Jacques Mattheij

Technology, Coding and Business

My Friends the Complot Theory Believers

I have friends from all walks of life. Most of them are smart and skilled. Some of them believe the most outrageous things. For instance, there is this one couple that I know that refuse to believe in 911 on odd days and on even days they will go to great lengths to push their theories that it was all make believe, that it never happened and that if it did happen it was all special effects. Nothing, and I really mean nothing, will ever get them to change their minds on this.

Abbie Richards has created a helpful little diagram to allow you to place yourself - and others - on a spectrum going from grounded in reality on one end to detached from reality on the other. My friends are well on the way to ‘detached from reality’, if they aren’t already there. The interesting bit - to me - is that in regular life they are doing just fine. They have their own business, make good money, they vote. And they believe and propagate absolute bullshit.

This is a problem. Not just because they are my friends - well, that too is a bit problematic - but it creates fertile soil for other bullshit to grow in. The whole thing goes back to the time just after 911 when speculation was rife with who did it. Even though there were plenty of indications who did it of course like any big media event (the moon landings, the JFK assassination and so on) there are always details that are less than clear. And into this lack of clarity the wedge of speculation is driven with relentless energy by a few compassionate souls. A few? You’d hope. But unfortunately, also unfortunately for them, my friends are not alone. They’ve found like-minded souls all over the world who will help them to persist in their beliefs, and who in fact make things worse. Much worse.

To the point that my friends are - unfortunately - no longer my friends. They have become so totally ensnared in this web of complot theory adherents that it has become impossible to have a normal conversation with them about anything. It has affected their business, and it is starting affect their health. They are wondering why I can’t see what they see. I am wondering why they, who are obviously intelligent, could stray so far from the path of science and objective reality. But when it happens one step at the time and when ordinary people start tuning you out eventually all this is left is the in-group that will still accept you, and from there on in it gets worse in a hurry.

For now they are only a danger to themselves. But it probably wouldn’t take much to put them on the path to being a danger to others as well, for now they are mostly active online and in real life only by trying to convince others to join them in their madness. I can see some parallels with impressionable youngsters that are radicalized to attack our societies. They too believe - and probably with better reasons - that the world is out to get them. Their radicalization follows a similar path. And they too are a danger to themselves and likely to others.

How many of these people there are I have absolutely no idea. But after Snowden it has become a lot harder to argue that someone is a conspiracy nut case. After all, that’s exactly what the people who wouldn’t stop about the degree to which our lives are being spied on were labelled as. And then Edward Snowden proved them all right, and in fact, in many cases showed that things were much worse than even the most die hard alu-foil wearing mad hatter had predicated.

How far does this rabbit hole go down? To be honest, I have no idea. But apparently there are plenty of people who believe that ‘Pizzagate’ is real, that Donald Trump won the 2020 elections and that they and only they are able to stop the coming of the anti-christ.

It’s a vicious cycle. Start off with one idea based on whatever you think you know something about that doesn’t mesh with what you read in the newspaper or see on TV, and a couple of years later (19 in this case) and both you and your spouse are ready for the funny farm. It’s been painful to watch this, even from afar. Such incredibly smart and talented people, how could they get so lost? And if they could get lost like that, what’s to stop me from getting lost in a similar way? Or you, the reader, for that matter.

Because quite likely all of us have some angle where sufficient applied stress will cause us to depart from reality as we know it into the twilight zone of half truths and outright lies. Once your calibration is off on one subject that can be used against you to break you away further and further. And we are not trained on how to arm ourselves against this at all. In fact, quite a lot of our upbringing goes the other way, we are conditioned to respect authority, to believe lots of stuff uncritically. For the most part all of that is benign and to our benefit. But once those very powerful levers are corrupted it is pretty easy to manipulate people into believing outrageous lies and to sometimes even act on those beliefs, in some cases with disastrous consequences.

I’m not sure what to do about this. I’ve given up on my friends, fully realizing that that makes their situation worse. But I just can’t deal with the degree to which they have slid off into the abyss, it is too hard to watch, remembering them as they were seems to be the easy way out. For those two there are probably 100’s of thousands if not millions (more?) of others who are equally detached from reality. They still vote, they are probably a relatively small step away from acting on their beliefs. It’s a powderkeg waiting for the right match to be thrown in. Too bad we don’t have a way to detoxify our brains from factually wrong information.

Pianojacq, an easy way to learn to play the piano

I’m pretty sure that the hardest choice in my life to date has been the one between my two loves: music on the hand and computer programming on the other. The programming won out, I figured it would be a much more lucrative field to pursue a career in, besides it was a much better match for my talents. From the age of 5-8 I did violin lessons and hated every moment of it. Then from 8-10 I did piano, and hated that about as much. At 17 at the insistence of a friend (hi M.) I bought a saxophone because I loved the sound of it and learned how to play. No note reading involved, just playing along with music that I liked and I had enless fun with it. Due a complication stemming from a double pneumonia I ended up having to give it up but it gave a lot of satisfaction. Then I tried the flute for a bit but it did not give me the same feeling.

Learning how to play an instrument is an exercise in frustration, especially in the beginning. There is so much beautiful music and yet, you can’t play any of it. But it need not be that way. What if you could come up with a way to gradually learn how to play while still making nice music in the process?

Kids - today, but in the past probably just as much - are living in a world of very powerful temptations. Video games honed to be super addictive and all kinds of other distractions compete with homework and the acquisition of other skills. I’ve got a couple of those and while they are pretty clever the degree to which they are glued to their computers (and tablets) worries me. Yes, I try to be a responsible parent but it isn’t always easy to win that argument, especially not because my own days are spent in front of the computer professionally.

When COVID-19 hit I decided to re-kindle my love for making music. Piano again, but this time because I wanted it, not because of pressure from the outside and in my own way, and on my own, focusing on making music rather than the ‘boring parts’, I figured if I can stay interested that will one day come as well. So far so good. Now, six months later and with the help of various software tools I’m getting better at playing and reading notes. These tools left me feeling they could be improved upon. There is a lot of software out there that helps you play, I found one called ‘Pianobooster’ that I liked a lot. But it too had its shortcomings. So I decided to make a much updated version of it, running in the browser and with a bunch of modifications to the ui (the code is all new) to form the engine of a keyboard teaching suite. Today I’m happy to announce that it is now finished to the point where it is hopefully already useful to others.

Here an early beta version of it is used by one of my sons (Luca):

To give some context, normally you can’t get Luca away from his video games with a crowbar. After being given access to the software and the score of one of his favorite pieces of music (Alan Walker’s ‘Faded’) he went from not being able to read notes at all to being able to play along with it in the space of a few days. On one of these he was at the keyboard for five hours at a stretch to practice. Obviously, his technique needs (a lot of) work and it is only the right hand part but (1) he’s having fun doing it and (2) there is a lot of progress. A colleague of mine in Poland who collaborated on this project (Radek) had a similar experience with his son (only they did the Minecraft theme).

The way the software works is very simple: you find a midi file of the piece that you want to practice, upload it into the software and you’re off the races. Having a midi capable keyboard is a must (and a nice screen certainly helps). Unfortunately, because Mozilla is too busy improving the world instead of their browser and WebMIDI is not supported on Firefox you have to use Chrome otherwise it won’t work. There are still some obvious shortcomings: rests are not dealt with at all yet, and the score rendering can definitely be improved in many places. But the start is there and if it is useful for us then it may be useful to you. We’ve had some very early beta testers and I would really like to thank them for their contributions and bug reports, without them this would not be at the state of polish and functionality that it is. The software does not require a service, subscription or account to be created, all of the data is stored on your local computer.

Having a half decent midi file of the piece that you want to practice is a must, there are many sources for such midi files, we’ve built in three simple test files into the software so you have something to start with, but if you want more than that you will have to add the files yourself (which is trivial, using the interface in the software).

So, if you have a midi capable keyboard laying around and you want to improve your piano playing skills, head on over to PianoJacq.com, which is our working title for the testbed of the engine. In time we will build a much more complete service around it but for now it should already be useful enough to be exposed to a larger audience and to give people the opportunity to help shape it with us. In that light: feature requests, bug reports, any kind of feedback, both positive and negative is much appreciated. Enjoy!, Jacques Mattheij, Radek Korbecki & Andrew Fiorillo.

COVID-19 Round 2 is Here

If you’ve been following the news you probably are aware that the number of people that test positive for COVID-19 is rapidly rising. As most people that know a bit about historical pandemics have warned about. The ‘second wave’ is a fairly typical thing with respiratory diseases because during the summer month these are usually at a disadvantage. People are at the peak of their resistance, more outdoors and the moisture conditions in the air do not favor transmission. UV light tends to damage the genetic material of viruses, which are particularly sensitive to that. And so in the summer the number of virus infection cases drops and the number of dead and hospitalized people will also go down.

But that’s not reason to become complacent and doing so would be a very grave mistake. Let me explain why. First of all, the virus is now well established. When in January of this year it had to start from near zero it is now very well established in our population, there are more than a million people that are contagious right now, compared to a handful in January. This head start means that the ramp-up will be extremely quick. Just how quick we do not know but chances are that in three weeks time we will be looking at a sitution much worse than it is today. There is already some evidence for this. The virus also has a good 6 to 7 months ahead of it to do its work instead of only 3 for most of the world in January. That translates into many more chances of infecting people. The daily number of dead is low right now because the dead typically lag the infections by anywhere from two to six weeks, though it has already been shown that COVID-19 can kill rapidly it does not necessarily do that, and as ICU capacity is still able to absorb the gravely ill it will reduce the number of dead considerably. Once that is exceeded though it will flip instantly from being just ‘bad’ to very serious indeed.

And finally, and most importantly: people are sick and tired of all the anti COVID-19 measures and are more than happy to stick their heads in the sand and wish for it all to go away. The political arena is - again - filled with talk about whether or not we should choose for our health or the economy. Let me make something very plain here: it is not a choice between the health on the one side and the economy on the other. COVID-19 will continue to hurt us economically until there is a vaccin or we get our act together and decide to deal with it frontally. The damage to our health is the part that is - in principle - optional, or at least, a good part of it.

But you can’t choose to have great health and a good economy. You can’t choose to have a good economy and have a lot of people die because the disease will have its financial impact either way. So the whole idea that there is a choice here is abject nonsense, we are going to hit some pretty hard times in the next couple of months and come April next year there will be a different world. Unfortunately, only very few statesmen and women today are good at managing a crisis. They are excellent captains for seeing the boat through many years of fair weather. They do not know - nor should we expect of them, after all they’ve had little or no possibility to train for this - how to manage a crisis of these proportions. Their concern for their image, popularity and chances for re-election are more of a concern than simply doing what it takes to get this behind us.

There are some exceptions. New Zealand, Finland, Western Australia and the Baltics still stand out as examples of how we could have dealt with this. Unfortunately, those are a rarity and the fact that these countries internal mobility and external connectivity to the rest of the world are relatively low made it an easier problem for them to deal with. But regardless of the special circumstances, they did what they had to and they did so when it mattered.

We are now at a crucial point in time: any delay in strong countermeasures today will be reflected in the total body count at the end of this ride, and it is not just people dying that we should be worried about. COVID-19 has a fair chance of affecting you for much longer than that you are actually ill if you have a severe cases of it. And the really long term effects (as in decade+) won’t be known for many years so we are all guessing about what they could be, but if there are any they likely will not be good.

Reacting decisively, forcefully and without delay could make the difference between a disaster of epic proportions or something that we will barely remember in twenty years. Unfortuntely our current crop of politicians is more concerned with their image and chances for re-election than they are with the simple truth of the matter: this crisis is not going to be solved by talking about it or slow-walking it. Right now COVID-19 has shown to have the potential to kill one in 850 inhabitants (Belgium as the current worst sample case), and by the time this is over than number will likely be much higher. Fortunately almost all countries in the world are doing better than that today. The next six months will most likely be much worse than the preceding six months. Once - if, hopefully - we get to the point where the ICUs will be overrun again this could go very fast beyond our ability to control. If we fail to do that the body count will dwarf what has happened so far. I’m not saying that lightly.

Additional complications in the form of ‘covidiots’ (people who deny the virus is real, who will encourage others to take risks, who take part in large scale demonstrations and who in general seem to live in denial) are going to be a much bigger problem than they have been so far. Fringe political groups have found that by playing the ‘they are out to get us’ card that they are able to command much more attention than they were able to do so far with their more limited agendas (such as: fomenting racial hate and general subversion), as a result their numbers are swelling and people in larger groups are somehow always more stupid than each of them individually leading to some very predictable results. COVID-19 has been successfully hijacked by these groups who ultimately just want to use it to further their agendas. Be smart and realize that if you find yourself on the same side of some argument as the fringe groups that you are most likely being taken for a ride.

The same goes for the people who are systemically downplaying the risk because of ‘the economy’, as though the economy works in some kind of idealized vacuum instead of that we are all part of it. Then there are those who would like to emphasize that the economy being bad by itself causes increased mortality due to suicides and other side-effects. This is true, but not on a magnitude that comes even close to the primary effects of COVID-19, forget about the comparison if you include the secondary effects (for instance: overworked health care personnel and people that do not die right away but who are affected for a long time, possibly the rest of their lives). All these ‘reasonable voices’ do nothing to minimize the actual effect and could very well cause people who would otherwise take this more serious to get ill or lose their lives.

All in all we have a rough time ahead of us. The perfect storm, you could say. Within a six month period we are going to face the worst health crisis in the last century or so, a very tumultuous election in the United States (where, unfortunately COVID-19 is now a political football), Brexit (the exit of the UK from the European Union, in a nutshell a bunch of small fish trying to increase their apparent size by reducing the size of the pond, hurting their country and their economy in the process) and higher and higher tensions in Belarus, which could very easily cause a repeat performance of what happened in Ukraine.

“May you live in interesting times” never was a blessing, it always was a curse. We are living - for better or for worse - in very interesting times. Just how interesting we are to a very large extent in control of ourselves. Even if our governments fail us in their duty to decisively put an end to this we all can contribute. If you’re doing to make the argument that ‘the economy’ is more important than a couple of million lives: what if it is your life? Your parents’ life or your childs life? What if the economy will go down the drain anyway? If you don’t know then at least don’t make life harder for those that do take this serious and that are not going to stand idly by.

Keep in mind that this virus does not have legs to walk on or wings to fly with. We provide it, we hand carry it from one infected person to the next and we all contribute to this unless we actively work against that.

  • If you don’t have to go out, then don’t.
  • If you can avoid travel then do so. Contrary to popular belief there is no right to three holidays per year and holiday travellers are identified as a very large fraction of the ability of the virus to spread internationally.
  • If you have to travel do it in such a way that minimizes contact with others.
  • In general, until this crisis is over, minimize your contact with others.
  • If you can afford it: order your shopping to be delivered, supermarkets are a very nice place to spread from the point of view of the virus.
  • If you bring your kids to school or collect them (assuming schools will stay open) stay away from crowds of waiting parents, agree with your children where you will pick them up and let them walk the last 100 meters or so to school by themselves.
  • Avoid crowds of all kinds.
  • Don’t stand up close to other people if you can avoid it, distance is a very good way to stop the virus to move from one person to the next.
  • If it is possible: work from home. Offices are a very good place for exchange of viruses unless the building has been explicitly designed not to be (and they never are), as is public transport where you will be up close and personal with a few hundred people on every trip.
  • Wear a mask, when going out near others even if it isn’t perfect it will reduce transmission.
  • Wash your hands.
  • Don’t be manipulated by people who can’t wait to pull you down to their personal level of misery. For instance, I’ve been told that I am afraid and living in fear. That’s not the case, I guarantee it. I’m just a realist: this is an airborne virus that has shown a high enough mortality that it it concerns me and there is as of today no cure. It would be madness to invite this into my life if I can avoid it so I treat it like any other danger, I try to structure my life in such a way that I minimize my chances of getting it. Just like if I’m going to have to jump out of an airplane I’ll make sure to wear a parachute. Fear of falling is a different thing than fear of impact and no amount of peer pressure will make me give that up. As a result of my previous blog post on this subject I received a bunch of nastygrams and some really not cool hatemail. But I really could not care less. I’m not a shill for ‘big pharma’, don’t have anybody pay me because I’m an ‘influencer’ (what a term that is anyway), and don’t write this under a pseudonym. (If you are seriously doubting this please read the message at the end of this article carefully). This is not a hacked account, I’m a real person with a pretty broad interest part of which is biology and contagious diseases. If you are a layperson chances are that I’ll know more about this stuff than you do. If you are a virologist or epidemicist you are 100% sure to know more than I do. But in general I think that what is written here is going to be supported by the vast bulk of the people in the know out there. The few that are rowing against the stream on this will end up being found either geniuses or idiots, only time will tell. In the meantime, play it safe.
  • Remember: you don’t have to show symptoms to be contagious. Others don’t have to show symptoms to be contagious to you.
  • Ignore covidiots, if you have them in your family explain that they are welcome to accelerate their own demise but that you want to live and be healthy, and would like for yourself not to be a transport device for the virus and that as far as you are concerned they are part of the problem and definitely not part of the solution.
  • Better safe than sorry: every day the media are full of stories that are quite possibly true but that may have an agenda behind them. For instance, recently there was a big hoopla over air travel having never resulted in a known infection. Such stories, even though they give momentary relief from the daily litany of misery typically are not based in fact. Reduction to absurdity will show easily that they are nonsense, but they gain traction nonetheless. Just ignore them. Keep practicing the same simple set of rules and do your thing to reduce the virus’ ability to move around. Once the ‘all clear’ is given we will all be back to normal in no time but until then keep yourself and those you care for safe by reducing your chances of contracting the virus or becoming a part of the virus’ travel agency if you should get infected yourself. If and when there is a major development it will not be something that you will only hear about by one expert from a single country, it will be broadly carried and spread all over the planet. This is much too big an issue that you can expect some individual somewhere to have privileged information for very long.
  • A vaccine is being developed, in parallel by a lot of companies that are all fairly well positioned to get results. Even so, these are not magic potions. They will need to be tested properly and produced in quantity before they can have effect. Even today it is not guaranteed that a useful vaccine will be developed at all (sorry Russia, but I’m going to discount your contribution here on account of past performance when it comes to manipulating the public with figures and statements that later turned out to be absolutly false). When and if a vaccine is released that is both safe and with good results for those that are vaccinated producing it in quantity will take some time. In the intermediary period continuing to practice social distancing will be the most potent weapon we have against the virus.

Hopefully enough smart people taking this serious will be able to diminish the impact to the point that those that wish to pretend it doesn’t exist are more than balanced out. Other good news is that treatment protocols have advanced significantly and your chances of survival are now better than they were in March or April if you should contract the disease and develop a severe case requiring hospitalization or even a stay in the ICU. Still, you would not wish this virus on your worst enemy, and if you can avoid it then please do so.

And finally, if you are a COVID-19 denier or general complot theory adherent, or still think this is just another flu, I’d like you to take careful note of the following handy and short NHS approved guide which has world-wide applicability (by @gammonmag):

Letsencrypt, the Good, The bad and the Ugly

Letsencrypt is a pretty neat concept: free secure certificates for web servers, in order to increase the adoption of HTTPS across the web. The basic idea is that certificates should be free, that the barrier to install them should be as low as possible and that updating certificates should be automated. It protects this site and many 100’s of millions besides. The advantages are that in-flight data can no longer be easily snooped and that injection of data into pages is made either much harder or even impossible. From a security point of view it is a huge step forward.

The good

The project launched in April 2016 and has been a resounding success, meanwhile over 1 billion certificates have been issued. As with all such projects, after the initial launch the software was regularly updated in order to track the changing of the requirements but in essence the problem is a simple one: verify that the certificate request is valid by having the domain respond to a challenge and if it is to fetch a certificate from the letsencrypt.org servers and install it. So far so good.

For many institutions the ‘free’ part of the proposition was the secondary part. The main part - for instance for me - was that letsencrypt automated something that I would otherwise have to do once per year for the domains that are active: create and install a new certificate. A bit of a hassle, about 20 minutes per domain.

And this is where things are not looking all that good for Letsencrypt. Because that 20 minutes was more or less a fixed amount I knew that I was giving up a modicum of control for a small convenince, a rasonable trade-off.

The bad

The first time this bit me was when a while ago one of my servers suddenly refused to update its certificate. Somewhere someone has decided that Letsencrypt should auto-update even if absolutely nothing had been changed on the system that it was running on. And this automatic update completely and utterly destroyed the runtime environment on that computer, leading to its eventual re-imaging, something that should have never ever happened. I wrote the other day about why I absolutely loathe upgrading software, it’s like playing Russian roulette with 5 bullets and what you hope is a blank in a six shot revolver.

Unfortunately Letsencrypt is no exception to this: the upgrade process is bad enough, it tends to install a whole pile of cruft, whole python virtual environments are dragged in upon cert renewal, which is odd because after all *the situation hasn’t changed and if it worked last time it should still work this time*.

Then the challenge protocol was changed.

The ugly

I’m working on a new project. That new project requires a webserver on a new domain. My name server is running ‘mailinabox’ and has been happily humming away for the last two years. A new protocol for the letsencrypt challenges was released, announced in some obscure corner of the web and bit by bit the old method of issuing new certificates was deprecated. You would not have known this unless you interacted with Letsencrypt on a daily basis, but like most of these things their whole value lies in NOT having to interact with them all the time. They should just shut up, sit in a corner and do their bloody job.

Not so Letsencrypt. For the second time since I started using it Letsencrypt demanded to be center stage. Upon requesting a certificate for my brand-spanking-new domain I was greeted by some ridiculously obscure error message which then led me down a rabbit hole of endless websites and people - unsuccessfully - trying to solve the same kind of problem.

Eventually I managed to get the certificate issued, but I already know that I will have to do at least a day if not more of hard core system administration work in order to properly rectify the situaton. The machine that this is all running on will need a much more recent version of its OS. That means I’m going to have to migrate a whole bunch of data to another machine in order to be able to do this without downtime. Then I will have to temporarily re-route the DNS to make sure that other services not directly related to this project continue to function.

All of this is error prone and time consuming.

The effect of this is that now Letsencrypt, from a time saver and a convenience has turned itself - for the second time - into a very large net-negative. This is unacceptable for a project that tries to make something easier and where convenience, not financial considerations are a big driver in adoption.

I understand that Letsencrypt needs to stay with the times. But the Letsencrypt folks should also understand that in the greater scheme of things certificates are not the most important thing in life and that causing your end users this level of grief is in the longer term not in the projects’ best interest.

Why Johnny Won't Upgrade

Software distribution has over the years gone through an enormous revolution in efficiency. Originally, software was developed on things called ‘plug boards’, a matrix of sockets that allowed quick (or so they thought) re-configuration of computing hardware to adapt it to different problems. This was soon followed by papertape, then the punched card deck, a stack of paper cards that contained the program code in a series of holes punched into the paper. Special readers and writers took care of reading, ordering and punching the cards. Woe to you if you dropped a deck of such cards or if your reader jammed or you spilled coffee all over a deck. (From personal experience: if you don’t immediately copy such a deck; within 10 minutes or so the cards will swell to the point that the reader will jam, this will not make your boss happy.) That principle plus miniaturization caused a quick succession of hardware based software distribution models culminating in ROM cartriges, a physical device that you buy which contains the program.

Once written a ROM is impossible to rewrite, it literally stands for Read-Only-Memory. So any kind of fix of the software is going to be very expensive and will require a physical device to be distributed to all of the customers for that particular program. This is prohibitively expensive for many applications, so many solutions were developed that made this process more cost effective and quicker. Tapes with software sent to customers followed, quickly superceded by various disks and other magnetic carriers.

Enter the 90’s when the software distribution medium of choice was the 3.5” floppy disk. A typical large software package would require you to sit for an afternoon swapping disks in and out of the drives; to deal with the occasional read error and to curse a lot if you dropped the stack of floppies by accident (hey, but better than those punched cards). For a brief period the CD-ROM reigned supreme, at 600 MB a single CD held as much data and code as 400 floppy disks. Then the internet came along and it all changed, overnight.

I don’t actually remember what the last time was when I bought a shrink wrapped piece of software, it probably was Microsoft Office around 1997. Since then almost all software distribution has gone online. And that’s great right? No more hauling physical media around for bits that you might as well teleport around the world instantaneously.

The benefits are obvious: fast turnaround time between spotting a problem and getting it to the customer, very low cost of distribution and last but definitely not least: automatic updates are now a thing, your software knows when it is outdated and will be more than happy to install a new version of itself while you aren’t looking.

And that’s exactly the downside: your software will be more than happy to install a broken, changed, reduced, functionally no longer equivalent, spyware, malware, data loss inducing or outright dangerous piece of software right over the top of the one that you were using happily until today. More often than not automatic updates are not done with the interest of the user in mind. They are abused to the point where many users - me included - would rather forego all updates (let alone automatic ones) simply because we apparently can not trust the party on the other side of this transaction to have our, the users, interests at heart.

It isn’t rare at all to be greeted by a piece of software that no longer reads the data that was perfectly legible until yesterday because of an upgrade (I had a CAD system like that). Regressing back to the previous version and you’ll find that it tells you the data is also no longer legible by that version because the newer one has touched it. Restore from backup and get caught in an automatic update war that you can only stop by telling your computer that the automatic update host does not exist any more. It shouldn’t take that level of sophistication to keep a system running reliably, especially not when your livelihood depends on it.

It also - unfortunately - isn’t rare at all to find the user interface of the program that you are familiar with drastically messed up after an automatic upgrade. Familiar menu items may have been moved around, renamed or have been removed entirely. New functionality that you weren’t looking for may have been added, prominently so, taking up valuable screen space. Bundled software may have been installed without your knowledge or consent.

It gets worse. In some cases such automatic updates render your whole system unusable, requiring a re-installation, which - if you are lucky - will get you back to a state that you were already in. During work on a deadline this can cause very serious problems.

Sometimes upgrades will ostensibly be because of security reasons, something that tends to get even reluctant users to agree that this time it probably is worth it. Only to be screwed over by a free malware rider; or some kind of tracking or telemetry installed without your consent or knowledge.

The list of these transgressions is endless, and software vendors the world over still don’t seem to get it. If updating software is so easy, why are users so reluctant to do it?

That’s because all you software vendors collectively royally messed it up. You’ve burned your users trust on so many occasions, not thinking from their perspective but from your own almost exclusively leading to people locking down their systems and foregoing critical security updates because they are scared that they will end up with a lot of extra work or a much worse situation if they let you have your way.

So, software vendors, automatic updates:

  • should always keep the user centric
  • should be incremental and security or bug fixes only
  • should never update a user interface without allowing the previous one to be used as the default
  • should never be used to install telemetry or spyware or to re-enable it if it was previously switched off
  • should never be used to install other software packages without the users explicit consent and knowledge
  • should never change the format of data already stored on the system
  • should never cause a system to become unusable or unstable
  • must allow a revert to the previous situation
  • must be disablable, in an easy and consistent manner for instance on mobile devices
  • should never cause the system to become inaccessible or restarted without user consent
  • should always be signed by the vendor to ensure that the update mechanism does not become a malware vector
  • should never cause commercial messages or other fluff to be included
  • should never cause configuration details to be lost
  • should always be backwards compatible with previous plug-ins or other third party add ons

If we can agree to those terms I’ll be more than happy to update my software, automatic or manual. But until then you’re all on probation, too much misery and lost days on my end on account of these and I highly doubt that I’m alone in that, Johnny agrees.

This is in all our best interest: software updates are a very important mechanism in keeping the internet secure but because vendors routinely botch it users end up using old and insecure software far longer than they should having been bitten by the update bug a couple of times. That’s a very important mechanism squandered for the worst of reasons and if we could just agree on the above basic rules of engagment it would be a tremendous improvement over the current situation. Security and bug fixes are the reason we have automatic updates, not to satisfy the marketing or the design department.