Coffeehouse Thread

56 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Why is Windows Update HTTP/HTML based?

Back to Forum: Coffeehouse
  • User profile image
    W3bbo

    No, seriously.

    I know that the concept was started by marketing to push the "web applications are the future" paradigm in 1998, but still... in the end it's just a bad idea, and I'm not going to dwelve into reasons why.

    Whilst there's SMS and MOM and all that, but what's there for the home user?

    The Automatic Updates desktop client isn't anything compared to the features provided by the site.

    So why... just why, don't they produce a "rich client" app instead?

    At least that way you won't need to open Internet Explorer at all Big Smile

  • User profile image
    manickernel

    Probably 'cause the Microsoft ftp.exe is so sucky.

  • User profile image
    Manip

    Name three advantages a client application has over the web site with ActiveX control?

  • User profile image
    Jaz

    my mum can use it, why the need for an app which would confuse people.

  • User profile image
    Rossj

    Manip wrote:
    Name three advantages a client application has over the web site with ActiveX control?


    1. It runs when you have activex disabled.
    2. Security.
    3. Security.

    Okay so 2 and 3 are weak, but activex does have a reputation for not being secure (in general).

  • User profile image
    Manip

    You don't need to enable activex for all sites, just trusted ones.

    And yes, very weak.

  • User profile image
    PaoloM

    Rossj wrote:
    1. It runs when you have activex disabled.
    2. Security.
    3. Security.

    Okay so 2 and 3 are weak, but activex does have a reputation for not being secure (in general).

    But activex in itself is just an extension mechanism (based on standards) EXACTLY like the Firefox extension mechanism (that is proprietary).

    So, aren't you worried about running Firefox?

  • User profile image
    W3bbo

    PaoloM wrote:
    But activex in itself is just an extension mechanism (based on standards) EXACTLY like the Firefox extension mechanism (that is proprietary).

    So, aren't you worried about running Firefox?


    Erm... what?

    ActiveX is more propriety than XUL, for one... XUL is completely open-source, and it isn't restricted to a single program (it's already being implemented into other OSS apps along with Thunderbird, Sunbird, and Firefox), how can XUL be considered propriety at all?

  • User profile image
    geekling

    Mozilla is the only vendor who has implemented XUL, for one. You can't use it without the GRE; thus, for the moment, it is proprietary to Mozilla.

  • User profile image
    W3bbo

    geekling wrote:
    Mozilla is the only vendor who has implemented XUL, for one. You can't use it without the GRE; thus, for the moment, it is proprietary to Mozilla.


    Well no....

    GRE is available freely, including the source
    Ditto the XUL standard and the parsers

    So how does that make it propriety? By being open-source, It's an inherent open standard.

  • User profile image
    AndyC

    W3bbo wrote:

    So how does that make it propriety? By being open-source, It's an inherent open standard.


    As is COM and hence, by definition, ActiveX.

    It's only proprietary in the sense that only a single vendor has chosen to implement it. XUL is no different in this respect.

  • User profile image
    Sven Groot

    Before we turn this completely into an XUL vs. ActiveX battle, I'd like to point an advantage of the current approach.

    For one thing, it is simple to ensure that everybody uses the latest version. Once a new version is deployed, everybody will use it, because the old version is gone. It also makes it possible for the programmers to make small changes (changes that do not require modification of the ActiveX control) without having to distribute new clients to everyone.

    Security is not really true, since it'd be just as easy to mimick a client application as it is a website. Just send a mail around purporting to be Microsoft that says they need to install a "new version" of the update software, and you'd have the same problem that now exists with the Australian site. Except that once a fake update app is out there, it'll be much more difficult to stop than now, as now they just had to take the one server down.

    The updates would still need to come from the Internet, so it would do nothing to stop someone spoofing the Windows Update download servers with a DNS attack, but fortunately WU and AU already take steps to ensure the authenticity of the downloaded updates.

  • User profile image
    geekling

    AndyC wrote:

    As is COM and hence, by definition, ActiveX.

    It's only proprietary in the sense that only a single vendor has chosen to implement it. XUL is no different in this respect.


    That's what I was going to say!

  • User profile image
    figuerres

    Back to the topic:

    yes the update system is based on an old idea.

    and I do think a "smart client" for updates could have some nice upside to it.

    I think the updates are sent down the pipe via BITS if I am right..

    the ActiveX client bit is just some code that could be in a .net package and perhaps a reg-free com package for the deep C/C++ bits.

    I bet one could build the app and bolt-on to the current windows update system...

    can you plug the Ax controll into .Net and get the interface to run??

    I will guess that the bulk of the html is client side templates; that the server returns a form of manifest that lists new files based on an ID from the client.

    then offer them and or apply them as you wish.

    BITS API ++ the Ax control should allow you to pull down the files, and I think they are just .msi files run in silent mode.

  • User profile image
    Minh

    Manip wrote:
    Name three advantages a client application has over the web site with ActiveX control?
    iTunes vs. MSN Music

    or

    1. Better overall UI experience
    2. Non-admin users cannot install ActiveX controls
    3. Writing a rich app is as easy (if not easier than) HTML + ActiveX control
    4. 20 million copies of FireFox

  • User profile image
    Tom Servo

    W3bbo wrote:
    So how does that make it propriety? By being open-source, It's an inherent open standard.

    Generic Forum Image

  • User profile image
    W3bbo

    Minh wrote:

    1. Better overall UI experience
    2. Non-admin users cannot install ActiveX controls
    3. Writing a rich app is as easy (if not easier than) HTML + ActiveX control
    4. 20 million copies of FireFox


    Devil's advocate here... but Non-Admin users can run pre-installed ActiveX controls and cannot install new applications.

    And I beg to differ on the HTML/ActiveX bit... I find working with XHTML+CSS much easier than Windows Forms, although it's probably just the way the Forms Designer IDE works (which has a lot of room for improvement)

    Nearly 30,000,000 Firefox downloads and 50,000,000 supposed installations now

  • User profile image
    AndyC

    Minh wrote:


    1. Better overall UI experience
    2. Non-admin users cannot install ActiveX controls
    3. Writing a rich app is as easy (if not easier than) HTML + ActiveX control
    4. 20 million copies of FireFox


    1. Maybe true for some apps but we're talking about selecting from a list of updates here and the web is as capable as a rich client for something that simple. Indeed I'd argue that for most people the AU client as a better UI overall.

    2. For installing security updates that isn't a bad thing. You wouldn't want non-admins to be able to update kernel code, would you?

    3. Microsoft apparently don't think so in this case, or they'd have done things differently. Certainly it's easier to update a web site than several million rich clients.

    4. Every Windows user has access to IE, so I don't see that as a big issue. If you replaced WU with a rich app they'd still have to run some Microsoft app rather than firefox in order to update, wouldn't they?

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.