We're talking people who still wear wigs and gowns and consult laws on parchment, using anything from the 20th century is still progress.
A critical crown court IT system and thousands of laptops used by the UK's Ministry of Justice run on Microsoft's obsolete and unsupported Windows XP operating system, The Register can reveal. As recently as March 2019, the ministry was paying hundreds of thousands of pounds for a VPN to support 2,000 Windows XP laptop users …
Well, I think the wigs are now optional unless the judge insists, but vellum has a proven track record as an archival medium, which is more than you can say for most of the alternatives. In fact, archival paper is now used, which has not been universally welcomed*. But both are rather more durable and low-maintenance than technological alternatives.
*Caution: Daily Mail synthetic FURY!
A question which also must be answered is if supporting another OS would be cheaper.
Are we looking at two thousand hardware upgrades? Do they replace replace the hardware and the OS when they fail?
Also, when MS' cloud wobbles, does the court system fall over?
What causes more issues, a non-internet connected host which hasn't been upgraded, or upgrading all systems?
I know it isn't great and the cost is probably lunacy, but there may be mitigating factors.
Vellum as an archive system is still horribly modern compared to the time honoured system of incised stone. Where would we be without the Rosetta Stone? Unable to read Egyptian Hieroglyphs on stone or papyrus (the latter functions just fine in a nice dry cave or tomb in a desert environment. We also have lots of ancient words on stone or baked clay.
The Ancient Babylonians trained their scribes by having them transcribe The Epic of Gilgamesh which was classical literature to them dating from ancient Sumer. We know the Epic from millions of clay tablets excavated from city mounds in what is now Iraq, ancient Mesopotamia.
You cannot beat incising things into hard stone. Sandstone in some parts of the world is fine if it’s reasonably protected from the environment. Here in the UK we would use granite which will outlast vellum by millennia.
It would not be difficult to make a computer controlled machine that would automatically mill the words of a document into stone slabs - and add photographed signatures if requited. Storing them in a filing system that was easy to access might be a problem.
Though these days I would venture to suggest that storage on conventional digital media, with many copies distributed over many different locations in the World, and refreshed by copying to replacement storage media every decade or so would seem to provide an everlasting archive that would have far better disaster recovery qualities than vellum stored in a non-fireproof or bomb-proof building.
"It would not be difficult to make a computer controlled machine that would automatically mill the words of a document into stone slabs"
I have no doubt that at least some if not most grave stones are engraved that way nowadays.
WHen I had to have several grave markers made in 2007, the stone masons ceratinly had an automatic engraving machine available. I think it was a little limited in its capabilities, but it was definitely a thing!
A few weeks ago I visited the local archives to see some deeds from the 1200s. Apart from an ink spillage on one of them, probably a few hundred years ago, they wee fine.
Probably the Mylar film I used to use about 50 years ago is OK, it just hasn't had the same long testing as parchment.
>Probably the Mylar film I used to use about 50 years ago is OK, it just hasn't had the same long testing as parchment.
Back in the early 80s we built some kit for British Telecom. The firmware had to be supplied to them as source on mylar punched tape. It was the only medium with a guaranteed shelf life. They were right, of course, because the code was developed on an Intel MDS-II which used 8" floppies. Good luck trying to find something that could read those these days.
Last I looked, there were still both commercial and hobbyist sites demonstrating recovering data from 8" floppies. Even if there weren't, this is the sort of thing that people who post to sites like Hackaday do for fun. Reconstructing an 8" floppy drive isn't that hard; they weren't terribly sophisticated mechanisms and the tolerances are huge by modern standards.
The real question would be how well the media had survived.
"The real question would be how well the media had survived."
My experience is that 5¼" are probably still readable but good luck with a 3½".
Partly it's because 3½" were mass produced commodities whereas 5¼" date from a time when the price of a disk meant it could be made to a decent standard. They're also well spaced out - so there's no interference. (And the older stuff is single sided.) And because the tech was rudimentary it was written using a fridge magnet (in terms of strength of signal and signal area) in order to accommodate the varied tolerances of drives.
I imagine all that applies even more to 8". If its been well looked after, there's probably recoverable data.
Indeed you are, and by 2045 you will probably have finished upgrading your laptops to Windows 7.
Oh, and I sincerely hope that all your bluster about the security you have means the biggest darn firewall in the country, because if you think you can secure an XP laptop, you're going to be in for big, unpleasant surprise.
It's easy and probably somewhat justifiable to throw stones. However if the system was actually simple to upgrade, presumably they would've already done it.
As any IT fule (but perhaps not all lawyers) no, there are plenty of reasons this might be more complicated & nuanced than just upgrading the desktops at your law firm. For example, if it's an audio recording/archiving system there might be hardware support issues.
" if the system was actually simple to upgrade, presumably they would've already done it."
We're talking windows desktops here not a custom implementation of SAP. The difficulty in upgrading is almost certainly procedural or budgetary rather than technical.
Also... Any new hardware they have would be win 10. Any old hardware would be win 7. XP means hardware pushing a decade - surely already written off on any balance sheet, which means that for years they have failed to do their budgeting properly.
The problem may still be technical, as well as budgetary. The system may use proprietary software (and possibly hardware) that is not entirely compatible with Windows 10. This software may no longer be in active development.
That's not to defend the courts service. Microsoft announced the end of Windows XP support a *long* time before it ended. The courts service should have had plans in place to either update their infrastructure, or mitigate the effects..
"The system may use proprietary software (and possibly hardware) that is not entirely compatible with Windows 10."
Quite. Despite our friend's snide comments about parchment one of the problems with digital archives is that you need to be prepared - and able - to migrate your data to new formats as well as updating H/W & S/W.
"Also... Any new hardware they have would be win 10."
I get regular demands to install older software on newer hardware. We even have some crap running Win95, because it needs to (and no, I can't just run it up in a VM instead, it's controlling a lathe)
MS have "cleverly" circumvented this by ensuring the latest intel CPUs and chipsets don't have drivers for the older OSes, which is a good foil to those demands, but I can assure you that it's still possible to install older OSes on that newer hardware if people are really determined enough (or run up in a container inside WIn10)
IT security at the MoJ is one of the lesser ways that the plastic bag full of nails leaks. Nowhere near enough checks/bounds and the windows debacle is only the tip of it.
I spoke to somebody at a trade show who had a video with what looked like Win 95 (which was EOL by this point) running on a computer. He admitted to running an out of date OS because the software was mission critical for one area of the business. However he said the machines it ran on were air gapped and the custom software refused to run properly on XP. They had the software developer working on it daily until it was fixed.
I said that I believed him and it was only EOL by a few months. I said he might just want to tell people that the video was quite old instead.
"After long and hard negotiations with the Treasury, the minister is pleased to announce that the first tranche of the IT replacement programme will take place from September this year, which will see 25% of the current long-service Windows XP laptops being replaced by a cost-efficient modern alternative computing device, the abacus. Court staff will be able to request training on a limited-place basis, starting from April in the subsequent financial year. The second 25% tranche is pencilled in for the following September."
1. commitment to traditional values and ideas with opposition to change or innovation.
"proponents of theological conservatism"
2. the holding of political views that favour free enterprise, private ownership, and socially conservative ideas.
"a party that espoused conservatism"
NB: I love the second, slightly circular, definition, suits them well.
"That is not
necessarily even REMOTELY close to an update."
fixed it for ya
(I happen to think that XP is _SUPERIOR_ to Win-10-nic in nearly EVERY way, except for any bug fixes that are still needed for XP)
Feature creep = BAD
stable and consistent = GOOD
Why coouldn't we JUST HAVE the stable/consistent windows and NOT be FORCED to accept the "feature creep" of Win-10-nic???
I miss XP. I liked XP. I think in MOST ways it was better than 7. Add multiple desktops and the bug fixes and hardware support [minus any REQUIREMENT-FOR-KERNEL-DRIVERS-TO-BE-SIGNED, *that* is *EVIL*] and XP would _DEFINITELY_ be SUPERIOR to Win-10-nic!
I know you had XP64 but it was shonky as shit.
I used XP64 for a while ... it seemed fine to me.
I wasn't trying to use any particularly off-the-wall hardware, for which drivers might not have been available, but as an OS for a fairly standard desktop workstation PC of the day it worked well. Not remotely shonky, and far less shit than most MS offerings since.
"I know you had XP64 but it was shonky as shit."
I have been running XP64 Professional for many years now. It is not shonky, it is stable and does everything I ask of it. Plus the fact that it is now a minority O/S, and therefor not as big a target for malware as it used to be, most of that is directed at later O/Ss such as 8.0, 8.1, and of course W10. I run a well known anti-malware suite, and have never had any infection that it can't deal with, and certainly never suffered from a DoS attack. I will not let W10 near my business, I would rather migrate to some other O/S, with which I am not yet familiar. Steep learning curve there, I wouldn't be surprised.
If it won't run on newer, newer is useless.
XP was the last OS SOME of our software could run on, everything newer broke something.
Luckily Vista was so unloved that XP held on lopng enough for the WIN32 rewrite.
But we still find the odd XP and a module from our old DOS software running somewhere in the dark corners of a factory.
(Our DOS16 and WIN32 use same database server)
Win32 rewrite? When do you think that was?
I've seen the Win2000 shell code and compared the dissembler and callstack from Win7.
Mostly, the dissembler is what you expect from the Win2000 source. Key difference can be seen in the callstack, there is a load 'async helper' stuff (undocumented) at the top.
There is a few interfaces (not all documented....) but at least what I looked at was no rewrite. Just a turd polished harder.
Win7 was better on multicore than Vista because they made what they could asynchronous.
The WINE source for same stuff is wwwwaaaayyy cleaner.
Write between Win7 and Win10, I doubt it. Main different was building in spyware and 'modern' theming and desktop.
Big software systems can take a decade to rebuild, I have been here nearly 30 years and each software version environment has a life of around 15 years.
I am still doing daily development on our WIN32 system which was started quite a long time ago, the DOS16 system was developed from mid 90s to mid 2000s, and used up to about 2010. WIN32 version started when we were running on XP.
I started when the current system was CP/M.
I had to write a majority of both the DOS16 and WIN32 systems
It sounds like your/the industry needs to stop relying on OSes that will obsolete in the time it is expected to provide for, and that are unable to be protected without vendor patches. Especially if it's an embedded or solitary environment where I can only fathom it would be superior to use an open source, say, RTOS or *nix. Or even stick with DOS and use FreeDOS! Because even if your base gets obsoleted, you'll have the tools to keep it secure. Personally I can't understand how anyone can develop on the crufty code vomit that is Windows, no matter the version.
Less about your tribulations as a maintenance programmer... Why are you capitalizing WIN32? And DOS being 16-bit is fairly self-explanitory, no? Especially with your timetables.
Just my 2¢.
Upper case because the APIs are done like that
Customers insist on certain environments, otherwise they go to your competitors who do.
In the real world of software your write what people want, since we were late to Windows we lost a few sales despite having better software.
And with big systems running multi million pound industries, and software always treated as the minor party there is not the money to employ vast teams of programmers.
This is just the real world.
I made the mistake (it generally is on Twitter) of reading some of the original thread & associated comments. Which mostly seemed to be from members of the law rather than IT profession.
One person claimed "lots" of the NHS still uses Windows 95. On further questioning it turns out this may have been one particular radiology system. So:
1) Not "lots" then
2) If it's an MRI scanner costing millions of pounds then, yes, the NHS might well be justified in not buying another one just to move to Windows 10 or whatever.
The "picking a different component" means spending those millions on replacing H/W and still find that its replacement still has the same generic problem: expensive H/W is expected to have a life exceeding that of a typical O/S.
It's also not straightforward demanding support includes updating to a new O/S. Firstly the certification will be based on the original configuration and it's not going to be feasible to re-certify every patch Tuesday. Secondly the expected life of expensive H/W might also exceed that of the original vendor.
The expected life of the expensive H/W might also exceed the life of the H/W running the S/W. Even if the vendor excrows a few original motherboards per unit by the time they're needed the caps might have dried out.
"Sure, that's another £250k for a replacement instrument."
That sounds familiar. So to save the £250k, stick a small, dedicated firewall/proxy between the instrument and the rest of the network (even if it's a 'private' network not exposed to the Internet) and limit traffic to and from the instrument to the bare essentials. £1k tops and you never have to change the firewall rules because the instrument's requirements never change - because you never upgrade it. You will need to change/maintain the list of machines permitted to access it.
icon: is this isolated enough?
Reminds of the work I did at MOD locations in the early 90's when the base networks were 'air-gapped'.
We had Apricots with the lockable/removable hard discs that were removed and placed in a combination locked filing cabinet whilst eating silver service lunches in the Officers Mess with the Major. Could never get used to drinking brandy during daylight hours. Then DIGITS ruined everything......
Yep, that's the solution. I've seen this with CNC machines controlled by Win95 and WinXP consoles. The machines cost a fortune and still work fine, so much cheaper to heavily firewall the controller PCs than replace the CNC machines.
My wife also has a Win XP machine in her university research lab. It's not networked and is there to run an old but expensive 3D motion tracking system. Of course, if she had £60k laying around she might replace it, but as long as it isn't networked then it is fine and still ticks along nicely.
Of course when you're running 2,000 XP laptops then you're likely to have bigger problems than the odd firewalled or standalone system controlling an expensive and critical bit of hardware...
We didn't use firewalls for our CNC machines, we used a network 3 position switch. It was completely cutoff from the network when the switch was set. We only changed programs occasionally, and it only took a couple of minutes to download the program. I'm sure the server was probably air gapped from the web as well. There may be G-code hackers out there, but I've never heard of one. SCADA yes, PLCs maybe, but not G-code.
Everything else ran on punched tape - so no problems there.
> When asked about upgrading the attached PC, the vendor says "Sure, that's another £250k for a replacement instrument."
We had the same response from Ericsson about a PBX - closer inspection revealed the attached PC was ONLY there to run Hypertrm. We couldn't "detach" it, but we could remove its power supply and plug the serial cable into something else, so that's exactly what happened.
Most scientific instrument control ‘puters are well air gapped and not networked. You have to take a storage medium to get your data off them. I rarely even noted which OS was in use, the proprietary software running the machine was all you had to deal with.
Why would I network a microscope or a real time RT/PCR machine or a desktop robot for gridding out samples on multiwell plates? (all real situations I have encountered). The damage you could do to a networked desktop robot, let alone the wasted resources in plates and pipette tips.
It helps to be comfortable with macro programming environments since that is how most of them run. On the robot for eg you could use a template which you then modified or assemble subroutines. A knowledge of logic especially Boolean is all that is really necessary.
I cut my Boolean teeth back in the day when the latest literature came on a set of monthly floppies by post. I had a nested Boolean search string to find articles of interest it would start Musc* (NoT smooth or cardiac or muscarinic) cf my monniker.
>Hopefully your storage medium isn't that stick you found in the car park.
This is only important because Windows executes code on removable media by default. Normally that stick would just have junk on it which would get formatted......but since high quality, high capacity USB memories are really cheap why bother with a random one of unknown parentage?
(Incidentally, the IT response to making files executable by default is to stop the USB interface from loading drives. One more nail in Windows's coffin.)
>Or a 5 3/4" floppy...
They're a bit inconvenient but you can get 3.5 floppy drives with USB interfaces for next to nothing and could probably adapt it for a 5.25 is pushed. CP/M formats are a bit of a problem but Uniform still works.
This is only important because Windows executes code on removable media by default
Well, yes and no.
Yes, executing files on removable media is bad.
No, it isn't the only issue.
Devices attached over USB can advertise themselves as all sorts of things, such as a mountable file system, or a security dongle, or a keyboard, etc. It's a combination weakness of USB, and the OS not asking before using the device. This isn't straightforward to fix. For example, if you plug in a USB mouse and keyboard, you don't really want to have to click on the 'OK' button on a dialog before you can use them. Not without a working mouse and/or keyboard, anyway...
"high capacity USB memories are really cheap why bother with a random one of unknown parentage?"
In reality you're not going to use the storage medium once, irrespective of how cheap they are. That stick is going to go back and forth between your allegedly air-gapped computer and one that isn't. When that happens you don't really have an air-gapped machine at all.
Indeed, it seems weird keep repeating that the NHS was vulnerable because of XP, when in fact almost the exact opposite was true. Obviously XP is vulnerable in general so not a good idea to use it, but in that specific case even the hackers considered it too obsolete to bother targetting.
We have some mainframe tech kicking around somewhere. There's a group of people think this is a security risk because it's old. There's another group of people who disagree because it's barely networked by modern standards, the market for exploits on these systems (compared to, say, AWS, Windows etc) is small/non-existent, and relatively few people have the skills.
The question for you (to ask your two groups) is : if the mainframe gets hacked what are the dangers to the firm/customers.
If that mainframe carries the keys to all of your companies bank accounts, then it is a security risk, because even if the risk of exploit is small, the cost to the company could be huge.
if that mainframe carries the code to open the garage door then its not a security risk because frankly who gives a toss if it gets hacked.
Obviously, those are the two examples at the extreme ends, and naturally your data will be somewhere in the middle. But you need to way up the risk of getting hacked (low) with the damage that would be done.
As another example, if that mainframe carries the source code for your company's proprietary product and if that gets stolen, a competitor can drive you out of business, well then you probably want to add more security, because even if the chances of being hacked are low, because of the technical obsolescence, and the chances that the source code could be understood and utilised by a hacker are even lower, the risk to your firm is catastrophic. in that case, you dont take chances, no?
"There's a group of people think this is a security risk because it's old. "
It's a security risk because it's likely to FAIL, there's always something critical on it and getting parts is _hard_ - we have this conundrum with our VMS systems
You don't need to be hacked if a burned out PSU makes the data inaccessible to to the formats being unreadable on anything else.
There's a reason large organisations - the NHS also being a good example - don't just upgrade an OS or other software whenever it becomes available.
As a case in point a lot of intranet applications used by the NHS were developed to work in IE 6, on XP. It's not as simple as upgrading an OS and/or browser because the applications would have to be meticulously tested to ensure they worked on that platform. If they didn't then there's redevelopment cost, possibly with re-training. For tens of thousands of users. These are applications that are heavily integrated with their organisation.
The counter-side of a story like this would be, if they upgraded to say Win 10, and then something catastrophic happened... they'd still be being told they didn't have a clue what they were doing.
It's not always a case that upgrading to a new OS magically stops any problems happening. In some cases it can introduce more problems.
"a lot of intranet applications used by the NHS were developed to work in IE 6, on XP"
I'm sure someone, somewhere, around 15 years ago said hey, maybe we shouldn't be locking ourselves in with this architecture, and got ignored or shouted down because 'quick and easy' and 'works now' usually trumps having to spend a bit more time and money on maintainability.
Or, as is also typical, these systems had an expected shelf life of 10-15 years but in practice they'll be held together by gaffer tape and voodoo magic until the zombie apocalypse
I'm sure someone, somewhere, around 15 years ago said hey, maybe we shouldn't be locking ourselves in with this architecture, and got ignored or shouted down
Yes, that was me, back then, IE, activex, flash video crap was the new dead end, whatever you did, whatever you wrote did not matter, there was always a Vicky Pollard saying "because corporate policy" or Carol Beer saying "Computer says no" :
Later, when in Windows Vista IE changed versions, they could not use it and had to remain on XP ... because corporate policy ... had they ONLY listened ... but guess what ? They are still not listening. Ohh, we desperately need SSL 3.0 support because, well ... corporate policy and you know, it works ... we are enterprise so we just cannot do it corporate policy ... what, other companies have enterprise systems using TLS 3.0 ? Well, we have only just received funding to TLS 1.0, yes we know it is deprecated, but "corporate policy", rollout planned for 2025.
No, MickeySoft, we are a customer of yours, so you cannot turn off TLS 1.0, how dare you, we have not even rolled it out, yet!
> there was always a Vicky Pollard saying "because corporate policy" or Carol Beer saying "Computer says no"
The response to that is easy: "Please sign here to say that you understand and accept full legal, financial and potential criminal liabliity for your decision, are ordering the situation to continue as is and understand this this liability might follow you even if you leave the organisation. If you refuse to sign it, then I will note that you have refused to do so but are still giving the orders and my colleagues will witness that notation."
You can of course put it less confrontationally but putting the jobsworths in a position where THEY are in the firing line usually has the desired effect.
Nobody laughs in my face twice, and calling me a pompus idiot, would see me straight to a tribunal.
"A years salary? Why thank you..."
One idiot I worked for thought himself a proper bully, and was shocked when I just walked straight out the first time he tried it on me...
I get that life if difficult at these times, but self worth is much more important.
I wasn't there at the time (15 years ago), but I think that using ActivX was the only solution to have the browser communicate with a software installed on the machine of the user. But it also means our users have been stuck with IE to use our software since then. We might be able to push support of another browser later this year, after years of asking the PHBs the budget to do it.
Your partially right there. You cant change things at a whim in a large organisation.
The end of security updates for XP was announced a couple of years in advance. There is zero excuse for the IT team of any large organisation not to begin preparation for a change of OS, and the associated rewrites, program changes, and all the other pains associated when you have years of warning.
You start by choosing which OS your going to (Win 10 i would guess in this case), then with a couple of test machines, you try all of the programs used in your organisation. mark down those that work, those that can be upgraded and those that don't work, and start working through trying to find solutions or replacements. You then start propagating the changes out one department at a time. And fixing the errors that arise in each department in turn.
It would be perfectly acceptable if an organisation is running late with this, but there is zero excuse for not starting in the first place...
"There is zero excuse for the IT team of any large organisation not to begin preparation for a change of OS"
I know it's unfashionable these days but the first step of that is a feasibility study. The second step might then be a it of CV polishing. Alternatively submitting an estimate might be the second step in which case the CV polishing comes third.
"As a case in point a lot of intranet applications used by the NHS were developed to work in IE 6, on XP. "
Because apparently NOBODY had heard of w3c standards and why they might actually be a good idea
(The number of times I heard "IE6 _IS_ a standard!!" defies belief - the best way to respond to it was to ask which international standards organisation had documented it and then ask if the idiot making the statements would like to face discrimination complaints because partially sighted users couldn't use their websites - something best done in front of higher management because if the web dickheads didn't get it, upper manglement did)
The blindfold was a 16th Century invention. Prior to this the "impartiality" aspect was considered to be portrayed simply through her maidenly form. Quite how that works I'm not sure, probably to do with a mother not having favourites amongst her children or something like that, but there you go.
Source: Guided tour of The Old Bailey a few years ago at an Open London event. (A paid for tour, not the "put these bracelets on sonny and only speak to the judge when you're spoken to" type of guided tour).
"the ministry was paying hundreds of thousands of pounds for a VPN to support 2,000 Windows XP laptop users – news that comes as the department admits that a critical court IT system is also running on XP boxen."
Please can we stop pretending the cost of...
1. Rigorously testing existing applications on a new OS
2. Redeveloping applications if they don't work
3. Re-training users regarding updates
... is £0?
On a critical system, that works.
I'm not advocating that they shouldn't be proactive with regards to upgrades and progress. But it really, really isn't this simple.
3. Re-training users regarding updates
I find it odd how users could magically retrain themselves when it comes to Facebook/Instagram/Twitter/$ANTISOCIAL_APP/$PHONE_OS updates and major UI redesigns ... but not when a work system changes something ever so slight ... like Windows updates prior to Windows 8?
Like seriously, is the difference between XP and 7 even close to enough to reconsider retraining?
You've made a mistake here which has proven my point: considering any of this equal to a home or social user.
It's ok if people screw up doing something recreational because of a UI change when using Twitter/ Facebook/Instagram, or any other non-critical application.
When it's an application that could have serious consequences (life or death in certain cases) then yes, re-training users is often a requirement, and rightly so.
You've made a mistake here which has proven my point: considering any of this equal to a home or social user.
Not so fast:
It's ok if people screw up doing something recreational because of a UI change when using Twitter/ Facebook/Instagram, or any other non-critical application.
A critical application isn't something that would get many changes and is something that is not supposed to get so many hands on it that retraining its users is a hassle.
Think of a hospital application, since life and death were mentioned.
A hospital application that allows the janitor to prescribe controlled substances is seriously flawed. And a hospital application that has its UI changed with every UX fad is also in deep need of a reality check.
TL;DR: critical applications should not suffer from the issue at hand, unless that critical application is incorrectly implemented.
"A hospital application that allows the janitor to prescribe controlled substances is seriously flawed."
You've just triggered a memory from long ago. Back when prescriptions were mostly on paper new classes of prescriber kept getting introduced and our standing joke was the car park attendant prescriber would be next.
I get your point, but to be wilfully adversarial, I'd suggest that it's quite possible to post something to FB or any other social media platform that would gain the attention of the plod, and result in your own liberty being deprived at Her Majesty's pleasure. Kiddie porn being the most obvious example.
@Loyal Commenter what an utterly bonkers analogy. If someone posts that kind of material then they fully deserve to be prosecuted!
And what the heck has that got to do with the original point about needing to re-train users due to UI/workflow or other application changes?
I believe @Francis Boyle's point was that a mistake in the general (i.e. not illegal) use of Facebook or some other such social/recreational application doesn't have as far damaging effects as if someone makes a mistake on a mission critical application because they haven't been made aware of changes.
"I find it odd how users could magically retrain themselves when it comes to Facebook/Instagram/Twitter/$ANTISOCIAL_APP/$PHONE_OS updates"
back in the 1990s I had librarians rebelling because they had to switch from Netscape on Macs to IE on PCs - because horror of horrors they couldn't cope with the UI changes....
Bear in mind that actual qualified LIbrarians (which these were) generally pride themselves on being well-educated and flexible - but the thought of a slight change in the way they interfaced with computers really was "too hard to deal with"
I think his point was at home they can but at work they become incapable. I've seen it my whole career - which is more decades than I care to admit to.
Recent example: We upgraded our ERP solution to their latest release, which was incremental for us. There were very few process changes -but- the icon for the shortcut changed and the color scheme changed. You might be surprised at how many of these professional users had conniptions. You might not if you have supported users first hand for very long. BTW, many of these very same people had boasted about buying iPads for home to replace their WinTel laptops in the recent past...
"There were very few process changes -but- the icon for the shortcut changed and the color scheme changed."
What you - and the designers - haven't realised is that whose details are part of the process, especially if they've been set in the cement of a workplace manual that MUST be adhered to.
At one client we had a number of systems which worked similarly and used different backgrounds (MDI) so that the users could be sure they had the right application open.
@Waseem Alkurdi - "users could magically retrain themselves when it comes to Facebook/Instagram/Twitter/$ANTISOCIAL_APP/$PHONE_OS"
No, new users train themselves. Retraining never happens, when the technology changes the old users are sent to the retirement home, muttering about this new-fangled stuff they can't understand. Just look at the demographics of Facebook users.
>>If someone hacked into DARTS for content,
I wonder how easy it would be to hack in this case?
From the article it sounded like the XP systems were used for court recording, non-internet facing with access provided via a custom VPN? Which leaves a lot out.
I run into a lot of systems running old OS's and it depends on the context how much I worry about upgrading.
If they have a VPN, they're likely at least somewhat internet facing, if only to connect them through the internet to an internal network which doesn't itself have access to the internet. Even in that scenario, if the VPN gets disabled by accident (or on purpose), that could open them to attack, of which quite a few exist. But it's only supposition that the VPN exists for that purpose. Perhaps the VPN exists to protect the machines from access by devices on their local networks, but once it connects them in, they can still go online. In that case, more exploits are available. For example, I've worked at a place that had a rather paranoid VPN setup where it was impossible to disable it, being loaded as effectively a rootkit before the OS was run. But after that happened, I could still cheerfully go online and download malware. Of course they had other restrictions to try to prevent me from doing that, but the VPN didn't do that in and of itself.
Without knowing what people do with them and what exactly the VPN is for, it's hard to tell how vulnerable this is. And similarly, it's hard to know how difficult an upgrade would be without knowing what they're running on them. More information would be useful in this situation, so I assume we'll never get it.
@Bruce Ordway - "I wonder how easy it would be to hack in this case?"
Don't forget the motivation... if hacking DARTS could help someone avoid a 20 year jail sentence, then they might be willing to invest a sizeable lump of ill-gotten gains in the best hackers available.
All part of the context.
"... A fat tory barrister that gets made a judge when he reaches a certain grade of senility..."
There is the saying "if it ain't broke..." but in the end it comes down to money like everything else is this grey & benighted Isle. We're now into peak shithole people - embrace it, enjoy it. You have never had it so good is dead right... Because you ain't seen nothing yet.
It runs XP just fine, thanks. Microsoft and IT professionals the world over issued dire warnings of, what, impending doom, calamity, destruction. Look it's just for playing Solitaire and Minesweeper, ok? Maybe a bit of 3d pinball. That's about it. Get over it, I still like me old Sony UX533.
XP was a good OS in it's day. Compared to Win95/98/Me, WinNT4 Workstation and Windows 2000 Workstation, WinXP was superb. Was it secure? F*** no! Was it stable and reliable? Mostly. Was the GUI usable and easy to navigate? Yes, better than anything MS has released since. Did I love it,... no, but then I'm not the type to get all gushy about an Operating System. It's just a tool I use to do a job. Besides, it's perfectly secure if you never plug it into a network <LOL>. I have a laptop running XP that runs some software that talks to my cars multitude of ECUs. Does the job and the software version I have will not run on Win7 or 10. I suppose could buy the latest version of the software, but at £1500 I think they can take a ***ing **** off of a short pier with concrete shoes on.
"I was informed today that DARTS, the system which makes and stores recordings of all Crown Court matters runs on Windows XP - the operating system that is no longer supported by Microsoft and is particularly vulnerable to ransomware attacks (e.g. NHS)."
If Ben had read the report on the NHS randsomware attack, he would of known that it was the Windows 7 systems that were compromised not the legacy XP systems. Not saying that XP is wonderfully secure, just that it isn't as bad as some would like to make it out to be...
Biting the hand that feeds IT © 1998–2020