How Microsoft can keep Win XP alive – and WHY: A real-world example What if Microsoft announced it's not ending support for Windows XP next Tuesday after all, and instead will offer perpetual updates (for a small fee, of course). Something inside me, somewhere between my sense of humor and soul-crushing cynicism, drove me to turn that dream into an April Fool for this year. But all cruel …
If, as in your example, a system has to continue running XP it is only a security hazard if it has a direct or indirect connection to the internet. For your example disable all protocols except NetBEUI on the XP systems and transfer any necessary files to them on a USB stick (or CD or even floppy).
For other cases putting a paranoid firewall between the XP box and the outside world might suffice.(Firewall in whitelist mode allowing only a few specified IP addresses to communicate with the XP box and only over specified ports.) This is not as secure as an air gap but may be adequate.
I must admit that this was also my first thought. I can't imagine a benefit to having a cnc machine such as a lathe connected to the internet even if it is through an XP PC. Another alternative would be connect the XP boxes with serial lines to a central file server (running your favorite *nix or *nix-a-like?) to retrieve the CAM files and let them sit disconnected most of the time.
#sz -be /to/the/rescue
I have a "customer" (in the sense that it's the precision engineering firm that my wife's ex used to own/run and I help them out occasionally) who has an NC machine tool controlled by a PC.
It runs Windows 95. The hardware includes a Hercules graphics card and one of those multi-serial boards. The issue isn't the software - coz of course it will never, ever see the internet or a USB device and It Just Runs (tm). The worry is the hardware. Three years ago I sourced a populated motherboard, a herc graphics card and a hard disk that are pretty much identical to the system, and cloned the software it onto the hard drive. I doubt I could obtain them now. The only worry is that multi-serial card. I have no idea if/when they'll replace that machine tool. All I know is it meets their needs today, which are of course driven by their customers.
One thing IBM did very well back in the 1960s and 1970s was excellent emulation / simulation of older hardware and operating systems. At one point, as I heard tell, the US Social Security Administration was running Autocoder for the 7900 (an assembler-level language running on a 1950s machine), simulated on an IBM 360 running DOS (a 1960s mainframe OS, emulated on a 360 running MVS, simulated on a 3070 running VM. (I probably have all the details wrong, but you get the picture.) This was because the original code *was* the SocSec's business logic, and rewriting raised the probability that the new code would not output the same numbers, causing havoc in the real world.
I assume that sometime in the early 1980s or late 1970s, the administration finally bit the bullet and rewrote the code. But maybe not - the Federal Employees Retirement system is still almost entirely based on paper, for similar reasons.
"Indeed sir, however, my "how to survive the XPocalypse" article is a few days down the road. I have a list of methods, refined from keeping NT4 and Windows 2000 systems going all this time..."
Ahhh, Windows NT4 running on a DEC Alpha. What a lovely stable setup,! My one ran 60 progress databases for a multinational.
I have Windows 3.1 running on a machine with good old Trumpet Winsock for connectivity.
Assumptions, assumptions, assumptions.....
Some of the machinists walk around with USB keys in their pocket, so they can move settings between machines... Why? Because not all the fabrication equipment is networked. But also because they can't find anything on that damn network share.... In fact, the last time someone used it they took off the wrong settings and it cost the company a fortune in retooling! So no more network copies... "One copy only, and we'll ensure its always the latest as the previous one is overwritten on the USB key, right lads?"
Said machinist then takes the USB key home where their kid uses it to copy a picture or something for a school project off the home PC. Monday morning comes and said machinist plugs the USB into the critical XP box. 24 hours later Crypto-Locker has pwned the box!
What's worse a lot of these machine shops have absolutely no backups to cover hardware failure either. At the very least they should pay a Server 'Pot' person to clone the drives on crucial boxes, and keep them offline for those rainy days!
"Procedure: Securely fasten CNC machine USB devices to 15 cm mild steel angle iron. Fixed."
Or as some do, remove USBs and floppies* altogether and replace them with a secure wireless/Bluetooth linked to a server that serves no other purpose (i.e.: not otherwise connected to the net). That way, there's a chain of command and QA is guaranteed.
___
* As many CNC-ers would know, floppies are still alive and well in this environment, even hard-sectored ones which I've otherwise not seen for several decades.
Even if it is....
In any normal production environment, Windows--any version--will usually only be the UI for the controller software, important machine functions reside within the CNC machine's embedded code.
With respect to a Windows failure (through virus, HD failure etc.), then the normal procedure would be to either mirror the drive with a functional copy of Windows and its controller software or simply unplug the drive and replace with one that's pre-configured with Windows etc.
The current job--the M Code that's loaded onto the machine--will need to be reloaded from the tool room / development shop's library. The only thing lost might be log and counter files.
"Said machinist then takes the USB key home "
This is a non-problem, a matter of lax procedure and easily dealt with.
Attach a real credential to the USB stick with a ring - some sort of ID card, and lock the rings to an eyebolt set in the wall. Give each person onsite a similar card with their ID on it. Give the key to Two Trustworthy People, to whom you pay a stipend to be the keymasters. Someone wants a stick, they must ask for one and surrender their ID.
Now you post a notice on the staff noticeboard: All Staff IDs must be claimed by day's end. Removal of USB sticks from factory is a firing offense. You have to mean this, of course.
If you have the ability, make the ID part of the clocking in procedure and you are watertight.
My brothers firm has to use a Windows 98 laptop connected to their lathe. They have a stockpile of abut three old laptops I bought off Ebay for like £30 each and slapped Win98 on them. They don't connect to the web so its not really an issue.
They are set for another 10+ years. Business as usual.
>Windows 98 laptop ... They don't connect to the web so its not really an issue.
It's not an issue even if you do connect to the web. Modern virus, worm, rootkit etc can't run on Win 98, and the internet is mostly unusable in IE5. Even USB is not a problem: we never did get USB to work properly on our Win98 machines, and if you did, now-standard software rules rule out usb problems anyway.
"transfer any necessary files to them on a USB stick (or CD or even floppy)."
Why not. After all, it's good security advice like that that successfully saved the world from Stuxnet (and countless other stick-viruses before that whose names I forget).
It wasn't good advice?
Howcome all the upvotes then?
Huh? Almost always: "new technologies" .NE. code. There are a few exceptions, but none that I can think of that would apply to MS.
Perhaps they could learn to Hibernate without assuming that all (for example) 4GB of RAM needs to be saved to disk. It seems like the OS doesn't even know how much and which memory is actually being used. It seems that they just stupidly save the whole 4GB block. Has nobody else noticed this?
Perhaps they could learn that if there's humans about, for example someone just having turned on the PC, then perhaps the humans could be allowed on the Internet in front of every single last installed program, and the OS, all seeking updates all at once for fifteen bloody minutes. Perhaps I'll stop caring when the fibre is connected to my house.
Perhaps they could provide a GUI where the Internet connection could be defined in terms of price and speed. So if the PC is connected via satellite at $0.50 per kilobyte, then all software maintenance and other non-human riff-raff would be automatically disabled. They've made zero allowance for having ultimate control over the Internet, except by dozens of individual settings all over the place. Many of which get reset by idiot programmers with updates. Daft.
Perhaps when MSSE needs an update, it wouldn't have to download a massive file each time. Stupid.
They don't even get the basics right - even in The Year Of Our Lord 2014.
It's bloody frustrating.
I agree with you, and with Mr Pott's analysis, but I would add one proviso: I have no problem with paying - or, more accurately, recommending that customers pay - for ongoing support for XP, provided that when the PCs were purchased the supplier from who they were sourced notified the customer of the date on which the O/S (for which they were paid, after all) would go out of support. It is of no consequence to the end-user that the supplier bundled MS software on OEM licence terms or on retail terms or whatever; what matters is that if you buy a box with a feature (in this case, XP) and that feature has a 'death' date, the supplier should be required to tell you that date at the time of purchase.
But here's the thing: There ISN'T any "death date" for Windows XP. It'll still work fine, even after the cut off date for official support.
Microsoft even extended support for XP, even though it was originally intended to stop it in 2009.
Everyone who bought a PC with XP on it, would have known, or would be told if they asked, that official support would end in 2009. That means that they would have had almost a decade to plan how to migrate from XP, and set aside the funds to do so.
That they didn't do this, or never thought of it, is neither Microsofts nor the retailers fault. Just like you can't blame them, when you visit a porn site that gets you XP machine infected.
Everyone who bought a PC with XP on it, would have known, or would be told if they asked, that official support would end in 2009
Who are you trying to kid?
People will look at the expiry date on a packet of ham or a loaf of bread.
They probably wouldn't look at it on a tin of beans, or frozen peas.
As for a computer... ? Consumers wouldn't even consider there being an "expiry" date on something like that.
And would they have been told that newer versions of Windows would stop netbui, or direct access to the parralel port, or support for x?
Joe Average User? No. And to them it won't matter because they don't need it. The ones that DO need a particular kind of support will look whether that will still be provided by Windows.newerversion, OR they'll take the approach "It works, don't touch it"
> they want world domination.
Too true. I doubt the issue is profitability of XP and associated support programmes. I suspect the real issue is ecosystem upgrade. You need W7 for Outlook 2013 which needs Windows Server X which means Lync needs an upgrade and sharepoint. If XP doesn't need upgrading, none of the rest happens either.
As far as W8 goes, it was an attempt to ram the windows mobile interface into the marketplace by leveraging the desktop. The XP drop dead date is there to force upgrades to the new interface in the hope they will pick up new mobile market-share as people get used to it.
Then there is the problem of mono-culture - from MS' point of view, the lack of it. XP and W8 aren't all compatible (despite "compatibility mode") MS doesn't want dev's to have to code for multiple Windows platforms nor do they want new features OS features to be ignored as dev's seek to provide a common experience across all platforms. Even worse would be devs deciding that something like QT provides a better way to do apps which cross Windows (and other OS) platforms than native apps. With OSX, IOS and Android eating away at consumer GUI mindshare, MS has problems in almost every direction.
Then there is the obvious - why just get paid for maintenance when you can slap a new GUI on and call it a new OS?
The W8 thing must really hurt. A failed mp3 player is one thing, but an OS that no-one wants is a shock to their core business.
None of this is to say that MS is dying, but they do have a lot to lose and as PC's continue to be replaced by more appropriate mobile form factors, MS knows it has to do something to break out of the traditional business desktop, and they need to do it quickly before ARM chips move up-market into PC-class devices.
UK and Dutch governments have already signed up for extended support. Whether that means that Microsoft will issue regular security patches for them, I don't know.
http://arstechnica.com/information-technology/2014/04/not-dead-yet-dutch-british-governments-pay-to-keep-windows-xp-alive/
XP Needs to Die: it's a fifth wheel that has stuck around because it's more lightweight than anything else Microsoft has released (besides maybe server core), and runs most all the applications people use. Windows 7 brought bloat, eye candy, and features barely anyone used such as bit locker, but it wasn't all that much better than XP. XP's default theme was ugly, but that was easily turned off. The idea that Windows 7 is more secure than XP remains to be debated, as I have seen just as many infected Windows 7 machines as XP machines. Is UAC security? No, it isn't. Microsoft's "numbers" say otherwise, but I don't trust anything that comes out of that company, code included.
It would make sense for MS to have an OS in place for XP users to jump to besides Windows 8.1 Update 1. They're continuing the feudalistic app store model with the ugly preschool-esque 4-bit color Modern tiles, and there's still no Start menu. From the leaks, it looks like the entire Modern shit will continue to take over a user's screen when the Start button is pressed. Microsoft apparently doesn't understand that the whole bifurcated user experience is something many people don't want, and that there are millions of people out there who don't want to deal with Modern whatsoever.
The beauty of Linux or BSD, is that you can customize your system however you want; you don't have a company foisting old school tactics on you, saying how you will use your computer, and forcing you to interact with it in a specific way. Yes, Windows doesn't need to be as customizable as Linux for the consumer market, but they have it so locked down, going for the whole totalitarian-we-are-god-embrace-extend-extinguish mentality, that it's sickening.
Guess what, Microsoft, "Embrace, extend and extinguish" doesn't work anymore. Fuck you, and you can flush your shitty ass operating system right down the toilet.
You didn't make your case for killing XP very persuasively. What I will say based on several years of post-XP experience on 4 or 5 machines and over 30 years in the industry is that I see no compelling reason to switch EXCEPT for the gun that Microsoft is pointing at me. Pay up, or take your chances, and you certainly know how small they are based on Microsoft's security track record.
I think the economics are highly debatable. It is not like Microsoft is desperate for cash and couldn't afford the minor charity. It's simply that Microsoft wants to force us to newer OSes, and I feel no real sense of security with ANY of Microsoft's OSes. The basis of the problem is actually the reverse of following the money. No matter what damage Microsoft's errors inflict upon you, it's just too bad and by opening the shrink-wrap and accepting the EULA you have agreed to it. If Microsoft agreed to continue support for XP, at least I would think they had some confidence they can secure it, but the added complexity of post-XP OSes merely makes it that much easier for the real experts to pwn me without my ever detecting it. At least that's how it feels to me.
Unfortunately, Microsoft's business model is excellent, no matter how flawed their software is, and they have established that standard for the entire industry. Can you imagine how software would be designed if the company selling the software was actually liable for the abuse? Hint: DEFENSIVELY and CAREFULLY.
Sorry, but Linux is not the solution. Linux is more like a possible answer in desperate need of an effective business model.
"Sorry, but Linux is not the solution. Linux is more like a possible answer in desperate need of an effective business model."
You are so off base with that comment -- you must be joking or just ignorant. Yeah, Linux running most of the world's servers is an OS desperately in search of an effective business model. That's why IBM invested $1 Billion into Linux just recently. They invested $1 Billion into Linux over a decade ago too. The Linux desktop is getting better and better all the time. Is it perfect? No. It's good enough for Google employees and the city of Munich (and me), however. I just severely quashed your entire post. Let me know when you wanna start living in reality.
http://www-03.ibm.com/press/us/en/pressrelease/41926.wss
"running most of the world's servers "
Most of the world's servers run on Windows Server (75% market share)
"That's why IBM invested $1 Billion into Linux just recently. They invested $1 Billion into Linux over a decade ago too. "
Actually that's because they are desperately trying to counter the wholesale migration of their midrange boat anchor business onto Wintel...
@AC
Please join a long line of people pulling stats from their rear. [http://w3techs.com/technologies/overview/operating_system/all]
Do you want to tell us about your new application that dwarfs the number of web servers?
UNIX/Linux Family is used by 67.5% of all the websites whose operating system we know.
ALL versions of Windows 32.5% of all the websites whose operating system we know.
[A lot of them seem to be Server 2003!, the Server version of XP]
OSX about 0.1%
Not the point. The example given is an excellent explanation of what *real* people want from computers. The "computers-as-an-end-in-themselves" crowd need to get a grip on this.
The salient point for the use case presented is: who will write the Linux drivers for those CNC lathes that are no longer in production anywhere in the world and are too expensive to simply toss out because someone thinks the real world follows the IT model of obsolescence? And on what equipment will these wond'rous Linux solutions be tested? I doubt the place has a spare CNC lathe just lying around for the purpose, because machine tools are like locomotives: standing still they are losing money.
Living and working in the IT world distorts perspective. We turn over kit at an alarming rate just for the sake of doing so and lining the vendors' pockets. (Don't make me wheel out tales of the endless meetings over servers humming along nicely but creating panic in the enterprise because they are at "End Of Service Life"). In the real world machinery needs to earn its keep and to do so until it falls apart.
The 747 Jumbo Jet started flying in 1970, and large numbers are still flying today. Until a year ago I work on the maintenance of some of its onboard systems. There weren't any cheap computer systems in 1970 but as soon as these became available they were used to assist and automate the testing of onboard systems. So this time last year I was working with elderly PCs that ran DOS, Windows 3.1 and the like. So the firm kept a stock of ancient PCs in an attempt to maintain the capability of maintaining these aircraft systems. The cost of getting new software to run on modern computers, and getting it certified for testing passenger aircraft is quite prohibitive.
There are all sorts of elderly software/hardware systems running on these aircraft too. Bear this in mind on your next cheap flight.
"Some devs have written a driver in a day."
But probably not in cases where the original hardware vendor either no longer exists, or no longer has any technical records for that particular model, or just wants to sell you a new lathe and is therefore unwilling to provide documentation.
And once your dev has reverse engineered the hardware spec, they are unlikely to be willing to guarantee the correct operation of their driver. At least, they won't be willing to sign a piece of paper that lets you recover losses from them if the driver turns round in a month's time and refuses to talk to the lathe that your business depends on. You might argue that the lathe vendor signed no such paper either, but you have a decade or more of experience to build your confidence in the original driver. The new one is a leap in the dark.
I am curious about how easy writing a driver is when there exists no documentation on the equipment because the vendor has gone out of business. I also wonder how many developers would be willing to "develop a driver in a day" for such a device when screwing up the driver means having 1000lbs of hot metal spinning at 10K RPM come flying at them?
Are you volunteering?
"A good developer could write a driver for a CNC lathe in a short period of time. Some devs have written a driver in a day. You make it sound like an impossibility."
Ah yes, the old "please follow my unwritten thought through this sudden sharp turn" ploy. You certainly tricked us with your clever use of not staying on the explicit subject. Well done.
Though I have to wonder why you are citing a feat entirely irrelevant to the subject under discussion in order to prove whatever it is you feel was proved.
Other than if you don't tell people you've changed the subject they won't know you've done that. Which seems sort of self-defeating to the thrust of your (partly invisible) argument in my opinion, but there you go.
You got me.
@Trevor_Pott
If it were on a Linux machine to begin with, using open source drivers, nobody would have to worry about when MS's proprietary OS's stop being supported, therefore leaving the I.T. department to worry about security. Yes, an open source driver could be developed on Windows, but usually any type of driver development on Windows is closed source.
Your whole "sky is falling" outlook on a Linux driver developed for a CNC lathe is not a realistic outlook on the resulting outcome. With a very smart and talented developer and some serious testing, "1000lbs of hot metal spinning at 10K RPM come flying at them" is just a statement that apparently made sense to you at the time you typed it, but that is not a real world example. Drivers for CNC lathes should be open source, and should allow easy migration to new operating systems. Purchasers should demand this, to prevent vendor lock-in. But hey, if people want to be hooked up, ball and chain and all, to MS's proprietary model where they say what goes and what doesn't and dictate how you will use your machine, be my guest.
"Drivers for CNC lathes should be open source"
I agree entirely
"and should allow easy migration to new operating systems."
Again, I agree entirely
"Purchasers should demand this"
Once again, we agree.
"to prevent vendor lock-in."
And now you're living in a dream world. Customers can whine and cry and stamp their feet all they like, but the options are "buy what exists or go out of business/don't start your business." You don't get a say in what is on offer. Developers don't give a fuck and customers have zero pull.
Life sucks and then some fish eat you.
"And now you're living in a dream world. Customers can whine and cry and stamp their feet all they like, but the options are "buy what exists or go out of business/don't start your business." You don't get a say in what is on offer. Developers don't give a fuck and customers have zero pull.
Life sucks and then some fish eat you."
All excellent points. People need to amp up the pressure for open source drivers.
If it were an opensource driver in the first place, it wouldn't have been a problem. But hindsight is wonderful.
Opensource is a concept that has only recently gained more awareness outside IT. I only came across it in 1999, seven years after graduating in IT, I'd heard of shareware and free software (even used some, like Mindreader WP), and even theorised the possible advantages of such a system, but all I'd been taught about was the past, not the present or future.
The ideal solution would have been for a large number of companies who operate these lathes to cooperate in paying for the development of a new computer control system for these systems.
Singularly, the cost of development would be prohibitive, the dedication of one valuable machine to testing unacceptable, but together, the cost would have been neglible. Information could also have been shared, and even contracts obtained to have parts manfactured for machines that were no longer manufactured or whose manufacturers had gone out of business.
Unfortunately, this kind of cooperatrion rarely happens in modern capitalism. Competition does not breed cooperation..And bespoke software seems to be out of fashion...
Unfortunately, this kind of cooperatrion rarely happens in modern capitalism. Competition does not breed cooperation..And bespoke software seems to be out of fashion...
Also, in specialist markets such as this, the number of suppliers is vanishingly small, and each of them doesn't want to give away many-figure contracts to the competition, so just about everything about them is considered trade secrets. This includes man-machine interfaces, communications buses, etc. In a small market, lock-in is basically a given, so it becomes a Hobson's choice: either accept the lock-in or don't enter the market. No Third Option.
QUESTION: Has the firm considered upgrading the machine and installing the related software onto an XP Virtual Machine running on top of the modern OS? With a virtual network adapter, the XP VM should still be able to talk NetBEUI to the CnC unless I'm missing something. This also has the potential advantage of improved failover capability (machine fails, swap it out and reinstall the image; VM fails, restore image backup).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
