what the French Gendarmes
French security - doesn't seem to have worked out too well recently.
Paris - even she isn't going to France this year.
London’s Metropolitan Police has missed its deadline to dump Windows XP, with tens of thousands of copper still running the risky OS. The force, on the front line against terrorist threats and criminals in the capital city, is running Windows XP on around 27,000 PCs. At last count, in May 2015, the Met had a total of 35,640 …
"The best thing would be to do what the French Gendarmes did which was to completely change to Linux everywhere in the country"
Most business need to run a version of Office that actually works and have application requirements that are more complex than just filling in web browser based forms though...
Well, if I was going to be cynical, I'd point out that the outside contractors that are doing the upgrades would quite like to have some work after they finish upgrading to 8.1. So if they then have to upgrade everything a second time then that would be just great for them eh?
I won't be cynical though. I'm sure the contractors are doing their very best to give us taxpayers value for money. I'm sure that's the case.
Ahem.
I was pulled a few weeks back for a minor traffic infringement and whilst sat in the nice traffic policeman’s car he had to login to his data terminal which turned out to a Windows 2003 Terminal Services session which dragged its arse longer than a Jack Russell across a cream carpet.
So I got a stern tell off and 3 points but decided against offering my opinion on the state of Police IT…
When I retired from <redacted>* at the end of 2006 there was no sign of XP coming into service, and we were still using an earlier version of Windows. This was because of security requirements, and it always took "somewhere in Gloucestershire" a long time to determine that any given operating system was secure enough for it to go into use by government departments and their various agencies.
It is therefore unsurprising that a large proportion of an operating system's life is taken up by prolonged and comprehensive security checking before users actually get their hands on it, although whether or not the process needs to take as long as it does is debateable; I simply don't know.
I suspect that any organisation handling sensitive material that others might try to steal would be roundly criticised if it rushed to adopt any new operating system the moment it was issued without trying to ensure that the data was safe.
*Not the MPS!
There are now on-line guidelines to hardening various popular* OS for gov work here:
https://www.cesg.gov.uk/eud-guidance
Most of the advice is also sane for business users, etc, as well so worth taking 5 min to read it. And yes, they do have guidance for Ubuntu as well =>
[*] That includes Win10, which is not so popular in these parts due to the forced upgrade policy and telemetry. But of course the guide assumes you have the most expensive enterprise edition where you still get the right to disable most of that.
" it always took "somewhere in Gloucestershire" a long time to determine that any given operating system was secure enough for it to go into use by government departments and their various agencies."
Its not just the OS either. AFAIK the police use an ecosystem of home-baked windows apps, which would all potentially need upgrading to function correctly on a newer version of Win$
Certainly where I work, the decision to upgrade from XP to Win7 rather than 10 was driven almost entirely by the ecosystem of desktop software that has to run on top of the OS. MS Office being one of those which makes it massively complicated to upgrade 4-5 digit numbers of end user desktops. Particularly when you consider the multitude of user-built tools which use scripting features in some generation of Orifice - which you will break with an upgrade. Tempting as it is to say bugger it and push an upgrade through, how much damage will your business sustain from loss in productivity while tools are rebuilt and users are retrained?
The apparent fact that they are willing to accept on their network machines that run Win10--which is forever to be in flux, and thus cannot be subjected to the same level of screening, ever, and certainly not yet--means to me that they are not relying on the OS for any measure of security. If so, that could be a Good Thing. You'd have an intranet with most of the computers on it. Then all of your internet-capable machines would go through a router, with your wonderful security software on it. A computer could be one of the above, but never both. Then of course you'd have a bunch of machines that were neither. I imagine that the head honcho's secretary's machine would have a keyboard, mouse and scanner (but not USB, CD, diskette, PCMCIA, Bluetooth, Wi-Fi, Ethernet, Telephone etc etc) and for output, a printer via parallel port. Not a single machine would have its own firewall, anti-virus etc etc because it would all be handled by the server (in the case of the intranet) and by the router's firewall (in the case of the internet). That sort of thinking didn't quite work out for the Iranian nuclear plant, but maybe they weren't strict enough (humour noted). I seem to be advocating BOFH over Boff. Maybe I'm advocating a Fool's Paradise, so go ahead, refute me please.
Another reason to migrate to Linux.
As opposed to all the reasons not to...
I know little or nothing about Linux but in an earlier posting (that you have since deleted) you mentioned training. Quite apart from training costs (to which you made reference) there would be the montrous logistical problem of getting everyone trained to a suitable standard so that they could (hopefully) make a seamless transition to a new operating system.
On top of which the IT support staff would have to be retrained to a much higher level than the users, which would involve a reduction of the support available on the existing Windows systems.
On top of which the IT support staff might well be employed by a Managed Service Provider contracted to provide Windows support, and who then either charge an eye - watering amount to retrain or even make a legal claim that their contract was effectively being cancelled beneath them.
On top of which not all computer functions fall neatly into the "office" (small o) variety; there are all sorts of software (some of them major) that are very much part and parcel of the users' needs, and unless the software will run on Linux (and I would put money on that not being the case) then that function would have to somehow stop, or the software suppliers (who very often supply the software in support of specialist hardware) would have to be cajoled into providing a new version at potentially enormous cost.
The above list does not pretend to be exhaustive.
I am not writing in support of Windows or Microsoft - merely pointing out that for good or ill Windows has become a de facto standard for so many computer applications that simply assuming that a migration to another OS (Linux) is practicable may be seriously mistaken.
@ Commswonk, I would suggest you try Linux first before you express an opinion about it. In reality it's damned easy. Most people get it in no time, and so would you if you ever tried, and all by your own.
Try with your kids, they won't ask you anything.
And besides your comment is too long to be honest, I would claim.
Hi Commswonk - You're right to warn of possible pitfalls - all those could be issues and should be examined. IMHO, they're not showstoppers though:
- Linux Mint (for example) uses pretty much the same user interface as Windows XP/7. And Open Office and web browsers haven't reinvented the wheel either. If you know what you want to do, you'll find it in a few seconds of looking.
- Compare with Windows 8/10 or a tablet OS, which I believe are a much bigger retraining exercise. Though many people trained _themselves_ on how to use a smartphone, so a) they can adapt and b) they're willing to change if they see a benefit.
- I expect First line support would adapt even more quickly (where needed - see above). 2nd & 3rd line would need to retrain or skills bought in, agreed.
- App rewrites? It's been done once to convert to browser apps, and again to produce tablet apps. I find it hard to believe there are many custom or high-powered desktop apps in general use - Apart from the backroom boys (Macs & GUIs written in VB to trace IPs?)
So be cautious, but don't reject the idea out of hand. There will be an up front cost, but saving about 1K per desktop on software costs allows more to be spent on support and development.
@ tfewster
Yes, it's not about the difference between Windows and Linux it's all about making a decision and supporting it. And by doing a more in house, like training, a lot of money would be saved. Will that happen in Britain, I have my doubts. France, Spain, Portugal and Germany can, for various reasons I will not hurt anybody with. Perhaps Ubuntu could step in with some support and a ready tweaked version. The biggest gains could in fact come from training.
How about they work on moving away from a reliance on Windows. Since a lot of modern programs are browser based if the police invested in moving there systems to the same technology Linux on the desktops could be viable , and would also work on tablets and mobiles. The cost of extended support from Microsoft for XP would make getting Mac Minis on the desks and running Mac OS seem like a cheap option. I dread to think how much money government pay in Microsoft licences.
This post has been deleted by its author
The Cong An, aka Peoples Police, is responsible for doing Copyright Checks - an annual fiasco where they announce the checks are coming, even posting a schedule of victims. These companies immediately arrange for sets of genuine MS product to be motorcycled from one enterprise to another , so that when the boys in khaki arrive, a pile of CDs awaits inspection.
Funny thing is, the biggest consumer of hot Windows products is ... the Cong An!
Their crappy computers can't run anything better - in fact the Cong An stations I visit to renew business permits have resorted to employees bringing in their own laptops.
Paper is a killer in VietNam, and the government must have the biggest repository of Red Ink, too.
Every household has an Occupancy Book in which is inscribed the names and ID Card numbers of the registered occupants. The local Cong An station has an exact duplicate of the book, along with thousands of others. This replication extends for all the numerous forms the Cong An administers.
They only use computers to print yet more forms ... and watch the InterNet. They are also big in FAX (more paper). Google Translate is the main medium through which they communicate with Foreigners. Google Translate has a 'few' shortcomings when translating in to Vietnamese which either produces laughs or looks of shock.
Long Live XP!
I can understand the love and loyalty to XP, it is the least buggy Windows OS and the second most stable Windows after outdone only by the DOS based 3.11. Going to 8 or even 8.1 is a downgrade in all points, might as well just install Vista and attach a St. Christopher sticker to ward off bugs. Not that 10 is any better, with several hover text Help info-boxes almost openly admitting that it is nothing more than a collection of spyware.
The moment 7 no longer is able to run the software I need, I will learn to use Linux or go for MacOS. Windows is only for people too lazy to learn Linux anyways.
My patched XP box got its updates today just as normal, and there are still AV products that install in XP.
However, we can be sure that the Met. have not used the EPOS patch, and are still using the original install of Norton AV that stopped updating years ago.