For people who want to view the post and comments without a Twitter/X account: <a href="https://nitter.poast.org/da_wamwoowam/status/1824872498363523537" rel="nofollow">https://nitter.poast.org/da_wamwoowam/status/182487249836352...</a>
> this person has never programmed on windows in their lives<p><a href="https://nitter.poast.org/da_wamwoowam/status/1824874909572665735#m" rel="nofollow">https://nitter.poast.org/da_wamwoowam/status/182487490957266...</a><p>How about some fucking empathy? Yes, maybe the dev isn't a windows expert, but I'd guess most devs aren't. Most people don't have the luxury of pulling in a specialist to do every little feature, nor the luxury to do a deep dive to figure the absolute correct way. Such is the reality of (commercial) software development. I don't think we need to have snarky attacks on the front page of HN for that.
Not condoning the method, but I can take a good guess as to what they're doing: They're trying to find out how many NVENC streams are in use on the card / whether any are free<p>Which isn't important for general use but is relevant if you're screen sharing/streaming your display
In other words: Discord uses a third party library to gather system information. On Windows, that library uses some logic that can fallback to PowerShell to gather information.<p><a href="https://www.npmjs.com/package/systeminformation" rel="nofollow">https://www.npmjs.com/package/systeminformation</a><p><a href="https://github.com/sebhildebrandt/systeminformation/blob/master/lib/graphics.js#L387">https://github.com/sebhildebrandt/systeminformation/blob/mas...</a><p><a href="https://github.com/sebhildebrandt/systeminformation/blob/master/lib/graphics.js#L825">https://github.com/sebhildebrandt/systeminformation/blob/mas...</a>
This is why I run everything possible in the browser. Discord, teams, zoom, outlook, etc. It also makes switching computers and operating systems a breeze. Not that I switch often, but I like to remain platform agnostic.
For those who don't want to piece together things from twitter, the summary is this:<p>Discord attempts to find nvidia-smi libraries by launching series of powershell scripts. Those scripts are really terrible with a lot of if-else logic based on hardcoded strings and environment variables. They are also apparently fairly slow and scan over 800 directories.<p>Honestly, this is just yet another example of Discord not really developing their software well security-wise.<p>Another example bad security example: 2FA implementation is not really that secure since you can continuously ask for backup codes to be sent to your email which you presumably open frequently on the same PC (there is already automated malware that will abuse this and circumvent your 2FA via newly generated backup codes).<p>Yet another terrible implementation: QR codes. There are rampant phishing attempts that work fairly well because they trick people into accepting invite to some discord server. Once you are in it then you are presented with a "anti-spam/anti-bot" verification check which asks you to scan and confirm a QR code. Little do majority of people know is that it is a login QR code and once you scan that then the hackers will just take over your account in less than a second as all this stuff is easily automated already.
I mean, what do you expect? If you took all the software engineers on this site and assigned them to develop that feature, how many would be able to do it better? I imagine most won’t be able to even begin without spending a lot of time studying the subject matter. I hardly know any Powershell at all, let alone the better more correct Windowsy way to do it.<p>Only the more experienced Windows app developers would get it right. How many of those are there in the world? How many are working at Discord?<p>Most likely some dev who was not a super Windows expert was assigned this task, and figured out how to do it using the tools that they already had the most familiarity with. In this case that was Powershell.<p>This is what most of us do every single time we code. We prioritize getting a solution that achieves the desired result, which this does. We prioritize getting it done quickly, which means using familiar tools instead of spending a bunch of time learning something new. We prioritize passing tests, which this probably does. Performance is not a priority at most places until it becomes so bad that it’s extremely noticeable. Discord on Windows is most often used on powerful gaming PCs that won’t notice this inefficiency.<p>That said, now that someone so kindly pointed out the issue, maybe Discord will fix it. Or maybe not. If it’s not a bugfix, or a new feature, or a security patch, why would they prioritize it?
The code to find the binaries is very clearly Javascript, not Powershell<p>From: <a href="https://x.com/da_wamwoowam/status/1824874909572665735" rel="nofollow">https://x.com/da_wamwoowam/status/1824874909572665735</a><p>`readdirSync`, `statSync` are from <a href="https://nodejs.org/api/fs.html" rel="nofollow">https://nodejs.org/api/fs.html</a>