[BoppreH]

How could Windows handle it by itself?

If it provides a framework for installers/uninstallers, it'll be fighting the inertia of decades of legacy software, programmer habits, and old tutorials.

If it tracks file ownership by program, it might accidentally delete user files. How would it differentiate between a VSCode extension that should be uninstalled, and a binary compiled with VSCode for a user project? A false positive could be catastrophic.

If it restricts what programs can do to accurately track file ownership, you end up with Android. Which is fantastic for security, but is a royal pain in the ass for all parties:

- The app developers have to jump through hoops for the simplest actions, and rewrite most of their code in the new style.

- The operating system has to implement a ton of scaffolding, like permissions-restricted file pickers and ways to hand off "intents" between applications.

- The user is faced with confusing dialogs, and software with seemingly arbitrary limitations.

In the age of shared runtimes, auto-updaters, extension marketplaces, and JIT compilers, managing installed applications is harder than ever.

Edit: the answer above applies only to Windows, because of its baggage. Linux'es are in a much better position, for example, though their solution is still not perfect.

[Tuna-Fish]

The same way any linux distro does?

Define a separate directory for program installations, that user processes cannot write to. Only program that can do so is the package manager, which other programs can call to install packages. Uninstall removes everything related to a program from this directory.

> In the age of shared runtimes, auto-updaters, extension marketplaces, and JIT compilers, managing installed applications is harder than ever.

The only reason these make things hard is that windows lacks any facility to deal with them. Solutions going forward: Outright ban having your own auto-updater, to auto-update you register your program and where to update it from with the package manager. Shared runtimes are trivial for package managers to handle, it's just a package that many other ones depend on. Extensions can be handled as packages.

[jraph]

I agree with you, now for completeness I should mention that Linux package formats usually allow packagers to provide arbitrary pre- and post- install shell scripts ran as root.

(which means that if you don't trust a provider, not only it's not safe to run the program, but it's also unsafe to install it)

[ateng]

>if you don't trust a provider, not only it's not safe to run the program, but it's also unsafe to install it

Isn't it same for windows right now? `.msi` and `.exe` can execute arbitrary code right?

[bee_rider]

The only difference is that you usually trust the repo in Linux, but that’s a pretty significant “only thing,” in the sense that the repo is already the source of your whole system, so it better be trustworthy!

[simiones]

The "elegant" way of distributing 3rd party software for Linux is to ask the user to add your APT/RPM/[...] repo to their system. And most Linux distro maintainers anyway don't vouch for software in the main repos, beyond basic install-ability. The Debian project for example definitely doesn't do in-depth security analysis of every package in the repos: they just check the license, re-package it, and keep an eye on security updates in upstream.

[jraph]

Yes, absolutely.

[pxc]

Right. You should generally never install a proprietary software package provided by the vendor in RPM, DEB, or similar. What keeps the use of those hooks safe is purely social convention and review internal to the Linux distribution, and vendors routinely use those hooks to do unacceptable things.

If you must install proprietary software on your Linux system, either package it yourself or use something like Flatpak or Snap (or even AppImage).

Hopefully in the future vendors will increasingly move to providing well-sandboxed Flatpak packages by default.

[mjan22640]

The packages are cryptographically signed, you have the option to abort the install of an untrusted package before it does something malicious.

[jraph]

> packages are cryptographically signed

packages are cryptographically signed by the packager, by the way on Debian you add the key when you install a new repository. The signature tells you "This package has been built by X and has not been tempered in the meantime", not "X and this package are not malicious, I promise".

> you have the option to abort the install of an untrusted package before it does something malicious

How do you do this in practice?

If I run apt install p or or dpkg -i p.deb, the thing is installed. APT asks you for confirmation if it has to install additional dependencies but that's it.

I don't have no guaranty such like for any package, I can install it without worrying something bad won't happen during its installation.

Of course you should not install untrusted packages, but still. The same could not be said if the package format didn't have anything to specify arbitrary install scripts.

[tssva]

> The same way any linux distro does?

I'm going to assume you are talking about rpm and deb packages since they are still currently the dominant installation packages on Linux.

> Define a separate directory for program installations, that user processes cannot write to. Only program that can do so is the package manager, which other programs can call to install packages.

Windows does this. Programs are installed in directories under "C:\Program Files" which is only writable with elevated system rights.

> Uninstall removes everything related to a program from this directory.

rpm and debs don't install all the files needed for a program in a single directory. They are scattershot all over the file system and in many of these directories comingled with files from other programs. Windows comes closer than Linux in this regard since it does create the directory under "C:\Progtam Files" which while unfortunately doesn't always contain all the required files usually contains the vast majority.

[mastax]

This is exactly how AppX/MSIX packages work, with C:\Program Files\WindowsApps (by default) being pretty substantially locked down. They even use filesystem/registry virtualization by default to isolate packages even further from each other. They also have solutions for framework packages and extensions though I haven't tried those out and suspect they have annoying practical limitations around edge cases.

Of course, a decade later almost nobody uses those because they botched the rollout by limiting AppX to the Microsoft Store and an entirely new poorly documented and very restrictive set of windows APIs and app frameworks. They've made huge progress on all of those problems with MSIX to the point that it's a reasonably good and easy to use choice for most apps with some neat benefits like updates only downloading the changes between versions. Of course if your app pushes the boundaries of the sandbox or capabilities or runs into a bug it becomes a huge pain.

[ripley12]

I don't think MSIX is a good choice for most apps. With a decent-sized user base, you will have a lot of people who run into undiagnosable errors with MSIX or can't use it because they're in locked-down enterprise environments.

I think Affinity Photo's experience with MSIX is instructive; hundreds of negative results on their forum, eventually they had to back down and provide a non-MSIX installer (and at that point do ya really want to maintain 2 separate Windows installers?)

https://forum.affinity.serif.com/index.php?/topic/170529-ext... https://forum.affinity.serif.com/index.php?/search/&q=msix&t...

[BoppreH]

That was the first option, "provides a framework for installers/uninstallers".

But what would you do with the millions of existing programs, most unmaintained? And what about programs with strong opinions on update schedules, or built-in extension marketplaces?

It's easy to solve this problem if your first step is "replace every program".

[winthrowe]

If you care about this enough to abandon old software, they built that and called it Windows S and few wanted it.

[riskable]

Windows without backwards compatibility is a dead end because the only reason why Windows exists is backwards compatibility and the existing user base. As an OS it is decades behind all its competitors, with a 30yo filesystem, file locking ridiculousness (which is why uninstallers and updates end up being so complex and require reboots), an antiquated central registry for settings that ends up slowing the system down over time, and a security framework so broken that you need anti-malware software running and inspecting every little thing happening on your system or you're easily compromised (everything is executable by default).

The security situation is so bad at this point that you can't trust any Windows benchmarks anymore. The benchmark suite will run on a "bare" Windows system; probably with updates and Windows Defender disabled and many other system services stopped to maximize performance and prevent background services from slowing everything down. The reality though is that on a regular user desktop all these things and a whole lot more will be enabled, resulting in vastly degraded performance compared to the benchmarks. The end user experience sucks.

Now they're forcing ads down your throat and pestering you at every turn to use more Microsoft software (e.g. trying to get you to use Edge). They've also recently included UI changes in "essential" system updates that can't easily be reverted or undone, breaking people's workflows. It's anti-user insanity and it's all because Microsoft can't actually go back to the drawing board with Windows anymore because the alternatives are just too good.

After using a Linux desktop full-time for a while, going back to Windows feels like going from having modern plumbing to pooping in the woods.

[jraph]

You could provide the framework that well-behaved, maintained programs will use while still allowing the old installers to run.

By the way that's what we have on Linux, some programs come as a shell script that you run to install them. Most Java IDEs for instance.

(which can't be arsed to provide proper packages -- darn, what did I just write? :-))

[gruez]

>The same way any linux distro does? >Define a separate directory for program installations, that user processes cannot write to.

What about /usr/local/bin? Isn't that specifically for putting non package manager binaries into?

[webstrand]

That's more for binaries and scripts manually installed by the administrator because they weren't available in the package manager or are custom.

[the_third_wave]

> How could Windows handle it by itself?

In the same way 'Linux' (in the widest sense of the term, i.e. Linux distributions like Debian) handles this. User data is not touched by the (un)installer, configuration files are checked for changes from the package default and left alone unless explicitly purged. Files which do not belong to any package are left alone as well so that binary compiled with VSCode for a user project will not be touched:

   warning: while removing directory /splurge/blargle/buzz not empty so not removed

This has worked fine for decades and is one of the areas where those Linux distributions were and are ahead of the competition. It works fine because the package manager has clearly delineated responsibilities and does (or rather should) not go outside of those. Do not expect the package manager to clean up your home directory for you, that is not part of its duty.

> In the age of shared runtimes, auto-updaters, extension marketplaces, and JIT compilers, managing installed applications is harder than ever.

Most auto-updaters should be disabled on systems with functioning package management - Thanks Firefox but I'll update my browser through either the package manager as I prefer my executables to be read-only for users.

Some packages - the whole Javascript rats' nest being a good example - move too fast to be usefully packaged by volunteer maintainers so those are relegated to a different area which is not touched by the package manager. Other packages - anything Python fits here - are such a tangled mess of mutually incompatible versioned spaghetti that they are hard to fit inside the idiom of package managers so they get their own treatment - python -m venv ... etc. These are the exceptions to the rule that package management can be made to work well. By keeping those exceptions in areas where the package manager does not go - e.g. your home directory - the two can and do coexist without problems.

[gwbas1c]

It's called MSI, and it's been in Windows for 20 years.

The issue is that MSI is very buggy when handling explorer extensions. If you're not careful, when you uninstall it'll prompt you to close explorer.

(I know because I shipped a product that installed via MSI and had an explorer plugin. The installer issues were more complicated than the plugin.)

In this case, the issue is that when explorer loads a plugin, it keeps an open file handle to the dll. This gives the installer two options: Restart explorer.exe, or somehow finish uninstalling when explorer.exe terminates.

The product that I shipped just restarted explorer.exe.

[bayindirh]

Oh. I thought MSI and WinGet (sorry, AppGet in fact) designed to solve these problems.

[mjan22640]

A VSCode extension would be installed and managed by the OS package manager. User created content would be not.

[jraph]

You, you want Microsoft to lose its total control over the VSCode extension "marketplace", don't you?

[simiones]

Really? Do you install Firefox extensions from apt-get?

[pxc]

It's not unusual to do this in the Nix world.

There are a ton of VSCode extensions in Nixpkgs: https://search.nixos.org/packages?channel=23.05&from=0&size=...

You can use them in combination with the vscode-with-extensions function to create a VSCode package that bundles in whatever extensions you declare: https://nixos.wiki/wiki/Visual_Studio_Code

[Kye]

I haven't used Linux in a while, but I do remember seeing browser extensions in the package manager.

[kiwijamo]

Yes, there are a few that can be installed from the Debian packages.