Amazingly screwed-up installation experience



  • Today's star is [url=https://www.yoyogames.com/studio]Game Maker: Studio[/url]. My son, who is in his last year of primary school, is doing an extension course on making video games (something he's always wanted to do), and this is the software they're using.

    Note that it is not open-source software and the IDE is a Windows-only program. Also, on the kids' computers I have an admin account and the kids all have limited user accounts, because I have at least a certain minimal amount of sanity.

    So I went to install this for him. First surprise (and, in retrospect, warning sign) is that it suggests %USER%\AppData as an installation location, rather than Program Files. Slightly bemused, I changed it to Program Files. It complained about not being able to write to the directory, so I created the Program Files\GameMaker directory for it and tried again. It was more or less happy with that; I noticed it spending a lot of time installing an "Upgrade.zip" file, but I figured that was probably content that could be unlocked if you paid for a higher tier than the free version. Took the shortcut off my desktop and created one that was publically accessible.

    So I got my son in to login to his account and try it out. A small window flashed on the screen and disappeared. Not the most promising start, so I tried running it with admin credentials. Success! Sort of. The program launched and then popped up a dialog saying "Upgrading..." and started unzipping the contents of the Upgrade.zip file. Excuse me? Why wasn't this part of the installation process?

    Eventually that completed, taking about as long as the original installation. OK, time to try running it again. Same small window flashed on the screen and disappeared. Run it as admin again. Now it launches and pops up a window saying "Your version is <x>, the current version is <y>. Do you want to upgrade?". (At this point we also got to choose between the stable and the beta upgrade paths.) Wait, why is the version available for download on your website not the latest stable version? What kind of idiocy is this? Fine, let's upgrade versions (obviously something different from the upgrade we had to do when we ran it the first time). The upgrade took longer than the original installation, both in download and installation time. It also had the wonderfully user-friendly dialog box caption of "Processing Delta", which I had to explain to my son.

    It will probably come as no surprise to anyone that after all this, the program still didn't work without admin credentials. Even after I altered the security settings on the program directory to allow all users full control, it still didn't work without admin credentials. At that point I gave up, uninstalled it, and installed it from my son's account into his AppData directory (repeating all the steps above). Nobody else on the computer can use it, but at least he can.

    Checking afterwards, I was genuinely surprised to find that it was commercial, Windows-only software. The appalling usability screams FOSS (even if your product is for game developers, you shouldn't ignore the UI, especially if you claim that it also "caters to entry-level novices"), and the "let's not install into Program Files because we can't be bothered doing the security properly" bit is a classic trope for Linux software being ported to Windows.



  • The FOSS version/ripoff is called Godot. Honestly, it might be good, who knows.

    And yes, "install in AppData" is programmer code for, "Vista UAC came along and we're too fucking lazy to fix our 20,000 permissions bugs."

    And yes, game developers are the worst and game *tool* developers are the worst of the worst. If you want a laugh, try out RPG Maker.



  • @Scarlet Manuka said:

    , and the "let's not install into Program Files because we can't be bothered doing the security properly" bit is a classic trope for Linux software being ported to Windows.

    I have to disagree with you on that one. I can't think of any case where Windows has more restrictive permissions on programs' files than Linux does. Maybe their installer can't handle spaces or something, but not being able to handle spaces comes from calling system(3) instead of using exec* which is a problem with sloppy C code, not for-Linux code. The two sets share some elements, but neither is a subset of the other.



  • @blakeyrat said:

    game tool developers are the worst of the worst

    If anyone disagrees with blakeyrat, find a family member who doesn't have experience with Valve's Hammer world editor and see how far they can get without reading a guide.

    @blakeyrat said:

    If you want a laugh to waste $69.99, try out RPG Maker.

    FTFY



  • Or, install in AppData might be the [i]proper[/i] way to install in a per-user context. You know, in the manner that Microsoft tells people to author such packages.

    [url="http://msdn.microsoft.com/en-us/library/windows/desktop/dd765197(v=vs.85).aspx"]Installation Context[/url]



  • @Scarlet Manuka said:

    "let's not install into Program Files

    ... but to c:\Something is what programs ported from unix offten do, because they have more or less problems with spaces in paths. Commercial programs are just as guilty as the open-source ones.

    @Scarlet Manuka said:

    because we can't be bothered doing the security properly"

    Unices (inluding Linux) always had security and were always used from non-administrator accounts, so Unix programs generally do distinguish installation directories accessible to administrator only, data directory where the application may be given permissions and user directories. Not handling permissions correctly is almost exclusively problem of commercial applications, both on Windows (which had no security in the 95/98/ME versions and most people use them as administrators since, so
    before UAC the application could do anything anyway) and the occasional offender on Unix.



  • @Ben L. said:

    If anyone disagrees with blakeyrat, find a family member who doesn't have experience with Valve's Hammer world editor and see how far they can get without reading a guide.

    No idea what you're talking about. I made two shitty counter-strike maps just by hovering my mouse over the icon.



  • @DamienK said:

    Or, install in AppData might be the proper way to install in a per-user context. You know, in the manner that Microsoft tells people to author such packages.

    Installation Context

    That doesn't make it not completely fucking stupid.

    Windows versions since NT make it hard for malware to touch stuff inside %ProgramFiles%, and versions since Vista make it even harder. Stuff inside %APPDATA%, by comparison, is just lying back with its legs spread wide and holding up a huge sign saying Take Me, I'm Yours. And don't even get me started on the effects of shoving tens to hundreds of megabytes of package guts inside what will often turn out to be somebody's roaming profile.

    Dropbox (whose installation unpacks to about 70 MiB) does this as well, and since version 2.x they appear to have removed the setup option that used to let you specify the installation path explicitly. Gives me the shits. At least with Dropbox you can work around it by just grabbing a copy of "%APPDATA%\Dropbox\bin" and uninstalling the thing again; nothing its installer sticks in the HKLM branch of the registry seems to be vital, and Dropbox\bin\dropbox.exe does correctly set up all the HKCU keys and configure Explorer correctly for the user on first run regardless of where it's run from or how many people are running it concurrently.



  • Try Unity. That's what all the cool kids are using.



  • @flabdablet said:

    Windows versions since NT make it hard for malware to touch stuff inside %ProgramFiles%, and versions since Vista make it even harder. Stuff inside %APPDATA%, by comparison, is just lying back with its legs spread wide and holding up a huge sign saying Take Me, I'm Yours.
    Why does this matter? Any program can write to %APPDATA% regardless if everything is installed to Program Files.
    @flabdablet said:
    And don't even get me started on the effects of shoving tens to hundreds of megabytes of package guts inside what will often turn out to be somebody's roaming profile.
    Per-user installs go to %LOCALAPPDATA%, which doesn't roam.



  • @Scarlet Manuka said:

    The appalling usability screams FOSS

    Well, maybe to people whose experience of appallingly unusable software is limited to appallingly unusable FOSS.

    Those of us who have worked in this industry for more than a decade or two, and who come at the thing without an ideological commitment either to promoting FOSS as morally superior or belittling it as the contemptible toenail pickings of unwashed hippies, fully understand that Sturgeon's Law applies to all software, not just FOSS. If you're in any doubt about that, think about the last time you had to have anything to do with any commercial CRM or ERP or personal finance package.



  • @ender said:

    Why does this matter? Any program can write to %APPDATA% regardless if everything is installed to Program Files.
    Sure, but if %APPDATA% contains executables you're actually going to execute as a matter of course, then any dropper can dump a virus or worm or a trojan DLL in there and you'll probably end up running it.@ender said:
    Per-user installs go to %LOCALAPPDATA%, which doesn't roam.
    Maybe somebody should point that out to the Dropbox folks, because that's not where their stuff goes.



  • @Ben L. said:

    @blakeyrat said:
    game tool developers are the worst of the worst

    If anyone disagrees with blakeyrat, find a family member who doesn't have experience with Valve's Hammer world editor and see how far they can get without reading a guide.

    I still haven't managed to get the TF2 dedicated server running.



  • @blakeyrat said:

    The FOSS version/ripoff is called Godot. Honestly, it might be good, who knows.

    From their homepage: "It took a long time but it’s finally ready for everyone."

    From this I deduce that they believe everyone was waiting for Godot. I approve.  

     



  • You know, I filed a bug report about this exact problem. They refused to fix it and closed the report without even countering my explanation. Even a simple "won't fix, too lazy" reply would have been better than just closing the issue without any explanation.

    You can guess what I voted in the following user satisfaction query.



  • @DamienK said:

    Or, install in AppData might be the proper way to install in a per-user context. You know, in the manner that Microsoft tells people to author such packages.

    Installation Context

    Maybe I'm missing something but I see nothing in there which actually says that per-user intalls should go into %APPDATA%.  Microsoft's official "Certified for Microsoft Windows" rules specifically say: "The application should install to the Program Files folder by default."

     



  • @Ben L. said:

    @blakeyrat said:
    game tool developers are the worst of the worst
    If anyone disagrees with blakeyrat, find a family member who doesn't have experience with Valve's Hammer world editor and see how far they can get without reading a guide.

    I like the Skyrim Creation Kit myself. It's not that bad, other than crashing near instantly unless you turn sound off in some ini file (?!) and having a bunch of noob traps (flagging certain object types as changed just for looking at them; spells randomly being set to 0 AoE and hitting yourself as a result) and undocumented features (gray face feature). Sure, it takes a few months to figure out how to make a good mod -- but that only keeps the casuals away and prevents them from clogging up the list with trash; people who actually care about making mods will persist.

    I do recall lots of QQ about the Starcraft 2 Galaxy Editor: apparently it was too hard to add things like missiles because they were three different object types. Because tons of kids want to "make games" but when they see what the guts of a game look like, they rage quit and cry on the forums.

    Nooobs.



  • @Scarlet Manuka said:

    So I went to install this for him. First surprise (and, in retrospect, warning sign) is that it suggests %USER%\AppData as an installation location, rather than Program Files.

    I seem to remember Google Chrome doing this too.

    @Scarlet Manuka said:
    Slightly bemused, I changed it to Program Files.

    You changed its installation path to a location with drastically different permissions and you expected it to work just fine? You are TRWTF.

    @flabdablet said:
    Sure, but if %APPDATA% contains executables you're actually going to execute as a matter of course, then any dropper can dump a virus or worm or a trojan DLL in there and you'll probably end up running it.

    If malicious code gets the ability to modify the files in your user profile, you're fucked anyway.



  • @anotherusername said:

    @Scarlet Manuka said:
    So I went to install this for him. First surprise (and, in retrospect, warning sign) is that it suggests %USER%\AppData as an installation location, rather than Program Files.

    I seem to remember Google Chrome doing this too.

    Chrome used to install into %APPDATA% but I don't know if that is still the case, I don't use it any more. The more annoying point was that the Chrome installer didn't even offer the option to change the location.  However, thanks to a couple of obsure barely-documented command line switches I was able to copy everything to a more proper location (<font face="courier new,courier">C:\Program Files(x86)\Google\Chrome</font>) with only user data stored in %APPDATA% and everything worked just fine.@anotherusername said:
    @Scarlet Manuka said:
    Slightly bemused, I changed it to Program Files.

    You changed its installation path to a location with drastically different permissions and you expected it to work just fine? You are TRWTF.

    Every application I currently have on my computer installs to  <font face="courier new,courier">C:\Program Files </font> just fine, including crap like iTunes and Java and shitty open sores programs like Firefox and VLC.

     

     



  • @anotherusername said:

    If malicious code gets the ability to modify the files in your user profile, you're fucked anyway.

    Well no, not really. Your user profile is the least protected part of any Windows installation because you need to be able to write stuff in there without any kind of elevated privileges - that's kind of the point of it.

    Prickware installed inside your own profile can be intensely irritating, and may damage your own documents and whatnot enough that you need to restore them from backups, but it's not going to be able to ruin your whole Windows installation or rootkit you unless you go out of your way to run it or its installer with elevated privileges. As long as it's never had those, then in extremis you can always get rid of it just by wiping your profile, which is a lot faster than reinstalling the OS.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.