Yesterday an article I wrote about UWP/UWAs got published at PC Gamer.
I actually asked about writing this 3 weeks or so ago, but with my real job interfering it took a while to get done. In the meantime, the topic blew up with Tim Sweeney weighing in, which isn’t something I expected.
I go into details on the current state of things, my concerns about future developments, and 2 questions I’d like Microsoft to answer in that article. One thing I don’t discuss, mostly because it requires technical background to understand which would take a long time to explain from the bottom up is the technical details of application signing. I also won’t do that here – on my blog I can afford not to – but I will provide my more philosophical thoughts on the matter.
Signing, in general, is a good thing. At the very least, it makes man-in-the-middle attacks far more dangerous to execute. On truly open platforms like Linux it is even a great thing, with all the control still resting with the user and no one interested in making some particular commercial signatures “more trusted” or “better” than the rest.
On a commercial proprietary platform, it is a double-edged sword. Yes, ideally, it provides all the same advantages it does on the open platform with no additional drawbacks. However, when ultimately controlled by a commercial interest its potential for either subtle or obvious abuse is extremely high. From simply showing a small warning pop-up if some software is not corporate-approved all the way to restricting some functionality only to a subset of signatures. Compared to that, the somewhat more dangerous wild-west environment of Win32 does not offer the same capabilities – even to its creator.
Anyway, many people have told me that they appreciate the article, either for the information contained in it about current UWA limitations, or for the message it sends, or both. There are also those who think I am overreacting or painting too grim a picture. And in this particular case, I’d be ecstatic if they were right and I am wrong: if in 10 years I can still as easily mod a game as I can do with a Win32 executable today then I’ll join them in laughing about just how silly I was. Happily.