back to article HORDES OF CLING-ONS menace UK.gov IT estate as special WinXP support ends

UK government departments still running Windows XP are now doing so entirely on their own. A framework support agreement between the Crown and Microsoft guaranteeing the release of special security patches for PCs still on Windows XP has ended after one year. That deal - revealed here - expired on April 14 and it’s been …

  1. John Crisp

    Bugger

    said David Cameron.

    I thought we could blame Labour for the Balls up.

    Now they're both gone.... :-)

  2. Sproing
    WTF?

    err, what?

    'That includes applying existing Windows XP security patches, antivirus updates, “heightened security vigilance,” escalated security procedure and “reinforced staff awareness on security risks,” '

    Seriously? They are now getting around to applying the fixes that have been released? And updating anti-virus? The business of not having a comprehensive security policy is pretty much standard ( alkthough deplorable ).

    OK, I appreciate patches et al need to be tested against the apps they already have, assuming we're not looking at standard desktops here, but oh dear oh dear oh dear ....

    1. Anonymous Coward
      Anonymous Coward

      Re: err, what?

      This was the bit that also caught my eye for the same reasons...

      However, I strongly suspect that actually this was just 'PR' speak and that I would have expected this to be going on anyway.

      1. Sproing

        Re: err, what?

        Perhaps driven by PR mouthpieces, but it reads like a canned quote from somebody at least exposed to the process. Pure PR would be stating that it'll all be fine once they refrobulate the reciprocating flangulator

        1. Anonymous Coward
          Anonymous Coward

          Re: err, what?

          In which case I will offer my services. I have extensive experience in Refrobulation and indeed, was instrumental in designing many Reciprocating Flangulators.

          1. Alister Silver badge

            Re: err, what?

            In which case I will offer my services. I have extensive experience in Refrobulation and indeed, was instrumental in designing many Reciprocating Flangulators.

            Ah, I'm glad to hear it, I've been having terrible trouble with the elliptical cam gradually sliding up the beam shaft and catching on the flange rebate, with disastrous results as you can no doubt imagine.

            1. Rich 11 Silver badge

              Re: err, what?

              Just reverse the polarity of the neutron flow. That'll fix it.

              1. Trigonoceps occipitalis

                Re: err, what?

                I'm always intrigued as to how a neutron (the clue is in the name) can have a polarity.

                1. Irony Deficient

                  Re: err, what?

                  Trigonoceps occipitalis, the original tron („Alttron“ auf Deutsch) didn’t have one, but the new and improved tron („Neutron“) fixed that.

                2. Captain DaFt

                  Re: err, what?

                  "I'm always intrigued as to how a neutron (the clue is in the name) can have a polarity."

                  Typical mistake. It's the polarity of the neutron flow/flux, not the neutrons. Horizontal, radial, circular polarizations are possible, either flowing toward a set point, or away from it.

                  More information here: https://youtu.be/i-jdhorGtQI

                  (Yes, I'm in a silly mood, it's POETS* Day!)

                  *Put Off Everything, Tomorrows Saturday!

            2. Anonymous Coward
              Anonymous Coward

              @Alister Re: err, what?

              What you need is a knurled object to prevent that happening.- you screw it on the protrusion there, you should see a thread for it.

          2. ma1010 Silver badge
            Gimp

            Re: err, what?

            Well, as long as none of the flayrods have gone out of skew on the treadle, that's okay.

  3. Anonymous Coward
    Anonymous Coward

    I wonder how...

    I can't possibly fathom how they are planning to upgrade existing estate to Windows 8.1. A lot of the hardware is so antiquated that it struggles to run Windows XP. A lot of the machines are 32-bit Dell desktops made around 15 years ago, with only 2 GB of RAM. Good luck upgrading those. I wonder if Met is planning to replace all of the hardware before upgrading the OS. Where's the money coming from?

    1. codejunky Silver badge

      Re: I wonder how...

      Without being a fanboi I have to say those machines should be moved to linux. Even the latest and supported versions work on such small hardware.

      1. John Gamble

        Re: I wonder how...

        "Without being a fanboi I have to say those machines should be moved to linux."

        Yeah, even as a FreeBSD guy I'd have to say, "move them to Mint and be done with it." If these machines are used mostly for word processing and spreadsheets, it should be a relatively painless transfer.

  4. John Robson Silver badge

    "Best option"

    Is probably a return to paper and pencil...

  5. This post has been deleted by its author

  6. Anonymous Coward
    Anonymous Coward

    well i updated4 to win7 this morning. only about 2000 to go...

  7. SecretSonOfHG

    "the ability to isolate devices from external connection"

    For the uninitiated it may look like a high tech and sophisticated activity or procedure. It isn't.

    It if refers to the internet connection, that means simply "setting up a firewall rule" If it refers to the network connection, it is really a fancy name for "unplugging the network cable"

    1. Doctor Syntax Silver badge

      Re: "the ability to isolate devices from external connection"

      It might not be so trivial if the PC needs to continue to need a LAN connection, even if it's only to a shared printer, whilst other PCs on the premises need an internet connection.

      1. Anonymous Coward
        Anonymous Coward

        Re: "the ability to isolate devices from external connection"

        Generally, the issue is not "replacing an XP Box", it's that the XP box is acting as a controller for a multi million pound scanner (MRI, ultrasound etc) with an in service lifetime longer than many peoples careers.

        I recall we had one such issue with AED firmware updates when I was working for the NHS. The company who made the machines went out of business because basically the machines last for ages in service so they didn't sell enough to keep trading. They occasionally need firmware updates (deciding when to/not to apply a shock based on updated guidence etc IIRC) which is fine, a third party can produce those. The "not fine" part is that the program that updates the firmware runs under XP, and didn't work on later OS's and apparently couldn't be reverse engineered. Keep an XP box for this purpose or either withdraw or replace all of the AED's in the county at a cost of £How****ingMuch?

        Personally, i'd be surprised if there isin't a couple of thousand XP boxes around controlling expensive things in 20 years time.

        One other thing- every NHS trust is operationally independant. One trust might have 80% of their machines left on XP, but that trust might represent one hospital rather than a county, and trusts do not have any direct connection to each other with the exception of the internet connection. See how many counties you can find with much less than a dozen seperate NHS trusts!

        1. Anonymous Coward
          Anonymous Coward

          Re: "the ability to isolate devices from external connection"

          The other problem is that we install Evolution Maternity, SimMan, TheatreMan, BigHand, Wash Control, Prescribe on shiney shiney Win7/Win8 boxes and it refuses to work. Kudos to EMIS and SystmOne for being ahead of the crowd and ensuring they work on Win7/8.

        2. Loud Speaker

          Re: "the ability to isolate devices from external connection"

          I have a very expensive embroidery machine which needs software that only runs on XP and needs real serial and parallel ports. The manufacturers of the machine no longer support it (it predates Y2k). I keep an laptop to drive it. I do not have any reason to connect it to the Internet (and the laptop has no Wifi).<p>

          It will probably run for another 30 years. I have driven 30 year old cars, and they rust. The embrodery machine and laptop are at a relatively constant temperature and medium humidity may last a good 100 years. You can easily buy 100 year old sewing machines in GWO on Ebay. <p>

          However, I have learned my lesson: If it is infrastructure, software has to be Open Source. There is no alternative.

        3. Anonymous Coward
          Anonymous Coward

          Re: "the ability to isolate devices from external connection"

          > The company who made the machines went out of business because basically the machines last for ages in service so they didn't sell enough to keep trading.

          And here is why, much as the technically inclined amongst us may hate them, occasionally we do need someone with a clue about businesses to err... run a business. :-b

  8. M7S

    Surely it is not beyond the wit of HMG

    with all the IT talent at their disposal (and we understand that there's quite a few specialising in the security of OS and applications) could HMG not write, or adapt from FOSS, an OS and the relevant "office" type applications that suit the needs of the public sector (after all like everyone else they probably dont need 99% of the features of Word etc) that is lightweight, secure and can run on older hardware to extend its value to the taxpayer?

    If they did something that was relatively uniform across the public sector (with perhaps department specific bolt-ons or applications) then this could reduce the re-training costs as people move around in public service. With most of the unnecessary features removed it might also be secure for the processing of all that data on us and the services they provide us.

    If it was sufficiently robust, there might even be a take-up for either home users with old kit who only do the odd bit of browsing, email and the odd bit of basic documents (tax return, renewing car VEL etc) and even, perhaps if certified by CESG or whoever, businesses, for a small fee?

    1. Peter2 Silver badge

      Re: Surely it is not beyond the wit of HMG

      Are you really suggesting a massive IT Project to save money with the governments record on massive IT Projects "to save the taxpayer money"?

      1. Anonymous Coward
        Anonymous Coward

        Re: Surely it is not beyond the wit of HMG

        Just because someone else suggested a massive trough to feed at doesn't mean there won't be room for others....

    2. Loud Speaker

      Re: Surely it is not beyond the wit of HMG

      How about an update of fvwm95?

  9. Boris the Cockroach Silver badge

    The NHS

    problem is much like mine in the industrial arena.

    The machines were bought to go with high tech scanners/x-rays/other multi-million pound pieces of kit and the software written to run on XP.

    Get rid of the XP machine and replace it with a win8 and all of a sudden 5 million pounds of kit is rendered useless.

    1. Sproing

      Re: The NHS

      Software maintenance clause in the contract?

      What am I thinking, silly me, perhaps a lie down in a darkened room ...

      1. Richard Jones 1
        WTF?

        Re: The NHS

        While I should not speak for others, I believe that in many cases the specialised equipment is such that there are few makers and each machine is something of a one off. If it was assembled a while ago, even for that matter last month, the team producing it may not exist any longer, so rewriting the software for some new whiz-bang down stream OS may not be entirely optional. Using a component that is so easily subject to marketing pressure, (such as an OS) is the flaw. When I was buying equipment (not for the NHS) we demanded a continuity of supply and support for the software that ran the things.

        The tiny issue in, for example the NHS, is that the software, whatever it is, probably does still run the unit perfectly well, it is just that the interfaces may no longer be so safe. Perhaps one solution is to isolate any connections and apply skill to that aspect and only that aspect. Thus being able to continue running the MRI scans or whatever. Having seen that style of work done and done it myself in other domains, workable solutions can be created that way. This does not excuse 30,000 plus machine estates all being run that way.

    2. thames

      Re: The NHS

      @Boris the Cockroach - "problem is much like mine in the industrial arena."

      I was involved in commissioning a new machine in a factory a while ago. It used a PC running Windows 2000, which at the time had just had support terminated. I asked the rep from the company which made it about that, and he was shocked and dismayed to hear this. It was their latest model. They had just got the design to work properly. Damn this Microsoft for doing things like this to them. Anyway, it wasn't their responsibility, since they just buy the PC from someone else and stick it in their machine ($100,000 plus) and load their software on it. Shrug, what can you do anyway? Now let me show you the interface to the conveyor system. There were only two or three companies in the entire world which made that sort of equipment, and the others weren't any better.

      Oh, and the biggest company in the industrial automation market (who shall remain nameless, but they're a giant whom you've all heard of) had one of their premier software products running on CP/M in an emulator which ran on MS-DOS, which ran in a compatibility box on Windows. Finding a PC which still had a serial port which was compatible with it (USB serial converters didn't work) was a pain in the arse. A very large chunk of the world's factories, utilities, water systems, etc. was run by their hardware.

      Long term support for our software? Oh, yeah, we've got this new product you ought to buy. Just rip the guts out of your factory (power plant, water supply, etc.) and replace it all with our new stuff.

      1. x 7

        Re: The NHS

        I had a couple of interesting antiques last year which I had to resurrect

        One was running DOS5 and driving the software in a milking parlour. The shed had been hit by lightening, blowing the PC and the lead time on migrating to newer software was too long. I had to scrounge bits from the local recycling centre to get a working replacement.....Socket 7 with an AMD CPU was best I could do.

        The other was a special machine for ophthalmic tests which used an AT motherboard and ran DOS6. CPU fan had failed cooking the CPU. Luckily the motherboard was OK, so another scrounging session found a Cyrix CPU

        In both cases the machines were independent, not networked and simply did the job they were designed to do.

  10. frank ly Silver badge

    So pleased with themselves

    Those behind the deal boasted it would lead to “projected savings in excess” of £20m against “standard” pricing.

    Translation: "They tried to screw us massively, but we only let them screw us a little bit."

  11. Anonymous Coward
    Anonymous Coward

    unless they cough up their own cash

    ITYM

    "unless they cough up our cash"

  12. JeffHome
    Windows

    Really?!

    > NHS England has admitted to The Reg it does not keep records or numbers of PCs still running Windows XP

    That's got to be a whole load of made up toss right there. Of course they keep records. Of course they know. Maybe what they meant to say was "We are not willing to embarrass ourselves by admitting to how many PCs are still running Windows XP in our organisation". There, fixed it for you.

    1. Anonymous Coward
      Anonymous Coward

      Re: Really?!

      No, they don't just make it up. There is not really any such thing as "The NHS". It's simply not one orginisation as some people seem to beleive. People understand depressingly little about how the NHS is ran at the moment, despite having strong opinions about how it should be run.

      "The NHS" was created after WW2 as a billing structure so that existing healthcare providers could provide care and just bill "the NHS". It largely remains this way, more of a bodged franchise who's providers bill it than an single designed orginisation. NHS England will likely have less idea of how many of their franchises have XP PC's than McDonalds. Yes, this is outright insane and nobody would ever design a system like this, however this is the situation and nobody can change it without cries of "SAVE THE NHS!!!!1!1!!" from political parties.

      As noted, NHS England is a billing structure for around ten thousand seperate entities that bill the taxpayer for it's services. Each has it's own network, computers IT staff etc, with a fairly minimal amount of interoperability via N3, which allows access to the NHS spine if you have a smartcard issued by your local Registration Authority which gives you the minimum level of access that is clinically required to do your work.

      Your hospital is almost certainly it's own trust, which means that it does the heathcare you require and then sends a bill upwards for the treatment provided. Your GP is the best part of the NHS right? Did you know he's actually a completely seperate (for profit) business just billing the local trust for the work he does? No? Your hardly alone. FYI your local trust also probably offers clinics etc that you can go to (in direct competition with your GP) because they can run the clinic and do the work directly, thereby avoiding paying the GP their standard rates for the work.

      I could spend all afternoon writing about the absurdaties, but please do a bit of reading and cease listening to the politicians. I would respectfully suggest that they are not the best source of information!

    2. BinkyTheMagicPaperclip Silver badge

      Re: Really?!

      Nope, read the article :

      'NHS Scotland, like NHS England, is not responsible for leading or forcing IT strategy at a grass-roots level.'

      The trusts know. NHS England doesn't.

    3. x 7

      Re: Really?!

      "Of course they keep records. Of course they know."

      No they don't. Part of my job role is to survey sites and inform the CCGs and CSUs just what they have where. Believe me, it usually comes as a shock

      1. Anonymous Coward
        Anonymous Coward

        Re: Really?!

        "PC149285? No, we don't have that. Sheila used to use that one, she left five years ago. I think X-Ray might have that now"

        About 10% of the machines on my spreadsheets I try to track down I have to write off as impossible to find. They will turn up in a cupboard somewhere during the Win12 rollouts in 12 years' time.

  13. Anonymous Coward
    Anonymous Coward

    Police Scotland

    are shifting to Win 8.1 later this year once the i6 programme goes live.

    1. x 7

      Re: Police Scotland

      Presumably with an upgrade to Office at the same time?

      Have they checked their pro-forma documents work in the new setup?

      1. Oldfogey

        Re: Police Scotland

        And why would they need to upgrade Office?

        1. x 7

          Re: Police Scotland

          because 2003 isn't supported now.......while MS are doing their best to kill of 2007 - which doesn't seem to play nice with Win8 anyway

  14. x 7

    congratulations on the title

    another name for an anal "cling-on" is a "winnit" or "win-it"

    did you know?

  15. Roger Mew

    Frankly if they are still using XP it is probable that the machines are in excess of 5 years old. Even I find that old machines are slow. However, why are they not going to android/ ubuntu or one of the free systems, their machines are not normally likely to download stuff, therefore the reasons I use MS are not valid.

    Still its only our money they are wasting, timewise and software wise.

    1. x 7

      "However, why are they not going to android/ ubuntu or one of the free systems, their machines are not normally likely to download stuff,"

      Because the applications and databases are all windows based. And most need to access "The Spine" - the NHS data backbone. So yes, they do download stuff

    2. Sandtitz Silver badge
      Thumb Up

      "it is probable that the machines are in excess of 5 years old. Even I find that old machines are slow."

      I have no problem with a 5-year-old computer unless it was already a budget computer to begin with (with a CPU < i3 or equivalent AMD). Just replace the HDD with an SSD and the computer is fine for general use for NHS/Police/whatever. A 128GB (or even 64GB) SSD is plenty for most office work and cost much less than replacing the whole computer.

  16. Anonymous Coward
    Anonymous Coward

    I've got a customer running a Windows 98 PC because the machine it controls is faultless but the controller software won't run on 'modern' OS's like XP

  17. Henry Wertz 1 Gold badge

    Real requirements, and WebPOS?

    "A lot of the hardware is so antiquated that it struggles to run Windows XP. A lot of the machines are 32-bit Dell desktops made around 15 years ago, with only 2 GB of RAM"

    2GB? You're kidding right? That's plenty of RAM to *not* "struggle" to run XP, and plenty for Windows 7 or 8 too AFAIK. That said, they've probably got systems with like 512MB or even 256MB, that'll be the problem systems.

    If I were these guys, I would just do the registry entry (google it) to get updates for "Windows POSReady 2009" -- voila! -- since they were still selling, basically, Windows XP up through 2009, they are roped into providing Windows XP updates through 2019.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019