When free and open source actually means £6k-£8k per package: Atos's £136m contract with NHS England French outsourcer Atos has been charging NHS England between £6,000 and £8,000 for packing up popular free and open-source software requested by workers in the non-departmental government body. According to documents seen by The Register, data workers in NHS England have to request FOSS packages via their line management. …
and this was one of the reasons I left the IT dept at my CCG... because whenever trying to complain that low salaries = low skills the solution was to outsource it. Yeah, outsource the risk but still to low paid workers learning on their spare time. At least you have someone to blame though!
This post has been deleted by its author
Conspiratorial nonsense. Any contract formed on an unlawful basis is subject to confiscation orders for _the entire sum_, rather than merely the excess paid.
We don't need the old-fashioned tendering system since we made that change shortly before Boris became PM. If they give their cronies contracts at anything except market rates for market quality, we claw back the entire amount, including whatever was costs rather than profit. It has put an end to that kind of corruption.
We should have done it years ago, but unfortunately now we have done it, the usual dishonest politicians and journalists are lying about it to criticise other politicians and journalists they don't like.
(None of this should be taken as an indication I think Boris and his mates can't have been too stupid to realise this. But they'll lose a lot of money if they didn't.)
Thats bollocks. There are certainly enough skills in the UK where 20% of the work force is sitting idle and a very large number of software guys are underpaid or out of work.
At current salaries 6k is about a month, it doesnt take a month to package something for deployment. It might take a month to find a package system and get it ready so any package can be deployed with it.
If only the NHS was willing to pay them enough. As I said further up, I was in the infrastructure team of a CCG and I left because there was no money for software or hardware, no upskilling of existing employees, no salary increases, but plenty of stress and responsibilities to handle.
Of course, there's always money for the manager that outsourced and "reduced running costs".
6 k a month is 3 times what most of NHS IT get paid (before tax)
and tying to get tools or time to learn isn't a walk in the park.
most of the higher ups in the 2300+ organisations that make up the NHS don't understand that IT runs their business, and in order for them to keep creaming off their massive remuneration packages (they are far to big to be wages or salaries) they need to invest in sustainable, secure and resilient systems.
Quite often the retort is "I can get X nurses for that", but I'm not allowed to say that those X nurses will be sitting on their arses doing nothing, without the EMR, email, imaging software, archiving, etc.....
AC as i might get shot if this got out
...this is how (especially public sector) outsourced contracts are designed and written from the ground up.
Initially seem cheaper than your own staff. Great.
However, they are very precise in exactly what you can expect to get for that money and anything even vaguely outside of that prescribed detail, you pay.
As others have pointed out, this falls on the shoulders of the people who thought it would be better (read: cheaper) to outsource. They always look at the top line and miss the devil in the detail.
<<this falls on the shoulders of the people who thought it would be better (read: cheaper) to outsource. They always look at the top line and miss the devil in the detail.>>
You forgot to add: these people make sure they are not around when the true, actual costs of outsourcing are realized. By that time they have already collected their saving targets bonuses and have moved to another organization where they are treated as star innovators (and have agreed another huge bonus for doing exactly the same thing)
The cycle ends when they retire or move as executives of one of their outsourcing partners.
I once worked for a large metropolitan body and not only were there rules on approved software, but even hardware support was ridiculously constrained: no monitors over 21", for example.
So if you actually had a need for an unapproved piece of software or a larger screen you also had to acquire a separate PC and ensure it was never connected to the office network and take full responsibility for its maintenance and security. Of course, if you applied for the funding to do this it would be turned down because you already had a PC and why could you possibly need another one, let alone a private internet connection? And, also, where on your tiny desk would you put it?
And although it's tempting to blame the outsourcing system, the reality is that desktop PCs are fundamentally unfit for their modern role: they're a security nightmare and it's the responsibility everyone is desperate to outsource, not the service itself. There's also really no incentive to fix it because such a lot of kit is supplied now through outsourcing middlemen whose income depends in significant part on their role managing software updates, endpoint security and firewalls.
In other words, the industry is economically dependent on the persistence of its own shortcomings.
In what universe has this anything to do with IR35?
Outsourced contracts have had these types of service since forever, long before IR35 was even a thing never mind recent interpretation changes. This is how outsourcers make a profit, provide the basic service at or below cost, but charge through the nose for everything above and beyond the basic service.
> In what universe has this anything to do with IR35?
IR35 drives flexible, lower-cost, independent contractors into the arms of the big companies since it rapidly becomes pointless to be anything other than a paid employee with accompanying benefits.
The big companies then have to be used because of a shortage of other options and can continue to charge outrageous prices for simple tasks.
"...IR35 drives flexible, lower-cost, independent contractors into the arms of the big companies since it rapidly becomes pointless to be anything other than a paid employee with accompanying benefits.
The big companies then have to be used because of a shortage of other options and can continue to charge outrageous prices for simple tasks..."
Whilst some of that is true - IR35 is certainly pushing contractors into the arms of big companies like Atos, this deal and others like it were inked way before that kicked in.
As above, this is simply how these things are written.
It's like "clould" - you have to be very very careful to compare apples with apples, ignoring short term offers to use e.g. current licenses, or be aware that the costs have been worked out assuming everything is shut down outside of 40 core hours a week.
And then there's the assumption that HA, DR, Backup etc etc are all part of the headline price.
All compounded by the small (ha!) fact that in many cases, the very people qualified to tell you that you're about to cost your company/organisation huge amounts are the very ones you are getting rid of...so not much incentive, eh?
No we're NOT evading TAX. Sure we avoid it where we can as any sane person would do.
We don't get any of the benefits of 'real' employees. Holidays, sick pay, maternity / paternity job pay, job security, etc etc etc.
You would you avoid tax if the PAYE system let you, but you're clearly just jealous due to a headline rate that seems steep but in reality isn't.
Still that's the ignorance of a standard employee for you.
You were evading tax. You were always an employee. You should accept the benefits of being an employee, as well as paying the costs, now they're clamping down on your evasion and making you pay the costs anyway.
I have been a real contractor, and the tax evaders like you admit to being screw it up for people who are intended to get the tax breaks. Multiple part time employment != contracting. Temporary employment != contracting. Etc ad nauseam. You were evading, not avoiding taxes.
The quote at the end of the OA included the phrase "Such activities and costs associated are always carefully considered and are proportionate and are not on a per user basis."
A one off fee for packaging something like R (in such a way that packages can be added as required by the user - remember that means fetching code from CRAN and possibly compiling fortran/c++ bits) for the whole NHS or for a given network could be envisaged.
Anyone got more information?
I was getting at the management of packages/libraries loaded from within R from a local CRAN mirror once installed. The larger packages are compiled (fortran/c++) and so R requires gcc or similar on target machine along with sometimes java &c. The user needs the ability to install packages and that might also require firewall adjustments so as to be able to reach the CRAN mirror and so on.
So *some* work involved per site/network but I have absolutely no idea if that would be £8k worth.
This won't be packaging things for Linux, this will be packaging things for deployment on locked down Windows boxes in an enterprise environment via SCCM, Intune or one of the similar products. Most FOSS doesn't come with native MSI installers, plenty of it doesn't come with installers full stop and some requires compiling. So packaging in this sense would be compiling from source or repackaging a non silent installer, packaging all the pre-requisites, testing it, deploying it, etc.
The work isn't done by library devs at all. There isn't even a proper single standard for installing apps on Windows.
Each app has to be checked for suitability for delivering to a secured, locked-down desktop via SCCM.
It then has to be tested to ensure that it doesn't mess things up for the 15k or so users on that platform. Of which there are several flavours due to differences in organisation and departments.
It also has to be reviewed for security and privacy - how many times have we now seen where even a seemingly benign minor version "update" to an open source application has introduced insecurities and even malware or at least adware.
People need to stop applying consumer grade levels of "reasonable" to enterprise systems.
There is a VERY good reason that NHS England didn't fall foul of Wannacry or indeed that it has NEVER had a malware outbreak.
As I say, I agreed that the price seems excessive. But the price HAS to be more than zero.
There is a VERY good reason that NHS England didn't fall foul of Wannacry or indeed that it has NEVER had a malware outbreak.
Pardon me but, what? Someone has a very short memory...
https://www.theregister.com/2017/05/13/wannacrypt_ransomware_worm/
The software nasty has today ransacked the UK's national healthcare service, forcing hospitals to shut down to non-emergency patients;.... We're told 16 NHS health trusts in the UK were taken out by the malware.
https://www.theregister.com/2018/06/28/nhs_downtime_troubles/
These attacks included the infamous WannaCry ransomware outbreak in May 2017, while others fell victim to the Locky and Zepto malware, the most severe of which knocked systems offline for two weeks.
NHS trusts are not NHS England, separate organisations although the trusts do have to answer to NHS England. (That's right, there is no actual NHS with joined up services / practices, competition between lots of small parts under the same umbrella, that will improve things, all hail the ghost of Thatcher)
Erm..... and why would statistical toolkits or scripting environments like R and Python be deployed to 15k users when it's all of maybe a couple of hundred that have any use for them?
Installing all of the tools that anyone in the organization will need on all of the desktop machines in a big organization is a really horrible idea. If there's that much tracking and planning, surely someone realized that different groups need different sets of installed software...
packaging, testing, installing and supporting well i can bet that they didn't package it, install it or support it. They might have run a virus checker over it, but i wouldn't bet on it. Still I imagine there is a lovely paper trail of approvals so that must be worth something.
Agree, the issue here I think is not that Atos are charging - that's what they do and to be expected by any software consultancy. The issue is that the NHS chose to outsource this kind of work, thereby incurring such costs instead of covering them in house by salaried staff.
It sounds like whoever broke this story thinks that free software "just works" and doesn't need any work to install, test, validate, etc, seems like they're looking for a stick to beat Atos.
I have no connection with any parties in this story. Just seems like Atos are not necessarily the bad guys here.
It would be good to think that politicians would realise that "going digital" or being "data driven" involves more than making the announcement, showing each other PowerPoints about it and discovering the hard way how to handle more than 32K rows of data. They should at the very least work out what might then be their core competences - stuff that they shouldn't outsource but have in-house.
A story told to me at a previous outsourced gig, prior to outsourcing you’d just ask Fred to add a dns name for you, post outsourcing it needs an architect, pm, change request, 2 weeks of dead time and finally a senior bod, aka Fred, to add the dns name.
Suddenly 2 minutes work costs £1k.
The more muddled the process can be made to justify the costs the happier the client paying the bills is. After all it’s about relationship management and so long as the contract is followed that’s just the cost of doing business.
While I certainly won't disagree with your statement, what I will say is that things are actually a lot more complex than you are making out.
Just because "Fred" used to do it does not mean that Fred didn't have a cost to the business. Indeed, during my contracting years, I've seen plenty of permanent staff who's £50k+ pa salaries (= £75-100k actual cost to the business) were far from justified.
Not only that, but such changes often happen uncontrolled resulting in even larger costs downstream when existing architectures have to be "rediscovered" in order to make a necessary change.
By all means lets criticise the extreme overheads and greed of the big consultancies, but please let's stop pretending that insourcing has no cost for things like this.
There was a cost associated with Fred doing this thing, just as post out source there was a cost associated with the architect, pm etc. Less people involved before change means less associated costs for those people being in the change.
Another popular out source swindle is towers.
Suddenly Bob is no longer able to do the firewalls, switches, routers, proxies, load balancers etc, he can only do 1 of those and engage other colleagues for the other bits. Suddenly the cost goes up as more people are involved to do what Bob did by himself.
Also time and complexity goes up as so much hand over between individuals.
Funnily enough I'm encountering exactly this except his name isn't Bob.
He's a firewall specialist but also did a lot of work on load balancers as well as other bits of a pretty complex network
Got transferred over to a new contract owner (tower) and now has been pigeon-holed into doing only firewalls.
It's one thing to have casual, ad hoc procedures, and another to have defined processes, accountability, and so-on. The former is cheaper until something goes wrong. The latter is vulnerable to over-regulation of simple matters. Either is only as good as the people implementing things.
Someone has to design the systems and processes, which is a hard job. If they're badly defined, or the process is inappropriate, often everyone's hands are tied until the rules are rewritten. Not sure 'management' has a lot to do with it, much of the time - unless they're misreading or misapplying the rules.
"It's one thing to have casual, ad hoc procedures"
who said anything about casual ad hoc?
Fred always fully complied with company procedure and did change control etc etc. Just a bunch of other people in between the requestor and Fred and non adding any value apart from cost to the customer aka profit to the outsourcer.
That bill is what a week or at most two weeks of an on-shore person's work at what Atos bills them out?
Something complex like R probably isn't just "install r" but all sorts of various add ons to provide various capabilities. They need to determine what pieces they need and therefore which packages to include, make any changes to configuration to deal with peculiarities of their network, integrate it with logging/monitoring (i.e. if they want to know how many people are using it and how often in case someone later says "we need a commercial package instead") and test the deployment to make sure it installs as desired when pushed through whatever Atos uses to deploy systems and update existing ones.
I mean sure it costs less for one of us to do than what Atos is charging, but they are in business to make a profit, not break even. Anyone who has ever been in a managed services environment knows how things go. You cut your bid down to the bone to win the client, and the account goes badly into the red the first couple years until you get things running smoothly. At best you break even over the life of the contract as stated. Where you make the money is on change orders, things that were forgotten in the initial contract, and new stuff you decide to do that wasn't envisioned when the contract was written. This deployment is part of that "new stuff".
In a past life I was an Application Packager and SOE / Deployment Engineer and after converting those prices to my local currency these prices sound pretty bog standard for outsourced packaging. Prices in my market range from about 5000-7500 GBP per application, based on 2 weeks of engineer time at between 75-100 GBP per hour.
I'd understand to ask for two weeks to create a custom package based on sources that has to be compiled into a binary, installed to a non standard specific location, set some environment variables, etc.
But 2 weeks of engineer time to donwload a binary and create a package that invokes the installer bypassing user prompts is simply either fraud or using a very, very, incompetent engineer.
> But 2 weeks of engineer time to donwload a binary and create a package that invokes the installer bypassing user prompts is simply either fraud or using a very, very, incompetent engineer.
You've clearly never worked in a large organisation. The reason it takes 2 weeks is because he has to write a plan first; select a packaging template; confirm the user requirement; confirm all the possible deployment targets (one app might need 3 or 4 packages); attend some stand-ups; do the packaging; document what has been done; get the documentation reviewed and approved; liaise with the tester; attend team meetings with his manager arguing over the relative priority of this work versus something else another customer is complaining about; continually make notes as you may be pulled off at any moment even though it would be more efficient to just get on and JFDI; and finally fill in his timesheet. Then add the manager's, test manager's and tester's time.
I agree it looks about normal.
Could it be half the price if you retained and kept your own skilled staff to do this inhouse? Yes
However, then you can't ditch them all as quickly in tough time (not that half the idiots writing outsource contracts get that bit right either) and you have all the employee overheads to deal with.
Once you work out a proper packaging, test, and release management cycle it tends to add up quickly. Especially if you don't invest in skills and standardization to automate lots of the process.
Anybody that say's it's easy and cheaper hasn't done it at scale with the kind of weird shit issues that always seem to crop up because the vendor didn't make their application easy to deploy or configure at scale.
"If you're an IT manager who hasn't touched anything other than packages of Microsoft stuff in years, then one of the simplest ways to de-risk the process is to outsource it."
Actually the risk still exists, you merely move the financial penalties to another party. The underlying risk will still exist in your organisation, you're just making someone else put their name next to it in return for some money, and hoping that they can do what they say.
Sure, if it breaks badly enough you get some money back, but it's still broken, and you're more than likely relying on your "service partner" to fix it now
hmmmmmm bit misleading this, the old open source so it's "free" the software might well be but supporting it packaging it installing it ISN'T. Now you can argue the toss over whether it costs the amount claimed to do the install but thats not really the point. R is a fairly easy package and install job but other bits fo software might not be, and you're not going to have a ranadom pricing scheme where each request is priced up everytime you're going to have a fixed price, thats how much it costs approach.
I've had the misfortune to have to support Dr surgeries and other elements of the NHS such as CCG's so I suggest that Dr Marcus Baw focused on the other UTTER shit shows that go on in NHS IT (especially the wild west that are GP surgeries) rather than commenting on this, you stick to medicine let IT pro's stick to IT.
And hospital IT is even in a bigger state, we all know the NHS runs on Excel spreadsheets because clinicians haven't got a bloody clue how to do basic IT tasks nor do the people they get doing the admin so out comes Excel! My wife works in medical device supporting thousands of devices in some large hospitals, the tails she can tell! Thousands of devices managed in multiple spreadsheets and even tables in word, despite a management system being available to use to manage the devices, but the hospital doesn't want to use it! Thousands of patients down as still using devices but the patients are dead but still on the "system" (spreadsheets) hundreds of devices costing several hundred £ each where the hospital hasn't a clue where they are! And this is just at one of her hospital accounts!
Large trust bought hundreds of Dyson fans, because... Errr, no idea. Now all sat in cupboards
Desktop support are not allowed to move a pc from one desk to another, that's facilties job. So IT unpatch, facilties move, IT repatch.
Old pc's, desks,chairs lockers, fridges, in fact every thing is scrapped. This us not even clinical areas.
Source:
Friends and relatives in IT, clinical and non-clinical roles.
Depending on the app, it would take between 1 hour and 1 week to create a fully automated installer (MSI/MST). It would typically take 1 day. 1 week is VERY unusual (I can only remember 1 package taking that long). This included documentation and a test install/uninstall. It wouldn't include Discovery (getting the requirements from an expert user), or UAT (functional testing), as these parts would be done by dedicated teams. £6,000 is an outrageous price, but it doesn't surprise me once I know an outsourcing company is involved.
Any bets on how long it takes for Matt Handcock to get a nice lucrative non-exec role at some kind of private healthcare company?
"They've hired directors of everything, and yet they still haven't actually turned out any particularly useful products. The NHS COVID app, something they brandish as a success of NHSX... well, that was delivered by NHS Digital."
The whole story strikes me as rather perfectly supporting the late David Graeber's Bullshit Jobs theory - https://en.wikipedia.org/wiki/Bullshit_Jobs
"The whole story strikes me as rather perfectly supporting the late David Graeber's Bullshit Jobs theory"
People who like far right conspiracy theories will tend to see evidence of 'the Jew plot' wherever they look. Graeber was a Holocaust denier and antisemitic conspiracy theorist.
According to Wikipedia he was a Jew and both his parents were Jewish, and was pretty left wing in his politics i.e. part of "Occupy Wall Street" so definitely not a right wing conspiracy theorist.
I don't see anything about him being a holocaust denier and antisemitic conspiracy theorist. Got any proof of that, or are you just trying to dismiss that theory (which is hardly original, see Douglas Adams' "Ark B"?) by smearing its author?
I wonder if you hold one of those jobs he lists as being useless...?
I have no idea what crap is on Wikipedia about him. But he was the pseudo-left, and, at best, the Nazis' useful idiot.
Occupy was openly antisemitic, subscribing to an overtly Nazi conspiracy theory. That was the far right, not the far left.
I suggest you Google 'David Graeber' + Holocaust, if you're actually willing to admit facts contrary to your prejudices. He was a vile antisemite, one of the Asajews. I won't link to any of the openly racist sites he posted to, but you can see them all at the top of the google results.
"what I consider an excellent anthropological investigation into modern working conditions"
"What any of this has to do with Nazis, antisemitism, racism is anyone's guess."
There is no 'Jew conspiracy'. The Holocaust actually happened. You apparently live down a rabbit-hole. The book you're recommending is an old-fashioned antisemitic conspiracy-theory rant. If you can't see that, it's because you believe the conspiracy theories are true.
QED, you're a raving far-right nutjob.
""what I consider an excellent anthropological investigation into modern working conditions"
"What any of this has to do with Nazis, antisemitism, racism is anyone's guess."
There is no 'Jew conspiracy'. The Holocaust actually happened. You apparently live down a rabbit-hole. The book you're recommending is an old-fashioned antisemitic conspiracy-theory rant. If you can't see that, it's because you believe the conspiracy theories are true."
"Bullshit jobs a theory" does not discuss, or even remotely touch upon, Jews or the Holocaust, or any categorisaton of people by race, creed or ethnicity. It's also obviously not a conspiracy theory, because it gives an account on how systemic political or economic changes coupled with certain traits in our human make-up have enabled the bullshit economy to emerge. There are no hidden evil masters behind it. In fact there's very little human agency at all. The theory might be wrong - in my opinion it is overstated - but a conspiracy it most definitely is not.
The closest it comes to a Jewish connection is .... that its author happens to be Jewish.
Anyhow, and for rather obvious reasons, I won't engage any further in this frankly ludicrous discussion.
Just one last word: if the fight against antisemitism and keeping the memory of the Holocuast alive is what you're concerned about, I would suggest that you are actually actively undermining both these important endeavours with your crazed posts.
ok, the software is free... However, installing and supporting any software takes time and money to do, no matter how free the updates are. You might get away with a quick "sudo apt update" and "sudo apt upgrade" on you own PC but in an actual critical working environment it has to be done safely, that means taking heroic measures to ensure business continuity and data integrity. That means upgrade planning, backups, stage environments, and substantial testing. Then you upgrade the production system.
Anyone reading this with any experience managing any kind of software in an enterprise environment would realise the paying £8000 for an upgrade to an organisation the size of the NHS is an absolute bargain.
I doubt most people here have been responsible for a headline in the national news "NHS System down for 48 hours" - these guys probably cut corners and are now not getting any sleep and have had 10 years knocked off their life after running those two aforementioned commands.
Software costs money and if is does not then lives can be lost.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
