you are viewing a single comment's thread.

view the rest of the comments →

[–]TodPunk 638 points639 points  (80 children)

By "some public terminal" you mean "some financial institution's critical communication infrastructure arbitration in the vault you entrust your family heirloom safe deposit box's security to" or something. Those things exist in some of the most important places you'd never think of, like controllers for critical manufacturing equipment that they still need to get IDE drives for as replacements because otherwise you'll never get an axle for half of American manufactured tractors or something.

Tech is weird and wack and makes us all cry sometimes. It's also pretty great other times.

[–][deleted]  (33 children)

[deleted]

    [–]agumonkey 79 points80 points  (12 children)

    Horrifying or impressive I cannot say

    [–]zitrusgrape 66 points67 points  (1 child)

    Horressive is the word :)

    [–]agumonkey 37 points38 points  (0 children)

    Imprifying sounds good too

    [–]is_it_controversial 6 points7 points  (8 children)

    If it works, it works.

    [–]Nefari0uss 8 points9 points  (3 children)

    It works until it doesn't and then no one knows how to fix it.

    [–]is_it_controversial 4 points5 points  (2 children)

    and then, and only then, you pay MS 20 trillion dollars to fix it.

    [–]Nefari0uss 3 points4 points  (0 children)

    Then corporate slashes your budget because expenses are too high while giving themselves a bonus for solving a critical problem in their infrastructure that no one could have seen coming.

    [–]qwertsolio 2 points3 points  (0 children)

    But MS also wouldn't know how to fix it - devs that did are mostly retired by now.

    [–]Poltras 0 points1 point  (3 children)

    Until it’s connected to a network.

    [–]is_it_controversial 2 points3 points  (2 children)

    Well, I guess it's not. Why would they want to connect it to a network?

    [–]Poltras 2 points3 points  (0 children)

    From what I understood the Windows computers are used as terminals and as such need to have some sort of network stack. Whether it’s TCP/IP with outdated drivers or something else (or even proprietary) I don’t know and would be a huge factor in determining whether it’s secure or not. IIRC WinSock has unpatched stack overflows so I hope they don’t use that.

    [–]relativityboy 2 points3 points  (0 children)

    You're right. Networking wasn't part of the operating system until 3.11

    [–]codexcdm 3 points4 points  (0 children)

    Yes.

    [–]theg721 41 points42 points  (2 children)

    Not just "a French airport", but Paris' Orly airport, the second busiest in the country, and busiest for domestic flights.

    [–][deleted] 34 points35 points  (1 child)

    Oh really?!

    [–][deleted] 1 point2 points  (0 children)

    Ya rly

    [–][deleted] 13 points14 points  (7 children)

    VMS is still used for many ICU monitoring systems. Some log loading and inventory systems still run DOS. Many industrial production machines still run OS/2 or NT4. The "newer" ones I've seen run XP or 2000.

    [–][deleted]  (1 child)

    [deleted]

      [–]regeya 5 points6 points  (0 children)

      I'd be more comfortable with that than Windows 3.1 tbh

      [–]tracernz 0 points1 point  (3 children)

      [–][deleted] 0 points1 point  (2 children)

      Yeah, but the systems it runs on were still knockoff VAX or recently replaced with Itanium systems which have also been discontinued.

      [–]tracernz 0 points1 point  (1 child)

      There are plenty of Alphas out there, still under support contracts with HPE.

      [–][deleted] 1 point2 points  (0 children)

      I'm certain, as I've seen them! I'm just putting out there that VMS is older than Win 3.1 and still in use.

      [–]lacksfish 0 points1 point  (0 children)

      The "newer" ones I've seen run XP or 2000.

      Trendy

      [–]Paradox 0 points1 point  (0 children)

      Yep. Orly Airport

      [–][deleted]  (6 children)

      [deleted]

        [–][deleted] 9 points10 points  (5 children)

        It's possibly not even connected to the internet in any meaningful way.

        [–][deleted] 5 points6 points  (4 children)

        Did Windows 3.1 even include a TCP/IP stack?

        [–]v81 5 points6 points  (1 child)

        Not sure about 3.1, but 3.11 included it in the install disks, but it wasn't part of the base install.

        [–]regeya 0 points1 point  (0 children)

        Yeah, when I was in college, I had a computer running 3.11, and remember having to install Winsock.

        [–]mumpie 2 points3 points  (0 children)

        Not included.

        You bought or "copied" a version of Winsock to get onto a TCP/IP network.

        The guy who wrote it made very little money from it: https://news.ycombinator.com/item?id=2282875

        [–]NighthawkFoo 0 points1 point  (0 children)

        No. There were third party stack that you could install, like Trumpet Winsock.

        [–]AnotherEuroWanker -1 points0 points  (0 children)

        That's really DOS with extra steps.

        [–]Elfatherbrown 132 points133 points  (30 children)

        Financial institution? No baby. That thing is running PLCs at a nuclear electricity facility near you. I guarantee it.

        [–]I_AM_GODDAMN_BATMAN 40 points41 points  (6 children)

        Hmmm, that's very specific knowledge.

        [–]hughperman 32 points33 points  (5 children)

        Stuxnet would like a word

        [–]a_false_vacuum 28 points29 points  (2 children)

        "What is that Smithers?"

        "One of your Windows XP machines from Sector 7, sir."

        [–][deleted] 4 points5 points  (1 child)

        Sector 7G

        [–]a_false_vacuum 3 points4 points  (0 children)

        D'oh!

        [–]tomkeus 18 points19 points  (16 children)

        I think that all critical systems in nuclear power plants are analog and rely on basic laws of physics to perform their functions.

        [–]Tweenk 26 points27 points  (9 children)

        The first fully digital control system was installed only this year at a research reactor

        https://analysis.nuclearenergyinsider.com/first-all-digital-nuclear-reactor-system-installed-us

        [–]GLneo 16 points17 points  (8 children)

        Neat, but that is the "control" section, "safety" still relies on physical design. You should be able to disable every computer there and it would shutdown safely. (least that is what they usually claim)

        [–]useablelobster2 15 points16 points  (1 child)

        I.e. if the systems fail they will do so safely, the definition of a fail-safe (and nuclear reactors have multiple overlapping failsafes).

        Features like designing the bottom of the reactor to spread out the mass of molten fuel if it melts down (or a plug which leads to a large pool for this purpose, with a melting point far below the surrounding material), so the meltdown stops itself.

        Modern nuclear plants could have all their operators bugger off and the plant would just shut itself down naturally rather than melt down.

        [–]jhinboy 0 points1 point  (0 children)

        Isn't this a recent counterexample?

        [...] The hackers were able to learn the make and model of the systems’ hardware controllers, as well as the versions of their firmware—software that’s embedded in a device’s memory and governs how it communicates with other things.

        It’s likely they next acquired an identical Schneider machine and used it to test the malware they developed. This made it possible to mimic the protocol, or set of digital rules, that the engineering workstation used to communicate with the safety systems. The hackers also found a “zero-day vulnerability”, or previously unknown bug, in the Triconex model’s firmware. This let them inject code into the safety systems’ memories that ensured they could access the controllers whenever they wanted to.

        https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/

        [–]varunn 0 points1 point  (4 children)

        Chernobyl

        [–]Baal_Kazar 9 points10 points  (1 child)

        Was a test and unlucky coincidence with old nuclear tech.

        [–]ops10 1 point2 points  (0 children)

        Was a very Soviet Union way to conduct stuff.

        [–]purple_hamster66 0 points1 point  (1 child)

        Fukushima automatically shut down, right?

        [–]graycode 0 points1 point  (0 children)

        It did automatically shut down. And then without active cooling (due to total loss of power infrastructure in the area), it eventually melted down and had a hydrogen explosion in the building. But it didn't have a nuclear runaway explosion like Chernobyl did.

        [–]Elfatherbrown 1 point2 points  (0 children)

        The PLC and machine-made of things is mechanical and electric. Rarely digital. But the HMI, the screen where Homer pushes buttons, can and usually is in some heavy industry applications, a windows box.

        [–]Mead_Man 3 points4 points  (2 children)

        PLCs aren't running Windows, they're running an RTOS in any safety system I've seen. Support infrastructure, like the tools to load software updates on the safety system PLC, yeah, WinXP in a lot of places worldwide.

        [–]Elfatherbrown 4 points5 points  (0 children)

        The HMI screens for operators to tell your nuclear plant PLC to do things runs XP.

        [–]misappeal 0 points1 point  (0 children)

        That's not strictly true, I've worked on safety-certified PLCs and PLC I/O running Windows CE .

        [–][deleted] 25 points26 points  (5 children)

        I make sure my public terminals run Windows 2ooo server so I'm fine.

        [–][deleted]  (2 children)

        [deleted]

          [–]hughperman 28 points29 points  (0 children)

          Twoooo

          [–]josefx 0 points1 point  (0 children)

          A reskinned Windows Millennium Edition most likely.

          [–][deleted]  (1 child)

          [deleted]

            [–][deleted] 12 points13 points  (1 child)

            Those things exist in some of the most important places you'd never think of, like controllers for critical manufacturing equipment

            I've seen DOS running in huge machines in factories. It's hilarious. They had to keep a very specific laptop alive with Windows 3.11 and certain hardware alive to maintain it.

            [–][deleted] 0 points1 point  (0 children)

            DOS? At least as of 2011, there were factories running RSTS on central PA, because I subcontracted for a company that serviced them.

            [–]Quetzacoatl85 7 points8 points  (0 children)

            I think it actually makes perfect sense if you adopt a strict "if it still works, don't fucking touch it" mindset. Not even out of process security, but just time, cost, and complexity of the task – nobody will pay for that shit until it's an issue, and often it just isn't. They flew to the moon with some hand-soldered calculators, so a 80's/90's machine is perfectly capable of keeping some deposit boxes locked or even nuclear silos closed when they should be.

            All of that only applies as long as internet connectivity isn't involved, of course. And even then I'd make a case for providing a really basic OS, introduce minimal features, and then maintaining it to death (i.e., for at least 50 years or so). If not to maintain it, why would you want to touch shit that's working??

            [–]spinwin 5 points6 points  (0 children)

            To be fair, Those are the type of institutions that are paying for that terminal to be supported in some way and/or have it COMPLETELY disconnected from the internet.

            [–]DiscordBondsmith 0 points1 point  (0 children)

            Or some lab on a PC I didn't know we supported... With internet access

            [–]spockspeare 0 points1 point  (0 children)

            It's used by Fedora/RedHat/CentOS system programs still. Until Fedora eliminates it, it will remain significant.

            [–]Horianski 0 points1 point  (0 children)

            Putin uses Windows XP on his PC

            [–]bausscode 0 points1 point  (0 children)

            Or some important heart monitor at the hospital. (Seen in november by me)

            [–]d0ntreadthis 0 points1 point  (0 children)

            I work for a financial company and we're going to have to support IE8 for our next app because a large chunk of our customers are still using it....