Hehe, you want forces updates, and I just had to calm down a few people
who were throwing tomatoes at me and Mozilla because we are silently
installing software (updates) on their computer, while they just want to
be warned and then download and install the update when they like. Those
people were arguing that it's a privacy intrusion to install anything on
their computer without their knowledge.
I wonder what they would say to that proposal of forced updates. ;-)
Robert Kaiser
I would imagine that these people would be eager to opt out of a silent
update system. However, I think the majority of users would prefer an
application that doesn't bother them with what they view as little details
(where a little detail is a minor update, major updates that include UI
changes are different). We get a lot of complaints that Firefox updates too
often, people can't see even see the difference with the new version (it was
actually a security patch), that we change our mind too much and should just
ship one version (it was actually a security patch), etc.
For Firefox 4 minor updates will occur automatically. Users can change the
setting in Options > Advanced > Update. We'll only be using the major
update dialog box for changes like 4 to 4.5 or 5. Unfortunately users will
still see the updating progress bar on load, but this is an implementation
issue as opposed to a UI one (ideally the update could be applied in the
background). We will also be able to prompt the user if they haven't
restarted in a very long time and there is a particularly bad security
vulnerability that need to be patched.
-Alex
> _______________________________________________
> dev-apps-firefox mailing list
> dev-apps...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-apps-firefox
>
The last Chrome version update was a very fast by user, thx by
automatic updater. I think this is a great idea. 2010
So, remain the compromise update?
I totally agree with them!
I don't even let Microsoft do that!
> I wonder what they would say to that proposal of forced updates. ;-)
>
> Robert Kaiser
Nothing nice.
As for individual applications, the application itself is the one that
decides what the default behavior is even with the silent update
functionality that I am working on. Also, the update xml for advertising
updates to the client has changed on trunk so applications can require a
client notification for an individual update even if the client settings
are to download / apply the update without notification.
Robert
Robert
I fully agree with you - as long as we can cater well to both those
groups, I think it should work well. :)
I just found it so interesting to come directly from the discussion with
that other group to that posting here suggesting the direct opposite. ;-)
Robert Kaiser
It really doesn't matter which way you go with this, you will stir up a
storm of protest. Some people NEVER want to update, others want every
update, with no effort on their part, and others want control of what
updates are done, and when. I feel like security updates should be
automatic, but this may not be feasible, given that some users are still
several releases back for their main program.
While I care and would opt-out of such a system in order to make sure
I maintained full control over my system. Most users don't care and
thus those users should be silently updated.
Add the feature, make it an optional like Blackbox said, add it to the
release notes. Then, on the "Firefox updated"/"Welcome to Firefox
4.0!" page when 4.0 is first started/updated, announce in big bold
letters: "Make sure you read about all the new features in the RELEASE
NOTES! DO IT! DO IT NOW!!"
Of course that might be going a little bit overboard but if users
choose not to read about the "new features", that's their problem.
Seriously.
> Add the feature, make it an optional like Blackbox said, add it to the
> release notes. Then, on the "Firefox updated"/"Welcome to Firefox
> 4.0!" page when 4.0 is first started/updated, announce in big bold
> letters: "Make sure you read about all the new features in the RELEASE
> NOTES! DO IT! DO IT NOW!!"
>
> Of course that might be going a little bit overboard but if users
> choose not to read about the "new features", that's their problem.
> Seriously.
You may be surprised to discover that this isn't enough to encourage people to upgrade, and that people often do not upgrade not because of a reasoned choice about whether or not they want the new features, or the additional protection, but because they don't understand software as well as we do.
In the past (see Blog of Metrics for more information) we've discovered that people choose not to upgrade because:
- they think it will cost money,
- they think it will take a long time,
- they think it will remove all of their customizations, bookmarks and history,
- they are uncomfortable installing software
We could write messages (and do alter our messaging) to set aside many of these issues, but ultimately we find that there's a large number of people who don't upgrade because they don't understand the implications, not because they don't want the latest software.
cheers,
mike
So what does that exactly mean? Doesn't that mean that Mozilla should
be using a forced upgrade in the future?
Forced? I sure hope not.
Automatic? Probably so, and IIRC, 4.0 will move to a policy of
installing minor upgrades automatically (though presumably with a means
of canceling the upgrade if desired).
As long as choice is there, I have little or no problem with increased
automation.
--
Nathan Tuggy [:tuggyne]
nat...@tuggycomputer.com
First, from my perspective, this is MY machine!!!!
Now, considering the sneaky way a `certain global operating system
monopoly` forced an update tagged as a `security update` onto its
users, only to have people discover what it actually did. (I am
referring to the infamous WGA fiasco.)
Ever since then, I have taken the stance that an application may
NOTIFY me of an update, BUT I AM THE ONE TO DETERMINE when, and if
they get installed.
End of discussion.
Creating an silent updater is fine, as long as the option to disable
them and do them manually, is available. Otherwise, I change browsers.
Right now, as I type this out on Minefield 4.0b4pre, build date
20100805, I have a notification that updates are available. When I am
done browsing, I will update.
Blackbox,
why not three choices:
0 - NO updates
1 - check and notify only
2 - silent updates
This could be even expanded, not unlike Linux file permissions to:
Firefox executable
Extensions
Themes
Plugins
I think that's a given. The question is what the default setting should
be. The general feeling seems to be that for most users the preferred
default is to just silently update and be done with it...
-Boris
I agree, a silent automatic updater would actually be great.
What about asking the user on the first update, if he wants silent
updates or every time asked? With default to silent.
Richard
I am not in favor of silent updating. I really HATE the way Google
Chrome installs. I am always forced to load the program after a while
to check the version number to verify that it did, indeed, install. A
'new version update has taken place' message would be nice.
Spending many years watching users respond to different types of
software and the way each type of software functions (read: pleases
and/or irritates the user), I've found that when it comes to updating
a piece of software, there's two types of psychology here. This
basically boils down to: 'In what way can we take advantage of a users
irritation' or 'how might we best irritate the user to *their* best
advantage?'.
What I mean by this is is that we've all seen users in the past end up
irritated by silent updates as well as notifications popping up in
their face (regardless of the software or OS being used).
Understanding you can't possibly please everyone all the time, taking
these two types mentioned above and with the users best interest in
mind, add "fatman's" 3 options in his previous comment for Firefox,
Extension (Add-ons?) and Theme updates into Firefox 4.0 and make
"Check and Notify" the default. Then make sure the 'update available'
notification pop-up box rather noticeable if you know what I mean and
add a check box with a bit of text that states something like; "Check
here if you would like Firefox to update itself silently (no
notifications)." And, of course, notifications of security updates
need to be stressed more strongly than others (reddish background to
the notification pop-up?).
If we really wanted to go the extra mile, we could even offer the user
a choice of choosing silent updates for each individual type of
update; Firefox, Themes or Extensions (Add-ons?) but that may be
pushing it.
Along with the items that have been addressed in these postings, I
offer the following scenerio:
I use certain addons which I have been using for quite some time and
do not wish to see them go away because of an update to FF. This
lack of addon compatibility was, in the past, a rather major factor in
my decision to keep an update for FF. If I was unhappy with losing a
particular addon, I would fall back to a prior version of FF. So I
would
find it a little irritating to be 'silently updated' the next time I
logged
into FF. This example is merely to point out a possible irritation
factor
even tho it has been suggested there be a option to the silent update.
Another point is the "ownership" of a computer by the user. As it
has been pointed out, there often is a natural tendency to "rebel"
when
someone initiates an update policy that does not include the owner.
Of course, some individuals (which also has been posted) are not
really aware of what the change(s) mean so they may or may not
accept them. The users that fall in this category probably need
to have help by incorporating an "automatic or silent" update.
As I stated earlier, this is just hypothetical and submitted for your
consideration (or dismissal). As long as I can opt in or out of these
silent updates and as long as I can make changes to a couple of
.js files to keep the addons I like without them being silently
updated
I am happy. For all practical purposes the fact I use FireFox (and
have been before version 1.0) suggests that I am pleased with that
critter. Enjoy your day.
You will never be silently updated to a version that can't support you
addons, from all I'm hearing, this is only in discussion for "minor",
i.e. security updates, which even nowadays don't lose any add-on
compatibility.
Robert Kaiser
--
Note that any statements of mine - no matter how passionate - are never
meant to be offensive but very often as food for thought or possible
arguments that we as a community needs answers to. And most of the time,
I even appreciate irony and fun! :)
yes I support "force" updates
even on Major versions, tons of people are using old verseions of
firefox and mainly what make people switch to Chrome because of the
speed is really slow for 2.x or 3.0
Options are always best. Set the default to be a silent install and
automatic but allow administrators to set the value to on or off.
Are you adding any sort of site authentication to address the spoofing
issues raised by Moxie Marlinspike?
In the past, major updates always displayed the update wizard user
interface which requires user consent before downloading and applying
the update. Now, Firefox and other applications control whether to
display the update wizard user interface which requires user consent
before downloading and applying the update for both major and minor. The
preference to always display the update wizard user interface which
requires user consent will still exist and work.
If you have the default preferences for Firefox (applications can change
the defaults and users / administrators can change them as well):
a) the update wizard user interface will be displayed and the update
will not be downloaded and applied without your consent if any add-ons
that are enabled will be disabled because they are not compatible with
the new version of the application.
b) you will not be notified if all add-ons are compatible with the new
version of the application.
Administrator privileges will not be required for silent updates.
Firefox can now define via the advertised update what to do after an
update instead of always opening a web page. The current actions Firefox
has defined are silent, open web page, display notification bar, and
display alert.
Companies can configure Firefox so it doesn't automatically update just
as they can today.
The existing preferences I didn't mention will still exist and work.
The current implementation will be Windows only.
Robert
Hmm, we need to be careful with doing major updates that way, as
changing how the application looks and works on a mere restart of the
application is usually quite damaging for the UX and following that to
the product.
Of course, the important thing there is how much the new version changes
UX from the currently running version - so I'm not saying we can't ever
do it, we just need to carefully look into when we can and when we can't.
Robert
>a) the update wizard user interface will be displayed and the update
>will not be downloaded and applied without your consent if any add-ons
>that are enabled will be disabled because they are not compatible with
>the new version of the application.
The add-on check should include all profiles on the machine.
bye
--
"Not everyone understands House Music; it's a spiritual thing;
a body thing; a soul thing." - Eddie Amador
(c)
Robert
the service has enough rights to check all profiles.
bye,
Sascha
Robert
Awesome. You rock!
Wonderful. Another memory-resident program. Soon we'll have a memory-
resident service for every installed program. I think that's a poor
practice and a bad precedent.
I suppose the reason is that a program that is run in a
nonadminstrative account lacks the necessary privilege, but that still
doesn't make it a good practice. Isn't this just a kludge to get
around the OS security model? Doesn't Windows have a better method
for dealing with this? Or shouldn't it?
Robert
> Doesn't Windows have a better method
> for dealing with this?
No but the task scheduler comes close though.
> Or shouldn't it?
Sure and as soon as one is available we'll use it.
Robert
> All of these things spell out an avenue for an attack on my system by
> persons with malicious intent. Having a service running all the time
> so that it can intercept notice that an update is available, perhaps
> monthly, or less, and meanwhile occupies ram, and CPU time (minimal,
> true), as well as system resources seems too expensive to me. And
> just because 'everybody does it' doesn't make it a good thing to do.
I wish there were another way to accomplish this as well. Since there
isn't, I am going to make sure the service uses extremely few resources.
As always, if there is a better way to accomplish the goals I would
appreciate alternatives.
Robert