The US Navy's Warfare Systems Command Just Paid Millions To Stay On Windows XP

itwbennett writes: The Navy relies on a number of legacy applications and programs that are reliant on legacy Windows products,' said Steven Davis, a spokesman for the Space and Naval Warfare Systems Command in San Diego. And that reliance on obsolete technology is costing taxpayers a pretty penny. The Space and Naval Warfare Systems Command, which runs the Navy's communications and information networks, signed a $9.1 million contract earlier this month for continued access to security patches for Windows XP, Office 2003, Exchange 2003 and Windows Server 2003.

Not a bad price

Is it just me, or does that not seem like that bad of a price?

Re:Not a bad price

[Whiteox]

It'll be cheaper for them to buy Windows 10 licences.

Re:Not a bad price

[fustakrakich]

I doubt their hardware will run Windows 10. And more than a few programs might break also. Upgrading would take much more time and money.

Re:Not a bad price

Wasn't the military complex all about POSIX standards? Why are they so suck on a *particular version* of Windows??? ALL of their programs should just recompile and work---and if not, they should charge back the contractors who created those programs!

Re:Not a bad price

Different branches and divisions probably have different needs. The programs are probably purchased as binaries. Staff would need to be changed, software repurchased, data migrated, etc. This isn't unusual, and happens in most large and small companies, not just the military. For the longest time Law practices were stuck in DOS because of the Word Perfect software addons they used, for example. They worked extremely well, so there was no reason to change. 9 million is probably a lot cheaper than retraining all the employees, all the data migrations, hardware upgrades, windows upgrades, etc, etc. They can work on it slowly one department at a time.

Re:Not a bad price

[spongman]

it'll buy you nearly 1 hour of launches from an aircraft carrier.

Re:Not a bad price

[Bert64]

Only, they should have started working on it slowly one department at a time a few years ago...
They will probably end up finishing the migration to something else just before that too becomes unsupported and they're back in the same boat.

Re:Not a bad price

pretty much what i was thinking, plus one more thing...
those had better be god damned good patches :)
no more stuxnet revisited ms, who are you working for?

Re:Not a bad price

[ArmoredDragon]

In the 00's you needed Windows for a lot of stuff...not so much anymore. IMO they ought to just move to xen or vsphere, and try to code a lot of that shit for minimal OSes (CoreOS is looking good) that way when shit needs to be replaced:

- Very little concern for long-term hardware obsolescence
- Can continue using all of the same software
- Only minimal changes will need to be made should your hypervisor stop being supported (mainly just drivers in the guest OS.)
- Sandboxing for better security (which it seems the US government has been lacking lately) even if they fail to patch something.

Hyper-V works as well, however personally I don't like it because it's not only bloated, but it's known to BSOD during e.g. VM migration even with a Windows guest, (this is widely blamed on Microsoft attempting to use better hardware compatibility as a selling point, because they frequently rely on drivers that are often meant for consumer type uses and aren't tested for this kind of thing by their vendors) and it always seems to be several steps behind the competition.

Re:Not a bad price

[Darinbob]

Because it was very very simple to get exemptions from the POSIX standard. It was also very trivial to get exemptions about using Ada as well.

Remember the only reason that Windows NT has a useless POSIX subsystem was so that it could be submitted as being compliant with a wink and a nod. Then later when NT4 went away they probably migrated to XP by claiming that this was cheaper solution than to buy new POSIX systems.

Re:Not a bad price

[SuricouRaven]

The POSIX compatibility is still there - just called 'Windows Services for Unix' now, and quite expanded with new essential utilities. I've never heard of anyone actually using it, but it's there.

Re:Not a bad price

[cbhacking]

XP, being NT, still has the POSIX subsystem. It probably still works with NetBSD's pkgsrc, too.

Also, it's not so useless as you claim; Microsoft themselves used it internally for years to host Hotmail, and right up until Win8.1 it was a viable alternative to Cygwin for anybody with a compatible version of Windows (or who wanted to force it to run anyhow). It handles/handled some things, such as SetUID/SetGID, which Cygwin couldn't (and I believe still can't) emulate, supported case-sensitivity on NTFS (though this could be used to confuse the hell out of Win32 programs), had a couple of different choices of package managers available, and could compile and run most source code intended for *nix systems (third-party compatibility layers added support for some of Linux's extensions to POSIX).

Re:Not a bad price

[DerekLyons]

Nope, if the contract runs it's full length it works out to $270/machine over the next two years.

Re:Not a bad price

[dbIII]

a *particular version* of Windows

Probably the same reason I've got to keep a Win2k system around for a reporting system and a co-worker has Win98SE systems for data aquisition. The new versions are not actually fully backward compatible. Mostly is not good enough when your application is one of the few (or so the advertising says) that does not work on the new platform. WinXP to Vista/7/8 is an especially huge leap with a LOT of stuff that no longer works - think back to the days of Vista when it took well over a year for versions of some software to be developed that would install on Vista. Part of Vista's reputation is deserved but most is just because a lot of software just had not been updated to run on it until long after release.

Re:Not a bad price

[stooo]

>> . The programs are probably purchased as binaries.
Bad practice. Never purchase software without full sources. Especially custom made Software.

Re:Not a bad price

[Darinbob]

Hmm, wikipedia claims it's been removed. It was replaced with what you said, but it uses the "Interix" subsystem. These are not the same thing except for being superficially "POSIX".

The NT POSIX subsystem sat parallel to WIN32 and OS/2 subsystems but had no access to anything inside WIN32. So you could only do basic text based programs, with no networking, no graphics, etc. No one used it because it was useless. It didn't even have useful tools provided. So useless that no wonder Microsoft dumped it and purchased a third party replacement for it.

Re:Not a bad price

[dcw3]

You can't go back and charge contractor many years after they sold you a product.

Re:Not a bad price

[dcw3]

In the 90s, they used to do much more *NIX. But, everyone wanted cheaper COTS products to lower their initial costs. This came at the expense of long term support and security, and left them in the hands of a single vendor...MS.

Re:Not a bad price

[dcw3]

This depends upon if you're planning to purchase continued support or not. Purchasing the source code can raise your costs dramatically...I know of a specific instance where it would have cost the govt. over $100M for proprietary code.

Re:Not a bad price

[rmdingler]

Or. 364 rounds for the Rail Gun

Re:Not a bad price

[Jakune]

It doesn't help that you have people in the government that are used to purchasing Ships... They don't seem to comprehend software, the speed at which it changes, the technology changes, etc... They want to buy a unit of something and then just perform maintenance (if your software breaks you should just be able to add a coat of paint right?).

Re:Not a bad price

[mveloso]

$9m is cheap, and it might have been paid by EDS or whomever their IT contractor is now. The navy spends that much on ketchup every day.

Re:Not a bad price

[currently_awake]

You already have a working system (OS + applications). So long as the software doesn't need access to public networks there is no risk in continuing to use it as is.

Re:Not a bad price

[tlhIngan]

It doesn't help that you have people in the government that are used to purchasing Ships... They don't seem to comprehend software, the speed at which it changes, the technology changes, etc... They want to buy a unit of something and then just perform maintenance (if your software breaks you should just be able to add a coat of paint right?).

Actually, software maintenance is a thing - software needs to be maintained just like a gearbox or an engine or a nuclear reactor. Here they're paying Microsoft to maintain it - effectively Microsoft is a contractor.

And it makes sense too - even in an embedded system, isolated from the internet, there's still opportunities for infection (you still need to get data into and out of the system, and USB keys are stupidly easy ways to update core components.

Heck, infected USB keys was one way the USAF got their drone consoles infected - mission waypoints etc., were stored on USB keys and copied to the consoles (beats hand-entering the data!), and well, there you go.

As for why Windows, well, if someone writes a really specialized piece of software, and you use it, you pretty much are stuck with what OS they use. It doesn't have to be custom development, just a piece of really niche software that you need.

Re:Not a bad price

[Blaskowicz]

I wanted to use it so I can have a shell and grep, less, tail etc. (nothing fancy just desktop use) but I was dismayed that the Windows 7 pro I had installed did not have it. I could have gone over and reinstalled a warez Windows enterprise or ultimate but I did not bother, and switched to full-time linux instead. Well done Microsoft.

Re:Not a bad price

[KGIII]

If they get all the personnel to beta test it then they can get nearly unlimited licenses!

Re:Not a bad price

[KGIII]

It is embarrassing how many times I refreshed (those things happened right after the site went dark for a short time) and twiddled with my add-ons before figuring out it was them. Even worse is the amount of time I spent missing the comments link. That took at least a real five minutes before I figured out that I could click on it. It is like my brain just did not want to accept it. My muscle memory would not allow for changes. This is sad and I am sad.

Re:Not a bad price

[cbhacking]

Yeah, the limiting it to only the highest editions of Windows was stupid. It was in XP Pro, and in all editions of Server, but in anything non-server with an Enterprise or Ultimate SKU, it was only in those editions. You could force it to run, in much the same way you can trick Home editions of Windows so they'll join a domain, but it was a hassle.

For what it's worth, Windows has a built-in grep alternative. Findstr.exe (in System32, so it's in the PATH) has slightly different syntax than grep, but it's generally not too hard to switch between them. Windows also has, and has had since DOS, more (it's actually still called more.com, though it's a full 32-bit or 64-bit Windows application), but it's grossly inferior to the options on anything *nix-like.

No equivalents of tail, sed, ssh, curl, whois, etc. or of course *nix shells (Powershell has some cool tricks but it's not the same thing) without installing recompiled versions, though, and those usually don't work as well anyhow.

Re:Not a bad price

[vandamme]

It'll be cheaper for them to buy Linux licenses, and run XP in a virtual machine.

Re:Not a bad price

[dbIII]

Can you not virtualize them?

Evil fucking hardware "copy protection" dongles in one case. Insanely expensive industrial hardware with no drivers in later versions of MS Windows in another.
However in the general case where you can virtualize them it's still adding a layer of complexity that shouldn't matter, especially when the problem is merely DLL hell of the new library being incompatible with the old and no way of using both. It's a pity nobody has ported WINE to MS Windows to solve that problem, where all you need to do is point the right program at the right library and it's going to work.

Re:Not a bad price

[pfleming]

With the pool of XP users dropping dramatically who is researching and finding the bugs for MS to fix? Do we (now) have to wait for breaches before anyone knows there's a bug?

Yeah

[Greyfox]

They did that with OS/2 back in the day, too. They stayed on OS/2 1.2 a couple years past when the OS expired for everyone else. I guarantee you what they paid for this one was less expensive than changing all the documentation to reflect a later version of windows.

Re:Yeah

[mjm1231]

I guarantee you what they paid for this one was less expensive than changing all the documentation to reflect a later version of windows.

Except, they will still have to do this eventually, and now they are paying for both.

XP? OK. But, Office?

[Duckman5]

Someone help me out here. I can understand why they would be running XP. It was a stable OS and it was used in a lot of embedded systems. They probably don't want to just replace the underlying operating system on a computer running a nuclear submarine or something.

Office, though? What are they doing? Using a mail merge macro to address the nuclear missiles on said submarine? Why the heck can't they just replace that with minimal issues?

At the end of the day, though, I'm not that worried. $9.1 million is a drop in the bucket compared to the nearly $700 billion DoD budget. There's a whole lot more pork in that barrel to be worried about.

Re:XP? OK. But, Office?

[Goetterdaemmerung]

Office 2003 is arguably still the best version of Office. I have co-workers who still use it and I've used pretty much every version since 4. I don't disagree with them, although I have personally transitioned to 2010 for compatibility. Newer versions don't provide much additional usability and make certain things more difficult such as removing the ability to select chart curves directly from the legend. Why??

Re:XP? OK. But, Office?

[Jack+Griffin]

Newer versions don't provide much additional usability and make certain things more difficult such as removing the ability to select chart curves directly from the legend. Why??

Because for those people that need those new features, they are invaluable (note I don't use any of those features myself, but having been a part of a few migrations, with proper training courses for users, the end result was always positive). The people who complain tend to be the ones forced to figure it out themselves and so are frustrated with that, rather than the actual product.

Re:XP? OK. But, Office?

Training costs money, hardware upgrades cost money, software upgrades cost money, technicians to install it all cost money... I think that the general argument is that 9 million is probably a significantly lower cost than upgrading while not offering enough of an advantage to be worth it.

Re:XP? OK. But, Office?

[rtb61]

Now if the government is paying for the full cost of patching and bug fixes, why the fuck haven't they negotiated to release what citizens taxes have already paid for to the citizens that paid for it. Why does M$ get a role out a big ole fuck you to the citizens that paid for that work to be done.

Re:XP? OK. But, Office?

[Mashiki]

Office, though? What are they doing? Using a mail merge macro to address the nuclear missiles on said submarine? Why the heck can't they just replace that with minimal issues?

I know of several government offices that still use Wordperfect 5.1 because it suits their needs perfectly for what they have to do, it would also be more expensive to change over, update all the documentation, and retrain everyone on a new system. Sometimes using something that's existing like that is far cheaper, not always but often enough. There's a realty office that I do work for and they're still using a 2.0 Novell NetWare machine, it does everything that it needs to do.

Re:XP? OK. But, Office?

[ChunderDownunder]

Ribbon hate?

Re:XP? OK. But, Office?

[91degrees]

"Ribbon sucks" is hardly a controversial position. You can come out and admit it with pride!

Re:XP? OK. But, Office?

[rikkards]

We spent the last year doing the same thing and are down to about 400 XP machines out of 110,000. Why 2003? Here is why we didn't
1. Too much inhouse custom crap on user machines to go through the testing cycle to make sure it worked with 2010. Which equals more money spent
2. We are moving users to Windows 7 in a short time why go through Step 1 for practically no gain
3. We have enough protection on the desktop and procedures to not worry about an infection spreading if a machine was hit. Essentially things are locked down enough and monitored enough not to worry too much.
4. Great motivator to get local admins to start moving their users when they are bitching that they want Office 2010.

Organization that big, stability is key and changes are a big deal. We had to pay for support last year for nearly 60,000, now it is a handful of critical machines that can't be migrated due to software yet.

Re:XP? OK. But, Office?

[sensei+moreh]

Not quite my thought exactly, but close enough for government work.

Re:XP? OK. But, Office?

[Big+Hairy+Ian]

Bear in mind the recently decomissioned Space Shuttle still used DOS 3.1 for many systems

Re:XP? OK. But, Office?

[goarilla]

Can't you just disable Aero (choose "basic theme") instead of killing your graphical shell.
You can also try to disable composition on a per application base, see compatibility tab.

Re:XP? OK. But, Office?

[tehcyder]

What are they doing? Using a mail merge macro to address the nuclear missiles on said submarine?

Jesus, Duckman, what part of "Top Secret" don't you understand?

Re:XP? OK. But, Office?

[tehcyder]

Newer versions don't provide much additional usability and make certain things more difficult such as removing the ability to select chart curves directly from the legend.

If that's your only complaint about newer versions of Office, you're a lucky, lucky man.

Re:XP? OK. But, Office?

[Sir+Holo]

I use the most current version of Office (not by choice).

If you know what you're doing, you can make it look and operate exactly the same as Office 2003.

More stupid reporting on SlashDot

"That reliance on obsolete technology is costing the tax payers". Do you have any idea how much it would cost the tax payers to try to *replace* all that embedded technology? Far, far more than $9.1M. I really wish that people wouldn't post articles with such blatant biases and so little background research.

The best thing that Microsoft could do for the world is put Windows 7 into perpetual maintenance and charge $50/year for the product. No more churn to replace hardware and software when they obsolete an old O/S. No more retraining costs to get IT personal who can manage the new O/S which does things just differently enough to trip people up.

At least MS isn't as bad as Apple where the literally force you to buy new hardware along with the new O/S (Ipad 1 anyone?)

Re:More stupid reporting on SlashDot

[OrangeTide]

Maybe we shouldn't have bought the technology in the first place if we had no plan on how to effectively upgrade it.

(I'm an embedded SW engineer)

Re:More stupid reporting on SlashDot

[mlts]

MS would make money hand over fist by doing that. Look at OS/2. There is a company, EComStation still cranking out support and updates for Warp.

The problem is that XPe and other embedded versions can't be upgraded. Try that, and millions of dollars worth of equipment will be rendered into scrap. One can treat XPe like a broken SCADA system and firewall/airgap the living hell out of it, but the best of all worlds is to have MS continue supporting it (for a decent fee) which is a win/win for all parties involved.

This problem isn't going away anytime soon even with future releases. Embedded versions of newer operating systems exist, and when Windows 7 loses support, the same thing will happen.

Ideally, MS should see about a RLTS (really long term support) embedded platform that is intended to be supported for at least 20-50 years. In the past, this couldn't really be done, but now that technology has matured to the point where 20 years from now, we will still have RAM, storage, CPU, and other items, supporting something on a long time scale is possible.

Re:More stupid reporting on SlashDot

[vux984]

The thing that irks me is that once various governments and organizations have "sucked-it-up" and ponied up the "ransom" to keep XP going -- why cant the public at large benefit from this. Especially given that we are the ones literally paying for it.

Once the patches are written, tested, and released why aren't they available on Windows update?

Don't get me wrong, I want XP to die in a fire. Cutting over to Vista onward, embracing 64 bit*, leaving the days of "administrator by default" behind, etc were all good things. But still if my government dropped 9 million bucks to get MS to develop some more security patches for XP; it'd be nice if the lathes at work could have them too.

* (yes, yes, i know xp 64 bit existed. shut up. :)

Re:More stupid reporting on SlashDot

[drkim]

The best thing that Microsoft could do for the world is put Windows 7 into perpetual maintenance

That's sort of what they are doing with the free upgrade to Win10

Re:More stupid reporting on SlashDot

[jaseuk]

I'm sure Microsoft would be happy to negotiate that deal too. It'd probably cost more like $9 billion though.

Jason.

Re:More stupid reporting on SlashDot

[Errol+backfiring]

Do you have any idea how much it would cost the tax payers to try to *replace* all that embedded technology?

A lot less then trying to work around systems that cannot be maintained, let alone be repaired and are therefore utterly broken. Have you any idea how many security leaks their software must have? Even if they upgrade Windows for a few MegaBucks, all the libraries used inside the software remain unpatched. Heck, if somebody from China wants to be anonymous on-line, it is probably easier to do through the US Navy than through any Chinese server.

Re:More stupid reporting on SlashDot

[masterofthumbs]

Because you aren't paying for it. Should Redhat give you free support when other companies are paying for the creation of documentation? Should a Amazon give out all their ebooks for free because someone already bought a copy of one of them? I mean, its already paid for so just give it out for free, right? It's not like these are businesses that rely on paying customers to run or anything stupid like that.

Plus, MS wants to move away from XP. It takes away from their talent pool to work on a 15 year old operating system that very few people actually want to run. Software engineers are wasting not only their hours but their potential working on XP. MS would rather have them work on new things than work on old things and the engineers would rather be coming up with new ideas rather than just patching old mistakes. Anyone looking for stability for current hardware can install 7 no problem so your average business/consumer has no specific need for XP anymore. If they are going to keep patching it, they are going to want a bunch of money to compensate for the time and money sink that it is.

Re:More stupid reporting on SlashDot

[fuzznutz]

It takes away from their talent pool to work on a 15 year old operating system that very few people actually want to run.

Given the installed base that fought tooth and nail to stay on XP even when the end was near, I'd hardly say that few people wanted to run it. You might make that case now since there has been such a long gap since any security updates have been released.

Re:More stupid reporting on SlashDot

[Just+Some+Guy]

At least MS isn't as bad as Apple where the literally force you to buy new hardware along with the new O/S (Ipad 1 anyone?)

You seem to be under the impression that backward and forward hardware compatibility are easy things:

1) That an arbitrary OS could be expected to run well on hardware made many years in the past and many years in the future, and
2) That arbitrary hardware can easily support ancient software.

Suppose you'd said this about DOS. Microsoft should support it in perpetuity! OK, then, but where are you going to buy a mouse today that supports the hardware ports that DOS knows how to handle (or would you think mouse makers would spend the effort to write MTRACKPAD.SYS so that a new Apple Magic Trackpad would work on it)? And it's not exactly free or cheap for a modern i7 to maintain 100% 8088 compatibility.

Conversely, should iOS 9 be expected to run on an original iPhone, with CPUs and GPUs many times slower, an eighth the RAM, a fraction of the storage, and utterly obsolete in many other ways? Even if the minimal core could be made to run, so many features would have to be stripped out (at great development and testing expense) that it'd be pointless.

There are good reasons for dropping compatibility. Software isn't easily made to scale down to ancient predecessors, and hardware leaves stuff behind regularly - I don't have serial ports or ISA slots on this motherboard. It's not plausible for Apple to carry iOS all the way back to hardware that almost no one is using, and it's not realistic for Microsoft to drag Windows 7 all the way forward to hardware that hasn't even been conceived yet. At some point, you just have to let go.

Re:More stupid reporting on SlashDot

[vux984]

Because you aren't paying for it.

Actually, one of my premises, is that as the government is paying for it, we ARE paying for it.

Should a Amazon give out all their ebooks for free because someone already bought a copy of one of them?

When that someone is the governent, then yes? Isn't that what a library is?

It's not like these are businesses that rely on paying customers to run or anything stupid like that.

Again, we are the paying customers.

Plus, MS wants to move away from XP. It takes away from their talent pool to work on a 15 year old operating system that very few people actually want to run.

But Microsoft set a price for doing so, and then it was paid. Its not taking away from anything, its a whole extra revenue stream.

If they are going to keep patching it, they are going to want a bunch of money to compensate for the time and money sink that it is.

Yes. They set a price to compensate themselves for the time it would take to do that, with enough profit built in to motivate them to do it. Then we paid it.

Re:More stupid reporting on SlashDot

[OrangeTide]

At least someone here gets it. Even the industrial stuff is pretty much a figurative duct tape that loses support as soon as the last contract expires. And losing support on this stuff is catastrophic because most embedded SW products need persistent maintenance to keep going. I really do think the poor quality is an elaborate plan to for users to upgrade.

Instead of creating a building that stands for centuries or a machine that works reliably for decades, I get to design software for the technological equivalent of underwear. Sure it might look like a cool phone, tablet or game console, but it ain't meant to last.

Re:More stupid reporting on SlashDot

[WheezyJoe]

At least MS isn't as bad as Apple where the literally force you to buy new hardware along with the new O/S (Ipad 1 anyone?)

A little harsh, there, don't you think? Apple's not literally forcing anyone to buy new hardware. My iPhone 3G (released in 2010, just like the first iPad) is working just fine, even though it's stuck at iOS 6. Pretty good for a 5-year-old consumer product. Do five-year old Android devices run Kit Kat? Any five-year-old Windows phones?

The upcoming release of OS X, just like the current one, supports machines all the way back to 2007 (that's a core 2 duo machine with 1GB RAM).
OTOH, my copy of Windows XP bitches at me every day that it's obsolete and dangerous, and now my Windows 7 machines are prompting me daily to sign up for the wonderful Windows 10 upgrade. To my recollection, no Apple product has put notices in my face like this.

And Microsoft has its own history of rendering hardware useless with each release. Windows 95 could just barely run on a 386, but required 4 megs RAM; windows 98 dumped the 386, and demanded 16 megs RAM and more disk space; windows ME and NT ditched the 486 and demanded 32 megs RAM (minimum) and more disk space; windows 2K required more MHz and more memory and disk space; windows xp required a 233MHz pentium, at least 64mb and 1.5gb disk space; Vista demanded an 800MHz processor, 512mb RAM, 15GB free disk and (dealbreaker for many at the time) a DirectX 9 graphics card; windows 7 bumped that up to a GHz processor, gig ram, 16 GB free disk space and the DirectX card. You could run Windows 8 with 1 GB machine (with the DirectX card), but would you want to?

Bashing Apple is all good where they deserve it, but every tech company leaves old hardware in the landfill. Also, the iPad 1 was a first-generation product; like the first iPhone or first Air, consumer-be-warned. The iPad 2 (2011), OTOH, is still fully supported and will run the upcoming iOS 9. Just sayin' call a spade a spade.

Re:More stupid reporting on SlashDot

[mattack2]

At least MS isn't as bad as Apple where the literally force you to buy new hardware along with the new O/S (Ipad 1 anyone?)

Huh? Your "all that embedded technology" comment likely refers to *old hardware* too. It's (likely) not that they're trying to continue to run XP on completely new hardware... They're trying to run it on whatever ancient hardware (including weird custom peripherals)...

Which is JUST like keeping an original iPad running to run some old iOS app that doesn't run on the current OS on current hardware.

So your slam was completely inaccurate.

Re:More stupid reporting on SlashDot

[masterofthumbs]

Just because the government purchased something doesn't entitle you to its use. You don't get to borrow a navy fighter jet because your taxes helped pay for that. Besides, that $9.1mil is probably based on a certain number of licenses, it doesn't cover you.

Re:More stupid reporting on SlashDot

[vux984]

Just because the government purchased something doesn't entitle you to its use. You don't get to borrow a navy fighter jet because your taxes helped pay for that

That's entirely at the governments discretion, and there's no public benefit to letting me borrow a fighter jet.

Besides, that $9.1mil is probably based on a certain number of licenses, it doesn't cover you.

1) Negotiate a flat rate.

It doesn't affect Microsofts costs. They'll do the updates as long as there is enough money in it for them. How many users is really completely irrelevant. If it costs $5 million to maintain XP then it costs 5 million whether there is 100 users or 300 million of them. We know this. Microsoft knows this.

2) Government makes the rules; so it can change the rules. Copyright is there for the public good. If a company is literally using copyright to deny critical security updates (that they have ALREADY been paid by the governement to develop) then make exceptions to copyright law, and then distribute those changes to the public.

Pass a law to strip security related software patches of copyright protection. Now if the company creates them, anyone one who is licensed for the software can have them. Now, the government wants security patches, and is still willing pay 7 figures to get them; does microsoft pass on the cash? Its still pretty lucrative.

Why not? I write software that I only get paid for once all the time, regardless of how many users it ends up with. For the right price, I don't give a shit about licensing. I got paid upfront. That model can work for security patches.

Yeah, I know it won't happen. But it could... perhaps even should.

Windows XP?

[dunkindave]

Honestly, with the speed they develop and certify critical software in the military, I'm surprised some of these systems are up to Windows XP.

Re:Windows XP?

[Greyfox]

Yeah, IBM would probably have continued to accept the large briefcases full of cash to support OS/2 1.2, and God knows no one would have the experience to hack that shit. But you know, EDS went all windows/citrix and they're (basically) the only guys willing to put up with the bullshit required to do Government contracts, so the Navy had to follow along.. Sure the path was rather bumpy, kind of like when the engine on the plane you're building in midair falls off and lands in a urban neighborhood, but they finally got... somewhere... with it. I guess. Now they're super-up-to-date with that 90's era Citrix solution and they're going to milk that shit for all it's worth.

Re:Windows XP?

[funwithBSD]

2008 IBM was banned from bidding on government contracts with the EPA, and it took until last year before we started seeing significant contracts come back in.

One of which was to do Application Rationalization for SPAWAR, funny enough.

http://www.federalnewsradio.co...

Re:Windows XP?

[KGIII]

http://www.wsj.com/articles/SB...

According to this site (pay-walled) the ban was for a week or so. Am I missing something? You say "we started" which, sort of, implies that you are involved in some way so you may have information that I am unable to access or find. No, I do not pay to subscribe to WSJ or anything. I just happened to check BugMeNot and found out that they have changed since I visited them some many years ago. So, I did a little searching and *tada.wav* I found a password that worked. It was the first try, too. Some company posted the password saying that they got a subscription, here was the user/password, feel free to use it but logout after you are done. I can handle that.

To be fair, $5M of it was to restore

[jpellino]

the XP version of Minesweeper. Apparently they get a lot of use out of that one.

A more accurate summary might be:

[lytlebill]

'The US Navy paid $9.1M to insure that critical systems running an older OS are still supported while they continue to transition away from said older OS, a process that anyone with IT experience knows cannot happen overnight, and sometimes can take years, particularly when it comes to systems with potentially disastrous consequences at risk should you just slap updates on them willy-nilly.'

I do realize that we're talking about post-Dice Slashdot here, but this is one of the lamer website shillings I've seen in a while. Honestly, the article itself isn't nearly as sensational as this clickbait summary would have you believe.

Re:A more accurate summary might be:

[captnjohnny1618]

I'm out of mod points, but...

<3

Re:A more accurate summary might be:

[Jack+Griffin]

You'll never believe what this Government did next!
10 secrets the Military don't want you to know!
This one simple trick made $9 Million!

It's not funny, it's sad.

Re:A more accurate summary might be:

[funwithBSD]

I could say a lot about what happened at SPAWAR and why it is going the way it is going but I can't.

I might say that there was no technical reason and it was all just internal politics, but I could not say that either.

Re:A more accurate summary might be:

[cfalcon]

Eh, my experience is that a lot of things in the military are sold as systems, and that includes the OS that goes along with it. You'd be bitching more if they had to rebuy all their systems, and pay contractors and subcontractors to develop for and test on, the latest windows OS. Since some components still use XP, they will need XP to stay up to date. That's not really a shock.

Again, I want to EMPHASIZE, these aren't just a bunch of desktops with people clicking on shit, or an OS that does a generic job. The whole damned piece is certified for a specific purpose, in many many cases.

This is not government waste, this is the opposite. I mean, everything else in the military is expected to function for more than the fart of a silicon valley billionaire, and paying for maintenance is far cheaper than buying a whole new All The Things.

Re:A more accurate summary might be:

[whoever57]

The US Navy paid $9.1M to insure that critical systems running an older OS are still supported while they continue to transition away from said older OS, a process that anyone with IT experience knows cannot happen overnight, and sometimes can take years,

It's not as if anyone knew years ago that XP would go EOL and a migration would be needed .... oh wait!

More seriously, while this may represent a rational and cost effective solution in this instance, what about the future in which Microsoft will release new versions of Windows more frequently, with consequently shorter lifetimes and less time to migrate than the time available to migrate off XP? What's the plan for more rapid migrations?

Re:A more accurate summary might be:

[whoever57]

Eh, my experience is that a lot of things in the military are sold as systems, and that includes the OS that goes along with it.

So fire, or demote, the idiots who did not plan for a known future event (EOL of XP) when purchasing these systems. That includes the Generals, Admirals, etc..

Re:A more accurate summary might be:

[ChunderDownunder]

And then Windows 8 came out and they decided to wait for Windows 10...

Re:A more accurate summary might be:

[drkim]

Eh, my experience is that a lot of things in the military are sold as systems, and that includes the OS that goes along with it.

So fire, or demote, the idiots who did not plan for a known future event (EOL of XP) when purchasing these systems. That includes the Generals, Admirals, etc..

It's not that easy. If they were migrating the OS and OTC software, it wouldn't be so problematic.
But they run millions of lines of custom code, purpose written for specific devices.
Changing OS would also require rewriting (and testing) all those specially apps.

Re: A more accurate summary might be:

[cyber-vandal]

Would firing them automatically upgrade all the machines?

Re:A more accurate summary might be:

[jaseuk]

Who says they didn't plan to Microsoft for patches?

Jason

Re:A more accurate summary might be:

[liquidsin]

xp was released in 2001. mainline support ended in 2009 and extended support ended over a year ago. sure, they need to insure critical systems stay online but they've known for the better part of a decade that this day was coming. it's maybe "only" nine million dollars, but it's a nine million dollar bandaid on an issue that they'll still need to address in the near future.

Re:A more accurate summary might be:

Eh, my experience is that a lot of things in the military are sold as systems, and that includes the OS that goes along with it.

So fire, or demote, the idiots who did not plan for a known future event (EOL of XP) when purchasing these systems. That includes the Generals, Admirals, etc..

How do you know that they didn't plan for the EOL event when they purchased the systems? They may have even negotiated the payments to MS to keep the security updates going at the time of the original purchase. There are way too many unknowns here for you to impugn the job done by the acquisition team.

Re:A more accurate summary might be:

[whoever57]

Changing OS would also require rewriting (and testing) all those specially apps.

Re-writing and testing the apps to ensure that they continue to run on a fully supported OS should have been in the original contract.

EOL for Windows XP was a known event (if anything, it happened later than expected). Those people who failed to plan for this known event in the acquisition process failed to do their jobs properly.

Re:A more accurate summary might be:

[ToddInSF]

Who says any of the systems are mission critical systems ?

Medical testing devices worth tens of billions ...

Inside thousands of labs all over the world there are testing devices worth tens of billions of dollars running on XP

The OS upgrade path is next to none

Expensive? That's the cost of one hammer

[JoeyRox]

Nails extra

Re:Hey Assholes

[Nyder]

I paid $520 Billion dollars, that's billion with a 'B', to have the most modern and well equipped military in the world. If you're paying Microsoft to keep Exchange 2003 up to day, I am starting to doubt that I'm getting my money's worth here. Hell, when was the last time you even won a war?

I think we won the cold war, but I'm not sure it was a victory for the better.

Re:Hey Assholes

[funwithBSD]

Sometimes the only way to win is to not play the game.

Commander Adama

[goombah99]

Uses DOS just to be safe.

Well to be fair, this really is taking too long

[Sycraft-fu]

Windows EOL dates are known way in advance. 10 years from the date of release. Sometimes they do extend it (they did with XP) but you can plan on a decade. That really is a good amount of time to plan on the lifecycle for your products. It is not too much to say "about once a decade we are going to make sure that our code is up to date and compatible with the current version of windows, and then transition to that". Were you to transition to 8.1, you'd have support until 2023.

While critical systems certainly aren't something to move to a new platform right away, you have plenty of time to do it in. This is just a case of feet dragging.

Re:Well to be fair, this really is taking too long

Plenty of time doesn't always mean there's plenty of budget/money for it.

Back in the early 90's I worked for the company that did the mirrors for the Chandra X-Ray telescope. I remember quite a few years later - the mirrors had shipped out long before but they had to crate up the polishing equipment to send to NASA (since it was all paid for by the govt contract), they were running around looking for... and I'll be as specific as they were... "Dell 386SX 16Mhz machines" (and this was when we I think were buying Pentium 233's as our normal desktop). And a very particular model of Dell 386SX/16 - why you ask? Because they wrote the software to run the polisher based on timing loops (clock/instruction timing mattered) on that specific machine, and the software was certified/validated on that hardware - I could've dug up a couple dozen 386SX/16's for them from a 'junkpile' of old hardware we had, but none of them were that specific Dell machine, so it was no good (I think I did point them to a couple that were running some other special equipment that maybe could be swapped out).

Sure, they could've re-written the software, but it wouldn't have been what actually polished the mirrors, and it would've probably cost them $100K+ to even do and certify it again, for equipment we were sending out the door to some government storage space somewhere anyways (probably right next to the Ark of the Covenant :-P). But, contractually, it had to function when we shipped it.

Re:Well to be fair, this really is taking too long

[swb]

Why follow Microsoft's arbitrary release cycle if you don't have to?

The software they are using is just as functional now as the day it was installed (more so if you count bugfixes installed since) and the system integrations, testing and validation they have done are not inexpensive to repeat with a new operating system because Microsoft stopped supporting something, not because they had to -- but because they need to, to keep revenue flowing.

It's not hard to imagine complex installation scenarios where the cost/benefit of paying for extended security updates is better than replacing the OS, re-engineering third party solutions, fixing problems and so on.

I think your argument is more realistic for prosumers, small business, etc, where the main reintegration task is moving user profiles or replacing an old laser printer because drivers aren't provided for a new OS. Tracking MS release cycles in these environments ends up being easier to do, even if the rationale isn't that the users have/want/need new "features" but that the vendor yanks support after a period of time, even if the system still works as expected.

Re:Well to be fair, this really is taking too long

[masterofthumbs]

Jesus, you'd think someone would have had the foresight to make the code a bit more portable than that.

Danger Will Robinson ..

[nickweller]

'Davis wouldn’t provide more details about the systems or their use, citing cybersecurity policy, but an unclassified Navy document says the Microsoft applications affect “critical command and control systems” on ships and land-based legacy systems. Affected systems are connected to NIPRnet, the U.S. government’s IP network for non-classified information, and SIPRnet, the network for classified information.'

Re:Danger Will Robinson ..

[Kirth]

It was already a problem when they first replaced Unix with Windows:
http://archive.wired.com/scien...

Last secure MS OS?

[NotQuiteReal]

Well, not secure from outside attack, you can defend against that by not putting it on a network... KISS

Maybe everything after XP started phoning home to who knows what "area code" (206, NSA, KGB, unit 61398?)

Doing things right, and doing things cheap are two different things.The presumption was that "COTS" was both... maybe not so much anymore. (BTW the spirit of COTS means OSS is fair game for scrutiny.)

Quis custodiet ipsos custodes?

Re:Last secure MS OS?

[Hognoxious]

OSS? You mean that stuff hippy cormanusts give away?

Cybersecurity policy!?

[rippeltippel]

"Davis wouldn’t provide more details about the systems or their use, citing cybersecurity policy"

...on Windows XP?!

...WTF...

Re:Contract Details

[dbIII]

My question when ever Windows is used. Why ?

That opens up the can of worms of campaign finance money and lobbying.

Re:Medical testing devices worth tens of billions

[LinuxIsGarbage]

WSUSOffline will do what you want:
http://download.wsusoffline.ne...

You need an old version (9.2.1) to get XP support. Basically pick what updates you want, then it will download it, and build it in a form that basically you can double click the installer and it will run the updates.

It's not a hammer

[Overzeetop]

it's not a hammer, it's a manual nail insertion device designed to provide application of no less than 5000 ft-lb of energy to a drawn steel fasteneing device of up to 0.162" in diameter and 3.5" long with swaged or pressed impact points. The design must be such that operation is possible by users which fall within the 20th and 98th percentile for size based on standard American male growth charts for all races. The device shall require low skill level for operation. Item must be maintenance free with no adjustment required for initial or long term operation. All materials shall be sourced in accordance with OPM regulations and include a certificate of authenticity for all natural materials and a certification of chemical composition for all non-natural materials. Chemical composition may be provided by certificates of origin and testing by third parties at the source of material, or through destructive testing and analysis of the 0.1% of the fabricated product quantity per lot. Each lot shall be identified using ONLY the military item number (no commercial numbers or identification shall be allowed), be marked "U.S. Military Use Only", and carry the lot number. Identification shall be integrally cast, impressed, and/or indelibly marked on the item, or on each part of the item if the assembly is separable.

Re:It's not a hammer

[bytesex]

Oh god. Don't *do* that. The nightmares - they keep on coming back!

Re:It's not a hammer

[Overzeetop]

You know full well that's just the executive summary. The actual procurement spec is 143 pages long, excluding the appendices.

Re:Where's my $9mil?

[Overzeetop]

Good point. That does, however, qualify him for being the contract manager on the government side.

Critical systems on Windows?

[bobf0648]

You mean to rell me some of our critical defense systems are running on Windows? BSOD anyone!

Re:Contract Details

[gtall]

Ah....how come companies world-wide rely on MS Malware? Because it does what they need it to do. Yes, it is inelegant, yes it is buggy, yes it is a pile of insecurity that could knock a dead buzzard off a shitwagon at 20 paces. Until recently, there's never really been an alternative. Much of the military is doing the usual kinds of things it takes to keep a large organization functioning, i.e., payroll, retirement plans, accounting, etc.

Wot? That's not related to national security? Yes, it is. That's what it takes to make a large organization into a functioning large organization. And given the size and scope of the weapons systems they must buy (hint, they stopped making their own stuff years and years ago), you wouldn't want it any other way. They are only now getting to where they can produce an audit of their financials.

Wot? They didn't have auditing until now? Nope, they had the same mentality you do. This is the military, they could just whack together systems right? But now they have a new problem. In the past, they were a big enough market unto themselves they could pretty much define what companies will build for them. No longer. The military is not a large enough market for most companies, if they are going to build something, they need to sell it outside the military as well. So, now take Congressional mandates into the equation where product providers cannot be shown preference. How do you get software for over 1 million people? You cannot farm it out to several companies, the software won't work together. By the time you get the software, install it, train people, and use it, you have a large sunk cost. Redoing that every 5-10 years is beyond expensive.

Why not Share?

[hduff]

My tax dollars are paying for the updates. Why can't the government share them?

no suprise

[BurgEnder]

a lot of outfits, including governments, run platforms as long as they can. see http://www.geek.com/news/commo...

In other news...

[Kythe]

The U.S. Office of Personnel Management continues its contract for Windows 3.1 support.

Better than paying to upgrade to Windows 8.1

[QuietLagoon]

It looks like a sound decision to me. What's the current alternative? The fiasco known as Windows 8 and its attempted fix Windows 8.1? In the military documentation is critical. How much would it have cost to replace all of the Windows XP documentation?

.
imo, it was a good decision, ==provided== there will be an effort to start moving off of Windows XP and on to a more sustainable environment than Windows.

wow about time.

[AgNO3]

Finally the update from NT.

And I'd be willing to bet

[kilodelta]

It isn't just the U.S. Navy, but the IRS and a bunch of other government offices that are still on XP for legacy reasons. Let's face it, Vista was an abortion from the get go, and Windows 8 wasn't much better. In fact every even numbered OS from Microsoft is horrid. Hence why business uses Windows 7 now.

Exactly!

For what they have now, there isn't really any better choice.

I've been in a similar situation working in telecom. My boss asked me to come up with a plan to replace WinXP with Linux a few years ago. This was for only 25K people, but the software running on the machines was highly specialized - we aren't talking normal desktops here. Think "device testing equipment and software to interface with it."

For us, the cost of WinXP licenses was just under $5M - peanuts - compared to the cost and time to migrate all the other custom software to Linux. Much of the interfaces were provided by 2rd parties for HW API access and that software ran $25M each - we had about 20-25 different SW packages like that. Basically, it was a very costly project and as long as phones are in grandma's house and people use 128Kbps DSL and ISDN connections, those tools will be required. I'd guess about another 20 yrs from today.

$9M/yr is a bargain when you start looking at these numbers.

So, I left that job and I've been a full-time Linux user and server guy for almost a decade now. I still think that decision was correct and I don't have a big issue with NWS paying for this either. I wish they'd used Linux initially and think all new systems deployed so mandate F/LOSS and open data formats.

Re:I WANT TO PAY MORE FOR XP

[guytoronto]

You're using a tablet with 1GB of RAM as your main computer? You want to run a 13yo operating system? XP Tablet edition? You are the very definition of a stubborn old man.

Re:WordPerfect 5.1

[rvw]

Office 2003 is arguably still the best version of Office. I have co-workers who still use it and I've used pretty much every version since 4. I don't disagree with them, although I have personally transitioned to 2010 for compatibility. Newer versions don't provide much additional usability and make certain things more difficult such as removing the ability to select chart curves directly from the legend. Why??

WordPerfect 5.1 baby, WordPerfect 5.1. "Reveal codes" is/was the most useful feature ever.

I agree - it was really cool to cleanup the mess it sometimes created. You can do this in Office as well. Unzip the docx, and with a proper XML editor you can do anything. Except.... the mess MS has made of that XML is unbelievable. The logic behind it seems to be to make it as difficult as possible to edit this manually.

Re:Hey Assholes

[funwithBSD]

Thermonuclear chess?

Computers are just components to Navy

[laughingskeptic]

The Navy purchases computers as parts of much larger systems, often ships. These things get assembled and their expected lifetime is much longer that the technology cycles we enjoy outside of their domain. Refit schedules are not driven by the computers on board but rather by much larger, more expensive and longer lived components like diesel motors. The Navy is just in the last couple of years starting to move some of their onboard computer systems to what they refer to as "Carry On" components. There are probably ships in the fleet that have 25 year old electronics on them because these components weren't ever expected to be replaced.

Re:Hey Assholes

[OrangeTide]

It was $520 B in 2014 alone. What does that have to do with a Cold War that has been over for decades?

Why didn't they just use the registry patch?

[laing]

Here.

Re:Medical testing devices worth tens of billions

[kthreadd]

Inside thousands of labs all over the world there are testing devices worth tens of billions of dollars running on XP

The OS upgrade path is next to none

You don't update software on medical equipment anyway. That thing would have to be recertified.

Not a new problem at the Navy

[rickb928]

The NMCI was supposed to be a manageable intranet, with the Initiative back in 2000 the first step, identifying apps, updating systems, blah blah blah.

Sort of got done. Sort of. The history of the NMCI is a study in vendor management, high expectations, and bureaucracy.

Ah, yes, SPAWAR

[jtara]

Ah, yes, SPAWAR...

Where wrinkly old generals sit around in a hot tub all day discussing their war plans.

At least that was my first thought when I moved to San Diego years ago and first spotted the sign on the huge complex.

Trivia: during WWI, the building they are housed in was an aircraft factory. The factory roof and nets covering adjacent Pacific Highway had painted scenery to fool an errant Japanese bombers.

Millions of mom-and-pop businesses thank SPAWAR for enabling their old inventory system sitting in the corner running on a PC-AT to continue to function!

Re:Ah, yes, SPAWAR

[jtara]

Eek, typo. Of course, WWII, not WWI!

... and electron microscopes

[jtara]

Yes, plenty of other stuff like this as well.

A friend who is a Materials Scientist rues the day that they updated his electron microscope from Win XP to Windows 7 (or 8, forget which).

Federal Project?

[ramriot]

So I'm not raising the efficacy or exonomy of sticking with XP or not, if the navy wants to pay Microsoft for security patches instead of upgrading then that is fine.

No my question is, are the security patches the navy will get a federally paid for publishable items?

If they are then that means under current rules, once a piece of code is published to the navy, unless it is covered by a security mark then they and/or Microsoft is required to disclose it. Now this may not make financial sense to the big M, but how many times over are they willing to get paid for the same patch on an old OS.

I say, once the navy or any federal department who is paying for patches gets them then they should be released for public consumption, free of charge.

You can buy a lot of Linux drivers

[vandamme]

...for 9 meelion bucks.