Slashdot Mirror
US Military Uses 8-Inch Floppy Disks To Coordinate Nuclear Force Operations (cnbc.com)
An anonymous reader writes from a report via CNBC: A new report reveals the U.S. Defense Department is still using 8-inch floppy disks in a computer system that coordinates the operational functions of the nation's nuclear forces. The Defense Department's 1970s-era IBM Series/1 Computer and long-outdated floppy disks handle functions related to intercontinental ballistic missiles, nuclear bombers and tanker support aircraft, according to the new Governmental Accountability Office report. The report shows how outdated IT systems are being used to handle important functions related to the nation's taxpayers, federal prisoners and military veterans, as well as to the America's nuclear umbrella. "Federal legacy IT systems are becoming increasingly obsolete: Many use outdated software languages and hardware parts that are unsupported," the report found. "Agencies reported using several systems that have components that are, in some cases, at least 50 years old." From the report: "GAO pointed out that aging systems include the Treasury Department's 'individual master file,' which is the authoritative data source for individual taxpayers. It's used to assess taxes and generates refunds. That file 'is written in assembly language code -- a low-level computer code that is difficult to write and maintain -- and operates on an IBM mainframe,' the report said." The report also mentioned that several other departments, such as the departments of Treasury, Commerce, Health and Human Services and the Veterans' Administration, "reported using 1980s and 1990s Microsoft operating systems that stopped being supported by the vendor more than a decade ago."
I hope they don't click the red cross... or we are all fucked...
We really should applaud them. Imagine how hard it will be to figure out how to write code to hack this.
This kind of "back-end" software is EXACTLY the kind of thing that contractors DREAM of. Nobody knows how it works, and the general public never has to see it, so they can't complain about it being a piece-of-shit that they paid for.
It's just like the air traffic control system "upgrade" they've been working on for nearly 30 years. The contractors have ZERO incentive to ever provide a working product. Much better to keep in in development forever.
I'm not one of those "government can't do anything right" people, but this is one of those things that is just a tailor-made pork-barrel disaster. I see why they don't want to even bother trying.
They've been stable for decades. I'll take master files on floppy disks and programs written by people who cared over "eventually consistent" databases developed by "just good enough" monkeys any day.
putting the 'B' in LGBTQ+
I know it was fictional, but I just can't get WOPR out of my mind when reading this.
The "Civilized World" jumped the shark ca. 1973.
..Which is why they didn't notice the dupe from a month ago.
https://tech.slashdot.org/stor...
never drink kool-aid from a big vat
If I notice a quantity of 8" floppies dropped around a parking lot next to an inconspicuous government building, can I assume that some sort of Stuxnet cyber attack is under way?
Obviously, they urgently need to start a new procurement cycle. Then things can get royally screwed up
Security through obsolescence.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
I'd be curious to know how many of these seriously outdated systems are egregious piles of failure; and how many are utterly contrary to any fad of the week from the last three decades; but where done right the first time and actually compare pretty favorably to the results of (the so often horribly doomed) 'upgrade' efforts.
Some flavors of outdated are fairly clearly bad; if you can't get replacement hardware without raiding a museum or reverse engineering and cloning/emulating quirky 80s gear all by yourself, keeping your systems running is going to be unpleasant and expensive. If you have a system whose security depends on an OS or other 3rd party components that have exciting known vulnerabilities and haven't had vendor support even under a thrillingly expensive special extended contract with the vendor in a decade, you have a problem.
If you have a legacy system that is merely retro; but well built and supported by hardware you can still get without much trouble, you will certainly get your share of snide comments about its dreadfully antique design; but you are taking a real risk in trying to modernize it. Those sorts of 'upgrades' don't always fail; but agonizing, wildly expensive, upgrade attempts that languish in development so long that the upgrade is obsolete before you've finished deploying it are hardly uncommon.
Sure, in an ideal world, we'd all get to implement from scratch with all the benefits of hindsight and absolutely no accrued technical debt; but we don't live in an ideal world. How many of these systems are old as in broken; and how many are old as in classic?
The government doesn't want anything in general release in these situations. A large old floppy isn't readable or writable by the average Windows computer. This creates "security by obscurity" that makes it harder for a non-authorized command to be run. We don't want some kid playing Thermo-Nuclear War.
The military using special technology is a good thing from a security perspective. It is not supposed to run on Commodity hardware and software, because if anyone can work on it everyone potentially has access.
Stop playing the narrow minded "cheap is good" game and consider other reasoning. Longevity is a good thing, not a bad thing. Specialized knowledge in security is a good thing, not a bad thing. It's only government waste because you are only considering a very minor aspect.
By the way, if they were using "new tech" it would not last for half a damn century. It would have been stuffed in the trash every couple years, like we do with the majority of our servers today who have an average lifespan of less than a year before the first malfunction causing a hard stop.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Obligatory War Games reference.
The systems were designed in the 70s and have had minimal upgrades since then. Honestly I'm not even convinced we could actually prosecute a complete nuclear war at this point. The other problem is that designing a new system would cost tens of billions of dollars due to the inevitable cost overruns and waste from the Military-Industrial Complex.
We should produce upgraded command and control systems, but we should also have fixed price contracts to keep things in line.
My daughter found a very dusty 8 inch floppy that must've been at least twelve years old. It had a game on it that I'd bought as shareware in the early days of the Internet. She found an old floppy drive in my spare parts bucket and hooked it up - the game actually worked and was a pretty good RPG for it's day (it was called Lumpies of Lotus), so she wrote a review of the game in an online forum and received an nice "Thank You" from the author.
So there's a chance that the guys watching over the US nuclear arsenal are sitting there playing Lumpies while they wait for the pre-emptive strike.
Can you still get a maintenance contract on a Series 1 computer? How expensive would that be???
It's called hiring all the people in the world who know how it works and giving them a safe job until retirement, followed by nice contract jobs every few weeks once you're into retirement.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Finding parts on eBay for that.
The best possible outcome for humanity would be that the launch systems for nuclear arsenals don't actually work. The United States currently has a strategic nuclear stockpile of approximately 547 Mt. Detonating those warheads in our atmosphere would simply end civilization, with no winners and no future. Well, unless you're an ambitious young cockroach with your eyes set on world domination.
Nuclear stockpiles are as sensible as boarding a jetliner with an M2 flamethrower, just in case there happens to be a terrorist on board who needs to be subdued.
There's probably more rationale here than many realize.
I'd doubt it. More like,
If it ain't broke, don't fix it.
Wasn't this stuff covered on a 60 Minutes report in the past year or so?
Another example being some sort of special tool (a wrench?) being FedEx-ed between sites because some broke and they didn't have extras?
There is something to be said about using ancient tech when it works well. Extremely few people out there able to exploit it. As long as it does the job it needs to do reliably, why go ape $*&^ and start trying to spend time and money running it all on new, vulnerability riddles OS's and networked programs. I think any of us in the IT world have seen the latest and greatest ruin a good, smooth process permanently.
The huge consideration here being that the old tech is indeed reliable, efficient, and functional.
It amazes me that our so called analysts then laugh at Russia for what they sometimes called its "rustbucket military hardware."
That was until [in Syria], it delivered a shock to us us in the west, with its successive wins on the battlefield, despite having less hardware compared to the west's.
I worked at a bank that had several mainframes IPL-ing from 8" floppies - I left the bank at the end of the 90's - at that point, the system has been operational for more than a decade. As far as I know, not a single floppy has ever failed during the years I've been there, or before my tenure.
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
This is what happens when your country has a negligible military budget. Oh wait. So where IS the money going if none of it is going to upgrading existing hardware?
Seven puppies were harmed during the making of this post.
but can it end civilization?
As a potential lottery winner, I totally support tax cuts for the wealthy
Sounds to me like tax-payer dollars well-spent on equipment that keeps on giving.
Maybe your typical gamer has to upgrade every coupla years because the latest Doom doesn't run well on a 4-year old GeForce. Maybe Macy's needs to upgrade their mainframes because they have way more inventory to deal with and want to offer more sales online. And maybe we all need to upgrade off Windows XP (looking at you, banks, with your hackable ATM's) because it was a lousy, full-of-security-holes platform in the first place.
But as Microsoft tries to force me off my perfectly workable Windows 7 for no damn reason, I wonder why a machine bought by a government department, that does the job and does it really well, needs to be upgraded or swapped out for something new that may or may not work because of something non-related to whether the damned thing does the job and does it really well. Replacing such a system is not easy, particularly when there are consultants circling overhead, hungry for a fat government contract so they can build a complete clusterfuck out of overpriced commodity hardware that does nothing approaching what the old system did. And needs to be upgraded all over again in 2-3 years.
Yes, on the one hand, holy shit! those are old floppy drives. On the other hand, holy shit! they still work and do the job after all these years. Why have we grown so accustomed to throwing shit out every coupla years? Seems to me, government (state and federal) is one of those areas where shit oughta stay the same for a while so people can focus on getting the job done, rather than re-learning and re-tooling every few years just because some software vendor wants to sell another release of something.
Take it easy, Charlie, I've got an Angle...
Here's the actual Government Accounting Office report, if you want to read it instead of a Slashdot story about a news story about the report.
"US Military Uses Unhackable, Proven Technology to Coordinate Nuclear Forces"
The other examples given are more worrisome, though. Ancient versions of Windows are ridiculously hackable and proven to be unreliable.
That's the major problem though. It's not that it is a bad thing, precisely, to have a system that works for 50 years. The problem is that logistics and support is horrendously complicated.
Probably the only way that this is still even partially maintainable is because the government is single-handedly propping up production of 8-inch floppies, which probably now cost something like $20,000 a piece. Not only because they are low production runs, but because on top that, they probably have to be built to a particular government standard that no one has updated since 1970 to make them able to be trusted for controlling nuclear weapons while also being handled by barely trained 18 year olds.
nt
Still, apart from having to source 8" floppies, it must occupy time realigning drives. I'm assuming there's a lot of 8" drives sitting in closets to be cannibalized.
The world's burning. Moped Jesus spotted on I50. Details at 11.
At least they were smart enough to disable automatic upgrade to Windows 10.
Somebody doesn't know their culture.
When all you have is a hammer, every problem starts to look like a thumb.
It's just like the air traffic control system "upgrade" they've been working on for nearly 30 years. The contractors have ZERO incentive to ever provide a working product. Much better to keep in in development forever.
Next Generation Air Transportation System started initial planning in 2003 (nowhere close to 30 years ago), and the actual implimentation started some time later. It was always planned to be a slow rollout, in part because aircraft would have to be fitted with new equipment, and airlines did want to rush to do that.
Moreover, many parts of the system are already working. For example, see the section in the linked article on noise pollution. The system is efficient in that it can pack more planes in a given amount of airspace and can better make the planes follow the same route. If you live under the flightpath that kind of sucks, since the system being efficient means more noise above your head. The increase in noise pollution complains is a signal that the system is working!
There are many examples of the problem you mentioned, but this isn't really one of them. This is the system working basically as intended: slow but steady progress to update multiple intertwined, critical systems that can't reasonably be replaced all at once.
That file 'is written in assembly language code -- a low-level computer code that is difficult to write and maintain
Maybe I'm getting old, but did assembly really need to be explained?
And what exactly is wrong with that?
New shiny stuff is much scarier...
I have a box of 2500 unpunched, punch cards that I can donate to the government if they run short.
I'm a little concerned that the system still uses 8" floppies. I'm much more concerned it uses 90's era (or even contemporary) Microsoft products.
They probably don't even need to replace them. 5.25" floppy disks for an Atari 800 still work after 30 years.
They can last awhile, but if they haven't been recently producing them, these have probably been stockpiled for 20-40 odd years. The disk media may well last that long, but the mechanical drives have a way of becoming misaligned and destroying the media over time. It's unlikely that in 40 years this has not happened at least a few times. It's one thing to pop a disk in that you've only intermittently used into a drive after 30 years, another entirely to have it either being in that drive all the time, or being inserted and removed repeatedly. You're going to have failures and they're going to need to be replaced every so often. Perhaps they have a large enough stockpile of them, but it would make me pretty nervous to have to rely on them lasting.
But, let's face it, its the government itself who did the study and wants to replace them. They have done the work to determine why they can't be using these forever. I don't even really need to speculate.
in the end it will be much cheaper to put together a little arduino device with some custom hardware that connects as if it were one of those drives and reads and writes "DISK00.IMG" on the inserted (micro)SD card.
Snowden and Manning are heroes.
The programs written for the weapons are the only item run on the computers for a reason. The code is trusted and audited which is way more important than new and flashy. Changing or updating the underlying OS or code requires a new audit and verification.
The calculations can be done longhand for verification.
Read the rainbow series for more info if they are still in existence.
...when they tell about their weird and bizarre conspiracy theories. The brains have been infected by Hollywood.
As this article points out, there's still a good chunk of tech that hasn't been changed for decades even in critical systems. There's no super 'leet next age UI. There's a monochrome monitor with a prompt that says "feed-the-badger>" with a tape drive and an 8" floppy.
If ain't broke and has 1200 pages of mimeographed documentation then it's still good.
~X~
no it's not
http://www.ebay.com/bhp/8-flop...
4wdloop
It makes more sense to just maintain the existing dinosaur equipment until we can throw it away completely.
++insightful
My ism, it's full of beliefs.
I still have a few 8 inch disks lying around, some with data on that I programmed in 1980/81 or so. Maybe the DOD is in the market?
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
This is much more common than one would think - I have worked in two major institutions where they used very early computers. One was the GIER - a Danish built, 2nd generation computer with no OS. We would in essence boot with the program we wanted to run from a paper tape - like the Algol compiler, which would compile a program that we'd then boot up afterwards. The main problem was that the capacitors tended to dry out every 5 - 10 years. Things have changed since then :-)
Stuff of that era, size and expense was designed to be serviced. I'll bet the drives do fail, but I also bet they have tech who can service them. The throwaway culture, especially for mainframe kit wasn't such a big thing then.
SJW n. One who posts facts.
Eight-inch floppies were pictured in use about two years ago... skip to 2m 50s
https://www.youtube.com/watch?...
the mechanical drives have a way of becoming misaligned and destroying the media over time.
With proper care that is a very long time. When I worked at the phone company ~'88 they were using 8" floppies for batch data entry and some of these had been in use for 10 years! In fact I was the one who forcibly retired these disks and put in place a regimen of regular head cleaning, and it was a hard sell because the operator didn't like to change things that "worked". I had to show her a scored disk (which still worked) beside a new one to convince her. Think of an 8" floppy as a mag-strip a hundred feet long, and the large floppy medium as the densest compaction of media up to that time. Compared to the tiny signal one achieves from magnetic tape the magnetic data was literally SCREAMED onto these disks. The signal was high current, the pulses properly shaped and there was PLENTY of s/n ratio. With proper spares 8" floppy is STILL viable as a storage medium for small amounts of data. Far superior to any mag-strip solution. And there is no sudden catastrophic failure mode as there is with a flash device, if you sensibly encode multiple copies on disc with checksums it is robust,
Signed, PC tech who used to realign floppy drives with a 'scope and cats-eye pattern disk.
<blink>down the rabbit hole</blink>
And these systems must be pretty reliable, they don't make them like they used to.
Nope, you can get them on ebay for under $10, and you can get a 8" floppy controller for under $50.
Like a millennial driving a stick shift car.
* Carthago Delenda Est *
The report shows how outdated IT systems are being used to handle important functions related to the nation's taxpayers, federal prisoners and military veterans, as well as to the America's nuclear umbrella.
Sorry, "Outdated" is an improper way of describing implementations of custom systems using technology.
The terminology used is biased in favor of upgrades which might not be necessary and might not be significantly beneficial.
"They're still running DOS 5.0 or Xenix with COBOL-Based software," Is not in itself a good reason to replace proven working long-standing systems with shiny boxes running a brand new C# application coded by the lowest bidder that runs on Windows 10.
Unless there is a fundamental change to the working environment that makes an upgrade necessary or beneficial, Or if underlying code is no longer available to audit and update to resolve bugs or security issues, then it's not worth the risk to make a change.
As a former Air Force 49172 (that would be what was once called Informations Systems Programmer) I learned programming on a Honeywell 6060S at Keisler AFB, MS. Magnetic Core & Punch Cards. w00t! Watch out for the Octal Monster (you had to live that)
There is nothing wrong with assembler, it just takes discipline and a good understanding of dump analysis. When I was doing it on a daily basis it didn't feel any different reading a dump in hex vs. looking at the source code. IBM 370 assembler is very straight forward when it comes to instruction length and their references. I had a pocket tri-fold chart of the instructions and their representations, that chart along with a pencil and couple highlighters could easily make sense of the most obscure code.
Sunny, Bright, and Nostalgic here by the Beach
You'll see things here that look odd, even antiquated to modern eyes, like phones with cords, awkward manual valves, computers that, well, barely deserve the name. It was all designed to operate against an enemy who could infiltrate and disrupt even the most basic computer systems. Galactica is a reminder of a time when we were so frightened by our enemies that we literally looked backward for protection...
Show me on the 1st Amendment bobblehead where the moderator touched you...
Hmmmm, sounds familiar...
Show me on the 1st Amendment bobblehead where the moderator touched you...
Security through obsolescence.
It is not obsolete if it works and can still be maintained. I don't quite see what the problem is. Unless we are facing a serious shortage of 8" floppies, or we are seeing r/w failures so often that they compromise the systems' functions, then nothing is broken and nothing needs fixing.
Changing this setup will most likely involve rewriting critical software. We can barely try to rewrite a website without triggering a bug zombie apocalypse, I seriously would not want a critical system to be rewritten, upgraded or modified unless absolutely necessary.
There's probably more rationale here than many realize.
I'd doubt it. More like,
If it ain't broke, don't fix it.
That's all the rationale (and wisdom) you need in most cases.
I don't want to worry you but take a look at Last Week Tonight with John Oliver: Nuclear Weapons (HBO) on https://www.youtube.com/watch?...
Let's connect our nuclear arsenal to the Internet, what could possibly go wrong?!
Nice to see we have some Real Men at the Treasury - none of these mamby-pamby programming languages for them. No - Real Men write in machine code (falling back to assembler for more object oriented stuff)!
Its not just air gapping. Air gapping is a fail when an infected usb dongle or other device that can contain hacked firmware is attached to a "secure" system.
My understanding is that there is still a US based manufacturer of 8" (and other sizes) of floppies. And doubt there would be any issue in having a DoD approved contract to periodically manufacture a bunch of new drives.
What happens when that sole support person goes away? I am sure that person is pretty old by now!
Self-importance and self-indulgence is the root of ALL evil.
They probably have complete schematics for the whole system so they can perform maintenance themselves.
I hope at least they are using a Persci voice coil drive and not an old stepper motor drive! When your launching nuclear weapons access time could matter!! :-)
Ten years ago, I was wandering around the building where I worked and came across an Eclipse still in use. I'd read about this computer when I was a little kid and it's always held a important place in my life. They're occasionally sold on ebay, maybe someday I'll by one.
The standard 3740 diskette held 241kiB of data and was very slow. We've come a long way since then.
IF (a big "IF") the systems were robustly designed in the first case (see previous mention of "big IF") , then an ICBM, relying on gravity (not proved to change, on decadal time-scales) and magnetic field (for orientation), Then BigFuckingDeal if they install updates via a "Stone Slab Reader" Unless there is a change in destruction-radius of the warheads, so what? If I have a "fucks everything up" warhead with an effective footprint 30km in radius, sub-millimetre landing is not relevant. These are weapons of Mass Destruction. Precision is not necessary, and may be counterproductive.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
The main impediment to the strategic force upgrade is a process called "nuclear surety". It's what you think it is: a very comprehensive testing process to ensure that the system can't be accidentally triggered (missiles launched.) Surety is as comprehensive as it can be conceived, which means that no process is ever perfect, but this one has a lot of history behind it such that the probability of an accidental or forced launch is very, very low.
Surety costs significant money, about 65-80% of the cost of upgrading the system. Add to that the general cautiousness of changing the system in any way, and you get the "Holy Cow! You're still using 1960's technology?"