Check for update

WaxLyrical offers a quick and simple way to check for, and apply, updates. Because of the paranoia and risk of undesired things taking place during Internet connections, this description is quite verbose and explains in detail both how to use the update and also how it works. To make things easier for you, this explanation is broken into sections. Stuff in black text, like this, is concerned with how to update WaxLyrical. Meanwhile stuff in blue text is an explanation of what is actually going on at each point. Anything in red text is a warning. Here's one I prepared earlier:

When you check for updates, WaxLyrical usually looks to my website:
http://www.heyrick.co.uk/software/waxlyrical/
However, if you click the 'Update' button with the right mouse button while holding down the Alt key, WaxLyrical will instead look at:
http://angelique/software/waxlyrical/
This has been implemented in order that I may develop the software here from my internal server. It will only work for you if you set up a server on a machine called "angelique". Trying to use this on the Internet will fail because there is no domain name (the ".com" part).

The above is only really useful to me in the development of this software, however I am describing it for completeness.

After clicking the Update button, you will be asked to confirm:

This could be a useful point to establish a connection to the Internet, if you use dial-up. It is likely to work better if you do this yourself rather than having WaxLyrical wait for the dialler to do it upon an off-site request.

Step one - retrieving the verification file
The first thing you'll see is the download status window flash by. If you have broadband and a fast computer, you might barely see it at all.

What is happening is WaxLyrical is requesting the "notification file". This is a special file that tells WaxLyrical what the latest available version is.

WaxLyrical identifies itself in the "user agent" part of the HTTP header, as follows:
User-Agent: WaxLyrical/0.08
There is no other form of identification, no other embedded information, and your registration details are not sent back to my server.
The actual header data sent to the server is out of WaxLyrical's control, as it uses the Windows internet system, however it seems that the headers are fairly minimal – the necessary and little else.
The verification file is a text file that is both human-readable and may be displayed in your web browser. Simply fetch: http://www.heyrick.co.uk/software/waxlyrical/update.txt
The file looks something like this:
object "WAXLYRICAL" { version 0.07 lastmodified 2007/10/15 updatepath /software/waxlyrical/waxlyr007.exe updateaction execexe;selfclose } object "NOTICE" { ...text here describes what is new in this version... }
The "WaxLyrical" block defines the version and date of the latest version available. It then provides the location of the file relative to the website root (it is not possible to request files from another site). The "updateaction" is not currently implemented – the action of running the installer then and exiting WaxLyrical so the installer can complete (upon your permission) is assumed.
The "NOTICE" block provides a brief plain-text description of the new features provided in this update file.
If your firewall is the sort that requires you to interactively permit software to establish a connection to the Internet, then you should see WaxLyrical appear in one of the pop-up windows. Whether you permit WaxLyrical to be able to connect "always", or "this time only" is up to you – but note that downloading the update (if available) will be another connection.

WaxLyrical does not search for updates or otherwise access the Internet unless you specifically ask.

Note: The update system does not work with proxies.
The update system makes no use of "cookies" or other user-specific identifiers.

Step two - informing you of an update (or not?)
Once the notification file has been retrieved and examined, you will probably a message similar to the following:

This means that you are already using the latest version of WaxLyrical.

If, on the other hand, there is an update available, you will see something like:

This shows you the current version of WaxLyrical (that you are using now) and the version that you can update to; along with the brief message that was stored in the notification file.

Note that this example window was faked for this document – WaxLyrical would not prompt you to update to the same version that you are already using!

You can choose to Update now! or Don't update as you wish.

Step three - getting the update
If you choose to Update now!, WaxLyrical will go back to my website to download the installer program, as directed by the notification file.

The program that is downloaded is an .EXE executable. It is, in actual fact, the exact same thing that you would be downloading if you visited my website and fetched the software yourself!
I feel fairly confident that my system is virus-free. I have AVG Free (http://free.grisoft.com) in use here. However it is common sense that you will have your own anti-virus software in use.

While the installer file is being retrieved, you will be shown the status:

Step four - performing the update
When the file has been received, you will be asked if you wish to begin installing the update.

If you choose Yes, then WaxLyrical will start the installer and it (WaxLyrical, that is) will then quit.
The reason WaxLyrical must exit is because the installer won't be able to update an application that is in use.

To reiterate: This step involves taking an executable file downloaded from the Internet and running it on your computer. If you have any doubts, you should not use the automatic update facility – but it is worth pointing out that will have had to do exactly this process yourself in order to install WaxLyrical in the first place.

Therefore, if you answer No, then WaxLyrical will pop up a message saying where the downloaded file may be found, so you can check it and then – once you are satisfied – run it yourself.

Footnote

While there are ready-made libraries designed to handle updating in this manner, it has taken me a while to come around to the concept of automatic updating of software – primarily because I insist on writing my own update system. How could I offer you an updater that I was not 100% certain how it worked myself?
At the end, it comes down to a matter of trust. Do you feel you can trust me? Do you feel you can trust me to direct my software to connect to my website, download the correct file, and execute it for the sole purpose of updating the software? I believe that by writing my own system and documenting it clearly, I will provide more reasons for you to have confidence in me. Furthermore I believe that writing this very thing is not intended so much to scare you away as to warn you of potential problems and show that I am taking your security seriously.

I have tried to make the entire process as simple, yet traceable, as I can. You absolutely must request WaxLyrical to look for updates. You'll never find any of my software looking to update itself automatically, with some sort of "Don't check for updates" option hidden in a load of obscure configuration settings. The "blacklist" on my firewall stands testament to the large number of programs that assume they can access the Internet as-and-when. WaxLyrical (and anything else I create) will not take such a blasé attitude to something that should be your primary concern. To that end I am happy to answer any further questions that you may have regarding the automatic update...