Although this feature should be implemented in a very late stage of the development, thoughts regarding security need to be done already now.
It is advisable to “force” joe user to update his system if security fixes are out, else BeOS/Haiku (and I know, Zeta developers are reading this thread, too, so this message addresses you, too, yT ). The system should download and install security updates as soon as the user is online.
Why?
Look at windows - its autoupdate function was off by default, there are millions of zombie machines. And although M$ made auto-update with SP on by default, it still requires user’s confirmation to eventually be installed on the system. I personally don’t know any Windows user who even bothers to click on the autoupdate function.
The idea would be to reduce the number of unpatched machines to a minimum to increase common wealth.
But such autoupdate policy will require the maintainer to be very careful, if a patch f***s up the system, it is not good. To resolve this, a system should make a shadow copy of successfully patched (and original) files and put them into a different restore folder every time the system has been patched. Once user’s machine doesn’t run properly, he can draw back let’s say 2-3 months back.
Experienced users should have an option to turn off the autoupdate, Joes won’t even bother to do so.
And another idea would be RAM cookies to protect the system from overflows unless it has been already implemented. As soon as a cookie has been overwritten the system should manage to clear this part of RAM. This way the level of security against remote attacks will be raised.
Security is currently one of the main arguments why people take alternative systems.
It is advisable to "force" joe user to update his system if security fixes are out, else BeOS/Haiku (and I know, Zeta developers are reading this thread, too, so this message addresses you, too, yT :) ). The system should download __and install__ security updates as soon as the user is online.
Hell no.
Fixes of any type can have reprocussion in other areas of the system. This could theoretically kill some functionality (intentionally or not) that a user needs.
The only part of auto (by default) that should be implemented is that the system auto checks for updates and presents which ones are availible to the user. Then the user decides which ones to install.
Also, all updates should be able to be “rolled back” if need be.
Your presented “solution” can be problematic at best.
hmm, yes and no.
The pro is that Joe User will just ignore it. Don’t you believe it? Honeypot project could count over one million zombied machines in control of crackers. Much more are infected with Blaster and Sasser. And people don’t even think about it.
There is a possibility that a patcher creates shadows of previous versions on the file system. If something went wrong, the user can boot up from that system and uninstall the updates. BeOS PE is smaller than 50 megabytes, having such a backup system as a failsafe option is no problem.
hmm, yes and no.
The pro is that Joe User will just ignore it. Don't you believe it? Honeypot project could count over one million zombied machines in control of crackers. Much more are infected with Blaster and Sasser. And people don't even think about it.
There is a possibility that a patcher creates shadows of previous versions on the file system. If something went wrong, the user can boot up from that system and uninstall the updates. BeOS PE is smaller than 50 megabytes, having such a backup system as a failsafe option is no problem.
It is of course your decision
And that is there choice. I’ve ignored many “fixes” because it changed the way something worked and I would’ve had to alter multiple config files, etc. that there was not time for. Or it took away some needed functionality, etc. It was my choice to install or not and I accepted the possible reprocussions.
Also, there is always more than one way to fix something. So, why should the user be forced into an option that might prove detrimental to there system?
To suggest that the user be forced to install something that might screw up there system with the “justitification” that “they could just restore from a backup” (assuming there is one) or “they can just install from scratch” is ludicrous.
No user, not even one used to the constant M$ BS, would put up with that. You call this an improvment ?!?!?
hmm, yes and no.
The pro is that Joe User will just ignore it. Don't you believe it? Honeypot project could count over one million zombied machines in control of crackers. Much more are infected with Blaster and Sasser. And people don't even think about it.
There is a possibility that a patcher creates shadows of previous versions on the file system. If something went wrong, the user can boot up from that system and uninstall the updates. BeOS PE is smaller than 50 megabytes, having such a backup system as a failsafe option is no problem.
It is of course your decision
This has definitely been discussed (several times on these forums, and also in the mailing lists I believe) – and ultimately, I think this will be an option of the “distro-maker” who packages the OS with whatever additional applications. (please, don’t get into the whole “multiple distros are bad” thing… that’s been hammered to death also)
Ultimately, if there is a good package-management solution and a manual-update GUI with a backend that is scriptable - an auto-updater will probably show up on bebits in no time. This of course assumes that somebody sets up a website to host the updates in a standard place, but those are all things to determine later.
And honestly, do you think it will really matter in the first 2-3 years of Haiku’s existence?
Actually, auto updates and such are really addressing the smoke, not the fire. The real problem under Windows is that it ships with too many ports open/active (this is for the benefit of coorporate administrators looking after hundreds of machines). If no ports are open, the box should be imune to most worms, therefore it should never be infected by just plugging it into the network.
Applications which ship with the OS may end up being vulnerable, and these need updating. But there is no way in hell that I’ll allow an OS vendor to automatically update my favourite apps, since a few times the updated version is worse than the old version (on Windows, good examples of shitty newer versions compared to great old versions are WinAmp, Acrobat Reader, ACDSee etc). I may WANT to run an older version of an app, and a vendor has no say in what I CHOOSE to run on MY BOX.
User installed spyware is a different issue, and it’s impossible to prevent this. Auto update want do a thing to help you here.
In a nutshell, autoupdate is useless if the system ships with no ports open.
Actually, auto updates and such are really addressing the smoke, not the fire. The real problem under Windows is that it ships with too many ports open/active (this is for the benefit of coorporate administrators looking after hundreds of machines). If no ports are open, the box should be imune to most worms, therefore it should never be infected by just plugging it into the network.
Applications which ship with the OS may end up being vulnerable, and these need updating. But there is no way in hell that I’ll allow an OS vendor to automatically update my favourite apps, since a few times the updated version is worse than the old version (on Windows, good examples of shitty newer versions compared to great old versions are WinAmp, Acrobat Reader, ACDSee etc). I may WANT to run an older version of an app, and a vendor has no say in what I CHOOSE to run on MY BOX.
User installed spyware is a different issue, and it’s impossible to prevent this. Auto update want do a thing to help you here.
In a nutshell, autoupdate is useless if the system ships with no ports open.
Ports aren’t the only security problem in an operating system… potentially any common data-consumer may be easily vulnerable (libpng anyone?)…
I definitely disagree with your basis that open ports are the only thing insecure about an operating system… will haiku ship with a browser or an email client? - if they’re insecure, wouldn’t you expect an option to auto-update them for Joe User?
Just so it’s clear, I don’t auto-update any of my software either - I want to control what is updated, and when… but I can certainly understand the need for an auto-update feature. I wouldn’t expect it for R1, or even R2 – in fact, I don’t see much real need for an auto-updater until Haiku actually has significant market-share that it might become a target for exploitation - and even then, I’m not sure that it’s the responsibility of the Haiku team to provide that functionality as a core part of the OS.
Just so it's clear, I don't auto-update any of my software either - I want to control what is updated, and when... but I can certainly understand the need for an auto-update feature. I wouldn't expect it for R1, or even R2 -- in fact, I don't see much real need for an auto-updater until Haiku actually has significant market-share that it might become a target for exploitation - and even then, I'm not sure that it's the responsibility of the Haiku team to provide that functionality as a core part of the OS.
It depends. An auto updater should never be implemented. But an plain updater should.
All modern OS’s have one. Windows and MacOS are the two big boys and both have an update feature. I know first hand that the MacOS one just presents the user a list of what is availible and then the user decides what goes in. Hell, look at Debian with apt-get upgrade. OBSD is even starting to have some rudementary support for this in ports.
Basically, as I’ve said before, if Haiku wants to be considered a modern OS, it’s going to have to have an updater at some point. Even if it is just for convinience for the user.
ie people are far more likely to click update and decide what they want click install and let the program do the work than they are going to some website manually and checking for updates that they haven’t installed before (note that they’ll actually have to remember what they’ve installed before, version major, minor and patch level) manually download the package/tgz/etc, manually make backups if necessary and manually install it.
Seems to me that automating this process to a certain degree is desirable.
And the “logic” of we’ll do it right the first time (I believe it was even a dev who stated this) is flawed beyond belief. We are human, we err, period. It’s always nice to have an easy way to get rid of mistakes.
This would also be a great job for one or more people to do that want to help out but aren’t system programmers.
Just so it's clear, I don't auto-update any of my software either - I want to control what is updated, and when... but I can certainly understand the need for an auto-update feature. I wouldn't expect it for R1, or even R2 -- in fact, I don't see much real need for an auto-updater until Haiku actually has significant market-share that it might become a target for exploitation - and even then, I'm not sure that it's the responsibility of the Haiku team to provide that functionality as a core part of the OS.
It depends. An auto updater should never be implemented. But an plain updater should.
All modern OS’s have one. Windows and MacOS are the two big boys and both have an update feature. I know first hand that the MacOS one just presents the user a list of what is availible and then the user decides what goes in. Hell, look at Debian with apt-get upgrade. OBSD is even starting to have some rudementary support for this in ports.
Basically, as I’ve said before, if Haiku wants to be considered a modern OS, it’s going to have to have an updater at some point. Even if it is just for convinience for the user.
ie people are far more likely to click update and decide what they want click install and let the program do the work than they are going to some website manually and checking for updates that they haven’t installed before (note that they’ll actually have to remember what they’ve installed before, version major, minor and patch level) manually download the package/tgz/etc, manually make backups if necessary and manually install it.
Seems to me that automating this process to a certain degree is desirable.
And the “logic” of we’ll do it right the first time (I believe it was even a dev who stated this) is flawed beyond belief. We are human, we err, period. It’s always nice to have an easy way to get rid of mistakes.
This would also be a great job for one or more people to do that want to help out but aren’t system programmers.
So, let me clarify what I think you are saying:
An updater that automatically prompts you with a list of available updates is fine - as long as it doesn’t go and automatically install them without your confirmation first.
This I agree on, but then, I still consider this a feature of an “auto-updater” in that there is some daemon, or scheduled process running that will automatically go out and locate newer components for you…
The only small nuance here is that it shows you the list that you can select from before happily installing the updates for you…that’s literally a mouse-click away from doing exactly what you think is bad… and therefore, I’m sure someone will ask: “Hey, can I tell it to just always answer yes?” – and presto - the feature will be added, and the auto-updater will exist. I mean, technically, if the tool can do all that in the first place, and make it that easy for a user to install updates, it’s a no-brainer for the developer to add an option to continue without user-intervention, and I assure you, that feature will be added, but maybe not enabled by default.
An updater that automatically prompts you with a list of available updates is fine - as long as it doesn’t go and automatically install them without your confirmation first.
This I agree on, but then, I still consider this a feature of an “auto-updater” in that there is some daemon, or scheduled process running that will automatically go out and locate newer components for you…
That's about it. But, I would envision something like the mail daemon that intervals could be set, one of them being off.
umccullough wrote:
The only small nuance here is that it shows you the list that you can select from before happily installing the updates for you...that's literally a mouse-click away from doing exactly what you think is bad... and therefore, I'm sure someone will ask: "Hey, can I tell it to just always answer yes?" -- and presto - the feature will be added, and the auto-updater will exist. I mean, technically, if the tool can do all that in the first place, and make it that easy for a user to install updates, it's a no-brainer for the developer to add an option to continue without user-intervention, and I assure you, that feature will be added, but maybe not enabled by default.
True, people may ask. But requests can be denied.
A good explination for a denial of this feature is that the Haiku team doesn’t want to be blamed for any potential loss of data, loss of time for work because the user had to reverse an update at an inapporpriate time, etc.
Basically, the user may want this feature at first glance. But when it causes them problems, this feature is from the devil etc.
Something, IMO, that people should be prevented from doing. We must protect the user from themselves. I mean, how many people, even technically inclined, have lost a lot of data because they forgot to do a back up.
You do bring up a good point though. I’ll check my wifes powerbook and see if Mac’s has an auto feature and get back.
A good explination for a denial of this feature is that the Haiku team doesn’t want to be blamed for any potential loss of data, loss of time for work because the user had to reverse an update at an inapporpriate time, etc.
Basically, the user may want this feature at first glance. But when it causes them problems, this feature is from the devil etc.
Something, IMO, that people should be prevented from doing. We must protect the user from themselves. I mean, how many people, even technically inclined, have lost a lot of data because they forgot to do a back up.
You do bring up a good point though. I’ll check my wifes powerbook and see if Mac’s has an auto feature and get back.
Trying to protect the general public from themselves is a lost-cause… however, it can be made blatantly clear that if the user chooses to enable this feature, that they cannot guarantee that an auto-update will not potentially cause damage… I’m actually curious now whether other OSes have disclaimers or not on their updates… Considering that almost all EULAs disclaim any liability of the vendor – i would pretty much expect the same from a Haiku EULA (after all, you can’t guarantee there are ZERO bugs right?)
Trying to protect the general public from themselves is a lost-cause... however, it can be made blatantly clear that if the user chooses to enable this feature, that they cannot guarantee that an auto-update will not potentially cause damage... I'm actually curious now whether other OSes have disclaimers or not on their updates... Considering that almost all EULAs disclaim any liability of the vendor -- i would pretty much expect the same from a Haiku EULA (after all, you can't guarantee there are ZERO bugs right?)
But one must at least try.
I looked at MacOS’s updater and it have options to update daily/weekly/monthly. Notice that there is no off.
I think that this is fine. Though others will probably disagree.
Also, there is an option to just download important update (I read this as security related) and then the user is informed when that is done and it’s ready ot install. I assume at this point that user can abort.
I think that this is too far. Again, what if the user is doing something that is bandwidth sensitive ie video conferencing is getting more popular and a sudden choppy connection might be at exactly the wrong moment.
As for no bugs. We are human, we err. That simple. I have no doubt that the devs are doing as much as humanly possible to produce a bug free OS. But we all know that that ain’t going to happen. That’s why I support this updater.
The problem that I see is you need quite a lot of knowledge about your system to know if a particular update might cause you problems. For the average user, they would want to accept everything and would keep doing that until one patch screwed something up, at which point they would reject everything.
For a user who hasn’t got a clue how their system works, presenting them with a list of things that they have to decide whether or not should be updated is just another thing to add to the list of “annoying stuff my computer does”. I think having security patches automatically applied is probably a sensible idea. For other updates, I’m not so sure.
…because it needs a password to get onto the net. Forgot most people can’t use it like that. Its a bit annoying, because a requirement for work is to check websites in Safari 1.2.x as provided in 10.3.4, and I can’t use 10.3.8 because of that.
@tb100:
I suggest that you find a Mac running OSX and try it to see what it actually shows you ie It doesn't give exact details right off the hop.
@MYOB:
We aren’t talking about the firewall here. You firewall issues are moot to this discussion.
My point wasn’t anything to do with my firewall. It was that I don’t want OSX to be updated, as I need to test sites in older Safari 1.2 builds, and Apple have a nasty habit of silently updating them in OS point releases. The autoupdated can’t run, due to my firewall, and I’m thankful for that as I don’t fecking want to go above 10.3.4
@tb100:
I suggest that you find a Mac running OSX and try it to see what it actually shows you ie It doesn't give exact details right off the hop.
When was OSX the be-all and end-all of great design? The comments about it being annoying were confirmed on a TV program I saw a bit of (grumpy old women) where women were moaning about computers. One of the quotes was from an OSX user “the most annoying thing that happens is when I’m working on something else and a little box pops up saying there are updates available. Just go away!”
Users generally quite like to be in control. I think a simple email list wouldn’t be a bad solution - users get a polite message when they are in the process of reading messages saying “there is an update available [more details], click here to install it” and a web link. When downloading the OS, users are strongly encouraged to sign up to the list and can select which updates they want (security, other bug fixes, bundled apps, etc). Then updates being available doesn’t intrude on whatever else you are doing at the time, and yet the user doesn’t need to check a website manually, and is quickly informed of updates (most check email much more often than monthly, which you say OSX’s updater can be set to).
My point wasn't anything to do with my firewall. It was that I *don't want* OSX to be updated, as I need to test sites in older Safari 1.2 builds, and Apple have a nasty habit of silently updating them in OS point releases. The autoupdated can't run, due to my firewall, and I'm thankful for that as I don't fecking want to go above 10.3.4
I know your pain… working in an MS shop, one of the first things we have to do on test systems is turn off auto-updates so we can test our software in all windows configurations, including those that are unpatched.
I would disagree with the statement that users want to be in control of their computers. What would be a more accurate statement, IMO, is that users want to believe that they are in control. On a standard Windowsâ⢠box, the user is in control and they suck at it.
I think that the system should keep watch over its various components’ updates, but alert the user in a non-intrusive way. I am liking the Firefox update method: each watched component has a URL setting within it to check version numbers against and when an update is available a new icon appears on the menubar. Blue for standard updates and red for critical.
). The system should download and install security updates as soon as the user is online.