Comments for Perspective Is Not A Liquid Asset May 5, 2009 I'm interested to know if the "System administrator for large organizations" case really should be treated differently. I think for many admins, the risk of being sacked as a result of breaking something outweighs the risk of being sacked from a security breach. The security breach is easier to blame on someone else. I'm of the belief that 'undo' is a better model. http://directwebremoting.org/blog/joe/2009/02/04/undoable_silent_autoupdate.html (Aaron's point about making access to user data harder is a true, but surmountable problem, and a price that is worth paying to keep the maximum number of people on the latest version.) Sorry, Glen. Updated now. = \ mikeal: I'm not so sure about that...being open source lets a small group of people determine if something is good or not, but it doesn't automatically create a motivation for those people to go and dig in and spend their time doing so. The white lie of Open Source is that while many eyes may make all bugs shallow, most eyes are worthless (have zero bug-finding value) and that the ones that are valuable are much more likely to look if there is some benefit to them for doing so. As someone who builds OSS software for a living, I don't know that I could distinguish a "good" update from a "bad" update via any mechanism other than the one employed by OSS software updates: does it hurt the canary users? If not, it's likely safe. There's more to the evil/non-evil decisions in Chrome than the decision to release source, and I think there's real room here for closed source products to benefit from the same mechanism. They might need to work harder to build the trust required to make the auto-updater a good idea, but that's just down to building a good product. No development model has a monopoly on that. Regards I think this system *only* works when the product is open source. I have an immediate objection to blindly installing binary blobs of closed source software regardless of who the publisher is. I can't count the number of times Microsoft security updates have introduced additional security problems. This is why so many large organizations dislike this model. What makes me really love what Chrome has done is that it's open source and you can easily turn it off the updater. But it defaults to a model of increased security and, for those that care, transparency is offered to the updates through viewing the source. SPELLING!