I do think running hospitals on Linux is a good idea. However just sticking a skin over $YOUR_FAVORITE_DISTRO may not quite work. Hospitals have to work with proprietary devices -- for example, retinal scanners etc, many of which only have Windows drivers.
Also, while updating individual Linux systems is easy, patching Linux at scale across the thousands of desktops in the NHS needs a proper, thought-out patching strategy to eliminate breakage. You also need to consider -- in what cadence do I actually evergreen old systems?
The NHS could easily have this problem with any OS -- the actual culprit being a total lack of security-mindedness among the various NHS trusts' budget-holders. They viewed IT Security as not worth spending upon and are paying the price.
You know, this kind of reminds me of that seen from Goodfellas where Ray Liotota's character is explaining about protection rackets. The quote goes something like "Having a bad day, fk you pay me. Your loved one is sick, fk you pay me. Business going badly, fk you pay me."
And that's exactly how I feel about all of these proprietary device providers that have all these massive contract with the NHS. It really should be "Want this massive NHS contract, fk you, support our OS"
I'm quadriplegic and rely on the NHS for my life, literally for my life and this kind of shit scares the absolute crap out of me. Yes it will be difficult, yes there are challenges but we are one of the richest countries on earth and we invented the Sinclair C5 for goodness sake. This is not beyond us.
Sorry, this hack and finding out about all those XP machines has terrified and angered me beyond all reason.
Edited to Add: Just to be clear, I agree with the OP!
And this could provide well-paid, satisfying jobs and apprenticeships in the UK resulting in systems that don't have to be rewritten in under a decade because a monopolist decided to break compatibility.
I'd say it'd be a very solid investment. If it's made open-source and some attention is dedicated to build a community and a vendor ecosystem around it, it'll save the NHS and many other similar organizations everywhere a huge amount of money.
> Hospitals have to work with proprietary devices -- for example, retinal scanners etc, many of which only have Windows drivers.
Then the tenders for buying those devices should state "Devices that work with $YOUR_FAVORITE_DISTRO will be given preference.". If it's a reasonable one, they will make a driver for it. Customer demand always generates product; and the NHS is about the biggest customer there is.
Exactly, the NHS spends an absolute fortune each year and if they put out a tender somebody will support it no matter the specifications. Sure, some of the larger Vendors will get their noses bent out of shape but who cares?
I mean we are talking about large multinational pharmaceutical, medical equipment and software companies buying something from the largest employer in the world with a tech budget of roughly £1 billion a year (I think).
If the NHS stuck to it's guns, somebody would provide the goods.
You missed the part of their presentation when they show that ~80% of the computers or resources are actually used for administrative purposes - in a regular office environment. No propietary devices involved.
Also - yes, any OS could be used including Windows. However the problem is that if the system is not free (in the FSF sense), the NHS is not in control. This is the real problem, not costs or missing drivers in my opinion.
Of course, nobody thinks that this project will "save" the NHS or influence it in a major way. But it could at least be the start of a discussion. Or am I too naive?
I love the optimism but that's not what happens when IT services get outsourced to tender. The process is almost exactly the same. MOD, NHS, Schools, Councils, you name it.
Firstly, tender bids have prerequisites on their bidders. You need to be on the "preferred provider" list. Security checked. Higher-level security vetted. DBS. Etc. This is the sort of stuff that stops small local companies getting in.
That means lack of competition and that means —as well as the price being 10-20× that in the natural market— that vendors have all the power when it comes to detail negotiation. They spec out the cheapest, easiest option for them, not what's best for the customer.
If the customer (a lowly NHS trust or CCG) turns around and says "no Linux, no sale" they'll offer a [much] higher price for the open system, or just say no. All three vendors that responded do the same. Windows remains.
This will only be solved when CCGs start working together and start in-housing some of this development work. But it's still apparently better to spunk £50M over HP for some dodgy tablets that don't work than hiring a team of (eg) 40 developers for 10 years. That sort of developer time, working on site, you could actually start to fix things.
But now I'm being optimistic. A Tory government in-house something when their mates own shares in HP? Not likely.
If it works with XP, chances are it will work with Wine or VirtualBox. Where there is a will, there is a way.
But it would mean giving a huge F* YOU to established networks of parasi- er, vendors specialised in public sector tenders - Microsoft being the king of them all.
These devices don't come with drivers for any OS - they come with builtin Windows or otherwise computers with the software preinstalled and put into autostart.
That's why it is so difficult to update all those machines. They are simply not designed to be updated by anyone. For most of them, updating to Windows 7 or anything as recent is impossible because they have proprietary ISA or PCI cards or similar ancient technology that is used to interface with the actual hardware.
It's nice to see something like this being proposed, but, the NHS probably have a tonne of bespoke software running on top of Windows, all of which would need to be ported. And given the fact that they don't have the funding to even keep their existing systems patched and up-to-date, a full-on migration is out of the question, unless the cash is raised...
True, but it's a long- vs. short-term cash problem. The new system would cost a lot in the first few years, but less on the long term as MS licenses won't have to be paid.
I do not know how people can entertain this myth that linux support is as expensive as windows. The stability of linux applications is incredible compared with the brutal changes of windows (xp -> vista/7 -> 8 -> 10). Remote administration is far more easier and deployment on many machines is trivial. Machines rot is a lot slower, reducing the cost of machine replacement.
IMHO, the main cost is replacing the old window support guys by linux support guys because people a rarely competent in both and erasing the windows way of thinking is very difficult. The new team has to learn the specific needs and manner of NHS. Once they have the same experience as the previous team, the cost should melt.
It's nothing to do with the support guys. It's do with the support by the vender.
When you deploy an os over something as large as the NHS, your going to hit a few snags, perhaps at the code level. You will need somebody who you can phone up, who will then go bug fix those issues.
Vendors like redhat have support licences that support this. And those licences are still fairly expensive.
If NHS was going to deploy a Linux Distribution, they will have to bring a Linux distribution vender onboard which would take the role Microsoft does now.
Hi, I'm one of the founders of NHSbuntu. Thanks for making a thread on Hacker News about us, we really feel like we've made it!
Just to reassure people who maybe think because of the timing of our launch that we had something to do with the recent NHS Cyber Attacks, it was just an unfortunate coincidence.
I'm an NHS doctor and the rest of the team are NHS tech specialists, including a Technical Architect and a CIO. We've no interest in ransoming the NHS, but we did want to disruptively highlight the non-Microsoft OS options available.
We know the name NHSbuntu is a bit stupid, for several reasons, but (for the target audience) in 8 characters it does explain what we're trying to do fairly concisely. Neither Canonical or the NHS Brand Police seem particularly upset by it, so that's a good sign. Maybe in the future we'll have to change to something more suitable.
Anyone wanting to get involved please join in at www.nhsbuntu.org (we have a Slack team and a forum) - we are trying to build a team of contributors.
Does this solve any of the problems that hospitals would have previously had, according to other posters on HN, wherein updating software can render a piece of equipment no longer having been tested properly/breaking the system because of some reliance on some weird software implementation?
I struggle to see how swapping to an open-source alternative to Windows will effectively protect the NHS. Sure, this time it was a Windows exploit but it'd be as easy to find and use a Linux exploit. Sure there's the fact that Windows is vastly more popular, but telling everyone to switch to Linux? You've just made that more popular and a more likely target.
I'm an advocate of open-source software, but lets not pretend it'll solve everything.
Also, what about all the software they can't afford to replace? A lot of it is bespoke, and it's written for Windows. Don't pretend they have the money to port it. Their budget never will be the 350 million per week the public seems so obsessed with.
Finally, this is just Ubuntu, right? What's all the NHS branding for? If they're going to seriously consider it, surely they are going to look a bit further than the shiny surface NHSbuntu provides them.
Conclusion: Yes, use open-source operating systems, but no, it doesn't fix all, or sometimes even any, problems unless the code is thoroughly audited (shout out OpenBSD).
Nice idea, but any links whatsoever to the NHS or permission to use their logo? There's no sign of such yet on the site.
If you really want to do this, one thing you'll need is to make sure existing vertical market software works perfectly in Wine - e.g. Informatica, which is stupendously popular in England and Scotland and is officially supplied by NHS Wales.
Look at what Scientific Linux did - as I recall, they didn't like the changes that RHEL did (backend for OpenSSL) so they did their own respin.
THAT is what they need for the NHS, and any other industry that needs a really long support period.
RHEL gives ~10 years support, the MRI scanners etc need at least 15. On top of that, the customers also need guarantees that the vendors of the MRI scanners or whatever will keep up with this.
So - no more of using whatever library you like, or php extension - it's a case of - this is the base OS, build it on that.
This is a fuckup on so many levels - the vendors, the NHS for not giving a shit, the government for not mandating an open solution. The one I can't blame, for once, is Microsoft - they're supported XP for 13 years, thats enough.
The video is slick-ish, but we've seen it before. How many healthcare professionals (doctor, nurses etc.) were asked? Simply throwing a new OS at the problem doesn't solve things without the end users input or without an real understanding of the issues that they and the sys admins face. Also, the cost of hiring staff to maintain and manage is higher and retraining would be a massive cost too. "Just use linux[0]" is almost the same in this instance as saying "you're holding it wrong".
If you're going to try and create a project that attempts to persuade a public sector procurer to make a major platform change, having a wacky Team page is probably not the best way to go.
Trying to solve windows specific issues using windows solutions has a tendency to not work very well. Once you get accustomed, administration of a linux park is far easier. Try to avoid dependencies from these piles of crap.
But there isn't good alternative for client operating system. The best you can do use devops tools, but you can tell they're really built for server deployments.
I would have argued that Deathbuntu sounds way better, but the name might be inappropriate there...
On a more serious note, I agree that the name choice isn't particularly good, but is *buntu really relevant?
I get that it might appeal to the technical minded people (and the creators probably belong to that category), or may sound a bit familiar to the masses, but I don't see any reason for them to keep this part of the name.
I would have named it after a drug or a scientist, I think.
The bottom line is that the name itself isn't very relevant. A good name would be something easy to spell, and with a neutral conotation, not too hard to remember, but without attracting too much attention, as this is supposed to be just a tool.
A quick whois lookup suggests the domain name was registered on April 26. This is after we knew about EternalBlue and DoublePulsar, but suspiciously before the May 12th onslaught of WannaCry at the NHS. Also, the domain status is "serverTransferProhibited" (https://icann.org/epp#serverTransferProhibited). Very interesting.
That is very interesting. I don't see anyone having a significant motive here.
Only thing I can think of is really, really far-fetched. Someone who know what was about to happen to the NHS inserted a backdoor into this distro, and is now advertising it to them.
I believe some registrars default to that value after you buy a domain, presumably to make it harder to transfer it elsewhere. I've run into this with an old domain name with Namecheap, not sure how widespread the practice is.
Can you spell out what you are implying? Are you saying that the NHSbuntu project is somehow involved with WannaCry, or that they are somehow profiteering?
National Health Service (how most people receive healthcare in the UK). I guess they're context blind because of the recent WanaCrypt infection they're on the minds of the target audience of this joke? buisiness?
Also, while updating individual Linux systems is easy, patching Linux at scale across the thousands of desktops in the NHS needs a proper, thought-out patching strategy to eliminate breakage. You also need to consider -- in what cadence do I actually evergreen old systems?
The NHS could easily have this problem with any OS -- the actual culprit being a total lack of security-mindedness among the various NHS trusts' budget-holders. They viewed IT Security as not worth spending upon and are paying the price.