Omaha checks for updates in the background, when it won't interfere with the user, even if an application isn't running.
They do the same thing on a Mac and this is why I've blocked it and removed the daemon. Google's explanation for doing it is complete BS. They should do what every other app does: check for updates when you start the app.
I disagree. Whats wrong with their reasoning: "Omaha does not perform updates when an application launches, because we understand people want to use the software when starting it up, not perform maintenance tasks first."
I don't like having to wait for, say, firefox, to install new updates when it starts up. Why not have it update itself when its not in use?
It's very simple: Google update takes away control from users. This is absolutely the wrong way to handle this.
Say I'm at a coffee shop with wi-fi or using my notebook through a cellular 3G/EDGE network and this update starts downloading a large Google Earth update that I never asked for. Why should I be paying for the charges because Google wants to update their software without telling me?
Another issue is versioning. If I'm working in one version of the software and don't want to use the newer version until others thoroughly test it and fix the critical bugs, why should i be forced to upgrade? I've used a lot of newer versions of software and many were actually worse than their older versions. Again, why should they force users to upgrade? Why not ask?
This Google Update is bad news all around. It installed itself like a virus rootkit on my machine with Google Earth installation and I was never notified (yeah, a note is probably buried deep in a TOC somewhere). Luckily, LittleSnitch told me about it and I removed it from the Launch Daemons... and I also removed Google Earth because of it.
Finally, why should Google get updates about my location at all times? Every time this thing pings their server, my IP is inevitably transmitted to them.
Sparkle does this perfectly. You can completely disable update checking or allow it to check on periodic intervals. And when it finds an update, it informs you with an update window and shows you exactly why it is updating and what was fixed and what more you get. This Ohama thing gives you none of these options and it also runs at all times like a virus.
If MS did this, people would be all over MS. But when Google does it, people defend them.
Any software that adopts this Omaha crap will be blocked from my machine as well.
While the control issue does have some relevance, I think that Omaha is definitely a step in the right direction. I typically put off updating any of my products, simply because they notify me about it instead of just doing the update in the background. I always want the new versions, especially since so many of my browser/OS updates are security updates, but because I'm always notified about it when I either start the application, or when I close it, I never want to do it and spend extra time waiting while it does the update process when I had something in mind I wanted to do.
Making it open source is definitely the right direction. If it gets modified so that there is a control panel of sorts so that you an control the updates I think it will be considerably better for people.If it is set up as it is now (Updating at some time of low computer usage), with options that can be changed to only update through a specific connection, to only update when the computer has been idle for X amount of time, and similar times.
Look at the recent Conficker worm. There are estimates that over 10 million computers were infected with it (and are now having that annoying fake antivirus software downloaded onto it), because they hadn't installed a security update that was published in October. If they would just push the update after 1-2 months (Assuming that no major problems have been reported) to all Windows computers, much of the spread and potential damage would have been avoided. Since you use a Mac, you might not be used to this kind of problem. Windows always has some sort of a security hole, which is constantly being exploited. Anyone in IT can tell you how much of their time would be saved if Microsoft would stop nagging users about the security updates and just install them after they've been verified as stable. At the end of March we lost quite a bit of time having to scan all of the machines, and then going out and removing it from the one that had been infected, all because a higher up had heard about Conficker and was worried about what might happen on 4/1.
I agree with your overall point that Google went about this wrong if they're trying to be on the up-and-up. The same thing happens with Firefox on startup. I don't think people really consider the implications of that either.
> Any software that adopts this Omaha crap will be blocked from my machine as well.
Well, it looks like Omaha could be made to be a lot more up-front and has some modular bits that could be pretty handy. Don't penalize people who use parts of the code (I'm considering it for pieces) unless they do the same sort of disrespectful practices (e.g. hidden inclusion).
The one thing I can say is that I'd rather see Google open source this than not. It's a step in the right direction of making this less opaque and less mysterious, even if it's insufficient to pardon their behavior.
The part that doesn't sit right with me is that Google never asked or told me that their software would run in the background as well as they never ask to install the updates when it does do its updates. I only know what it's doing because I monitor my network, cpu, and have growl alerts when volumes are mounted. I thought about it and decided not to stop it as I have no idea how else their software would be updated and I do want the updates. I just don't like how they went about it.
On windows Google Chrome does something similar, you don't even need administrative right to install chrome it sits in the application data area. It can update and operate all without explicit permission. It makes me a little wary.
If every piece of software attempted to inform the user about background processes and other such activity, installations would become even more frustrating for end users than they already are. Most users aren't interested in that -- they want to get down and use the app. Checking for updates can be a pain.
That said, automatic updates that interfere with normal work -- e.g. restarting Windows, or forcing the update in certain situations, can be more problematic.
I have a spare MacBook Pro that I turn on twice a month or so. Every time it starts up, I see Google Update asking me to confirm installation of updates. If I click Cancel, it will ask me later.
Firefox updates on start up may be bad, but Sparkle handles this better -- it asks me to update the app I'm using, and downloads it in background.
The question is why you have to wait. It seems to be too hard to implement a plugin system that can transparently update things without restarting the whole app. The maintenance tasks could be done while the app is running.
But you're in the minority. Most people neither know nor care what their computer is doing in the background without their express permission. As long as their applications work, and preferably work quickly, it isn't relevant to Joe Public. Only when so much crap has been installed that the system is rendered unusable do most people start asking, "What is my computer doing?!"
I hope this doesn't lead to one instance of the application for every program that needs updating. What would be more useful is a way for third-party applications to work with the existing Google Update. That way, you could update all your applications from a single interface. This would be a better experience than being asked to update an application it starts (and you're probably in a hurry to start using it).
Of course, you'd need to figure out some standard way of locating available updates. Is there anyone out there doing this sort of thing?
Having a background daemon running to automatically update software without informing the user is a poor solution, but trying to solve the problem introduced by checking for updates on startup and thus interrupting the workflow of the user is a good idea.
This is terrible news. If every other windows application starts using their code, you can expect hundreds of megs of RAM flushed down the drain on your system (each google updater process takes up about 10 megs). I hate this process always reviving itself after I kill it. Having multiple instances of it will be a nightmare.
They do the same thing on a Mac and this is why I've blocked it and removed the daemon. Google's explanation for doing it is complete BS. They should do what every other app does: check for updates when you start the app.
http://blog.wired.com/business/2009/02/why-googles-sof.html