Hacker News new | ask | show | jobs
by larsnystrom 3378 days ago
Of course I see the possibility of harm here, but really, isn't automatic updates pretty standard by now? I mean, it's got to be better than letting a large swath of users run old versions of the software because they don't know how/don't care to update it. I mean, isn't that the more severe security issue at hand?

And if you're conscious enough about your digital security that you really do mind Dropbox updating itself automatically, why did you install their app in the first place? The only OS I actually expect to protect me from the apps I install is iOS, and only in combination with the AppStore review process.

From what I hear, Apple's attempts at creating similar safeguards in macOS with the Mac AppStore has not been received that well with developers because of the restrictions sandboxing place on the apps.
2 comments
ddebernardy 3378 days ago
> because they don't know how/don't care to update it

In this case the reality probably is closer to: because they don't know they should be worrying about it.

(Sample of one, obviously, but I certainly didn't know I should, and yet never got any kind of notification to that effect until I sought to delete the app a few weeks ago.)

It's so matter of factly on consumer devices that things just update themselves or nag you to do it from time to time, that it somewhat boggles the mind that it wasn't automated.

link
disiplus 3378 days ago
i disabled the automatic update on my android device. i had a lot of apps installed and had the feeling something is updating all the time and trashing my battery life. and then there is problem that alot of times the new wersions are worse then older ones. i had the instance where newer versions of apps, had features removed because they now offer "pro" version, and also change the layout to cram more ads. so now im updating the app only if i notice that something is not working right.
link
apostacy 3377 days ago
Because I hate it when features are irreversibly changed, at random. Which is what happens with "evergreen" software. I don't care if it only happens occasionally. Never is better than occasionally.

I want the peace of mind to know that if something stops working, that it's not because of an update.

If you're going to introduce feature regressions, you'd better at least make it easy to undo them.

If you're going to make users update on your schedule, you'd better be really really good at making your updates smooth. Google can almost get away with this, but Dropbox, OneNote, Skype, and especially Firefox have introduced major bugs without telling me.

Firefox is the worst offender, because even if you explicitly disable automatic updates, it will just repeatedly download updater.app anyway. I discovered this when I had to fix something on a 3G cellular connection on a strict deadline. Another morning, I woke up to find a bell icon added[1] next to my clock, with no obvious way to remove it. It brought me back to the bad old days of Windows 98 where drive by installers would just add stuff to your computer. Eventually, I just chflags -R schg /Applications/, and ripped out all of the updater daemons out of frustration, and I'm happier ever since.

The thing I object to the most, is for software you already have installed to have features removed and replaced with a nag to buy back the features you just had before the update. LogMeIn's Hamachi app did that, but thankfully I keep backups. Or, a classic example from a long time ago, was iTunes 4.01, which had an "emergency" update for iTunes 4 that removed the local network music sharing feature. [2]

Think about what's really going on with the updating ecosystem we have. Are you really OK with software like the deceptively named "keystone agent" running as root, that can add and execute data anywhere on your filesystem? Google Drive and Google Earth will try to reinstall it if you remove it, and nag you with deceptive messages about how they need you to authorize superuser access for them so that they can run properly, when in reality they are just adding the updater daemon, which they do not require to function.

After having been burnt by new bugs, and outright dishonesty, I'm very careful now.

[1] http://osxdaily.com/2014/03/30/disable-chrome-notification-b...

[2] https://apple.slashdot.org/story/03/05/27/2114240/apple-upda...

link