Thursday, January 29, 2009

Update Fail

I'm a big believer in silent autoupdates.

I know that it's a touchy issue, but I really believe that silent updates are the right thing for most users and for most software. Especially for consumer software connected to the internet, where security is especially important.

This dialog is an example of why. Today, Firefox showed me this, but since I was right in the middle of something at the time, I pressed "Later", without even really reading it.

(Note: I don't mean to pick on Firefox specifically. There is lots of software that works this way and it all irritates me equally. This just happened to be the occasion that finally pushed me to blog. Also, it's harder for Firefox to autoupdate due to the huge number of add-ons that are difficult to keep working across upgrades.)

Usually when I'm using my computer, I'm doing something, so I typically dismiss dialogs like this. I know it isn't the brightest thing to do, but my experience is that these things often take a long time, force me to restart, and result in incompatibilities.

I was talking about this yesterday with a friend and he put it well:

It's basically saying, "Dear Mr. Boodman: Would you like to deal with our problems right now, or with your problems?"

Like most people, I'm usually going to go with my problems.

I think it's the responsibility of the software vendors to keep their own code up to date. This is hard work, but the vendor is certainly better equipped to do it than I am.

The two places I feel that autoupdate might not make sense are Linux and corporate environments. I'm not hugely familiar with how Linux packages are kept up to date; I get the sense this still a largely manual process. But it seems like the distro might be better able to do autoupdates than the vendor, since the distro knows how to create binaries that will work best with the rest of the packages on the machine. In corporate environments, there is often an IT department whose job it is to keep your software up-to-date and functioning correctly.

Many people fear that software vendors would use autoupdate to install additional unwanted products on their machine, or to update to a new buggy version. This is certainly possible, but I think it comes down to an issue of trust. When you install software, you are making a conscious decision to trust its creator to treat your privacy, data, and machine with respect. This is just the way client software works. As long as your are already trusting the software in all these ways, why not also trust it to keep itself up to date? If the vendor abuses your trust -- by violating your privacy, stealing your data, hogging resources on your machine, or installing new buggy software -- then fine, be upset about that. But when implemented well, I think that autoupdate is a Good Thing.


Joe Walker said...

I think that what we need is undoable silent autoupdate.

Ted Mielczarek said...

Note that in Firefox 3 (which that update is offering you!) the update dialog doesn't show unless you've been idle for a while, so it should never interrupt you while you're in the middle of something. said...

The problem with this, is that most people don't want to install the update (especially if they have plugins, or other things that may suddenly "break" due to the update). Even as a System Administrator, we do thorough testing, and usually wait 6-8 weeks before installing any updates, or security patches, to give us time to throughly test all the patches in a "sandbox" environment to make sure that we don't introduce any new bugs, or incompatibilities to the system or network (or break things that currently work). Autoupdates is a nice concept, but it still needs to be approved and thoroughly tested, and anytime someone fixes one thing, they seem to break 10 more things.