|
|
|
|
|
|
by yarvin9
3897 days ago
|
|
|
Yes. And the same is probably true of the browser you used to post this. Also, the OS it's running on. It's the price of being "evergreen." It's worth thinking about why we've accepted this tradeoff. The cost of evergreen software is that we put all our eggs in one basket, and watch the heck out of that basket. The benefit is that we solve a huge set of system administration problems that would otherwise be ridiculously impractical. One metaphor I like to use is the difference between the Soviet and American design styles in aerospace. The Soviet way was to build systems with loose tolerances that worked okay even when parts were a little out of spec. The American way is to build systems with precise tolerances that work perfectly when everything is right, and fail catastrophically when it isn't. There's much to be said for the Soviet style, and indeed it might be summed up well in Postel's law. But as the problems you're trying to solve get harder (like keeping all the world's browsers updated), it doesn't scale very well. If we compare the problems we can solve with manual upgrades and Postel's law, to the problems we can solve with automatic upgrades and rigorous protocol validation, there's no contest. |
|
|
> Yes. And the same is probably true of the browser you used to post this. Also, the OS it's running on. It's the price of being "evergreen."
The OS, yes, to a certain extent. I don't think I've set up apt/cron-apt to automatically pull in stuff on (any of) my desktop(s) yet -- they tend to have a couple of bleeding edge repos enabled, and I often do not want even security updates at surprising times. Nothing like firing up your laptop on an airplane just to discover 3d acceleration no longer works because of a kernel security update (frequently for a local-only crash/exploit).
As for browsers, I'm mostly familiar with FF, and that usually prompts before update? I think you can set it to automatically update, though?
I do accept that trusting a single group of people to maintain the OS can be a good trade-off -- I trust Debian's Security team to do that. Sure, if they are compromised (or more likely, make a mistake) I'll suffer. But I'm not interested in having the small chance of key compromise be multiplied with all the (complex) software packages I use.
Also, for context, the same documentation clearly states "Urbit is not (currently) secure in any way" (or something to that effect), and in passing "if urbit runs as root". Well, apt-get does run as root, but a) it only runs automatically if I tell it to, and b) it's built on rather well-tested primitives (GnuPG etc).
So, having Urbit be notified of changes, and optionally automatically update sounds great, I'm not sure if I think "always automatically update" sounds quite as great. Especially if the stuff on which trust is built (encryption etc) is still considered unstable.
[ed: To be clear, the last bit, I like: "A normal Urbit user never has to think about software update." Key word being "normal". As Urbit is unstable, and everyone are developers and/or testers - there aren't (yet) any such "normal" users? ]