Autoupdate on by default
Although this feature should be implemented in a very late stage of the development, thoughts regarding security need to be done already now.
It is advisable to "force" joe user to update his system if security fixes are out, else BeOS/Haiku (and I know, Zeta developers are reading this thread, too, so this message addresses you, too, yT :) ). The system should download __and install__ security updates as soon as the user is online.
Why?
Look at windows - its autoupdate function was off by default, there are millions of zombie machines. And although M$ made auto-update with SP on by default, it still requires user's confirmation to eventually be installed on the system. I personally don't know any Windows user who even bothers to click on the autoupdate function.
The idea would be to reduce the number of unpatched machines to a minimum to increase common wealth.
But such autoupdate policy will require the maintainer to be _very_ careful, if a patch f***s up the system, it is not good. To resolve this, a system should make a shadow copy of successfully patched (and original) files and put them into a different restore folder every time the system has been patched. Once user's machine doesn't run properly, he can draw back let's say 2-3 months back.
Experienced users should have an option to turn off the autoupdate, Joes won't even bother to do so.
And another idea would be RAM cookies to protect the system from overflows unless it has been already implemented. As soon as a cookie has been overwritten the system should manage to clear this part of RAM. This way the level of security against remote attacks will be raised.
Security is currently one of the main arguments why people take alternative systems.
Comments
Re: Autoupdate on by default
Hell no.
Fixes of any type can have reprocussion in other areas of the system. This could theoretically kill some functionality (intentionally or not) that a user needs.
The only part of auto (by default) that should be implemented is that the system auto checks for updates and presents which ones are availible to the user. Then the user decides which ones to install.
Also, all updates should be able to be "rolled back" if need be.
Your presented "solution" can be problematic at best.
And this has already been discussed at length before:
http://www.haiku-os.org/forums/viewtopic.php?t=197
Re: Autoupdate on by default
Agreed.
Autoupdate on by default
hmm, yes and no.
The pro is that Joe User will just ignore it. Don't you believe it? Honeypot project could count over one million zombied machines in control of crackers. Much more are infected with Blaster and Sasser. And people don't even think about it.
There is a possibility that a patcher creates shadows of previous versions on the file system. If something went wrong, the user can boot up from that system and uninstall the updates. BeOS PE is smaller than 50 megabytes, having such a backup system as a failsafe option is no problem.
It is of course your decision :)
Autoupdate on by default
And that is there choice. I've ignored many "fixes" because it changed the way something worked and I would've had to alter multiple config files, etc. that there was not time for. Or it took away some needed functionality, etc. It was my choice to install or not and I accepted the possible reprocussions.
Also, there is always more than one way to fix something. So, why should the user be forced into an option that might prove detrimental to there system?
To suggest that the user be forced to install something that might screw up there system with the "justitification" that "they could just restore from a backup" (assuming there is one) or "they can just install from scratch" is ludicrous.
No user, not even one used to the constant M$ BS, would put up with that. You call this an improvment ?!?!?
Autoupdate on by default
This has definitely been discussed (several times on these forums, and also in the mailing lists I believe) -- and ultimately, I think this will be an option of the "distro-maker" who packages the OS with whatever additional applications. (please, don't get into the whole "multiple distros are bad" thing... that's been hammered to death also)
Ultimately, if there is a good package-management solution and a manual-update GUI with a backend that is scriptable - an auto-updater will probably show up on bebits in no time. This of course assumes that somebody sets up a website to host the updates in a standard place, but those are all things to determine later.
And honestly, do you think it will really matter in the first 2-3 years of Haiku's existence?
Autoupdate on by default
Actually, auto updates and such are really addressing the smoke, not the fire. The real problem under Windows is that it ships with too many ports open/active (this is for the benefit of coorporate administrators looking after hundreds of machines). If no ports are open, the box should be imune to most worms, therefore it should never be infected by just plugging it into the network.
Applications which ship with the OS may end up being vulnerable, and these need updating. But there is no way in hell that I'll allow an OS vendor to automatically update my favourite apps, since a few times the updated version is worse than the old version (on Windows, good examples of shitty newer versions compared to great old versions are WinAmp, Acrobat Reader, ACDSee etc). I may WANT to run an older version of an app, and a vendor has no say in what I CHOOSE to run on MY BOX.
User installed spyware is a different issue, and it's impossible to prevent this. Auto update want do a thing to help you here.
In a nutshell, autoupdate is useless if the system ships with no ports open.
Autoupdate on by default
Ports aren't the only security problem in an operating system... potentially any common data-consumer may be easily vulnerable (libpng anyone?)...
I definitely disagree with your basis that open ports are the only thing insecure about an operating system... will haiku ship with a browser or an email client? - if they're insecure, wouldn't you expect an *option* to auto-update them for Joe User?
Just so it's clear, I don't auto-update any of my software either - I want to control what is updated, and when... but I can certainly understand the need for an auto-update feature. I wouldn't expect it for R1, or even R2 -- in fact, I don't see much real need for an auto-updater until Haiku actually has significant market-share that it might become a target for exploitation - and even then, I'm not sure that it's the responsibility of the Haiku team to provide that functionality as a core part of the OS.
Autoupdate on by default
It depends. An auto updater should never be implemented. But an plain updater should.
All modern OS's have one. Windows and MacOS are the two big boys and both have an update feature. I know first hand that the MacOS one just presents the user a list of what is availible and then the user decides what goes in. Hell, look at Debian with apt-get upgrade. OBSD is even starting to have some rudementary support for this in ports.
Basically, as I've said before, if Haiku wants to be considered a modern OS, it's going to have to have an updater at some point. Even if it is just for convinience for the user.
ie people are far more likely to click update and decide what they want click install and let the program do the work than they are going to some website manually and checking for updates that they haven't installed before (note that they'll actually have to remember what they've installed before, version major, minor and patch level) manually download the package/tgz/etc, manually make backups if necessary and manually install it.
Seems to me that automating this process to a certain degree is desirable.
And the "logic" of we'll do it right the first time (I believe it was even a dev who stated this) is flawed beyond belief. We are human, we err, period. It's always nice to have an easy way to get rid of mistakes.
This would also be a great job for one or more people to do that want to help out but aren't system programmers.
Autoupdate on by default
So, let me clarify what I think you are saying:
An updater that automatically prompts you with a list of available updates is fine - as long as it doesn't go and automatically install them without your confirmation first.
This I agree on, but then, I still consider this a feature of an "auto-updater" in that there is some daemon, or scheduled process running that will automatically go out and locate newer components for you...
The only small nuance here is that it shows you the list that you can select from before happily installing the updates for you...that's literally a mouse-click away from doing exactly what you think is bad... and therefore, I'm sure someone will ask: "Hey, can I tell it to just always answer yes?" -- and presto - the feature will be added, and the auto-updater will exist. I mean, technically, if the tool can do all that in the first place, and make it that easy for a user to install updates, it's a no-brainer for the developer to add an option to continue without user-intervention, and I assure you, that feature will be added, but maybe not enabled by default.
Autoupdate on by default
That's about it. But, I would envision something like the mail daemon that intervals could be set, one of them being off.
True, people may ask. But requests can be denied.
A good explination for a denial of this feature is that the Haiku team doesn't want to be blamed for any potential loss of data, loss of time for work because the user had to reverse an update at an inapporpriate time, etc.
Basically, the user may want this feature at first glance. But when it causes them problems, this feature is from the devil etc.
Something, IMO, that people should be prevented from doing. We must protect the user from themselves. I mean, how many people, even technically inclined, have lost *a lot* of data because they forgot to do a back up.
You do bring up a good point though. I'll check my wifes powerbook and see if Mac's has an auto feature and get back.
Autoupdate on by default
Trying to protect the general public from themselves is a lost-cause... however, it can be made blatantly clear that if the user chooses to enable this feature, that they cannot guarantee that an auto-update will not potentially cause damage... I'm actually curious now whether other OSes have disclaimers or not on their updates... Considering that almost all EULAs disclaim any liability of the vendor -- i would pretty much expect the same from a Haiku EULA (after all, you can't guarantee there are ZERO bugs right?)
Autoupdate on by default
But one must at least try.
I looked at MacOS's updater and it have options to update daily/weekly/monthly. Notice that there is no off.
I think that this is fine. Though others will probably disagree.
Also, there is an option to just download *important* update (I read this as security related) and then the user is informed when that is done and it's ready ot install. I assume at this point that user can abort.
I think that this is too far. Again, what if the user is doing something that is bandwidth sensitive ie video conferencing is getting more popular and a sudden choppy connection might be at exactly the wrong moment.
As for no bugs. We are human, we err. That simple. I have no doubt that the devs are doing as much as humanly possible to produce a bug free OS. But we all know that that ain't going to happen. That's why I support this updater.
If it's "easily" automated. Why not?
Autoupdate on by default
The problem that I see is you need quite a lot of knowledge about your system to know if a particular update might cause you problems. For the average user, they would want to accept everything and would keep doing that until one patch screwed something up, at which point they would reject everything.
For a user who hasn't got a clue how their system works, presenting them with a list of things that they have to decide whether or not should be updated is just another thing to add to the list of "annoying stuff my computer does". I think having security patches automatically applied is probably a sensible idea. For other updates, I'm not so sure.
Autoupdate on by default
OSX's firewall is off for me...
...because it needs a password to get onto the net. Forgot most people can't use it like that. Its a bit annoying, because a requirement for work is to check websites in Safari 1.2.x as provided in 10.3.4, and I can't use 10.3.8 because of that.
Autoupdate on by default
@tb100:
I suggest that you find a Mac running OSX and try it to see what it actually shows you ie It doesn't give exact details right off the hop.
@MYOB:
We aren't talking about the firewall here. You firewall issues are moot to this discussion.
Autoupdate on by default
My point wasn't anything to do with my firewall. It was that I *don't want* OSX to be updated, as I need to test sites in older Safari 1.2 builds, and Apple have a nasty habit of silently updating them in OS point releases. The autoupdated can't run, due to my firewall, and I'm thankful for that as I don't fecking want to go above 10.3.4
Autoupdate on by default
When was OSX the be-all and end-all of great design? The comments about it being annoying were confirmed on a TV program I saw a bit of (grumpy old women) where women were moaning about computers. One of the quotes was from an OSX user "the most annoying thing that happens is when I'm working on something else and a little box pops up saying there are updates available. Just go away!"
Users generally quite like to be in control. I think a simple email list wouldn't be a bad solution - users get a polite message when they are in the process of reading messages saying "there is an update available [more details], click here to install it" and a web link. When downloading the OS, users are strongly encouraged to sign up to the list and can select which updates they want (security, other bug fixes, bundled apps, etc). Then updates being available doesn't intrude on whatever else you are doing at the time, and yet the user doesn't need to check a website manually, and is quickly informed of updates (most check email much more often than monthly, which you say OSX's updater can be set to).
Autoupdate on by default
I know your pain... working in an MS shop, one of the first things we have to do on test systems is turn off auto-updates so we can test our software in all windows configurations, including those that are unpatched.
Autoupdate on by default
I would disagree with the statement that users want to be in control of their computers. What would be a more accurate statement, IMO, is that users want to believe that they are in control. On a standard Windowsâ⢠box, the user is in control and they suck at it.
I think that the system should keep watch over its various components' updates, but alert the user in a non-intrusive way. I am liking the Firefox update method: each watched component has a URL setting within it to check version numbers against and when an update is available a new icon appears on the menubar. Blue for standard updates and red for critical.
Autoupdate on by default
I work with web development, hence the need to test old browsers - not that an early 2004 browser is old - but Apple have done a lot to it recently
I'm meant to test in Safair 1.0 though, but I've no suitable box... so I use Konqueror 3.0 instead - similar age, same renderer.
Autoupdate on by default
Never said it was the end-all of great design. I just like it and it's the most modern updater that I'm familiar with given that I've basically liberated myself of windows.
If you have another updater that you'd like to compare then feel free to do so, but DON'T complain about others talking about one if you aren't going to suggest one yourself.
\begin{sarcasm}
Oh, wonderful! It's been confirmed by TV. Because we all know how reliable TV is. No, TV is *never* wrong, never bias.
\end{sarcasm}
If they don't want it to show up often, then turn down the frequency.
I disagree entirely. Users don't want to be in control. They want things to work the way that they want them to work at that exact moment they want them to work.
Unfortunatly, how the user thinks things should work isn't how things actually work. Also, how the user thinks things should work typically changes from moment to moment. So, the user usually gets fustrated when it doesn't do what they think it should be doing, when all it is doing is behaving properly.
Thus the problem of the user.
Bad idea.
IF a user signs up for the list (which is unlikely as most users won't know how and won't lookup how to do it because that would waste there presious time) they would still, after getting a message, have to click the link and wait (which they won't want to do "now" because there time is so precious). Thus, they put it off until a more convinient time, which they'll forget to do in the end.
Also, given an email list, the user WILL (it is unavoidable ie how many have you gotten *today*) get a message that will claim to be from the Haiku list, but it won't be. It'll actually be from some malicious cracker doing something terrible. They click the link and bam, bad things happen.
Email list control for something like this is asking for trouble. And this IS something that users fall for again and again and again....
Now, if the problem here is (which is what you suggest) the way in which the alert is given to the user, why the hell are you changing the entire system?!?!? Why not just change the part of the system that bothers users (some at least).
h_ank cited a great example. As an addition, perhaps in the case of a critical update, the red thingy could start flashing (not constantly, but in intervals) after a day or so to remind the user of its importance.
Autoupdate on by default
I like h_ank's idea - good case for deskbar replicants.
SigmaNunki, you seem to have a way of writing that turns everything into an argument. You are very fond of telling people what they are not allowed to say in threads. Quite frankly I've had enough of it and am not going to respond to your post.
All I will say is I accept your point on fraudulent emails is a good one that I hadn't considered.
Also there is a case for only downloading when the user asks for the download to happen - someone else mentioned the effect it can have on things like streaming media.
I can imagine your reponse already:
Autoupdate on by default
Indeed :)
My job is to write clear posts that get my point across, which I think I do effectively. I admit that my tursness can be interpreted as rudeness and I try to watch that, albeit, from what you've written here, I've been rather ineffective lately.
But, I never tell people what they can and cannot say in threads. This, you've made up.
I also might add that you've stated some pretty aggressive confrontational things in this thread as well.
Also, if you know that it's my way of writting that "turns everythin into an argument", why can't you just take the content of my post at face value and ignore the delivery method?
From what you've written in this thread, it'd be easy to come to the conclusion that you're an extremist of sorts. What I mean by that is if you don't like something, then it has to be thrown out and something new has to replace it (or just not replace it). ie The Mac updater is flawed in one way so toss it and here's my idea. Also, I don't like the delivery method of your posts so I'm just not going to respond no matter how much sense the content makes.
Thank you.
Actually, that was me.
You claim to be taking the moral high road, and yet you post something like this... interesting.
Autoupdate on by default
These are taken from the last two threads you have posted in:
I absolutely agree that sometimes things have to be said to keep threads on track, but also recognise that sometimes valuable points can be made if threads are allowed to wander slightly off-topic. Wandering off-topic is something we're both guilty of here, however, and this particular tangent is not going to contain anything at all productive. :P
I've actually said very little in this thread. On the first page I made a point that having update notifications pop up in the middle of doing something else is annoying for most users, and that most users wouldn't know the potential issues an update could cause so giving them the choice is often yet another confusing thing for them. Your only response was that I should go and look at OSX, which also suffers from both the problems. That drew the statement I assume you call aggressive and confrontational: "When was OSX the be-all and end-all of great design?". The reason I wrote it was out of frustration at your previous dismissive post that dealt with none of the issues I had raised. I went on to explain that the issues I mentioned were also a problem with the OSX updater, and suggested a possible different solution.
Frustration. I get frustrated at the tone of the posts and then lose any interest in replying to the content. Often you respond to people's suggestions here. Sometimes the original poster sees you have good arguments and doesn't bother replying. Sometimes they probably don't reply just because they lack the energy for the argument that seems inevitable.
There is definately value in looking at the best parts in other solutions from other OSes. There is also value in looking for completely new solutions. My posts with suggestions are never intended as "the answer" - more as a starting point for discussion, suggesting something that even if it doesn't quite work could maybe trigger something else in someone else's mind.
It was an (admittedly poor) attempt at humour. All it shows is the frustration with which I had read your disparaging, sarcastic reply to my previous post. It was not a "nice" thing to say, I apologise if it caused any offence. I never claimed to be doing the moral thing though, I just wanted to post an explanation for why you should not expect a detailled reply.
Hope that clears stuff up.
Simon
Autoupdate on by default
Yes, and you see the result of non-SP1 Windows machines - the autoupdate downloaded updates, showed that some are available and waited for user's input to install them. I personally know only one single person who knows what an update is and updates his windows machine and believe me I have to run through the city like an idiot (well, semiidiot) and reinstall every single windows box because the first got a trojan over the jpeg parser, the next has good old msblaster, the third uses unpatched IExplore and so on.
The first question: what is that icon all about in the tray?
The reply: dunno, what is it for?
- it is to make sure that you can browse the internet safely. As soon as you see that icon, press it and install it.
- ok, I'll do, I WILL do that every time.
2 weeks later ... The same person tells me "I got a trojan". "Why?" "Visited a so-called-cracks-site-to-find-aspirin-for-winrar."
I ask:"did you use the autoupdate function?"
Reply? "What is an autoupdate function"
2 weeks later the same.
Semiidiot because I get some money for that every time, but I feel myself as an idiot every time because it is every time the same - people ignore the autoupdate function. They ignore the baloon tips (or turn them off), they don't read them, they just press X.
Firefox? I managed to convert ~ 80% of my "customers" to firefox. There is that nice autoupdate function - get glock. Well, yes, I come and update the application, not the users because it is a yet-another-unneeded-icon-on-the-interface.
The Idea I had: the system holds a shadow of its default installation (BeOS is not big, if you'll strip the binaries, Haiku shouldn't either ;) ) and a shadow of last working system before a patch. Once it has been patched and the system dies, the user still has 2 failsafe options to boot from and there he can use a function to return to one of the states. Whereby: the autoupdate is ON by default, who wants, turns that OFF. It is optional, but ON by default.
Why? Ever read the art of deception? "The human is the weakest element in computer security" A human is lazy, gets used to something very fast (Internet Explorer Users), doesn't want to learn or try something new and fears something new. It lies in every single human, but one has more of this factor, the other less. In computer world the developers and beta testers are the ones who don't fear problems and learning something new.
On the other side there is a majority of people who want to click their buttons and won't even bare to think why there is an additional button on the interface he never used before. Actually, he will never use it unless it blinks "click me to get 100 bucks". Why? Because it raises interest. But a boring "updates can be installed now" non-eye-catching statement doesn't cause any interest, people just proceed with their work because they don't even know what an update is or what it is good for or they have the feeling that their system already now runs smoothly and they fear encountering problems with new updates.
The autoupdate system I describe here is only for high-to-critical security updates, not for a cdrecord upgrade from version 6.7.8.9-1234-0.1 to 6.7.8.9-1234.0.2, that is not what I want to.
Even TinyWeak ones understood that and the service packs activate autoupdate by default, they learned from their own mistakes, but people who want to control their own system didn't get it.
It is not about version controlling. Who wants to update from one version of an application to another one just because there are more features, he should do that manually, but critical updates should be installed automatically.
And as it looks now: SuSE, Mandrake and all others are doomed as soon as Linux achieves a big userbase since no of the systems have newbie-proof autoupdate system.
I hope this thread shows my intention
Autoupdate on by default
You're _sooo_ wrong. In windows the user is NEVER in control. Microsoft is - this is true even with old windows versions incl. the 16bit 3.1x. If the user is in control on windows, it is not a standard situation, and they are without a doubt extremely geeky - because nobody but a geek can figure out how to take full control over windows.
There are no good things about windows, but the probably worst part of windows is that it's extremely difficult to manage properly compared with OS'es like DOS, OS/2, Linux, Mac (classical as well as OS X - the latter one being quite stable - a mac no longer crashes just because I'm entering the room :P )
Your idea about the Firefox-method isn't so bad. The redhat up2date-function is pretty much a like, except that blue means no updates available and red means there are updates. However - there are no popup-thingies as in windows - just a red blinking icon - annoying enough to be noticed, but that's all. Just slightly annoying. The user can ignore it or not. And that's the whole idea.
Autoupdate on by default
Heh.. this is to be in control. When things work the way I want it to work at that exact moment I want them to work - then I'm in control. When said things don't work as I want them to in that exact moment - then I'm not in control.
Ergo: Users like to be in control (you said it yourself - just backwards :P )
Autoupdate on by default
I believe the argument is: Users are LAZY - if it works the way they want, and the "situation is under control" -- they don't care who's controlling the situation, as long as it doesn't cause them any grief.
Autoupdate on by default
When I said users like to be in control, I obviously didn't mean they like to have exact control of which part of physical RAM each program is stored in, how CPU time is divided between apps, etc. I meant something more like they like to understand what's going on, and know that whatever is going on is going on because they asked for it.
I agree with Mr.Jones that what I mean by being in control is the same as what sigma_nunki means by it.