D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] nhs cyber attack

 

Switching to open source has one issue - Office suite. People like MS office.... 
they don't care about the platform so much (although I want a Mac, but running 
windows is an often repeated request)

~~~~~~~~~~~~~~~~~
Trevor@xxxxxxxxxx

> On 12 May 2017, at 20:08, mr meowski <mr.meowski@xxxxxxxx> wrote:
> 
> Trying to reply to everything in one go here...
> 
> 
>> On 12/05/17 18:42, Joseph Bennie wrote:
>> its about time they got a rocket - its total incompetence to be
>> running such a big org on NT/XP. they probably pay more in extended
>> MS/HP support that they would to nip out to PC world for their
>> licences.
> 
> To be fair Win7 has been standard on *most* staff machines for a good
> while, but Server2003 (EOL) is harder to get rid of and lurks
> everywhere. Win10/Server2016 isn't even remotely on the cards yet.
> 
> 
> 
>> On 12/05/17 18:44, Martijn Grooten wrote:
>> PS the SMB vulnerability was patched by Microsoft a few months ago. If
>> you are responsible for Windows PCs anyway, DO PATCH.
> 
> Change Control and patch testing my friend. I feel sorry for the IT folk
> because their hands are tied and trust me, it's killing them. You can't
> even wave a *critical* patch anyway near a NHS system without management
> descending on you in a perfect storm of incompetence and
> cover-your-assing. Us IT folks would scream at them until blue in the
> face but no: test everything in triplicate (itself not a bad idea, if
> done expeditiously of course), sign it off, request change control
> management, stage it to the (overloaded) WSUS boxes, activate roll out
> in stages via departmental VLAN segregation and pray nothing goes wrong.
> Which it always would.
> 
> Don't get me wrong, I completely agree with you and the IT staff know
> this as well: the problems are systemic and endemic. There's a reason -
> several actually - why I left the NHS.
> 
> 
> 
>> On 12/05/17 18:49, daniel Phillips wrote:
>> Forgive me for not knowing the current IT circumstances within
>> government and the NHS. But wouldn't switching to an OSS alternative
> in > fact save them millions and still be a little more secure then the
>> systems they have in place at present?  I have read other countries
> are leading the way and switching to OSS and standards.  Do you think
> our government should have got on this band wagon a long time ago?
> 
> No, forgive me! Of course you wouldn't know that, and I didn't mean to
> imply otherwise. In brief, probably yes: switching vast swathes of
> government IT to open source systems almost definitely would have major
> advantages but the problems aren't so much technical as political and
> financial. As usual. There is a long and very depressing history of the
> upper echelons of NHS management making transparently idiotic purchasing
> decisions and painting themselves into corners with such bastions of
> commercial responsibility as HPE, Oracle, Microsoft, RM NHS for
> literally decades. Read up on the history of NHS "preferred suppliers"
> and weep at the mind-blowing waste and futility. That's your taxpayer
> money being pissed away right there.
> 
> 
> 
>> On 12/05/17 18:57, Joseph Bennie wrote:
>> The $ cost per os licence is trivial compared with the over head of
>> installs, patching and app compatibility.
>> 
>> and thats why enterprises choose MS ... the release cycle is 5-10
>> years, which means the test and redow cycle is 5-10 years. With opens
>> source is't 6-12 months.
>> 
>> Can you imagine the cost of having to do full environment testing for
>> custom apps every 6 months?
>> 
>> ... I don't think the NHS even knows what continuous integration is.
>> I'd put money on some critical apps are still COBOL.
> 
> A thousand times this. Even the horrific up-front cost of something like
> an Oracle RAC cluster or an EMC SAN is nothing compared to the staff
> costs and maintenance over the lifetime of the contract. *Nothing*.
> Although to be fair Joseph we don't build mission critical enterprise
> infrastructure on Mint or whatever crappy distro of the month - RedHat,
> SuSE, IBM and many others are waiting in the wings with very long term
> support systems with stable ABIs etc and would love to have a big slice
> of that lovely lovely NHS revenue.
> 
> Nobody I know would take you up on your COBOL bet either, because it's
> pretty obviously easy money (for you!). I've personally seen mission
> critical RDB instances still running Very Important Stuff Indeed and I
> mean from before Oracle bought it back in 1994 :|
> 
> Think databases that have transitioned on VMS through VAX and Alpha and
> to this day are still slowly porting over to Itanium. And that's just
> the tip of the iceberg! Fortran, Solaris (on Sparc, of course) and Tru64
> still lurk deep in the bowels of the NHS alongside OS400 and XP or
> Win2000 workstations running the control software interface for Â5m MRI
> scanners (because the manufacturers never updated the systems and who
> replaces a Â5m MRI unit when they don't have to?). The only mercy here
> is that stuff like that was long since deemed to be *way* too important
> to trust to lowly NHS staff so has all been moved off-premises to DCs
> run by specialist companies who predictably make a mint keeping this
> stuff running.
> 
> Oh man, the horror stories I could tell you about the NHS...
> 
> Cheers
> -- 
> The Mailing List for the Devon & Cornwall LUG
> https://mailman.dclug.org.uk/listinfo/list
> FAQ: http://www.dcglug.org.uk/listfaq


-- 
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq