Apple, in all their presumptuousness, has now pushed iOS 7.0.3 to both my iPhone and my iPad. I have not yet installed iOS 7 at all, nor do I want to. It’s ugly, it breaks with my muscle-memory conventions, and frankly I have no need for it. But there it sits anyway, consuming precious storage and trying to goad me into installation with the big red circle sitting atop the “Settings” icon.
Another red badge on my home screen is the number of apps on my phone with available updates. Currently, it reads 105. iOS 7 brings the promise of auto-updating my apps, so I never have to see this badge again. But for now it sits, like the world’s slowest odometer showing me exactly how obsolete I am becoming.
I find myself wondering whether all of this auto-updating is a good thing or not. Ironically, WordPress has just released version 3.7 which brings with it the promise of, wait for it… auto-updates. But are all these auto-updates a good thing? Maybe, but they require a degree of trust that I may not have.
(And here, a quick distinction must be made: with 3.7, WordPress automatic updates apply to minor and/or security revisions to core only, but expanding to major core versions as well as theme and plugin updates may come in the future.)
Certainly, I don’t trust Apple, who let’s be honest has had a history of pushing out unpolished first releases of operating systems. iOS 7.0.0 drained battery life and made people motion sick. The recently released version 7.0.3 fixes some of those problems, but it took 3 dot-releases to do so.
I definitely don’t trust app developers. There have been many instances throughout the history of software where a much-heralded update to an app brought with it unwelcome changes to the user interface, aesthetics, and — most importantly — functionality. An update to Path scraped everyone’s contact book and sent out spam to your friends. Apps I use on a daily basis, such as GroceryIQ and Pandora, updated to match iOS 7’s look and feel, which as I mentioned I don’t like but now I’m stuck with on those apps, and why I’m not downloading any more app updates.
I absolutely don’t have trust for WordPress plugin developers (aside from a select few who have earned a solid reputation in the WordPress community). Social Media Widget, a popular plugin for displaying your social media contacts in your WordPress sidebar, released an update that contained code that injected spam into your website (the plugin has since been updated again to remove the offending code). Thousands of users blindly updated the plugin on their site and became vulnerable to a malicious coder’s hack, all with the push of a button. (Full disclosure, I use Social Media Widget on this site, but never fell prey to the malicious version because I hadn’t updated my plugin out of sheer laziness.)
Problems don’t have to be malicious. NextGEN Gallery, a WordPress plugin for displaying photo galleries, has taken a lot of heat for updates to its plugin that were buggy and made the plugin unusable for many.
Who do I trust, then? It’s hard to say. I have trust, to a certain level, for the WordPress core development team. I’ve met many of them, call a few of them my friends, and know that they’re some of the smartest and most passionate people out there when it comes to releasing secure, solid software. But still, they’re human, and humans make mistakes. Whether it’s a design direction I don’t agree with, or a missed snippet of code that could possibly open the door to malicious attacks, problems are possible with every release.
When you set software up to auto-update itself, you’re losing the benefit of waiting for others to find, identify, and solve potential problems. I realize, however, that this is a Catch-22: That I’m relying on the same kind of “herd immunity” that lets some parents think that they don’t have to vaccinate their own kids, so long as all the other kids in the community are vaccinated and hence won’t spread the chicken pox, or mumps, or what have you.
Are we one step closer to a Skynet future where machines self-replicate themselves to the point of sentience and global domination? Probably not. But there was once a time where I could happily not update a piece of software or an operating system and not feel like I was being hounded into updating. I think those days are gone, and it makes me uneasy.
(And for the record, I haven’t upgraded to Mavericks yet either.)
With the new automatic updater framework in WordPress 3.7, the WordPress lead development team could opt to push out a fix to forcibly update all sites running a borked or malicious version of NextGEN Gallery or Social Media Widget. Sometimes, auto updates can inspire confidence and build trust, not damage them.