September 14, 2007

The dangers of automatic updates

Author: Bruce Byfield

When I started using GNU/Linux eight years ago, I was dumbfounded to encounter Debian users who started their day by upgrading their entire system. Yet now, with the updaters that sit in the notification trays of recent GNOME and KDE-based distributions, I realize that these daily upgraders were not daredevils, but pioneers in the idea that all upgrades are desirable. Never mind that this idea is an nuisance and an unwarranted assumption -- let alone that constant upgrades are unsuitable to many styles of computing and contrary to responsible system maintenance.

I don't know about anyone else, but my usual reaction to an updater is irritation. Admittedly, GNU/Linux updaters are not as bad as Windows'. In that operating system, a popup notification about updates seems to ambush you every 30 seconds, and you are constantly warned that your system is at risk if you turn off automatic updates. So far, updaters in GNU/Linux are more restrained, distracting you with a popup about the number of available updates only when you login, or placing an icon in the system tray. Moreover, only one updater exists for the whole system in GNU/Linux, while in Windows Vista you can have as many as three or four. And at least a GNU/Linux updater can be turned off.

However, the tendency toward nagware is still there, distracting you from whatever you are doing with a notice that you probably don't care about at the moment. Give me a log file that I can view at my leisure any day.

But updaters are more than just a nuisance. They're an active hazard. Presumably the assumption behind updaters is that the newest version of a software package is more secure and less buggy. But that, as anyone who explores his system soon finds out, is an unwarranted assumption.

Conflicts between programs, unresolved dependencies, and broken systems all await those who avail themselves of over-ambitious upgrades. The mailing lists of just about every distribution are full of the lamentations of the reckless who have trashed their systems through unwary upgrades. The truth is, except for security updates and fixes for specific problems, the average desktop user is likely to have fewer difficulties with an "if it ain't broke, don't fix it" philosophy.

Yet updaters make their functions all too easy to use carelessly. Right-click on any of them, and you have an option to install all updates without looking at them. They also give you the option to view and select updates, but, in Fedora 7, you are hardly better off than updating blindly, because all you get is a single sentence description of the package. From that description -- or possibly the package name -- you might be able to tell how important a particular piece of software is to the smooth running of your system. But what you can't tell is what changes have been made in the update, and whether the update is useful to you.

The Debian updater at least gives you a list of changes in an update. Yet even this list is concealed until you click the Show Details button. In all the updaters, the design encourages blind acceptance of all updates. Contrary to the assumption that updating is responsible, they encourage updating in the most irresponsible way possible.

This behavior is bad enough when you stick to the standard repositories. If you stray further afield, updaters can potentially create even greater problems. For instance, add the experimental repository to Debian, and, the next time you log in, you may be informed of dozens or hundreds of new updates of questionable quality. There is no mechanism to exclude individual repositories or packages from updaters, though most of the time, users go to nonstandard repositories for specific packages, looking for solutions to specific problems. They have no interest in most of the repositories' contents, which were never intended for everyday use anyway. Yet, with an updater, one careless choice made after adding such repositories, and suddenly you are invited to gamble with your system.

Of course, you might say that users should know better than to be so careless. But the fact is that it's easy to make mistakes when you are distracted or careless (and if you don't believe that, then you are a prime candidate for disaster; the point of making things idiotproof is that we can all be idiots sometimes).

Anyway, many desktop users don't know better. Why should they, when the automatic installation of the updater and its menu items encourage them to think that adding every new update to their system is standard procedure? They don't know enough to read the bug lists for every package on their system, and most of them wouldn't take the time to do so anyway.

A list of updates is useful for system maintenance. Yet it needs to separate out security fixes from bug repairs and added functionality, and it needs to give enough information for users -- especially new ones -- to make informed choices. Otherwise, you may as well be in Windows, where users are discouraged from a hands-on approach to their systems.


  • Commentary
  • System Administration