back to article Japan's XP migration solution: Remove network cable

A Japanese local government has come up with a rather unusual solution to the problem of Windows XP migration – keep the venerable OS but disconnect the remaining PCs running it from the internet. In around a year’s time, April 8 2014 to be precise, Microsoft will end free support for the operating system which is still …

COMMENTS

This topic is closed for new posts.

Page:

  1. Khaptain Silver badge

    No network = No Work

    What kind of work is someone doing in a company that no longer requries shared drives or printing ?. Or will they also be issued with 32Gb USB 2.0 keys which they will use to transport documents.

    I can understand standalone machines on a factory workshop but it is difficult to imagine in a government office.

    1. LarsG
      Meh

      Re: No network = No Work

      So how did people do their work before the advent of a network?

      There were a lot less excuses such as 'I can't do that, the computer is down' and less use of social media during the working daymso maybe they will get more productivity out of the work force.

      An example is here on El Reg, most posts occur during the working day.

      Also, it is safe to say that if you post an insult to the least productive of the working population, namely Government employees and Civil Servants, you can say what you want about them after 1:30pm on a Friday without fear of being downvotes. They're all on their way home by then.

      1. Anonymous Coward
        Anonymous Coward

        Re: No network = No Work

        That would be terribly unprofessional.

        - Posting from work.

      2. Great Bu
        Coffee/keyboard

        Re: No network = No Work

        "most posts occur during the working day"

        Wait - people go on here from home ? Really ? Wow.

        1. John H Woods Silver badge

          Re: No network = No Work

          Great Bu: "Wait - people go on here from home ? Really ? Wow."

          Erm, this is 2013. We *work* from home :-)

          1. Anonymous Coward
            Anonymous Coward

            Re: No network = No Work

            Sorry, I guess I should have read to the end of the thread first...

            For the rest of you that work from home, do you have a chiller for your laptop? Or do you work inside, at a desk?

        2. Anonymous Coward
          Pint

          Re: No network = No Work

          Well yes, some of us work from home....well, /a/ home.

      3. Captain Scarlet Silver badge
        Pint

        Re: No network = No Work

        "most posts occur during the working day"

        Come on Lunch Break, why won't this day end >_<

      4. Anonymous Coward
        Anonymous Coward

        Re: No network = No Work

        "Also, it is safe to say that if you post an insult to the least productive of the working population, namely Government employees and Civil Servants, you can say what you want about them after 1:30pm on a Friday without fear of being downvotes. They're all on their way home by then."

        hmmm I think you'll find most civil servants won't be accessing El Reg during the working day.... you, on the other hand are clearly being very productive.

        Tosser...

    2. keithpeter Silver badge
      Linux

      Re: No network = No Work

      "No network = No Work"

      The artcile states that it is 800 out of 8000+ computers that are to be kept on XP minus Internet. Perhaps there are use cases for 10% of the computers that do not need network?

      Laptop + data projector springs to mind to me as I'm a teacher. Desktop PC with dedicated printer for printing out filled in forms for signature is something I have seen in local authourity offices and libraries a few years ago.

      Penguin icon: obvious solution but probably too expensive for business apps to be converted.

      1. Khaptain Silver badge

        Re: No network = No Work

        Keith I can agree with one or two pcs kicking about with their own dedicated printers but 800 pcs !!!!

        1. keithpeter Silver badge

          Re: No network = No Work

          I take your point. But I've seen 50 with dedicated printers: just 50 different neighbourhood centres.

        2. Jordan Davenport

          Re: No network = No Work

          "Keith I can agree with one or two pcs kicking about with their own dedicated printers but 800 pcs !!!!"

          Don't think of it as 800 PCs. Think instead 1 PC out of 10 in an entire prefecture's governmental offices.

          1. Khaptain Silver badge

            Re: No network = No Work

            Yes I suppose that put like that it does make a little more sense.

        3. Anonymous Coward
          Anonymous Coward

          Re: No network = No Work

          You'll be surprised how many financial conglomerates still have ancient systems around. And they don't necessarily have to be connected to the Internet to do their work. I remember an old Windows 98 box over at a certain bank near Warren Street, which was *not* Internet connected. It was connected to a modem, and that was its sole purpose... to manage that modem.

      2. Wize

        Re: No network = No Work

        @keithpeter

        trouble with using it for a projector or a form printer is the info will have to be updated at some point. A change in a logo or policy means they have to be altered. Sure, you could do it on the machine only, but then you have no backup.

        So you do it on another machine, or copy the files off that machine to save to the network. USB is still a vector for infection. The hackers might find another little glitch in USB that hasn't been discovered and affect your machine that way.

        No network does not mean safe.

        1. MrZoolook
          Stop

          Re: No network = No Work

          "trouble with using it for a projector or a form printer is the info will have to be updated at some point."

          You mean a firmware update?

      3. Kubla Cant

        Re: No network = No Work

        @keithpeter No Internet != no network

        1. Kubla Cant
          FAIL

          Re: Re: No network = No Work

          I'm wrong. Just re-read and seen that the network ports are taped up.

          So it's back to sneakernet.

        2. kain preacher

          Re: No network = No Work

          They said they were going to tape over the NIC. That would seem to imply no network. But hey what do I know I'm just a stupid yank.

    3. gmathol
      Happy

      Re: No network = No Work

      Now we know why Japan can't fix its little radiation problem in Fukushima.

      This people seem not to smart - there are other ways to prevent updates of company computers.

      By the way one should consider to use virtual machines/boxes, so you can always keep the original state and you do not have to fight with drivers or printers which are all the sudden no longer supported by your OS provider. Think APPLIANCE! Software/Operationssystem encapsulated in an virtual environment.

  2. Steven Roper

    "Ethernet ports will apparently be taped up in case users forget that their machine is no longer allowed to reach a network."

    Only taped up? Fat lot of good that'll do, as if that'll do anything to stop the office idiots ripping the tape off and plugging in cables.

    They should do to the Ethernet ports what I do to the USB ports on the office machines to stop people from plugging (malware-infested) USB sticks into them - fill the fucking things with superglue.

    1. Anonymous Coward
      Anonymous Coward

      Taping up of ports is just treating the symptom and not the disease. For proper security and software stability it is the users who should be taped. To a telephone pole.

      1. Anonymous Coward
        Anonymous Coward

        Taped up

        They say taped up, but unless someone here speaks fluent Japanese and can translate the original article, who knows what it actually said. Maybe they intend to fill the jacks with epoxy. Not that this stops someone from using a USB NIC.

        On the other hand, the article also says the PCs will be prevented from accessing the "interwebs". Maybe they'll still be on a network, but the subnet they're on will be firewalled off from the internet? Perhaps that was what someone translated (probably with Google Translate or something similarly useless) to "taped up".

        That seems like a more reasonable solution to be able to actually do productive work on these machines, while still making it very hard for any malware that might find their way onto them to leak information back onto the internet. Attackers would have to content themselves with destroying data, etc. which would probably only serve to hasten the migration off these artifacts running an OS more recent (I was going to say "from this decade" until I remembered Windows 7 is from the previous decade)

        1. Anonymous Coward
          Anonymous Coward

          Re: Taped up

          >unless someone here speaks fluent Japanese and can translate the original article,

          I would have a go at reading the original article.. but guess what? The link doesn't actually work. You have to wonder if Phil actually checks all the articles he reposts from RocketNews24.

          From the source that RocketNews24 "translated" which is a digest of the original article that doesn't seem to exist;

          ネット接続口をテープで覆うなど

          This reads "Cover the network connection with tape *etc*".

        2. This post has been deleted by its author

      2. Dan 55 Silver badge
        Joke

        Make sure they're not too close to the lines or they'll short them them together and transmit malware via a series of 0s and 1s.

    2. Hellcat

      Sounds like someone has not implemented suitable network protection.

      USB storage devices are blocked here apart from company provided encrypted devices, and if your PC is not up-to-date on AV and security patches it doesn't get access to the network.

    3. Anonymous Coward
      Anonymous Coward

      It's probably a cultural thing, in Japan office workers just don't do things like plugging in Ethernet cables when they've been told not to. You don't get people who "know better" and just go ahead and do something because they can.

      Working in system support over there must be nice. You tell someone what the problem is and not to do X again and unlike in the UK they don't do X again, rather than making it the first thing they do.

    4. kain preacher

      GPO

      You can use GPO to lock down the USB p... Oh that's write you need a network for that.

  3. frank ly

    Fixes and stuff ....

    "This will mean an end to free security patches and fixes for knackered code – exposing organisations to a host of potential info-security risks."

    The end to fixes, in itself, will not expose organisations to security risks, because they are already exposed and have been exposed for the past ten years. Fixes are used to, er .....fix things.

    There is lots of office/admin work that does not need internet connectivity so why don't they organise their internal structure so that all the XP machines are on a network devoted to internal work? I used to work for a company that had two networks - one was totally internal and was used for product develoment, documentation, internal e-mail, no possibility of connection to the outside world ..............

    I'll stop there - you all know this. Somebody needs to tell the Japanese prefecture about all this.

    1. Paul Crawford Silver badge

      Re: Fixes and stuff ....

      Ah the old red / blue network arrangement :)

      Just add someone with a rubber truncheon to deal briskly with anyone plugging in to the "wrong" network and you have pretty good security even with a leaky OS.

      1. rh587
        Devil

        Re: Fixes and stuff ....

        Rubber truncheon? Modified cattleprod surely *krrzzzzzt*

      2. sw5guilherme

        Re: Fixes and stuff ....

        They can "forget" to tell which cable is the right one, for amusement purposes.

        Then all the action can be filmed and aired in local TV as a game show.

  4. Anonymous Coward
    Anonymous Coward

    A good solution in the right situation.

    I work (hence posting anonymously) for a large UK charity that had a small group of legacy computers running disconnected from the Internet. This was because we could not afford to upgrade them. They were running a mix of W98 & W2K. They were on their own network with shared drives and printers and dealt with physical correspondence including invoicing etc. They were administering contracts worth about £800,000+ a year at the time.

    Our other machines where the workers actually needed the internet were running XP which was the current system at the time.

    Needless to say the old machines were much more reliable and never once went down, unlike their more modern counterparts. The only external interaction they had was with the encrypted USB sticks used to take back-up off site each night.

    Eventually, when we had more money, the administration computers were upgraded and connected to the internet so their reliability and productivity was soon reduced to the abysmal level we had come to expect from the rest of our systems.

    1. N2
      Thumb Up

      Re: A good solution in the right situation.

      Sounds like it went well, until you 'upgraded' Ive also noticed how frail some new hardware is despite the price not exactly being bottom book. My preferred OS was Windows 2000 which absolutely flew even on hardware 10 years old. With later versions I often think the computer has halted when I remote it as simple stuff takes so long. & yesterday I had the misfortune of having to use Access 2010, what a mess they made of that.

  5. mark l 2 Silver badge

    Surely taping up Ethernet ports is going a bit far, they could still be given local network access for file and print sharing and just not have a default gateway to get out on the interwebs, thats got to be a better solution surely?

    1. Brewster's Angle Grinder Silver badge
      Joke

      If they were that bright, they would already have migrated the machines off XP.

      1. Paul Crawford Silver badge

        "already have migrated"

        There are lots of reasons why you may want/need to keep an old OS going, the most obvious is you simply don't have the money to buy a new PC but that is probably not the biggest issue here (though report suggested so).

        Legacy software, or special hardware, are both reasons why an 'upgrade' can be very expensive and time consuming because you find that the software won't work right on the new OS and/or is not supported or licensable on a new machine, and newer versions of said software is not 100% backward compatible and/or needs something else and so on...

        My own solution for my dying w2k box was to convert it into a VM and run it on a Linux machine, more or less the best of both worlds (can run special software that is Windows-only, has better network security Linux-style). Even so, that takes IT skill to implement and user training to make it workable, both of which also cost money one way or another.

        Certainly w2k and XP had nothing in the license about virtulisation, but AFAIK Windows 7 (probably also the abomination that was Vista) only permit it on the expensive enterprise version, not OEM/standard.

        1. System 10 from Navarone
          Pint

          Re: "already have migrated"

          Yep, my first thought was similar - install VirtualBox on XP then install a proper OS like Fedora on that for network stuff. Then all you need to do is disable network access, etc, in the XP settings and away you go...

  6. Marcp

    choujou Adama san

    Of course - the Battlestar Galactica solution

  7. Gordon Pryra

    Tape or Group Policy?

    No offense, but tape?

    1. ansi.sys
      FAIL

      Re: Tape or Group Policy?

      No Offense, but Group Policy tends not to work very well without network connections.

  8. John Tserkezis

    I don't see XP as a big enough problem to upgrade anyway.

    Firstly, yes, you lose updates, but on that size network, you're going to be running via a central router/firewall/filter whatever, enough that *direct* attacks aren't possible or at least minimised.

    Indirect attacks (downloaded malware) is a serious risk in almost any environment, but there's no reason you can't lock down XP pretty much like later OSs, not to mention virus/malware scanners and such.

    You lose support. Or at least free support. Big whoop. I have a real problem with the "support" supporters, (excuse the pun), namely because I've never seen anyone call support and received a *useful* answer. Not talking about stupid non-problems you can google, but real problems. Maybe I've led a sheltered life, but anyone I know who's called for real problems has hit a brick wall with Microsoft. In other words, you've lost nothing, because you didn't have it in the first place.

    Software requirements. Believe it or not, sometimes *YOU* have no control over what software someone else has picked. You know the one, it ONLY works with IE v6, you're in charge of keeping it working, the Powers That Be won't let you replace it and you can't argue with the idiot who bought it - usually because he's your boss.

  9. Tank boy
    Trollface

    More than one way to skin a cat I guess...

    In the US Army we'd call that "a technique". Not that it's the best fix in the world (tape? c'mon now), but if it's stupid and it works, it's not stupid.

  10. Anonymous Coward
    Anonymous Coward

    "Firstly, yes, you lose updates, but on that size network, you're going to be running via a central router/firewall/filter whatever, enough that *direct* attacks aren't possible or at least minimised."

    I suppose that level of security is fine for my bank?

  11. FuzzyTheBear
    Devil

    Got to ask

    Is there anywhere in the license an article that says there is a time limit to support and they can render the operating system useless at a time of their choosing ? Because imho , that creates a precedent where a company could arbitrarily choose to end product life in say , 2 years if they so choosed . Terminating XP's usefull life seems to bring us on a dangerous slope. Imagine if next year they said .. ok win 7 is 5 yo , we stop supporting it to force you to buy another newer operating system ? See what im saying ? Terminating XP support means same will happen to Win7 at a time of their choosing. The more i think about it , the scarier it gets.

    1. Glenn Booth

      Re: Got to ask

      @FuzzyTheBear

      You started with a 'what if?' then went to a 'just supposin'' and ended with a completely unjustified 'if X happens then Y will happen and that scares me lots'.

      There comes a time when all old technology products come to the end of their useful life. XP is old. Live with it. Or do you think that MS should keep supporting it in perpetuity?

      If you don't want a product that will have an 'end of support' notice at some point, I'm sure you could find some obscure open source OS that doesn't have any support in the first place. At least you'll know where you stand, eh?

    2. El Andy

      Re: Got to ask

      Microsoft have very clear published support roadmaps, which form a contractual obligation for many of their clients. They don't just obsolete things on a whim, that's more a Google thing.

    3. Hardwareguy

      Re: Got to ask

      They already do.

      Its called the Microsoft Product Lifecycle Policy.

      http://support.microsoft.com/lifecycle/default.aspx?LN=en-gb&c2=14019&x=9&y=17

      Win 7 Support ends in Jan 2015.

Page:

This topic is closed for new posts.

Other stories you might like