Windows XP patch for WannaCrypt

[ubuysa]

I seriously doubt that anyone on these fora are still running Windows XP but just in case, Microsoft have just released a patch for Windows XP (and Windows 8) to close the vulnerability this attack exploited. All other supported versions of Windows should have been patched back in March.

See https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

 

[SpyderTracks]

I can understand running a vm of xp if a person still has software that isn't supported on other platforms, but anyone still running xp as a dedicated host deserves what they get. This is a superb lesson for the world, more targeted to our NHS who's environment I support. Hopefully this will wake them up to the importance of investing properly in their IT infrastructure rather than treating it as they do with no interest or seriousness.

 

[Stephen M]

I am not sure if organisations like the NHS get a discount on Windows OS licences but even if they pay a bit they should consider moving to Linux, when you are looking at vast numbers of computers the savings are immense and there are few, if any, cases in the NHS, Police etc where Microsoft is needed. They are all probably on Open SUSE or another distro for their servers anyway.

 

[SpyderTracks]

I am not sure if organisations like the NHS get a discount on Windows OS licences but even if they pay a bit they should consider moving to Linux, when you are looking at vast numbers of computers the savings are immense and there are few, if any, cases in the NHS, Police etc where Microsoft is needed. They are all probably on Open SUSE or another distro for their servers anyway.

The short term outlay would be immense as most of their clinical systems are Windows based and tied to internet explorer. Rather than paying for updates to these systems which of course would cost money, they instead pay a fortune on workarounds to "make it work" with updated browsers and oses. Most of our support time is as pointless as resetting ie, or editing java settings within the browser as the system isn't designed for ie11.

In the long term they have to pay far more in support and lost time due to buggy integration than they would if they just fronted the bill for bespoke modernisation or an actual upgrade path.

It all comes down to bad management, lack of long term vision and basic IT understanding.

I really hope work don't somehow come across this or I'll definitely be sacked

 

[ubuysa]

I can well appreciate a company wanting to minimise the disruption of upgrading PCs and OSs but I'm not at all sure Linux is the answer. Windows XP was introduced in 2000 and replaced by Vista in 2007, that's 17 years ago since XP was replaced. Would anyone support a Linux distro from 17 years ago?

As a former dinosaur part of the problem I believe was that when distributed computing became 'fashionable' in the 1990's and offered an apparently cheaper and more end-user focused solution, and made very expensive and less-flexible mainframes look much less attractive, the baby was thrown out with the bathwater. There was a mass move away from the mainframe towards fully integrated distributed systems, not necessarily because this was the right platform, but because it's what everybody else was doing.

 

[Tony1044]

Linux is not the solution - whatever the thoughts of one OS over another, once any OS hits a critical mass it becomes a target. The only reasons Linux isn't currently being attacked is really two fold - firstly the users themselves tend to be more technically adept and secondly it's not financially worth it. Yet.

Likewise, it always amuses me when this argument is put across. How about all those embedded systems where, for example in MRI systems, the timing is so absolutely critical that the software and hardware in use is written by and designed and built by Phd level staff?

The OS isn't the key here. Come on - as Ubuyua says it's been a decade since Vista launched. Since then we've had Vista SP2, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 10 Anniversary and Windows 10 Creators.

And before we all whine about the lack of support from MS let's not forget that they actually supported XP since 2001 to what was it? 2015? FOURTEEN years of support.

AND...it spreads by a vulnerability in SMB v1 - we were turning this off in 2006 because of known security and performance issues.

And of course there's the fact that the NHS and others have had the option to pay for extended support. And didn't.

Finally - how about the fact that the NSA and most likely GCHQ both knew about this and didn't expose it because they could use it to attack people?

Or how about WikiLeaks? They ever heard of responsible disclosure? Even Travis Ormandy of Google who is someone whose techniques of only giving the likes of MS or Apple etc 90 days before he takes it on himself to release details does just that - 90 days. WikiLeaks released it with no warning AND gave a working example of how to use it.

There are many failures here but ultimately the version of OS is probably right down in the bottom of the list.

 

[Tony1044]

Oh and just to add - where does the budget come from to move to Linux?

It's not like a version shift in Windows where most applications written for XP - or even 2000 for that matter - will actually still work.

And of course when the front end changes, so has to the backend. Software that is free is not the same thing as free to install, update, maintain, support etc.

Then what do you do for, say, email? Love or loathe Microsoft I've yet to see a Linux mail system that comes close. Host it in the cloud? On what? o365? Well then that's just MS again. And hey, the cloud is just someone else's computers. Or, for that matter, a decent mail client.

Then what happens to all the incumbent IT staff? The users? Where do all the sudden thousands of highly skilled Linux staff come from?

What about all that legacy data? Not all of it will be easily transferrable in any meaningful way.

I know - let's have some "legacy" MS stuff.

So now you need both sets of staff, still have the same issues plus the new ones.

And who pays for it all?

 

[Wozza63]

I don't think Linux would suit the needs of the NHS. Most of the users probably struggle to migrate between versions of Windows. Having to move everyone to Linux would be a nightmare and cost as much in training as Windows 7/8/10 licenses.

As Spyder mentioned, as many issues come from websites built for old IE versions as they do with the operating systems themselves. At least with software for old versions of Windows, Microsoft offers pretty robust compatibility solutions that can solve issues and old versions of .NET can be installed on newer OSes. On the other hand, stuff built on old versions of Silverlight or similar technologies is just straight up incompatible with even the newer versions of IE.

Sadly most of the bigwigs that choose where investment goes, don't see these things as an issue. Though, perhaps this ransomware might kick a few of them up the behind. Every cloud and all that.

We have a similar issue where our POS systems are still almost all stuck on XP. But it's not necessarily the incompatibility, but its that all the systems are in stores around the world so updating is a nightmare. It means every store likely has to close or suffers reduced sales for a day or more. Something most store owners don't want and don't understand the potential consequences of. I don't know the ins and outs of it all, but I can't see them particularly being a security threat, at least to socially spread ransomware like this. The only way they access the internet is to our APIs and as all data is transmitted, nothing should be lost.

Scary situation though.

 

[ubuysa]

The nub of the problem with Windows I think is that as the OS improves, support for legacy hardware and applications seems to be abandoned. When I was a senior sysprog in a large IBM mainframe installation we had to cope with the move from the MVS operating system (16MB virtual storage) to MVS/XA (2GB virtual storage). IBM, in their wisdom, designed MVS/XA so that the first 16MB of the address space remained unchanged so that applications written for MVS ran on MVS/XA unchanged. I believe that's still the case and that an MVS application written in the early 1980's will run unchanged on the most modern IBM mainframe running z/OS.

This is why we had the mantra 'nobody ever got fired for buying IBM' because we KNEW that legacy applications would run on the next generation of the hardware and operating system.

That's not true with Windows, I have no idea whether it's true with Linux, but an application would have to be able to run unchanged across any Linux distro, on any platform and with any version of Linux for that to be true.

To be honest, and knowing how Windows has a habit of leaving legacy hardware and software support behind as it's upgraded, it was utter madness for any IT manager to allow mission-critical applications to be run on Windows.

It might be popular to think the mainframe is dead and buried, but you didn't see any banks, airlines, large insurance companies, petrochemical companies and a host of other very large corporations affected by WannCrypt/WannCry, and there's a reason for that. Their core back office processors are mainframes (and when was the last time you ever heard of an IBM mainframe being hacked?)

 

[Tony1044]

That's not true with Windows, I have no idea whether it's true with Linux, but an application would have to be able to run unchanged across any Linux distro, on any platform and with any version of Linux for that to be true.

To be honest, and knowing how Windows has a habit of leaving legacy hardware and software support behind as it's upgraded, it was utter madness for any IT manager to allow mission-critical applications to be run on Windows.

You make a good point, but that said, the total abandonment is a fairly new thing from MS - for example, one of the areas I've specialised in has been Citrix/Thin Client computing. One of the major weaknesses for years was printing and print drivers.

It's only really with 2008 R2 that MS fully and properly dropped support for type-2 drivers which were truly awful. Until then, though, you could quite literally stick Windows 9x drivers into even 2008 and that wouldn't end well.

I actually think MS need to be a bit braver and look forward to dropping such extended legacy support. Apple (OK, smaller user base/different use cases) have no qualms about it.

Whilst it's a pain in the proverbial at times, it forces users to update where otherwise they wouldn't - I still go into huge enterprises and have to put in Windows 2008 SP2, 32-bit OS's to support "bad applications".

 

[Wozza63]

You make a good case for IBM and mainframes but you miss a few key issues why modern platforms aren't built on IBM mainframes.

Developers. No one develops for these platforms any more, and those that do change a fortune for it.

Hardware, it's not always easy to source specialised hardware from the 80s.

These businesses do get affected by attacks, but they're also businesses that invest millions more into security and would be better at preventing it, whichever system it runs on. They also have the drawback of offering a limited modern feature set. Monzo, a relatively new bank has a tonne more cool features than Nationwide has despite it being in beta! Because it works with modern technology and software which is no less secure than old mainframes from the 80s.

 

[ubuysa]

You make a good point, but that said, the total abandonment is a fairly new thing from MS - for example, one of the areas I've specialised in has been Citrix/Thin Client computing. One of the major weaknesses for years was printing and print drivers.

It's only really with 2008 R2 that MS fully and properly dropped support for type-2 drivers which were truly awful. Until then, though, you could quite literally stick Windows 9x drivers into even 2008 and that wouldn't end well.

I actually think MS need to be a bit braver and look forward to dropping such extended legacy support. Apple (OK, smaller user base/different use cases) have no qualms about it.

Whilst it's a pain in the proverbial at times, it forces users to update where otherwise they wouldn't - I still go into huge enterprises and have to put in Windows 2008 SP2, 32-bit OS's to support "bad applications".

I would certainly agree that large organisation's IT policies need to be more upgrade accepting, it's just not sensible for an organisation like the NHS to be running a 17-year old OS that is no longer officially supported by Microsoft (yes, I know they can pay for continued support - but for how long?). The problem is of course, that their legacy applications must continue to be be supported, even quite large organisations simply can't afford to constantly keep upgrading mission-critical applications, not to mention the problems they'd be faced with as the upgraded applications bed in.

Hardware support is an issue to, as an example I have a Canon flatbed scanner that I bought for my Windows 7 laptop about 6 months before Windows 8 was announced. Windows 8 didn't support it, neither does Windows 10 yet it's not exactly old kit (I have a software solution by the way). Had I purchased 1000 of them for a large organisation I'd be very miffed that I was now faced with the expense of buying another 1000 different ones because we've upgraded Windows (or paying for a multiple licenses for the software solution).

There needs to be a balance, or at least better communication between Microsoft and it's larger business customers so that the customers know well in advance of a new OS version (or in the case of Windows 10 a new upgrade) how it will impact their legacy applications. Perhaps Microsoft should even provide a service that would allow large organisations (like the NHS) to test their legacy code on a Microsoft test network so they'd have much more confidence that the OS upgrade will be relatively painless?

ICL went out of business because they left their legacy customers behind....

You make a good case for IBM and mainframes but you miss a few key issues why modern platforms aren't built on IBM mainframes.

Developers. No one develops for these platforms any more, and those that do change a fortune for it.

Hardware, it's not always easy to source specialised hardware from the 80s.

These businesses do get affected by attacks, but they're also businesses that invest millions more into security and would be better at preventing it, whichever system it runs on. They also have the drawback of offering a limited modern feature set. Monzo, a relatively new bank has a tonne more cool features than Nationwide has despite it being in beta! Because it works with modern technology and software which is no less secure than old mainframes from the 80s.

I'm not advocating going back to the 1980's and running everything on a mainframe, that would be dumb in the extreme. I'm advocating a layered approach (an onion skin if you like) with the mainframe at the core. The mainframe would never be directly accessed by end users, only by outer onion layers. This way the organisation's applications run on the best (and most cost-effective) platform. In such a layered system there is no reason why customer-facing end users, or even back-office managers, shouldn't have Windows based PCs, or even Linux based PCs on their desks. These can run non-critical applications (like web access, email, access to the company intranet etc.) and they also act as the front-end to more mission critical applications that run either a layer down (on secured servers on an isolated intranet) or on the mainframe at the centre. Critical data can be manipulated by the Windows based PCs at the front end but never stored there, and communication downwards from the Windows based front office needs to be very strictly controlled and secured. This is exactly what many large organisations (including many banks) already do.

What we have today in some organisations (like the NHS) seems to be a bunch of Windows based applications cooperating in a loosely (and flat) distributed system using common and well-known (and in the case of SMB and the current attack) old, technologies. And that's equally silly.

You'd be surprised what you can run on a modern IBM mainframe. CICS (the IBM application server) can run applications written in a wide variety of modern languages, including Java, as well as legacy applications in COBOL. IBM mainframes are also virtualised and you might also be surprised to know that you can run Linux on an IBM mainframe should you want to. Modern mainframes integrate extremely well with other computing platforms, languages, and applications, yet they can still run code from the 1980's.

There is no need for specialised hardware from the 1980's. Modern IBM mainframes use current hardware technologies and, where necessary, make them appear to be hardware the 1980's application understands (so that a 1980's application that wants to read serial data from a reel-to-reel tape for example, can run completely unmodified on a modern mainframe where the data is on a hard disk (or even an SSD, I don't know whether the latest mainframes use them - but the probably do).

A mainframe doesn't need to offer a 'modern feature set' because they are never again going to be the only computing platform. They are used (and they should be used by large organisations) to do what they do best; manipulate data at blistering speeds - the CICS website at IBM (https://www-01.ibm.com/software/data/enterprise-application-servers/cics/) claims that CICS can support 1.2 million transactions - note not instructions - transactions per second) they provide optimum security for data (I was involved in mainframe system security 20-odd years ago and there is nothing in the PC environment that even comes close to that), and yet mainframes interface and integrate with almost any other platform. A modern mainframe is a deep back-office, number cruncher that only ever 'talks' to other computing platforms. For many applications they offer the best cost/benefit.

Incidentally a modern mainframe no longer needs a warehouse to house it, nor a small power station to power it and cool it. Modern IBM mainframes need no more environmentals that a regular server farm, and they are now the size of a large filing cabinet.

Mainframe is not a dirty word and they are far from dead. They have simply evolved and are working busily away at the core of a large number of major global organisations. For many applications and for hosting most mission-critical data, a mainframe is the best platform.

 

[Tony1044]

I would certainly agree that large organisation's IT policies need to be more upgrade accepting, it's just not sensible for an organisation like the NHS to be running a 17-year old OS that is no longer officially supported by Microsoft (yes, I know they can pay for continued support - but for how long?). The problem is of course, that their legacy applications must continue to be be supported, even quite large organisations simply can't afford to constantly keep upgrading mission-critical applications, not to mention the problems they'd be faced with as the upgraded applications bed in.

Two years. Microsoft offered the extended support for $200 per PC for the first year and $400 for the second. However, an oft-missed component of this was that to qualify, a company had to present clear evidence to MS that they had a migration plan in place. Even then though - that's a ridiculous amount of time to have a desktop OS hanging around!

Applciations - here's a thing though - there are ways to mitigate this. Application virtualisation for one can run multiple and often legacy versions of software side-by-side. Moving to web-based alternatives is often a good step as these aren't installed locally. Not always a workaround but they're there. Not to mention that many, many, legacy application still work even on Windows 10.

Hardware support is an issue to, as an example I have a Canon flatbed scanner that I bought for my Windows 7 laptop about 6 months before Windows 8 was announced. Windows 8 didn't support it, neither does Windows 10 yet it's not exactly old kit (I have a software solution by the way). Had I purchased 1000 of them for a large organisation I'd be very miffed that I was now faced with the expense of buying another 1000 different ones because we've upgraded Windows (or paying for a multiple licenses for the software solution).

Is it fair to blame MS though? Isn't it really the case that Canon didn't produce drivers?

There needs to be a balance, or at least better communication between Microsoft and it's larger business customers so that the customers know well in advance of a new OS version (or in the case of Windows 10 a new upgrade) how it will impact their legacy applications. Perhaps Microsoft should even provide a service that would allow large organisations (like the NHS) to test their legacy code on a Microsoft test network so they'd have much more confidence that the OS upgrade will be relatively painless?

Look at the Windows 10 model though - it's not going to be service packed, etc, it'll get continuous updates. If you want more stability as an enterprise then the LTSB (Long Term Service Branch) is the way forwards. There is always a roadmap from MS of things like end of life and releases now are advertised 18 months or more in advance with Beta's available.

No. The real problem is people like me. One of the architectural functions is to provide a roadmap of emerging and deprecating technologies to give customers visibility of lifecycles. All too often though, it's missed or considered an afterthought. And even when it gets done (I always try to do them) the customers have to pay attention.

ICL went out of business because they left their legacy customers behind...

To be fair though that's comparing apple and pears to a large degree. ICL didn't build desktop OS'es or computers for the masses. It doesn't seem to have an adverse affect on Apple when they arbitrarily drop support for legacy (not even considered legacy in some cases!)

In some ways MS's desire to provide constant backwards compatibility is their undoing - that's why we see these problems that affect all the way down from current versions of Windows right back to 2000. Maybe it's time to start closing some of that down.

I'm not advocating going back to the 1980's and running everything on a mainframe, that would be dumb in the extreme. I'm advocating a layered approach (an onion skin if you like) with the mainframe at the core. The mainframe would never be directly accessed by end users, only by outer onion layers. This way the organisation's applications run on the best (and most cost-effective) platform. In such a layered system there is no reason why customer-facing end users, or even back-office managers, shouldn't have Windows based PCs, or even Linux based PCs on their desks. These can run non-critical applications (like web access, email, access to the company intranet etc.) and they also act as the front-end to more mission critical applications that run either a layer down (on secured servers on an isolated intranet) or on the mainframe at the centre. Critical data can be manipulated by the Windows based PCs at the front end but never stored there, and communication downwards from the Windows based front office needs to be very strictly controlled and secured. This is exactly what many large organisations (including many banks) already do.

Thin client based comupting does exactly this. Ultimately it's a Windows-based take on terminal based / mainframe type comuputing. One large server (well server farm) serving a desktop to dumb terminals (thin clients).

When it's done well, it works exceptionally well.

What we have today in some organisations (like the NHS) seems to be a bunch of Windows based applications cooperating in a loosely (and flat) distributed system using common and well-known (and in the case of SMB and the current attack) old, technologies. And that's equally silly.

Worse than that though is we were turning off SMB v1 a decade ago because even then it was considered poor performing and potentially an attack vector.

You'd be surprised what you can run on a modern IBM mainframe. CICS (the IBM application server) can run applications written in a wide variety of modern languages, including Java, as well as legacy applications in COBOL. IBM mainframes are also virtualised and you might also be surprised to know that you can run Linux on an IBM mainframe should you want to. Modern mainframes integrate extremely well with other computing platforms, languages, and applications, yet they can still run code from the 1980's.

There is no need for specialised hardware from the 1980's. Modern IBM mainframes use current hardware technologies and, where necessary, make them appear to be hardware the 1980's application understands (so that a 1980's application that wants to read serial data from a reel-to-reel tape for example, can run completely unmodified on a modern mainframe where the data is on a hard disk (or even an SSD, I don't know whether the latest mainframes use them - but the probably do).

A mainframe doesn't need to offer a 'modern feature set' because they are never again going to be the only computing platform. They are used (and they should be used by large organisations) to do what they do best; manipulate data at blistering speeds - the CICS website at IBM (https://www-01.ibm.com/software/data/enterprise-application-servers/cics/) claims that CICS can support 1.2 million transactions - note not instructions - transactions per second) they provide optimum security for data (I was involved in mainframe system security 20-odd years ago and there is nothing in the PC environment that even comes close to that), and yet mainframes interface and integrate with almost any other platform. A modern mainframe is a deep back-office, number cruncher that only ever 'talks' to other computing platforms. For many applications they offer the best cost/benefit.

Incidentally a modern mainframe no longer needs a warehouse to house it, nor a small power station to power it and cool it. Modern IBM mainframes need no more environmentals that a regular server farm, and they are now the size of a large filing cabinet.

Mainframe is not a dirty word and they are far from dead. They have simply evolved and are working busily away at the core of a large number of major global organisations. For many applications and for hosting most mission-critical data, a mainframe is the best platform.

Good points but right now, IBM are in a death spiral. If they don't do something radical soon we will be seeing their demise. They've now had something like 36 consecutive quarters of losses. They are making staff come to work, not remote/tele work and travel to customer site needs a senior director to sign it off if it costs more than £75...

To an extent things like Azure are knocking mainframes into a cocked hat (I appreciate I am cherry picking here) by being able to ramp up massive resources for workloads and then dial back - the kind of workloads that you really had to have mainframe scale of resources for in the past. And the best bit being you only pay for what you use when you use it so keeping the costs lower.

 

[mdwh]

To be fair, the length of support Windows has for legacy devices is excellent compared to many common operating systems - maybe it's not as good as an IBM mainframe though.

If old hardware doesn't support new releases, I'd argue it's their fault for lack of support - I'm guessing that Canon printers don't support IBM mainframes either, so that's not a solution.

Microsoft communicate end of life years in advance, so I don't see how that can be better? Perhaps MS could offer a service to help test - I don't know if third party companies already offer such services. It's going to cost money either way, and need the organisations to initiate the plan.

Regarding the idea of Windows PCs accessing data and applications on mainframes - that'd help prevent data loss from ransomware (but there are other solutions to that, like a decent backup). But it wouldn't stop the immediate disruption we saw here - services were shut down because people were unable or wary about using the PCs, so they'd still be unable to access that data or use the applications controlling medical machines.

A response from Microsoft about what to learn from this: https://blogs.microsoft.com/on-the-...e-safe-online-lessons-last-weeks-cyberattack/

 

[ubuysa]

Two years. Microsoft offered the extended support for $200 per PC for the first year and $400 for the second. However, an oft-missed component of this was that to qualify, a company had to present clear evidence to MS that they had a migration plan in place. Even then though - that's a ridiculous amount of time to have a desktop OS hanging around!

Applciations - here's a thing though - there are ways to mitigate this. Application virtualisation for one can run multiple and often legacy versions of software side-by-side. Moving to web-based alternatives is often a good step as these aren't installed locally. Not always a workaround but they're there. Not to mention that many, many, legacy application still work even on Windows 10.

The noise I'm hearing from people in the industry is that it's legacy application support that puts the brake on upgrade plans and it's why sysadmins are reluctant to apply MS patches in a timely manner. If it ain't broke then don't fix it seems to be a popular mantra. If that's not the full picture then what else stops large organisations migrating from Windows XP?

Is it fair to blame MS though? Isn't it really the case that Canon didn't produce drivers?

No it isn't fair, but a large organisation doesn't really care why stuff doesn't work, if they fear it won't work that puts a brake on upgrading.

Look at the Windows 10 model though - it's not going to be service packed, etc, it'll get continuous updates. If you want more stability as an enterprise then the LTSB (Long Term Service Branch) is the way forwards. There is always a roadmap from MS of things like end of life and releases now are advertised 18 months or more in advance with Beta's available.

I certainly agree with that, with Windows 10 Microsoft have changed the model, but you'll still get large organisations resisting upgrades - just in case it causes problems. There is I think a lack of trust in Microsoft and their partners from the corporate customers, that's why they don't upgrade.

No. The real problem is people like me. One of the architectural functions is to provide a roadmap of emerging and deprecating technologies to give customers visibility of lifecycles. All too often though, it's missed or considered an afterthought. And even when it gets done (I always try to do them) the customers have to pay attention.

And trust you. And trust Microsoft (or whoever). They're betting the farm that you're right and that the next version (upgrade) of Windows won't let them down.

To be fair though that's comparing apple and pears to a large degree. ICL didn't build desktop OS'es or computers for the masses. It doesn't seem to have an adverse affect on Apple when they arbitrarily drop support for legacy (not even considered legacy in some cases!)

In some ways MS's desire to provide constant backwards compatibility is their undoing - that's why we see these problems that affect all the way down from current versions of Windows right back to 2000. Maybe it's time to start closing some of that down.

Well, the ICL comment was throwaway line. If I read you right though you're suggesting that by deliberately removing backwards compatibility Microsoft would encourage large organisations to upgrade much earlier (or at all)? Don't you think there is a risk there of driving business to Linux? This was the ICL issue, their customers felt that if they had to re-write their business applications to run on VME they might as well rewrite them for IBM's MVS. Isn't there a danger in making Windows less backward compatible that Linux my pick up a lot of new custom?

Thin client based comupting does exactly this. Ultimately it's a Windows-based take on terminal based / mainframe type comuputing. One large server (well server farm) serving a desktop to dumb terminals (thin clients).

When it's done well, it works exceptionally well.

Absolutely. We were talking about thin clients back in the 1990's right after Sir Tim developed the http protocols, but Microsoft (of course) were not interested in removing the need for their OS and much of their application software! The problem with thin clients is that, in a sense, you're back the the bad days of mainframes when all you could do was work with what the mainframe ran - today it would be what the thin client allows access to. Now that people have a PC on their desk at work they expect it to behave like a PC and have access to all that entails, I'm not sure many would take kindly to it being replaced with a thin client, but then I've been out of the industry for a long time now....

Worse than that though is we were turning off SMB v1 a decade ago because even then it was considered poor performing and potentially an attack vector.

And yet it's still turned on in Windows 10 - so that you can file share with Windows XP boxes. I guess this is an example of removing backward compatibility you were talking about? That much makes sense. Certainly SMB 1.0 could (probably should) still be in Windows 10 for backwards compatibility with XP, but it should certainly not be turned on by default.

Good points but right now, IBM are in a death spiral. If they don't do something radical soon we will be seeing their demise. They've now had something like 36 consecutive quarters of losses. They are making staff come to work, not remote/tele work and travel to customer site needs a senior director to sign it off if it costs more than £75...

The one thing you can be sure of is change. Except from a vending machine of course. IBM's death has been predicted for a good many years now, and long before I retired. You may be right but I wouldn't put money on it just yet.

To an extent things like Azure are knocking mainframes into a cocked hat (I appreciate I am cherry picking here) by being able to ramp up massive resources for workloads and then dial back - the kind of workloads that you really had to have mainframe scale of resources for in the past. And the best bit being you only pay for what you use when you use it so keeping the costs lower.

I have no practical experience (in business) of cloud computing but I can't see many banks going down that route, nor many companies that are sensitive about their data. I could be wrong of course, I often am! I do know that if you walk into any bank, airline, most large insurance companies, large petrochemical organisations, the larger US HMOs, and probably other similar organisations, there is a mainframe buried deep in their IT infrastructure. They long since stopped being the only business computing resource but they are not useless and they still have a role to play. Mainframe isn't a dirty word.

 

[Tony1044]

The upgrade path is always a bit of a frightener for customers when it comes to applications.

The problem is it's always a bit of a catch-22 and is a huge reason that companies don't usually go in for upgrades of the OS. But..that's lazy and as we see can lead to many other problems.

I'm not suggestion MS truly throw the baby out with the bath water and drop ALL legacy support. But between them and Intel, they still support some DOS functions. Gotta ask yourself why? Why not state simply that backwards compatibility is best endeavours for xx years and after that, it may be dropped?

You'd be surprised how many companies are heading down the cloud route including man you wouldn't otherwise expect. I can think of two large banks off the top of my head plus two very large IL3/4 (as was) based Government departments plus at least one huge insurance company. That's to name but a few.

Like everything there are pros and cons.

The biggest pro in some eyes is it takes things like [some] governance and backup liabilities away. You know there's always sufficient demand as long as you're prepared to keep paying etc.

The downside is anything Azure/o365 based is now termed "Evergreen" - you get the latest versions like it or not.

I know MS have borked a few updates recently. And they've won few friends with some of their Windows 10 update shenanigans to forcibly move people across. Not only that, of course, there's the godawful amount of monitoring they're doing and sending back who knows what. But then see what FB and Google and even Apple send back in terms of telemetry and tracking combined with ISP deep packet inspections - god even your Tesco clubcard etc and well, privacy is pretty much non existent these days anyway. I'd still prefer to get updates in a timely fashion and then sort out problems.

I have friends at IBM. It's not good internally. This time they are circling towards a messy end with not much to sell off. They're culling staff left right and centre too.

 

[Tony1044]

Dagnaggit - just appeared on my feed re IBM: https://www.theregister.co.uk/2017/05/16/ibms_pension_fund_sells_most_of_its_ibm_shares/

Also MS aren't covering themselves in glory with Wanacrypt...sounds like they had a patch - even a legacy one - readied in February! https://www.theregister.co.uk/2017/05/16/microsoft_stockpiling_flaws_too/

 

[mdwh]

If there's a security hole (or it's out of support) I'd argue that it is broke and needs fixing. I appreciate that it takes time to test updates, but that's not an excuse for never upgrading imo.

That Register article makes no sense to me, given that XP was out of support for years. It's not stockpiling unless one believes they should be supporting XP indefinitely. The article itself contains the reason - MS still provides support for organisations that pay for the extended support, not unreasonable given the difficulties in supporting very old systems. The author of that article seem to think MS should be working for free. It reminds me why I stopped reading The Reg :/

(At best, I guess one could make the argument that the NSA etc should be paid or disclosing - but some companies do pay for security hole ( https://bits.blogs.nytimes.com/2015/10/14/hacking-for-security-and-getting-paid-for-it/ ), and it's not like the NSA are a volunteer organisation.)

 

[ubuysa]

The upgrade path is always a bit of a frightener for customers when it comes to applications.

The problem is it's always a bit of a catch-22 and is a huge reason that companies don't usually go in for upgrades of the OS. But..that's lazy and as we see can lead to many other problems.

I'm not suggestion MS truly throw the baby out with the bath water and drop ALL legacy support. But between them and Intel, they still support some DOS functions. Gotta ask yourself why? Why not state simply that backwards compatibility is best endeavours for xx years and after that, it may be dropped?

You'd be surprised how many companies are heading down the cloud route including man you wouldn't otherwise expect. I can think of two large banks off the top of my head plus two very large IL3/4 (as was) based Government departments plus at least one huge insurance company. That's to name but a few.

Like everything there are pros and cons.

The biggest pro in some eyes is it takes things like [some] governance and backup liabilities away. You know there's always sufficient demand as long as you're prepared to keep paying etc.

The downside is anything Azure/o365 based is now termed "Evergreen" - you get the latest versions like it or not.

I know MS have borked a few updates recently. And they've won few friends with some of their Windows 10 update shenanigans to forcibly move people across. Not only that, of course, there's the godawful amount of monitoring they're doing and sending back who knows what. But then see what FB and Google and even Apple send back in terms of telemetry and tracking combined with ISP deep packet inspections - god even your Tesco clubcard etc and well, privacy is pretty much non existent these days anyway. I'd still prefer to get updates in a timely fashion and then sort out problems.

I have friends at IBM. It's not good internally. This time they are circling towards a messy end with not much to sell off. They're culling staff left right and centre too.

Interesting stuff. There are times, when I read stuff like this, that I wish I was back in the industry. Then I remember that means working for a living again...um, no thanks!

 

[Tony1044]

If there's a security hole (or it's out of support) I'd argue that it is broke and needs fixing. I appreciate that it takes time to test updates, but that's not an excuse for never upgrading imo.

That Register article makes no sense to me, given that XP was out of support for years. It's not stockpiling unless one believes they should be supporting XP indefinitely. The article itself contains the reason - MS still provides support for organisations that pay for the extended support, not unreasonable given the difficulties in supporting very old systems. The author of that article seem to think MS should be working for free. It reminds me why I stopped reading The Reg :/

(At best, I guess one could make the argument that the NSA etc should be paid or disclosing - but some companies do pay for security hole ( https://bits.blogs.nytimes.com/2015/10/14/hacking-for-security-and-getting-paid-for-it/ ), and it's not like the NSA are a volunteer organisation.)

It wasn't just XP - apparently it was available for other versions of Windows back then, too.