K-Squared Ramblings

Apple Updates Software Update, Addresses Criticism

In conjunction with the Safari 3.1.1 security release, Apple has also released a new version of Apple Software Update for Windows. With version 2.1, they’ve taken the opportunity to fix one of the problems that caused so much criticism last month.

It now shows two lists: one for updates, and one for new software. This takes care of one of the three easy steps that I culled from discussions back in March:

1. Separate updates from new software and label them clearly. Done.
2. Leave the new stuff unchecked by default. Bzzzt! Try again!
3. When run automatically, don’t pop up a notice more than once for each piece of not-installed software. [Edit:] Done.

Unfortunately the new software is still checked by default, but one hopes that the separate list would be enough to make people stop, look, and make a conscious choice as to whether or not to install it.

I don’t know yet how it handles new software when run automatically, or whether they’ve made the ignore option apply to an entire piece of software rather than a specific installer. I’ve taken iTunes off the ignore list and set it to check daily so that I can find out. [Edit:] I haven’t seen it pop up in the last 24 hours, and according to eWeek, “Apple will now only prompt the user if there are critical security updates available.”

Read the rest of this entry »

Apple Software Update: a Simple Solution

I appreciate the fact that Apple provides a single updater for all their Windows software. It’s nice to consolidate things a bit with the profusion of updaters for what seems like each and every application (sort of like how every mobile device seems to need its own charger). But it has its flaws. I’ve mentioned some broken UI design, but the most annoying thing is that it tries to install new software instead of just updating what you have.

At work, I have QuickTime and Safari for development purposes. I don’t have iTunes. I don’t need it. I don’t even have speakers hooked up to the computer. But every time a new version gets released, it shows up in the Apple Software Update list, and I have to tell it to ignore it until the next time they update iTunes.

Now that Safari for Windows is out of beta, it’s doing the same with Safari*. And people are complaining. People like John Lilly, CEO of Mozilla, who sees it as an anti-competitive measure that dilutes users’ trust in software updaters.

Personally, I think there is a problem, but I hardly expected it to turn into the firestorm it has, with Asa Dotzler, c|net, digg, Techmeme, [edit] and now Slashdot, [edit 2] Daring Fireball and Wired (it just keeps going!), and dozens hundreds of commenters entering the fray.

There’s a simple solution, and it’s one of those rare cases where Microsoft gets something right in their software that Apple gets wrong.

1. Create a separate section for software that isn’t already installed, and label it clearly. It can be in the same list, as long as there’s a separation and a heading.
2. Leave the new stuff unchecked by default.
3. Added: If set to check automatically, don’t pop up a notice more than once for each piece of not-installed software.

That’s it. Done. Apple still gets to leverage their installer to make people aware of their other apps, but there’s no chance of someone accidentally installing Safari (or iTunes) by accident because they didn’t read the list too closely. Take a look at Microsoft Update and how they (currently) offer Silverlight. It’s in a list of optional software, and it’s not checked until you choose it.

That’s all this really comes down to: sensible defaults and proper labeling.

*I have to admit getting a kick out of the title, “Apple pushes Safari on Windows via iTunes updater,” because my problem is that they’re pushing iTunes on Windows via their Safari updater. It’s a matter of perspective.

Updating Again: WordPress 2.3

Well, I’ve updated the site to Wordpress 2.3. Let me know if anything’s broken.

The closest thing to a problem was just that I didn’t know I had to run the tag importer manually. I assumed it would be run during the upgrade. No biggie, I went to Manage/Import, ran the importer for Bunny’s Technorati Tags, and waited a few seconds. (I already knew I’d have to adjust the theme.)

I guess fewer things can go wrong if it waits for you to tell it which tag format to import, the one time you actually need it to, instead of having the updater try to guess between 5+ structures (and no structure!) every single time you update for the foreseeable future.

Anyway, I’ll probably be trying out some new themes over the next few days, so don’t be surprised if the site changes appearance wildly. It seems about time for a change.

Theme Testing:

• Blue Box, with a custom logo & splash image (one of our photos from Waikoloa) & some minor tweaks. (Sep. 24)
• Still tweaking Blue Box. Trying to condense the extraneous splash image with the title bar. (Sep. 25)
• I think I’m going to stick with this theme for now. I’ve added some workarounds for IE6 to (mostly) handle the changes I made. (Sep. 26)

To do: small-screen compat, put recent links back in the sidebar, fix the duplicate IDs in the Links widget. Maybe clean up the 60-item list of monthly archives. (Sep. 27)

• Cleaned up the giant archive list via Flexo Archive Widget. Unlike others I’ve tried, this one won’t hide all the links if JavaScript is disabled. (Sep. 29)

Patch…Friday?

I suppose it’s best to release the security fixes when they’re ready, because any time you pick is going to be inconvenient for someone, but lately it seems like Friday is suddenly in style.

Last Friday saw the release of PHP 5.2.4, on the Friday before—in the US, anyway—a 3-day weekend. This morning Apache released security updates for all three supported branches of their webserver. And this evening—yes, Friday evening—WordPress 2.2.3 came out.

Which reminds me, I’m going to have to start looking at the betas for WordPress 2.3. I think it’ll be a good time for a redesign. Maybe pick a new theme and tweak that one, maybe try my hand at actually designing one. I wonder if the new tagging system can import Bunny’s Technorati Tags.

Most intrusive PC upgrades

Just some thoughts on the top 3 most intrusive pieces of computer hardware to upgrade or replace:

1. Case: You have to take everything out, completely disassembling the machine.
2. Motherboard: Disconnect every data cable, pull out every card, and sometimes even move the spacers that connect it to the case.
3. Power Supply: Disconnect power from every drive and from the motherboard, and possibly move stuff out of the way so you can get at the power supply.

Then, of course, you need to do the whole thing in reverse.

One reason I haven’t upgraded my processor lately (a simple procedure by itself) is that whenever I do, it seems to need a new socket, which means getting a new motherboard. Which also needs new memory…

Upgrading again: WordPress 2.2

Well, WordPress just released version 2.2 with a bunch of new stuff. I’ve upgraded the blog, and things seem to work so far — even on PHP5! They also included my workaround for the RPC bug in PHP 5.2.2.

I also upgraded the comments preview plugin, which now uses the actual post+comment page to show you the preview instead of showing a page that’s almost the same, but sorted in reverse.

At some point I need to test current versions of WP-Cache again, and see if WordPress’ internal cache works with PHP5 yet. And maybe it’s time to try a new theme. I’ve been tweaking this one pretty much since WP 2.0 came out.

When tags vanish

Since upgrading to WordPress 2.1.3 a few days ago, I’ve noticed tags disappearing on some of my posts. I currently use Bunny’s Technorati Tags, which stores them in custom fields.

It turns out there’s been a known problem since WordPress 2.1 was released two months ago. Some plugin hooks have changed, and plugins that used to only get called during post editing are also getting called during comment publishing. I grabbed an updated version of the plugin, and it seems okay now.

Oddly, most (but not all) tags survived unscathed during the two months running earlier 2.1 releases. It’s only since moving to 2.1.3 that it’s been consistent. Oh, well, at least it prompted me to find the fix.

WordPress 2.1.1 Security Alert

Sometime in the last 3-4 days, someone managed to alter the download for WordPress 2.1.1, adding a remotely exploitable security hole. The WordPress team has declared the release “dangerous” and has issued an update, WordPress 2.1.2, taken from the clean source plus a few fixes. If you run WordPress 2.1.1, upgrade ASAP!

Things worth noting:

• The SVN source that the developers use was not altered.
• Older versions, such as 2.0, don’t seem to have been affected.
• If you downloaded 2.1.1 when it was first released, it’s probably okay.
• 2.1.2 also includes a fix for a cross-site scripting vulnerability discovered a few days ago, so it’s worth updating anyway.

I still had the tar archive of 2.1.1 from when I grabbed it the day of the release, so I compared its contents to the 2.1.2 archive. The two files mentioned in the announcement, feed.php and theme.php, aren’t any different, confirming that the initial release was unaffected. That’s also where I saw the changes for that XSS bug.

*sigh* It’s always something…

WordPress Broken on PHP 5.2 Again

Upgraded to WordPress 2.1.1. Supposedly should’ve fixed the PHP 5.2 problems. In reality, they’re worse unchanged. Bug 3354 is marked fixed, but it seems to have only been fixed on the 2.0 series. Read the rest of this entry »

WordPress 2.0.7 security & feed fix

Just upgraded to WordPress 2.0.7. It fixes a security issue with certain versions of PHP, and it also includes the fix for the feed problem in 2.0.6 and a couple other minor fixes.

According to the announcement, WP 2.1 should be out by the end of the month. Looks like it’s almost time to see how many of my customizations will work with the new version.

Pumpkin Patch Day

Well, it’s the second Tuesday of the month. With Microsoft’s regular update cycle, that makes it Patch Tuesday.

It’s also October, the month leading up to Halloween.

I hereby declare today to be Pumpkin Patch Tuesday.

Update: Mozilla’s Josh Aas has carved the perfect pumpkin to go with this declaration.

Incremental Updates and the Problem of N+2

There are two main ways to handle software updates: provide an updated installer, or provide a smaller updater that only includes the changes. (Either method can be automated.) Incremental updates have advantages, especially if you’re dealing with something as massive as, say, World of Warcraft, or Microsoft Office. But they do make things more complicated for the publisher.

One problem is the upgrade path. It’s one thing to provide an updater that goes from version N to version N+1. But what if someone doesn’t run the updater until N+2 is available? Or worse, N+3? Read the rest of this entry »

PHP Upgrade

I’ve upgraded the server to PHP 5. As with last week’s MySQL upgrade, if anything seems broken, please comment about it here. If you can’t comment, email me at webmaster at this domain name.

Update: It looks like something in my setup disagrees with the combination of PHP 5 and WP-Cache 2. Pages were turning up blank the first time they were loaded, then perfectly OK the second time. Oddly, it was working fine under PHP 4.4, MySQL 5, and WordPress 2.

MySQL Upgrade and Caching

Finally upgraded this server to the latest MySQL 5.0 from the ancient, ancient MySQL 3.23 that RHEL3 still uses. Also turned on WP-Cache 2 since Bad Behavior is supposed to work with it now. (Though I’m a bit concerned about the Encrypted Payload feature in Spam Karma.)

If anything seems broken, comment about it here. If you can’t comment, email me at webmaster at this domain name.

Reinventing the Upgrade Wheel

The internet is a hostile place. Viruses, worms, and worse are constantly trying to break or break into your computer. Software developers are constantly fixing the holes that can let them in. It’s become critical to keep your system up to date. Unfortunately this can be very frustrating, even for a power user, for one simple reason: you have to keep track of each program individually.

Sure, the operating systems have their own centralized places. Microsoft has Windows Update, and Apple has Software Update. But every application that exposes itself to the network directly or opens untrusted files has to be updated, and there are many that aren’t part of the operating system.

So Symantec has Live Update. Real Player has its own updater. iTunes and QuickTime for Windows can update themselves. Adobe Reader has an update function. Firefox is redesigning its update system. Games check for updates when they connect to the network.

But wouldn’t it be nice if Windows would grab the Acrobat updates overnight, instead of waiting until the next time you launched it? Wouldn’t you like to be able to patch everything on your system at once and just not worry about it? As a software developer, wouldn’t you like to be able to let someone else deal with the update problem instead of re-inventing the wheel yet again?
Read the rest of this entry »