easy to disagree with. I strongly agree with the majority of his points, and on I think all the important stuff.
Ha, yes, his impromptu "PhD research project" went quite well.
We have a habit of diluting words to the point where they are meaningless, and I think it does more to hurt important causes than support them. By labeling all forms of telemetry as "spying", we just make it so people are less likely to take actual claims of spying seriously.
That is what it once meant. "Spyware" was the term used for any process that called home regarding any information about you, your computer or your usage in the background. Calling home for anything other than "Check for updates" menu items or other actions where calling home was the explicit action the user wanted would get your name tarnished in the media and added to the signature list of software built for the sole purpose of finding and forcefully removing software like that.
Practically any Android app these days would be considered "spyware" if we were still applying the "spyware" definition of the early 2000s. And we would be better off if we had never stopped.
I don’t see why the makers of an app aren’t entitled to seeing how the app is used for the people who opt to use it. If I’m using windows terminal, I want them to know how often I use the hot keys, how often I split a terminal vertically then horizontally (alt-shift-d), etc. lest it be removed, since I know they don’t have infinite resources to dedicate to this single project to maintain every feature forever and ever.
I don’t see why the makers of an app aren’t entitled to seeing how the app is used for the people who opt to use it.
They are entitled to ABSOLUTELY NOTHING beyond, if it is commercial software, my payment.
I want them to know
What the fuck happened to just TELLING THEM!? Oh, that's right, they didn't want to listen because they'd rather take complete control of your machine, forcing you into what they want, and monetising every last aspect of "your" life, all the while hiding behind the excuse of "the data says" to do what they want.
The amount of pro-spyware comments here is, quite frankly, excruciatingly abhorrent. So many comments here smell strongly of corporate propaganda, since they also always repeat the same tired talking points --- and it makes me wonder how much shillage MS does. Or how many others think that because MS is big and "successful", they should emulate the increasingly abusive behaviour that it (and to be fair, the rest of Big Tech) engages in.
People don't say anything. They use the software, and then when features are deprecated they come screaming for you to continue supporting it. It's a waste of resources if they have to create an 'RFC' for every time they want to deprecate a feature due to development workload, when they could just have it report usage of features within the app. It's literally just how many people use specific features in the code they're writing; they're not watching what you type, they're not uploading a log of window titles like early blizzard anticheat software[0]. If you don't want them to be able to make informed decisions about the software they write you shouldn't use it, just create your own and send out a yearly/quarterly survey asking people to tell you what features they use, and see just how many people respond (hint: 30% of users is an unlikely best case scenario for external surveys[1]); hopefully that sample is good enough to drive decision on what features you stop supporting and what features to focus on.
> It's literally just how many people use specific features in the code they're writing; they're not watching what you type, they're not uploading a log of window titles like early blizzard anticheat software[0].
The problem is that, if it's not that now, it will, or at least might, be that eventually. It's a lot easier to make sure that an app isn't phoning home at all, than that it's phoning home with only approved information.
For example, it's a huge problem with browser extensions that, even if they start off well designed to respect a user's privacy and to gather information only in ways that are essential to their function, and that even if the original developer remains true to that mission, still if the extension becomes popular the developer will be prey to a lot of pressure from bad actors who want to buy the rights to the extension precisely so that they can expand the data-gathering into the realm that you implicitly acknowledge is unacceptable.
> I don’t see why the makers of an app aren’t entitled to seeing how the app is used for the people who opt to use it. If I’m using windows terminal, I want them to know how often I use the hot keys, how often I split a terminal vertically then horizontally (alt-shift-d), etc. lest it be removed, since I know they don’t have infinite resources to dedicate to this single project to maintain every feature forever and ever.
The makers of an app are entitled to no more information about me and my use of it than I allow them to have. I think that it's reasonable to argue whether my allowance of sharing should be opt-in or opt-out, but I don't think that there is much scope for argument about whether I should be able to block the sharing of information if I choose explicitly to do so.
(One could argue that, as long as everything is disclosed up front, then the makers of an app have the right to demand whatever they want, and I have the right to accept their demands or else not to use their software. This is surely true in one sense; but, in another sense, it's exactly what the notion of "contract of adhesion" is meant to describe, and in many other contexts it's recognised as not a good thing.)
To the argument that the makers of app can use telemetry information to make their app better, I would say that that is doubtless true; but I would argue that is also true that I, and not they, have the right to decide where the boundary lies between my desire for privacy and their desire to improve their app. For example, perhaps—even likely—browser makers could make their browsers better if they knew exactly what sites I visited, but, if I found my browser reporting my history information back to Mozilla, then I would not say "ah well, as long as it makes for a better browser."
I did some reading through the code to understand what was going on here. After a brief read, it appears that most of this telemetry code is only enabled when ETW (Event Tracing for Windows) is enabled.
I have not read all the code, but from a brief overview this tracing behavior and telemetry wouldn't be automatically activated anywhere except on Azure.
I fully admit I could be wrong, and I didn't explain myself adequately re: ETM. ETM has been enabled since Vista, but you can get a full list of all ETS logs very easily (via `logman query -ets`). The question is what's consuming it, and as far as I can tell the basic telemetry settings won't send anything remotely beyond some incredibly basic information.
The biggest takeaway to me here (besides the explanation of the telemetry levels) is that the processes in question are cmd, powershell, bash, etc, and not what you are running in them. Even if you have enhanced telemetry enabled it wouldn't bubble up what you're running underneath the console process as a process name.
Why not? I want the features I use to be maintained. I am dead tired of advanced features being removed from applications I use.
With web applications every single round trip to the server is logged, inherently, and there are far more than one round trip to the server than there are page loads, I assure you. So it's ok there? "oh that's just logging, not telemetry." That's what telemetry is!
Google and Facebook track you (collect telemetry on you) across the entire web whether or not you use Google or Facebook AT ALL, and they each collect more information than Microsoft ever could. Google and Facebook do far worse things than Microsoft has ever done, but because they didn't ship a browser with their OS in the 1990s, they get a pass on everything, apparently.
I don't get it. the lies we tell ourselves are worse than anything anyone else could ever do to us, but we tell them to ourselves anyway because it is acceptable to crap on Microsoft, for imaginary reasons, and it isn't acceptable to crap on the companies doing the real bad stuff.
humanity is doomed. we are literally a garbage species.
- it's more work when you're trying to stop
data exfiltration / espionnage
- privacy -- I've no idea what the telemetry
says about me today, and I certainly don't
know what they'll make it look for tomorrow
- privacy -- even if the telemetry is fine,
maybe information about my usage patterns
might be more valuable to me than it might
seem at first glance
- performance -- every app, every library, all
sending out telemetry? Please, no.
- because I get to not want this
no one cares what you do. telemetry is only viewed in aggregate. it doesn't make sense, nor is it a good use of time, to scrutinize the telemetry of a single user for any reason.
you keep on living in your town where the people don't have fingerprints or names, and the shoes leave no tracks. I'll be over here getting things done, because doing good work is far more important than avoiding being seen.
it's not more work when trying to stop exfiltration or espionage because telemetry doesn't get sent to random places. Microsoft publish the hostnames that receive telemetry. block them and you block telemetry from being sent. it still gets collected locally though.
the performance argument is solid and I will see if I can measure that before I agree with you.
from what I've read, at least among the common telemetry systems I know of (Azure Application Insights, OpenTelemetry, and Microsoft's system built into the OS), telemetry is gathered for a bit then sent in a batch, which would indicate that performance is at least a consideration.
yes. Diagnostics Data Viewer[0]. you can use that tool to see what data is collected and even delete it all from Microsoft's servers.
it's all plain JSON, too.
but people still bitch endlessly about "spying" and foam at the mouth (literally) while they yell about it, acting like they know everything about the situation.
xterm, or urxvt, or bash, or nginx, never removed any advanced features, and they managed to do it without telemetry, and did it over the past few decades. amazing, how is it possible
Just glancing through them it looks like it wouldn't produce much meaningful data, begs the question - why have it in the first place? Since everyone involved must have known the reactions to it.
In my experience it's often not the case that "everyone involved" knows these things. Quite the contrary actually. Many times I'd been the guy to tap someone on the shoulder (remotely of course) to say hey that's really not something we can do.
That is not how telemetry works. It is not spying or a privacy issue. Categorizing it as such only dilute the meaning of both terms so the real issues won't be taken serious.
If you feel like a bunch of developers getting info about how many times the world clicks on a button hurts you personally, then don't install it. Calling it a privacy issue it taking it too far.
Arh yes, the good old "everything means nothing" argument. I'm sorry to say, but words have meaning [1][2], and most of them are formally defined.
And yes, I think that an HTTP POST to Microsoft's Windows Terminal team saying "UserUsedTerminalInInterative = true" is not a privacy issue, nor is it spying.
Can you explain to me how this information hurt users of Windows Terminal? If it indeed is spying, it should be possible to demonstrate how it is used for hostile purposes or why such an innocuous piece of information must be kept a secret.
Until then, I think it is fair for the Windows Terminal team to collect such basic telemetry for their software
Company A May decide telemetry exposes too much internal information to a potential competitor.
Company B May decide that telemetry does not release anything they want kept secret.
Those are subjective opinions. If I want the data to be kept secret and somebody takes it without my explicit approval, that is a privacy violation. If I don’t care, it’s not. Same thing with spying. If I deem it a secret, it is now spying to take it from me.
It appears to send back the names of programs, so MS is learning when their users do shady activities (torrenting, youtube-dl) or use competitors' products (aws) or even the names of internal tools.
All that shows is a lack of imagination on your part.
It’s very easy to de-anonymize telemetry data, track users across IP addresses, collate with other application’s telemetry data, determine which users are in the same places at the same time, and generally extract a huge amount of data about people, who they spend time with, where they spend time, and what they do there.
Telemetry is unequivocally spyware.
It feeds a firehose of data to the internet, and both data brokers and state actors do absolutely everything they can to gobble it up.
I think some people will have a hard time with this concept, but the idea of data being “private” or “secret”, by default, is disappearing. And it won’t be coming back if the world continues to digitize.
If you want those attributes for your data, you’ll have to take measures. That means reading user agreements, verifying open source, using encryption intentionally.
Vacuuming up data is not spying. Especially if you essentially agree to it when you accept the Windows terms of service (ethical issues of this aside).
> Especially if you essentially agree to it when you accept the Windows terms of service (ethical issues of this aside)
“But the plans were on display…”
“On display? I eventually had to go down to the cellar to find them.”
“That’s the display department.”
“With a flashlight.”
“Ah, well, the lights had probably gone.”
“So had the stairs.”
“But look, you found the notice, didn’t you?”
“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”
as a software dev you know that soft anonymous telemetry of how a user use what you do is very valuable to make decision on how to make things....
I wish there was way everywhere to collect with privacy and being accepted by user as not something we want to spie people on... but as always there is (a lot ) of abuse in this area so this may never going to happen
> as a software dev you know that soft anonymous telemetry of how a user use what you do is very valuable to make decision on how to make things....
No, actually, on account of being a software dev, I know that telemetry is actively counterproductive when making decisions on how to make things. It makes your decisions more wrong, not less.
I assume it's yet another case of the fallacy of revealed preferences.
If you look at what people actually do, any insight into what they want is confounded by environmental effects (eg, they'd prefer to use feature A, but feature A is missing or inconvenient to access, so they end up mostly using feature B), selection bias (feature A is most useful to precisely the people who know how to turn off or deliberately break telemetry), and other issues (A/B testing confirms that people have a revealed preference for clicking on animated icons (because they're trying to make the fucking thing stop squirming in their peripheral vision while they're trying to concentrate on something else)).
(Talking with users is definitely possible (usually easy) to screw up, but I have yet to encounter any evidence that it's possible to not screw up telemetry-based design decisions by any means other than ignoring the telemetry.)
So many folks in this subthread don't seem to realize that computer security is a thing to be desired and a fundamental right. Or, it was on Windows and Mac until the last decade or so.
There are real costs to not being able to trust your own local computer and personal information. History is rife with examples, from IBM and internment during WWII to the malware and NSA of modern times. Data is no longer deleted.
While I am not a huge fan of the way Windows is going in general for the most part you can turn off most of the tracking that is currently enabled. Unfortunately I do not have direct experience with the telemetry tracking for windows terminal.
tell microsoft when you’re using features. presumably because they have a culture of metrics and every feature is required to have data on its usage patterns
There are some pretty detailed comments on many of them if you click through to their call sites, and more can be inferred from the file names of the callers.
In `windowproc.cpp` we can see it log every time you resize a console window, close a console window, bring up the context (right-click) menu, drag-and-drop on to a console window:
This even extends outside the "Terminal" application wrapper itself, with a generic "LogApiCall" used to track e.g. any time any other process spawns a console window:
Thanks for doing this. Looking over some of the actual call sites and there commentary was interesting.
For all the folks who say it's all totally innocuous (or even beneficial). Even if it is, I can tell you, I have no interest in my computer doing this while I'm using it.
I've always wondered what the performance impact is. Windows 10 feels so slow compared to Windows 7 and earlier that I'm constantly wondering how much of my life is being allocated to telemetry.
The impact is absolutely noticeable, just difficult to attribute.
Every time I rebuild my laptop it has these “mysterious” slowdown periods that force me to dig through the metrics to see what is the culprit.
About 80% of the time it’s telemetry.
The worst one is actually the Intel driver installer which has telemetry that is so far beyond obnoxious that it’s an embarrassment to every so-called “engineer” involved.
Not sure but it's a reasonable question. I'm willing to give MS the benefit of the doubt and guess that they have generally implemented it in as light a way as possible, but that said sometimes it probably causes dire performance problems to outright breakage. For me it's largely academic at this point, but it's another reason to be happy I moved my main workstation off Windows.
It does not transmit what you copy, search for or when you clicked/resized/closed the window. It simply stores a true/false value saying "feature X was used". In some cases, like with find/replace, it also stores the average length of things you searched for. That is a common way for developers to get an idea if performance characteristics due to the longest common substring problem[1]
You are trying to spread misinformation here to make Microsoft look like a bad guy. There is nothing sinister going on here, it is just ordinary metric collection.
But don't take my word for it. Take for example the "we can see it log every time you resize a console window" statement. In the link it calls SetWindowSizeChanged()[2] which again calls SetUserInteractive()[3] and it just sets a boolean to true.
So there is no "log every time it resize a console window". It simply sets a variable to true, which presumably the Windows Terminal dev team use to see how many users use the console with interactive sessions.
Every group implements their own telemetry. Every group goes through the same “learning process” of making it asynchronous and correctly dealing with proxies, firewalls, etc…
Inevitably mistakes are made that either slow down computers or outright freeze apps that can’t connect to some telemetry endpoint.
Security teams around the world feel like they’re holding back the tide with a broom because EVERY piece of software is contributing to a veritable firehouse of information sprayed all over the Internet from every endpoint on the network.
You are running an operating system made by Microsoft, they could monitor how often you click your mouse just like every website on the planet at this point but dont. Boolean telemetry on feature use is somehow the end of the world? Get out.
Look at it this way: PowerShell sends telemetry. The Terminal in which it runs sends Telemetry. The "dotnet core" framework PowerShell uses in turn also sends telemetry. The PowerShell modules you load (from Microsoft!) send telemetry.
In effect, ONE application has at least four independent sets of telemetry.
This is the console, the kind that you would use on servers. High-security servers in DMZs. Servers hosting police records, health records, or even military secrets.
FUD my arse. It's a torrent of information that seeks every crack it can find to "get out", purposefully designed to circumvent mitigations by security teams.
Two examples: Microsoft regularly changes which environment variables disable telemetry. Just about every major release means that I have to check if it is now "DOTNET_TELEMETRY=Off" or "NET_TELEMETRY_CORE=0" or whatever. This isn't an accident. Nobody's "finger slipped". The old telemetry started to tail off and someone "fixed it" in Microsoft to get 100% coverage, against the will of their privacy concious customers.
Similarly, some Windows telemetry uses "microsft.com" instead of "microsoft.com" to bypess firewall rules blocking the latter.
You can't tell me that this is "nothing to worry about" when it feels an awful lot like the enemy is inside the gates and is actively hostile to any measures taken to stop them progressing further into the network.
Telemetry is essential thing to understand how service is used. It leads to better service for all users.
In the case you mention, it should be IMO up to you to prevent this, probably via firewall.
Having standard telemetry environment variable might be for the best. There is a risk in this case to disable telemetry systematically though, even if you want to just block it in one app, which is also not something I as vendor of many tools would want.
This is probably not easy to fix for everybody to be happy. And its probably not that important for security - there are FAR easier way to deduce something about someone then to 1) hack microsoft telemetry servers or transit 2) look into the patterns of use of specific programs. Besides, telemetry data is anonymous. So I guess even in the case you get the data, what could you do with it ? I can send you billion of telemetry data of government services I make, you can only deduce that people start working at 7AM and get lots of passwords wrong before first coffee.
Why is any of this an issue if they are collecting actual metrics on their own software?
I have plenty of environments that run whitelist only, you can always go that route and not think about any vendor, any software not getting out.
And stuff like this is just inflammatory:
>Similarly, some Windows telemetry uses "microsft.com" instead of "microsoft.com" to bypess firewall rules blocking the latter.
Do you think we'd just block *.microsoft.com over their telemetry ___domain, microsft.com? Half the planet is in O365.
And on the flip side you know we'd all block telemetry.microsoft.com just because, it wouldn't matter what they collect and not think twice, then turn around sell it to people as "we are adding security".
Then don't use their app. They're entitled to do what they want with that under the law. If you don't like their choices then don't use it. I for one am appreciative they can get information that helps them plan the future of the program, but I also understand why some people don't like it. Those people shouldn't use it.
I’m frankly shocked for the level of triviality of this code: and endless series of if/else while I’ve been stressing about reactive, typeclasses and whatnot for the past 5 years. And I frankly prefer the latter
Oh the irony. The people who write this code and the people who spread modern coding best practices are two separate sets of people. They sometimes overlap but rarely.
