Upgrading software in the workplace requires caution – but some companies make this far more complicated than it needs to be.
No, you’re not having a strange dream, Microsoft really is
celebrating the demise of a flagship product. Continuing the tradition of celebrating
milestones in web browser development with cakes, Microsoft’s latest cake marks the
“death” of Internet Explorer 6 – or, more accurately, the decline in US IE6
usage to 1%. Microsoft have make a huge effort to get people off Internet
Explorer 6 (obviously, they’d rather you went to Internet Explorer 7, 8 or 9
than Firefox, Chrome or Safari, but an effort nonetheless) through hasty
development, advertising campaigns, and now even silent updates to upgrade
remaining computers. And with Microsoft themselves admitting IE6 has had its
day and even the die-hard open sources fans accepting that IE7 onwards is a big
improvement, you’d think everyone would be happy.
If, however, you’re reading this blog from a UK government
building, you may think you’re accessing news from a parallel universe. The
UK public sector is inexplicably at odds with the rest of the world. IE6, like most early browsers, has a
sluggish Java engine that runs at snail’s pace on modern Java-Rich pages. Most
public web pages have now dropped support for IE6. And yet when the China hacking
scandal exposed hugely embarrassing security flaws in IE6, and the French
and German governments warned everyone off IE6 (and , for a while, later
versions), the
Cabinet Office insisted there was nothing to worry about. To be fair, web browser security isn’t the
be-all-and-end-all for government buildings – their strongest defence will
always be the safeguards within the Government Secure Internet – but the web
browser is the last line of defence in a compromised network, and it’s a
reckless to rely on a web browser written before widespread broadband adoption
and the security threats it brought along.
The Cabinet Office does, however, make a reasonable point.
Upgrading a system in the workplace is not a just a simple matter of waiting
for Microsoft / Apple / your Linux vendor to issue an update and click on “Yes,
Upgrade”. The effects of the same upgrade can vary from one computer to the
next. Many Mac users were
caught out last year when the latest OSX upgrade rendered their pre-Intel
software unusable. This is not normally a big issue for most domestic users
– the worst that can happen is a few computer-free days until someone can put
your old software back – but in a business, even a few hours without working IT
can cost thousands of pounds. Businesses also have to consider whether the
latest upgrade exposes them to new security threats.
The UK Civil Service, however, takes this to the extreme by
refusing any upgrade without a thorough acceptance testing process – meaning in
practice that almost everything is ruled out on cost grounds. That is not how
you are meant to approach software testing. Instead, you should prioritise your
testing based on risk, and the risk of upgrading IE6 after 7, 8 and 9 have been
used by the public for years without problems is minimal (as is using Firefox
or Chrome). You certainly don’t need the extensive testing required for
software specially written for your own company. (And okay, if you’re the
Civil Service, you also need to think very carefully about security
implications of upgrading – but doing nothing exposes you to the security
implications of not upgrading.)
There is also a strange obsession that any change to IT
entails expensive training costs. This is sometimes true – I, for instance,
would have be hesitant to drop an Ubuntu-based workplace straight into
controversial Unity desktop (Ubuntu only got away with this because their
user-base tends to be tech-savvy) – but most of this time this mentality
assumes workers can’t cope with even the simplest intuitive change. I’ve said
before that public knowledge of IT could and should be better, but that doesn’t
mean ordinary office workers are all IT-literate idiots. The equally controversial ribbon that came with Microsoft Office 2007 was a big change from
earlier versions, but you’ll struggle to find a workplace that rushed into
Office 2007 without training and found its workers couldn’t cope.
Then there’s the problem of workplaces locking themselves
into outdated software – and this is a particular problem with IE6. Many
workplace applications were written to specifically run through Internet
Explorer 6, making an upgrade impossible without a fundamental rewrite of all
these applications.[1] This was an
easy mistake in the early noughties when IE6 looked set to be Grand
High Lord of the Internet forever, but one of commonest complaints I’ve heard
from software developers is that even when IE6 was on the decline and they
warned customers of the dangers of locking yourself into IE6 further, companies
were still insisting that applications were written to run through IE6 because
that’s what they’ve always used.
Finally, I can’t help thinking that there’s a mindset that
slow and unreliable systems are something normal. When I was last in a
government building, I was regularly screaming and cursing that something as
simple as checking the price of a train ticket took me five times as long as my
(relatively low-spec) computer from home, but this didn’t seem to be considered
a problem. When managers are downplaying the negative impact that out-of-date
software is having in their workplace this much, the change of doing something
slips even further out of reach.
In a way, software testing has a lot in common with health
and safety. Good health and safety is all about identifying the risks and
concentrating your efforts accordingly, so that you can carry on
doing you’re doing safely (so frequent accidents such as slips,
trips and falls, and serious risks such as road accidents get more attention
than the chance of getting a papercut at your desk). Lazy health and safety – the sort which gets gives
the business a bad name – involves overblown risk assessments over the most
trivial dangers to the point where the only practical solution remaining is to
not do it at all, which is why you get schools cancelling school trips for daft
reasons. The same principle applies to software testing: good testing helps you
achieve what you want safely, bad testing stops you doing it completely. And
like silly health and safety decisions preventing children playing outside, the
risks of not upgrading can often be far greater than the paranoid risks used as
justification not to do it.
It’s perhaps unfair to blame project managers for being
risk-averse. There is no shortage of botched IT projects out there, so it’s
understandable why people would choose to play it safe and stick with what they
know, however inefficient it may be. But the paperwork around upgrading is far
more complicated than it needs to be, and if we’d focused more on what really
matters and less on hypothetical scenarios that don’t, we could have enjoyed
Microsoft’s cake much sooner.
[1] Having
said that, you can install a modern version Firefox/Chrome/Opera/Safari
alongside IE6 so that you can access the internet on a modern browser whilst
still having use of your IE6-specific applications. But given the lack of
adoption of this easy solution, I can only assume that companies who mindlessly
run everything through IE6 are the same people who obsess over overblown
acceptance testing and training costs whenever anyone considers using a
new product.
No comments:
Post a Comment