It's time to update the software update process

A call for a radical new protocol for updating software.

Yes, your digital life is about to be upended. As an industry, we have learned nothing. Again. As coders might say in the ancient language of dBaseIII: set blood to boil.

We used to beg for patches and fixes. We hoped for a long-term patch life for our expensive and well-patched and stable stuff. We were happy when Patch Tuesday made us feel, perhaps nihilistically, that we were safe for another week, perhaps month, until something else gruesome came along that attempted to eat our systems into dismay.

Patches and fixes were kind of working, and yes, a larger and larger group of us have come to depend on them, so as not to have our lunch eaten. These software updates used to be the only way to keep yourself safe—if and when vendors would release them, sometimes long after a problem arose. Software vendors finally got the message. Then they added churl and boorishness.

Over the past weekend, these things happened within my local circle of geeks, and perhaps also happened to you:

  • In the middle of the night, your phone sounds, and wakes you up as though you'd set an alarm, but it's only 2 am. Verizon has pushed an unauthorized update to you.
  • Suddenly, your Windows 8.1 hard drive fills. Microsoft has pushed an entire OS upgrade to your tablet (see coverage in InfoWorld last week).
  • An icon fills blinks endlessly as Apple hounds you ceaselessly to update to an iPhoto version that it can't deliver, after weeks of hounding you to upgrade to El Capitan.
  • Suddenly iOS 9 is waiting on your iPhone, apps work wonkily, and your memory allocation—already bulging and not upgradeable—is near peak.
  • You go to the office. Windows update has now placed advertising on your Start Menu. Stuff is smiling at you, and your ancient printer no longer works.

Enter a new sensation: Fear.

It's become the era of The Big Update. Swallow this now. No rhyme, no reason, please re-invent every update mechanism entirely from scratch. Please make every update completely different from everyone else's because they weren't invented here, and therefore, must be wholly stupid and are to be laughed at with glee. Apple does it one way, SUSE another, Microsoft still another, hope you love Ubuntu automatic updates, and heaven help you if you use Samsung Kies, which will install barrages of kit you long ago scraped from your phone with an air chisel.

Still, there's an ancient problem with users and administrators doing updates. They don't do it. Systems get infected, then do real harm. The long list of who forgot isn't necessary here. My blog last week as regards an IoT teapot is case in point.

What we lack is a rigorous methodology in this industry to force and vet updates that are needed to devices, and render them totally dead until the damn things are updated. That's right: Take them out. They quit. Give a 24-hour alarm bell that they're going down, because Dufus McDense didn't press the magic button that makes their device(s) swallow the updates/patches/fixes for bad behavior that the vendor didn't think about in version 1.0, or even

Server, workstation, AP, router, IoThingie, Ford/Tesla/Whatever, it's a No-Go until it's vetted for updates. Period. Call it the NoBoneHead Protocol. Then start using network access protocols to deny entry to devices. That's right, even your phone.

No Entry unless updated. Think about it.

Any device that connects to the Internet can be cracked. So, a five-year life must be demanded for devices to be updated, or they can't be sold, period.

Then, and only then, can we raise all boats by a protocol that makes devices tolerable and upgradeable in the field.

Incumbent on each and every vendor is to avoid succumbing to the temptation of adding advertising, tracking, and other privacy viruses into devices. No extra data. No upgrades to new versions of their ostensibly “free” operating systems unless the user tacitly agrees to this in type that any normal person can read, so that users have full knowledge that they've chosen the miserable option of still more advertising.

Hey—charge me for the damn upgrades if they can come bereft of some insane advertising model that somehow underwrites your cost. If you can't do that, notify me in advance. If you have the unmitigated gall to attempt to track me for any reason, you have to notify me in advance, and allow me to thoroughly opt out and you can't lie about this.

I'll take the push updates, Mr./Ms. Vendor. You have to be honest about what you're doing….. and if you deliver it to my phone at 2 am, be prepared to be an ex-vendor after I return the shards of the destroyed device thrown against the wall when you wake me up for such nonsense.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)