Feeds

back to article Japan's XP migration solution: Remove network cable

A Japanese local government has come up with a rather unusual solution to the problem of Windows XP migration – keep the venerable OS but disconnect the remaining PCs running it from the internet. In around a year’s time, April 8 2014 to be precise, Microsoft will end free support for the operating system which is still …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

No network = No Work

What kind of work is someone doing in a company that no longer requries shared drives or printing ?. Or will they also be issued with 32Gb USB 2.0 keys which they will use to transport documents.

I can understand standalone machines on a factory workshop but it is difficult to imagine in a government office.

0
8
Silver badge
Meh

Re: No network = No Work

So how did people do their work before the advent of a network?

There were a lot less excuses such as 'I can't do that, the computer is down' and less use of social media during the working daymso maybe they will get more productivity out of the work force.

An example is here on El Reg, most posts occur during the working day.

Also, it is safe to say that if you post an insult to the least productive of the working population, namely Government employees and Civil Servants, you can say what you want about them after 1:30pm on a Friday without fear of being downvotes. They're all on their way home by then.

16
1
Anonymous Coward

Re: No network = No Work

That would be terribly unprofessional.

- Posting from work.

0
0
Bronze badge
Coffee/keyboard

Re: No network = No Work

"most posts occur during the working day"

Wait - people go on here from home ? Really ? Wow.

1
0
Bronze badge
Linux

Re: No network = No Work

"No network = No Work"

The artcile states that it is 800 out of 8000+ computers that are to be kept on XP minus Internet. Perhaps there are use cases for 10% of the computers that do not need network?

Laptop + data projector springs to mind to me as I'm a teacher. Desktop PC with dedicated printer for printing out filled in forms for signature is something I have seen in local authourity offices and libraries a few years ago.

Penguin icon: obvious solution but probably too expensive for business apps to be converted.

4
0
Silver badge

Re: No network = No Work

Keith I can agree with one or two pcs kicking about with their own dedicated printers but 800 pcs !!!!

0
0
Silver badge

Re: No network = No Work

Great Bu: "Wait - people go on here from home ? Really ? Wow."

Erm, this is 2013. We *work* from home :-)

2
0
Silver badge
Pint

Re: No network = No Work

Well yes, some of us work from home....well, /a/ home.

0
0
Silver badge

Re: No network = No Work

Sorry, I guess I should have read to the end of the thread first...

For the rest of you that work from home, do you have a chiller for your laptop? Or do you work inside, at a desk?

0
0
Silver badge

Re: No network = No Work

@keithpeter

trouble with using it for a projector or a form printer is the info will have to be updated at some point. A change in a logo or policy means they have to be altered. Sure, you could do it on the machine only, but then you have no backup.

So you do it on another machine, or copy the files off that machine to save to the network. USB is still a vector for infection. The hackers might find another little glitch in USB that hasn't been discovered and affect your machine that way.

No network does not mean safe.

1
0
Bronze badge

Re: No network = No Work

I take your point. But I've seen 50 with dedicated printers: just 50 different neighbourhood centres.

0
0
Bronze badge
Pint

Re: No network = No Work

"most posts occur during the working day"

Come on Lunch Break, why won't this day end >_<

0
0
Silver badge

Re: No network = No Work

@keithpeter No Internet != no network

1
0
Silver badge
FAIL

Re: Re: No network = No Work

I'm wrong. Just re-read and seen that the network ports are taped up.

So it's back to sneakernet.

0
0

Re: No network = No Work

"Keith I can agree with one or two pcs kicking about with their own dedicated printers but 800 pcs !!!!"

Don't think of it as 800 PCs. Think instead 1 PC out of 10 in an entire prefecture's governmental offices.

0
0
Silver badge

Re: No network = No Work

Yes I suppose that put like that it does make a little more sense.

0
0

Re: No network = No Work

They said they were going to tape over the NIC. That would seem to imply no network. But hey what do I know I'm just a stupid yank.

1
0
Anonymous Coward

Re: No network = No Work

You'll be surprised how many financial conglomerates still have ancient systems around. And they don't necessarily have to be connected to the Internet to do their work. I remember an old Windows 98 box over at a certain bank near Warren Street, which was *not* Internet connected. It was connected to a modem, and that was its sole purpose... to manage that modem.

0
0
Happy

Re: No network = No Work

Now we know why Japan can't fix its little radiation problem in Fukushima.

This people seem not to smart - there are other ways to prevent updates of company computers.

By the way one should consider to use virtual machines/boxes, so you can always keep the original state and you do not have to fight with drivers or printers which are all the sudden no longer supported by your OS provider. Think APPLIANCE! Software/Operationssystem encapsulated in an virtual environment.

0
3
Anonymous Coward

Re: No network = No Work

"Also, it is safe to say that if you post an insult to the least productive of the working population, namely Government employees and Civil Servants, you can say what you want about them after 1:30pm on a Friday without fear of being downvotes. They're all on their way home by then."

hmmm I think you'll find most civil servants won't be accessing El Reg during the working day.... you, on the other hand are clearly being very productive.

Tosser...

0
0
Stop

Re: No network = No Work

"trouble with using it for a projector or a form printer is the info will have to be updated at some point."

You mean a firmware update?

0
0
Silver badge

"Ethernet ports will apparently be taped up in case users forget that their machine is no longer allowed to reach a network."

Only taped up? Fat lot of good that'll do, as if that'll do anything to stop the office idiots ripping the tape off and plugging in cables.

They should do to the Ethernet ports what I do to the USB ports on the office machines to stop people from plugging (malware-infested) USB sticks into them - fill the fucking things with superglue.

3
0
Anonymous Coward

Taping up of ports is just treating the symptom and not the disease. For proper security and software stability it is the users who should be taped. To a telephone pole.

1
0
Silver badge

Taped up

They say taped up, but unless someone here speaks fluent Japanese and can translate the original article, who knows what it actually said. Maybe they intend to fill the jacks with epoxy. Not that this stops someone from using a USB NIC.

On the other hand, the article also says the PCs will be prevented from accessing the "interwebs". Maybe they'll still be on a network, but the subnet they're on will be firewalled off from the internet? Perhaps that was what someone translated (probably with Google Translate or something similarly useless) to "taped up".

That seems like a more reasonable solution to be able to actually do productive work on these machines, while still making it very hard for any malware that might find their way onto them to leak information back onto the internet. Attackers would have to content themselves with destroying data, etc. which would probably only serve to hasten the migration off these artifacts running an OS more recent (I was going to say "from this decade" until I remembered Windows 7 is from the previous decade)

4
0
Silver badge
Joke

Make sure they're not too close to the lines or they'll short them them together and transmit malware via a series of 0s and 1s.

0
0
Bronze badge

Sounds like someone has not implemented suitable network protection.

USB storage devices are blocked here apart from company provided encrypted devices, and if your PC is not up-to-date on AV and security patches it doesn't get access to the network.

1
0
Anonymous Coward

It's probably a cultural thing, in Japan office workers just don't do things like plugging in Ethernet cables when they've been told not to. You don't get people who "know better" and just go ahead and do something because they can.

Working in system support over there must be nice. You tell someone what the problem is and not to do X again and unlike in the UK they don't do X again, rather than making it the first thing they do.

0
0
Bronze badge

Re: Taped up

>unless someone here speaks fluent Japanese and can translate the original article,

I would have a go at reading the original article.. but guess what? The link doesn't actually work. You have to wonder if Phil actually checks all the articles he reposts from RocketNews24.

From the source that RocketNews24 "translated" which is a digest of the original article that doesn't seem to exist;

ネット接続口をテープで覆うなど

This reads "Cover the network connection with tape *etc*".

0
0

This post has been deleted by its author

GPO

You can use GPO to lock down the USB p... Oh that's write you need a network for that.

0
0
Silver badge

Fixes and stuff ....

"This will mean an end to free security patches and fixes for knackered code – exposing organisations to a host of potential info-security risks."

The end to fixes, in itself, will not expose organisations to security risks, because they are already exposed and have been exposed for the past ten years. Fixes are used to, er .....fix things.

There is lots of office/admin work that does not need internet connectivity so why don't they organise their internal structure so that all the XP machines are on a network devoted to internal work? I used to work for a company that had two networks - one was totally internal and was used for product develoment, documentation, internal e-mail, no possibility of connection to the outside world ..............

I'll stop there - you all know this. Somebody needs to tell the Japanese prefecture about all this.

6
0
Silver badge

Re: Fixes and stuff ....

Ah the old red / blue network arrangement :)

Just add someone with a rubber truncheon to deal briskly with anyone plugging in to the "wrong" network and you have pretty good security even with a leaky OS.

4
0
Bronze badge
Devil

Re: Fixes and stuff ....

Rubber truncheon? Modified cattleprod surely *krrzzzzzt*

0
0

Re: Fixes and stuff ....

They can "forget" to tell which cable is the right one, for amusement purposes.

Then all the action can be filmed and aired in local TV as a game show.

0
0
Anonymous Coward

A good solution in the right situation.

I work (hence posting anonymously) for a large UK charity that had a small group of legacy computers running disconnected from the Internet. This was because we could not afford to upgrade them. They were running a mix of W98 & W2K. They were on their own network with shared drives and printers and dealt with physical correspondence including invoicing etc. They were administering contracts worth about £800,000+ a year at the time.

Our other machines where the workers actually needed the internet were running XP which was the current system at the time.

Needless to say the old machines were much more reliable and never once went down, unlike their more modern counterparts. The only external interaction they had was with the encrypted USB sticks used to take back-up off site each night.

Eventually, when we had more money, the administration computers were upgraded and connected to the internet so their reliability and productivity was soon reduced to the abysmal level we had come to expect from the rest of our systems.

11
0
N2
Bronze badge
Thumb Up

Re: A good solution in the right situation.

Sounds like it went well, until you 'upgraded' Ive also noticed how frail some new hardware is despite the price not exactly being bottom book. My preferred OS was Windows 2000 which absolutely flew even on hardware 10 years old. With later versions I often think the computer has halted when I remote it as simple stuff takes so long. & yesterday I had the misfortune of having to use Access 2010, what a mess they made of that.

0
0

Surely taping up Ethernet ports is going a bit far, they could still be given local network access for file and print sharing and just not have a default gateway to get out on the interwebs, thats got to be a better solution surely?

3
0
Silver badge
Joke

If they were that bright, they would already have migrated the machines off XP.

1
1
Silver badge

"already have migrated"

There are lots of reasons why you may want/need to keep an old OS going, the most obvious is you simply don't have the money to buy a new PC but that is probably not the biggest issue here (though report suggested so).

Legacy software, or special hardware, are both reasons why an 'upgrade' can be very expensive and time consuming because you find that the software won't work right on the new OS and/or is not supported or licensable on a new machine, and newer versions of said software is not 100% backward compatible and/or needs something else and so on...

My own solution for my dying w2k box was to convert it into a VM and run it on a Linux machine, more or less the best of both worlds (can run special software that is Windows-only, has better network security Linux-style). Even so, that takes IT skill to implement and user training to make it workable, both of which also cost money one way or another.

Certainly w2k and XP had nothing in the license about virtulisation, but AFAIK Windows 7 (probably also the abomination that was Vista) only permit it on the expensive enterprise version, not OEM/standard.

1
0
Pint

Re: "already have migrated"

Yep, my first thought was similar - install VirtualBox on XP then install a proper OS like Fedora on that for network stuff. Then all you need to do is disable network access, etc, in the XP settings and away you go...

0
0

choujou Adama san

Of course - the Battlestar Galactica solution

2
0

Tape or Group Policy?

No offense, but tape?

1
0
FAIL

Re: Tape or Group Policy?

No Offense, but Group Policy tends not to work very well without network connections.

0
1

This post has been deleted by a moderator

This post has been deleted by a moderator

WTF?

Re: Windows FULLSTOP is not ready for the INTERNET

Really? Again?

How long does full retard training take these days, Eadon?

12
2
Anonymous Coward

Re: Windows FULLSTOP is not ready for the INTERNET

"MS VIRUSES INTERNET FAIL"

Of course, how could my decades of experience blind me to the fact that only MS is vulnerable?

D U R R R!

Really?

ALL OSes/architectures have their failings. MS's failing being that it’s so pervasive; it’s the platform for choice for attackers. Or should attackers concentrate on MAC and ignore the largest installed base? W O W. My faith in human kind is tested to the limits every day.

You’ve made your point (incessantly , time to stop making yourself look foolish perhaps?

2
2

Re: Windows FULLSTOP is not ready for the INTERNET

Attackers did concentrate on Apple computers before 1992. Macs did have more viruses than PC's back then. And no contrary to what many believe Apple did not have a larger market share back then.

If you don't believe me, believe in one of the spokesmen for F-Secure, who is my source. There are many factors that contribute to what platform is preferred by crackers. Market-share is one of them but just one of many. And history proves that it's not the primary motivator.

In fact history shows us that, the easier it is to make malware for a platform the more is made. No platform is immune, but it's only with more secure Windows as Win7 that other platforms have gotten more interest. Everyone want's go take the easy way our, also criminals.

2
0
Anonymous Coward

Re: Windows FULLSTOP is not ready for the INTERNET

I've never sworn at anyone on the Internet, you make me come very close.

Oh and your knowledge of Windows, it's operation, history and development as demonstrated many times over is basically non-existent.

2
0
Anonymous Coward

Re: Windows FULLSTOP is not ready for the INTERNET

@T.est - It's worth mentioning though that in 1992 viruses were not a commercial criminal money making operation and that actually distributing for a smaller group of machines is more effective when it's carried out by disk swapping. This is because you get quicker penetration to the %age of the userbase.

For example - If there are two users of a system and one gives the other an infected disk, you've got 100% infection, whereas if there are 100 users you have 2% infection. You also have a culture of disk swapping to get new software, which adds to distribution.

With modern criminal virus creation and distribution, they don't care about the %age of a userbase running the virus, but the overall amount of machines which could run the virus. You therefore go for the system with the largest userbase.

0
0

Page:

This topic is closed for new posts.