>In one fun case, we had a corporate client disable automatic updates for their entire research lab because one night Windows update decided it needed to automatically reboot every single system there. They were running overnight experiments and came in the next morning to find that all of the night's data was missing or corrupted, costing them a day on a tight schedule.
That is a small edge case on a consumer OS running on a billion PCs, maybe they should have had some half-competent people running the lab instead of having defaults that are meant for normal users?
WSUS lets them have full control over updates and restarts. Most decent enterprises and univertisies use it.
>Microsoft does software updates in a very, very wrong way
Pray, tell us the right way. What would you have wanted Microsoft to do if there was this vulnerability that came today and the lab was running the research experiment for the next 3 days?
I am not the GP but I am curious about your proposed solution. You were comparing a browser updates to Windows Server, which could be running IIS running a bank website, Exchange server for mail or Lync/Communicator server.
Does Apache do automatic updates for critical vulnerabilities? I hope you can either give better examples than Chrome for comparison, or actually give a solution to this problem which is not isolated to Windows, most distributions require restarts for kernel updates,. With that perspective, your post was the one that seemed to be grandstanding and railing at Windows Update without providing specific solutions.
I have absolutely no influence at Microsoft. Why are you asking me to talk further over how I would do their software architecture differently? There is absolutely no hope of changing anything, at all, by doing that. It's a waste of time. That's why there was no "proposed solution" anywhere in my comment.
Let's recap.
1: A new 0-day has just been released that affects IE 7, 8, 9, etc.
2: givan points out that the long release cycle for Internet Explorer means that this will probably be a viable exploit for a long time to come. (And he's right.)
3: greenyoda says, no, Windows Update will fix this. Especially, "[IE] does get automatic updates, just like other browsers."
4: I jump in -- something I am becoming more and more convinced was a huge mistake -- and point out some of the reasons why Windows automatic updates are not just like other browsers.
Have I gone wrong somewhere yet? Do you really think that Windows automatic updates are "just like other browsers"? Why do you want me to accept that Windows updates have to suck just because Windows is a huge complicated piece of software? Does any of that invalidate any of the reasons I mentioned for why users turn off automatic updates?
Or is it your argument that people don't turn off Windows automatic updates? Because even Coding Horror has a rather popular post from 2005 on how to disable it (http://www.codinghorror.com/blog/2005/05/xp-automatic-update...), and that's targeted at a technical audience, so frankly I'm not yet convinced that anybody who thinks that disabling Windows automatic updates isn't a popular thing to do is someone that I should spend any time debating this with.
Does Apache do automatic updates for critical vulnerabilities? No. Could it? Sure. I bet half the people on this forum alone could write a cron job to do just that. But more importantly: who cares?
The fact alone that Microsoft pushes browser updates through the exact same channel as kernel updates makes their update process very wrong. I don't think I have to spend any time at all going out on a fishing expedition finding you examples of software that does it right to argue that at this point browser updates should be getting their own channel from MS. (Just in case I really have to spell it out: treating operating system updates as exactly equivalent to browser updates is stupid. Not doing so would solve your number one rebuttal, which seems to be that Microsoft can't do updates better because software is hard.)
If you insist on having me come up with an entirely new way to engineer software for Microsoft, I expect to be paid for that.
And I'm still reading patio11's latest post on kalzumeus, so my rates just went up.
>I have absolutely no influence at Microsoft. Why are you asking me to talk further over how I would do their software architecture differently? There is absolutely no hope of changing anything, at all, by doing that. It's a waste of time. That's why there was no "proposed solution" anywhere in my comment
You compared Chrome favorably to Windows Updates and criticized WU throughout your post, which lead me to believe you had some insight on how to make updates painless beyond "Microsoft, just make it better.".
>Or is it your argument that people don't turn off Windows automatic updates? Because even Coding Horror has a rather popular post from 2005 on how to disable it (http://www.codinghorror.com/blog/2005/05/xp-automatic-update...), and that's targeted at a technical audience, so frankly I'm not yet convinced that anybody who thinks that disabling Windows automatic updates isn't a popular thing to do is someone that I should spend any time debating this with.
First, Windows 7/8 are much better than XP in this regard. Second, the point of difference between us is that you're not ascribing any blame on the user at all for turning off updates.
Here's the dialog box for turning it off. It states the following:
> Never check for updates, not recommended. Your computer will be more vulnerable to security threats and performance problems without the latest updates.
To go to a car analogy, updating your OS is like servicing your car which comes with inconveniences such as having to find a few hours in your busy life and not having access to your car for a few hours, having to take a taxi or bus to home or work, or skipping gym, watching TV or going to a movie. Who's fault is it primarily if the car catches fire on the highway because it wasn't serviced because taking car to service was too much work?
Your arguments amount to something like, "it's solely the car makers' fault to require expensive service that takes a long time that leads to users not servicing cars for months, they should learn to make cars that don't need service, do I need to take my bicycle for service? They should learn from that."
If my friends or relatives either turned off automatic updates or stopped servicing their car, I would strongly recommend them not to do that. You may be of a different opinion regarding updates i.e "yes they suck and are a waste of time, no need to do it".
Another point of contention is your anecdote of "most users turn off automatic updates". Most? Can you come up with some reference to that beyond your personal anecdote?
>The fact alone that Microsoft pushes browser updates through the exact same channel as kernel updates makes their update process very wrong
That's a better idea, but should we have different channels for Remote Desktop? Windows Media Player critical updates? Why are these any less critical than IE updates? I guess that would further confuse normal consumers some of which don't even know what a browser is.
If you're an admin, you can already pick and choose updates.
Should Microsoft make updates better? Yes.
Should user not turn off automatic updates even if it's "annoying"? Yes.
>If you insist on having me come up with an entirely new way to engineer software for Microsoft, I expect to be paid for that.
>And I'm still reading patio11's latest post on kalzumeus, so my rates just went up.
Thanks for graciously agreeing to insighfully comment on HN for all of us. I feel obliged to pay your for amazingly modest comments with no grandstanding or condenscenion for which we're all very grateful , do you accept Paypal?
That is a small edge case on a consumer OS running on a billion PCs, maybe they should have had some half-competent people running the lab instead of having defaults that are meant for normal users?
WSUS lets them have full control over updates and restarts. Most decent enterprises and univertisies use it.
http://technet.microsoft.com/en-us/windowsserver/bb332157.as...
>Microsoft does software updates in a very, very wrong way
Pray, tell us the right way. What would you have wanted Microsoft to do if there was this vulnerability that came today and the lab was running the research experiment for the next 3 days?