|
|
Published: 01/02/2010 | Last Revision: 06/07/2010
There appears to be somewhat of a rousing rabble of noise circulating around the Internet that we should be dumping Internet Explorer 6 (IE6) and moving forwards to IE8. It transpires that IE6 has more holes in it than a colander. which makes it a prime target for unscrupulous people writing nasty Web site code to exploit such vulnerabilities.
To be honest, I am very much in two minds about this. On the one hand, there is most definitely a problem with a typical home user who has Windows XP and IE6. It’s probably not kept up to date with patches, and if it has any antivirus installed, it will be minimal at best and probably hasn’t had any updates in the last two years, making it absolutely ripe to be hit hard as a target for various spyware, worms and other unpleasantness. For these users, getting them off XP/IE6 would seem to be a good move, although one could argue that getting them to update the operating system, the applications and their security measures would be a better starting place.
There is a real problem in the corporate space though. The mantra goes that the business desktop should now be Windows 7 with IE8, this representing the best and most secure desktop operating system combination that Microsoft has ever launched. And to an extent that view is correct – a well configured Windows 7 64-bit with IE8 64-bit is about as good as it gets today if you are looking for a relatively hardened platform which can run your line-of-business applications.
The Apple iPad: lots of new possibilities, if you’re not targeting Flash.
And there lies the rub. This is a two edged sword, and it is difficult to make the call either way. The reason I say this is because an awful lot of business desktops are running XP/IE6 and are actually quite happy with it. They know how to image it, deploy it, keep it up to date and so forth. And given that in a business network environment these desktops are probably hidden away behind not only a decent firewall but also, one hopes, some sort of Web site scrubber and cache facility, the chances of something nasty getting through is actually quite remote. So what if XP/IE6 is vulnerable to attacks if you are doing a strong and robust job at the perimeter?
This argument works just fine until someone takes a laptop out of the building and plugs it into an Internet café, or worse still, some bright spark down in the warehouse decides that he is not going to put up with all this network management nonsense and discovers a spare phone line into which he can plug a cheap modem. Suddenly the machine is infected with some particularly unpleasant material, because after all he wouldn’t have been able to get there via the main LAN and it’s the unpleasant stuff he is actively looking for. You might think this unlikely in the era of ADSL, but I have had one client where a member of staff ordered up at his own expense an ADSL line onto a spare fax line that went into the stores department. Fixing the resultant network meltdown took days.
So the answer is easy: get everyone onto Windows 7 and IE8. Well yes; but there are some real problems here. Firstly, what is the business justification for moving from XP to Win7? I know that Microsoft’s oleaginous marketing team can smoothly shift into fifth gear and rattle off a 30-minute justification without even drawing breath, but the reality is that it can be hard to make a coherent value justification for many businesses. This might surprise you, dear reader, if your one of those ensconced in Developer Land where shaving 10 percent off your compile time has a real return on investment. But when it comes down to Harry punching stock numbers into the computer in the stores area, giving him Windows 7 seems a little, shall we say, “extravagant” in the eyes of the corporate bean-counters.
But there is a really nasty problem here. Back in the XP/IE6 days, we were all convinced that writing a browser-based Rich Internet Application was The Way Forward. That this was the future of business computing, especially for those lovely and reassuringly expensive line-of-business software packages that sprung up. Mix ‘Integrated’ and ‘platform’ and ‘workflow’ and bake at Gas Mark 5 for 2 hours. And the sad reality is that IE7 and IE8 are not upwards compatible with IE6. Staggering though it might seem, we were sold a pup by Microsoft.
It happened before with ActiveX. A great idea but a terrible implementation that resulted in a security nightmare.
The Flash alternative
Now some are saying that we should be porting our development effort over to Adobe’s Flash. This will be the Saviour Of The Universe (but only if sung by Freddie Mercury). Your app can run anywhere: it won’t be locked into the vagaries of the browser implementation. It will float, like a bird, on all devices from mobile through to supercomputer.
And maybe it will, but I am not sure. I am coming to the conclusion that Flash is the new ActiveX. The reason I say this is down to a number of factors. Firstly, it’s mostly used for offensive in-your-face advertising, and not as a true line-of-business design and deployment tool. Wherever possible, I install an anti-Flash add-in to block the ‘auto-download and execute’ of Flash components on a Web page. Almost all of the time they are not necessary and just get in the way, so it’s best to turn them off.
Now Adobe and Apple appear to be locked into a long-term battle of words over Flash. Apple hasn’t allowed Flash to run on the iPhone platform at all, citing its problems and instabilities as major reasons for keeping it off the devices. I’m not surprised at this: Flash runtime on the Mac 32-bit desktop platform is a howling dog, and I hear it is the highest badly performing application on the Mac OS, in terms of application crashes that are reported to Apple. So it’s simply been banned on the iPhone and iPad. And good riddance, says I.
Please understand that there are a small number of people who are doing sterling work with Flash, and not just using it for gratuitous advertising. I have seen some stunning examples, from hotel reservations systems through to parts catalogues. But they simply do not run on the iPhone and now iPad platform. However this doesn’t really seem to be a problem as anyone who is heavily into Flash has woken up to the reality that a huge market place is not open to them in the shape of the iPhone/iPod touch/iPad user community. So rather than walk away, they write a dedicated app for that platform.
So I wonder, is Flash going to become the new ActiveX? And what of Silverlight, Microsoft’s interesting and strong attempt to deliver a Flash-Alike But With Added Zing? If Microsoft moves the Windows Mobile platform onto the Silverlight runtime, then how many developers will follow this path when there is HTML5 to consider instead?
Application and runtime lock-in has been a fact of life forever in the business application space. There is nothing new here. Remember the pain when we went from Visual Basic 3 to 4, and could suddenly use 32-bit OCX controls instead of 16-bit items. And it is hard when you have to write an application that doesn’t merely sit on the display blinking ‘Hello World’, but actually has to do some real work. And that means connectivity to line-of-business data. I think I have now run out of fingers with which to count the number of different yet all excitingly incompatible ways of connecting an app to back-end data that we have suffered over the last 15 years.
And so we come full circle. Doing development work today is hard, because the choices have never been so unhelpful. Do we go for a native app on the client? Or a client/server application, bundled to software-as-a-service and put all of the heavy lift onto remote servers? What tools do we use, and are we brave enough to ignore the iPhone/iPad marketplace? Decisions made now will live with us for a long time. And even longer for our customers, for whom a ten-year refreshing of some line-of-business application might be viewed as ‘a little rushed’. Maybe there is much to say for having a terminal screen, simple ASCII text and no mouse.
|
|