Is software running before we can walk?
Even the update to Blogger reminds us that people feel the constant need to update things. There is nothing obvious added to the interface and no additional features it is just one of those things that companies do because they don't have any actual improvements to make so why not a "freshen up".
Now I appreciate that you cannot leave old software running forever. OSs and frameworks change (rightly or wrongly) and if you want to update to get security fixes, you might lose support for old functionality and have to do some re-factoring but lots of changes are UI fluff and often make the interface slower and more clunky generally, have issues across browsers since they will either use semi-compatible features or build a massive bundle that is transpiled for everyone + dog.
And the issue isn't just web apps being updated. I am frightened at the number of times mistakes are made in workplaces due to a combination of either poorly written software, software that is far too complicated and then the people using these systems who have very little technical understanding.
I remember my sister trying to change her name on a utility bill and it took something 10 times. At one point, they managed to change her gas bill address but not her electricity. Now, you would think that a system that manages customer accounts would be pretty basic. "Change Details" => "Update" and it would just work? Of course not.
A good example is Salesforce. It is a massively popular and profitable business which is CRM as-a-service, which is great for them but I assumed it was popular because it was super slick and easy, a bit like GMail when it first came out. But no. It is frighteninly complicated with hundreds of screens - probably trying to be all things to all people but having terrible UI as a result. One thing I noticed was that it wasn't even nice "Bootstrappy" controls but something out of a Windows NT horror film.
There are loads of systems like this and the problems boil down to:
- Software customers who don't know how to specify good software
- Suppliers who don't know how to coach customers to specify good software
- Suppliers who care a lot more about the money they can make instead of writing software to be proud of (you know who you are!)
- Lack of formal training/expertise requirement in the supplier industry. Anyone can legally write code for virtually anything!
- Lack of investment in UI/UX. I have met several people who do this and even there, the understanding is not always as high as you would hope. I saw a great example of UX design once (can't find the link) where a card payment page was being designed. Very simple questions/considerations about not wasting key strokes, not making the user click into boxes, not making them choose pointless things like what card type it was. By the way, a lot of card payment screens from people like worldpay and sage are shocking. You should be ashamed.
- Users who do not need any formal training and are let loose on these systems. I worked with a (grown but not elderly) man who used to double-click hyperlinks on web pages. Goodness knows what damage he has inflicted over the years.
- A general lack of the ability to correctly spot critical problems and resolve them. For example, the second time my sister had to call up to change her name should have rung an alarm. Either the previous call handler doesn't know what they are doing or the system is broken. Both scenarios are business critical but it seems most people only think to say, "sorry, let's try again".
What can we do? Of course, there is no set opinion on this. I would like to see the formalisation of the software industry, even if it only means one accredited person signs off on the work. This approach could give some slack like it does in Law and Medicine for areas that are personal preference, but it could also mandate things like acceptable password hashing algorithsm, approved libraries for certain things, frameworks which have passed muster and those that haven't etc.
I think we also need to start giving the general public mandatory IT training at school like a "driving licence". A poorly maintained computer can lead to virus infection and being part of a botnet of some sort, why would we let people just own these without any controls?
I also thing service providers could be more proactive, especially when known malware is detected from an IP address: block its DNs and return a standard page to the customer saying, "This line has been blocked due to malware detected, call this number to discuss options" or whatever. It could also just throttle the line so it cannot contribute much to a DDoS attack. Even if this was opt-in, lots of people would presumably rather know.
Lots of problems but until there is a recognised software institution, it is almost impossible to make this happen any time soon.