Secret Service Runs At "Six Sixes" Availability

PCM2 writes "ABC News is reporting that the US Secret Service is in dire need of server upgrades. 'Currently, 42 mission-oriented applications run on a 1980s IBM mainframe with a 68 percent performance reliability rating,' says one leaked memo. That finding was the result of an NSA study commissioned by the Secret Service to evaluate the severity of their computer problems. Curiously, upgrades to the Service's computers are being championed by Senator Joe Lieberman of Connecticut, who says he's had 'concern for a while' about the issue."

Wow.

[moogied]

They should just flip the availability numbers over and get rid of the decimal. "Sir, its not 66.. its 99! You have it upside down!" -- Fixed.

Upgrade...

[ak_hepcat]

To windows, and get 73% uptime!

Or.. that other OS that you don't have to license per seat, and get in the solid 90+% uptime.

Re:Upgrade...

[TapeCutter]

"If your service depends on a single server, you're still doing it wrong."

666 666 -> Devilishly clever redundancy.

Here's An Idea ...

[WrongSizeGlass]

... I have several old P4 1.6Ghz w/ 256MB RAM & 100Mhz FSB in a store room at a client site. They originally shipped with Win 98 but they've since been upgraded to XP. The Secret Service can have them fro free if they just come and pick them up. I would have put them on Craig's List but I don't trust a web site where they let just anybody post things.

Re:Here's An Idea ...

it's an IBM mainframe. They can replace it with another (modern) IBM mainframe, no code change necessary. Posting anonymously, so you can believe it or not, but I do have a clue about the specifics. It's not a technical problem, it's not a financial problem, it's a bureaucratic problem. Government at it's finest.

Re:Here's An Idea ...

[mr_mischief]

Actually, as AC already pointed out, the idea that you'd need to rewrite anything is incorrect. One could for added speed, but the IBM mainframe line runs the code for every IBM mainframe for the last few decades without changes. There are reasons people buy them, you know.

fully operational doesn't mean what it sounds like

Mainframes of yore had a hell of a lot of moving parts: a large system might have dozens of tape drives and disk drives. Tape drives in particular broke down all the time and were taken offline until the maintenance guy came for his weekly or monthly visit and tightened the belts or whatever the hell they did. Knuth remarked on that situation in his magnum opus TAOCP vol 3 on sorting and searching. In the part about sorting with tape drives, he remarked that he'd never seen a large computer installation where all the tape drives were working. You'd have a computer with ten tape drives, two of them would be down pending repairs, and you'd use the other eight. In other words your computer was operational but not FULLY operational.

There is a similar situation in today's data centers. Even at the wimpy little shop I worked in last year (about 2000 computers) some were always down. We were doing pretty good if the number down at any moment was less than a few dozen. I don't think we ever had a single day of being fully operational (every single computer up at the same time). That was fine, it wasn't a requirement, it was a distributed system and the data and functions were all sufficiently replicated that we kept running, by design, even with parts of the system unavailable.

Color me skeptical

[belthize]

There's something about this whole thing that simply doesn't ring true. I believe parts, I believe they have a 1980's main frame, I believe it's not terribly reliable but something about the whole: leaked memo according to Joe Leiberman, we need more money, they won't give us more money' spiel sounds off. I suspect they have huge chunks of computing that's much newer and reliable, I'd be shocked if that IBM serves any significant purpose.

If nothing else I predict a large percentage of the umpteen million dollar final cost somehow going to Connecticut, but I'm probably just incredibly jaded.

Misleading photo

[Jeremy+Erwin]

The story uses a stock photo captioned "Obsolete mainframe super computers in [Computer History] museum". I don't think the Secret Service uses IBM 2401 magnetic tape units

Re:1980's mainframe?

[mikefocke]

Don't ever underestimate the difficulty of porting specialized applications

One Government agency I know of was informed with 5 years advance notice that their long time mainframe computer manufacturer would no longer be in the hardware business nor support the operating system. The Govt let a huge contract to port the applications. After several years, and millions spent in progress payments, that conversion attempt failed. So did several more. So after 10 years and about 4 attempts at conversions using some of the biggest software contract houses in the country they were still running on the original hardware and software and buying used equipment for backup. One of the few in the world.

It got done eventually I suppose.

Why, you ask, was it such a task to convert? Because they were attempting to replace something that had been custom built on top of and inside an operating system over perhaps 20 years. Distributed database and multiple geographic locations processing bits of the data using computers from multiple manufacturers communicating together long before the Internet (not that you could have put that kind of data on the net). So in order to convert, it took an understanding of how the whole thing worked and those that had that level of understanding had long since retired. It wasn't Cobol that was the problem but human limitations.

Re:Two Satans

[kitezh]

Can you convert that into a more familiar unit, like Library of Congresses?

You know the Library of Congresses is a pretty reliable machine. Does anybody know what its downtime is?

The downtime for the Library of Congress is 4:30 pm - 8:30 am, Monday - Friday, and all day Sunday. That translates into an uptime of about 28.6%. If you take the Secret Service 68% as uptime, then it would be 2.4 Library of Congresses.

Security by Venerability

[gmuslera]

At last a computer that can be safe even in a cyberwar, no modern hacker would be able to enter there, or at least, do anything dangerous. Even the Morris worm would scream and run facing that technology. Leave that multivac running enough time and will eventually make light.

Re:1980's mainframe?

[MichaelSmith]

The traffic signal system called SCATS was like that. It was hand assembled in PDP 11 machine code. There was business logic built into device drivers to get around executable image size issues. The people who wrote (more like built) it knew it inside out. They were just lucky to get it ported before those guys retired.

$187 million?

[RightSaidFred99]

They're claiming it will cost $187 million to replace. Bullshit. If the hardware is more than 15 years old, which it sounds like it is, it's impossible to conceive how they could spend more than $100k on hardware to replace it and still give 100x the performance and capacity. OK, let's splurge - spend 5 million on hardware.

These jackoffs would have us believe it's going to cost $180 million to replace some bullshit law enforcement database software that's 20 years old? Complete bullshit. Instead of the mythical $500 government hammer, now we've got the $180 million dollar software package that should cost

Sampling bias

[nten]

Doesn't this constitute a sampling bias? (from netcraft)

Why do you not report uptimes for Linux 2.6 or FreeBSD 6 ?

We only report uptimes for systems where the operating system's timer runs at 100Hz or less. Because the TCP code only uses the low 32 bits of the timer, if the timer runs at say 1000Hz, the value wraps around every 49.7 days (whereas at 100Hz it wraps after 497 days). As there are large numbers of systems which have a higher uptime than this, it is not possible to report accurate uptimes for these systems.

The Linux kernel switched to a higher internal timer rate at kernel version 2.5.26. Linux 2.4 used a rate of 100Hz. Linux 2.6 used a timer at 1000Hz (some architectures were using 1000Hz before this), until the default was changed back to 250Hz in May 2006. (An explanation of the HZ setting in Linux.)

FreeBSD versions 4 and 5 used a 100Hz timer, but FreeBSD 6 has moved to a customisable timer with a default setting of 1000Hz.

So unfortunately this means that we cannot give reliable uptime figures for many Linux and FreeBSD servers.

Re:1980's mainframe?

[MichaelSmith]

Ah. So you will just port all their data from their old proprietary database system to a new proprietary database. Piece of cake.

You would need a security clearance for starters. Then the software would have to be developed to US Federal/Military standards. Maybe that requires CMMI-5 these days. So there's certification of the development processes, auditing and QA.

I think we are talking 100E6 USD before any code is actually written.

"Curiously"?

[DesScorp]

"Curiously, upgrades to the Service's computers are being championed by Senator Joe Lieberman of Connecticut "

What's curious about that? It's not like the guy is a Luddite or something. The Secret Service, at the forefront of protecting POTUS, is a national security issue, and Lieberman is very involved in those issues. If the author threw that in because he doesn't like Lieberman's politics, then that's kind of lame. One would think that issues like keeping government IT systems up to date would transcend party politics.