> If you use Neovim, can you share why you chose it over VS Code, or one of the new terminal-based editors like https://helix-editor.com/, or new native GUI editors like https://zed.dev/ ?
VS Code is a proprietary, spyware-riddled, resource-wasting worked example of why "modern" software sucks. Also for my personal use, everything that's not vim suffers from being not vim; it would cost me effort to switch for no clear benefit, and I'd still need to retrofit the same control scheme into whatever it was because the muscle memory is too strong, at which point I might as well just use actual neo/vim.
> which were built to be used as rich development environments instead of extensible text editors
> spent months tweaking Neovim/Emacs configs
I think part of the difference might be of usecase; if you want an IDE, use an IDE. If you needed to spend that much time bending the tool to what you want, maybe it wasn't a good tool to use. When I open vim, it's because I want a text editor, and it provides a text editor.
> VS Code is a proprietary, spyware-riddled, resource-wasting worked example of why "modern" software sucks.
Perspectives like these (and others in the thread) remind me that there exists a separate cohort of engineers from people like myself which have absolutely polar opposite views. I respect your opinions, though I couldn't disagree more with them! :)
Well, except the bit about VSCode having "spyware". That's not true, and it weakens your point. It does have telemetry - I suspect that's what you mean, and you should just call it that instead.
No. Microsoft's general reputation for spying on its users renders "spyware" a reasonable shorthand for what it either does now, or perhaps is reasonably likely to do at some time in the future.
I would fall back to the softer "telemetry" ONLY IF they were to provide some sort of genuinely reliable affirmation that it's not spying, which I don't think they could do today absent legal or other generally obvious incentive.
I mean, you can say whatever you want - you only diminish your own argument by doing so. It's like the boy who cried wolf - if you keep shouting "spyware" with no true evidence of spyware, then by the time that "spyware" actually is happening, no one is going to care.
> what it either does now
Spyware is defined (Google) as "a form of malware that hides on your device, monitors your activity, and steals sensitive information like bank details and passwords." Please furnish any example of Microsoft stealing sensitive information like bank details and passwords via VSCode.
> perhaps is reasonably likely to do at some time in the future
An imagined hypothetical does not help your argument.
> Spyware is defined (Google) as "a form of malware that hides on your device, monitors your activity, and steals sensitive information like bank details and passwords." Please furnish any example of Microsoft stealing sensitive information like bank details and passwords via VSCode.
Well, yes, of course Google would say that. If you ask DuckDuckGo to define spyware, it offers these:
> Software that secretly gathers information about a person or organization.
> programs that surreptitiously monitor and report the actions of a computer user.
That's wrong. They key element of "spyware" is that it monitors and reports outside of it's own realm, and cause damage with the data. Like a keylogger logs keys even it's not the active program. What VSCode does is only monitoring user action within VSCode for technicality. Until you can provide evidence otherwise, calling it "spyware" is act of defamation.
Also, if software with telemetry is spyware, there is no mainstream browser clean. Feel free to use forks like Tor Browser or VSCodium if you like, but expanding the scope of spyware unreasonably only gonna cause confusion to average people.
It's not "expanding the scope," it's clarifying (or developing) a definition.
And if it causes confusion -- good. There should be more public confusion on this topic, especially in the realm of "Why does this free program need to know all of this stuff about what I'm doing?"
It's not that answer is "no gathering information ever," it's "providers of a program ought to be compelled to fully and clearly disclose to all what information it is grabbing and what it is doing with it."
Even the FTC struggles to define spyware. But I think you’re right that a disagreement on the definition is at the heart of all of this. I wouldn’t be so overconfident in asserting that spyware is defined in your particular way here, though. There isn’t exactly a consensus! VSCode is certainly not to be lumped in with password stealing keyloggers, but because they continue collecting telemetry data even after you explicitly disable it, VSCode does fall under the “collecting data without a user’s knowledge” category of spyware.
I'm very comfortable calling ALL OF IT spyware until something like the GDPR cookie thing exists for it. (or they voluntarily make such a statement BEFORE you use it)
We're not talking about MS the company, we're talking about VSCode, the product, as OP's claim was that it's apparently well-known that VSCode is spyware. Ctrl-F "VSCode", "Visual Studio" both come up with 0 results.
It hasn't in the past, but because it is a Microsoft product, you would be wildly naive to think that they wouldn't have a tendency to in the future. You're technically correct in the most pointless way possible.
I have a tangental concern, which is that all things microsoft these days seem to be evolving towards an advertising platform or a subscription. The way they keep adding integrations into their other stuff is understandable, and doubtless convenient for many people, but I can't help but think that someday after they are deeply embedded in the workflows of large swaths of the development community a message will appear in your editor suggesting an upgrade to the pro version of some tool or plugin and the freemium experience will have arrived.
Lots of big tech companies (including mine) let their devs run VSCode on company machines. If there was a concern about spyware, I feel like all of those security teams across the industry wouldn't have signed off on this, especially with billions of dollars of IP at stake.
I think there's a bit of a difference between a bug that went undiscovered for years and vetting third-party software to see if its telemetry compromises your employees or IP.
I mean, sure, if you want to avoid log4j from happening, you can write all of your software from the ground up in-house with no third party dependencies (or audit every line of code for every third-party program you do use), but I don't see how that's relevant to a discussion about whether VSCode is compromised to a degree that other editors aren't.
The point was that people thought "Oh surely log4j was vetted by the big companies that depend on it - I mean it must be OK if AcmeCorp uses it!". (or openssl, or sendmail, or ...). That's not too different from "Oh look at all these big tech companies using it, they must have vetted the telemetry".
Ah telemetry - you mean software that sends back information about what I'm doing to some 3rd party? Unlike spyware which is software that sends back information about what I'm doing to some third party.
I said this to someone else, but spyware is defined (Google) as "a form of malware that hides on your device, monitors your activity, and steals sensitive information like bank details and passwords." Please furnish any example of Microsoft stealing sensitive information like bank details and passwords via VSCode.
Why does Google get to decide that software has to "hide on your device" and that it has to steal banking information or passwords to meet the definition of spyware?
No one stops you from using VSCodium. But associating a software with spyware (a black/white action) should not but tied to how much telemetry (a spectrum) they collect. It's about what type of data they collect and what they do with the data. If they deliberately use that data to cause any damage (black/white), you can call it spyware. But if they only use that to improve their software, no, you shouldn't.
There have been reports that the "telemetry" is sent after a user takes the actions to disable it.
That means that a user has information about them reported in a way that is:
1. against their will
2. without their knowledge
That is spying. The software that does it is spyware.
Whether or not they intend to use it for anything other than improving the software - if they secretly take data from me without my consent, it's spying.
Whether or not you think it's OK for them to take data, if they do so without my consent, it's spying.
Whether or not you really like VSCode, if they secretly take data without my consent it's spying.
Software that spies is spyware. It's that simple.
Trying to haggle in the margins of one definition of a vague term is not a very strong argument to convince me otherwise.
Also: about the first part of your comment - I stop me from using VSCodium. I'm not interested.
- https://www.roboleary.net/tools/2022/04/20/vscode-telemetry.html
- "It looks like you cannot shut telemetry off 100%. These settings will
opt you of most data sharing scenarios; but not all data sharing
scenarios."
- Apparently even VSCodium can't kill it all
- https://github.com/VSCodium/vscodium/blob/master/DOCS.md#disable-telemetry
You could also, if you wish, audit the telemetry events and determine if it's worth turning off - or decide that it's okay with you that they're using that data to improve their free product.
I could also just decide that it's okay to use a free editor that doesn't report on me in the first place. I don't need to audit exactly what information vim sends off and evaluate whether it's too much, because "none" is really easy to decide on.
I use VSCode since switching away from Neo/Vim because things just work. I don't have to install a bunch of plugins like I used to where I don't know what works and what doesn't work with each other. For example, for Rust, I go to VSCode extensions page, click install on rust-analyzer, and that's it. I don't have to set up an LSP, syntax highlighting, etc which are each their own plugin on Vim.
That's funny, I just switched from VSC to NeoVim because things just work. The C++ LSP bindings for Vim were easier to set up, faster, and more reliable than my setup in VSC. Though I imagine these things vary greatly, since C++ and C++ tooling is enormously complex and varies from codebase to codebase.
I just want to express why I sometimes prefer things that don't "just work". I love VSCode. I use (neo)vim just because I am used to them (started using them before VSCode was around).
Firstly, not "just work" means there will be no features to suddenly appear and "help" me. When I start to use a new IDE I never know what inserting "{" does: Will a "}" also appear? Will it start a new line? Will it cause indentation to change? Will it insert a whole snippet? How do I just insert a "{"? An IDE usually comes with lots of "helper" features like this, and questions like these add up. The result is that I never know what happens when I press a key and get agitated when the result isn't what I expect. If I set up everything myself this doesn't happen. (neo)vim is pretty bad in this sense actually. The default formatoptions and filetype indent plugins are pretty annoying, and the "J" normal mode command has behaviors that surprise users and cannot be turned off (you can remap it for sure), but by the time I met VSCode I got familiar enough with them already... I recall VSCode's default was pretty clean. IDEs are absolutely the worst.
Not "just work" also means that I know how to change something if it steps into my way, since I set up everything myself. If I have to edit a file with special formatting rules that I need to follow, I know where to change auto formatting rules. If I have to read some generated code or code from dependency libraries, I know where to turn off warnings from linting. Since rust-analyzer is set up by myself, if one day I find that its version or config is not compatible with this new project I am starting to work on, I know immediately how to change it. If my whole setting up effort is "clicking a button", it becomes harder for me to find where the change needs to be made. Such things are not just "if"s actually, but happen pretty often from my experience, often enough to make me think it's better to set up everything myself than to figure things out each time.
on linux, kde/kate is pretty good... I switched back to full tmux+vim lately to get even better with vim, but I find that kate is the perfect mix between an ide and a terminal based editor. makes me think of notepad++ with a few extra goodies (files on the left, terminal below etc...)
Hmmm, did some of the mappings change with this release? Now hitting CTRL-B (I do that a lot in NERDTree) gives me the "E5248: Invalid character in group name" error.
I'm not sure how you'd know that; since vim, emacs, and other more traditional options don't include telemetry we don't know how many people use what editors. In any event, Windows remains the most-used (desktop) OS, so I've long since acclimated to people living with the suckage.
The data is no doubt biased, but given just how far ahead vscode is, it would need to be a very heavy bias to see vim/nvim come out ahead among all developers (however we define that). It gives us some information, but I agree doesn't tell us what the proportion is among all developers.
Popularity is not a great metric of goodness, unless we want to come to terms with the fact that Limp Bizkit records are around 3x as good as VSCode (and that's despite the fact that they aren't even charging people for VSCode!)
VS Code is a proprietary, spyware-riddled, resource-wasting worked example of why "modern" software sucks. Also for my personal use, everything that's not vim suffers from being not vim; it would cost me effort to switch for no clear benefit, and I'd still need to retrofit the same control scheme into whatever it was because the muscle memory is too strong, at which point I might as well just use actual neo/vim.
> which were built to be used as rich development environments instead of extensible text editors
> spent months tweaking Neovim/Emacs configs
I think part of the difference might be of usecase; if you want an IDE, use an IDE. If you needed to spend that much time bending the tool to what you want, maybe it wasn't a good tool to use. When I open vim, it's because I want a text editor, and it provides a text editor.