• Half of the IRS' servers still run doomed Windows Server 2003 as well as 1300 Windows XP machines th
    32 replies, posted
[url]http://www.theregister.co.uk/2015/10/14/half_irs_servers_still_running_win_2003/[/url] [quote=The Register]Half of America's Internal Revenue Service's (IRS) servers are running Windows Server 2003, despite extended support for it ending in July. That's according to a report by the Treasury Inspector General that took a look at the IRS' $139m upgrade program. The report is distinctly unimpressed and notes that the IRS "did not follow established policies over project management and provided inadequate oversight and monitoring." ... In addition, the IRS reported in December 2014 that it has managed to upgrade all its workstations from Windows XP to Windows 7. But it later turned out that there were 1,300 computers still running XP. Where they were, though, nobody knew because of "inaccuracies in the inventory records."[/quote]
No surprise. I run infrastructure for a 6 billion dollar liquor company. Our DMZ is made up of 75% Windows 2000.
A+ work. And I thought it was bad when I had just started upgrading a hospital system's 35k XP machines last November. Then again, they aren't a government agency.
[QUOTE=agentfazexx;48904776]No surprise. I run infrastructure for a 6 billion dollar liquor company. Our DMZ is made up of 75% Windows 2000.[/QUOTE] Win2K in the DMZ?! Holy shit. I guess trouble [I]does[/I] come pre-installed.
[QUOTE=wickedplayer494;48904793]Win2K in the DMZ?! Holy shit. I guess trouble [I]does[/I] come pre-installed.[/QUOTE] Their excuse is: "people that wrote this stuff left so idk what to do" Meanwhile, we had some asshole memorize passwords and VPN in after being fired and reboot switches, now we have to go thru this stupid bullshit just to be able to have credentials to do our jobs. Upper management literally said idc if you spend 7 hours dealing with security if you work for an hour.
And it's written in fucking COBOL. If you know COBOL I think the IRS pays a buttload of money [url]http://www.fedtechmagazine.com/article/2014/06/governments-cobol-conundrum[/url]
[QUOTE=proboardslol;48904869]And it's written in fucking COBOL. If you know COBOL I think the IRS pays a buttload of money [url]http://www.fedtechmagazine.com/article/2014/06/governments-cobol-conundrum[/url][/QUOTE] Well there is the obscurity that you would get from making your hackers learn cobol, I mean what unholy devices are they running that needs cobol Still it's funny to think probably the foremost experts on COBOL are probably Chinese hackers trying to figure out how to break into our stuff
[QUOTE=Sableye;48904881]Well there is the obscurity that you would get from making your hackers learn cobol, I mean what unholy devices are they running that needs cobol[/QUOTE] Most of the world is written in COBOL
It's horrifying to think how many important things depend on outdated software / hardware :(
The IRS, the publicly funded government organization that collects money from citizens that the government needs to operate, has been getting its budget slashed and can't actually pay part of their workforce for things like implementing new tax codes.
We still run 2000 at work because its the most stable release of windows ever, the later generations such as vista, windows 7 and 8 aren't built for severs.
[QUOTE=Passing;48905941]We still run 2000 at work because its the most stable release of windows ever, the later generations such as vista, windows 7 and 8 aren't built for severs.[/QUOTE] Yeah, because they are workstation OS's. They aren't meant (or licensed) for server use. :v: Your company has to buy the server OS counterparts to them, like Server 2008 R2 and 2012 R2. I genuinely hope that "2000 is the best version ever" isn't their actual reasoning and it is just some old programs. Because whoever is running IT there has no fucking clue what they are doing and is setting the company up for disaster.
[QUOTE=Demache;48906009]Because whoever is running IT there has no fucking clue what they are doing and is setting the company up for disaster.[/QUOTE] Nah, They do trial testing to check if there is a better choice every couple of years they haven't switched because as i mention its unstable and was prone crashes.
[QUOTE=Passing;48906032]Nah, They do trial testing to check if there is a better choice every couple of years they haven't switched because as i mention its unstable and was prone crashes.[/QUOTE] It makes me curious what they are doing. Because generally the Windows Server branches are actually extremely damn stable as long as you aren't doing anything extremely weird and unsupported. Unless you mean the software on them is unstable, which I could see if its ridiculously old.
[QUOTE=Lizard Dreams;48905004]It's horrifying to think how many important things depend on outdated software / hardware :([/QUOTE] It's extremely expensive to upgrade Unless there are significant gains, if it works it works
[QUOTE=Sableye;48904881]Well there is the obscurity that you would get from making your hackers learn cobol, I mean what unholy devices are they running that needs cobol Still it's funny to think probably the foremost experts on COBOL are probably Chinese hackers trying to figure out how to break into our stuff[/QUOTE] To be honest, Cobol mostly deals with backend, and is usually accessed through an interface wherein the vulnerability might lie. Clearly, IRS needs some Gentoo.
Ooh, old Windows! Have some [URL="http://windows95tips.com/"]tips[/URL].
[QUOTE=Lizard Dreams;48905004]It's horrifying to think how many important things depend on outdated software / hardware :([/QUOTE] It's actually not so bad. That outdated software and hardware has been heavily tested. Most of the kinks have been ironed out. Those things are probably less collapse prone than modern systems. [QUOTE=Demache;48906056]It makes me curious what they are doing. Because generally the Windows Server branches are actually extremely damn stable as long as you aren't doing anything extremely weird and unsupported. Unless you mean the software on them is unstable, which I could see if its ridiculously old.[/QUOTE] You need to remember that they're using a massive slew of 16bit applications, stuff that depends on dos and a bucketload of others things which have been slowly deprecated on the newer server releases. 2000 is so widely used because it's a midpoint in essence.
[QUOTE=wraithcat;48906526]It's actually not so bad. That outdated software and hardware has been heavily tested. Most of the kinks have been ironed out. Those things are probably less collapse prone than modern systems. You need to remember that they're using a massive slew of 16bit applications, stuff that depends on dos and a bucketload of others things which have been slowly deprecated on the newer server releases. 2000 is so widely used because it's a midpoint in essence.[/QUOTE] Then spin up 2000 VM's for those applications. Don't leave it all in one. The whole licensing model for 2012 is centered around VM's.
Up until late last year my servers ran on 2003. Its really not uncommon. You don't necessarily have to switch enterprise software as often as consumer product software.
[QUOTE=DiBBs27;48907407]Up until late last year my servers ran on 2003. Its really not uncommon. You don't necessarily have to switch enterprise software as often as consumer product software.[/QUOTE] You do when they lost all support and are a security risk. This year hasn't exactly proven a great track record with the government and digital security.
[QUOTE=DiBBs27;48907407]Up until late last year my servers ran on 2003. Its really not uncommon. You don't necessarily have to switch enterprise software as often as consumer product software.[/QUOTE] That's very bad practice. Look up Microsoft's support end dates for various OS's. Good luck getting support on critical systems that run old shit, if something happens.
[QUOTE=agentfazexx;48907473]That's very bad practice. Look up Microsoft's support end dates for various OS's. Good luck getting support on critical systems that run old shit, if something happens.[/QUOTE] How often do you actually require official support in production environments? Especially for systems that already work. If you need support for unsupported OS, just get a contractor. It's not nearly as bad as some make it out to be.
[QUOTE=itisjuly;48907509]How often do you actually require official support in production environments? Especially for systems that already work. If you need support for unsupported OS, just get a contractor. It's not nearly as bad as some make it out to be.[/QUOTE] I call Microsoft on a semi-regular basis. Not specifically for the OS part, but we run other Microsoft products, which obviously are kept current. Why risk security and stability by running old stuff? It's just dumb. Develop an upgrade path and you'll be fine. And if you had a major bug on something running your ERP system, for example, and you needed support, well sucks to be you buddy.
[QUOTE=itisjuly;48907509]How often do you actually require official support in production environments? Especially for systems that already work. If you need support for unsupported OS, just get a contractor. It's not nearly as bad as some make it out to be.[/QUOTE] Extremely frequently. Huge production environments need pretty much constant support, and often with fixes only the OEM can provide. The amount of random fixes, firmware updates, and patches we've gotten from Microsoft, Dell, VMWare, etc that could have only be gotten from them is very large. [editline]15th October 2015[/editline] And is this contractor going to be writing security updates? Patching exploits?
[QUOTE=Levelog;48907533]Extremely frequently. Huge production environments need pretty much constant support, and often with fixes only the OEM can provide. The amount of random fixes, firmware updates, and patches we've gotten from Microsoft, Dell, VMWare, etc that could have only be gotten from them is very large. [editline]15th October 2015[/editline] And is this contractor going to be writing security updates? Patching exploits?[/QUOTE] Exactly. I also call VMware on a regular basis for weird issues. Same concept. Would you run on vSphere 3.5? Uh, no.
[QUOTE=agentfazexx;48907608]Exactly. I also call VMware on a regular basis for weird issues. Same concept. Would you run on vSphere 3.5? Uh, no.[/QUOTE] Well we do still run View 5.0 for our zero clients... It's terrible :suicide:
[QUOTE=Levelog;48907620]Well we do still run View 5.0 for our zero clients... It's terrible :suicide:[/QUOTE] VDI isn't bad. It's better than shitty Citrix.
[QUOTE=agentfazexx;48907654]VDI isn't bad. It's better than shitty Citrix.[/QUOTE] It's pretty damn bad tbh. View 5.1 has a lot up on 5.0 (And yeah, I realize we're an entire product behind on it), and we're using shitty Wyse zero clients with 10/100 NIC's. Luckily we're just migrating off the zero client idea.
The moment you commission any system/platform you need to have a decommissioning plan for that system ready for the inevitable day it becomes obsolete. It's just that lack of time and money means there's usually no such plan, which creates huge issues down the line.
Sorry, you need to Log In to post a reply to this thread.