Thoughts On Microsoft Auto-Updates

I’m a fan of auto-updates. I like being up to date, hell, I like being overly up to date and skating out on the bleeding edge of software. I also like security. This is why I’m a fan of Microsoft’s decision to put a better auto-update into Windows XP Service Pack 2. Basically when security problems arise, and MS fixes them, your computer checks daily/weekly for these, downloads and applies them in the background. No more asking that neighbor that always wonders why their computer is screwed up if they’ve applied the latest updates anymore. Well, leaving out the part where they either have to get a system with xpsp2 installed (it’s a couple of years old now though) or you have to go over there and set it up.

Long story short, I’m a fan of this.

I’m not a fan of rebooting however.

When XP was announced one of the big things that was announced was that the number of events requiring a reboot had reduced from [big number] to [slightly smaller number] (from 80 to 40 or 40 to 20 or something like that). It’s true now that you don’t have to reboot nearly as often, except is seems with security updates. Actually it’s not even that that bugs me, I understand that sometimes you want a fresh start for programs and whatnot, and because of this you need the system rebooted, especially for security. What bothers me is that I can’t not reboot. More below….

Sometimes I’m not able to or simply don’t want to, but if a security update has been downloaded I get a little window popping up every now and then asking if I want to reboot now or later. The problems with this is:

  • You can’t stop it coming up (probably there is some process you can kill that I don’t know about)
  • It comes up as a focused window with the “reboot now” button as the focused object, meaning if you’re typing when it comes up and you happen to hit the spacebar or enter, hey look, you’re rebooting!
  • It can be sent away, but not for long enough, it seems to pop back up in another 5 or 10 minutes. I’d like to say “ask again tomorrow” or “ask again in 2 hours”.
  • After a while of not being told not to reboot, it’ll helpfully reboot for you.

My bigger bitch is that there is a huge potential for data loss. Lets say an update is installed during the day and you’re busy and don’t reboot, hitting the ‘later’ button every 10 minutes (or if you’ve set it to check late at night you might not even see this part of it). You leave your computer and your files open when you go home and over night the computer helpfully reboots for you.

Bye bye changes to documents. Bye bye anything you’re doing in a terminal session on a remote computer. Bye bye unsaved documents. When you come back in the morning you just have a helpful little bubble telling you the computer was rebooted.

When it Happens to You
Far fetched? Hardly. This happened to me about a week ago. I was going to work at home the next day so I left things open as they were as I knew I’d need things as they were (several terminal sessions open to various computers, documents I’m working on open, tec) because I knew I could login to my worksation from work. The next morning I go to do just that and get nothing but a blank screen when I RDP in. After a while working to figure out what is going on, and finding out I did actually need to get onto my own computer if I was to do any effective work that day, I gave up and drove into work.

Luckily I only live about 10 minutes away from work, so it’s not as big a deal as it would have been if I had been say, driving an hour or two into downtown.

I arrive at work and find a windows shutdown screen with some random BSOD-type message displaying. Ugh. Clicky-Clicky, hit the power button a couple of times, and I’m back up again, with a nice little bubble telling me my computer was recently updated.

No worse for wear, except I lost all the sessions I had open. And the changes to my documents. Oh, and a couple of hours of work into one document was gone for some reason as the file was blank, and the backup file that appeared to be there was just garbage. No, not a new, unsaved document, something saved at least once or twice. Again I was lucky it wasn’t a huge amount of work, basically a single page document. Still, easily avoided if my computer had not decided to reboot itself on purpose.

My Oops With My Linux Server
These errors aren’t unique to Windows though. Just today I updated the kernel on my fileserver and rebooted, and when the system didn’t come back up I had to attach a monitor to it and found a message saying that my system didn’t support either UDev or DevFS and I could either continue or fix things. I had updated an older kernel (2.6.11) which supported DevFS to one that didn’t (2.6.14) and had forgotten to install the UDev package.

The solution in this case was easy, reboot back to my older kernel, install udev, and reboot back to the new kernel. Pretty lucky that I was sitting right here watching things when I rebooted, because I’d sure hate to have a server reboot when I didn’t want it to. Oh wait, that’s what Windows with it’s auto-update does!

So why are these reboots actually needed? Windows doesn’t need them for everything…. I can install the latest DirectX without rebooting, but I can’t install an update to the media player or internet browser without rebooting. Security updates seem to require a reboot no matter how small or big they are.

Personally I think that this is because of a limitation in the Windows filesystem which is the same limitation that DOS had, which is that you can’t delete or change a file that’s open. Unix doesn’t have this issue. I can completely update any file on a running Unix system without the need to reboot to have the file get put into place. This means everything from the base libraries to running services, anything except the OS kernel.

This isn’t always good, because you have to remember to restart services that have changed, though this is generally handled by the pre and post install scripts. You do have to be careful though. It also means I can delete huge log files without having to stop the services that are using them.

Not Everyone Agrees With Me
I’ve talked at length with Dana about this and we don’t see eye to eye on this 🙂 He sees this as a feature, I see it as a bug. I just want to not have to stop a server to delete a logfile, which he sees as the system honoring an exclusive lock on the file. YMMV.

I have to play around in C under Unix to see what happens if you open a file with an exclusive lock and see how the system reacts to see if it plays by the rules. I have a feeling that in this respect Linux plays the same as windows…. if the program has been written to check and honor locks it works, if it’s been written to ignore them, well, it ignores them (case in point wordpad vs. notepad opening an open log file….. wordpad won’t, notepad will).