If it still works for the purpose, it is NOT obsolete.
Stop fetishizing the new.
If it’s connecting to the Internet and not getting security updates, that’s probably not good.
So what you said is mostly true, but there are certainly people running windows XP thinking “I just check my email and read the news, this is fine”
Meh.
If the other layers of security are in place, the risk can be managed.
The problem you describe is from things like that XP user running as admin, a failure of security layering.
Security isn’t just having all the updates, which is the implication statements like this makes.
I have XP VM’s with no service packs that connect to the internet. They’re NAT’ed in VMware to an isolated subnet that has its own firewall. No MS ports are permitted out of that subnet other than RDP, and that only from specific IP addresses. There’s more, but even just this addresses most security concerns.
This is used for testing specific software that only runs on XP.
It’s hilarious that you think someone running XP on the internet knows anything about computer security.
[ring-fenced test-rig for winXP]
It’s hilarious that you think someone running XP on the internet knows anything about computer security.
totally.~
I have to work with some of these machines. When they fail, it’s an ever increasing gamble if we’ll even be able to repair them. I already have to resort to buying parts off eBay “as is” and hoping they work. At some point, there’s not going to be any left and we’ll be utterly fucked.
If it is connected to the internet, and it is not actively receiving updates, it is not working for its purpose.
If it is airgapped from all networks, I agree with you completely.
If it is connected to the internet
Nightmare fuel, at this point. NOTHING but shiny updated firewalls connect to the net themselves.
For me, obsolete often means that I can no longer repair an important tool if it breaks. If I can’t get a replacement hard drive or video card or power supply for my ancient Windows computer, I need to think about getting a new computer, just to minimize risk.
I made an actual post about this last week! Old is getting better with how bad new tech is and the privacy and security over reach. You cant even get a new laptop or gaming system without forking over every data point about your life just to log in. Its absolutely stupid.
Unless you use linux that is.
Stop fetishizing the new.
They’re all sparkle-junkies, man: newer MUST be better!
It’s easier to write “obsolete” than it is “single purpose computer often loaded with technical debt and risk”. A computer is meant as a general purpose device. If it can only do one, it’s mostly obsolete anyhow
That depends on how many things you NEED it to do. My kitchen knife is not more obsolete than my air fryer just because it does fewer things.
And this is a misuse of the term technical debt. Technical debt does not mean OLD. Finished software from the 80s that was complete and bug free has no technical debt. New software almost UNIVERSALLY has more technical debt than older software because nobody has cleaned up the first draft yet. A continuing, rolling package of spaghetti code, patches, unvetted dependencies, and jammed in features that are sold for subscription fee purposes rather than customer need is OVERFLOWING with it. That’s what “move fast and break things” MEANS.
Your kitchen knife is not a computer.
Software is never without bugs. Baffling you’d say otherwise. And I was referring to the many situations where companies used outdated computer systems for many years even though it causes extra work for employees. Absolutely textbook tech debt.
Absolutely disagree on this. There is no fundamental reason software must have bugs. However old systems can be their own technical debt because of things like the hardware no longer being produced and therefore unable to be directly repaired if it breaks from age.
This leaves either reprogramming for a modern device or things like emulation which can create/surface bugs that weren’t present before.
The most extreme example I have heard of (sadly couldn’t quickly find a link for it) was a disorientation simulator for pilot training that had zero software issues in several decades of use and when the hardware failed they replaced it with an FPGA in a modern system that ran all the old code 1 for 1. PDP stuff originally I think.
Additional edit - I’ll add that “bug free” software is insanely rare in reality and nearly but not quite impossible to create in practice. I can’t say the software didn’t technically have bugs but if multiple decades of use didn’t have them show up in practice it is functionally bug free.
You make a fair point.
It’s always a risk balance.
Spending effort and money to upgrade a system just so you can say it’s new makes no sense.
Physical security systems still use single-pair lines for door switches because it just works. There’s no reason to make those things networked just because you can (and companies are trying).
deleted by creator
Lol wtf
Wait until they hear about nuclear powerplants and similar things still working on PDP-11s.
I have a client who has a very very specialised radiation therapy device that works with a very antique iteration of Unix. Its software has been reviewed thousands of times over the years and so has the operating system. They have plenty of spare parts and both the software and OS have been custom updated to work with 32-bit hardware over a decade ago as a precaution,but no hardware replacement has been needed so far - probably due to the relatively good protection from background radiation and very well done temperature management.
Should they upgrade to a modern OS just for the sake of being “up to date”? Fuck no.
That would mean:
-
Getting a new OS that is providing either drivers for the old hardware or getting new hardware. (Replacement costs for new hardware is around 20 million euro +X)
-
Additionally it would mean the new hardware or the new OS will be regulated under the new MDR regulation of the EU, so you can easily add another 20 Million (at least) just for that.
-
Additionally they would have to redo the complete radiation safety certification to prove that the OS does not accidentally fuck with the therapy. (See Therac-25 for that)
-
And the benefit. Minimal. The system is not connected to any network. While in theory an updated hardware could provide some minor advantages, e.g. using the patients data from the hospital information system or storing treatment data in there directly (it’s currently being done with a printer emulator), the therapy planning itself would not change as the very special circumstances this device is used for has only a limited range of treatment options.
So. Is it bad that this is not updated? Fuck no.
-
My oscilloscope still runs on windows 98. Back in it’s days, it cost about as much as a car, and it still works. No reason to throw this standalone machine out.
Go into an average US factory and see how much still runs on 95-Vista
The places I’ve seen in my area from various jobs, including IT and network installation sometimes still ran on an OS that pre-dates fucking DOS for their machinery. 😳
I also recently had to work with a data logger that was from the era of windows 95. Luckily the software attached to it also supported windows 7.
I work with a lot of industrial machines that use all sorts of weird old computers most have been running pretty much non stop for 20-30 years. HP unix, Irix, solaris and windows NT are the least obscure computers I come across. Every week it seems like i run into something new (old). We have a few running on PC98s with a weird english version of J-DOS, computers with RTOS’s like QNX and LynxOS and probably some other shit that i have yet to encounter.
Sadly newer machines just run windows or in a few lucky cases linux. The IT department always trys to manage the windows machines hooked up to the network and breaks them with their anti virus spyware crap.
What a rarity. Another speaker of the forgotten magic… AIX, SunOS, and DEC Alpha to you my friend.
I’m ashamed to admit
Breaking: Linux Inc. stops support for Linux 2000 at the end of the year. Linux Inc. recommends to upgrade to Linux 25, integrating new AI features including an AI agent that will enhance the computer experience drastically. Devices that run Linux 2000 won’t get any more security patches after Dec 31.
That’s why Microsoft sent out one last update to windows 10 to fuck it up and make it in usable.
Wait, it did? When? What did they break?
I have a laptop that still runs win10 that I need for a few obscure programs to work that won’t work on anything else. I haven’t booted it in a while and I would love to know if I really should start it offline and disable window updates on it so I can keep using it.
Don’t let it update. Find a list of their update servers and block them locally. My computer was totally normal and during this last update last week it took a long time updating. So I tried logging in and it would just load part of the desktop ui before freezing totally. I found it was the cryptographic service. Once you kill that service the machine works just fine. But then that program gets called by every program multiple times. So you open services and keep ending that service multiple times during the day. Its annoying to no end. Definitely not encouraging me to get windows ever again.
I will do that today. I am blocking all window updates. My wife has Windows XP on an old laptop and it works fine. She just doesn’t connect to internet.
Wonder what would happen if she did?
to management: Gonna give me $100K for a new GCMS compatible with a shiny new win11 workstation that MS will obsolete in a year or two? How about paying for a new license (subscription!) and a marked up PC and a technician visit to recalibrate everything for the $2MM NMR spectrometer? And then have IT come in to install their mandatory security software that bricks the instrument anyway? No? Then enough griping about your compliance numbers. If it bothers you that much, pitch a proper ask for capital to the business and get IT to allow us to just airgap the sucker instead of trying to debug some corporate security vendor’s rootkit.
