(no title)

That's a good summary and explains many ills in the software engineering industry.

It got one of their customers booted off of their ISP; they did cover that person's overage costs though (and hopefully that person could get their account back).

Because developers can suck.

I work with developers in SCA/SBOM and there are countless devs that seem to work by #include 'everything'. You see crap where they include a misspelled package name and then they fix it by including the right package but not removing the wrong one!.

>> their software also downloaded a 250MB update file every five minutes

> How on earth is a screen recording app 250 megabytes

How on earth is a screen recording app on a OS where the API to record the screen is built directly into the OS 250 megabytes?

It is extremely irresponsible to assume that your customers have infinite cheap bandwidth. In a previous life I worked with customers with remote sites (think mines or oil rigs in the middle of nowhere) where something like this would have cost them thousands of dollars per hour per computer per site.

Or.. Why on earth you need to check for updates 288x per day. It sounds and seems more like 'usage monitoring' rather than being sure that all users have the most recent bug fixes installed. What's wrong with checking for updates upon start once (and cache per day). What critical bugs or fixes could have been issued that warrant 288 update checks.

Unpacked, it's actually 517M on disk:

   517M  ─┬ Screen Studio.app                     100%
   517M   └─┬ Contents                            100%
   284M     ├─┬ Resources                          55%
   150M     │ ├── app.asar                         29%
   133M     │ └─┬ app.asar.unpacked                26%
   117M     │   ├─┬ bin                            23%
    39M     │   │ ├── ffmpeg-darwin-arm64           8%
    26M     │   │ ├── deep-filter-arm64             5%
    11M     │   │ ├─┬ prod                          2%
  10.0M     │   │ │ └── polyrecorder-prod           2%
    11M     │   │ ├─┬ beta                          2%
  10.0M     │   │ │ └── polyrecorder-beta           2%
  10.0M     │   │ ├── hide-icons                    2%
   9.9M     │   │ ├─┬ discovery                     2%
   8.9M     │   │ │ └── polyrecorder                2%
   5.6M     │   │ └── macos-wallpaper               1%
    16M     │   └─┬ node_modules                    3%
    10M     │     ├─┬ hide-desktop-icons            2%
  10.0M     │     │ └─┬ scripts                     2%
  10.0M     │     │   └── HideIcons                 2%
   5.7M     │     └─┬ wallpaper                     1%
   5.7M     │       └─┬ source                      1%
   5.6M     │         └── macos-wallpaper           1%
   232M     └─┬ Frameworks                         45%
   231M       └─┬ Electron Framework.framework     45%
   231M         └─┬ Versions                       45%
   231M           └─┬ A                            45%
   147M             ├── Electron Framework         29%
    57M             ├─┬ Resources                  11%
  10.0M             │ ├── icudtl.dat                2%
   5.5M             │ └── resources.pak             1%
    24M             └─┬ Libraries                   5%
    15M               ├── libvk_swiftshader.dylib   3%
   6.8M               └── libGLESv2.dylib           1%

As I recall, it’s an Electron app. I just checked and the current version of Google Chrome is 635 MB, with its DMG being 224 MB.

So yes, it’s insane, but easy to see where the size comes from.

The app itself is probably much bigger than 250mb. If it is using Electron and React/other JS library like a million other UIs just the dependencies will be almost that big.

For context, the latest iOS update is ~3.2GB, and the changelog highlights are basically 8 new emojis, some security updates, some bug fixes. It makes me want to cry.

Just my hypothesis: some softwares includes video tutorial accessible offline. A short but not-compressed-high-res video can easily go big.

It was probably written by the type of programmers who criticise programmers like me for using "unsafe" languages.

I don’t use their software but if someone has they should be able to decompile it.

I would bet money it's electron

Even doable on very long range ADSL, guess there are still some dialup users.

Germany?

> MS confirmed the bug but did nothing to fix it.

They are building features right now. There are a lot of bugs which Microsoft will never fix, or it fixes them after years. (Double click registered on mouse single clicks, clicking "x" to close the window, closes also the window underneat, GUI elements rendered as black due to monitor not recognized etc).

how? Do you investigate each blocked packet as separate alert?

murus+snail?

People complaining about 5 minute update checks hopefully don't use Windows 10/11.

A while ago I did some rough calculations with numbers Microsoft used to brag about their telemetry, and it came out to around 10+ datapoints collected per minute. But probably sent in a lower frequency.

I also remember them bragging about how many million seconds Windows 10 users used Edge and how many pictures they viewed in the Photo app. I regret not having saved that article back then as it seems they realized how bad that looks and deleted it.

> but one network request every five minutes doesn't sound that bad to me

Even if it is made to CIA/GRU/chinese state security ? /s

Seems like the proper fix would have been to remove the file from the server when they realized the increased traffic. Then clients would just fail to check the update each time and not tie up bandwidth.

Wish people would actually do things like this more often.

Plenty of things (like playstation's telemetry endpoint, for one of many examples) just continually phones home if it can't connect.

The few hours a month of playstation uptime shows 20K dns lookups for the telemetry domain alone.

Why not just use http retry-after? then you can use middleware/proxy to control this behavior. Downside here is that system operation becomes more opauqe and fragmented across systems.

There is a standard HTTP header for this: Retry-After.

Could you expend on what is an "override backoff" ?

So your conclusion is all software that polls is badly designed?

Keeping a TCP socket open is not free and not really desirable.

> To re-cap: Screen recording software. Checks for updates every five (5) minutes. That's 12 times an hour.

The tone might be somewhat charged, but this seems like a fair criticism. I can’t imagine many pieces of software that would need to check for updates quite that often. Once a day seems more than enough, outside of the possibility of some critical, all consuming RCE. Or maybe once an hour, if you want to be on the safe side.

I think a lot of people are upset with software that they run on their machines doing things that aren’t sensible.

For example, if I wrote a program that allows you to pick files to process (maybe some front end for ffmpeg or something like that) and decided to keep an index of your entire file system and rebuild it frequently just to add faster search functionality, many people would find that to be wasteful both in regards to CPU, RAM and I/O, alongside privacy/security, although others might not care or even know why their system is suddenly slow.

Noone is commenting on the actual bug. The fact that it auto downloads 250mb updates is user-hostile. On top of that, checking every 5 minutes? What if I'm on a mobile connection?

Why not just follow every Mac app under the sun and prompt if there's an update when the app is launched and download only if the user accepts?

I think the critique here is not directed to 1 individual, the guy who actually wrotw the code. That would be ok, can happen. Here we are talking about the most valued company in the world, which hopefully has many architects, designers and literally an army of testers… and then make such a brutal error.