Good for them.
In a previous blog post (or two) I've called it "bordering on negligence" that Opera continued to ship new versions of the browser without a real update mechanism.
The response I got from members of the Opera team was that with all their different mobile platforms and the bandwidth restrictions that some of those platforms have, it didn't make sense to develop and deploy an auto-update mechanism. Apparently getting security updates in the hands of its desktop users was just not priority enough for them to do the work necessary to either find a solution for their mobile environments, or fork that bit of code over to just the desktop.
Clearly that's not the right answer for their desktop users and several years later it looks like those users are going to get a little bit safer. I hope that even those who defended Opera's failings here in the past will see this as a welcome improvement. This is a good thing and will finally bring bring a critical security feature to Opera that's been available to every other browser user for many years.
And this isn't just about Opera, though they were the last browser to begin implementing it. No piece of internet connected software should be without an effective automatic update system. Not providing your users with timely automatic security updates is just irresponsible.
Posted by: foXtensor | December 10, 2008 3:06 PM
Is writing an application update mechanism into every single application really the sort of duplication of effort the Free Software community wants to be doing or encouraging? Or is this more like the sort of thing that should be solved once and for all, below the end-user application level, instead?
I'll stick with Linux and my distro's online update mechanism that works as a one-stop shop to get security updates for *all* my apps at the same time, thanks.
If only apt, yum, or some other at least half-decent packaging system had traction on Windows, that would rock. It ought to be possible to do something without even the need for a central repository, so that packages are sourced from their project websites.
e.g. Click on http://www.mozilla.org/firefox.winpkg and the package manager will remember it, remember where it came from, resolve and download and install its dependency of http://www.zlib.net/zlib.winpkg, etc... The package manager app itself would be responsible for setting up scheduler jobs to check for updates to *all* installed packages. If it were successful enough, non-Free software could use it alongside (or even instead of) .exe installers.
Part of the problem, of course, is *getting* sufficient installed base and traction behind one package manager so that other people would have an advantage in using it, rather than .exe installers. ISTR that apt, rpm and at least one or two other Linux package management systems are actually ported to and available on Windows, but no-one uses them.
Another major part of the problem is probably that not that many Free Software authors care enough about Windows to spend time actually putting work into this. Most of them already use Linux, where this is a solved problem. Why bother solving it again, for a platform they only really want to wean people off?
Meh.
Posted by: Karellen | December 10, 2008 7:05 PM
Agreed,
Tracking version releases manually is a non sense.
Posted by: Vygantas | December 11, 2008 12:53 AM
An auto-update manager is fine for home users, but can be a management problem in a corporate environment, where users and applications should not be deciding for themselves what gets installed and when.
Posted by: johnnysaucepn | December 11, 2008 2:28 AM
"An auto-update manager is fine for home users, but can be a management problem in a corporate environment,"
Repeated downloads would also be a problem in that environment.
Therefore there should be the facility to specify a local package cache (as exists for most Linux package management software that I'm aware of, e.g. "approx" for apt) to check instead of going to the internet.
If this was done, and added a switch so that an admin could specify that *only* the cache should be checked, then the IT dept admins could control what goes into the cache, and when. They could, in effect, set up corporate-private "testing" and "stable" repositories, and control what goes into stable and when. Each PC only grabs updates from "stable" that the admins have allowed in.
"where users [...] should not be deciding for themselves what gets installed"
Well, no. You probably don't give users the right to run the package manager in a corporate environment. IT decides what goes on, and an unattended system service does the updates.
Posted by: Karellen | December 11, 2008 2:59 AM
Asa, you wrote:
The response I got from members of the Opera team was that with all their different mobile platforms and the bandwidth restrictions that some of those platforms have, it didn't make sense to develop and deploy an auto-update mechanism.
Are you referring to this blog post by Hallvord? If so, that is not what he said at all. In fact, he even offers compliments for Firefox's automatic update feature.
Here's what he said in context (emphasis mine):
Asa is rightly proud of Firefox's automatic update feature, but he probably forgets that Opera runs on a large number of platforms and devices where automatic updates is impossible. If Opera runs on a mobile phone where the user pays data charges, regularly fetching some megabytes of software behind the user's back just isn't doable. (Doesn't mean we should not do it for desktop, but it does mean we'll always have a long tail of users with outdated versions.)
Hallvord's point was that Opera is a cross-platform browser, probably available for more platforms than any other browser, and that automatic updates may not be without problems on some of those platforms (sometimes even impossible). It doesn't mean that it shouldn't be done on desktop, but it does mean that the problem is more complicated for true cross-platform browsers.
He never suggested that automatic updates on a desktop computer was a bad idea. That is simply taking what he said out of context. In fact, he clearly says at the start of his blog post:
I do in particular share the request for automatic updates
It should also be noted that his comment on automatic updates was also a small part of a blog post which was actually about security disclosure.
You also claim that more than one Opera employee (although the opinions of individual Opera employees do not necessarily reflect the company's official position) said that it didn't make sense. Care to cite your sources?
Posted by: haavard | December 11, 2008 3:34 AM
@foXtensor
"Oh, yes, this is one reason which I don't install Opera in my PC. I used for testing, but each time I executed Opera, a window announced me about another update that I must download..."
I guess Firefox doesn't have any updates at all then. Pretty sad if they leave security holes open and never issue any security updates.
What do automatic updates have to do with the frequency of updates, exactly? And is it OK for Firefox to have "another update" but not Opera?
Posted by: fanboi | December 11, 2008 5:54 AM
fanboi: the difference is simply that with Opera you had to go download and install it yourself. Not just click a single button and go on with life, as with Firefox.
Posted by: Stifu | December 11, 2008 8:08 AM
Karellen: I agree that this should be below the user level if possible. Windows does this for the applications it ships with (Windows Update), but it doesn't offer any way for third parties to hook into this system that I'm aware.
On Linux, Opera will use apt where available by placing opera.list in /etc/apt/sources.list.d/. We're investigating adding something similar for RPM based systems, but a problem there is that there are so many different solutions for that package format.
Posted by: Toman | December 12, 2008 2:43 AM
I suppose a big factor for not having an Autoupdate in Opera, is it's the browser that least needs it.
Opera has a pretty much splotless record of browser security compared to Mozilla and Microsofts products, which have more security holes than swiss cheese. It seems likes there is a Firefox update or a IE Critical Update every week, but the last time I remember a critical Opera flaw was quite some time ago.
Still autoupdating is a welcome addition, even if it's later than everyone else. It seems to me their focus was on innovating the browser with useful things liek Speed Dial, Mouse Gestures, Tabbed Browsing and the like. (all the things the competition have since ripped off).
Posted by: Mark | May 22, 2009 12:58 AM
Oh, yes, this is one reason which I don't install Opera in my PC. I used for testing, but each time I executed Opera, a window announced me about another update that I must download...