Software updates: a first class citizen

Even big companies like GitHub have difficulty implementing a correct “update” feature (2 years work in progress).

I believe I have never seen a proper implementation of a software’s online and auto-update / upgrade feature. They all have one or more of the following problems:

  1. It’s enabled by default (ex: SyncThing), so an unsuspecting user can suddenly have their software changed right under their nose, without their knowledge.
  2. The update settings and “update”, “check now”, or “check for updates” buttons are deeply hidden in the software. Sometimes they’re in the “About” menu, other times in “Settings”, or more frustratingly in the “Preferences->Advanced->Update” menu (ex: Firefox).
  3. Automatic updating/checking can’t always be disabled, or if it can, it’s not immediately obvious how to do it (ex: Chrome).
  4. The update process secretly sends telemetry, analytics, and who knows what other data to the update server (ex: all of the above).
  5. The update process is extremely slow and often must not be interrupted.
  6. The end-user has no idea what’s happening behind the scenes during the update.
  7. The update can’t be done manually, offline.
  8. Automatic updates occur while the end-user is using the application. It interrupts their workflow and is poorly timed.

The reason for this

I’ve come to believe the primary reason for this is updating the software is an afterthought. Naturally, it would contain one or more of those flaws.

A first class citizen

What if, for a moment, we all decided to identify our software update process as a first class citizen - an integral part of our application: to be clear, well documented, simple, private, possibly offline, interruptible, and fail-proof?

With Jidoteki, that has been part of our plan from the start. We’ve successfully done that with our offline update process, and today we’re presenting our approach for online updates as well.

Our approach

image

Looking at the screenshot above, we see three things:

  1. The “Update” button is not hidden, but is part of the main menu, and leads to a dedicated Update section.
  2. Update checks are only performed when the “Check now” button is clicked. Checks are not enabled by default and don’t occur automatically when entering the Update section.
  3. The Update section displays the current software version, and a summarized log of update activity.

This allows the end-user to control if and when they want to check for updates. There’s no bouncing number or nags which notify them of pending updates.

image

In the above screenshot, we note the following:

  1. An “Update now” button appears, which is different from “Check now”. Clicking “Check now” should not perform the update. That should happen in another step once the end-user confirmed they want to apply the available updates.
  2. The list of available updates is displayed, with downloadable links to the individual updates, the file size, the hash of the file, version, and release notes / changelog for the end-user to read/download. We use signed, encrypted, binary deltas for updates, to save on network bandwidth and storage, and to ensure the security and integrity of each file.

The end-user can decide on their own if they want to use the online update process, or if they prefer to manually download the updates and apply them at their own convenience. It also allows the end-user to review the changes before they are applied. 

image

Clicking the “Update now” button does not send any private data to the update server. It should be a simple HTTPS GET request to fetch a list of available updates. It is acceptable to modify the URL based on the version/platform/architecture of the software (ex: /linux/x86_64/6.0/).

In the screenshot above, we highlight:

  1. The update status is displayed with a real percentage of the current and pending work.
  2. The “Stop now” button provides the ability to interrupt the process at any time, without leaving the system or software in an unknown state.
  3. Once again, the log is updated with details regarding the update process.

Before and after

This software update process is sane, and represents a real implementation which gives privacy and control back to the end-user. Compared with existing software’s update process, this requires merely a few changes to the UI and functionality, and could greatly improve the experience of keeping software up-to-date.

We strongly encourage people to turn off auto-updating by default. I understand the rationale of thinking “if it’s off by default, nobody will ever update”. Well, if your update process can correctly handle outdated versions, then that’s not actually a problem. It also becomes much easier for end-users to perform updates when the “Update” button is prominently displayed in the UI.

Soon to be open sourced

We couldn’t tell you all of this without making the source code available as well. For the moment we’ve only implemented this update feature in Jidometa, but we’ll soon be adding it to the open source Jidoteki Admin API & Dashboard. Stay tuned for that.

As always, our customers are first to get these new features and improvements. If you’re interesting in shipping on-premises software, and want to provide the absolute best and most professional experience to your enterprise customers, feel free to contact us so we can discuss your requirements.