So Apparently, the Windows Operating system 3.1, you know from 1992? well it's alive. and apparently some french airport has just been taken down because of it. the computer called DECOR which is used to control the flights and times of the airport just crapped itself.
DECOR's breakdown on Saturday prevented air traffic controllers from providing pilots with Runway Visual Range, or RVR, information. The value that determines the distance a pilot can see down the runway. As fog descended onto the runway and engineers battled to find the origin of the glitch, flights were grounded as a precaution. another funny revelation is some of the computers at the airport are running UNIX and Windows XP as well. someone help these poor souls and help them come out of a rock. and are even to add even more fuel to the fire, the people that fix this require FORTRAN which is an ANCIENT and dead programming language to fix this issues.. lawd have mercy on the french..
I feel for the people dealing with this, but somebody should really be asking the programmers why they haven't in the last 23 years rebuilt the program that controls all this so it can be deployed on a modern system. The most obvious answer is, "If it works don't fix it." But we can see here that it in fact no longer works.
To be totally fair, it did take 23 years to crash. That's got to be a record. :P
I understand the if it works don't fix it mindset but that doesn't guarantee it will keep working.
Reminds me of at my job we have tons of problems because alot of the sites teachers use rely on java and flash. Now that browser are giving them the boot(and for good reason) problems are starting to crop up. The vendors aren't really bothering to switch to html5 and posting workarounds that i just don't have the time to deal with.
If an enterprise implements a solution that requires certain software and development tools, the solution has to be kept up to date or adequate personnel trained in the maintenance and development of the solution. Even if the solution works properly, the day will come where things do break, and if there isn't proper documentation and ease of access, there will be no way to apply a fix quickly. Using old and unsupported systems represent a single point of failure in your organizations information security policy, since the older the software, the less human resources can be easily leveraged towards development, and the less cost effective it will be in practice. It's almost always more cost effective to migrate to a new platform that has more support and stability, then to wait until the old system breaks and try to patch it back together. This is why if you want stability, you would run Linux, which you can continuously update and patch. Microsoft does offer solutions, for example you can run your own update server and have all your windows machines backed up as images, so you can have complete patch control, but you don't have the same kind of granular control you have on Linux. With Windows, you are in an agreement with Microsoft that they will provide security patches and support at a certain level, and they have fully embraced this with Windows 10 (which will be the last "Release" as they move toward a rolling subscription model with tiered support).
It reminds me of the processors used to control traffic lights are unchanged from the 70s and ridiculously expensive for what they are. I don't have the article in front of me but the reasoning was that they were extraordinarily dependable and tried and tested.
Sometimes the system that's grown up around a technology is so bulky and so hard to replace, it's less expensive to keep using the really old, really expensive, equipment at the core, then to change the entire infrastructure. These implementations are often so old that they are considered "So Obscure they're Secure" which really isn't always true. For example, the connections between the windows and Unix based machines that the French Airport are using may be using IPX, an older networking protocol that is widely ignored. But if somebody went to the trouble to accurately fingerprint those networks, IPX has many publicly available vulnerabilities. So using an old, obscure, technology, gives you a small barrier to attackers, but a much wider host of potential vulnerabilities because of the age of the platform. This is not the case with technologies that are constantly updated. For example, Adobe Flash was not properly updated and maintained, and has been replaced with HTML5, because the platform has been steadily updated and upgraded.
Usually when you hear "It's just so reliable and solid, even though it's old..." it's usually because it's too expensive to replace the infrastructure that relies on that hardware and create an updated platform.
I don't think it didn't crash for 23 years, just that they had this one guy who was patching the living hell out of the program, and when this happens he just went and said I TOLD YOU THAT I NEED A BIGGER BUDGET, NOW WERE ALL FUCKED
I work in industrial automation. This sort of stuff is super common. The network infrastructure normally gets updated (firewalls, switches, etc, the core system normally can't be taken offline for any amount of time.) Air traffic control just is just one of those things that can't go offline. The other issue is the company that made the software may have gone under or bought out so there are no resources to help you migrate.
I have seen in refineries power generation, and chemical/petroleum pipeline some of the same issues with their systems. But refineries normally have turnovers every few years so they do have a limited window to change/upgrade their software and hardware.
Airports don't ever close down for a few months so it would be hard to do that. Even if you built a new system in parallel with the old there will have to be a poibt were the old system will go offline and you better hope to god the new one works or people can die.