Jump to content
Corsair Community

ICue - Poorly coded or a fat listening post?


YouEatLard2022
 Share

Recommended Posts

Why is iCue am 800MB package?  Does it really take nearly a gigabyte to blink some LED's?  Why does it install a bunch of unrelated garbage (headphones)?  The microprocessors in your AIO's and Corsair Commander (at best) likely only have a few megabytes of space.  So, what is the rest of the 800 MB's for?  Is it lazy, abandoned in place code?  Is it doing something besides lighting?  What exactly is it doing then?  

Unnecessarily large software packages lead to unnecessarily large vulnerabilities.  It's only a matter of time before this is exploited.  

Please, fix the program.  There's no reason for it to be anything bigger than 50 MB with a single service (rather than thrash fodder).

Link to comment
Share on other sites

1 hour ago, YouEatLard2022 said:

Why is iCue am 800MB package?  Does it really take nearly a gigabyte to blink some LED's?

You do realize that it does a whole lot more than just 'blink LEDs', right?

The "unrelated garbage" is because it's a single driver package. Once you install iCUE, you'll have everything you need for the Corsair product line - fans, keyboards, mice, mats, headphones, memory ... everything. That's why it's so big.

There is the possibility that they could, at some point, break it up and load additional components on demand. That way, the initial install is smaller BUT ... you MUST be connected to the Internet when you add something new or it won't be supported. It's more complex from a technical perspective and there's going to be people complaining that they should have one install.

1 hour ago, YouEatLard2022 said:

Unnecessarily large software packages lead to unnecessarily large vulnerabilities.  It's only a matter of time before this is exploited.  

Do you have any specific vulnerabilities in mind? If so, I'd suggest contacting @Corsair James via DM and report it responsibly. And it's not unnecessarily large software leads to vulnerabilities, it's more unnecessarily complex software leads to more vulnerabilities. And one massive issue with a load-on-demand system is that is is a major attack vector (ask SolarWinds or Asus; they'll both tell you 'bout that). So implementing something to support what you suggest would make iCUE easier to attack, not harder. In your book, because it's smaller, it's more secure. But that's a very simplistic and naive view of software vulnerabilities.
 

1 hour ago, YouEatLard2022 said:

There's no reason for it to be anything bigger than 50 MB with a single service (rather than thrash fodder).

Oh, if only the world really was this simple.

Edited by DevBiker
Link to comment
Share on other sites

Quote

"You do realize that it does a whole lot more than just 'blink LEDs', right?"



Yes.  Other than LED's and fans, it shouldn't.  This would be like installing a brand new lighting, music, and temperature control system when all you needed is a speaker.   So, now you're driving around with extra weight, powering extraneous hardware for a bunch of stuff you're not using.  You may not notice the increased fuel usage, but you'd still be paying for it even if most of it is doing NOTHING for you.

 

Quote

"And it's not unnecessarily large software leads to vulnerabilities,"


Kindof.  The more simple a device, the lower the risk of exploitation.  This is especially true with software that is installed, (possibly running in the background) but unused.  It gets forgotten, abandoned in place.  Chances are, that there are door ways open there, but they stay safe for a while due to security through obscurity.  Eventually one or more vulnerabilities are found.  The dev team ends up in a panic which drives them to waste time and money in damage control and in repairs.  I'm not saying simple software can't have vulnerabilities.  I'm saying fat, (especially extraneous) is a much higher risk. 
 

Quote

"Oh, if only the world really was this simple."


Do you have any idea how much code and simple images can fit in 50MB?
The world is that simple.  The iCue is a lighting and temperature manager.  It should only have two primary roles.  One is that it should program the microcontrollers in the iCue hardware.  The Arduino suite does this at under 200MB.  While this is greater than the 50MB I mentioned, the Arduino suite requires a lot of extra data for the highly variable programming environment.  Meanwhile, the iCue just needs to pass along pre-programmed options.  We're not coding the LED's.  We're not coding the temperature management code, we're just changing reaction points.  The second thing it needs to do is pull system variables such as temperatures.  CPUID does this with just 2KB.  So.....

Regardless, iCue comes with a large amount of extraneous data, programs, and services that most will never use.  They just take up additional resources and make the processors juggle more.  Meanwhile, there isn't a payout other than use of extra electricity, extra heat, and extra vulnerability.  

 

 

Edited by YouEatLard2022
Link to comment
Share on other sites

well, iCUE doesn't really do hardware monitoring that well. HWinfo does it better for 7mb.

Having the installer be smaller has been a much requested feature. Each update is massive, there's too many services running even if you only use a mouse mat or a light tower. The thing resembles Armoury crate more and more 😛

At home, G hub uses 350 mb to manage 5 devices, Aquasuite drives the fan/pump controller, all the RGB, and the desk display with just 65mb, polling everything from HWinfo.

Give or take, it uses  half the space iCUE takes BEFORE installation, does the job infinitely better, and cumulated, uses about 0.5% CPU... and i can't remember the last time one of these crashed. Icue is pretty much daily on my laptop, with only one keyboard to manage.

There is only room for improvement really.

Link to comment
Share on other sites

Agreed on everything.  It would seem that having an all in one package would increase development time.  Larger packages mean more  time spent in overhead, testing, and quality control.  

    It's funny you mention the similar software by that motherboard company.  That's what led me to this.  I noticed sluggishness so I started cleaning.  The similar software was first as it was running 8 services.  What are they doing?  Do they need to be running or could they just run once at startup, check to see if they're even needed, and terminate if not.  Does any of it actually do anything I care about?  This is exactly the type of thing that causes computers to slow over time.  Everyone wants a service.  The services may be doing almost nothing, but they still get juggled.  They still take time to be pulled into CPU cache, run, and put back to sleep.  Thrashing is a thing.  Much of it wouldn't uninstall and had to be manually erased in the registry. 

   iCue was next.  The services are actually rather funny as they run at the user level rather than the computer level.  They don't run unless a user is logged in.  WHY EVEN HAVE THEM THEN?  Why not just have them as run once at Windows startup?

       Corsair Gaming Audio Configuration Service
             What does this do?  Description reads "C".  Good.  Useful.  Name says audio.  I don't have any Corsair audio equipment. 
             Why did it get installed?
       Corsair LLA Service
             The Description says "Corsair iCue Helper Service".  Okay, so I need this one?  What does it do?  Nope, it's for memory RGB.  
             I don't have RGB memory.  WHY is this on my computer?
       Corsair MSI Plugin Service
             What does.... wait, I don't own anything MSI related.
       Corsair Service
             The description reads "Corsair Service".  Useful.  This one has to be important with the time that was put into that description. 
             Really, this is the only one that a large majority will need.

   It would be really awesome if users had the option to download a small program that would pole system resources to identify applicable hardware.  Afterward it'd install exactly what the user needs.  Audio service for headset users.  Corsair Service for cooling/lighting users.  MSI services for... etc.  It would decrease overhead for Corsair and the user's computer.  Corsair's marketing department knows exactly what to do with the data sent in for this process.  It should more than pay for the software development overhaul. 
      
 

Link to comment
Share on other sites

18 hours ago, YouEatLard2022 said:

Do you have any idea how much code and simple images can fit in 50MB?

Yes, as a matter of fact, I do. A very, very, very good idea as I've been doing software development since 1993, with VB 3 in the 16-bit, Windows 3.1 days when 50 MB could fill up a hard drive (and then some) and apps were measured by the number of floppy disks that they had. By the way ... which is more secure ... Win 3.1, which was, what, 10MB installed? or Windows 11 which is in the gigabytes? There are many factors more important than size.

Again, the install strategy is that iCUE installs the whole kit and kaboodle - everything you need. That's why those are there. And having them set as "Run Once" won't work - as most, if not all of them, require elevated privileges to access things that they need to do. Before they had the background services, back in the days of Corsair Link, you would have to run Corsair Link (the user component) with elevated privileges. By putting the code that requires these elevated privileges in a service, however, they've actually reduced the attack surface as the user app code no longer needs to run with those elevated privileges.  That's the principle of "Least Privilege" - the code executes with the privileges that it needs and no more. The UI doesn't need those privileges so it doesn't get them. Those services, however, do need them. 

You do, however, bring up valid points in that these services are set to run even when they aren't necessarily needed. Having the ability to turn them off/disable them in the UI (and have the choice remembered) would probably be good as disabling them manually doesn't always persist between installations. But then there would also need to be code to dynamically enable them (or prompt you to enable them) if you plug something in. You sound pretty technical so this would probably work for you ... but part of what they dev team has to consider is that the vast majority of users don't know all of these details and anything too technical causes hives. So anything that they do needs to be balanced with the end user experience for the average PC user (and ... by the way ... the good security consultants/pen testing groups spend a LOT of time during the threat modeling phase of a pen test project discussing and helping the clients weigh and balance those risks with the user experience). With something like Windows Server, where services are all off by default, there's a certain expectation of a level of technical expertise that you can expect of the user that doesn't apply to the general masses of PC users. And then there is the complexity of having a dynamic, modular, load-on-demand model and how feasible (or complex) something like this is in QT, which is the core framework that iCUE uses. That's one that I, personally, don't know as I've not worked with QT. In .NET (which I'm very familiar with), it's relatively straightforward to do and there are well-established patterns and frameworks (especially for WPF) for doing this.

 

Link to comment
Share on other sites

19 hours ago, YouEatLard2022 said:

Btw, I meant CPUID does it with 2 MB.  Either way....

And if iCUE looked as sparse and utilitarian as CPUID ... but that's not an option with the reality of the market space that they play in.

Link to comment
Share on other sites

18 minutes ago, DevBiker said:

And if iCUE looked as sparse and utilitarian as CPUID ... but that's not an option with the reality of the market space that they play in.

Code and images take space, got it. This is why I mentioned 50 MB.   I wouldn't even be upset if it was double that; it's not like storage space is expensive.  This said, there is a large amount of unneeded data within the 800MB.  Much of it is probably abandoned in place (possibly waiting for someone to find an exploit). 

Beyond the size, why so many services?  Right now I've got the 4 listed above along with another 7 Corsair iCUE Component services.  This isn't all though as each of these 7 extras appear to have spawned their own Console Window Host (command prompt) process.  So now, we're up to 18 processes running just to read temperatures and blink lights.   Thrashing is a thing.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...