Slashdot Mirror
Slashdot Asks: In the Wake Of Ransomware Attacks, Should Tech Companies Change Policies To Support Older OSs Indefinitely?
In the aftermath of ransomware spread over the weekend, Zeynep Tufekci, an associate professor at the School of Information and Library Science at the University of North Carolina, writes an opinion piece for The New York Times: At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, "pay extra money to us or we will withhold critical security updates" can be seen as its own form of ransomware. In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms. However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more. Microsoft supported Windows XP for over a decade before finally putting it to sleep. In the wake of ransomware attacks, it stepped forward to release a patch -- a move that has been lauded by columnists. That said, do you folks think it should continue to push security updates to older operating systems as well?
No. You can't support legacy software forever. If your customers choose to stay with it past it's notified EOL then they are SOL. Any company using XP that got hit by this can only blame themselves.
this did not need to be fixed with an OS patch, it could have been prevented with better network security policies. I would be surprised if someone hadn't said something about addressing the vulnerability earlier but probably got ignored because of some budgetary issue.
It would be more reasonable to call for continued money to be made available to address these vulnerabilities after a system has gone into production and a move to use more open source solutions where users can share patches
Nullius in verba
Should they go back and patch Win95 while they're at it? Make Win386 rock-solid in the face of current virii and ransomware?
By that same logic, you could insist that Ford go back and install safety glass and airbags on any existing Model T's still running.
The simple fact is that OS's are a treadmill. It's a not a typewriter that you buy once and use until it breaks.
Look, I think OS firms *should* support 'the last few versions' - say whatever was current 10 years ago (ie in MS's case, Win2007). But to go back further, or to MANDATE that?
If you can't be bothered to run reasonably current OSs, then you're going to be as safe as you deserve.
-Styopa
... have policies in place that prevent mission-critical systems from being proprietary, dependent on one vendor, insecure, not updated and open to being messed up by clueless users who click on links and download and install everything they can lay their hands on.
Also they should all have in place: Up and running intrusion detection on their intranets, regular automated overturning backups and regularly tested zero-fuss disaster recovery. Have all that in place and you wouldn't even notice WannaCry.
Extra brownie points for building and maintaining all that with FOSS systems and giving back to the community.
WannaCry happened because of Windows which is in its sorry state because MS doesn't want to help users, they want to sell software or - better yet - software subscriptions.
My 2 cents.
We suffer more in our imagination than in reality. - Seneca
Microsoft proved it - they released an emergency patch for XP, Server 2003, and Windows 8. So I'd say that's evidence enough that yes, they should support it forever. :)
That is dumb as all hell.
How many programmers are out there? And they're all super-geniuses according to their universities and HR departments?
How can there be so many flaws and errors?
Is it your fault for coding it or the person's for knowingly continuing to operate a machine hosting it?
Trick question: it's both. Microsoft should support security patches for all of its OSes indefinitely no matter how much they scream about the cost and people found to be out of compliance with security patches should be held responsible. We might be looking at the death of Windows writ large.
No problems to report.
It still lives in hearts of many IoT devices and especially as embedded OS in all the printers, copiers, ATMs, and hell knows where else, showing that all-too-familiar red box with cross on top right corners on displays of all these devices, notwithstanding all the familiar WinXP warning and dialogue boxes.
I honestly can't figure out where I fall on this. I would say for major security issues, yes, though the cutoff should be when production use of that OS get below a certain point, which should be easily monitored, and I don't think XP went below that.
In any event, that an organization the size of NHS, quite literally one of the largest employers on the planet, did such a poor job on security is disgraceful, especially considering how internetworked all their stuff was.
When you say "should", the real question is whether we are talking about a moral or a legal obligation. One could make a case for a moral obligation: Microsoft charge plenty for their software, they have the resources and know-how to provide these patches, and it is such a widely used system that there are likely to be cases where clients have a good reason to stick to the old OS. Patching that stuff benefits everyone.
But I'd be very wary of making this a legal obligation. Especially since obligation implies liability when things go south. I know that some folks would love to see software manufacturers held responsible for screw-ups in their code, but if that is extended to ancient versions, software could become expensive since you're be on the hook for supporting each version in perpetuity. As a software developer, that's not a welcoming prospect.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Indefinitely? No, only as long as they want to keep their copyright/patent privileges on those systems.
“He’s not deformed, he’s just drunk!”
Instead people should request source code in industrial contexts. The thing is, Software development is a service therefore software is a service . selling software as a product is the main error in these cases.
How about orgs transition to new platforms and patch in a timely fashion? How about outside IT vendors upgrade their shitty software to work on something newer than XP?
We had some cheque signing software demo'd and they wanted us installing unsigned drivers and all the shenanigans that involves. Or the HR company that wanted us to install Flash on all our workstations and terminal servers so endusers could take quizzes. How about not demanding I decrease security for your shitty solution?
My work has the legacy patches ready for deployment even though WinXP, Win8 and Win2K3 systems got banished from the network last year. Never know when a tech is going to plug a decommissioned system into the network without verifying that it has a current Windows OS.
There's only so long you can reasonably expect support on older products. What should change is:
1. Stop using Windows for security sensitive applications.
2. Hire people to build secure systems who know how to build secure systems. Listen to them.
3. Don't volunteer for vendor lock-in. The mass Windows groupthink of the 80's and 90's was born out of incompetence. Think about the future, not just the immediate moment.
4. People who can only think in terms of "which choice requires me to understand less?" should not be in charge of decision making.
5. Air-gap the most critical systems. (Dear god, please don't let some clueless idiot post Stuxnet as if that somehow invalidates this point).
6. Keep systems up to date with latest security patches.
7. Hire technically literate staff when it is required for them to deal with technology. Anyone downloading and clicking on "CuteKittens.jpg.exe" is not competent to be let near computing devices.
Seriously? Support products indefinitely? Why don't we just add an amendment to the constitution that forbids discontinuing obsolete products?
Of course not.
Most of the ransomware could be stopped by the use of proper backup's, firewalls, networking and IDS / IPS software. Instead of companies like Microsoft supporting old software stacks, they should only be required to release updates for the current systems and rely on the IT of the companies who use their product, to properly secure themselves.
That is simply unreasonable. On the contrary, going forward all OS's should have mandatory secure encrypted back-up. Windows should take the 500 gb hard drive on your new cheap PC, split it in half, and use half of it as a admin-only accessible separate back-up drive. Then companies and individuals should upgrade their computer OS's.
A significant number of 7 and 8 users have and will continue taking their chances using legacy software.
I am one of them. I have been a diehard Windows user since the days of 3.1. While I can use Linux, I'm no evangelist with a 10-bashing agenda. I prefer Windows.
10, however, it completely unacceptable. I will never accept mandatory telemetry, desktop advertising, or extensive cloud integration. You may want it, I don't, and we're free to disagree.
I am currently using 7 in a watch-and-wait mode, putting off until the last minute the decision over whether I will be switching to Apple or to Linux with Photoshop running in a VM. I don't want to have to choose. Windows 7/8 is clearly superior for my use case.
It is a tough decision because Microsoft used to make great operating systems until they were laced with mandatory, anti-user antifeatures.
I know this is not the best security practice, however I will take my chances on 7 before I accept the mandatory intrusion on 10.
force by law opening non supported operating systems
end of story , why do i need ot keep updating to garbage phone operating system I DO NOT NEED
All of these problems crop up because of the conflict between wanting software that Just Works(tm) and wanting to be on the Internet. It's probably time that we started setting up networks where each computer has a separate, dedicate piece of hardware that handles security. A little crossover-switch that's kept up-to-date, or, in big enterprise deployments like this can be upgraded without interrupting whatever software application they have that's still running on something old.
"[We'll be] really getting inside your head and making it an unpleasant place to be" -- Trent Reznor
Given the copyright protection supplied by society during the support phase, the company ought to be forced to transfer the operating system to the public domain under GPL fully documented so it can supported by any organization like all other open source software indefintely.
Forcing tech companies to start maintaining and updating legacy software that is no longer made, sold, and supported for free, is like forcing Ford to offer free seatbelt and airbag kits for Model Ts.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Like banana crops that are clones and therefore are all vulnerable to the same disease, the solution is diversity.
There should be many more OSes and many more types of processors.
Hack that, faggits.
Abandoning Operating Systems is a cruel trick played by vendors who want the new revenue from upgrades...no matter what the cost in lost-business, learning-curves, and incompatibilities with existing practices may be to the customers.. Spending money on maintaining the security (even excluding features) of superceded products distracts from development of improved products, and is not in the vendors' self-interest.
Given that a new Operating system (retail) is in the $100-$150 range, I'd propose "Life Extension" service subscription, solely for security updates in the $30-35/year range...with a required minimum of 10,000 customers to keep maintaining the service. That provides enough revenue ($1,000,000+ per annum) to support a small, dedicated staff.
Frankly, there's no reason that a M$ couldn't engage in a Joint Venture with a small qualified, independent security firm to provide the service, with special access to proprietary information within the O.S. vendor.
It would be an investment in the rehabilitation of the O.S. vendors' reputation, because M$ has gotten quite high-handed in recent years, dictating (or even forcing) software on unwilling customers.who have existing businesses to run.
I count this as an example of business needs creating a serious problem that didn't need to exist.
Microsoft revenue is based largely on selling licences to run their software. Once they had sold everyone a license, they risked a sharp drop in revenue. So, for business reasons, they elected to structure their releases in a way that justified asking users to re-license new versions. That's a huge part ofnwhat created the situation where there are still active XP (and older OS) users.
There is no particular reason why they couldn't have structured their products in such a way that updates carry a single operating system installation forward and there is no such thing as XP, Vista, 7, 10, etc., just a system that is current on patches or one that is not. The systems that aren't current on patches are probably not internet connected and so are less likely to face internet-based threats. It would change the revenue model though.
Bitcoin is the enabler, not Microsoft.
Shutdown Bitcoin and ransomware stops immediately.
And ransomware is only the tip of the iceberg.
Anonymous Bitcoin transfers can also enable:
- Drug sales
- Tax evasion
- Murder for hire
- etc
...it was called their Windows 10 free upgrade. You can lead a man to water, but...
Windows Workstation on old DEC Alpha systems against any attacks? Pretty sure some of the basic Windows vulnerabilities would apply.
That is the only scenario I can see for this. They are not going to do this for Joe Home User.
...replace Windows with Linux, and stop using smbv1 and smbv2.
Anyone remember nimda?
Hell, at the very least, open source any abandoned OSes so that others can take on maintenance if they feel compelled to live in the 1990s again.
I propose Zeynep Tufekci pay for the costs associated with perpetual support.
Just put a software expiration date in the EULA and after that the customer assumes all liability, including the liability incurred if their infected computers infect others. That way, when grandma's Windows 95 box infects some big company's web server, the lawyers can take her retirement and her pension and put her out on the street or into a home.
Only after we obtain justice against people who never update their computers and install government-sponsored malware like Windows 10 will we truly be secure.
This is a defect. This is not an upgrade. It should be fixed. And yes, Ford in 2008 repaired a defective design in a 1994 F-150. 14 years later, they're still responsible, and responded, to a safety defect in their design.
Comment removed based on user account deletion
I have no sympathy for moneyed institutions that treat IT as a pure cost center and skimp on keeping it a well-oiled machine. If you're a hospital that wants to be cheap and leave XP-based machines on the Internet then you can have your administrators' salaries and bonuses docked to pay the fines for the social harms you cause by prioritizing compensation over "getting the job actually done." Or you can go back to the ugly days when you IT wasn't a cost center, ie back when you didn't have the efficiency gains and capabilities it brings.
It turned out that simply tweaking the binary of the ransomware rendered any existing and future patches that Microsoft makes obsolete and useless.
OS policy won't do shit. Updating to a piece of shit like Windows 10, won't do shit, and will even make things worse since Windows 10 is
an even bigger scrapyard of code continuing to blemish the remains of quality code that once existed when Microsoft had competent coders.
I think that if you got people over to the subscription model, it wouldn't be impossible to put 3 or 4 guys on a maintenance team to backport absolutely critical fixes. You'd have to be very explicit about the criticality level that triggers a fix, but the reality is that vendors introduce a lot of dependencies. Those maintenance coders wouldn't have to be your best and brightest either - it would be a very good first job for new grads. I would think that as long as customers were paying something like Software Assurance, fixes for remotely wormable issues in components that haven't changed much since the dawn of the product might qualify. It's not just OSes eitther - look at critical stuff like SAP or Oracle products, where some of the foundations are the same as they were decades back.
Software vendors don't want to maintain old software because they aren't getting license revenue from it anymore, but not all customers remaining on old versions do so by choice. There are plenty of "run it till it dies" customers and small businesses still on very old versions of software, but others, especially in the medical field, aren't so easily migrated. Around the XP timeframe, there were a lot of embedded applications that relied on quirky Internet Explorer behavior or used components in such a way that you can't just migrate them to a new OS. Those browser ones are the absolute killer, and IE's Enterprise Mode only solves a subset of the problems.
I work in another industry with a lot of legacy cruft around, and applications that just can't be economically rewritten. Thankfully we're off of XP, but Microsoft prematurely killing support for Windows 7 is troubling and has caused us to step up our timetable for some critical application changes. I think that the only possible beneift of the subscription model for a customer is to allow the possibility of something like I talked about -- a very small maintenance team -- that doesn't cost millions of dollars a year in custom support agreements.
Would this approach not impact hardware development as well? And mobiles and iot?
If Microsoft, Google, Apple and all Linux distribution organisations are expected to support older versions permanently, their software legacy grows and with it, the supported hardware combinations also grow.
People here on /. dislike the push to upgrade to Win10, but it's what's going on elsewhere, with more mobile devices being sold than desktop format PCs. The model doesn't suit everyone all at the same time and with the same level of satisfaction, but it does work. If not, BYOD would be uncommon.
As things are, on slashdot what I get is:
Apple: most people run recent iOS versions - this shows Apple is doing well. Newer versions of OS X run well on older Macs too. Excellent Apple!
Google: there's a lot of people on older versions of Android, it would be great if Google were in charge and everyone had the opportunity to upgrade asap! It's the telco operators that are getting in the way of OS greatness! Excellent Google!
Microsoft: In my special case it is 100% reasonable that I want to run Windows XP until the end of times. Everyone who disagrees is wrong and Microsoft is bad for pushing me to Windows Vista/7/8/10. This ransomware story is 100% Microsoft's fault.
First of all, let me state that most of my machines are Linux, or BSD. I find the whole panic over WCry absolutely hilarious.
Something like OpenBSD, but less stringent:
First-tier is average OS support - six months support tops, after that, you need to upgrade. You have version 4.3 while the latest version is 7? Tough luck.
Second-tier is emergency OS support: 12 to 18 months support tops. On a specific version (meaning fubar 6.0 but not fubar 6.1 for instance ), only back-port of the most critical patches to base system.
Every 5 years, for embedded and ultra-secure needs, you get an ULTS (Ultra-Long Term Support) version, which is going to be supported - provided you sign an annual support contract with mucho dinero - as long as necessary, including backporting patches from the newest version of the OS, but only for the base system. Anything extra you add to that base system is your responsibility.
The issue here really is pretty much the same as an "Internet of Things" issue: please, dear MegaCorps, use a nice, updated AND SECURE DEFAULT CONFIGURATION for your freaking products - no, Windows XP is not nice, updated and secure out of the box, and neither is Linux if you open 200 ports and services with "admin" and "secure" as login and password, respectively.
On a more general note, if you use Windows within your product, I don't care what that product is, you are asking for trouble.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
From the outside, I would tend to agree with you. But Microsoft has some liability here. They created a product that is still in use on hundreds of thousands if not millions of computers. Microsoft sold more than 400 million copies, and who knows how many pirated copies are out there.
Here's the deal, Microsoft was found to be in a monopoly as far back as 1998. When companies like Microsoft reach this level of operation, they usually become regulated. I see a strong likely hood that Microsoft will suffer a substantial blowback from this event, and ones to follow, as Windows XP is not going to go away any time soon, not to mention the problem is only made worse by Windows 2003 and Windows Vista, as these are no longer under standard support as well.
We might be seeing the event horizon where governments mandate support for software like they do for manufactured products that come with warranties, they may even require warranties for operating systems, as insecurities in these have proven to be so dangerous.
Should you be forced to support all of your past works in your life? People and companies that don't want to 'do right' by keeping their systems up-to-date and safe are aware of the dangers.
Yes, CEOs and other upper management don't give a shit about your problems until it hits their bonuses or jobs. but as an IT professional you need to emphasize their ignorance and make sure that it isn't glossed over by the gleam of their flash and sizzle.
As a home user you need to be aware that if you have old equipment that isn't being provided for you are taking a risk.
And finally, if you are an IDIOT that opens, let alone clicks on files from unknown sources you DESERVED what you dealt YOURSELF!!!!
The reason companies stay on XP is because it is the best documented and solid Windows OS so far. As long as MS keep moving their OS and API's around like a piece of butter in a sauce pan we will have these problems. I have been in projects where we were forced to change DB API several times due to MS "floating" API and automated deprecation. If you are developing a product for the Windows platform that you suspect will be in use for ten-twenty years. DO NOT CALL ANY MS API DIRECTLY! Wrappers all around! (or better yet use *nix. The fifteen year old Linux systems we have run on new hardware and OS's.... Wonder why? That will probably all change now with the new OS think brought on by systemd though, but we still have BSD!)
When you have to make a $10 million USD investment to "update" to a new platform that offers nothing you tend to hesitate. hence... still on XP.
This could also be viewed as PR protection for Microsoft. If they didn't help these users, then this would dirty Windows' name even further, and many of these users would probably switch to something else, realizing MS doesn't have their back.
If they want to keep it under wraps by law, they better keep supporting it.
Slashdot generally doesn't like ludicrously-long copyright terms, right? What if we made maintenance a requirement for retaining copyright over software? If Microsoft (or whoever) wants to retain a copyright on their software for 70 years, then they'd better be prepared to commit to 70 years of support. If they want to EOL it after 5 years or 20 years or whatever, and wash their hands of responsibility, that's fine, but then it's public domain. Why should we let companies benefit from software they don't support anymore?
This could also work for art works, as well -- because copyright exists "To promote the Progress of Science and useful Arts," we could make it a requirement that an author (or company, or whatever) needs to be distributing (or licensing for distribution) a work to have copyright on it. When it's out of print, it enters the public domain.
Oh please. Update to Win10 or get Linux. Get off the XP beast. It's been over a decade, did they really think they could just stop upgrading OS?
Or use ReactOS or . . . whatever.
Providing free updates to old OSs means that people paying for new versions are subsidizing the people who won't upgrade.
To counter the car analogy. XP is like an abandoned Microsoft property that is attracting crime and is a public nuisance. They have to maintain it, or get rid of it.
So patch it for security, or give up the rights to it for open source.
Microsoft has started spying on consumers using Windows 7 and later, collecting their private information to sell to advertisers and governments. This spying and data collection will continue indefinitely, there is no announced cut-off date when Microsoft will stop selling consumers' private information, so at the very least they should keep updating all old insecure software.
Linux
I'm wondering where in the EULA it is said that Microsoft will stop updating the piece of software they allows you to use when they want to force you to spend more money to use a slower, memory hungrier, uglier UIs and with more spyware big piece of software.
questions is Hell no.
If the number of older systems is large enough, then Yes, Microsoft should release patches for them.
They should do this for two reasons:
1) Reducing the number of infected systems helps protect others from infections
2) It protects the innocent, like those whose Medical Care was interrupted in the UK, from collateral damage.
Who pays for it? Microsoft. They have benefited from the sale of all those systems, and certainly have enough cash to divert some to supported old but prevalent systems. Also, the fact that people still use MS systems, even if they're old, benefits MS in some way by helping them maintain market share (and "mindshare"). Odds are that these systems will eventually be replaced by more MS systems, representing future revenue for MS.
Don't forget to pay your $699 licensing fee you cock-smoking teabaggers.
If we made infinite support (even for just critical updates) the industry standard, would it be difficult for a budding software developer company to plan for this, before knowing how well the software will sell?
At the other end of the spectrum, some established companies have hundreds or thousands of pieces of software deployed. how many units need to be sold/distributed before the company would need to consider it one that needs critical security support indefinitely?
Would you think Open Source software would require the same standard, since the source code is available to everyone?
--something witty
place a massive 'feature' in their products, so when the product becomes obsolete people will really see it as obsolete and update to the most recent version of their product line.
If the answer is no then all a company has to do is tie in all it's software to the OS. If a OS is defined as the software that controls the hardware then there wouldn't be this issue in the first place. This is a service which runs on the OS.
The systems sold at a discount today are no faster in handling the day-to-day use of the average user as some sold 15 years ago. Most peoples use is not that of a gamer. This need to create waste baffles me. If it were not for the extended term of copyright there would be a third party market here.
The question should be why must we maintain copyright and/or patents on merchandise that the creating company no longer sees fit to maintain?
DRM? No thanks, I'll just get it somewhere else...
Just put all that old crap on virtual machines. The only important parts are the data. And the easiest way to counter ransomware is with backups.
If they outright say a product is no longer supported, I see no reason to hold them accountable for user laziness/stupidity/cheapness/pick a negative attribute.
Should I expect the warranty on my 2002 Chevy Malibu to be honored? No? Interesting.
Should I expect MS to make sure they've patched Windows 3.1? No? So, user laziness/etc. shouldn't be supported. Get an OS that is supported if you don't want a high chance of bad things happening.
The last time Microsoft got in the middle of security problems, It allowed Apple to break out and we had a period of time 2006-2012 where Macintosh PC were all the rage. None of the Linux Distributions have the mussel to take advantage of a misstep from Microsoft.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
There are more than enough XP users in the world for Microsoft to dedicate resources and turn a profit supporting it. Arbitrary sunset dates disconnected from reality of who is still using software amount to nothing more than sales tools intended to extort upgrade revenue.... buy this or get owned.
I personally don't believe vendors should be allowed to walk away from safety defects in products in order to make money on upgrades. Buffer overflows are entirely preventable classes of software failures. It is a tractable problem to solve. That it may not be in the case of XP isn't the end users problem.
Under other circumstances, "pay extra money to us or we will withhold critical security updates," is called extortion.
I do not think MS should be forced to support obsolete s/w forever. It just does not make any business sense. However on the flip side, the problem for many people or organizations is that an OS upgrade implies a h/w upgrade. The h/w may cost more than the OS and required ancillary s/w updates (i.e. useful end user applications).
Thus there is an amplifier effect in the cost. A $150 OS upgrade triggers a $500 h/w upgrade, or an amplification factor of 3.33 (dollar values/amp factor are arbitrary).
I have a lot more sympathy for poor old end consumers and small businesses than I do for organizations however.
I'm *sure* if you approached M$ with enough cash, they would oblige you.. Although it's likely going to be a LOT cheaper for you to simply upgrade your OS and applications to Windows 10 (Or, if you really want to go cheap, Linux).
If you absolutely need support, you CAN get it if you are willing to pay for it. What's usually the case though is folks are unwilling to pony up the cash and choose to take their chances.
I worked for a company that had a PBX that was falling out of support by the manufacturer and although third parties supported it, they where hugely expensive. They actually dropped support for the PBX, full knowing that if it went down, it would stop the business. There was no fall back plan beyond having cell phones for some folks (back in the day when cell coverage was spotty at best.) It was stupid... Luckily I left that place before the bottom fell out, got a great severance package too...
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
"YES" - for such critical needed updates.
I have one system that I've been trying to upgrade for 5 years. Another system has a hardware device {and drivers} that are no longer available, which also has software form a company that is out of business. "Upgrade to Windows 10" won't work (and I'm not going to to the MS-Sell land of Win 10). I am grateful to MS for upgrading the ones that they did, and to the moron's in the "buy the latest now"; that is not an option, I've tried.
They already exist. They're called routers. Network routers can be configured to provide great deal of protection to machines that are older and cannot be patched. Many contain firewall software. Even simple ones can be configured to block traffic on vulnerable ports.
In this case, a router could be configured to keep the SMB port (445) blocked. A router, with updated software, and a firewall gateway can help protect even older devices with embedded code that may no longer be supported.
Of course, it goes to say, that you must keep the router's software updated and not use default credentials on the router.
The NHS decided to not upgrade many old systems because the threat was deemed minimal. Offices were urged to upgrade but funds were not made available and infrastructure budgets were cut again and again. Multiple bad decisions led to this result.
Many things could have prevented it. Better funding, better threat assessment, the NSA informing Microsoft of the vulnerability so it could have been patched years ago, and on and on...
In the end we are here, and hopefully threats will be re-prioritized and better protections will be put in place in the future (I could not keep a straight face while typing that and finally burst out laughing).
Personally, I think it's the wrong approach to try to compel Microsoft to support old operating systems. It's a substantial burden for them, and makes it harder for them to move forward and innovate.
Instead, I think we should try to compel Microsoft to open the source of Windows XP. If there's a large enough number of people who want continued support, they would then be able to fund it somehow. Plus, it would push Microsoft to innovate, since they would have to make sure that Windows 10 did useful things that Windows XP doesn't do (that people actually want).
I may be a bit radical here, but I personally think that, in order to attain copyright protection, software developers should be required to provide their source code to the Library of Congress (or some other governmental organization). Then, when the software is no longer being sold or supported, the source code should be made public domain.
C'mon people.
The upgrade path from XP upward is not like the path from 7 to 10. You don't get to keep your apps without reinstalling everything, and it is very unlikely you can keep your existing computer.
The disruption is immense, and they only way forward for me was running a USB hub to allow switching between computers piled on my desk and keeping my old XP box at the ready in case there was some critical app to which I had lost the installation. media that I needed.
As to the people who "downgraded" to XP, I never experienced Vista because so much shade was thrown on it. Maybe Vista was clunky slow because it was no different than 7 but it was advertised as running on hardware that you wouldn't think as being compatible with 7?
Label me cynical but dumb. Oh, noes, XP is ten . . . years . . . old! It's this stupid obsolescence culture -- Fred has been coding for us for 10 years -- fire him and get a new person.
Forever support isn't reasonable, but at the same time vendors using security update channels to push unwanted upgrades for the benefit of the vendor is equally bad.
My guess is that we're going to be getting to the end of the road of the "nasty, brutish and short" state of nature in the software industry and start seeing more regulations.
Vendors will be able to EOL their products, but will also have to supply security updates for N years after the product is officially ended. Vendors will be required to maintain a security update channel which may not be used for pushing upgrades or unrequested new products.
An interesting solution would be to let vendors "expire" a version by inserting a patch that boots the OS at a warning page requiring a firm verbal commitment ("I agree this is obsolete") before booting any further. Vendors would be REQUIRED to do this for operating systems they had obsoleted but only after their N years of post-EOL support had ended.
This way, nobody escapes the product being EOL. Customers can still use it, but must affirmatively acknowledge it is obsolete. Vendors are required to keep supporting it for a really long time after official EOL, but they can kill it more completely but only after the EOL support period.
None of us bother to learn real security. You're all so stuck on layer 4-7 you fail to understand layers 0-3.
Your fault for not realizing the current security model is flawed as fuck.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Once a company decides to stop supporting a software product they should be required to release the source code either under an open source licence or into the public domain. That way people who can't upgrade can either make patches themselves or pay someone who can.
After all if the new offering really is so good everyone will want to move to it as soon as they can anyway ?
I've personally still got XP boxes and can't upgrade as the attached, expensive, hardware I use to run my business doesn't have drivers post XP. And the hardware is exteremely good, extremely reliable and just works. The software I use to control it also just works. Modern versions of both the hard and soft ware are crap in comparison (lots of removed features etc.)
Plus I think that WIndows 7, 8 and 10 suck. Windows Explorer has been ruined and more importantly you now can't stop applications stealing focus like you can in XP. Plus WIndows 10 is simply a spyware riddled "activity center". It's not a professional OS that gets out of the way and lets you get on with your work.
How about "my software doesn't work on your new stuff"? Where's the negative attribute there? Eh?
Here's my view: If you sell a product, you should fix any bugs or non-performance issues that relate to claims made when you sold it. Application, OS, driver, etc.
An example:
Let's say you sell me a product, version N, on the basis that it loads images, allows me to apply various image processing operations including contrast, and then save the resulting changed image.
Later -- even much later -- I discover that the contrast operation doesn't work. You're still selling the product, and you've fixed the problem (so in such a case, we know you *can* fix the problem) but now it's on version N+X, and you want me to buy an upgrade to get a working contrast operation.
It is my position that either you should fix it, provide me with the upgrade at no charge to remedy your screwup (which some OS vendors will do, Apple, for instance), and your upgrade must in no way take away any advertised capability I already bought from you, or which depends on APIs you published, or: you should give me my money back.
If you won't fix the problem, I see that as you having sold me a product under false pretenses. You said it would work: it doesn't. You won't fix it.
What I don't see as reasonable is basically selling broken stuff and then expecting everyone to accept that. If you sell me a defective chair, house or swing-set, I expect you to fix it to the best of your ability. If you sell me defective software, I expect you to fix that to the same degree.
This whole "I'm selling you two things: broken software and a big fuck you" is a bad idea, and leaves a huge trail of broken and incompatible shit around for everyone to deal with.
There's more to this, but it all boils down to a presumption of "abandonment is okay" that I see as almost always a sign of ethically bankrupt management. Not always. But usually. Certainly in every case where the software in question won't / can't do what it claimed it would.
I've fallen off your lawn, and I can't get up.
Perhaps all OSs should have a kill date embedded after which they will fail to operate. Maybe nothing as drastic as the machine failing to start, but perhaps for example booting into the equivalent of safe mode with no networking, so that it's possible to move your data from the system but isn't really practical to use it.
Why? Because such a kill date would actually force people to think about upgrading rather just keeping running because they know they can.
It could be as simple to override as putting the clock back for those who want to play with older OSs on old hardware for fun, but that wouldn't be a practical solution for most of the lazy businesses who continue to use obsolete systems and not just put themselves at risk but, by becoming vectors for attacking others, affect us all.
And for at least a year before the kill date is activated the system wallpaper would be replaced with a timer counting down to the time the system needs to be replaced.
Please read my Canon EOS tech blog at http://www.everyothershot.com
Vehicles are not a good analogy. Replacing some older vehicles does not cause the organization that uses them to stop functioning. A better example is industrial land pollution ("brownfields"), where US law requires the polluting company to pay for cleanup no matter how long ago it happened. Microsoft made a huge amount of money selling software it knew had defects into applications it knew would be hard to upgrade. It's not much different from companies who kept their costs down by dumping toxic waste materials onto nearby land. Microsoft should be responsible for cleaning up the mess they made and profited from.
So the argument here is that the government responsible for finding, hoarding and weaponizing software vulnerabilities should also hold the manufacturer of the systems they attack accountable for these attack vectors? If the government wanted to help the end users then they would work with the vendor to fix the problems they find in their software.
If I have a physical product I need to fix I can do that 'indefinitely' though obviously the older something gets the fewer pre-existing parts there are that will fix it but even 'in theory' someone skilled could machine a part for it, or if the product is popular enough it will have 3rd party suppliers for parts.
Proprietary/closed software doesn't allow this same idea therefore the only proper solution is that proprietary software vendors either continue to supply fixes indefinitely for their products OR they can release the source code & let the world fix their shit for them.
We should not be praising MS for fixing a shit product that they are the only ones that can fix it. Doing so only promotes the screwed up belief that we can't 'own' the things we bought. I'm happy to see someone point out the very true reality that MS is holding people to 'ransom' as much as the malware developers, they are both criminal actions that shouldn't go unpunished.
What if there was a Genie and you could get 3 wishes and so you wished 3 times in a row that you could know for sure that it was a real Genie? That is a huge waste, in a fictional world.
What if we need to use the right terms to structure how we think about the conversation and issues around it?
What happens if we use "technical debt" instead of "backward compatible"? I think it reframes the conversation in more useful, more executable, and more informative terms than an issue of "compatibility". We don't care if windows 95 works with the newest Steam, but we do care that there is a super-virus that can "own the world" as it looks from there. The cost isn't about DirectX12, and is about fundamentals of security.
If a development community is building toolsets (think Intel Fabs) that are controlled by OS where the tools have an operational life of 20+ years, and require zero change to the OS over that time, then could there be an OS "technical debt" approach that allows the core-gap to be filled with minimum cost to either the OS creator, the tool creator, or the factory owner?
If any of our technology is going to have an impact in 100 years or 1000 years, this approach is essential. If OS creators are only building for a 2-year cycle (like MegaSloth) then something like 100, or 1000 year lifetimes are inconceivable, or even an existential threat.
windows 10 enterprise let's you turn that stuff off but it's to bad that smaller places can't really get windows 10 enterprise. Unless they get into a long term contract for software
... they can keep supporting it just as long.
If you have perfectly functioning Kinesio-machines with Win95 or XP, you can use them indefinitely, but do not fucking connect them to the internet.
But for the rest, if you can't afford to upgrade, you just have to face the consequences.
This attack happened because the US Government didn't do it's job. It's primary task is national defense. It kept a vulnerability to itself to attack foreigners instead of protecting it's own infrastructure, businesses and individuals. The government had these tools taken and passed around for everyone to use.
And crap like this is why governments can never be allowed to have backdoors. The secrets will always get out. Everyone is vulnerable.
"A plan fiendishly clever in its intricacies"- Homer Simpson
Sorry but there is NO 'social norm' that limits how long the owner can continue to fix their shit, e.g. by 'social norm' I mean what people expect NOT what the law allows. The law you state about cars is purely intended to protect the manufacturer, not 'society', why do you accept such things? Even so, a physical defect can be fixed by others 'skilled in the art', but software can't be fixed without the source code. If SW vendors want the same protection they should be required to release the source code in exchange.
If you were in my class I'd flunk you for trying to apply 'rules of the physical world' to software, at least if you couldn't demonstrate you understood how to do so.
Expecting a tech company to support a product that is past it's end-of-life for free is like not getting an extended warranty on your car and then getting mad because the guy who did is getting his car fixed instead of you. Seriously, why is this even a conversation?
Oh please. Update to Win10 or get Linux. Get off the XP beast. It's been over a decade, did they really think they could just stop upgrading OS?
Does it EVER occur to you people that if XP was written the correct way from the start, all it would ever need to meet the problems of the future are patches? The basic idea MS uses to construct their OSs is faulty, even before the first line of code is written. That goes for Apple too. Don't buy that crap.
I suspect that what would happen instead is that the companies would put kill switches in their software, so they simply stop working after EOL. Or at least stop all networking except to their upgrade servers.
Ok. Maybe not a 'god' per-se but he warned the world 35 years ago what would happen & he's been warning everyone since. Those of us that understood his warning don't run proprietary software that doesn't provide the source code.
There's a very simple solution for proprietary software vendors, if you no longer want to 'support' your shit release the source code. Note by 'support' I do NOT mean 'adding new features' (including that necessary to support new hardware), simply fixing bugs in your software that shouldn't be there to begin with. Now, we can all agree that software bugs occur & some vendors are probably better than others at minimizing them so 'shit is as shit does' so to speak, but if you don't want to fix your shit forever than if you stop fixing it you should release the source code so others can anything less is simply a ransom on the product I legally purchased.
Hell, I was able to get a couple of old monitors fixed. Both just had a capacitor go 'blewie', it cost me less to get them fixed then buying 2 new monitors. If I was a bit more skilled in electronics I could have done it myself for pennies but I was willing to pay someone else.
The point is that 'physical shit' can be fixed by someone 'skilled in the art' not just the manufacturer because the 'source code' is right in front of them. If proprietary software vendors don't want to fix their shit that only they can fix, just release the source code.
See subject: Wana can't get to a setup w/ no SMB/port 445 access secured via CIS Tool (highly esteemed & took fixes from "yours truly" too) & does only SMB2 or better + I don't run Server or Workstation services, Client for Microsoft Networks (any AD stuff too), File or Printer Sharing OR NetBIOS over TCP/IP soliciting connections (wastes for me - no home LAN/network) saving CPU/RAM (& other I/O wasted along w/ longer networking packet train data) which automatically protects me right there 2 ways:
1.) Nothing to get a 'handle' on to connect to via a port 445 listener in the 1st place & EVEN IF it did?
2.) I am SMB2++ secured.
* FOR SINGLE SYSTEMS NOT ON A NETWORK @ HOME (no LAN)? It works.
Yes - "I AM LEGEND" immune here.
APK
P.S.=> It's ALL here how to do it FROM 11++ yrs. ago too no less "A look @ the future - & the FUTURE was THEN" + got me paid too, will wonders NEVER cease https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Google+Search&gbv=1/ ... apk
This is a terrible opinion written by an ignorant person. The ONLY way we are going to force users to update their software is to have these kinds of dangerous out in the wild. We need to create a better culture around security, and this is one (excellent!) way to do that. If anything, companies should *stop* supporting software sooner, rather than later. Windows 7 and 8 should be gone. Corporations need to re-think their IT strategy that for some bizarre reason makes it ridiculously complicated to update client operating systems. Dumping Windows would be a great first start. It makes it far too complicated a procedure to update, dealing with registry and hardware incompatibilities, etc. Updating a managed network client OS should be as simple as sending out an OTA patch on a mobile device. But Windows makes that pretty much impossible. It's time to dump it, in the name of both cost savings and security, not to mention functionality!
There should be a final update at end of life for an OS as soon as the first vulnerability is found after end of life, just provide an update that kills the OS. As it stands now we probably have millions of XP boxes being used as attack vectors on the rest of us.
Comment removed based on user account deletion
I don't care what operating system (or, for that matter, software or product) you are talking about, but at some point you just can't keep patching. You need to be able to re-architect and deprecate old functionality, and take things out of production. An operating system or software package is an engineered product, just as much as an automobile, airplane or coffee maker is. I can go buy a classic car without airbags, antilock brakes, pollution controls, crumple zones or even seatbelts if I go back far enough. I can register it and drive it on the road legally. If I get an an accident and have my head smashed against the unpadded dash, get skewered by a straight steering column, am left paralyzed by the lack of crumple zones, or am thrown from the vehicle in a rollover I really have no one to blame but myself. The vehicle manufacturer long ago retired any warranty to the vehicle. I would expect a new car that I buy to have all required modern safety features and expect that they would be fixed (recalled/patched) if there was an issue found. But I would not expect the vehicle maker to patch in whatever advancements happen in the next 5-10 years.
You don't get to bail out of your product that was defective from day 1 by saying "we don't support it anymore". This is not some fucking technical glitch where someone is harassing Microsoft because they can't find the button to resize their screen on some non compatible brand new hardware they bought. It's a ZERO DAY vulnerability that Microsoft not only ignored for over a decade and carried forward into newer products.
Why is everybody ganging on Microsoft when Google's behaviour is much more egregious?
The Nexus 5 is vulnerable to the Broadcom wifi exploit, and yet Google will not patch it since it was released on November 2013, which is more than 3 years ago.
That's right, Google will only issue security patches for three years.
How's that for support?
The environmental impact of retiring old OSes is that more often than not perfectly capable PCs get shoved into dumpsters. Here, a case can be made for Linux literally saving the planet :-)
"YES" - for such critical needed updates
and by doing it this once, Microsoft may have just screwed itself into supporting XP again... like when the next killer worm start going around. Microsoft truly wants XP to go away, but if WCry tells us anything, it's how many crucial systems still rely on XP. We're talking banks, hospitals, factories, power-plants and stuff, all around the globe. Two things are obvious: Microsoft had or could produce a fix, but withheld it until WCry became an international catastrophe.
What's Microsoft to do? Sit back and blame it on the user and risk a massive class-action lawsuit? or save the day and risk supporting XP into perpetuity, making judgment call after judgment call whether the latest thing affecting XP is serious enough.
Take it easy, Charlie, I've got an Angle...
Zeynep Tufekci,ought to be embarrassed for having uttered these words.
Need it be stated that Windows XP is 16 years old? Need it be repeated that all current versions of Windows 10 were immune to this attack? Need it be pointed out that Microsoft decided, on their own dime and initiative, to temporarily reverse policy and patch WinXP anyway?
All companies, and tech companies in particular, want their customer base to stay reasonably current. It's not just tech churn either. The more versions they support the more expensive that support becomes. Vendors wind up fixing problems in old code that they fixed long ago in newer code. Customers start using the excuse "well it's still supported!" to keep ancient code and systems running, long after their Best Before date.
At some point it all becomes circular logic. Why haven't you upgraded? We don't need to, the vendors don't consider their customers to have any responsibility to stay current at all. Why don't the vendors place a price on their customers who never upgrade? Well the customers don't make it a priority so the vendors feel they need to support released code forever...
Just try and get new OEM parts for a 10 year old Ford, GM or Chrysler. See how that goes for you. Ask Atlantic Cable and Wireless to sell you some new knob and tube wiring. Suggest to Dell's Fine Shoes that you are disappointed you can't buy spats from them. There are product cycles in every industry.
and by doing it this once, Microsoft may have just screwed itself into supporting XP again
No, they didn't
What is MS to do?
1. Don't make upgrading that difficult. Make the upgrade / migration path easier, not more difficult.
2. TEST THEIR SOFTWARE. Hire in (back) QA and pay them for what they are worth. MS typically will undercut pay for SDET by about 25% (or more).
As I said earlier: I would like a viable migration path. Throwing in the garbage is not a viable migration path.
Comment removed based on user account deletion
If you choose a closed non free OS, You have to stay on that treadmill. That maybe expensive updates or a forced upgrade.
Nobody forced you to buy this, you knew it would EOL.
Slightly more sympathy with embedded versions but to be honest it would be my first IT question when buying equipment with an embedded OS e.g can I just update the computer piece of your mass spectrometer?
I'm no MS fan but you knew what you were getting into. And if you didn't you do now!
However like XP and older, where the company isn't selling support, and had let everyone know that it off service, they shouldn't need to keep it updated.
It's not nearly as one-sided as that. They sold hundreds of millions and still have a large installed base. In fact, to many the replacement(s!) and the vaunted "improvements" that brings just aren't worth the hassle of re-learning a messy interface yet again.
So yes, they really really ought to support such a large installed base for as long as they haven't managed to convince their clients to move to a newer version. And I do mean convince not strong-arm or outright force. I emphasise this because we all know what their preferences of doing business are.
Their coffers really are big enough for this, and cheaping out does widespread damage. And that's before noticing they're a convicted racketeer and monopolist, which ought to put an extra burden to care on their shoulders. Their tiny meek pasty geek shoulders. *cough*
Otherwise I am still waiting for my MS DOS 6 patch as it is still vulnerable to the stoner virus.
Why was it ever vulnerable in the first place? That too comes down on their heads, and it's a responsibility they've been shirking for years on end. Explicitly so.
In places like Germany, you're not allowed to release anything to the public without a Certified Engineer putting down their signature saying this here thing is good and without obvious manufacturing defects. This then makes both the Certified Engineer and the company liable for provable manufacturing defects. Like all the structural architectural flaws that enable worms, viruses, malware, ransomware, you name it. They're not all just "oh oops mistaek", some of them are positively structural and should have been caught at the design stage. Those, that personal signure makes the Certified Engineer liable for. Because he should have known better and he knows it. There is no such thing in software, and it shows.
You know, I really would have liked to see billy g. brought up on charges of criminal engineering incompetence as the head perpetrator of this gigantic festering pile of criminally poorly designed software. It would have happened years ago, too.
People buy a computer expecting it to last a few years. We know they're obsolete well within a decade. Nobody buys a PC, seriously expecting to still be using it 10 years from now.
If, after 10 years you *are* still using it, then it's up to you to continue to support it.
the more approproate discussion is....
why is microsoft allowed to push all that windows update crap against the privacy and wishes of users as this situation that has just happened is most likely to happen again
if you ask this question or get this discussing then your on the better track of why a company is putting out a product no one really needs just so it can spy and collect data on them rathern then for a pc desktop that one can use for there own purposes and productivity
this is nto a PC NOR a desktop OPERATING system anymore. IT is adware , maketingware,spyware....backdoor spy-agency ware
i don't care if you like your windows games , more people use the os for non gaming, yet here we are.....
OH and if you think Microsoft so innocent then get them to answer why windows NT 5 beta 1 ( xps direct predecessor never released publically ) had a large amount of this call home crap already in it....
NO really they been at this slide a long long time....I think when hospitals could have people die we need to all ask ourselves why any of us are supporting this bad behavior. ....cause games.....
If your answer is cause games , then perhaps the next time your in hospital and need care we should jut refuse to help you
that would be fun for everyone thats ever said that if it happened to you....you'd prolly quickly go back in time and play much crappier games on linux or anything else before using ms windows again.That is if you didn't die that is.
Which are the "industry norms" that Microsoft decides on.
So, Microsoft should design things so that they CAN be patched, instead of designing them to force people to pay more money for support.
The question ignores that the "victims" might not ever have been paying MS customers in the first place.
None of the Linux Distributions have the mussel to take advantage of a misstep from Microsoft.
Remember when even magazines like UNIX World said that Windows NT was the future and that UNIX was dead?
Right.
I sympathize, but in the end, it's YOUR fault for buying software and/or hardware that only works on a particular operating system and you don't have the source. There is a perfectly valid reason free software people want drivers to be open sourced. I know, I know - but they don't offer that. Then either choose something else or accept that you're buying into closed source and potentially unsupportable items. It's a choice. People make it. You choose to use this stuff. Even if it feels like you don't have a choice, you do. The choice might even be not to do that thing that requires that particular thing. It's still a choice. If it's for business reasons, it's STILL a choice. Don't do business or do business and use unsupportable items. It's still a choice. You might not like it (which is perfectly normal), but it's still a choice you made.
What's On Your Network ??? http://www.open-audit.org/
I sympathize, but in the end, it's YOUR fault
You have got to be kidding. Show me a list of software that can be upgraded before the upgrade is available.
You misconstrued what I said. If the drivers (software) are open source (eg: in the case of Linux, in the kernel and supported by the kernel dev team), then they will be supportable (essentially) forever. Choose this type of software where possible. Substitute drivers for an application. If the app is open source, it's supportable forever. A decent compromise is an agreement that if the company stops supporting the software without an upgrade path (or goes out of business), it makes the software open source. Have seen that in numerous purchasing contracts. A third party (usually lawyers) hold a copy of the source in escrow.
Granted it's not always offered, but that's my point - it's a choice.
What's On Your Network ??? http://www.open-audit.org/
You misconstrued what I said.
Actually, you don't understand the problem.
If the drivers (software) are open source (eg: in the case of Linux, in the kernel and supported by the kernel dev team), then they will be supportable (essentially) forever.
Ah... no. For one system --- there is an "open source" software option; and in this open-source I found an annoying bug. The dirty secret with open source, if the bug it isn't on someone "favorite" plate, it's not going to be looked at/fixed. And if I don't know the language that it is written in ... then it won't be fixed.
Choose this type of software where possible.
... not possible; this is why I'm stuck in WinXP hell. The hardware that I'm stuck with is no longer available as 'new' and there are no "modern" drivers as an option. The software cannot migrate (and in one instance the owner of the software is no longer in business)
A decent compromise is an agreement that if the company stops supporting the software without an upgrade path (or goes out of business)
Again not an option. I need to put in a new development process to replace one piece of equipment (the 5-year issue); I need to replace hardware / driver (company is out of business & no one else makes it) and ... the 3rd is BUGGY replacement software written in Python.
Granted it's not always offered, but that's my point - it's a choice.
This 'choice' is never offered.
FTA: Microsoft supported Windows XP for over a decade before finally putting it to sleep.
Win XP still works, and so do the apps that have run on it forever. It is enough for most people.
The computer hardware/software industries' game of constant upgrades worked for a while, while hardware was improving at an exponential rate. That is not happening any more, making it more difficult to keep customers on the treadmill.
This is behind the move to "rented" apps from MS, Adobe, Intuit, and many other companies who used to sell a stand-alone product. They have already done most everything that needs to be done. But rather than go off and conquer some new market-space, they are instead tied to juicing the one that they dominate. They end up trying to get people to rent the software that they use, often for their regular job.
An app (a computer program) is simply a recipe. Think of your mother's box of recipe cards. When she uses them, she employs her own hardware (kitchen) to run through the recipe––there is no reason why she should have to pay every time she refers to the recipe. Extend that analogy to computer programs that you have bought and paid-for. Why start renting them now? Especially if you have had to re-purchase, or purchase multiple upgrades, along the way? There is no justification for continuing payments. None.
Renting software is stupid, but I won't bother with a rant in a dead thread.
Ah... no. For one system --- there is an "open source" software option; and in this open-source I found an annoying bug. The dirty secret with open source, if the bug it isn't on someone "favorite" plate, it's not going to be looked at/fixed. And if I don't know the language that it is written in ... then it won't be fixed.
You have the source. You can determine the language (or pay someone who can). You can pay someone to fix the bug.
The hardware that I'm stuck with is no longer available as 'new' and there are no "modern" drivers as an option. The software cannot migrate (and in one instance the owner of the software is no longer in business)
Which is why I'm advocating (in the future in your case) to not buy these types of systems in the first place. I realise in this case it's after the fact. Maybe next time.
This 'choice' is never offered.
So next time ask for it. There should be little objection. If the company is worried about giving up the source - it's only it they're out of business so no money lost. I also think it's quite reasonable to ask for the source if they effectively discontinue the product. You do have to ask though. Your lawyers and management will likely be on board with at least asking, especially after seeing the consequences this time around. If the vendor is not willing to compromise, make a choice. Either accept the risk (as was done previously - please learn from this) or choose something or someone else who meets your requirements. Or even change your process to not "require" this system. There are ALWAYS choices. They may not be easy or nice, but they are there.
In this case, someone previously chose to use this system. Next time around remind the decision makers about this. They may well choose to ignore you and accept the risk. But they have chosen this option. I'm not denying you're between a rock and a hard place at the moment. I've been there (exact same thing). It sucks. Just try to educate the decision makers about this type of thing in the future.
What's On Your Network ??? http://www.open-audit.org/
You have the source. You can determine the language (or pay someone who can). You can pay someone to fix the bug.
REALITY ... might want to check into it.
Which is why I'm advocating (in the future in your case) to not buy these types of systems in the first place. I realise[sic] in this case it's after the fact. Maybe next time.
So - you advocate in buying nothing. Well, it will save money, just won't accomplish anything.
So next time ask for it.
"NOT OFFERED" ... NOT AVAILABLE... BUY WHAT WE HAVE OR *NOTHING* ... NO OTHER OPTION.
No we should have longer support times for OS's but not indefinitely. Who would have thought they'd be a middle ground.
Throw Cisco in the same bucket. No updated firmware (including patches for known issues) without an active service contract. In this case it's vendor-specific hardware running vendor-specific software. I could understand possibly holding back new features, but what about fixing mistakes in the code I purchased earlier?
Linux isn't Unix, you fucking imbecile.
Unix World was correct, Unix is dead. Other than MacOS on the desktop, Unix based operating systems are a niche.
And _still_ no patch for Windows 2000. Those heartless bastards!
If we also just disconnected every xp machine, they'd be safe too. If you've written any software and then looked back at it 10 years later and thought,"nailed it!" Then you're lying to yourself.
No.
Next!
If you want to drop all support for your OS, you have to drop product activation and all that other crap that makes it difficult if not impossible for me to tweak and rebuild the system to my needs.
I don't expect support forever, but I do expect the right to continue using my license forever.
Never had a virus outside the lab. (And the lab story is still told.)
Tracy Johnson
Old fashioned text games hosted below:
http://empire.openmpe.com/
BT
20170516 I understand why folk should update and I do so on most machines, however some machine tool manufacturers - no longer in business - used XP to run the machine tools they supplied. Computer inside machine control is an XP system with drivers only for XP. Thus These machines are and will be working on XP for about next 40 years! [Machine tools have a life of upwards of 60 years in manufacturing plants.] Inability to keep XP running due to drivers for machine tools ONLY being available for Windows XP, means they have to keep XP working.
At one site. value of machine tools about USD $400,000 by 3 machines, value of XP USD 40, Value of drivers on XP specific machine tool drivers equates to machine tool replacement costs (modern equivalent) about USD 1.6 Million each at current prices. NHS has similar problems as drivers for some medical equipment are XP specific.
NHS did not learn to obtain a certified copy and source code of drivers (oh! proprietary - you can not have) so in event of supplier demise , they could rebuild the drivers onto an XP system. Likewise the machine tool using guy I support.
Regards Eion MacDonald
they can just offer free upgrades for existing users, companies are more apt to spend the money on implementation if they aren't spending on licensing.
Microsoft doesn't care about the XP systems. The reason they felt the need to push an XP update this time is because this piece of malware propagates peer to peer, and thus infected XP systems threaten the systems that Microsoft DOES care about.
Microsoft is still selling software they know has defects. Every software vendor is. Software made to NASA standards would cost far more, and it wouldn't surprise me to find defects in NASA software.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Sell a truck that does not run? Fraud
Sell a lawn mower that does not cut grass? Fraud
Sell a scalpel that will not cut flesh? Fraud
Sell an operating system with holes and NOT fix them? Fraud.
By applying this patch they agree to upgrade to Windows 10, pay Microsoft for every OS release between XP and Windows 10 at retail price. They also agree to any monitoring Microsoft deems necessary to prevent a future non payment for OS upgrade. They also have a right to any video feeds, data on any machine in the house.
Click here to agree and install
Next screen - "are you sure you agree? Yes"
No it doesn't really say this... what if it did.
Do you require the services of a hacker for your general ethical/unethical hacks?,contact leehacks92@gmail.com,he’s time conscious and reliable,he’s the best i’ve worked with so far..check him out and you won’t be disappointed,serious enquiries only!!
I have a suspicion that your Ford dealer isn't going to repair the faulty fuel system on your Pinto.
Two of my imaginary friends reproduced once
* Zeynep Tufekci is a woman.