Monday, January 21, 2013

The impending crisis that is Windows XP and IE 8

Monday, January 21, 2013

Do you remember what you were doing in October, 2001? You weren’t watching videos on YouTube, updating your Facebook status or even using the term “social media”. It was still the days of web 1.0 and REST was something you did when you were tired. If you had a puppy, it’s probably no longer with us.

This was a cutting edge device:

Palm m500

Websites were “Best viewed in Internet Explorer 5” and looked like this:

microsoft.com loaded in Internet Explorer 5

That 800x600 image was the typical resolution too, it was the most your common 15” CRT screen (in 4:3 aspect, of course) could display. Advanced users might see 1024x768 on a 17” screen, but it wasn’t mainstream.

This was a different era, the era in which Windows XP was born. XP was a very good thing back then, no doubt about it. But so was Everybody Loves Raymond and Britney Spears. (Let me rephrase – they were popular things!) They were also things that feel like a lifetime ago because in technology terms, they were.

But unlike Raymond and Britney, Windows XP refuses to move on (well at least unlike Raymond), in fact it has hung around until well after its due date. Whilst “we” have been able to get away with holding onto the past until now, all that’s about to change, and Internet Explorer 8 is a key catalyst.

First, the facts: XP still has a massive presence

Let’s start with the facts; despite what many people may think, Windows XP is still hugely popular. How popular? 1 in 4 PCs are still running it:

25% of operating systems are Windows XP

This is worldwide usage by operating system and clearly XP still has a very strong foothold. What’s more, the current rate of decline means it will still have a strong foothold in a year from now – certainly way more than what OSX does today. It’s significant.

But as I’ve written before, technology habits are a very localised thing. For example, if you’re in China you almost certainly use XP:

Windows XP in China at 64%

The rate of change in China is also barely moving; that’s a 2.79% decline in the 6 months leading up to December 2012. I’m still pretty clear on the driver for the high prevalence of XP in China, but rightly or wrongly, 64% of 512 million internet users in one country is one hell of a lot and it’s barely changing.

IE 8 and Windows XP – inseparable bedfellows

Getting back to the IE 8 reference in the title of this post, here’s where the whole issue comes to a crescendo: Windows XP will not allow IE 9 or 10 to run. Not at all. Not one little bit.

The root cause seems to be a very close knit integration between OS and browser meaning that the architecture behind newer browsers built for the Windows 7 and 8 era simply won’t play nice with the older architecture of Windows XP. Now of course much has been said about the close interdependencies between IE and Windows but rightly or wrongly, this is how it is.

What it means is that if you’re hanging around on XP, here’s the recommended upgrade position (this is from just last week using IE 6 in a server environment):

"It's time to upgrade your browser" recommendation to upgrade to IE 8

Unfortunately, this is as good as it gets for users of XP; an upgrade option to a twice superseded browser incapable of meeting today’s web standards.

Paradoxically, the current version of Chrome runs just fine in XP. So does the latest version of Firefox. Safari is also good. Even Opera doesn’t have a problem! But there is one very big problem with all of these – none of them are “standard”.

The “standard” browser conundrum

For those of you not familiar with what it means to work in a “standard” operating system environment, let me give you a quick overview. Many large institutions – governments, schools, banks, other big corporates – have what they refer to as a “Standard Operating Environment”. The theory is that when you’ve got thousands, tens of thousands or even hundreds of thousands of employees using PCs, it makes sense to build one image (or a small handful of images) and align the organisation around these.

There are many good reasons for doing this:

  1. New machine builds are streamlined because you’re just replicating the standard image.
  2. Upgrades are simpler for the same reason.
  3. New software can be tested against a very limited set of operating possibilities.
  4. It easier to push out updates when you’re deploying into a known environment.
  5. You can actually design a push model for updates – everyone is playing by the same rules.
  6. New software built for the target environment only has a very narrow compatibility range to meet.

Another thing that tends to get standardised is the browser and for those organisations that have invested so heavily around Microsoft’s products, IE is obviously the natural choice. Keep in mind also that decisions around things like browsers were often made many, many years ago – back in the IE 6 days and frequently even earlier. This was an era when IE dominated – when it was ubiquitous, even. Those decisions, for better or worse, have stuck.

So what happens when you have a “standard” browser? Well naturally all the apps that get built are designed to meet the standard – they work just perfectly on IE. It doesn’t matter that they don’t work on Chrome because Chrome is not a “standard” and no amount of ranting or raving about W3C and HTML spec will change that. Business demands prevail and business has chosen IE. End of story.

The point of all that is this: institutions are very strongly tied to IE. Rightly or wrongly, this is their portal to the web and if they’re tied to XP then they’re tied to IE 8 and that’s about the end of it. Yes, they could run Chrome or Firefox today and immediately gain access to modern browser features with a freeware product, but it’s still a high friction change that means running some things in IE and other things in another browser.

Big business and XP – the other inseparable bedfellows

One of the major factors behind XP’s longevity is big business. Back at the end of July, Browsium had this to say:

Though it’s difficult to find hard data on the situation, we estimate that 20% of PCs in large enterprise (defined as organizations with 10,000 or more PCs for this discussion) have migrated to Windows 7, with 80% left behind on Windows XP. This estimate is corroborated by many in the IT industry — the CIOs we talk to daily, the systems integrators who run the migration projects, and even the Microsoft enterprise sales force who are more motivated than anyone to help their largest customers modernize their desktop platforms. And we continually hear that legacy web applications are the number one blocker to migration. When it costs millions of dollars to rewrite or replace a critical business application, migration projects invariably stall until a cost-effective solution can be found.

Keeping in mind that Browsium has a business model that leverages the fact that organisations in particular get stuck on old browsers (they make a plugin that allows new browsers to emulate old ones for compatibility sake), what they say makes sense and reconciles with what many others are saying both anecdotally and via hard statistics. Those legacy web apps in particular are a killer; because IE is “the standard” and let’s face it, it didn’t do real standards (i.e. W3C) very well, all these web apps designed myopically for IE 6 just don’t play well with newer versions of the browser as mandated by new operating systems.

But let’s go back to that 80% mark in July last year; compare that to the first graph in this post and it suggests that the ratio of big business on XP to the global average means that you’re two and a half times more likely to be running XP in a large organisation than you are in the general population. That’s a huge difference and when you’re talking about companies running hundreds of thousands of desktops you can imagine just how embedded the technology is.

Old technology is wasting everyone’s time and money

Let’s take a very typical modern day website requirement: you need to build a web app which works with IE 8 (because it’s the standard, don’t ya know?) but because it’s also the era of the mobile web and the execs want the cool new toys you need to support iOS devices, both the little ones and the big ones and now probably the medium sized one too. There’s multimedia on the site and the designers have given you a nice curvaceous UX with various artistic effects. There are also events that occur in the app which should notify other app users in the browser as they occur.

So you decide – quite rightly – that a responsive design makes sense given the massive range of device resolutions covering everything from the 320px wide iPhone to the 1920px wide PCs (and now sometimes even more). Let’s look at just a few of the pain points introduced by the IE 8 dependency:

  1. CSS media queries used in responsive design are out so you’ll inevitably need an “old IE” set of styles which locks it into a single resolution (or start building some funky JavaScript).
  2. SVGs which are now very popular in modern browsers due to their ability to scale and render smoothly in high pixel density screens such as on Retina devices are out. Either that or you’re manually adding graceful degradation for non-supporting browsers.
  3. Flash is out for iOS video and HTML 5 is out for IE 8 video so you need both and you’re going to need to gracefully degrade (or enhance, depending on your perspective), between devices.
  4. A whole heap of fundamental aesthetic effects are out; no border radius, no box shadows and certainly no CSS transitions. The list goes on and on.
  5. CSS 3 canvas is out so that wipes out a whole heap of options which pretty much means dropping back to Flash or deprecating the feature from IE 8 altogether.
  6. Web sockets are out so real-time style notifications mean you need to fall back to hacks like long-polling.

This is by no means a comprehensive list and the reality is that it goes on and on and on. It’s not that any single one of these is an insurmountable issue, it’s that combined they begin to significantly increase the friction of building software. You end up with hacks all over the place and whilst frameworks like Modernizr tend to help work through the idiosyncrasies, the reality is that supporting IE 8 from the outset adds cost. What’s more, it’s not just cost now in the development, it’s legacy cost – technical debt, if you will – that you’ll continue to pay throughout the life of the app many years after IE 8 has eventually faded into obscurity. It’s either that or you sacrifice on compatibility or features either with the old browsers or the new devices.

Charging the consumer for being a luddite

This cost isn’t free – someone has to pay it. Kogan decided that you should pay it:

Kogan's 6.8% tax on IE 7 users

This was just last year with IE 7 which is arguably far less of a headache than holding onto IE 8 is given the general shift towards HTML 5 and CSS 3 these days. Putting an actual price – or a tax – on the overhead users of long superseded browsers introduce to the development process is genius, in my opinion.

Sorry, you’re no longer welcome here

But passing the burden back to the consumer doesn’t always mean charging them actual dollars, it can mean simply depriving them of functionality. For example, Disqus already denies IE 8 users from seeing comments:

Disqus not supporting IE 8

Now this is pretty significant because Disqus is near ubiquitous as a commenting engine. This very blog uses Disqus and whilst I’ve ensured some degree of IE 8 compatibility in the HTML and CSS of the site, you’re flat out of luck with the commenting engine.

Then we’ve got Google Apps who have also already dropped support. Google explains it as such:

As we announced last year, we support the latest version of Google Chrome (which automatically updates whenever it detects that a new version of the browser is available) as well as the current and prior major release of Firefox, Internet Explorer and Safari on a rolling basis. Each time a new version of one of these browsers is released, we begin supporting the update and stop supporting the third-oldest version.

This sounds entirely reasonable, unless you’re a Windows XP user with IE!

Of course we’ve seen this sort of thing before and whilst it might already feel like a distinct memory, IE 6 wasn’t that long ago. In 2010, YouTube stopped supporting IE 6. Google Docs dropped it in the same year. Wordpress.com dropped it the following year. The point is that we have many, many precedents of major websites pulling the pin on older browsers and we’re already starting to see it happen with IE 8.

It’s not always a case of all or nothing, you’ve got the likes of the New York Times who created an absolutely stunning HTML 5 experience for Snow Fall: The Avalanche at Tunnel Creek. Go and check this out for a great immersive experience in a modern browser. But even in IE 8, it’s actually not too bad but that’s only the case because a person had to be dedicated to working on the compatibility for just that single browser. That’s a good example of where someone has no doubt done the ROI on it and said “Yeah, the value we’ll get from supporting that small, declining audience is actually worth dedicating someone to the task”. Great, but someone has to pay for it and whilst NYT hasn’t exactly “done a Kogan”, someone there has had to shell out a fair bit of cash to make this thing play nice with the old guy.

The IE 8 cliff

IE 8 support will literally drop off the edge of the cliff and it will happen very, very suddenly, certainly far faster than what we saw it happen with IE 6. There are a number of reasons for this:

  1. The rate of browser version revisions has increased significantly. It took more than 5 years to get from IE 6 to IE 7. It took just 19 months to go from IE 9 to IE 10. In the same 19 month period, Chrome made 11 major releases of their browser. The rate of change is increasing and by extension, the rate that browsers are being superseded is following.
  2. There are significant features that IE 8 does not support that are rapidly becoming ubiquitous, namely around HTML 5 and CSS 3. IE 6 was painful, but the compatibility problems it presented compared to IE 7 pale in comparison to the IE 8 to IE 9 chasm.
  3. IE market share is significantly less than what it was three years ago when the big shift away from IE 6 was happening. It was a far ballsier move for sites to start dropping IE 6 support when the majority of their users were on it than what it will be when it’s a minority browser that’s still declining.

That last point is the real kicker – take a look at the global IE trend:

IE declining from 56% in December ‘09 down to 31% in December '12

That’s 56% in December ‘09 down to 31% in December last year. This makes for a fundamentally different discussion on ROI when a website starts to look at dropping support for an old version of IE.

But there’s another significant reason why support for IE 8 is going to fade very quickly this year; jQuery. Depending on whose stats you look at, jQuery is allegedly used in somewhere around half of all sites on the web. Now this is significant and in and of itself of no threat to IE 8, after all, jQuery has been a great enabler of cross browser compatibility for a number of years now.

No, what’s significant about jQuery is the imminent arrival of jQuery 2 and their view of “ghost of browsers past”:

Now that we’ve cleaned house, it’s time to take a look forward. There’s just one thing interfering with our vision of the future, and that’s the ghost of browsers past. Internet Explorer 6, 7, and 8–collectively, oldIE–have been a thorn in the side of web developers for a decade.

So what does this mean for IE 8? Not good news once jQuery 2 hits:

This version will support the same APIs as jQuery 1.9 does, but removes support for IE 6/7/8 oddities such as borked event model, IE7 “attroperties”, HTML5 shims, etc.

Of course developers can still keep using jQuery 1.9 solely or they can even use 2.0 but just conditionally load 1.9 for older browsers. After all, jQuery has also stated a goal of 1.9 and 2.0 being interchangeable in terms of the API. But will this actually happen? I mean will developers consciously pull in a superseded version of jQuery or write conditional logic to support a declining browser? Some will, many won’t and that 50% of the web will rapidly start breaking for users of IE 8.

You (often) can’t build new software with old technology

It’s not just the IE 8 dependency that’s killing XP and burdening its users, it’s the simple fact that an increasingly large number of apps simply won’t run on it. Let’s look at Microsoft’s own development platform as an example:

To begin with, there’s no Visual Studio 2012 support. We’re now well into the lifecycle of the latest and greatest development environment, in fact the first update has already dropped. If you’re a developer running Windows XP, you have no access to a whole range of new development environment features. In fact if you’re a dev on XP, you’re pretty much now the coding equivalent of being frozen in carbonite which doesn’t do much for your career or marketability as a .NET developer:

Prospective employer: “So tell me about your experience with the current generation of tools”

Candidate: “Uh, um, they don’t work on my machine”

Not only will VS 2012 not run on XP (SQL Server Management Studio 2012 won’t run either), version 4.5 of the .NET framework won’t run so even if someone on a modern OS that can run VS2012 builds a software product, they have to target 4.0 or earlier and can’t leverage any of the new language features.

Why does this matter? Well it’s significant because it means no access to features such as massively improved parallelism among many, many others. This then cascades into other new features, for example you can’t access the async language support in the upcoming Entity Framework 6:

Async language support is now available for queries and updates when running on .NET 4.5

Then of course there’s no more XP support for the modern day Office suite, the specs are pretty clear about that:

Windows 7, Windows 8, Windows Server 2008 R2, or Windows Server 2012

There are plenty of new bits to Office which, IMHO, make it a much nicer environment to work in. Whether or not everyone feels the same is, of course, a matter of personal opinion. However, what’s not up for debate is that if you’re running XP then there’s no choice; you won’t be running Office 13. Full stop.

But it’s not all Microsoft, plenty of other software vendors are dropping support as well. For example, Adobe Lightroom 4 launched nearly a year ago without XP support. Of course this is completely reasonable for all the same reasons dropping support for IE 8 is reasonable; it adds cost, it often degrades the experience for more progressive users and it costs more money to support a declining audience. It’s an increasingly easy ROI discussion.

XP support is going, going…

Come next year, Microsoft will no longer support Windows XP. This is significant:

After April 8, 2014, there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.

Anyone still running XP will become extremely vulnerable. Hotfixes and security patches are frequently rolled out across all major supported operating systems as a natural part of the arms race with evildoers. Even iOS which has proven to be remarkable robust usually has security fixes in OS updates.

Particularly large corporates who have a sizeable install base of interconnected machines all behind the same firewall would face enormous risks by running an unsupported OS. One little zero day that Microsoft no longer patches and, well, use your imagination.

There are those who will argue against upgrading for all sorts of reasons, but the lack of support surely trumps them all. It’s one thing for someone to move your UX cheese, it’s quite another to be running an unpatched operating system vulnerable to numerous zero day risks.

It’s no longer about the cost of change, now it’s about the cost of not changing

All of this changes the nature of the discussion that corporates in particular will need to have about upgrading from Windows XP. In the past, it’s been very much about “What will it cost us to upgrade” and I get that – it’s a high-friction process and particularly for larger orgs, it' ain’t cheap. But that’s only one side of the ROI discussion, here are the sort of questions that now need to be asked on the flip side:

“What will it cost us if we have to keep building IE 8 compatible websites?”

“What opportunities are we missing if we can’t use the language features in .NET 4.5?” (assuming a Microsoft-centric environment)

“What’s the impact on our workforce as they can no longer access an increasingly large number of websites that don’t support IE 8?”

“What will it mean to not be able to run an increasingly large number of new software products that are incompatible with XP?”

And most importantly:

“What is the risk cost of running an operating system that is no longer supported?”

The elephants in the room: BYOD, tablets and Windows 8

What compounds the whole situation is that the timing coincides with three very fundamental shifts in the way corporate computing is done: Bring Your Own Device (BYOD), the increasing prevalence of tablets as a replacement for PCs and the significant redesign of Windows in version 8.

The relevance to BYOD is twofold; firstly, particularly for organisations running on older hardware (and let’s face it, everyone wants to stretch their infrastructure budget as far as possible), there’s the question of whether an OS upgrade should correspond with a hardware upgrade. After all, aligning the two events is undoubtedly a lower friction exercise – “Hey Jimbo, here’s your new PC running Windows 7/8” but it also increases the cost of change, even if it’s just simply bringing forward the hardware refresh cycle so that it aligns with the OS upgrade.

But the other part of the BYOD equation is that if the organisation is looking at making a significant investment in 2013 (and delaying to even early 2014 is getting awfully close to the end of XP support), would that investment be better spent in BYOD infrastructure? Is that the way of the future and buying new desktop equipment and investing in the support structures for a new OS just backing the wrong horse? Beyond the obvious security and logistical considerations (for example, what’s the incentive model for employees to supply self-funded equipment), BYOD does mean significant investment in other areas.

But say that BYOD is off the cards altogether for whatever reason; isn’t everyone buying those newfangled tablets these days? Is it really the right move to make investments in the desktop / laptop model that need to remain relevant for probably the next four years? Based on consumer trends (which corporates tend to follow – eventually), it’s probably not.

So what are the options? Well there’s Microsoft Surface which is very promising, but it’s also very new which is something large corporate purchases are a bit wary of. It also runs Windows 8 (which I’ll come back to) that’s very new and yet to demonstrate any broad adoption. Rightly or wrongly, organisations will approach this with trepidation.

Then there’s obviously the Apple and (mostly) Samsung competition but now you’re talking about backing an entirely different operating system vendor which is never going to be a decision taken lightly. Many will (and are) taking it, but it’s a hell of a change and there are a huge number of issues to overcome. Then again, this whole situation may just be the catalyst for many orgs to have a serious discussion about that which is really a very unfortunate situation for Microsoft.

Finally, there’s Windows 8. Without a shadow of a doubt, 8 is the most significant change to the operating system since ‘95 hit 17 and a half years ago. Change is essential in technology and whether it’s a good change or a bad one (certainly there are vocal critics of Windows 8), change brings with it associated costs. For example, if a large organisation was considering rolling our Windows 8 they would almost certainly be considering the impact of educating and supporting users as they transition from XP. This was common when we had comparatively low friction changes in user experience such as Windows 2000 to XP, it’s definitely on the cards for Windows 8.

Of course you could just roll out Windows 7 which is a much more intuitive upgrade path from XP than 8 is, but then you’re already starting out with an “old” operating system. That then raises questions about the longer term Windows strategy which only compounds the existing ones mentioned above.

The point with Windows 8 is that no matter how good it is or isn’t, it’s a big change. It’s not just the usability side of things, the way a large organisation would package, deploy and manage an operating system in 2013 is fundamentally different to the way they did in 2001. Of course that would apply to Windows 7 too, but 8 has that extra uncertainty given the other significant changes it brings.

The perfect storm in 2013

For the most part, people are not still using Windows XP by choice, there are usually mitigating circumstances which hold them back. They may simply be unaware or blissfully happy with what they have (education is not there), they may not want to go through the friction of change (upgrades are still always tricky) or they may be constrained by the corporate environment in which they work. Whilst some will claim it ain’t broke, that’s not the case if you use the default browser (which many are constrained to), it’s also not the case if you want to run an increasingly large array of software dependent on a newer OS and it’s certainly not the case if you don’t want to have an OS out of support in the first half of next year.

2013 will see the culmination of all these issues; support for IE 8 will drop off rapidly, users of XP will find an increasingly broken web, the cost of building software in XP organisations will increase. Those same organisations will have some really, really tricky decisions to make about their OS future. But it will happen this year and if it doesn’t, 2014 is going to be very, very interesting.

Tags:

comments powered by Disqus

Leaving comments is awesome, please do. All I ask is that you be nice and if in doubt, read Comments on troyhunt.com for guidance.