Firefox 4 forced update, aka Chrome

54 views
Skip to first unread message

blackbox

unread,
Jul 24, 2010, 5:11:23 PM7/24/10
to
I think against the lot of vulnerability / derelict people, i want for
the firefox 4 a forced update (aka chrome update). I see lot of
people's machine, the firefox version is very old. 2.x, 3.x (not 3.5),
because they not know the updater.

Robert Kaiser

unread,
Jul 24, 2010, 6:45:51 PM7/24/10
to
blackbox schrieb:

Hehe, you want forces updates, and I just had to calm down a few people
who were throwing tomatoes at me and Mozilla because we are silently
installing software (updates) on their computer, while they just want to
be warned and then download and install the update when they like. Those
people were arguing that it's a privacy intrusion to install anything on
their computer without their knowledge.

I wonder what they would say to that proposal of forced updates. ;-)

Robert Kaiser

Alex Faaborg

unread,
Jul 24, 2010, 7:02:32 PM7/24/10
to Robert Kaiser, dev-apps...@lists.mozilla.org
>
> Those people were arguing that it's a privacy intrusion to install anything
> on their computer without their knowledge.
>

I would imagine that these people would be eager to opt out of a silent
update system. However, I think the majority of users would prefer an
application that doesn't bother them with what they view as little details
(where a little detail is a minor update, major updates that include UI
changes are different). We get a lot of complaints that Firefox updates too
often, people can't see even see the difference with the new version (it was
actually a security patch), that we change our mind too much and should just
ship one version (it was actually a security patch), etc.

For Firefox 4 minor updates will occur automatically. Users can change the
setting in Options > Advanced > Update. We'll only be using the major
update dialog box for changes like 4 to 4.5 or 5. Unfortunately users will
still see the updating progress bar on load, but this is an implementation
issue as opposed to a UI one (ideally the update could be applied in the
background). We will also be able to prompt the user if they haven't
restarted in a very long time and there is a particularly bad security
vulnerability that need to be patched.

-Alex

> _______________________________________________
> dev-apps-firefox mailing list
> dev-apps...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-apps-firefox
>

blackbox

unread,
Jul 24, 2010, 7:07:55 PM7/24/10
to
I don't understand. The Mozilla is the FF's develeoper, not addon
creator, the real (authoritative) developer. This is a upgrade for the
browser. Very proposed for the users. They interests the install.

The last Chrome version update was a very fast by user, thx by
automatic updater. I think this is a great idea. 2010

So, remain the compromise update?

Ron Hunter

unread,
Jul 24, 2010, 8:49:41 PM7/24/10
to
Robert Kaiser wrote:
> blackbox schrieb:
>> I think against the lot of vulnerability / derelict people, i want for
>> the firefox 4 a forced update (aka chrome update). I see lot of
>> people's machine, the firefox version is very old. 2.x, 3.x (not 3.5),
>> because they not know the updater.
>
> Hehe, you want forces updates, and I just had to calm down a few people
> who were throwing tomatoes at me and Mozilla because we are silently
> installing software (updates) on their computer, while they just want to
> be warned and then download and install the update when they like. Those
> people were arguing that it's a privacy intrusion to install anything on
> their computer without their knowledge.
>

I totally agree with them!
I don't even let Microsoft do that!

> I wonder what they would say to that proposal of forced updates. ;-)
>
> Robert Kaiser

Nothing nice.

Robert Strong

unread,
Jul 24, 2010, 10:16:26 PM7/24/10
to dev-apps...@lists.mozilla.org
I'm sure they wouldn't like it but there are also people that don't like
being notified of updates... there is "no one size fits all" behavior
for this that will please everyone just as the current behavior doesn't
please everyone.

As for individual applications, the application itself is the one that
decides what the default behavior is even with the silent update
functionality that I am working on. Also, the update xml for advertising
updates to the client has changed on trunk so applications can require a
client notification for an individual update even if the client settings
are to download / apply the update without notification.

Robert

Robert Strong

unread,
Jul 24, 2010, 10:26:16 PM7/24/10
to dev-apps...@lists.mozilla.org
I'm working on silent updates though it might not make Firefox 4. As
for 'forced' update (like chrome update and many other update systems
prior to chrome) chrome accomplishes this in part by forcing the install
of chrome into the user's profile which has a set of issues associated
with it that we don't want to have so we aren't taking that route.

Robert

Robert Kaiser

unread,
Jul 25, 2010, 8:04:25 AM7/25/10
to
Alex Faaborg schrieb:

>>
>> Those people were arguing that it's a privacy intrusion to install anything
>> on their computer without their knowledge.
>>
>
> I would imagine that these people would be eager to opt out of a silent
> update system. However, I think the majority of users would prefer an
> application that doesn't bother them with what they view as little details
> (where a little detail is a minor update, major updates that include UI
> changes are different).

I fully agree with you - as long as we can cater well to both those
groups, I think it should work well. :)

I just found it so interesting to come directly from the discussion with
that other group to that posting here suggesting the direct opposite. ;-)

Robert Kaiser

blackbox

unread,
Jul 25, 2010, 10:52:33 AM7/25/10
to
Angry people? Solution: 2 choice in the (update) options:
- automatic update (recommended - none notice)
- notice me, if the program found update (you choose the install/or
not)

Ron Hunter

unread,
Jul 25, 2010, 11:11:57 AM7/25/10
to

It really doesn't matter which way you go with this, you will stir up a
storm of protest. Some people NEVER want to update, others want every
update, with no effort on their part, and others want control of what
updates are done, and when. I feel like security updates should be
automatic, but this may not be feasible, given that some users are still
several releases back for their main program.

sabret00the

unread,
Jul 26, 2010, 5:16:34 AM7/26/10
to

While I care and would opt-out of such a system in order to make sure
I maintained full control over my system. Most users don't care and
thus those users should be silently updated.

Kirk M

unread,
Jul 27, 2010, 7:34:51 PM7/27/10
to

Add the feature, make it an optional like Blackbox said, add it to the
release notes. Then, on the "Firefox updated"/"Welcome to Firefox
4.0!" page when 4.0 is first started/updated, announce in big bold
letters: "Make sure you read about all the new features in the RELEASE
NOTES! DO IT! DO IT NOW!!"

Of course that might be going a little bit overboard but if users
choose not to read about the "new features", that's their problem.
Seriously.

Mike Beltzner

unread,
Jul 28, 2010, 9:57:51 AM7/28/10
to Kirk M, dev-apps...@lists.mozilla.org
On 2010-07-27, at 7:34 PM, Kirk M wrote:

> Add the feature, make it an optional like Blackbox said, add it to the
> release notes. Then, on the "Firefox updated"/"Welcome to Firefox
> 4.0!" page when 4.0 is first started/updated, announce in big bold
> letters: "Make sure you read about all the new features in the RELEASE
> NOTES! DO IT! DO IT NOW!!"
>
> Of course that might be going a little bit overboard but if users
> choose not to read about the "new features", that's their problem.
> Seriously.

You may be surprised to discover that this isn't enough to encourage people to upgrade, and that people often do not upgrade not because of a reasoned choice about whether or not they want the new features, or the additional protection, but because they don't understand software as well as we do.

In the past (see Blog of Metrics for more information) we've discovered that people choose not to upgrade because:

- they think it will cost money,
- they think it will take a long time,
- they think it will remove all of their customizations, bookmarks and history,
- they are uncomfortable installing software

We could write messages (and do alter our messaging) to set aside many of these issues, but ultimately we find that there's a large number of people who don't upgrade because they don't understand the implications, not because they don't want the latest software.

cheers,
mike

Lisa Wolfgang

unread,
Jul 29, 2010, 1:56:16 PM7/29/10
to

So what does that exactly mean? Doesn't that mean that Mozilla should
be using a forced upgrade in the future?

Nathan Tuggy

unread,
Jul 30, 2010, 12:15:33 AM7/30/10
to

Forced? I sure hope not.
Automatic? Probably so, and IIRC, 4.0 will move to a policy of
installing minor upgrades automatically (though presumably with a means
of canceling the upgrade if desired).

As long as choice is there, I have little or no problem with increased
automation.

--
Nathan Tuggy [:tuggyne]
nat...@tuggycomputer.com

fatman

unread,
Aug 6, 2010, 6:26:11 PM8/6/10
to

First, from my perspective, this is MY machine!!!!

Now, considering the sneaky way a `certain global operating system
monopoly` forced an update tagged as a `security update` onto its
users, only to have people discover what it actually did. (I am
referring to the infamous WGA fiasco.)

Ever since then, I have taken the stance that an application may
NOTIFY me of an update, BUT I AM THE ONE TO DETERMINE when, and if
they get installed.

End of discussion.

Creating an silent updater is fine, as long as the option to disable
them and do them manually, is available. Otherwise, I change browsers.

Right now, as I type this out on Minefield 4.0b4pre, build date
20100805, I have a notification that updates are available. When I am
done browsing, I will update.

fatman

unread,
Aug 6, 2010, 6:35:24 PM8/6/10
to

Blackbox,

why not three choices:
0 - NO updates
1 - check and notify only
2 - silent updates

This could be even expanded, not unlike Linux file permissions to:

Firefox executable
Extensions
Themes
Plugins

Boris Zbarsky

unread,
Aug 6, 2010, 8:30:29 PM8/6/10
to
On 8/6/10 6:26 PM, fatman wrote:
> Creating an silent updater is fine, as long as the option to disable
> them and do them manually, is available.

I think that's a given. The question is what the default setting should
be. The general feeling seems to be that for most users the preferred
default is to just silently update and be done with it...

-Boris

Lisa Wolfgang

unread,
Aug 7, 2010, 12:26:49 AM8/7/10
to

I agree, a silent automatic updater would actually be great.

Richard Marti

unread,
Aug 7, 2010, 4:29:25 AM8/7/10
to
*Boris Zbarsky* wrote:

What about asking the user on the first update, if he wants silent
updates or every time asked? With default to silent.

Richard

Ron Hunter

unread,
Aug 7, 2010, 5:14:19 AM8/7/10
to

I am not in favor of silent updating. I really HATE the way Google
Chrome installs. I am always forced to load the program after a while
to check the version number to verify that it did, indeed, install. A
'new version update has taken place' message would be nice.

Kirk M

unread,
Aug 7, 2010, 11:03:17 AM8/7/10
to

Spending many years watching users respond to different types of
software and the way each type of software functions (read: pleases
and/or irritates the user), I've found that when it comes to updating
a piece of software, there's two types of psychology here. This
basically boils down to: 'In what way can we take advantage of a users
irritation' or 'how might we best irritate the user to *their* best
advantage?'.

What I mean by this is is that we've all seen users in the past end up
irritated by silent updates as well as notifications popping up in
their face (regardless of the software or OS being used).
Understanding you can't possibly please everyone all the time, taking
these two types mentioned above and with the users best interest in
mind, add "fatman's" 3 options in his previous comment for Firefox,
Extension (Add-ons?) and Theme updates into Firefox 4.0 and make
"Check and Notify" the default. Then make sure the 'update available'
notification pop-up box rather noticeable if you know what I mean and
add a check box with a bit of text that states something like; "Check
here if you would like Firefox to update itself silently (no
notifications)." And, of course, notifications of security updates
need to be stressed more strongly than others (reddish background to
the notification pop-up?).

If we really wanted to go the extra mile, we could even offer the user
a choice of choosing silent updates for each individual type of
update; Firefox, Themes or Extensions (Add-ons?) but that may be
pushing it.

spacenut

unread,
Aug 7, 2010, 4:31:34 PM8/7/10
to

Along with the items that have been addressed in these postings, I
offer the following scenerio:
I use certain addons which I have been using for quite some time and
do not wish to see them go away because of an update to FF. This
lack of addon compatibility was, in the past, a rather major factor in
my decision to keep an update for FF. If I was unhappy with losing a
particular addon, I would fall back to a prior version of FF. So I
would
find it a little irritating to be 'silently updated' the next time I
logged
into FF. This example is merely to point out a possible irritation
factor
even tho it has been suggested there be a option to the silent update.
Another point is the "ownership" of a computer by the user. As it
has been pointed out, there often is a natural tendency to "rebel"
when
someone initiates an update policy that does not include the owner.
Of course, some individuals (which also has been posted) are not
really aware of what the change(s) mean so they may or may not
accept them. The users that fall in this category probably need
to have help by incorporating an "automatic or silent" update.
As I stated earlier, this is just hypothetical and submitted for your
consideration (or dismissal). As long as I can opt in or out of these
silent updates and as long as I can make changes to a couple of
.js files to keep the addons I like without them being silently
updated
I am happy. For all practical purposes the fact I use FireFox (and
have been before version 1.0) suggests that I am pleased with that
critter. Enjoy your day.

Robert Kaiser

unread,
Aug 8, 2010, 9:10:45 AM8/8/10
to
spacenut schrieb:

> If I was unhappy with losing a
> particular addon, I would fall back to a prior version of FF. So I
> would
> find it a little irritating to be 'silently updated' the next time I
> logged
> into FF.

You will never be silently updated to a version that can't support you
addons, from all I'm hearing, this is only in discussion for "minor",
i.e. security updates, which even nowadays don't lose any add-on
compatibility.

Robert Kaiser

--
Note that any statements of mine - no matter how passionate - are never
meant to be offensive but very often as food for thought or possible
arguments that we as a community needs answers to. And most of the time,
I even appreciate irony and fun! :)

Shandy L

unread,
Aug 8, 2010, 3:19:21 PM8/8/10
to
On Jul 24, 6:45 pm, Robert Kaiser <ka...@kairo.at> wrote:

yes I support "force" updates
even on Major versions, tons of people are using old verseions of
firefox and mainly what make people switch to Chrome because of the
speed is really slow for 2.x or 3.0

Mike

unread,
Aug 9, 2010, 12:53:14 PM8/9/10
to
Companies with strict change control policies would not want to see an
automatic update feature that is not able to be turned on or off by
the administrators. Even though the browser should not be running with
administrative privileges thus preventing the update from taking place
the user I assume would then be hit with error message/s.

Options are always best. Set the default to be a silent install and
automatic but allow administrators to set the value to on or off.

Larry Seltzer

unread,
Aug 9, 2010, 1:27:57 PM8/9/10
to
On Jul 24, 7:02 pm, Alex Faaborg <faab...@mozilla.com> wrote:
> > [silent updates]

Are you adding any sort of site authentication to address the spoofing
issues raised by Moxie Marlinspike?

Robert Strong

unread,
Aug 9, 2010, 4:27:28 PM8/9/10
to dev-apps...@lists.mozilla.org
Have you ever launched Firefox and had the update dialog with the
progress bar displayed and Firefox launched after that has completed?
Silent updates will perform that action while the application isn't
running and hence won't display that user interface. It will still be
possible to perform a manual / non-silent update.

In the past, major updates always displayed the update wizard user
interface which requires user consent before downloading and applying
the update. Now, Firefox and other applications control whether to
display the update wizard user interface which requires user consent
before downloading and applying the update for both major and minor. The
preference to always display the update wizard user interface which
requires user consent will still exist and work.

If you have the default preferences for Firefox (applications can change
the defaults and users / administrators can change them as well):
a) the update wizard user interface will be displayed and the update
will not be downloaded and applied without your consent if any add-ons
that are enabled will be disabled because they are not compatible with
the new version of the application.
b) you will not be notified if all add-ons are compatible with the new
version of the application.

Administrator privileges will not be required for silent updates.

Firefox can now define via the advertised update what to do after an
update instead of always opening a web page. The current actions Firefox
has defined are silent, open web page, display notification bar, and
display alert.

Companies can configure Firefox so it doesn't automatically update just
as they can today.

The existing preferences I didn't mention will still exist and work.

The current implementation will be Windows only.

Robert

Robert Kaiser

unread,
Aug 10, 2010, 11:41:04 AM8/10/10
to
Robert Strong schrieb:

> b) you will not be notified if all add-ons are compatible with the new
> version of the application.

Hmm, we need to be careful with doing major updates that way, as
changing how the application looks and works on a mere restart of the
application is usually quite damaging for the UX and following that to
the product.
Of course, the important thing there is how much the new version changes
UX from the currently running version - so I'm not saying we can't ever
do it, we just need to carefully look into when we can and when we can't.

Robert Strong

unread,
Aug 10, 2010, 1:36:03 PM8/10/10
to dev-apps...@lists.mozilla.org
On 8/10/2010 8:41 AM, Robert Kaiser wrote:
> Robert Strong schrieb:
>> b) you will not be notified if all add-ons are compatible with the new
>> version of the application.
>
> Hmm, we need to be careful with doing major updates that way, as
> changing how the application looks and works on a mere restart of the
> application is usually quite damaging for the UX and following that to
> the product.
> Of course, the important thing there is how much the new version
> changes UX from the currently running version - so I'm not saying we
> can't ever do it, we just need to carefully look into when we can and
> when we can't.
Agreed. This is why this it is controlled by the application's
advertised update.

Robert

Sascha Grage

unread,
Aug 10, 2010, 6:28:37 PM8/10/10
to
Robert Strong meinte:

>a) the update wizard user interface will be displayed and the update
>will not be downloaded and applied without your consent if any add-ons
>that are enabled will be disabled because they are not compatible with
>the new version of the application.

The add-on check should include all profiles on the machine.

bye

--
"Not everyone understands House Music; it's a spiritual thing;
a body thing; a soul thing." - Eddie Amador
(c)

Robert Strong

unread,
Aug 10, 2010, 6:45:55 PM8/10/10
to dev-apps...@lists.mozilla.org
On 8/10/2010 3:28 PM, Sascha Grage wrote:
> Robert Strong meinte:
>
>> a) the update wizard user interface will be displayed and the update
>> will not be downloaded and applied without your consent if any add-ons
>> that are enabled will be disabled because they are not compatible with
>> the new version of the application.
> The add-on check should include all profiles on the machine.
That would be nice but user A won't be able to access user B's profile
due to file system security. Also, the average use case is to only have
one profile.

Robert

Sascha Grage

unread,
Aug 10, 2010, 7:15:40 PM8/10/10
to
Robert Strong meinte:

the service has enough rights to check all profiles.

bye,
Sascha

Robert Strong

unread,
Aug 10, 2010, 8:21:37 PM8/10/10
to dev-apps...@lists.mozilla.org
On 8/10/2010 4:15 PM, Sascha Grage wrote:
> Robert Strong meinte:
>
>> On 8/10/2010 3:28 PM, Sascha Grage wrote:
>>> Robert Strong meinte:
>>>
>>>> a) the update wizard user interface will be displayed and the update
>>>> will not be downloaded and applied without your consent if any add-ons
>>>> that are enabled will be disabled because they are not compatible with
>>>> the new version of the application.
>>> The add-on check should include all profiles on the machine.
>> That would be nice but user A won't be able to access user B's profile
>> due to file system security. Also, the average use case is to only have
>> one profile.
> the service has enough rights to check all profiles.
The service will be using the local system account and won't be
accessing the network. The feasibility of implementing this can be
looked into after Firefox 4 but the complexity of doing this is way too
much for Firefox 4.

Robert

Ron Hunter

unread,
Aug 10, 2010, 9:40:51 PM8/10/10
to
On 8/10/2010 6:15 PM, Sascha Grage wrote:
> Robert Strong meinte:
>
>> On 8/10/2010 3:28 PM, Sascha Grage wrote:
>>> Robert Strong meinte:
>>>
>>>> a) the update wizard user interface will be displayed and the update
>>>> will not be downloaded and applied without your consent if any add-ons
>>>> that are enabled will be disabled because they are not compatible with
>>>> the new version of the application.
>>> The add-on check should include all profiles on the machine.
>> That would be nice but user A won't be able to access user B's profile
>> due to file system security. Also, the average use case is to only have
>> one profile.
>
> the service has enough rights to check all profiles.
>
> bye,
> Sascha
>
Now that's SCARY!
Another service to turn off.

Robert Kaiser

unread,
Aug 11, 2010, 10:34:01 AM8/11/10
to
Robert Strong schrieb:

> Agreed. This is why this it is controlled by the application's
> advertised update.

Awesome. You rock!

VanillaMozilla

unread,
Aug 11, 2010, 11:08:44 AM8/11/10
to
On Aug 9, 3:27 pm, Robert Strong <rstr...@mozilla.com> wrote:
> Silent updates will perform that action while the application isn't
> running...

Wonderful. Another memory-resident program. Soon we'll have a memory-
resident service for every installed program. I think that's a poor
practice and a bad precedent.

I suppose the reason is that a program that is run in a
nonadminstrative account lacks the necessary privilege, but that still
doesn't make it a good practice. Isn't this just a kludge to get
around the OS security model? Doesn't Windows have a better method
for dealing with this? Or shouldn't it?

Robert Strong

unread,
Aug 11, 2010, 12:19:50 AM8/11/10
to dev-apps...@lists.mozilla.org
Which you will be able to do and still get updates. As far as SCARY goes
damn near every service on Windows uses this same account... the Print
Spooler is the first that comes to mind. At least with this service you
can inspect the code or get someone to inspect the code unlike the cast
majority of Windows services and know exactly what it does which will
hopefully be very little. Also, the skeleton service I have written so
far uses very little in the way of resources.

Robert

Robert Strong

unread,
Aug 11, 2010, 3:34:34 PM8/11/10
to dev-apps...@lists.mozilla.org
On 8/11/2010 8:08 AM, VanillaMozilla wrote:
> On Aug 9, 3:27 pm, Robert Strong<rstr...@mozilla.com> wrote:
>> Silent updates will perform that action while the application isn't
>> running...
> Wonderful. Another memory-resident program. Soon we'll have a memory-
> resident service for every installed program. I think that's a poor
> practice and a bad precedent.
>
> I suppose the reason is that a program that is run in a
> nonadminstrative account lacks the necessary privilege, but that still
> doesn't make it a good practice. Isn't this just a kludge to get
> around the OS security model?
Considering Windows itself does similar things I wouldn't call this any
more of a kludge as those other cases.

> Doesn't Windows have a better method
> for dealing with this?

No but the task scheduler comes close though.

> Or shouldn't it?
Sure and as soon as one is available we'll use it.

Robert

Robert Strong

unread,
Aug 11, 2010, 12:31:50 AM8/11/10
to dev-apps...@lists.mozilla.org
On 8/10/2010 6:40 PM, Ron Hunter wrote:
Which you will be able to do and still get updates. As far as SCARY goes
the majority of services on Windows uses this same account... the Print
Spooler is the first that comes to mind. The main difference with this
service is you can inspect the code or get someone to inspect the code
unlike the vast majority of Windows services and know exactly what it
does which will hopefully be very little. Even if you don't inspect the
code or get someone to do so for you there will be other people that
will to make sure it doesn't do anything evil. Also, the skeleton

Ron Hunter

unread,
Aug 11, 2010, 5:09:19 PM8/11/10
to
The print spooler just accepts data from various programs. An update
service investigates files, and downloads files from the internet, and
writes them to my HD. All of these things spell out an avenue for an
attack on my system by persons with malicious intent. Having a service
running all the time so that it can intercept notice that an update is
available, perhaps monthly, or less, and meanwhile occupies ram, and CPU
time (minimal, true), as well as system resources seems too expensive to
me. And just because 'everybody does it' doesn't make it a good thing
to do.

Robert Strong

unread,
Aug 11, 2010, 5:17:26 PM8/11/10
to dev-apps...@lists.mozilla.org
As I stated previously, this service will not be downloading files and
it will be using the local system account which doesn't have rights to
the network. It will be using the existing updater binary to apply the
files which will not be resident.

> All of these things spell out an avenue for an attack on my system by
> persons with malicious intent. Having a service running all the time
> so that it can intercept notice that an update is available, perhaps
> monthly, or less, and meanwhile occupies ram, and CPU time (minimal,
> true), as well as system resources seems too expensive to me. And
> just because 'everybody does it' doesn't make it a good thing to do.

I wish there were another way to accomplish this as well. Since there
isn't, I am going to make sure the service uses extremely few resources.
As always, if there is a better way to accomplish the goals I would
appreciate alternatives.

Robert

Ron Hunter

unread,
Aug 11, 2010, 5:26:09 PM8/11/10
to
Short of doing brain surgery on most users (to insert some), I see
little hope. I'll still probably disable the service....

Reply all
Reply to author
Forward
0 new messages