
IRS misses XP deadline, pays Microsoft millions for patches - asaddhamani
http://www.computerworld.com/s/article/print/9247634/IRS_misses_XP_deadline_pays_Microsoft_millions_for_patches
======
afarrell
The federal government hasn't had a budget for four years until less than a
month ago[0]. Up until then, our government was funded with a variety of
appropriations bills as stop-gap measures. When a large organization doesn't
have a budget, how do they make long-term investments in their IT
infrastructure? So, the IRS can't very well execute a major migration when
they don't have a budget and they aren't going to do so a few weeks before
April 15th.

Yes, this is wasteful, but what else could the IRS have done without approval
from congress?

[0] [http://www.reuters.com/article/2013/03/23/us-usa-fiscal-
budg...](http://www.reuters.com/article/2013/03/23/us-usa-fiscal-budget-
idUSBRE92M02D20130323)

~~~
wslh
_but what else could the IRS have done without approval from congress?_

Patching the security issues themselves? I know this can be complex in many
cases but the security and reverse engineering community have this knowledge,
probably not fixing the whole issue but at least blocking it.

I've wrote an article about doing this here:
[http://blog.nektra.com/main/2013/08/07/using-deviare-to-
crea...](http://blog.nektra.com/main/2013/08/07/using-deviare-to-create-a-
temporary-zero-day-patch/) last year.

~~~
nthj
The IRS is not paying $11M for the development know-how to maintain security;
it's true that they could probably shop around and find the services they need
for much less.

No, they're paying $11M so they can say "We paid Microsoft $11M! What else
could we possibly do?" when something goes wrong.

~~~
sebastianavina
threaten microsoft to swith to linux?

~~~
croggle
Something tells me you did not understand the above comment... He's saying the
IRS could shift responsibility based on the fact they paid the worlds biggest
software vendor 11mil... Switching to Linux puts the responsibility back in
the IRS's court...

------
wyager
What are the reasons for the government not to switch to linux? I'm not trying
to be snarky; it really seems like there are a huge number of benefits and
very few downsides.

I understand that the government has a contract with MS, but it seems like it
might actually be costing the government more to take advantage of the
contract.

~~~
Igglyboo
I think it would be great for them to switch but I can think of 2 huge reasons
they wouldn't.

1\. Retraining the users, very few people use linux so it would be a massive
undertaking to retrain their thousands of mostly non-technical workers to use
a new, unfamiliar, operating systems.

2\. Microsoft Office. Say what you want about LibreOffice and OpenOffice but
when it comes to enterprise grade software MS Office is unrivalved, especially
concerning Excel.

~~~
awda
3\. And whatever other IRS-focused enterprise software they may be running,
probably runs on the Windows platform.

Side note: Maybe this gets better in 10 years when lots of things have been
written on the managed CLR? Although I don't think the challenge Wine has is
running the C++ programs, but implementing all of the stubbed out APIs
correctly... the same challenge exists with a C# interface.

~~~
piyush_soni
4\. As good as Ubuntu's latest version and its UI may be right now, anything
other than basic stuff you want to do requires command prompt. Normal users
who are not geeks can't imagine themselves doing that on a daily basis.

~~~
touristtam
Still wondering how they even go by doing their job on a computer. If you ever
worked in a support role, you'd know that no matter how many years of
experience they have, they are most likely being confused by the UI change
every time MSFT decide to be 'cool' and 'innovate' (See the ribbon style
introduction back in 2007). And this is without the regular nagging of them
not wanting to learn where are the options they want to modify, despite the
menus and sub menus.

With regards to MS Office and MS mail client, sure they are more polished, but
does that really matter? Are those people crafting an art piece every time
they want to add an image to their report? Just an honest question.

------
PeterisP
And so, XP support still lives on. Actually, at $200 per computer per year, it
has the potential to be quite a lucrative support, so it'll continue as long
as there's demand.

~~~
higherpurpose
It's okay. It's only tax payer money. They're not paying it out of their
pockets.

~~~
Vivtek
Sure. Everybody knows that federal employees are exempt from taxation.

~~~
mjolk
While the snark is amusing, there's a big difference between running a
business with a hard budget and always being able to borrow or demand more
money.

~~~
Amezarak
The _government_ might not have a "hard" budget, as you mean it, but you can
bet the IRS does. Congress decides what they get, and you can be sure it's
barely enough to keep running as-is, let alone enough to put into future
investments like say, an upgraded IT infrastructure, which then necessitates
emergency measures like paying MS for XP support.

Work with government long enough and you'll find the majority of "waste" comes
not from spendthrift government layabouts, but insane auditing and
transparency requirements (which require oodles of paperwork and three people
to review it to make sure you're not wasting taxpayer money), hamstrung
budgets (renting the same building at exorbitant rates because Congress will
give you the money for that, but not to buy it outright, which would be far
cheaper; paying for continued XP support because you couldn't get the funding
for an upgrade), hiring contractors for decades-long jobs, and a legion of
other controls in place to save us from government excess.

I'm by no means saying that we should let them run around doing whatever they
want, damn the cost, but keep in mind that auditing and transparency have a
cost, and we need to look at what's cheaper in the long run and not just in
the short term.

~~~
mjolk
>Congress decides what they get, and you can be sure it's barely enough to
keep running as-is, let alone enough to put into future investments like say,
an upgraded IT infrastructure, which then necessitates emergency measures like
paying MS for XP support...I'm by no means saying that we should let them run
around doing whatever they want, damn the cost, but keep in mind that auditing
and transparency have a cost, and we need to look at what's cheaper in the
long run and not just in the short term.

I sincerely doubt that the IRS, a revenue department, is running efficiently
and is underfunded. I did a cursory search to see if I'm making up crazy
claims and it seems like the lack of funding is largely self-reported.[1]

I sincerely believe that this is due to a lack of planning and just 'kicking
the ball down the field.' Why go through all the annoying conversations about
upgrades when you're going to retire or leave before it matters?

Microsoft first set the end of support for 2011. As a nod to their massive XP
user-base, they pushed EOS to 2014. You're suggesting that the IRS is rational
in paying for emergency patches to something that they received a 3 year
extension on? Windows 7 was released EOY 2009 -- it's not as if they were
stuck for lack of options.

This is crap planning and I really doubt that consequences exist.

[1] [http://www.taxpayeradvocate.irs.gov/2012-Annual-
Report/irs-f...](http://www.taxpayeradvocate.irs.gov/2012-Annual-Report/irs-
funding/) (side note: I like the "automation is bad, boo" bullet-point)

------
paul_f
This isn't all bad news. The money to pay support and new machines will come
from their "enforcement" budget. That's a win for taxpayers.

~~~
DangerousPie
Sounds more like it is a win for non-taxpayers, doesn't it?

~~~
nostromo
Nope, it's a win for both.

Not everyone that is audited is guilty of tax-evasion.

~~~
judk
The 99% who are not audited benefit from enforcement audits against
underlayers.

------
rolfvandekrol
The Dutch government also failed to complete the transition from XP to more
recent versions of Windows on time. First the national government negotiated a
deal with Microsoft for continued support of Windows XP
([http://nos.nl/artikel/631811-rijk-betaalt-miljoenen-voor-
xp....](http://nos.nl/artikel/631811-rijk-betaalt-miljoenen-voor-xp.html)),
then even the five largest municipalities negotiated a deal
([http://nos.nl/artikel/633985-gemeentelijke-deal-met-
microsof...](http://nos.nl/artikel/633985-gemeentelijke-deal-met-
microsoft.html)) that allows other municipalities and provinces to join.

------
quackerhacker
Now...I'm not sure if a _$30 million_ cost would be considered a tax write-
off, esp when it's the IRS, or will it just fall under their _whoopsie daisy_
category on their annual budget (kinda like their failed Star Trek YouTube ad
campaigns).

While I understand write offs when it comes to a business for costs of doing
business, there are FREE alternatives (like ubuntu) that the IRS could use.
I'm not anti-Microsoft (in fact I'm deving an app for windows phone right
now), but seems to me that whoever is managing the IRS' budget are idiots, and
_their_ decisions really need to be _audited_.

------
coherentpony
Can someone explain how this is tech or startup related? It feels like a,
"Haha, look! The IRS missed their deadline just like I miss my tax deadline
every year!"

Edit: That reminds me, I need to do my taxes.

~~~
valleyer
Did you miss the part about Microsoft and Windows XP patches?

------
antsam
I believe we're doing the same thing here at the Government of Canada.

------
feefie
Since the government has paid for the additional patches to be created, can
Microsoft please send them out to everyone running XP that can't afford to buy
a new computer?

------
sadfnjksdf
I wonder what retail companies are doing about all of their POS (point-of-
sale) computers running XP.

~~~
fpgeek
Those point-of-sale computers are probably running XP Embedded, which has a
longer support window.

------
atmosx
Now I wonder, considering the financial and other non accountable damage at
this point, John Koskinen should or should not be sacked?

From 2008 to 2014 it's a _long time_ for any migration to take place. Six
years? They could have migrated to OpenVMS and have a team write custom
software for them in six years for Christ's sake!

~~~
pjzedalis
He's only been in charge a few months...

~~~
atmosx
Sorry, I didn't knew that... My bad.

------
wayne_h
paid for with taxpayer money - so it should be made public. we own those
patches!

~~~
AlisdairO
It's support, not purchasing the rights to the product.

------
na85
Good god, why do these agencies not run on Linux or BSD? Think of the money
that could be saved.

How is this a responsible use of taxpayer money?

~~~
Igglyboo
I think it would be great for them to switch but I can think of 2 huge reasons
they wouldn't. 1\. Retraining the users, very few people use linux so it would
be a massive undertaking to retrain their thousands of mostly non-technical
workers to use a new, unfamiliar, operating systems. 2\. Microsoft Office. Say
what you want about LibreOffice and OpenOffice but when it comes to enterprise
grade software MS Office is unrivalved, especially concerning Excel.

It would be much more expensive in terms of hours lost to make the switch.

~~~
zanny
It would cost them a tenth of this XP license nonsense to fix whatever makes
LibreOffice or Calligra "not enterprise grade enough" for them.

And they are switching to 7. Inherently, they have the retraining costs
already, and Lubuntu or Zorin is much more linear a change than going from no-
search no-dock quicklaunch to Windows 7.

~~~
Jtsummers
The government, for various reasons, is not really in a position to direct
their employees to fix LibreOffice to make it suitable for them. They also
aren't in a position to offer a grant to some organizations/individuals to do
the work. They need something that exists at this moment. If free software
proponents (myself included) want the situation to change, then _we_ have to
improve the status of free software in the enterprise (either by improving its
image if the software is ready, or improving the software if it's not).

EDIT:

Also, retraining to Windows 7 is not really an issue. The issues with going to
* nix are numerous. Non-COTS applications that'd need to be ported/recreated.
Email infrastructure (what's the state of support for MS Exchange in the * nix
world? That is, any applications that integrate as well with Exchange servers
as Outlook?). I forgot about the server side in my other post. So much is
running on Windows servers. SharePoint has become the de facto document
sharing system, this is nicely integrated with MS Office, any * nix
equivalent? Exchange is their email server, but does far more than just email
- keeping contacts up to date, calendars, shared/group inboxes. Is there a
singular application that can replace Outlook in the * nix world? Would they
have to switch to 4 or 5 applications to do what _one_ application did before?
Will they play well with each other and properly share information (that is,
if I create a calendar event in the calendar app will it be integrated well
enough with the mail app to let participants now, and then re-sync later on
once they've replied? I've never tried to do that in the Linux world, what
applications support this?).

EDIT AGAIN: Anyone know how to insert a * next to a word without triggering
italics? * <space> nix just doesn't flow right.

~~~
Igglyboo
Addressing the Exchange part, no they're really aren't any good nix
applications capable of using exchange. Thunderbird can do it with a plugin
but you aren't getting contacts or calendars and you'll only get email if the
guy who setup the exchange server allows IMAP.

------
justinsb
Alternatively, Windows 7 / 8 is such a disaster that the IRS is paying a few
million dollars (out of their 10 billion dollar budget) to stick with
something that works.

To me, that seems like a very prudent decision.

~~~
xtc
I think Windows 7 is quite solid. What's wrong with it?

~~~
justinsb
Ah - I meant the collective "Windows 7 & 8". Windows 7 is fine, but has
already been replaced by Windows 8, so why not Windows 8? Windows 8 introduced
Metro, which is hated and not really an option for the enterprise, so 8.1 has
sort of removed it (but not fully). And Windows 7 support ends in 2020.

In short, it's not a confidence-inspiring roadmap, and I think waiting a year
is a valid choice.

~~~
sp332
8.1 did not remove metro at all, it just made the desktop a little easier to
find.

Maybe it's time the FBI upgraded to touch screens anyway.

