[Info-vax] OpenVMS versus Windows/GE Telemetry Control Systems.

Tue Jan 15 13:46:39 EST 2013

On Jan 15, 5:57 pm, Simon Clubley <clubley at remove_me.eisner.decus.org-
Earth.UFP> wrote:
> On 2013-01-15, David Froble <da... at tsoft-inc.com> wrote:
>
>
>
> > As for the case of the original poster, the Alpha systems are running
> > today, and will continue to run until something breaks.  Given the
> > history of DEC hardware, it should normally be expected to run for a
> > long time yet.  Individual pieces can and do break, and then it's a
> > question of whether there is any recourse to fixing or replacing the
> > failed equipment.  In most cases, fixing or replacing is far less costly
> > than a migration of the system to something else.  In business decisions
> > should be based on a cost / benefit ratio.
>
> I wonder why people only consider hardware breaking instead of also
> considering software breaking.
>
> In this Internet connected world, software can break just as hard as
> hardware when a security exploit is discovered and can be a _lot_ harder
> to fix than a simple hardware failure.
>
> If you have a hardware failure, you can just replace your board or
> component and resume normal service. OTOH, if someone finds a protocol
> vulnerability or stack/server coding error in the software you are
> running, you are dead in the water until either you find a workaround
> or your code base is fixed either by you or your vendor.
>
> Current mainstream platforms may have issues, but you can have more
> confidence that either a workaround or fix will be available in short
> order for any active exploit that makes it into the public domain for
> those platforms.
>
> I've gone through several cycles of getting Internet related components
> fixed under VMS and the fixes took a lot longer than I would be comfortable
> with if the problem in question had been a active exploit.
>
> Simon.
>
> --
> Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
> Microsoft: Bringing you 1980s technology to a 21st century world

Maybe.

Stuxnet was quietly working its way around Window boxes for a long
while (maybe a year?) before it got serious attention. Ignorance is
not necessarily bliss. If folks haven't yet looked into Stuxnet or its
successors (eg Duqu), there's no time like the present, and the
Wikipedia article on Stuxnet isn't a bad start, although for further
reading I'd recommend Ralph Langner and maybe Symantec.