Nintendo DS, I never even got to know you; When the iPhone convergence story wins Code Review: Two very different stories of lost wallets
Aug 01

Silent updates: Good, Bad, or Safe?

Comic, Security, Tech with tags: Add comments

Update Paradox

I am in a paradox this morning. I found myself managing a million friggin updates to various software and components.

There were the iPhone Apps (keep hoping that NetNewsWire will get stable :(), and the software updates, and the browser plugin updates, and the list keeps going on.

It is interesting, because at the same time, if I download an application that doesn’t tie into an auto-update framework, I get frustrated. I am maddened as I know that I won’t stay on top of the versions, and I shouldn’t have too!

So, I want all of my software to update, but I don’t want to be bugged all of the time. Hmm. How about silent installs? What if I could say for a set of apps “just keep these puppies up to date and don’t even bug me”. Maybe just a growl “hey, just so you know, I updated NetNewsWire to the latest point release, and if it isn’t working well, you can revert”. Having revert would be cool (but potentially more work).

But wait a minute, what if that happened and suddenly something stopped working, or I just didn’t like the new version? Well, revert can help there, but maybe you could have a setting where silent updates happen only for point releases.

What about security though? This would allow developers to sneak in some code without me even knowing! True. That sounds scary doesn’t it. However, isn’t that bogus? They could just put it in the new release and you would update anyway! I doubt you are cracking open the .exe to look for malicious code :)

The fact is that we rely on trust. We weigh up trust. And, I am willing to trust certain companies and people to do silent installs.

In fact, someone on the Gears team mentioned that they think it is the developers responsibility, and that it has to be taken seriously. What if there is a security breach? If you have the ability to push out a fix in short order, you can minimize the scope. Else, there will always be a serious of people who never upgrade and are taken over. How many 5 year old worms and viruses are out there that still propagate due to your aunt running Windows 98 with no changes to it. Ouch.

So, I am all for a change. Time to allow more silent upgrades. Developers, protect me, and don’t bug me all the time!

7 Responses to “Silent updates: Good, Bad, or Safe?”

  1. Alex Miller Says:

    AppFresh? http://metaquark.de/appfresh/

  2. Ross Boucher Says:

    One advantage of the trend towards web applications is not having to worry about this kind of thing. The app provider updates for you, whenever they’re ready; everybody immediately gets the new version. The only potential downside here is something changing that you don’t like — there’s no going back.

  3. Vezquex Says:

    Not quite, Ross. Browser caches don’t always update.

  4. Patrick Lightbody Says:

    Silent upgrades are my ideal choice for sure. I really don’t care unless it’s a BIG change. I’m definitely not worried about security. I’m not even worried about instability, since the developer will likely know to roll out a subsequent update to fix any bugs from the last update, so it should just work itself out without me even noticing it.

    At Jive I insisted they spend time on an automatic upgrade process. It’s not automatic, but it’s still way better than most enterprise software. They wrote a blog entry about it a while back here and InfoQ wrote one on the topic here. It’s kind of surprising how few companies “get it” when it comes to making users lives easier. Even Plaxo has a shitty upgrade experience on the Mac.

  5. dion Says:

    Thanks for the comments guys. I think that the browser has taught us that automatic upgrades are OK. However, when there are big changes, you still see responsible websites letting you take a sneak peak (e.g. the new Yahoo! Mail, the new Facebook, etc).

    Luckily, to try different versions, it can be as simple as trying a new URL and setting cookies.

    So, it seems to come down to minor vs. major changes. For minor ones, I want the developers to make the change.

    Imagine if you were on a website that had a XSS error and the developer couldn’t change it, and instead the user was asked “are you sure you want to go to a new webpage?”

  6. Justin Meyer Says:

    I think the Browser has taught us that automatic upgrades are necessary. Imagine if IE 6 was automatically upgraded by IE 7.

    There will always be people who want to turn off updates, visit websites with JavaScript turned off, etc. However, these people are typically more technical to begin with.

    I think it is the developers responsibility to act as a strong parent for the 95% of people who click “OK” without ever reading what the message says.

  7. Wendy Ragiste Says:

    Solution – everything works perfectly first time, is never hacked and never becomes obsolete. Simple, eh?

Leave a Reply

Spam is a pain, I am sorry to have to do this to you, but can you answer the question below?

Q: What is the number before 3? (just put in the digit)