Pretty bizarre situation though. Why did the Navy not migrate. It's not like the EOL of WinXP was the Spanish Inquisition.
At work we have an 300,000 USD spectrum anlyzer driven by Win2k.
As others have pointed out, paying for support is likely much cheaper and less disruptive than developing, re-testing and re-verifying new versions of their systems. "If it ain't broke, don't fix it." I'd imagine when they do eventually migrate they'll try to stay on the new systems for as long as possible, as well.
I am (still) no expert, and Java developer on top, so working with these in vim/ultraedit was a bit nightmarish compared to what even basic Eclipse can offer you for debugging in Java. But the worst issues were bash comamnds that compared to AIX had a different syntax, and they for example ignored some parameters, or some params had different meaning... Bear in mind I was not in position to pick up which version of bash, perl etc gets installed where.
I believe the phrase "if it isn't broken, does fix it" is at play here.
A lot of drivers were developed back in the '90s and just tweaked for compatibility when absolutely necessary. Long-term compatibility is also why that world tends to favour Microsoft, that's one thing Redmond really cares about.
I had a customer who this day has a distributed system running Windows NT4 on Alpha for s critical business system. It was cheaper to setup a dedicated network then to deal with the application. IIRC, they now have a 5 year project to replace it that is just starting.
> Why did the Navy not migrate
Main reason might not be XP as much as that plague called IE 6. Couple of important intranet apps run only on this. Migration underway, but this isn't apparently such a priority for our management.
What backwardish 3rd world company I work for you ask? Well, one not really tiny private bank in Switzerland...
Three years ago, I worked for a quite popular hosting company. I coded a few features for a web app and had many restrictions, because people at Credit Suisse still had to use Internet Explorer 5. Well, at least I was told so...
My friend works for a large US bank and told me they are generally limited to IE8 but he had "bribed" the IT department to give him an exceptional upgrade with some fine beer.
ouch.
Yay!
Which said upgrade is going to happen anyway, so it's not staying fees vs upgrade cost, it's staying fees (however long it's dragged out) plus upgrade cost.
The proper comparison is $30M vs the cost of not doing "business".
https://en.wikipedia.org/wiki/File:US_Navy_110129-N-7676W-15...
(Notice the floppy disks. They might actually be safer than USB drives, since the latter introduces considerably more attack area, whereas a floppy is an extremely dumb storage device.)
In any case, from a risk-management perspective, I believe that software tends to get more stable over time if the only things being done are bug fixes; it's the radical rewrites and adding features that comes with new versions that bring more bugs. If it works, why "rock the boat" with new unknowns - there is more to lose than gain in this situation. I wouldn't be surprised if almost all of the important bugs in XP have already been found and fixed, and the limitations identified. It's like an asymptotic curve.
I guess that one problem with keeping Windows XP alive is that with fewer people using it over time, the chances of discovering flaws which need patching goes down. But maybe these guys don't care about that because all their stuff is offline with epoxied IO ports, yes? /s
Well, most of the systems on ships are like that. Integrated into the ship and hardware, with no open IO ports.
Or do you expect being able to put a thumbdrive into the radar control system?
The warship has been decomissioned, but clearly Windows is more durable. They also clearly managed at least one upgrade in the past, from NT to XP. Maybe they're having trouble with UAC.
They were using a client/server architecture, where the clients were essentially smart terminals for data entry and display. The failure happened when someone entered a 0 in a field that was not supposed to ever be 0. The terminals did not error check that field and reject bad values, and the server did not error check its input (probably it was written under the assumption that the terminals did the validation). The result was that their server application divided by 0.
The application did not trap divide by zero exceptions, and so NT did exactly the same thing nearly every other modern OS, included nearly all Unix and Unix-like operating systems, does when an application does not trap this kind of exception: it terminated that process.
The application developers had not made provisions to automatically restart the application if it failed, and the terminals couldn't do anything with the server application down, and so the ship was dead.
> when the software attempted to divide by zero, a buffer overrun occurred
While it's possible some poor exception handling lead to a buffer overrun, it sounds dubious. Your explanation sounds more likely - do you have any references?
The various random quotes regarding Windows NT's fit for purpose are highly opinionated. The article doesn't mention that at the time Windows NT was certified at the NCSC's C2 rating level; while I'm just guessing, it seems entirely reasonable to select Windows NT because it was the only C2 certified OS with a GUI, which may have simplified development and systems integration given that some of the applications required user input.
The only thing that surprising in these stories is that MSFT is actually capable of providing support for products for such a long time, their ability to maintain information and transfer it to new employees must be unparalleled. The amount of documentation alone is probably enormous 12 years of 10000's of bugs for each specific version of each binary that's insane, especially considering that most companies out there will have issues supporting binaries which are 2 years old since they have no clue what exactly was going on with them back then.
http://arstechnica.com/information-technology/2014/04/60-min....
http://www.lovelacehealthsystemjobs.com/?/work/job-post/desk...
Is it even possible to buy Windows Server 2000 support anymore?
I'm hoping by then I can finally find a firewall for W7 that works remotely as well as the ones for XP.
Here's a typical early article: http://gcn.com/Articles/1998/07/13/Software-glitches-leave-N...
It's possible that I've misdiagnosed that the exception was not caught. It is also consistent overall with the reports that it was caught, and so rather than being terminated by the OS the process ignored the divide by 0 and so ended up using some invalid result, leading to the application failing.
So the company selling the spectrum analyzer would have to publish quite a lot of their internal documentation regarding hardware registers for the data acquisition boards, and they'll be reluctant to do this: Much of a modern measurement equipment's functionality is inside the data processing, and by documenting the interfaces it would make it possible/easier to reverse-engineer or extent (without paying for options) the functionality.
Why would the navy pay for support if the computers on xp were airgapped? The only reasonable conclusion is that these computers are on the network accessible from outside.
"Why certainly, sir! We can provide that for only $EQUIPMENT_COST * 10. Do you prefer floppies or a CDROM?"
I wish I was joking.
But perhaps i'm missing your point about RH?
Then why is the Navy on XP?
>other hipster stuff
I've heard security called many things, but I think this is the first time I've heard of it referred to as 'hipster stuff'.
Because it's likely that a lot of their equipment was actually developed for Win95/98/2000 or even DOS.
> I've heard security called many things, but I think this is the first time I've heard of it referred to as 'hipster stuff'.
It was tongue-in-cheek, but what I meant is that most people don't upgrade their OS for fun (or for security) -- they do it only when forced by external pressure. Dunno about you, but I'd rather have nuclear submarines running on well-known and (literally) battle-tested software, screw smooth animations and glassy windows.
a) throw away a $300,000 piece of equipment for lack of drivers, assuming the company producing it has disappeared without all trace
or
b) spending less than $300,000 on employee time to make it work again
then to me case b sounds preferable, even in efficiency-first organisations. The military, i don't know. All i'm saying is that b wouldn't even be feasible without stuff being Libre, so diatribe or not, it actually would benefit public, private and commercial users' interests.
Anyway, probably i'm too optimistic about things.
