
The US Navy's warfare systems command is paying to stay on Windows XP - deepuj
http://www.itworld.com/article/2939255/windows/the-us-navys-warfare-systems-command-just-paid-millions-to-stay-on-windows-xp.html
======
jqm
I saw this job posted recently...

[http://www.lovelacehealthsystemjobs.com/?/work/job-
post/desk...](http://www.lovelacehealthsystemjobs.com/?/work/job-
post/desktopsupporttech40986)

Is it even possible to buy Windows Server 2000 support anymore?

------
fnordfnordfnord
I'd guess/hope that this is mainly because of a bunch of embedded custom
hardware (like PC-104 based systems) buried in different nooks and crannies of
ships and weapons, as opposed to crufty VB and IE6 dependent office
productivity stuff.

------
userbinator
I wonder if they're still using pure DOS for some things, or if they're
running DOS applications on XP:

[https://en.wikipedia.org/wiki/File:US_Navy_110129-N-7676W-15...](https://en.wikipedia.org/wiki/File:US_Navy_110129-N-7676W-152_Culinary_Specialist_3rd_Class_John_Smith_uses_the_existing_DOS-
based_food_service_management_system_aboard_the_aircraft.jpg)

(Notice the floppy disks. They might actually be safer than USB drives, since
the latter introduces considerably more attack area, whereas a floppy is an
extremely dumb storage device.)

In any case, from a risk-management perspective, I believe that software tends
to get more stable over time if the only things being done are bug fixes; it's
the radical rewrites and adding features that comes with new versions that
bring _more_ bugs. If it works, why "rock the boat" with new unknowns - there
is more to lose than gain in this situation. I wouldn't be surprised if almost
all of the important bugs in XP have already been found and fixed, and the
limitations identified. It's like an asymptotic curve.

------
ck2
Microsoft is supporting XP until April 2019 for WEPOS anyway.

I'm hoping by then I can finally find a firewall for W7 that works remotely as
well as the ones for XP.

------
dogma1138
MSFT still sells security updates for Windows 2000, It would not surprise me
if you'll peal enough layers in a large organization to find NT5/4 machines
still there which require the sacrifice of 3 goats and a virgin every full
moon to continue running which might still get updates from MSFT since that
organization pays for the extended support.

The only thing that surprising in these stories is that MSFT is actually
capable of providing support for products for such a long time, their ability
to maintain information and transfer it to new employees must be unparalleled.
The amount of documentation alone is probably enormous 12 years of 10000's of
bugs for each specific version of each binary that's insane, especially
considering that most companies out there will have issues supporting binaries
which are 2 years old since they have no clue what exactly was going on with
them back then.

------
caf
Spare a thought for the poor bastards Microsoft assigns this to - there can't
be a whole lot of job satisfaction in porting bugfixes to a fifteen-year-old
EOL'd OS for one customer.

~~~
acqq
You're wrong, old systems have such limitations that solving the problem
demands cleverness and maks you feel good. Ask the guys from demo scene making
new developments (!) for PC XT and CGA, posted recently here.

------
elahd
This isn't too surprising. Our nuclear ICBMs are managed by systems old enough
to use 8" floppies.

[http://arstechnica.com/information-
technology/2014/04/60-min...](http://arstechnica.com/information-
technology/2014/04/60-minutes-shocked-to-find-8-inch-floppies-drive-nuclear-
deterrent/).

~~~
Vexs
IIRC, the reason given was security reasons. It's black box security coupled
with y'know, not being able to run anything modern, like a virus. And besides,
does it really need anything else?

------
dang
URL changed from [http://www.popularmechanics.com/military/a16153/navy-
paying-...](http://www.popularmechanics.com/military/a16153/navy-paying-
millions-to-keep-windows-xp/), which points to this. HN prefers original
sources.

------
idlewords
This sounds like a great use of taxpayer money. $30M is chump change compared
to the upgrade cost, and as I've grown older I've developed a reverence for
working code and working systems.

~~~
a3n
> $30M is chump change compared to the upgrade cost

Which said upgrade is going to happen anyway, so it's not staying fees vs
upgrade cost, it's staying fees (however long it's dragged out) _plus_ upgrade
cost.

The proper comparison is $30M vs the cost of not doing "business".

------
kraig911
Maybe with Microsoft's temperament towards open source as of late - they could
open source Windows XP! Then the navy would surely upgrade...

~~~
ArkyBeagle
There is an argument that says Microsoft could simply support ReactOS.

------
peterwaller
Does anyone know what they get for $9M/year? That sounds awfully cheap. A few
engineers to port and install security patches? I guess there must be a few
businesses out there paying, so what is the total money invested in
maintaining Windows XP?

I guess that one problem with keeping Windows XP alive is that with fewer
people using it over time, the chances of discovering flaws which need
patching goes down. But maybe these guys don't care about that because all
their stuff is offline with epoxied IO ports, yes? /s

~~~
kuschku
> But maybe these guys don't care about that because all their stuff is
> offline with epoxied IO ports, yes? /s

Well, most of the systems on ships are like that. Integrated into the ship and
hardware, with no open IO ports.

Or do you expect being able to put a thumbdrive into the radar control system?

------
saiya-jin
I can confirm there are plenty of businesses running various systems on XP. It
can get even worse, at work we STILL use XP 32 bit as primary workstations (at
least Linux on all servers). I am a Java developer, so routinely I have over
3.5 GB of memory taken, on system that can access cca 3.2 GB max. And we're
talking about virtualized remote machines, no real desktops (yes, it's crap).
At least at the end of the year, Win7 64b coming.

Main reason might not be XP as much as that plague called IE 6. Couple of
important intranet apps run only on this. Migration underway, but this isn't
apparently such a priority for our management.

What backwardish 3rd world company I work for you ask? Well, one not really
tiny private bank in Switzerland...

~~~
serge2k
upgrading from a 14 year old OS to a 5 year old OS.

ouch.

~~~
rawTruthHurts
upgrading from an OS put to test for 14 years to an OS put to test for 5
years.

Yay!

------
pjc50
We laughed at the warship disabled due to NT issues. That was _seventeen years
ago_.
[http://archive.wired.com/science/discoveries/news/1998/07/13...](http://archive.wired.com/science/discoveries/news/1998/07/13987)

The warship has been decomissioned, but clearly Windows is more durable. They
also clearly managed at least one upgrade in the past, from NT to XP. Maybe
they're having trouble with UAC.

~~~
tzs
That warship was _NOT_ disabled due to NT issues. It would have been exactly
as disabled if they had used Linux, or Solaris, or OS/2, or any other modern
operating system.

They were using a client/server architecture, where the clients were
essentially smart terminals for data entry and display. The failure happened
when someone entered a 0 in a field that was not supposed to ever be 0. The
terminals did not error check that field and reject bad values, and the server
did not error check its input (probably it was written under the assumption
that the terminals did the validation). The result was that their server
_application_ divided by 0.

The application did not trap divide by zero exceptions, and so NT did exactly
the same thing nearly every other modern OS, included nearly all Unix and
Unix-like operating systems, does when an application does not trap this kind
of exception: it terminated that process.

The application developers had not made provisions to automatically restart
the application if it failed, and the terminals couldn't do anything with the
server application down, and so the ship was dead.

~~~
ryanjshaw
This article is incredibly biased against Windows.

> when the software attempted to divide by zero, a buffer overrun occurred

While it's possible some poor exception handling lead to a buffer overrun, it
sounds dubious. Your explanation sounds more likely - do you have any
references?

The various random quotes regarding Windows NT's fit for purpose are highly
opinionated. The article doesn't mention that at the time Windows NT was
certified at the NCSC's C2 rating level; while I'm just guessing, it seems
entirely reasonable to select Windows NT because it was the only C2 certified
OS with a GUI, which may have simplified development and systems integration
given that some of the applications required user input.

~~~
cesarb
The grandparent comment mentions it was client/server, which probably means a
network. AFAIK, Windows NT was certified as C2 only without a network, see for
instance
[http://csc.columbusstate.edu/summers/NOTES/CS459/NT-C2.htm](http://csc.columbusstate.edu/summers/NOTES/CS459/NT-C2.htm)
("Windows NT's C2 certification was conducted on a stand-alone computer. Hence
the computer needs to be disconnected from the network by uninstalling all
network hardware and software on the system.")

------
kriro
Guess the old "total cost of ownership" anti-Linux FUD slides from Microsoft
from back in the day need an update. It's been a while since I read that stuff
but I doubt they included "expensive payed for security fixes after product
EOL" on their side.

Pretty bizarre situation though. Why did the Navy not migrate. It's not like
the EOL of WinXP was the Spanish Inquisition.

~~~
frozenport
Consider driver support. What do you do when the company that makes the driver
is out of buisness and the engineers are dead.

At work we have an 300,000 USD spectrum anlyzer driven by Win2k.

~~~
dsr_
I'd think that for $300K you could have demanded an API. Perhaps on the next
one?

~~~
cnvogel
I'm speculating here, but from my experience with Windows powered
oscilloscopes: Windows is _on_ the measurement device, it's _not_ a networked
or USB controlled peripheral with a documented network protocol connected to a
standalone PC. When you open up "Device Manager" you'll see a bunch of
specialized USB and PCI/PCIe peripherals that make up the actual measurement
function and user-interface.

So the company selling the spectrum analyzer would have to publish quite a lot
of their internal documentation regarding hardware registers for the data
acquisition boards, and they'll be reluctant to do this: Much of a modern
measurement equipment's functionality is inside the data processing, and by
documenting the interfaces it would make it possible/easier to reverse-
engineer or extent (without paying for options) the functionality.

~~~
minot
If the buyers were to stick together and only buy from suppliers who allow
access to modify and redistribute the source code of these devices, perhaps
they could create incentives for the devices to function with newer software.

Why would the navy pay for support if the computers on xp were airgapped? The
only reasonable conclusion is that these computers are on the network
accessible from outside.

~~~
88e282102ae2e5b
Consider that the US was able to attack air-gapped computers in Iran and
destroy industrial equipment. Air gaps can be breached, it's just a little
harder.

