Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Like Google's Chrome, Mozilla To Silently Update Firefox 4

timothy posted about 4 years ago | from the here-you'll-like-this dept.

Firefox 287

CWmike writes "Taking a page from rival Google's playbook, Mozilla plans to introduce silent, behind-the-scenes security updating to Firefox 4. The feature, which has gotten little attention from Mozilla, is currently 'on track' for Firefox 4, slated to ship before the end of the year. Firefox 4's silent update will only be offered on Windows, Mozilla has said. Most updates will be downloaded and installed automatically without asking the user or requiring a confirmation. 'We'll only be using the major update dialog box for changes like [version] 4 to 4.5 or 5," said Alex Faaborg, a principal designer on Firefox, in the 'mozilla.dev.apps.firefox' forum. 'Unfortunately users will still see the updating progress bar on load, but this is an implementation issue as opposed to a [user interface] one; ideally the update could be applied in the background.' Unlike Google, Mozilla will let users change the default silent service to the more traditional mode, where the browser asks permission before downloading and installing any update."

cancel ×

287 comments

Sorry! There are no comments related to the filter you selected.

wtf (-1, Troll)

Anonymous Coward | about 4 years ago | (#33172926)

wtf

I like it (2, Funny)

.Bruce Perens (150539) | about 4 years ago | (#33172940)

They're doing it right, by making it a toggle. Silent mode is perfect for Grandma, since every single damn dialogue box turns into a phone call for me.

Man is she losing it. Last week she called me "Schtopi" (her nickname for my deceased grandfather) and tried to cup my balls.

Re:I like it (-1, Troll)

Anonymous Coward | about 4 years ago | (#33173576)

So did you take that chance or will you die a virgin?

I hope this can be disabled... (0, Insightful)

Anonymous Coward | about 4 years ago | (#33172946)

I don't know about you, but IMHO, Firefox is suffering from it's increasing popularity. At least since Version 3.

silent, or totally invisible (4, Interesting)

gbjbaanb (229885) | about 4 years ago | (#33172950)

to be honest, I'm not so worried about this - its only a browser, and I install all those security updates anyway. What I'm not so keen on is the "silent, in the background, don't bother the user" implementation. I'd like to know that it is doing it, pop a little UI element on the status bar that says "updating latest version now" and then gets on with it, and then puts a little version marker somewhere so I know its been done.

Be polite to your users, be open in your communication, inform us. (and a link to the things that were fixed if you click the version number would be a nice to have)

Re:silent, or totally invisible (0)

Anonymous Coward | about 4 years ago | (#33173012)

How do you know it'll only be security updates? How do you know a keylogger won't sneak in there, undetected?

Re:silent, or totally invisible (3, Funny)

Anonymous Coward | about 4 years ago | (#33173076)

I wrote a script to disassemble all the programs on my computer to check for comments which say "start keylogger".

Re:silent, or totally invisible (1)

ProfanityHead (198878) | about 4 years ago | (#33173124)

How do you know it'll only be security updates? How do you know a keylogger won't sneak in there, undetected?

How do you know that isn't happening several times a day anyway? You could have thousands of keyloggers on your machine by now.

Re:silent, or totally invisible (-1, Redundant)

Anonymous Coward | about 4 years ago | (#33173198)

I use OpenBSD. I continuously log and audit daily every process that's running on my system. I also don't use browsers that perform silent updates.

Re:silent, or totally invisible (0)

Anonymous Coward | about 4 years ago | (#33173624)

How productive you are.

Re:silent, or totally invisible (0)

Anonymous Coward | about 4 years ago | (#33173486)

You could have thousands of keyloggers on your machine by now.

Surely you'd know about that? Surely you machine would be running a little slow, and your cpu usage going mad just when typing? Unless you haven't got a clue, in which case you shouldn't be using a PC.

(Somebody might point out that keyloggers are relatively simple applications that don't do a great deal to tie up the cpu, but don't forget that most 'malicious' programs are written by kids with home-learnt programming/scripting skills, so they're probably extremely inefficient and buggy (the programs, that is). Ok, maybe that's a very clichéd view...)

Re:silent, or totally invisible (1)

e065c8515d206cb0e190 (1785896) | about 4 years ago | (#33173256)

Will you know it's a keylogger when instead Firefox prompts you "we have 5 security updates for your browser, would you like to install them now?".

I agree the silent thing is maybe not the best, but having the ability to turn it off is enough IMHO (unlike IE's privacy setting which MS supposedly restores to "share my info" when the browser is restarted).

Re:silent, or totally invisible (1, Insightful)

Anonymous Coward | about 4 years ago | (#33173014)

I think it's a fine. Most users don't need or want that updating status or whatever because it confuses them.

If you are more savvy then you can turn on the notifications and see everything it's doing. Seems perfectly acceptable to me.

I wonder if there will be some way to enable this silent update on other OS's though. Seems stupid to assume Linux users are more savvy than Windows users. I have many non-tech people running Linux (and loving it).

Re:silent, or totally invisible (5, Insightful)

Seth Kriticos (1227934) | about 4 years ago | (#33173142)

This is not necessary. Linux distributions come with package managers and update systems that take care of upgrading everything on your system including your browser.

This kludge is only brought to the Windows version, because there is no coherent system to update third party software and the popups got old.

Re:silent, or totally invisible (2, Interesting)

Netshroud (1856624) | about 4 years ago | (#33173336)

If only someone brought Sparkle [andymatuschak.org] to Windows...

Re:silent, or totally invisible (0)

Anonymous Coward | about 4 years ago | (#33173424)

Speaking of which, I like the way Chrome handles this (at least on Ubuntu - I've not tried with anything else). When you install Chrome from the .deb package, it adds the Google package repositories automatically. That way, even though Chrome does not come packaged with the distribution, you still get updates through the same channel as everything else.

Mozilla could do the same for Firefox, but they don't. Instead, they rely on distributions to manage all of this for them. It works fine (especially since Mozilla don't have to actually do anything), but it does make it more difficult to upgrade to a newer major version of Firefox.

I wonder what they're doing for the Mac version. Like Windows, Mac OS X lacks any kind of central update mechanism, and relies on applications to update themselves.

Re:silent, or totally invisible (2, Insightful)

ultranova (717540) | about 4 years ago | (#33173338)

Most users don't need or want that updating status or whatever because it confuses them.

Most users need to know when something has changed so they can associate any potential breakage with the correct event.

The more computers act like magical black boxes, the harder it becomes using them.

Re:silent, or totally invisible (3, Insightful)

siride (974284) | about 4 years ago | (#33173388)

If things break, users probably won't be able to fix them without calling someone for help. It's easy enough to check whether there has been an update.

My mom, for example, frequently fails to tell me of important events like software updates when things stop working. Instead she just tells me that "the Internet stopped working today" and other vague things like that. I have to dig to find out that she upgraded such and such, or disabled this or that.

So I say either you are savvy enough to turn off silent updates, or at least check to see if there's been an update, or you aren't savvy enough for knowledge of updates to be useful to you directly.

Re:silent, or totally invisible (0)

Anonymous Coward | about 4 years ago | (#33173048)

As long as it has the ability to change it back to prompting before install.

That way, if they FUBAR an update, I can flip the option on and rollback to a previous version without the damn thing re-updating itself.
Ideally, it would have a list of previous versions for me to pick from as well (though, this is probably more appropriate for an Addon).

Re:silent, or totally invisible (4, Informative)

Kozz (7764) | about 4 years ago | (#33173164)

In fact, I welcome this update! It was hard enough getting those less-than-savvy relations to use Firefox, but even getting my WIFE to update FF is a chore. Automatic updates for these folks will be especially welcome. It's depressing to be on the cutting edge of FF public releases only to visit your mother and find she's still running FF 2.0.17 and has been ignoring the update suggestions forever.

Re:silent, or totally invisible (0)

Anonymous Coward | about 4 years ago | (#33173402)

Firefox 2.0.17? So you haven't visited Mom since December 2008? Bastard.

Re:silent, or totally invisible (2, Insightful)

RJFerret (1279530) | about 4 years ago | (#33173248)

So far computers aren't intelligent, nor smarter than their users (despite opinions to the contrary), they generally pick the worst time to try to do updates.

There currently isn't a way for a computer to predict when it's getting in your way (hint, right at boot-up is the worst time, as I turned on the computer to get something done). Until then, there should be a clear indication it WANTS to update, with user ability to postpone for a specified period without distraction/interference.

Computers and other tools/appliances should never do something without the users/owners knowledge, or they become untrustworthy.

Ever watch someone turn on their computer to show you something? They have a task, start the machine, load the browser, get to Youtube, find the video, click play.

On my system, it comes out of hibernation, Firefox is already running, new tab, search, play. All auto-updating is turned off.

On most systems, after the OS boots, some things auto-update, some things ask to update. The user clicks cancel on all the permissible updates, but their system is bogged down the the hidden updates. Their browser takes inordinately long to load, they bitch about it. When their browser is finally up, they, oh wait, now browser updates. Okay NOW we can try to load Youtube, only our network connection is being interfered with and it doesn't play smoothly.

The Twitter post of mine that got the most reaction was how to disable Window's update nag box--it can wait until the TV show is over, or whatever the user needs/wants to do.

A better method would be for the OS to have an updating control, like on the Windows task bar, with progress meters for various software, with controls to aborting, pausing without anything hidden/secretive/subversive/untrusted.

Sure, give the users the ability to have background updates for those who prefer it, even provide an OS control so that you don't have to tell each individual piece of software that's your preference, that would be great. Thankfully Firefox is not inhibiting user control--yet (or I'd be seeking an alternative browser).

No computer software should behave like it knows what I want (or need) more than I do. A computer is only useful when it's doing what *I* desire it to, anything more is interfering, and the presumed benefit is outweighed by not being able to realize that benefit.

Re:silent, or totally invisible (1)

bgfay (5362) | about 4 years ago | (#33173254)

This is smart thinking. The process should be easy but not invisible. I like that Chrome does a lot of things easily, but don't like that I don't know about those things. It leads to the sudden "this thing doesn't work anymore" syndrome where things break with no seeming reason.

That said, I hate that Firefox has to be restarted to install add-ons. Things like that aren't good enough. I should be able to install the add-on and use it immediately.

Combine the two ideas: tell me that my program is being updated but do it for me when I push "OK".

Welcome to the Mozilla botnet ... (2, Insightful)

Lazy Jones (8403) | about 4 years ago | (#33172956)

... silent updates suck.

Re:Welcome to the Mozilla botnet ... (3, Informative)

fearlezz (594718) | about 4 years ago | (#33173238)

Yes. Silent updates suck. Well at least, for people that want to control their own computer, it does. But for my sister, my dad, my great aunt and all these people that think i'm their personal helpdesk, this is perfect. I've seen so many family members who had 2 year old browsers and stuff...

Re:Welcome to the Mozilla botnet ... (0, Troll)

commodore64_love (1445365) | about 4 years ago | (#33173300)

They wouldn't have 2 year old browsers if you turned on "automatic updates" like I did for my brother's machine.

Personally I think Mozilla's silent updates are bullshit. If programmers were perfect, it would be okay, but programmers are human and make mistakes which means sometimes the update will kill a browser (or plugin) and make it unusable. It should be up to ME to decide when to update, not some arrogant asshole saying, "I know what's good for you" and ramming it up my ass.

Opera did this to me - forcing me to upgrade from 10.0 to 10.5, and now 10.5 doesn't run anywhere near as well as 10.0 did. You should not "force" people to do something. In fact if you're using that word - force - then you're automatically doing something wrong. People should be allowed to make their own choices.

C=64_love
----- Pro-Choice on everything.

Re:Welcome to the Mozilla botnet ... (0)

Anonymous Coward | about 4 years ago | (#33173644)

Opera certainly didn't force you to upgrade.

Re:Welcome to the Mozilla botnet ... (1)

Trelane (16124) | about 4 years ago | (#33173444)

Yes. Silent updates suck. Well at least, for people that want to control their own computer, it does.

Fortunately, you (or someone or collection of persons you trust) have the source, can build it, use it, and redistribute it. Thus, you don't *have* to use the software with silent update functionality, even if you keep using the browser itself. (though you'll lose the branding; call it "iceweasel" perhaps ;)

Re:Welcome to the Mozilla botnet ... (2, Informative)

kbrosnan (880121) | about 4 years ago | (#33173480)

The devs already said that this is going to be a preference.

Re:Welcome to the Mozilla botnet ... (1, Troll)

swillden (191260) | about 4 years ago | (#33173596)

Yes. Silent updates suck. Well at least, for people that want to control their own computer, it does.

But they're only doing this on Windows, so it's for people who've already given up controlling their own computer.

I love Mozilla (1, Funny)

Voulnet (1630793) | about 4 years ago | (#33172958)

I love Mozilla. They can do no wrong! If Apple fanboys and MSFT apologists can do it, so can I!

Bigger Number (0, Troll)

Macrat (638047) | about 4 years ago | (#33172960)

Using a bigger number has got to make the app better, right?

Really? (0)

Anonymous Coward | about 4 years ago | (#33172962)

I realise firefox can be installed per user as opposed to system wide but this isn't how the majority of people are running it. Who exactly is running their web browser with the priviledges required to install an update?

Re:Really? (1)

fearlezz (594718) | about 4 years ago | (#33173058)

If the software is installed with the privileges to install system-wide, it think can install an service with privileges to update as well. So that shouldn't be a problem.

Re:Really? (2, Insightful)

DrSkwid (118965) | about 4 years ago | (#33173220)

I have installed by the Administrator account and then Unpriv users can't do updates, it requires manual intervention.

So instead we'll get "couldn't silently update" dialog boxes !

As long as the browser asks for permission (2, Interesting)

nebulus4 (799015) | about 4 years ago | (#33172964)

why would this be considered a bad idea?

Re:As long as the browser asks for permission (5, Informative)

Anonymous Coward | about 4 years ago | (#33173022)

I don't mind if the browser asks. It looks like they are going to default to silent updates unless you change the setting. They only way I can see this as a bad idea for the non-techinical user is in the case where Mozilla screws up and a patch hoses up the browser or operating system itself (and don't act like that can't happen because it has for other software, even if it wasn't Mozilla that did it, it could still happen.)

FTA (bolding mine):

Firefox 4's silent update will only be offered on Windows, Mozilla has said.

Most updates, including all security updates, will be downloaded and installed automatically without asking the user or requiring a confirmation, said Alex Faaborg, a principal designer on Firefox. ...

Unlike Google, Mozilla will let users change the default silent service to the more traditional mode, where the browser asks permission before downloading and installing any update.

Re:As long as the browser asks for permission (1)

asdf7890 (1518587) | about 4 years ago | (#33173062)

why would this be considered a bad idea?

Some take exception to their software installing stuff (even updates) without their express permission (or request), or to software refusing to run until it is updated (MS's IM client does this, or so I'm told). There are a number of reasons why you might want to hold back on an update - perhaps you are a dev who want to keep old versions around for testing how their pages work in older versions that have certain issues, or perhaps you just prefer to hold back a day or so to make sure there are no massive bugs in the new release (letting the early adopters get scalped instead). Providing the off switch should alleviate these concerns for people who care though.

There is a potential security issue too: what if someone manages to hack Mozilla's DNS to point to a malicious site pretending that there is an update (which introduces malware)? I hope they are planning on properly signing and verifying updates to deal with this possibility.

Re:As long as the browser asks for permission (1)

asdf7890 (1518587) | about 4 years ago | (#33173074)

Also (missed this from my previous post) I don't want my browser deciding it want to download an several Mb update while I'm connected via a very slow cellular connection (i.e. GPRS in area with no 3G or wifi coverage) trying to get something done with what little bandwidth is available in such circumstances.

Re:As long as the browser asks for permission (5, Informative)

Anonymous Coward | about 4 years ago | (#33173092)

There is a potential security issue too: what if someone manages to hack Mozilla's DNS to point to a malicious site pretending that there is an update (which introduces malware)? I hope they are planning on properly signing and verifying updates to deal with this possibility.

Unlike many others, Mozilla already does sign it's updates.

Re:As long as the browser asks for permission (1)

Servaas (1050156) | about 4 years ago | (#33173210)

MS's IM client does this, or so I'm told

If you are talking about Live Messenger then you were told wrong. You can still use old version even if its not up to date.

Re:As long as the browser asks for permission (1)

MonsterTrimble (1205334) | about 4 years ago | (#33173086)

I think on a fresh install or upgrade to FF4, make the silent updating an opt-in. If you want it, you got it. Otherwise you stay traditional.

Myself, I would like to stay traditional on updates, but that's me.

Re:As long as the browser asks for permission (0, Troll)

hedwards (940851) | about 4 years ago | (#33173312)

You don't see the problem with that? The people that should be using it are the same ones that would likely get that wrong. Whereas the individuals that don't really need to use it would have very little trouble going into the preferences and disabling it.

Opt in isn't always the best choice, especially when the people that most need to opt in are the ones with the least ability to make an informed decision.

Re:As long as the browser asks for permission (0)

Anonymous Coward | about 4 years ago | (#33173560)

You don't see the problem with that? The people that should be using it are the same ones that would likely get that wrong. Whereas the individuals that don't really need to use it would have very little trouble going into the preferences and disabling it.

Opt in isn't always the best choice, especially when the people that most need to opt in are the ones with the least ability to make an informed decision.

That's the same argument (and almost the exact same wording) that BoA, Chase, Etc. used to use to argue that checking account overdraft 'protection' needed to be opt-in instead of opt-out (as will soon be required by law).

The annoying thing is ... they're right and you're right. But once you've made a decision to limit another adult's choices for their own good you have become an evil, overbearing asshole.

Re:As long as the browser asks for permission (2, Insightful)

Anonymous Coward | about 4 years ago | (#33173514)

Just take a hint from the silent updates that Windows does;

Do you want Firefox to be updated automatically?
(x) Yes, check for updates and install automatically (recommended).
( ) No, notify me but I will decide to install updates myself.
( ) Do not check for updates (not recommended).

Note: with automatic updates, you will still be asked for permission to instal major updates.

Choice vs. Sleek (4, Insightful)

Amorpheus_MMS (653095) | about 4 years ago | (#33172974)

I like that a lot of what makes Firefox different from Chrome is due to the "we'll let users decide how they want it" approach instead of just telling them how it's going to be done.

Re:Choice vs. Sleek (1)

Nerdfest (867930) | about 4 years ago | (#33173290)

It does sound like there will be a setting that can be changed, but the default is silent install.

Thank you thank you thank you thank you (0)

Anonymous Coward | about 4 years ago | (#33173000)

It's SOOOOO generous of Mozilla to set my options BACK to the way I want, after Mozilla changes them without my permission.

Puts them right up there with Mother Teresa.

wont work for "program files", permission denied (0)

Anonymous Coward | about 4 years ago | (#33173002)

unless it wants to install a updater service for administrator, WHICH WON'T HAPPEN
and even that won't work on windows 7

Re:wont work for "program files", permission denie (0)

Anonymous Coward | about 4 years ago | (#33173042)

...won't work on windows 7

What are you smoking? Background services work just fine on Windows 7, as they did on all NT-based versions of Windows, provided you know how to program and set them up.

OMG! (4, Insightful)

pushing-robot (1037830) | about 4 years ago | (#33173004)

Mozilla is stealing our freedoms with communist security updates!

...Seriously, folks, they're just automating the updates that everyone installs already. It saves us time, which last time I checked was a valuable commodity.

Re:OMG! (0)

Anonymous Coward | about 4 years ago | (#33173252)

The communist fingerpointing is getting old, capitalism has already brought us everything that made communism so frightening.

Re:OMG! (0)

Lazy Jones (8403) | about 4 years ago | (#33173286)

...Seriously, folks, they're just automating the updates that everyone installs already. It saves us time, which last time I checked was a valuable commodity.

Mozilla is not immune to a) faulty updates, b) hacked/hijacked servers, c) intervention on behalf of government agencies. Being able to deny an update adds another layer of security to users' computers because they might be informed of such issues before Mozilla fixes them. Also, not all users are stupid. If there is no option to deny an update, well, there are still some alternatives out there...

Re:OMG! (1)

siride (974284) | about 4 years ago | (#33173446)

If you read the damn summary, you'll see that you can turn off silent updates.

Re:OMG! (1)

noidentity (188756) | about 4 years ago | (#33173552)

Seriously, folks, they're just automating the updates that everyone installs already. It saves us time, which last time I checked was a valuable commodity.

Except those people who don't. Next you'll be telling me that everyone always uses the latest version of everything, since the latest versions never have bugs or problems that previous versions had, and are never slower, etc.

Silent updates are not ideal. (5, Insightful)

aussersterne (212916) | about 4 years ago | (#33173006)

I get more complaints from family and friends about "slow computers" than anything else, and usually these are all about silent background updates in the end. It's damned near impossible to explain to someone that's not computer literate what and update is, how it's affecting their computer, why it's necessary that the update gets installed, etc. They don't even know what Firefox is ("You mean my Internet?") much less any of the other things. Even my wife struggles to comprehend why there's always an update running; she tends to think I'm lying or dismissing her concerns. Every single application running on her computer does silent background updates:

Windows
Office
AntiVirus/Firewall Software
Adobe Flash Player
Adobe Reader
Sun JRE
Nero
Skype
etc.

Even tiny little apps from the vendor do this... Volume control, display control, trackpad control, blah, blah...

Another background process running automatic updates each and every icon in the tray and for each and every folder and application in the Start menu, as well as for browser plugins, third party configuration tools/extensions, drivers, etc.

At the very least they should try to display a notification somewhere on the screen saying "Updating XYZ, may slow your computer..." each time they do this, rather than silently saturating an internet connection (as 10 different updaters are in competition with one another), a CPU, and/or a hard drive's activity.

Re:Silent updates are not ideal. (1)

tcdk (173945) | about 4 years ago | (#33173090)

I've a older (winXP) notebook that I use sparsely, if it's been off-line much more than a week, it needs about 15-20 minutes on first boot for updates, before I can use it.

Re:Silent updates are not ideal. (1)

fearlezz (594718) | about 4 years ago | (#33173114)

I installed the nvidia driver on my Linux system from the rpmfusion repository. When I run "yum update", yum updates both normal Fedora updates and nvidia driver updates. I could even configure yum-updatesd to update all packages without me even noticing.

Why can't it be this simple on windows? Windows update on Vista/Win7 is okay for updating microsoft software. Now if only third parties could add their own 'repositories' to windows update, this would make updating a lot easier, and computing a lot safer.

Re:Silent updates are not ideal. (1)

tepples (727027) | about 4 years ago | (#33173556)

Now if only third parties could add their own 'repositories' to windows update

How much would Microsoft and Microsoft's certificate authority partner (that is, VeriSign) charge third-party application publishers for such a service? And how would developers of Free applications for Windows be able to afford it?

Re:Silent updates are not ideal. (1)

evanspw (872471) | about 4 years ago | (#33173120)

most of those can be set to manual update, or at least a notification that an update is ready to download. i know that's got it's downside too.

Re:Silent updates are not ideal. (1)

Jorl17 (1716772) | about 4 years ago | (#33173126)

You forget that browser updates matter. And, in theory, OS security updates should as well. So let's not say that silent updates are not ideal for all cases. They're not ideal for stupid and silly apps that you shouldn't be supporting any way (woops, broke the rule of not bashing useful but bloated apps -- kill me!; woops, did it again!)

Re:Silent updates are not ideal. (0)

Anonymous Coward | about 4 years ago | (#33173166)

Use linux. Seriously.

Re:Silent updates are not ideal. (1)

at_slashdot (674436) | about 4 years ago | (#33173178)

Hopefully Windows (Microsoft) will implement a repository system like in Linux distros. There's no reason to have EACH program run an updater for itself. Or, if you don't like the Linux example think of Apple app store....

Re:Silent updates are not ideal. (4, Insightful)

hedwards (940851) | about 4 years ago | (#33173334)

Linux can do that because virtually all the software is free either pricewise or GPLed. In which case most of those people are thrilled to have somebody else picking up the tab on the distribution and advertising. In the Windows world, that's not really the case. Much of it is commercial software and the freeware and opensource stuff is so numerous that I doubt MS is interested in taking on the responsibility and cost of hosting those files.

Re:Silent updates are not ideal. (1)

at_slashdot (674436) | about 4 years ago | (#33173392)

Two words: App Store. Apple can do it. They even make money out of it. GPL and free software is a red herring.

Re:Silent updates are not ideal. (0)

Anonymous Coward | about 4 years ago | (#33173540)

Windows would be better off with something like the FreeBSD Ports system. But instead of source and makefiles, have a framework which installs/updates/removes binary packages. It would be pretty easy to have a vendor like Adobe or Mozilla submit a Binary Port to Microsoft and tie it into the Automatic Update service. I'm a bit surprised they haven't done it already. It would let MS escape distributing files and give ISV a way to send out automatic updates to everyone without writing their own update code.

Re:Silent updates are not ideal. (1)

siride (974284) | about 4 years ago | (#33173428)

It doesn't need to have a repo system. It just needs to have a standard protocol for installation and update. Programs, once installed, can register with the update service, point Windows to the update URL source and then when there's an update, Windows can do it all in one batch.

Re:Silent updates are not ideal. (0)

Anonymous Coward | about 4 years ago | (#33173512)

Exactly what I thought, too. The protocol could also require signed updates, which would be a major security improvement for many programs.

The only problem I can see with that is that not every software developer would support the (hopefully standardized) update protocol. But anyway, even if just the major ones would support it, it would be an improvement already.

Signed with what certificate? (2, Insightful)

tepples (727027) | about 4 years ago | (#33173602)

The protocol could also require signed updates

Signed with a certificate issued by whom, purchased with what money? A company like Mozilla Corp could afford it, just as it can afford the Authenticode certificate to digitally sign Firefox Setup, but individual hobbyist developers of freeware and free software likely can't spare 200 U.S. dollars per year plus whatever their state charges to form a business entity.

Re:Silent updates are not ideal. (2, Insightful)

Anonymous Coward | about 4 years ago | (#33173186)

This is why i hate that OSes... well, Windows, hasn't got a decent package manager.

Auto updates could easily be handled through a single program for the entire OS.
All you do is just add to a file or registry item where the URL is, current version number, date / frequency of check and an optional "where to extract this to" for non-install archives.
Then you can make whatever damned EXE you need to make for doing updates then, whether it is Chromes silent updater or a Windows updates.
Windows Task Manager != an updater system. It is a hack, and it still requires a separate EXE to check anyway.

But it is Microsoft, they never do anything good for anyone.
They deliberately make their OS stupid and cumbersome, lock the SHIT out of it and throw a crappy shiny sub-standard wasteful copy of contemporary UIs of the latest OSes.
MICROSOFT, MAKING YOUR LIFE EASIER.

Re:Silent updates are not ideal. (1)

Anonymous Coward | about 4 years ago | (#33173202)

That's one major disadvantage of using Windows.

I can boot my GNU/Linux (Debian) machine after a month of not using it, run apt-get update && apt-get -u dist-upgrade as root, walk away to make a coffee, and when I return 5 minutes later, everything is up to date again and I can start working.

I can boot my Windows machine, and after I log in as Administrator, I have to wait 5min until the system is usable because every Application starts it's own update-agent and tries to find out whether there is an update for it or not. Then I get various annoying update pop-ups. And I have to click through at least 5 "wizards" to update my system, I takes an awful lot of time, and, worst of all, I have to constantly sit there and watch it, because I have to click on "next" for downloading the update, then again for extracting it, and finally for installing it. And even after that, my system is not up to date, because I don't have automatic updates turned on for every application (that would really kill the system), only for very important ones from a security point of view (OS, Browser, E-Mail client, Adobe Reader, Adobe Flash and a few others)

Re:Silent updates are not ideal. (0)

Anonymous Coward | about 4 years ago | (#33173530)

This is only going to run the update when Firefox is open, and I don't know what you've done to your system if installing a new version of Firefox slows it to a crawl.

This is problematic and I hope it can be disabled (4, Insightful)

Anonymous Coward | about 4 years ago | (#33173008)

This is problematic on slow links where every byte is precious (dial-up)

This is problmeatic on expensive links where every byte costs money (satellite, cellular)

This is problematic in managed environments where the end user does not have write-permission to the filesystem containing the software

I hope it can be disabled.

Re:This is problematic and I hope it can be disabl (0)

Anonymous Coward | about 4 years ago | (#33173168)

It has been like this for 6 years - what's the problem ? Disable the update if you don't like it.

How to disable updater only on pay-per-bit? (1)

tepples (727027) | about 4 years ago | (#33173614)

Anonymous Coward wrote:

Disable the update if you don't like it.

Can you recommend an easy-to-understand user interface to configure the updater to disable itself when on a pay-per-bit connection to the Internet yet reenable itself when on a less strictly metered connection (such as a home LAN or a restaurant hotspot)?

Re:This is problematic and I hope it can be disabl (0)

Anonymous Coward | about 4 years ago | (#33173654)

I hope it can be disabled.

Duh. Given how much fine-grained control Firefox does give you on about:config, chances are you won't just be able to disable it, you'll also be able to fine-tune what kinds of updates you receive, how often the check will be performed, and what server the updates will be fetched from (which might be useful for companies).

Say whatever you want about Firefox and Mozilla - I don't always agree with their default choices, and this one seems like something I'd not be happy with, either, but they DO allow you to configure things to your liking.

FYI: That will trigger alarms (0)

Anonymous Coward | about 4 years ago | (#33173010)

My personal firewall checksums executables and warns me the next time I start them if they have changed. If I don't know why an internet-enabled application has changed, I'll have to suspect shenanigans. Don't change executable code behind my back!

A feature to disable (1)

Crock23A (1124275) | about 4 years ago | (#33173068)

While I usually install all updates for firefox, and Windows, for that matter... I keep both update mechanisms disabled. I update my PC when I choose to and more often than not, i read changelogs and release notes. This feature is probably best for the average Joe type of computer user who doesn't know or care about updates.

I agree (5, Insightful)

Jorl17 (1716772) | about 4 years ago | (#33173096)

At the risk of being /. assassinated, I have to say that I agree with this. Particularly because it is possible to disable such a feature.

Non-techie people don't get a thing about browsers, updating, security, etc. The medium-techie usually want to be all updated, so will update to even RCs and Betas if they find them out. Techie guys, us, do whatever they want, but I believe that they want to be in control and know what's going on -- thus, they'll disable such feature.
But especially for the non-techies, this is a way of getting free security upgrades. The upgrades will probably be carefully chosen so that there are no compatibility issues -- and if there are, non-techie to medium-techie users won't care that much.

All in all, it is good for people who don't care, and enables us who care to keep things the way we want it.

Re:I agree (1)

Nerdfest (867930) | about 4 years ago | (#33173306)

I won't disable automatic updates, but I will disable silent automatic updates. When something stops working, I generally look at what has changed. If I don't know what to look at, it makes things very difficult to debug.

User Account Control (4, Interesting)

Crock23A (1124275) | about 4 years ago | (#33173106)

I wonder how this will get around UAC, a substantially annoying feature of Windows Vista/7. Will they be installing firefox to the user's home directory? Will it be sand-boxed from the OS? I admit I haven't done much looking into the pre-release so I apologize for any ignorance I might be showing.

Re:User Account Control (1)

Rockoon (1252108) | about 4 years ago | (#33173180)

I also thought about this almost immediately. You cant silently do anything under /Program Files/ or /Program Files (x86)/ without administrator rights.

Is it their intention to install the binaries/etc some place that doesnt require admin rights to modify them? How could that possibly be safer/better?

Maybe instead they intend to install a service set up with admin privileges. How is an extra service, with admin and network access rights and intent on modifying /program files/, safer/better?

Updates should be noisy anyways, regardless of the increased risks this sort of thing creates.

Restart after update? (1)

hcdejong (561314) | about 4 years ago | (#33173122)

Until now, FF updates require a restart. The update may be silent, but the restart is still going to require user notification. So what's the advantage here?

Re:Restart after update? (1)

PRMan (959735) | about 4 years ago | (#33173326)

I imagine it would wait until the user restarted Firefox...

You thought you'd sneak that by me? (2, Insightful)

bursch-X (458146) | about 4 years ago | (#33173138)

Nah, little Snitch will tell me. I really do hate that Google Chrome feature; just when I least expect it one of the Google background processes is for no apparent reason trying to connect to certain sites. Makes me wary, even if for the right reasons some software tries to sneak in any update without telling me. Even Apple gives me more freedom there.

Leave the question! (0, Troll)

coldmist (154493) | about 4 years ago | (#33173162)

And what if some of your plugins aren't ready for 4? suddenly, websites look different (like maybe a craigslist image laoder stops working), or worse yet your tab extension is borked, and you can't do anything with tabs any more?

Maybe a user doesn't like the new 4.0 look and wants to stay at 3.5?

Give the user a box and ask.

Do not change this behavior!

Re:Leave the question! (4, Informative)

the_other_chewey (1119125) | about 4 years ago | (#33173236)

Maybe a user doesn't like the new 4.0 look and wants to stay at 3.5? Give the user a box and ask. Do not change this behavior!

Congratulations for not even reading the summary: They will only do silent updates for
minor versions, i.e. security and stability updates.

The question will be kept for major updates, like 3.x to 4.

Re:Leave the question! (1)

Dunbal (464142) | about 4 years ago | (#33173304)

The beauty of open source - you don't like it, fork it.

Re:Leave the question! (1)

capebretonsux (758684) | about 4 years ago | (#33173384)

Give the user a box and ask.

Good luck with that. I'm still using firefox 2.0.0.20 simply because the awesome-bar was a dealbreaker for me since day one. And no, the 'oldbar' addon just makes it look the same, when the old behaviour is what I want most. What makes it even more depressing is how every other browser on the face of the earth which supports ad-blockers and noscript add-ons have followed mozilla over that cliff.

Lynx is looking more and more attractive by the day.

The biggest issue with auto-updates... (0)

Anonymous Coward | about 4 years ago | (#33173170)

The biggest issue with auto-updates is that when I'm on 3G on my laptop, I have to make pretty sure everything has its update mechanisms disabled, and re-enable them when I get home, otherwise my bill runs up pretty quickly.

Case in point, Steam. It's not exactly an auto-updater, but it'll insist on immediately syncing the games I installed on my desktop. And that's a *load* of traffic. Sure, I can always shutdown Steam, but I can't shutdown Firefox or Chrome, which I need for my everyday browsing. And BAM, out of nowhere, I've already spent ~20 MB out of my quota, and it hurts.

Re:The biggest issue with auto-updates... (1)

MysteriousPreacher (702266) | about 4 years ago | (#33173360)

That and these hidden updates could cause problems in the corporate world. Normally when browsers are updated I see vendors advising users to wait until the browser has been tested. That mostly applies to major updates, but any kind of update could patch a hole that a web application relied on - or introduce a new bug.

The EASY and OBVIOUS solution (0, Offtopic)

Roark Meets Dent (650119) | about 4 years ago | (#33173176)

... Simply set your application firewall to block all IP traffic originating from Firefox.

Oops (1, Insightful)

Anonymous Coward | about 4 years ago | (#33173196)

So much for rolling out Firefox for Enterprize.

More Mozilla Fail (4, Insightful)

duffbeer703 (177751) | about 4 years ago | (#33173316)

I'd love to be able to actually deploy and maintain Firefox in the large enterprise that I work in. Users want it. Unfortunately, users don't have admin rights, and Mozilla makes applying updates and configuring the browser from a central location difficult and has a history of not thinking about and actively shooting down any proposals which would potentially benefit system administrators trying to support Firefox.

I don't get why they don't get it.

Do not want. (0, Troll)

unity100 (970058) | about 4 years ago | (#33173352)

as simple as that. i wont upgrade to 4, as long as my software gets updated behind my back. i dont care about the reasons, i dont care about the rationalizations, i dont give a damn about anything else. it is MY computer, MY browser.

Re:Do not want. (1)

RabbitWho (1805112) | about 4 years ago | (#33173396)

It says right there you have the option to turn off silent updates.

Why not... (2)

johosaphats (1082929) | about 4 years ago | (#33173434)

Why not ask whether you want to be notified once it gets ready to update for the first time? This way, people who don't want to be notified in the future can elect not to (make this the default choice), and those that do can uncheck to box easily. Everyone's happy.

silent update will only be offered.. (2, Insightful)

tirnacopu (732831) | about 4 years ago | (#33173452)

on Windows, Mozilla has said.

Nothing to see here, move along..

Egad. Use intelligent defaults. (5, Insightful)

ccady (569355) | about 4 years ago | (#33173490)

How stupid! Show the user the dialog box, and put a checkmark on it which says (approx) "Don't notify me of these updates anymore, just do them."

Re:Egad. Use intelligent defaults. (1)

genner (694963) | about 4 years ago | (#33173632)

How stupid! Show the user the dialog box, and put a checkmark on it which says (approx) "Don't notify me of these updates anymore, just do them."

What's an update?
Son quick get in here, I got a virus!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>