The latest Windows 10 Insider Preview build doesn’t add much in the way of features – it’s mostly just bug fixes – but one small new feature has been spotted, and it could be contentious. Vitor Mikaelson noticed that the latest build lets you restrict the installation of applications built using the Win32 API.
The Settings app has three positions: allow apps from anywhere (the default), allow apps from anywhere but prefer apps from the Store, and only allow apps from the Store. Put in its most restrictive third position, this setting will block the installation of traditional Win32 applications; only those shipped through the Store using the Project Centennial technology will work. Interestingly, the switch only appears to govern installation. Changing the setting to “Store apps only” will allow existing Win32 applications to work, only preventing new ones from being installed.
You can feel both Apple and Microsoft struggling with the balance between store-only and free-for-all.
Store-only is just impossible on Windows. What about portable software? What about having multiple instances of software stored alongside compatible-sensitive data (think copies of DOSbox & emulators). What about web-servers? (e.g. Google’s local document server for Golang). What about any kind of development software that relies on consisting of multiple binaries chained together in Unix style? What about batch files and just plain automating your shit?
Microsoft and Apple have become blinded by “The Vision”. An ivory-tower of software purity so blinding that they’re willing to throw every existing customer under the bus just to line-up and worship the modernity; see: Windows 8.0.
Kroc,
It will probably all still be available, you’ll just have to buy the professional edition, unlock codes, or something like that. It doesn’t matter if *we* don’t like it, if the masses go along with it we won’t really have much of a choice.
Of course, to the extent that someone is the financial decider, he/she can choose to walk away from windows entirely. However I have the impression that most users who are willing and able to walk away to alternatives would have done so already. Corporations are learning that their customers are very tolerant to slow incremental reduction of freedom. If users were willing to endure all the other BS so far, what’s a little more to them?
It is presumed that the HOME edition of Windows 10 will have the toggle locked on “From Windows Stores Only”. This covers essentially the generic consumers market.
The toggle would not be much of use in an enterprise environment since installation of applications is controlled by the IT Department. This could somewhat be by-passed via Portable Applications hosted on USB Drives – unless code execution outside of the mounted boot device was blocked.
Without the ability to sell their applications directly to consumers, the independent developers would have to join the herd and let Microsoft takes a share of their revenues, limits claims to Windows 10 compatibility to specific configurations, or simply give up!
More than likely, the Cloud version will have it locked on (Since, its competing with Chrome Books), with an optional upgrade to unlock it for a onetime fee.
You may be quite right in this.
It appears that the bottom level of Windows 10 will only be able to access Win32 Apps from the MS Store. An end-user in a managed environment would not be able to unlock installation of Win32 Apps. A consumer might be able to do so for a fee. This could be an effort to re-capture market share from Chrome OS in the K-12 education sector.
Chrome OS has only two modes: “User” (default) and “Developer”; not the multitude we have been accustomed with Windows. It would not be surprising that Chrome OS devices in an managed environment (e.g. school) cannot be switched into developer mode by the end-user. This makes senses given the context.
Forcing access and installation of Win32 apps to the MS Store is likely one strategy being pursued to accelerate severing the underlying Windows`s legacy of free-for-all coding practices (and exploits).
Considering it will likely be a registry setting…it’ll probably be easy to unlock yourself once someone figures out all the various places it gets stored in the registry
Indirectly related to this is that the Lenovo T470, T570, and X270 models (with 7th generation CPUs / for 2017) are being announced. From the specifications, the option of downgrade rights to Windows 7 Professional is no longer offered for the North American market.
You’re clearly not the target audience. Yes, the Store is woeful, but compared to a Chromebook (or at least until Android-on-Chromebook hits) not so terrible.
I’ve been recently deploying HP Stream 11s, which only have a miserly 32Gb internal drive, with all Win32 apps removed (except for drivers) so that feature updates reliably work. They run:
* Word/Excel/PowerPoint/OneNote mobile
* Adobe Reader Touch
* Edge with Adblock Plus (since Anniversary Update)
* OneDrive modern (which has on-demand file retrieval rather than the default all-in sync of the Win32 client – 100% necessary on a 32Gb hard drive)
* Adobe Photoshop Express
* VLC modern
* Remote desktop modern
It’s a perfectly capable, actually more capable than a Chromebook by a longshot (and cheaper, $280 for the HP vs $350ish for a Chromebook down under). And on the ultra low end hardware, the Modern/UWP apps are a damn site faster than their Win32 counterparts.
Would I use it as a daily driver? Hell no. But as a light use machine or a kids’ homework PC, it’s pretty decent for the price. (And if we are talking kids’ PC, having a Store-only security option would be a pretty good idea!)
s/impossible/unworkable.
It’s not about target audience; it’s about support. How are you going to support machines that may eventually not allow you to run anything but store software when the app-x registry or something else is completely borked? Give me a single binary any day over that clusterfudge.
It was microsoft’s vision for metro from the start to become the gatekeepers for all 3rd party software, but the unpopularity of windows 8 was a serious setback. If this news pans out to be true, it looks like they are still eyeing a future role as the excursive gatekeepers of PC software and might begin charging users for their freedom.
Edited 2017-02-28 02:28 UTC
I don’t have to fix my friends’ and family’s Android and iOS devices. I do have to fix their Windows machines.
This tells us everything we need to know – gate kept stores make sense for consumers.
What I’d like to see is some opening up of those, to enable additional gate keepers. Having software in the MS only store (or Google, Apple, Samsung, etc.), signed by developers would solve additional problems, like buggy root-kit based DRM systems (looking at you PC games). But we need more store fronts – imagine if Steam could be built as a store front on top of the catalog of Windows Store or Apple App Store apps, with no need for additional DRM and other nonsense.
On the other hand, I doubt MS or Apple could ever pull this off, because they are MS and Apple. Maybe Google could, but actually, Valve has already done that with Steam and the way the Humble Bundle store works.
We’ll probably never see this (unless Steam reaches for a more general use, less game focused platform, and allows store fronts on its platform), because the players involved don’t have the necessary vision. But it’s the way I’d like to see it go. A nice balance between the over burdened market based approach to everything, and single vendor authoritarianism.
I agree, as long as it stays optional, for those of us who want to remove the training wheels.
Even though people seems to be okay with it, the truth is that STEAM is pretty much “subscription based DRM” or, in other words, not the best example of why we should embrace walled gardens.
RT.
I disagree that I was contradictory! At a high level I’m arguing that some authority is better than no authority (and too much authority is maybe worse than not enough). Markets are all nice and everything, but they can be over burdened, and sometimes people need some help to stay safe (this probably tells you where I stand on regulation vs no regulation).
Everyone can’t be an expert at everything in our modern complex societies, or with our modern complex software markets. It’s an understandable desire that we should be able to and know everything about all the jobs of the village or the tribal group, but that can’t happen any more, and not for 1000s of years. There needs to be an authority – but better if that authority is democratic or shared power, rather than a one true king style autocracy.
My point with Valve and Steam is they have demonstrated more willingness to share, but you are right! It’s not a solid system, as much as it’s based on the will of a benevolent dictator. Still, the conversation has to start somewhere.
There’s a lot more that’s different between iOS/Android and Windows, and that has a lot more to do with system stability than whether or not there’s a store.
It’s absolutely possible to install apps on at least Android from outside the store, and in most cases, this will make the system no less stable than if the app came through the store. Both iOS and Android heavily restrict what can be done by an application, sandboxing is absolutely inherent in their application model, apps can’t do anything the user doesn’t’ let them do, and beyond that can’t touch quite a few parts of the system at all. Windows by contrast has no such management, and thus apps do pretty much whatever the hell they want to the system. Windows provides no restrictions on what an application can do except for the black & white ‘are you running as an administrator, a regular user, or a machine account?’ check. That type of security model died off in every other major OS at least half a decade ago, because it leads to all kinds of issues. That willy-nilly ‘do whatever the hell you want’ attitude is a large part of the problem on Windows. It’s getting better (the privacy options cover most hardware access on 10), but it’s still not as good as it could be (permissions for applications should be opt-in, not opt-out, and it should be possible to restrict access to persistent storage, and (more importantly) access to the registry). If they would provide proper isolation, containment, and permissions control for applications like iOS and Android do, then that would eliminate most of the problems almost immediately, as well as making it exponentially harder to write malware for Windows that doesn’t require social engineering to work.
Now, as for the ‘additional storefronts’ thing, check closer on Android, there are alternative options (F-Droid immediately comes to mind, but it needs to be side-loaded, and only covers FOSS applications), they’re just not immediately available. The problem isn’t one of trust, or even DRM, but that the companies involved profit off of the storefronts just as much as they profit from the application sales, and that getting listed in more stores means paying more money.
There’s also Amazon Underground.
You make a lot of good points – where does the protection belong, at system level protection, or the app store gatekeepers? I would probably argue for both – but maybe also expand the argument to include the role of government (but I’d probably have to then challenge the current structure of government, which would make the conversation laborious).
On Android (which is generally more open than iOS from an API perspective) there are even some problematic apps in the play store (it’s super easy to get an app in the play store compared with iOS’s App Store). The APIs already allow a few different abusive tactics – naggware of the “pay to make the anti-virus virus go away” are completely possible on Android.
I believe that the ultimate goal is to force the use of “Universal apps” (isn that the new name for medern apps ?) from the store to ease transitions between cpu architectures.
Platforms will become irrelevant. For end users.
I feel that the wrath of Gabe is about to surface.
If it is locked in Home how would Steam install software (i.e Games)?
This is what I was thinking. Especially that this is why SteamOS was created and Steam Machines are a thing.
Though this means all those Windows only games on Steam would be unplayable as well.. so maybe time for EA, Activision, Zenimax, etc to hop onto the Linux wagon as well?
I don’t know how anyone could possibly WANT this ‘feature’.
“What, I can pay for Windows, have Microsoft make money off of all of the software, AND I lose the ability to install any of my older software? Sign me up!”
For what it’s worth, I’ve been playing “Ori and the Blind Forest” successfully on OSX using vanilla wine. 🙂
The only problem is, I can’t figure out how to enable XBox/Steam Controller button prompts in the game…
Edited 2017-02-28 17:41 UTC
We shall have to wait and see if they throw their toys out of their pram and over a cliff and make their desktop a total walled garden.
Even Apple have taken it only so far with MacOS. I expect they know that they will suffer greatly if the stop all sideloading and make it App store only.
As I see it, their (apple) position is a happy medium. I guess they will be watching what happens with W10 with interest.
Making any version of a Desktop System a total walled garden is a bad move. I’ll let MS shoot themselves in the foot yet again.
This is a wonderful option for those who give out laptops to staff.
It means you can pre-install all the apps they need then lock it down to only allow “safe” store apps from then on.
The end user then has the freedom to expand the functionality of their system and the admins dont need to worry about going to dodgy sites and potentially using unlicensed versions of software. (eg downloading the “free but not for commercial use” apps)
Edited 2017-02-28 12:53 UTC
Not entirely. Assuming I understand how this feature works correctly, you’d also have to lock out execution of code from removable media.
I believe there is group policy for this, I think there’s even some group policy that can lock out any executable that doesn’t match a signature so even updates of an existing application are blocked from running.
I have managed to mimic the setup I suggested on my insider build box.
Effectively the feature seems to only affect application run/install after the setting has changed. Anything pre-existing is fine. eg office
Also tried and cant run an exe from a pen drive either. Once its set, its store or nothing.
You missed a test. Should have installed like a intentionally old firefox and chrome then flicked the switch then saw if those programs could in fact upgrade.
Its not that pre-existing still works it if the result is no choice but to move to store when you need a new version and if the application is not in store kinda stuffed.
What was the result?
Microsoft, in their infinite wisdom of trying to “protect” the poor user, seem to have forgotten that their Windows Store has fewer useful apps in it than even Apple’s Mac App Store. I suppose they think that if they force the Store, they’ll force more applications into it or some other such idiocy.
Like windows 8, this is another case of they want that 30% cut like Apple and Google get from their app store and will do anything to get it. Hopefully some bigger players donate enough money to ReactOS soon to get it to a usable state out of spite of these changes.
Wine seems further along – why bother with ReactOS?
Wine’s implementation doesn’t deviate between which version of Windows it’s reporting, So the more popular applications like MS Office take priority when breaking less popular apps, hence a lot of game compatibility ratings are “garbage”. The further along ReactOS is, the more stuff Wine is able to study and borrow as well.
However the Linux desktop will simply never be common. Once ReactOS is good enough, there just won’t be any reason for people to learn command lines and software managers that solve problems that don’t exist on Windows and Mac. Then most of the Linux distros will fade into irrelevance as they stop being maintained. Sure some Linux fan will say “Linux is superior because X,” but the marketshare and that unwillingness to change things while telling everyone our way is superior is why it isn’t going anywhere.
I realize this seems more troll than anything, but I’ll bite…
Usability is really nice once you get used to various Linux desktops, THIS is why it’s superior. I’ve used many different operating systems since CP/M and I can tell you the work flow on any of the three current main ones are pretty much all the same. You may have to press a different or extra key here or there, but for the most part, hit a key, type in name of application, or sometimes even a description, and you’ll get what you want and then enter will open it and away you go.
Sounds like all three will also now have a ‘store’ where you can get software. Hell, I ran into a feature where gnome-software listed games in Steam to install. That’s pretty fantastic.
All of Linux/Mac/Windows can and will use command line things IF you want to. Or to be more precise, if you’re any sort of ‘power’ user, you WILL want to. All of the people I know that use Macs don’t brag that they never use the command line, they use it because it DOES come with a command line and they can use it to work with (on Linux servers).
Funny enough, the reason I use Linux for everything is because I love Gnome-Shell and it’s simplicity and it gets out of my way. That and I can still highlight and paste with the middle mouse button, when you have terrible joint pain like I do, it’s a godsend.
This is about market share; which means if you really want Linux to succeed, then you need to suck it up and admit the general user’s opinion matters 1000x more than what you think. And since the community thinks like that, they don’t advocate for things on behalf of the average computer user like true single file universal installers that work on every distro, a feature that desktop Linux cannot compete against Android, Windows, or Mac without. But because the community is full of people like you demanding the status quo, desktop Linux will never be a thing.
Wine is not an emulator. It doesn’t matter what version you select to report as, your windows executable is still converted to Linux api calls using the same code regardless of which version you selected. In this way it is a dirty hack.
That is not 100 percent true. Really it looks that way if you look lot of the source code. Some functions in fact behave differently based on Windows version. The big one that shows you is if you use WINEARCH=win32 vs WINEARCH=win64 before generating a wineprefix as the directory structures are different. But there are functions that respond different based on windows version in wine but they are insanely rare.
http://test.winehq.org/data/
Wine project has run a lot of testing against real windows under bug for bug compatibility policy. How often it turns out that the functions should be functioning the same no matter the Windows version selected its over 98 of all test cases. More often when its not the case the install of windows in the virtual machine has become busted somehow. This is why to some just taking a look at the source why there is not that much variation because of Windows version. The reality there should not be and that fact is confined by testing.
The stupid point here you went and looked source and did not look at the test results explain why there was no variation.
universal installers
Appimage and Flatpak. Appimage only come out in 2003 its only been around for 13 years now. Appimage has some limitations now we have flatpak that address a lot of those limitations.
Problem with Universal installers is not that they don’t exist for Linux but convincing people to make them and be legal.
Please also take on board there is a legal nightmare to installers. A lot of windows applications if you audit them they are illegal. Because the licenses of the parts they ship with are not in fact legally allowed to be shipped with each other.
So making a universal installer that works that is legal is a lot harder than it first appears. Its a issue that people have run into with appimage and is why flakpak has runtimes. So in a legal hell case where something cannot be shipped with X but you need it to run X you can ship it as a runtime.
There is also security risks with shipping run-times.
dark2 yes general users matter but developers and those making packages matter as well.
https://www.youtube.com/watch?v=EjflNTd2kho
This would be a good video to watch to see how much of a legal nightmare everything is.
Like for a long time Linux Distribution were shipping with X11 server that was totally illegal to-do so just to make end users happy. Of course distributions don’t want to-do that today.
Android has been useful to see another way of packing in the form of APK. Flatpak.org design is partly based off the ways APK does things.
Its not like the Windows or Mac models had a system that is in fact legal most of the times.
https://www.youtube.com/watch?v=mkXseJLxFkY
This video above is at a Linux conference talking about the legal issues of universal packaging and implementation of universal packaging. So its not that the Linux world is not interested is more how can we do this without having someone fined or sued to oblivion.
Basically dark2 get up to speed before posting any more.
It doesn’t matter how many technical details and counter points you can think of. In the end they just give the Linux community a false sense of self superiority and make them refuse to call for change. Until this changes, desktop Linux is in a status quo of no real changes allowed and won’t gain any marketshare. Also building a new universal installer for Linux would not be held up in legal issues since it’s new, that argument is a non sequitur and completely ridiculous. It is essentially old Microsift style FUD since you’re talking about an ancient software that only exists for Microsoft.
Until criticising Linux isn’t treated like insulting someone’s baby by the Linux community, there can be no hope for it to advance past the current status quo.
It doesn’t matter how many technical details and counter points you can think of. In the end they just give the Linux community a false sense of self superiority and make them refuse to call for change.
This is totally bogus. The fact I could point to recent conference videos on the topic means the Linux work is attempt to respond to the problems.
This is your problem dark2 your arguement has no base in fact.
Suggest real legitimate change and necessary solutions to improve Linux
Called troll.
Sorry, your community is a group of toxic zealots. You could at least reference the conference video you’re talking about. By the way .apk exists for android so a universal installer file for desktop Linux should definitely be possible. Until someone can pick up TurboTax or Photoshop for Linux, it will never be popular, and the reason 3rd parties don’t support or continue to support Linux is because they would need to test and release multiple different installers for each Linux variant. Fix the use case, not the end user.
Edited 2017-03-01 14:06 UTC
http://www.osnews.com/thread?641392
You could at least reference the conference video you’re talking about. The two youtube videos. In the post are conference videos. That you just skipped over right. The second one is all the problems.
You respond with all the technical arguments don’t matter and never watched the video.
dark2 I only reference video once. If you don’t watch them that is your problem.
By the way .apk exists for android so a universal installer file for desktop Linux should definitely be possible.
Unfortunately no.
https://en.wikipedia.org/wiki/Android_application_package
Number 1 not enough CPU types. Number at time of release SHA1 it depends on was totally suspect and even more suspect now and the format does not allow for checksumming using multi checksums.
So yes google found flaw in SHA1 and pointed at git but the biggest SHA1 issue is android packages.
So apk as format failed Linux world security inspection.
flatpak.org is take the ideas of apk and add fixes to apk worse problems including fix flawed security design.
Flatpak is working on fixing the use case.
Making a universal package format that ticks all boxes is not easy.
The big thing you have to get is how different the Linux Desktop us case is to the Android use case.
Android uses 1 user id per application. This can work on something like a phone or tablet. Now a school Linux desktop deployment with 20000 users running applications. Using 1 userid per application no longer sounds so healthy.
So the desktop linux problem is a complete different level of hell. Flatpak.org is attempting to address it.
Flatpak has had insane issue getting closed source graphical drivers to work. Android where google was building the OS from scratch demanded that the gpu vendors do it their way.
release multiple different installers
That has not been in fact true since appimage release in 2003. Testing the appimage on multi distributions to make sure you have not missed anything important was still required.
Keeping myths like this going in fact prevents universal solutions from getting traction.
I’m not sure I buy this. As I understand it, Wine has all the necessary kernel API calls to make Windows code run – it’s just wrapped to Linux equivalents, or implemented in user space (I assume user space – I read a while back that Linux kernel was happy to take Windows compat patches, but have no idea how far that’s gone).
Also, as I understand it, React OS uses Wine.
So I’m not sure why to bother waiting for React OS – I’m not sure what real tangible benefit it offers for running Windows apps, unless you really need or like Windows system architecture for some reason. Since Linux is already a much more stable desktop operating system, why not simply use it with Wine to run your necessary Windows apps?
Reactos could have some advantage with some of the really evil drivers. The ones that attempt to modify windows kernel structures for copy protection and the like. Would be insanely dangerous to let inside Linux kernel ring 0 and run detection code to make sure they are running as ring 0.
The games you end up installing 1 per computer because otherwise they fight to the death with your system.
CaptainN some of the stability of Linux is not having some of these things.
Now with the work to allow virtual machines under Linux to use real gpu reactos could come a useful.
The reality from a hardware support point of view Reactos is more likely at first to work in a virtual machine under Linux than on directly on the hardware. Yes there are some games out there that attempt to detect virtual machines as well.
Running Linux applications is going to get a lot harder for Microsoft as more application need opengl or opencl to function correctly.
Also the Windows NT-10 kernel design is not without it performance design faults. Keeping driver compatibility means you cannot fix a lot of those faults.
We know for sure x86 Linux can go a lot fast. Power cpu hardware used 32k pages instead of 4. This makes a major difference in IO speed. 32k pages to nvidia closed source driver on Linux equals nvidia drivers not running. Some of the changes this year is about allowing multi page sizes in the Linux kernel at the same time.
Reactos will not magically destroy the Linux Desktop. But maybe people with the way Windows 10 is going will start giving Reactos enough developers that it can in fact develop.
Lot of items that let Linux kernel scale to massive numbers of CPUs is not in windows because they are patented and Micrsooft does not have a license. Implementing those features in Linux kernel was not a simple process. So you a developer building an application to use on Linux systems and you want to see how it perform on Linux the temptation to use the Linux Desktop will remain no matter how many Linux applications run under Windows.
There are already a number of apps that work in ReactOS that don’t work in WINE. It will be done faster and be more usable for more people. WINE will always be a buggy and hackish implementation that depends on ReactOS more and more as time goes on.