Silent, automatic updates are the way to go

Recently, PPK stated that he hates Google Chrome’s automatic updates. I disagree. In fact, I think that all browser vendors should enforce automatic updates as violently as Google Chrome does. There should be no option to disable them. For anybody.

But what about the user’s freedom of choice?

This might sound a bit facist at start, but imagine a world where all browsers would get automatically updated, without the possiblity of an opt-out. If you went online, you would be bound to have the very latest version, regardless of how computer (i)literate you were (Many — if not most — home users that don’t upgrade are like that because they think it’s too difficult for their computer expertise level). Sure, if you were a developer you wouldn’t be able to test a website in older browser versions. But why would you need to do so? If everybody had the latest browser version, you would only develop for the latest version and perhaps for the next one (via nightlies and betas, that could still be separate in that ideal world).

Imagine a world where your job wouldn’t have to involve tedious IE6 (and in a few weeks, no IE7 either), Firefox 2, Opera 9.5 and Safari 3.1- testing. A world where you would spend your work hours on more creative stuff, where you wouldn’t want to bang your head on the wall because you know you did nothing wrong but the ancient browser that you are currently testing in is just incompetent and YOU have to fix it’s sh*t. A world where the size of your Javascript code (and the JS libraries’ code) would be half its size and constantly decreasing as new browser versions come out. A world where you would only have 1 CSS file in most websites you develop. A world where you wouldn’t feel so bad because IE8 doesn’t support opacity, border-radius or SVG, because you would know that in 1-2 years everyone would have IE9 and it will probably support them. A world where designing a website would be as much fun as designing your personal blog.

Doesn’t such a world sound like a dream? Would it harm anyone? Users would browse a much lighter and beautiful web, with a more feature-rich and secure browser. Developers would work half as much to produce better results and they would enjoy their work more.

What about corporate intranets and abandoned sites that won’t keep up?

Oh come on, that isn’t a good enough reason to not make that dream come true! Companies and individuals could be allowed to have an older version of the browser installed as well. They still wouldn’t be able to opt out from the automatic upgrade, but they could apply somehow to have an older version of the browser in the same system as well. Similarly to what happens now with browser betas. People would use the older version to access corporate intranet applications and obsolete sites and the latest version to surf the web. I may be overly optimistic, but I think that if a user had both versions of a browser installed, (s)he would prefer the latest wherever (s)he can. Perhaps another step towards enforcing that would be if the OS prevented an older browser version from being set as the default browser, but I guess that would be too hard to do, especially if the browser in question is not the OS default one.

Other people who agree with me

What’s your opinion?

  • http://www.systasis.com/ Symeon Charalabides

    Hi Lea,

    I must disagree with your thesis due to its nature, rather than the point itself. Let me elaborate:

    First off, don’t get me wrong: I despise that horrible piece of junk called IE6 as much as the next guy and more than most. Having said that, I cut my teeth on “graceful degradation” on NN4, so maybe my perspective (and, hence, my patience) is a bit wider than most modern developers’. I would be blissful to only have to cater for the latest version of major browsers. But to enforce automatic updates in order to achieve that? Hell no!

    My problem with the argument is that it doesn’t merely sound fascist, but actually is. No vendor should have such power over your own machine’s resources/scheduling and, in my opinion, Chrome already goes too far by installing the Updater every single time you use it, setting it up as a startup job and scheduling it for when your PC is idle. Your PC’s resources and usage thereof should be your own affair, since you’re the person footing the bill, and every reputable software vendor should fully disclose when/how they plan to essentially hijack them (which is what Google does), offering options to accept, alter or, of course, reject (which is what Google doesn’t).

    You would argue that this issue is small and I would agree, but it’s the “slippery slope” nature of the issue that’s worrying: If we consider it rightful to tie users to the latest versions of browsers, why stop there? Why not just reject all “bad” browsers and only allow the best? Or only the ACID-2-capable ones? Or only webkit? The problem is that there is no clear line between “somewhat limited choice for the common good” and “completely limited choice for the common good”. If the latter statement sounds like a former socialist state business plan, it’s because it is. We shouldn’t forget how these ended up.

    We should be encouraging people to use better browsers and versions thereof by spreading information as far and as wide as possible, but we shouldn’t be forcing them. It’s the old “Education vs. legislation” argument. The WWW is so successful because of its open and free nature. I would hate to see it turn into another exclusive medium because we, the wise ancients, decided we know better than the actual users.

    Even though we do.

    Regards,
    Symeon

  • http://leaverou.me Lea Verou

    Hi Symeon!

    First of all, thank you for commenting, especially since your comment is officially the first one in this blog! (I guess I’ll now have to add a link to the comments feed and style the comments better :P )

    Your objections are rational and well-thought in the most part, and frankly – I expected them.
    However, let me argue:

    No vendor should have such power over your own machine’s resources/scheduling and, in my opinion, Chrome already goes too far by installing the Updater every single time you use it, setting it up as a startup job and scheduling it for when your PC is idle.

    • You always have the option to uninstall Chrome (unless of course you’re a developer, but that’s a different story), and this is what freedom is all about. Nobody forces you to use Chrome, you decide to use it, and forcing you to have the latest version is one of it’s vendor’s terms.
      This argument reminds me a bit of the all-time-classic nagging in discussion forums: “You facists, why are you deleting my posts? Why don’t you let me write whatever I want? What about freedom of speech?” which almost always gets the all-time-classic reply “You can always go to a different forum, that’s what freedom is all about. Nobody forces you to be here.”. It’s actually the same thing.
      You are free, because you can decide whether to use something or not. However, if you decide to use it, you ought to comply with it’s maker’s terms. It’s like coming at my house: If I want visitors to take their shoes off in order to let them in, it’s not facist because you can always decide to leave. But if you decide to come inside, you will have to comply with my terms, since it’s my house.
      You may not likethe terms, but you can’t say they are facist. In my opinion, no individual (person or company) could be facist, since you still have the option to avoid them.
    • As things currently are, users are forcing us to deal with ancient browsers because they don’t take the time to update. That seems to me exactly as facist as my suggestion.
    • There are many programs who follow similar practices (being run on startup, without an option to disallow that other than uninstalling them), we are just not used in such practices for browsers. Various trackers, antivirus software, firewalls etc. And don’t tell me that antivirus software has to do that because it’s a matter of security, because having the latest version of your browser is also a matter of security.

    You would argue that this issue is small and I would agree, but it’s the “slippery slope” nature of the issue that’s worrying: If we consider it rightful to tie users to the latest versions of browsers, why stop there? Why not just reject all “bad” browsers and only allow the best? Or only the ACID-2-capable ones? Or only webkit? The problem is that there is no clear line between “somewhat limited choice for the common good” and “completely limited choice for the common good”.

    Of course there is a clear line. In fact two of them:

    • Automatic updating is up to the vendors. Who would decide about disallowing a certain browser? Definately not it’s vendor. Whom then? The W3C? I never suggested that some “higher authority” should enforce this on all vendors, I suggested that the vendors themselves should choose it.
    • It’s almost an axiom that a newer version of a software product is better than the old one, especially for browsers. Nobody thinks that IE7 is worse than IE6 (I hope!!!), but many end-users would argue that IE is better than Firefox. A real-life comparison could be that a particular person is always more mature in his/her forties than when in his/her twenties, but when we are comparing different people, we could easily find one that is 20 years old and more mature than another 40 year old person.

    Also:

    • Forcing users to have the latest version is not “limited choice” most of the times. An older browser is rarely a choice. Most of the times it’s just evidence of boredom and fear of breaking things.
    • If you had read the last paragraph of my post more carefully, you would have seen that I suggested allowing users to have older versions of the browser installed separately. You would just be forced to have at least one instance of the browser which would be updated. If you wanted, you could have several older versions as well. The concept behind this is that I believe that if a user had both the newest version and an old one, they would choose the newest one most of the times.
    • Why should we consider what would happen if we slip anyway? Let’s just consider whether this is a good idea, and simply not let ourselves slip. It would need the exact same effort, and it would yield much better results.

    PS: I could never have imagined having a political debate (and if you think about it, it’s actually a political debate) in a web development blog. LOL :P

  • http://www.systasis.com/ Symeon Charalabides

    Hi Lea,

    Thank you for your elaborate reply which clarifies many points. With the understanding that I am merely playing devil’s advocate here and arguing for the principle of choice, rather than the practical apsects of the matter, let me offer my own clarifications and counter-counter-arguments:

    You are free, because you can decide whether to use something or not. However, if you decide to use it, you ought to comply with it’s maker’s terms…

    You are absolutely right, and maybe I didn’t make myself very clear on my beef with Chrome: I consider it bad form to install silent services without disclosing so during the installation process and without giving the option to modify or opt-out of them, and this I find fascist in principle. This is not a technical argument; Google is legally covered for this practice and the vast majority of users are better off for it.

    As things currently are, users are forcing us to deal with ancient browsers because they don’t take the time to update. That seems to me exactly as facist as my suggestion.

    I find 3 things wrong with this argument:
    1. The users are not being fascist; they are not being anything. They are just behaving like users and where there is no intent there can be no blame for that intent.
    2. Even if users were actively being fascist in that respect, that doesn’t justify us being fascist back: 2 wrongs don’t make a right.
    3. This is an argument from a developer’s point, only a developer is there to serve the users and not the other way around. In this capacity, the users are our customers and the customer is always right.

    There are many programs who follow similar practices …, we are just not used in such practices for browsers.

    The “common practice” argument isn’t pertinent here: 2 wrongs don’t make a right. Those many programs are wrong too, in my opinion, and should also offer full disclosure and the widest possible range of options during the installation process.

    I never suggested that some “higher authority” should enforce this on all vendors, I suggested that the vendors themselves should choose it.

    Absolutely right. I stand corrected.

    It’s almost an axiom that a newer version of a software product is better than the old one, especially for browsers.

    Not at all: IE has had a slew of “unsuccessful” updates, which MS has had to hastily patch in order to plug a newly-introduced vulnerability. Firefox has had its share too, and so has Safari. These were minor, not major, new versions, which are generally the automatic updates you’re arguing for. Naturally, vendors have a massive interest in patching their boo-boos as fast, as comprehensively and as silently as possible, and also to downplay the extent of the potential damage, but users are still liable to have their system compromised in the intervening time through no fault of their own.

    An older browser is rarely a choice. Most of the times it’s just evidence of boredom and fear of breaking things.

    True but, as I mentioned, I’m arguing on the principle of choice, so even 1 person consciously choosing an older version (and I have sometimes been that person) is enough to justify the principle.
    Anyway, fear of breaking things is just as much a good thing as a bad one.

    … I suggested allowing users to have older versions of the browser installed separately. You would just be forced to have at least one instance of the browser which would be updated.

    Yes but what if you wanted to stay 1 or 2 minor versions behind for the specific purpose of not having your system compromised by a bad update, as per my last 2 points? I am arguing for a user’s right to use a browser without being forced to have the latest version in any state on their system, so that’s not a viable compromise.

    Why should we consider what would happen if we slip anyway? Let’s just consider whether this is a good idea, and simply not let ourselves slip.

    The road to hell is paved with good intentions, Lea. The nazi party was voted democratically as well, so it must have seemed like a good idea at the time.

    I could never have imagined having a political debate … in a web development blog.

    I’m afraid it’s a primary component of the “being Greek” package. I scare myself sometimes ;-)

  • http://leaverou.me Lea Verou

    Hi Symeon!

    Thank you for your followup comment. This discussion has turned into a very interesting debate!

    By the way, I replaced the bbcodes in your post with html, since wordpress only allows basic html for formatting, and not bbcode (I should probably write that somewhere in the comment form…). I hope you don’t mind.

    I consider it bad form to install silent services without disclosing so during the installation process and without giving the option to modify or opt-out of them, and this I find fascist in principle.

    Don’t they mention anything about it in the TOS displayed during the installation? If not, you’re right. If they do, it’s the user’s fault if (s)he doesn’t read those.

    I find 3 things wrong with this argument:
    1. The users are not being fascist; they are not being anything. They are just behaving like users and where there is no intent there can be no blame for that intent.
    2. Even if users were actively being fascist in that respect, that doesn’t justify us being fascist back: 2 wrongs don’t make a right.
    3. This is an argument from a developer’s point, only a developer is there to serve the users and not the other way around. In this capacity, the users are our customers and the customer is always right.

    You are absolutely right. I suspected that that argument was bad even while writing it, but I left it there just in case :P

    The “common practice” argument isn’t pertinent here: 2 wrongs don’t make a right. Those many programs are wrong too, in my opinion, and should also offer full disclosure and the widest possible range of options during the installation process.

    Why isn’t it pertinent? It proves that this practice has been tested in users without causing any significant issues.
    As for these programs (or any program), of course it would be better for the users if they had the widest possible range of options to choose from. However, the opposite doesn’t qualify as facist (in my opinion), since the user can still choose not to install (I think I’m repeating myself here…). I agree on the “full disclosure” part though; The user should know in order to be able to choose.

    Not at all: IE has had a slew of “unsuccessful” updates, which MS has had to hastily patch in order to plug a newly-introduced vulnerability. Firefox has had its share too, and so has Safari. These were minor, not major, new versions, which are generally the automatic updates you’re arguing for. Naturally, vendors have a massive interest in patching their boo-boos as fast, as comprehensively and as silently as possible, and also to downplay the extent of the potential damage, but users are still liable to have their system compromised in the intervening time through no fault of their own.

    Which one is worse: Being exposed for months, or for a few hours?
    You take for granted that if a user doesn’t update, he will be stuck with a proper version. However this isn’t always the case. and (s)he might be stuck in a problematic version for months or even years!

    By the way, I’m not only arguing about minor updates. IE6 to IE7 or IE8 is not a minor update. I think major updates should be applied automatically as well (after checking whether the capabilities of the machine are sufficient of course).

    Yes but what if you wanted to stay 1 or 2 minor versions behind for the specific purpose of not having your system compromised by a bad update, as per my last 2 points? I am arguing for a user’s right to use a browser without being forced to have the latest version in any state on their system, so that’s not a viable compromise.

    I guess you could use another browser until the problem was fixed, if it was that bad. The possibility of two browsers having a problematic minor update at the same time is close to zero. :P
    Everything has its downsides. I think what matters is whether the advantages outweigh the disadvantages, and not whether there are no disadvantages at all!

    The road to hell is paved with good intentions, Lea. The nazi party was voted democratically as well, so it must have seemed like a good idea at the time.

    Oh come on, it’s ridiculous (sorry!) to compare nazism with browser automatic updates!!
    Actually, the current state has a higher probability of somebody getting killed (The developer, from excessive banging of his/her head againist the wall) so from a certain perspective, it has more similarities with nazism. :P (this was meant to be a joke, don’t take it as a serious argument please!)
    Serious reply: If we thought “oh, what happen if we slip?” or “Oh, what if this isn’t a good idea and it just seems like one?” every time we had to make a decision, people would still wait to get married to have sex (because they might just “slip” and have orgies in public or become pedophiles or something – whatever you define as “slipping”) and no progress would have been made in any Science (“What if object oriented programming isn’t a good idea and just sounds as one?”). Yes, bad things have happened, and will keep happening, but if we become so afraid of change, we will decrease the rate of good things as well.

    I’m afraid it’s a primary component of the “being Greek” package. I scare myself sometimes ;-)

    Lol, please don’t remind me about that. This blog is partly an attempt to temporarily forget it :P Some people prefer drinking to accomplish that, I prefer blogging. :P

  • http://www.alexlingris.com lexx

    I prefer calling out names loudly at my partners, the computer screen, the cat on my wallpaper, and everything else that tries to get in my way while I am debugging for ie6. I believe that all this people, animals and stuff, would be relieved if microsoft did at least have as a default option, automatic upgrades.

    Lea your blog is awesome. I am glad its Saturday, and finally I ll get to read it.

  • http://leaverou.me Lea Verou

    Thank you lexx! I hope you enjoy it :)

  • http://comingsoon.com Ozzy

    Its weird. When i develop websites, my main browser to develop in is either Opera 9+ or Chrome. After i get the site design coded (usually messy), then i test other browsers and make appropriate changes. The site i am currently working on has very complex imagry and alot of transparent PNGS. I knew this would be trouble for IE6, i was write. But the ONLY problem was the PNGS, everything else (even floats) performed correctly. I then used the iepngfix.htc file to fix the transparency problem. Done.

    Now i check IE7, expecting it to work perfectly… it was a mess. My site works in Safari 3+, Chrome, Opera 9+, IE6 but not IE7.

    My point being is, even if your website is standards compliant, with automatic updates on, you as a designer may have to work extra hard if the newer browsers mess up with your code.

  • http://leaverou.me Lea Verou

    Thanks for commenting Ozzy and welcome to my blog!
    Your point is valid.
    However, it’s only valid for the present. In less than a year, IE8 would be out of beta, and if silent+automatic updates were a reality, you wouldn’t need to test the website in IE7 at all.

    By the way, you don’t mention Firefox at all. Don’t you test your websites at Firefox? I think with the Firebug extension, debugging is as easy as currently possible in FF (personally I use FF as a starting point, and test in other browsers afterwards).

  • http://comingsoon.com Ozzy

    I knew i forgot something :P, Firebug is just awsome at debugging javascript, beats operas dragonfly hands down. I guess i didnt feel the need to mention FF as opera and FF render standards compliant websites pretty much identically.

  • Gademis

    Hi Lia

    I understand your point, but I believe you can make the update process “aggressive” enough to make things all right without prohibiting users to keep their existing version (and I will go into reasons one might want to do that later).

    Yes, there should be a default update option the user can turn on and leave on. Plus, let’s say 10 days after deployment, after it has asked the user when deployment of the new version happened, the browser can update itself silently. That way you get the lazy user updated, you are still informing him that there IS an update (and maybe you want him to check out new features), you can still inform him that in 10 days an automatic update will occur (so he can’t nag about you having your way with his PC) and you can still leave an about:config option or a registry entry to allow an experienced user to block the updates.

    That last one is important. It is futile to try and prevent an experienced user from updating: You’ll only get your update site blocked at network level, or hosts file and then the user can’t even get notified of the update. And there are a number of legtimate reasons to keep the old browser:
    1) The pc is a net cafe mashine or a virtual mashine who rolls back when rebooted anyway, so updating is both pointless and a strain on resources (imagine a cafe’s line with every mashine updating all its browsers every time it reboots).
    2) The new version breaks something, but the site owner can’t or dosen’t bother to fix it. Or for a dummer version: The site does a browser check, it dosen’t “know” the new version, so the user gets a message “your browser isn’t supported” while it really is. Now imagine an admin in a corporate invironment who knows about this, but can’t prevent the browser from updating.
    3) Same problem with the admin above, with the new browser executable being a known false positive in the AV suite.
    4) Same as above, but with the browser deciding to require a ton of ram, that the pc dosen’t have, or takes up too much cpu.

  • http://leaverou.me Lea Verou

    Hello gademis! Nice to see you again! Welcome to my blog :)

    I guess an about:config setting would be fine, the ones that would actually use it would be so few that they wouldn’t cause pain to web developers and designers worldwide.