I really don't get the concept of people being "stuck on XP": Vista shipped in 2007, so if your company wrote software after that that was locked to XP they made a mistake - one they've had EIGHT YEARS to fix. Everything except the most expensive, vertical-market hardware (that might require XP for driver support) has nigh-certainly already been depreciated to zero on the books.
When you've got a system that is, for example, underpinning your whole business operation (eg billing, machine controls, whatever) and that cost thousands (often tens or hundreds of thousands) to implement and it only works on a legacy version of an operating system (be that Win 3.11, Linux 2.4, or even just XP) you WILL move heaven and earth to avoid disrupting that system.
Even if it's a smooth migration to a current release, it doesn't have 15 years of perfect history behind it.
And that's when you can migrate. There are plenty of control systems for devices that cost $millions that were bought decades ago that just need to keep working. You don't have source. The vendor went out of business with the dot-com bubble.
Yeah, we probably could replace all the things, but at what cost? Will it beat the last 15 years of perfect uptime? Are you the buy willing to stake your job on it? Or shall we just paper over the cracks and keep shovelling coal into that server in the corner?
Edit: I'm describing worst-case scenarios in specific use-cases but even if there isn't a good reason to stay behind, the feeling of "why fix what ain't broke?" is pervasive in management, especially IT management. Maybe it's a generational thing and we'll see waves on waves of upgrades in the next decade or two but I'm fairly sure that'll just lead to another generation of "make do"ers.
Because it will break eventually. That decrepit PC full of metal dust running XP that controls this here multimillion CNC mill will, given enough time, fail. Some part or other will fail, and eventually you won't be able to find new parts anymore that work with it. Granted, for an XP PC it's far in the future but still.
Besides, a Win 3.11 or XP PC won't have a 15 year uptime, it will probably have a sticker on it reminding users to reboot it daily.
I encountered a company with an "antique" mainframe running an "antique" COBOL workload. It had 17 YEARS of continuous uptime. Every single piece of hardware was either double or triple fault tolerant, and nearly everything had been swapped along the way, but the workload (a transaction processing system of a sort) had never ceased operations. It had never needed to be changed.
I know mainframe != Win XP, but it is important to remember that in many systems, it isn't really like a car, where you do maintenance to keep it running, its more like a wrench, where you use it until it breaks, and then get another one that does the same thing. In the years that the wrench is in service, new types of steel, new ergonomics, etc. might come out, but none of that is sufficient reason for upgrade. Only the actual failure of the system justifies replacement. Sure, its rare for that to be the case in a tech company, but not so rare in a company that just uses IT to do something else.
I agree and disagree. As an operation person, I think we need to make an argument for why X can't be done right away, but we must have a plan Y for migration. I know for a fact there is still some ancient database server running in our data center serving our critical business but there's a plan to migrate that to modern databases. While re implementing everything is costly, company has to hire specialist from a specific consulting firm to support such ancient database, and how long can we retain such talent without spending extreme amount and caution? "I am scared if I did this will screw everything up." There will be a point they have to migrate such database to something modern, and the cost is still several million plus.
The same argument that corporate world doesn't allow Python 3 or has a hard time to migrate to Python 3 because machines are running on some ancient RHEL servers or because of some security requirement. I get it and I don't get it. First, let's ditch RHLE. Fuck that. I really don't see reason to use RHLE; fine, YMMV. But it is people's job to do work. Some pieces can die, and some pieces will have to evolve, either from scratch, or slowly. No one said software development and operation support are easy, see https://pbs.twimg.com/media/CWC74tOVAAAsls0.jpg:large.
I love CI but it does only works if it's continuous.
The scenarios I was describing don't lend themselves to it. It's usually vendor deployed, closed source software. Not an in-house production. That or it truly is ancient, from an era when CI wasn't a thing.
You can resurrect development but as I mentioned before, this can often involve resurrecting people, not just the project. And employing them indefinitely for something that —for the past 10 years— has been free. It's a bloody hard sell to higher management.
My last post wasn't my opinion. I wasn't advocating for never updating, I'm just passing along my experiences with the sorts companies that have systems they don't touch out of fear.
Totally true - resurrecting a project is hard, to say the least, particularly if years have passed. We're an isv/agency hybrid, and we deploy monthly. The stack started a decade ago but it's as modern as it was then.
Ultimately the onus sits with the implementers to think about maintainability, and the end-user to think in terms other than the immediate.
Unfortunately, many legacy systems were implemented with the "it'll be replaced soon" view, and 30 years on are still limping along.
The software we build today will, if the species survives, probably still be in use in a century or more.
Think of your great-grandchildren when you go "that'll do"!
Why should I as a user be forced to upgrade from a system which does it's job just fine only because the system's manufacturer decides that they don't want to spend any more resources on patching up errors in this system? Having bought the system, shouldn't I have gotten a product that is reasonably secure in the first place? How do I know that the new shiny replacement system doesn't introduce new problems which take years until they are discovered and could be much worse than the old system where already a lot of work has gone into fixing bugs?
I bet the real reasons are much more mundane. I've seen several times where updating a single tool in game production teams takes years, because the 'time is never right', the update can't be done incrementally, and the production can't afford to switch the whole team over and risk weeks of instability and bug-hunting because unexpected bugs crop up that didn't manifest in small-scale tests.
> Why should I as a user be forced to upgrade from a system
You aren't forced. But you will be exploited for it, any security vulnerability will destroy your entire operation, and your customers should distrust you for being so stupid.
Its not that you made a mistake trying to keep the system running. Your mistake was using a proprietary foundation with no commitment from the provider it will be supported forever. So of course you have no option when the rug is pulled out from under you - but that was your mistake. If you were built on top of Linux 2.4 like the superposter said, you could just pay the developer costs to maintain it yourself.
> Why should I as a user be forced to upgrade from a system which does it's job just fine only because the system's manufacturer decides that they don't want to spend any more resources on patching up errors in this system?
Because by choosing that system in the first place you implicitly chose to tie yourself closely to their support. Both the buyer and the seller have a responsibility to plan for following these support decisions. Scenarios like this should inform future purchase decisions, including whether or not to buy again from the company who failed to keep up.
Because the browser isn't isolated to only using a single website/application... users are likely to hit any number of sites, including those with popups that look like security warnings that then exploit and infect the rest of your network only to destroy everything.
For example look at speedtest.com in a windows browser, when you really meant speedtest.net ... This is only a single example, it happens and bad people are out there.
I guess if you don't mind the person running an unsupported system then don't. Most businesses desire support, however. You can't control when the old unsupported system is going to fail. You might find yourself doing a forced upgrade to a new system at an inconvenient time with zero time for transition. Strikes me as irresponsible.
> I really don't get the concept of people being "stuck on XP"
Can you understand the concept of people being too poor to ever upgrade? Can you understand the concept of people who live in places where up-to-date technology is hard to get? (see Cloudflare's recent SHA1 deprecation post: https://blog.cloudflare.com/sha-1-deprecation-no-browser-lef... )
And before you say "there's Linux that's free", the idea of Linux being free if you don't value your time is absolutely applicable to these people. They perceive their time as having more important uses than acquiring and learning different software.
The mistake is not what they are using, the mistake is every person today falling into that trap. We know it exists, yet everyone is still buying Windows computers running versions of a proprietary operating system we know Microsoft will stop supporting within 8 years (at least for Vista through 8, we still have no idea what Microsoft is doing with 10 going forward, and they honestly can do whatever they want - they control the software).
I mourn those stuck on XP, destined to be exploited for eternity by the thousands of malware payloads targeting them now, but you are right in nothing can be done about them really. But the real injustice is every person without the time to learn new systems (and that is a barrier on Windows and Linux - try switching someone from XP to 10 and it as massive a leap, or even more massive, than going from XP to Lubuntu).
I'm always amazed by what kind of software is so tied down to an operating system like that. Windows has incredible backwards compatibility so I struggle to see what exactly is so hard to move.
This strikes me more as management and economic policy issues within the organization of why waste money for something they might not appreciate or see the necessity of.
This is a frustrating thing as a software developer: not enough people outside the industry know how to audit what they're buying. The expectation is that you reward a developer for simply implementing X, and no attention is given to whether or not the implementation sucks. A lack of open-source mandates may be one factor, and a lack of quality regulation may be another.
It is entirely possible to implement a "working" system that will require Herculean efforts to make the slightest change: a system that will collapse in on itself entirely if anything is touched anywhere else. And if you already spent a lot of money to get this far, you may assume a lot more is required to patch it.
Sadly, although we as an industry do know how to build hardened systems that are a lot more likely to adapt with the times and provide stable operation, people outside of the software industry really don't seem to know the difference. And if better software comes at a premium up front, cheap organizations may always pick the lower bid because they're thinking of software like an office chair and not a bridge that's holding up a road.
