W3C home > Mailing lists > Public > www-tag@w3.org > July 2014

Re: Food for thought (resurfacing)

From: Noah Mendelsohn <nrm@arcanedomain.com>
Date: Tue, 29 Jul 2014 21:58:39 -0400
Message-ID: <53D8514F.4050405@arcanedomain.com>
To: Alex Russell <slightlyoff@google.com>, Larry Masinter <masinter@adobe.com>
CC: Marc Fawzi <marc.fawzi@gmail.com>, Marcos Caceres <w3c@marcosc.com>, "www-tag@w3.org List" <www-tag@w3.org>

On 7/29/2014 8:57 PM, Alex Russell wrote:

> Today, we know that TCO on a non-auto-updating windows computer managed by
> a central administrator is many times that of an equivalently spec'd
> auto-updating ChromeOS device.

...and you've demonstrated that what percentage of that claimed TCO saving 
is due to auto-update? Could it also be due to the fact that the 
architectures of the systems are tremendously different, the levels of 
functions provided by the systems are tremendously different, the level of 
end user configurability e.g. for unusual attached devices as much 
different, etc.

I think you're over-simplifying the argument as least as much as you 
suggest Larry is. I still say it's a tradeoff: auto-updates done right on 
certain systems are likely to improve security. I've also seen updates that 
compromised security, and in an auto-update environment you're delegating 
the responsibility for ensuring that such updates aren't activated. I 
really think this is a complex tradeoff: yes, there can be significant 
advantages in security and for other reasons when auto-update is done; is 
there any contradiction in also saying that there can be significant 
disadvantages. I still think it's a tradeoff and that the cost/benefit 
depends on the system, who's creating the updates, what the threats are, 
etc., etc., etc.

Received on Wednesday, 30 July 2014 01:59:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:03 UTC