Comments on: Reinventing the Upgrade Wheel http://www.hyperborea.org/journal/archives/2005/06/23/reinventing-the-upgrade-wheel/ Sci-fi, comics, humor, photos...it's all fair game. Fri, 20 Nov 2009 23:03:41 -0800 http://wordpress.org/?v=abc hourly 1 By: Kelson http://www.hyperborea.org/journal/archives/2005/06/23/reinventing-the-upgrade-wheel/#comment-40621 Kelson Mon, 24 Mar 2008 16:30:39 +0000 http://www.hyperborea.org/journal/?p=951#comment-40621 So how would these severe penalties apply to an open source project that has, say, half a dozen developers but no company? Are they individually liable? That would make getting involved in the process a bit risky, wouldn't it? And speaking of open-source development, would a project/company be liable for <em>every</em> release, including unfinished versions pulled off of their publicly-available versioning system? Or only for "final" versions? We'd see a lot more perpetual betas, I think. So how would these severe penalties apply to an open source project that has, say, half a dozen developers but no company? Are they individually liable? That would make getting involved in the process a bit risky, wouldn’t it?

And speaking of open-source development, would a project/company be liable for every release, including unfinished versions pulled off of their publicly-available versioning system? Or only for “final” versions?

We’d see a lot more perpetual betas, I think.

]]> By: Chris Quirke http://www.hyperborea.org/journal/archives/2005/06/23/reinventing-the-upgrade-wheel/#comment-40619 Chris Quirke Mon, 24 Mar 2008 13:03:15 +0000 http://www.hyperborea.org/journal/?p=951#comment-40619 The problem is with the "ship it broken, fix it later" mentality. You have 50 vendor's sware installed; do you have 50 different updaters? What about scumbags like Apple, who shovel unwanted software as "updates"? So you suggest having an OS updater that also pulls updates from an unbounded set of "software vendors". What's wrong with that picture? The risks of having your code base changed at the whim of software vendors is two-fold. First, by definition, a vendor that has to push fixes is a buggy vendor. If buggy code is pushed out to the whole userbase within 24 hours, the result can be widespread system failures or other DDoS effects. Second, who is to say what is a "vendor"? How well do vendors protect their update systems against malware hi-jack? If malware enters any one vendor's "update" channel, the result is instant mass infection that drills right through your defenses. When there's a single OS update system that accepts "updates" from anything that calls itself a software vendor, the risk increases, because now there's a single point of possible exploitation. Nope, the only real answer is to severely penalize software vendors who screw up. Let them carry the full cost of product recall, rather than get away with popping code on a server and expecting users to pull it down. That's the only way you can definitively fix this mess. The problem is with the “ship it broken, fix it later” mentality. You have 50 vendor’s sware installed; do you have 50 different updaters? What about scumbags like Apple, who shovel unwanted software as “updates”?

So you suggest having an OS updater that also pulls updates from an unbounded set of “software vendors”. What’s wrong with that picture?

The risks of having your code base changed at the whim of software vendors is two-fold.

First, by definition, a vendor that has to push fixes is a buggy vendor. If buggy code is pushed out to the whole userbase within 24 hours, the result can be widespread system failures or other DDoS effects.

Second, who is to say what is a “vendor”? How well do vendors protect their update systems against malware hi-jack? If malware enters any one vendor’s “update” channel, the result is instant mass infection that drills right through your defenses.

When there’s a single OS update system that accepts “updates” from anything that calls itself a software vendor, the risk increases, because now there’s a single point of possible exploitation.

Nope, the only real answer is to severely penalize software vendors who screw up. Let them carry the full cost of product recall, rather than get away with popping code on a server and expecting users to pull it down.

That’s the only way you can definitively fix this mess.

]]> By: Apple Software Update: a Simple Solution | K-Squared Ramblings http://www.hyperborea.org/journal/archives/2005/06/23/reinventing-the-upgrade-wheel/#comment-40562 Apple Software Update: a Simple Solution | K-Squared Ramblings Sat, 22 Mar 2008 01:03:51 +0000 http://www.hyperborea.org/journal/?p=951#comment-40562 [...] single updater for all their Windows software. It’s nice to consolidate things a bit with the profusion of updaters for what seems like each and every application (sort of like how every mobile device seems to need [...] [...] single updater for all their Windows software. It’s nice to consolidate things a bit with the profusion of updaters for what seems like each and every application (sort of like how every mobile device seems to need [...]

]]>