OSNews

update; yes. forced; no.

Updates repeatedly demonstrate that forcing the change is a bad idea. How many Windows updates have reversed previous updates or all out broken existing systems. How many companies would have been hosed by the IE8 update originally delivered broken. I've on rare occasion even had Mandriva updates break a system (phpBB v2 to v3 blew apart the server). I now have an apache update waiting for a Debian box but there's no way I'm doing that on the production machine until the test server confirms it. On my PDA, the OS install is not a simple default against the internal non-removable flash so something like a forced kernel update when booted from SD instead of internal flash is a problem.

"Your OS was kind enough to force an update on you last night, your staff will be unable to work until all machines are re-imaged back a step.. but the next night, the update will be forced back in again. Thank you for your patience."

The other problem is that a device should not be causing network traffic without the user's consent. I don't want my notebook or PDA hopping on any wifi it finds and blasting packets out. If I'm on a contracted pentest; that's a problem. If I don't own the wifi that it happened to connect too; problem again. If the wifi was intentionally left open with a man in the middle; yet another problem.

Sometimes a user needs to get work done rather than wait on an update process. Imagine having to get a call out in a hurry but having to wait on a process bar from the update system.

Updates should be made available but in a manner that allows them to be differed within reasonable amounts of time. Months or indefinitely in the case of Conficker is not acceptable by any means but update quality is just not up to the level of being non-negotiable either.