[colug-432] self-updating apps [was: Mozilla and Google conspiracy]

Rick Troth rmt at casita.net
Mon Oct 22 10:51:36 EDT 2012


I appreciate all the feedback, everyone.  Thanks.

Yes, I do need to upgrade.  (And did over the past couple weeks.)
Yes, vulnerabilities drive the upgrades.  But having been on both
sides of the "stability versus bleeding edge" coin, 3 years is not
always "ancient".  Varies widely with context.  I'm a web developer
too, but I'm on the server side.  Others on my team suffer the browser
headaches.

I'm more concerned about this:

>                         Meanwhile, current versions of both Firefox and
> Chrome now do automatic updates to keep the user current on
> security fixes and web standards. This is good for everybody.

I started to write a longer response, but then thought a little about
*why* the self-update feature worries me.  And Rob already suggested
one good alternative: rely instead on the distro update (or op sys
vendor update).  I got forced into a distro update anyway.

Short response:  Auto-update of applications is a bad idea.  Rapid
release is good/bad depending on context.  Auto-update of plug-ins is
less of a problem IFF they reside in "user space".  (eg: in the
"profile" hierarchy FF maintains; dunno how Chrome does it)

Longer response:  I find a philosophical change in software
deployment.  From my view, people are taking "agile" to places where
it doesn't scale.

This rapid release policy is more of a roller-coaster ride for those
who have (had?) a non-consumer handle on things.  (In the vernacular,
rapid release can lead to wrecks or could cause retching.  Really.)

CDs are cheap, but they're immutable.  The result is they can last as
long as you need them.  (Ignoring media decay issues, which are real.)
 The kind of rapid release we're seeing now with FF and Chrome doesn't
fit on CDs because it demands writeable storage.  (Doesn't this raise
a flag with anyone on the security front?)  It's only one example, but
it illustrates where RR breaks:  I can't stamp FF on a CD or thumb
drive.  Well ... I *can*, but the interdependencies are all borken.
And self-update butts heads against R/O residence.

I haven't burned a Knoppix CD in a long time.  I haven't needed to
play Knoppix since the mainline distros began the "Live CD" game.  But
surely we all appreciate having a reference copy ... something we can
depend on.  Pop it in, push power ... presto!  Once upon a time,
Knoppix would let you customize and re-burn.  Neat!  (I never did it
myself, sadly.)

There were bound to be problems when Linux got main stream.  Would
have thought it would be things like virus exposure ... not release
freqs.

-- R;   <><
'::1, sweet ::1'


More information about the colug-432 mailing list