It's another prime example of why users should be wary of always choosing automatic software updates, and particularly wary of any company that uses security and "we know what's best for our dumb users" as an excuse for trying to stop users from using only a manual update process.
Its too much effort to manage each app's update. In the age of smartphones they push an update once a day, sometimes it feels like every 5 secs.
Plus if you look at the app store updates, most of the apps post nonsense in the release notes such as "fixed bugs", "Thank you for being a user of Lyft this update will make your experience even better!", or the worst kind:
"You know how sometimes you just become aware of how much tension you're holding in your body, then take a deep breath and slowly let it out? This update is like that. It's still Slack, just with a tiny bit less friction."
HOGWASH Slack, this update will likely cause friction! If only those people that write this crap got laid off, the world would be a tiny bit better :/
Maybe its time to declutter software that you don't control in your life just like how people declutter stuff. Every item is an additional tiny mental burden and the same goes for each closed source app installed on your phone. Maybe its better if we just forgo any "benefits" the app may provide and not bother anymore.
Windows XP didn't have automatic updates in the beginning. So approximately nobody had the relevant security patches for Windows and IE. The result were Sasser and MyDoom.A on almost every Windows machine. It was a disaster.
It seems less risky to continue automatic updates and just accept the possibility of malicious ownership change.
Early always-connected computers with no NAT led to a lot of hard lessons. At this point many of those have been learned, and there's a lot more depth to network security. Operating systems and key tools like web browsers and ssh are hard enough that strictly necessary updates like heartbleed patches are few and far between, and are hard to miss. The majority of what gets pushed out now through automatic updates for OSs and key software is exploiting the update channel to deliver crap features that increase revenues or deepen the moats for the company pushing them. They want to ensure that they can collect maximum rent with the least effort for as long as possible.
Hopefully that abuse will reach a point where the camels back breaks, and the pain of freeing yourself from vendor lock-in becomes worth it, prompting smart consumers and businesses in large numbers to use and support principled software projects through contributions of money, code and labor.
Was it really a "disaster"? Or just a natural consequence that we must continue to accept if we truly believe in freedom?
People can learn and have personal responsibility, but the companies would rather use such examples for leverage to keep them ignorant and corral them into putting nooses of control around their necks.
What? Yes it did. Windows 98 had the first version of MS's Automatic Updates, with the Critical Update Notifications. Windows ME came with actual Automatic Updates, and so did XP.
> Windows XP didn't have automatic updates in the beginning. So approximately nobody had the relevant security patches for Windows and IE. The result were Sasser and MyDoom.A on almost every Windows machine. It was a disaster.
Except that this was due to a vulnerability in Windows which was fixed _after_ those worms ravaged the Windows users.
I don't recall the world ending because of a couple infected Windoze machines. Plus it made teenagers like myself a bit of cash for cleaning up friends'/relatives' computers.
The problem is that 99% of users will not be bothered with deciding anything regarding updates or any computer administration. So you either get automatic updates and situations like the current one, or you get out of date/exploited software.
True, but I don't think that justifies the practice at all.
At the very least, software needs to do what it used to do: make security updates separate from all other updates so users can just get the security bits.
Reminds me of the pending update to 1Password 7 that I keep declining because the change notes says all it does is adds a deprecation notice for 1password classic
I do this with git packages too. Sometimes I rely on something and the author then makes a move to go to a version 2.0 and ruin what I liked about the ux/ui or how the functionality behaved. I have a few privately forked packages now where I bugfix certain components alongside the author, but keep other legacy components, and even add my own functionality and behavior to my own needs.
Of course, in a world of walled gardens versus git repos, none of this very powerful use of ideas and computation can be done. I can't go to the Apple app store and easily cobble together my own franken app from what I find there. It's like a step back for innovation for our species when we set up these stupid profit seeking moats and gardens.
Ben Franklin on automatic updates: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
This quote never made sense to me. My decision to prefer one of these over the other doesn't mean I don't deserve either. It's a decision I make with my own unique economic and threat parameters. Being "deserving" plays no role here.
Morals are about behaving right or wrong because that leads to good things or bad things, so, if you make the wrong choice (here, giving up some liberty for a small amount of safety) then you do indeed deserve what you get - neither - because you chose wrong.
Ye it doesn't make sense. These rule of thumbs need the implied "too much" in them from the get go, or people will use them to silly extremes in the wrong ways. That applies all too well to programmers.
The quote actually meant something rather different than people think and has been taken out of context.
Here's a discussion about it[0].
First, here's the TL;DR:
SIEGEL: So far from being a pro-privacy quotation, if anything, it's a pro-taxation and pro-defense spending quotation.
WITTES: It is a quotation that defends the authority of a legislature to govern in the interests of collective security. It means, in context, not quite the opposite of what it's almost always quoted as saying but much closer to the opposite than to the thing that people think it means.
And here's the detail, discussed just before the TL;DR (I put in some paragraph breaks):
SIEGEL: And what was the context of this remark?
WITTES: He was writing about a tax dispute between the Pennsylvania General Assembly and the family of the Penns, the proprietary family of the Pennsylvania colony who ruled it from afar.
And the legislature was trying to tax the Penn family lands to pay for frontier defense during the French and Indian War.
And the Penn family kept instructing the governor to veto.
Franklin felt that this was a great affront to the ability of the legislature to govern. And so he actually meant purchase a little temporary safety very literally. The Penn family was trying to give a lump sum of money in exchange for the General Assembly's acknowledging that it did not have the authority to tax it.
I don't think it's feasable to check the ownership before every update of every extension. Or what do you have in mind? Just delaying the update so there's at least a chance to catch the bad news?
