They have had years to sort this out, same here in the UK, civil service incompetence or more likely managerial incompetence!
The April 15 deadline for Americans to pay their federal income taxes is fast approaching, but the US Internal Revenue Service has already missed an important deadline of its own – namely, Microsoft's end-of-support date for Windows XP. Speaking at a budget meeting before the House Subcommittee on Financial Services and …
@David 45 and all
The quote below from the OA encapsulates the problem...
"I would refer to it as we're driving a Model T with a lot of things on top of it," he said. "We are the classic 'fix the airplane while you're flying it' attempt."
Large organisation operating on an annual budget cycle, huge refresh needed whose cost exceeds annual budget by large multiple, cost caused in part by legacy applications depending on the client PC operating system being a specific version.
I personally would like to see standards published for large organisations about their use of IT systems that require them to be 'client agnostic' so that networked applications must not depend on the details of the client computer. We can then slowly migrate all the cube folk over to thin clients.
Getting my coat on now before the downvotes....
The IRS budget has been hammered the last four years by the GOP dominated House in what seems to be a classic case of political payback for the IRS targeting political 501 (c)(4)s.
501(c)(4)s are typically social welfare non-profits, but the 2010 Supreme Court 'Citizens United' ruling cleared the way for corporations to spend unlimited money influencing elections and file for tax exempt status as a 501(c)(4). A major benefit being that donors need not be disclosed as they are in SuperPACs. 501(c) applications more than doubled after Citizens United.
How many PCs does your environment have then?
Oh I see just the one then!
You need to see what's happening in real life, many thousands of PCs that can't be upgraded due to legacy applications!
I was on an NHS site this week with over 2000 XP Pro machines that will 'maybe' upgraded within the next 2 years (no fixed plan)
Nothing will go wrong with them, they are behind a secure firewall, and are still running fine with SP2
Get the PC you trashed out of the bin and re-use it!
It's funny how many think a "firewall" (and I would like to see which FW and with which rules and how often the rules are reviewed and updated...), not even an IDS or something more powerful (i.e. software that locks down what you're actually permitted to do on a machine) is enough to protect them-
It looks they are still protecting themselves from last century worms that uses protocols listening on open ports as attack vectors - as if many Attacks today weren't performed over open ports (HTTP....) using very different attack vectors from browsers to Java to document parsing flaws, and old, always working social engineering trisk. All vectors a firewall won't stop.
But that's a trend I've seen in many IT departments. Securing a network fully requires work, a lot of, and unless performed by skilled people, it can create big issues. Thereby the trend is "let everything as it is, don't touch anything, do just the minimum needed to tell management we had secured the network". I guess there's will be a lot to "laugh at" in the upcoming months.
In most cases the XP machines that can't be economically replaced are so because of one or two specific jobs, and very rarely will that need much, if any, internet access. So a firewall that simply white-lists the things it needs (e.g. NTP and specific IP addresses it needs) will stop most things.
If you can't access web/email on a given machine then it won't get drive-by attacks and also no casual use. If it can't talk to most of the internal machines then such attacks won't spread.
And of course you have disable auto-run on all devices, if not mass storage completely, to stop USB attack vectors on every machine?
Soon it'll just be Computer as a Service (CaaS), the desktop "PC" will be an ultra-fast terminal linked to the MS cloud, which will already have all the data, so using MS cloud programs for everything is logical. Security will be excellent, since only some encrypted keyclicks and such are sent in, and no files are sent out, only encrypted pictures your terminal displays like a TV, unless sent to the MS-approved "local network" printer.
It'll be a bargain at only $500/yr per desktop, as you'll never worry about upgrades or virii, and your "senior IT staff" is reduced to someone who can swap in a new working Ethernet router or terminal unit as needed.
And if all your data and work disappears into the aether two seconds after you failed to make a timely payment without recourse or backup, it's just CaaS.
It's not just that the various government bods have run past the deadline and thus have to spend taxpayer money on 'extended' support, it's that they moving from XP to Win7. So the when support for Win7 runs out, they get to go through the same shite all over again with the badly written, 'must have' closed source apps which can't run on a current OS.
I can understand small companies, like Mr Pott described, running into upgrade problems but government bods, on the scale of the IRS, do have financial clout. What's to stop them from saying, "if you want our contract, you hand over the source code, so if you can't or won't support it, we will"?
And I quote: What's to stop them from saying, "if you want our contract, you hand over the source code, so if you can't or won't support it, we will"?"
Support and government are not same thing. I can't imagine any government agency trying to support an OS themselves. If they could, wouldn't they be using Linux or similar? Nor can I imagine someone who could do that kind of support who would be willing to work for the government at government wages. Yeah.. they can outsource the support but we all know how well that works with government.
"I can't imagine any government agency trying to support an OS themselves."
The OS almost certainly isn't the problem (and if it was then the USG already has the source code and could probably use its waiver on copyright protection). The problem is probably half a dozen "critical apps". The company may have ceased to exist, or failed to keep the source code, or simply be too incompetent to product a working Win7 version. In those cases, source code escrow would be a useful insurance. We're probably talking about fairly small amounts of code, too, compared to an OS.
A budget that size means the agency will spend nearly $800 for each desktop it migrates. By way of comparison, the average price of a brand-new PC was just $544.30 in the third quarter of 2013, the most recent period for which IDC has figures available.
Not that unreasonable then, because as well as buying the base machine, it has to be configured for use and probably also needs licence fees to be paid for all the extra proprietary software being added.
Still, MS have performed a small public service here. $30million off the enforcement budget means some people will escape being audited this year.
Not bad at all for a Fed project per machine, of course there will be cost overruns.
Just replaced the last two XP workstations at a client's this past Thursday, with new Dell Precision LTs w/Windows 7, the 657MB security updates the first run, then moarr, lots moar, A-B-C software for salesperson, then X-Y-Z software for offsite estimator etc, took 4 hours sitting side-by-side (my third HP Elitebook sitting with them)
Looked impressive as hell to the Amish that came in the store...
They were going to do it, had it planned but then there was disaster then Iraq then Afghanistan then Bosnia then Libya then finance sector meltdown then intervention to deal with finance sector meltdown (I think they call it financial easing?) then ... and now potentially there is Ukraine.
So, you see, it has always been on the cards but seriously more important stuff barged it out of the way and gobbled up available capital, reserve and maxed out guvmint borrowing.
Sad, very, very sad?
Planning for it IE scanning all the PCs for differnt patterns of installed apps, building standard images, identifying apps that demands IE 6/7/8/whatever (and re-desinging them so they don't) should have started years ago.
And remeber one small details.
The US Government had no money.
It takes (US readers only) your money to do this.
Care to guess who's paying MS for that extended XP support?
It's always the same argument: legacy applications not supporting a newer OS version. A part of me wants to say "fair enough". But with an EOL heads-up in 2008, and legacy applications which must have been legacy since then, what have their IT departments been doing with taxpayer's money in the meantime?
5+ years isn't too short of a notice for any number of software or hardware products to be replaced. Probably the actual IT guys have been told by management to not be drama queens since they first mentioned it, repeatedly. And now, with custom contracts (presumably not exactly cheap), more money is going to be wasted. In many companies heads would be chopped off for this; not so in the public sector, where they can spend money which isn't theirs anyway...
Yeah I know, some big corporate entities are no better, but at least they are not spending my money.
Often the problem lies in the IT department itself. Often the wrong applications are selected without understanding they are so badly written they will not sustain an OS update. Often buying shining new hardware to play with is were money goes, instead of planning for software obsolescence.
Then there's also the hassle of keeping applications up-to-date, it's always a risk, what if something breaks and everyone yells at you - let the ten years old application run, after all it run until now and no one complained...
And believe me - when Windows 2003 will reach its EOL, we'll see this again....
I'm seeing this already. We have two customers who run SQL 2003 based applications, and the vendors who provide them have no upgrade path to the current verison of SQL for Server 2012 - not without the clients buying SQL 2008 off their own back as an interim step, it seems (I've been out of the loop on this one, and I'm not a SQL guy so I'm not 100% on the details - but my SQL chap assures me it's a big problem).
There are many problems here, long refresh cycles being one of them, but vendors just not giving a toss really doesn't help.
Anyone got any input on the above...? Other than pirating a copy of SQL server 2008 and migrating to that, before migrating to a legit SQL 2012 instance? Does SQL 2012 let you run a 2008 instance as part of it's licensing etc?
A quick bit of googling would suggest that the 32bit to 64bit issue (no upgrade path from 2003 32bit to 2012 64bit) might be the main sticking point...
Blane - yup, sounds like a reasonable plan, although the software vendor expects us (the local techies) to do all the SQLy transition stuff which seems a bit odd to me, given it's their platform.
AC (who isn't me) - you're kidding, right? We're talking a mom 'n' pop operation, not a bluechip, here!
Putting to one side the issue of a late migration from XP, I suspect the main reason both the US and UK governments have done deals, is that they need to have the option to call upon support IF anything actually goes wrong, before the systems are swapped out. It would be very embarrassing if they didn't have support then a service outage happened due to a major previously unreported hole in 2003/XP et al. ...
So I suspect the reason governments and major users are signing support contracts is more for reasons of security and insurance rather than because they believe they are really necessary. Obviously the cost of the 'insurance' is such that it is encouraging these major customers to give priority to migrating away from XP.
The U.S. is very good at pissing away tax payer money. Obama's handouts over the past two terms to companies who took the money and then went bankrupt is well documented. Obama and the clan have taken more paid holidays than any other U.S. President in history. They just keep exploiting tax payers every chance they get. It's quite the disgrace.
Now the software that calculates John Q Publics tax bill is about as proprietary as it gets and I think the one thing that was guaranteed to change was the desktop.
OTOH modern browsers are powerful components that put quite a lot of functionality on the desktop in a way that's portable if properly designed.
Or will we be seeing this mess all over again in 5? 10? years.
(IRS) Microsoft support?
(MS) Yes, how can I help you?
(IRS) We seem to be having issues with some of our computers running Windows XP.
(MS) Sorry, XP has reached end of life and is no longer supported except where extra support fees are to be paid.
(IRS) Sorry, I missed that because the the boss was just asking about scheduling Microsoft and its staff for a tax audit. Could you repeat what you just said?
(MS) Of course. I was asking for a full description of the problem you are experiencing so I can get our staff onto the problem..
Biting the hand that feeds IT © 1998–2019