Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Windows Transportation IT

Southwest Airlines Avoids Crowdstrike Issues - Thanks to Windows 3.1? (digitaltrends.com) 118

Slashdot reader Thelasko shared Friday's article from Digital Trends: Nearly every flight in the U.S. is grounded right now following a CrowdStrike system update error that's affecting everything from travel to mobile ordering at Starbucks — but not Southwest Airlines flights. Southwest is still flying high, unaffected by the outage that's plaguing the world today, and that's apparently because it's using Windows 3.1.

Yes, Windows 3.1 — an operating system that is 32 years old. Southwest, along with UPS and FedEx, haven't had any issues with the CrowdStrike outage. In responses to CNN, Delta, American, Spirit, Frontier, United, and Allegiant all said they were having issues, but Southwest told the outlet that its operations are going off without a hitch. Some are attributing that to Windows 3.1. Major portions of Southwest's systems are reportedly built on Windows 95 and Windows 3.1...

UPDATE: Reached for comment, Southwest "would not confirm" that's it's using Windows 3.1, reports SFGate. But they did get this quote from an airline analyst:

âoeWe believe that Southwestâ(TM)s older technology kept it somewhat immune from the issues affecting other airlines today."
This discussion has been archived. No new comments can be posted.

Southwest Airlines Avoids Crowdstrike Issues - Thanks to Windows 3.1?

Comments Filter:
  • by bradley13 ( 1118935 ) on Saturday July 20, 2024 @12:43PM (#64640856) Homepage

    Seriously? I wonder what kind of hardware they run it on. And what their software looks like. Crazy.

    That said, it's good to know that at least a few companies do get off the update treadmill. If you protect and manage your critical infrastructure yourself, there is no reason to let X different companies continually install updates that you cannot realistically check.

    • This is why MS moved to patch Tuesdays. Updates are released on a known schedule to let IT test updates before deploying to production.

      • let IT test updates before deploying to production.

        ”Thus endeth thy lesson for you today, Sir Crowdstrike of Irony.” - King Testbench of Noshittsland

        • by taustin ( 171655 )

          The drawback to even that is that any change, including bug fixes, runs the risk of introducing new bugs. There is a measurable ratio to this (it's been studied quite a bit). As a program becomes bigger and more complicated, that ratio goes up, to the point where at a million lines of code each bug fix is likely to introduce more than one new bug. The larger the code base, more more new bugs are likely to be introduced with each fix. Good coding practices can certainly reduce that ratio, but perfection is i

    • Imagine the sheer amount of dust in those machines?
      Or maybe they just run them in VMs? I have a few windows xp VMs myself..

    • It is a mixed bag with legacy hardware and software. A few years back, Southwest suffered a major outage because their old systems (like Windows 3.1) were suspected to hit the16-bit integer limit one day.
      • Back in the day, Windows 3.1 used to regularly shit itself due to memory leaks. If you were particularly unlucky, it would crash in a way that corrupted system files and you'd need to do a reinstall. I'd imagine anyone actually trying to maintain it in 2024 would have to be really machoistic if they're running it on bare metal (and hardware that can run 3.1 has become increasingly scarce).

        Course, if they're running it in a VM, then they're not really running Windows 3.1 - they're really running whatever t

        • by Moryath ( 553296 )

          Windows 95 F-Disk, Format, Reinstall, doo darr, doo darr.... (to the tune of "Camptown Races.")

          Also, I think they just announced that all it takes to fuck Southwest over is one network intrusion and some guy with an old copy of Back Orifice... [f-secure.com]

        • by vbdasc ( 146051 ) on Saturday July 20, 2024 @01:44PM (#64641022)

          Memory leaks were mostly a problem for Windows 3.1 if it ran in the 80386 Enhanced mode, due mainly to insufficiently polished virtual memory manager (WIN386.EXE) and VXDs. In the "80286 Standard mode" Windows 3.1 tended to be much more stable. In fact, Win9x systems contained a minimal Windows 3.1 install, known as FAILSAFE.DRV than ran in Standard mode, and was used for critical tasks that couldn't be allowed to fail, such as the initial compression of the disk with DRVSPACE.

        • by narcc ( 412956 ) on Saturday July 20, 2024 @02:00PM (#64641062) Journal

          Back in the day, Windows 3.1 used to regularly shit itself due to memory leaks

          What on earth are you talking about? I've seen third-party software crash and take down the system, but I've never run across a memory leak. It's hard to image such a thing escaping notice, given how resource constrained machines of that era were. You could run Windows 3.1 with as little as 1mb of RAM, if you recall.

          A few years back, I had a 3.1 machine setup in a public computer lab as a novelty. It ran for something like 3 months without issue. We had WEP games and some productivity software installed for people to play with. This squares with my personal recollections using Windows 3.1 from ~1993 to 1996.

          While not Windows 3.1, from ~2000 to 2002 I maintained a rapidly aging pair of Windows 3.11 servers. The only downtime the first server had was during a failover test and an unusually long power outage.

          I'd imagine anyone actually trying to maintain it in 2024 would have to be really machoistic if they're running it on bare metal (and hardware that can run 3.1 has become increasingly scarce)

          Remember that Windows 3.1 ran on top of DOS. You can run Windows 3.1 on FreeDOS, which runs on modern hardware.

          • What on earth are you talking about? I've seen third-party software crash and take down the system, but I've never run across a memory leak. It's hard to image such a thing escaping notice, given how resource constrained machines of that era were. You could run Windows 3.1 with as little as 1mb of RAM, if you recall.

            I think you are confusing the hardware requirements of 3.1 back in the day compared to today's requirements and the quality of the memory management of Windows 3.1. I have seen many bluescreens of death on Windows 3.1. In fact the blue screen of death originated with Windows 3.1 as it was the black screen of death before then.

            A few years back, I had a 3.1 machine setup in a public computer lab as a novelty. It ran for something like 3 months without issue. We had WEP games and some productivity software installed for people to play with. This squares with my personal recollections using Windows 3.1 from ~1993 to 1996.

            Anecdotally, in a testing lab with a bunch of Windows 3.1 machines, at least one crashed every week in my experience. Since they were not mission critical it did not bring down the lab

            • I have no recollection of Windows 3.1 ever crashing with a "Blue Screen of Death", since Windows 3.1 ran on top of MSDOS. MSDOS didn't inherently have a BSOD. If a Windows App crashed, it would usually present with an UAE (Unexpected Application Error) dialog, which would usually just lock up the whole machine and require a reboot, or drop to DOS.

              It was Windows 95 that first introduced the BLUE SCREEN crash notification when something serious prevented the system from continuing to run.
          • by cusco ( 717999 )

            Yeah, my memory is that it was the apps that leaked memory like a sieve, and when we migrated from 3.11 to NT3.51 the same issue followed the same apps. Unfortunately Excel 4.something was one of the apps that leaked, probably through the print queue since closing the app didn't seem to clear it.

    • I wonder what kind of hardware they run it on

      Probably just modern hardware running virtual machines so that they have reliable hardware while staying compatible with older software.

    • That said, it's good to know that at least a few companies do get off the update treadmill.

      Yes if you run a system with the network capabilities of carrier pigeon you can get off the update treadmill. On the flip side if you run a system that is actually capable of connecting to a network then the "update treadmill" is part of security.

      We live in a world of zero day attacks. If you're afraid of a Crowdstrike (because it happened once) and therefore decide not to update your systems (bad actor attacks happen daily) then you have a serious risk management problem.

      • You're conflating Crowdstrike with good update practices. One does not presuppose the other.

        You're correct insofar as if you're running a system on a network, the update treadmill is unavoidable. That doesn't mean Crowdstrike needs to be a part of that. Crowdstrike just, starkly, proved itself to be a particularly nasty single point of failure. It's also obvious that their QA and release process is all screwed up. Crowdstrike is capable of differentiating between different environments, say a test environme

    • Being on a Windows version predating NT comes with a completely different set of risks.

      So I wouldn't call it smart.

      And now when it's known what they run then they are becoming a target.

    • We used to say âoeif itâ(TM)s not broken, donâ(TM)t fix it âoe
    • by AmiMoJo ( 196126 )

      You can buy brand new Windows 3.11 era hardware still. Head over to AliExpress or AliBaba and there are plenty of 8086 and up systems, aimed at running old software on real hardware. You can get 386 and 486 industrial computers.

      On the one hand it's probably very easily hackable if someone gets inside their network and tracks down some old exploits. On the other hand, no modern malware will work on a 16 bit only OS, and employees can't open Facebook on those systems.

      Also Windows 3.11 works reasonably well wi

    • by shanen ( 462549 )

      Pretty good FP, though I'm dubious of the "insightful" moderation. You're touching on insight, but I think you need to carry it farther. Yes, the computers are quite limited, but insofar as they are doing something straightforward, like reserving airplane seats, they are already way more powerful than they need to be and the newer and fancier technologies are mostly just adding new failure modes, not improving the essential functions.

      But I'm just checking the relatively active discussion in search of Funny.

  • Misleading (Score:5, Insightful)

    by battingly ( 5065477 ) on Saturday July 20, 2024 @12:47PM (#64640872)
    Unless Crowdstrike runs on Windows 3.1, which is highly unlikely, then the reason Southwest was unaffected was because they don't use Crowdstrike, not because they run an ancient version of Windows. By the way, it's called Crowdstrike, not Cloudstrike, so you might want to fix that title.
    • by sjames ( 1099 )

      Perhaps they should rename it ON-Strike. Certainly the machines running it are.

    • By the way, it's called Crowdstrike, not Cloudstrike, so you might want to fix that title.

      Considering the damage this incident has done to their reputation, they may actually want to rebrand.

    • Re:Misleading (Score:4, Interesting)

      by Bahbus ( 1180627 ) on Saturday July 20, 2024 @12:59PM (#64640920) Homepage

      This. It didn't matter what version of Windows you were running as long as you weren't a CrowdStrike customer.

      Otherwise, the fact that they're still on Window 3.1 makes my avoidance of Southwest all the easier. Their software has already been proven to be ass. Their planes are almost always disgusting unless you get a fresh one early in the morning.

      • Otherwise, the fact that they're still on Window 3.1 makes my avoidance of Southwest all the easier.

        I avoid Southwest because all the avionics in their planes runs on old TRS-80 Model I systems strapped under the dashboard with duck tape.

        (Although there is one advantage: These machines can't run MCAS.)

        • by Bahbus ( 1180627 )

          Eh, the changes to MCAS since then makes that mostly irrelevant.

        • Re:Misleading (Score:5, Interesting)

          by UnknowingFool ( 672806 ) on Saturday July 20, 2024 @02:54PM (#64641168)

          I avoid Southwest because all the avionics in their planes runs on old TRS-80 Model I systems strapped under the dashboard with duck tape.

          The avionics of the plane are dependent the age/model/certification of the plane. It is not like Southwest can just install a Ryzen 7900x with the latest avionics because they want to do that.

          (Although there is one advantage: These machines can't run MCAS.)

          That is factually untrue [wikipedia.org]: "When the grounding of all MAX aircraft was extended to the US on March 13, 2019, Southwest Airlines was significantly impacted as the largest operator of the MAX, with 34 grounded aircraft representing 4.5% of its fleet " Southwest was affected by the 737 groundings. Since 2019, Southwest still currently has the largest 737 MAX fleet of any airline.

          • I'm sorry, were you somehow under the impression that I was in any way being serious?

            • I'm sorry, was I supposed to read your mind as you gave no clues that you were being sarcastic.
              • My statement that they control airliners with TRS-80s didn't seem sarcastic to you? I thought that you were claiming to know something about avionics.

                • Someone not know anything about computers yet commenting about them has been normal on slashdot since the very beginning.
                  • by hawk ( 1151 )

                    but folks failing to recognize the sarcasm of "old TRS-80 Model I systems strapped under the dashboard with duck tape." is fortunately still uncommon . . .

                    I don't think you need to know much about computers to, even if you miss the 1970s model reference, that it wouldn't be held on by duct tape . . .

      • by Moryath ( 553296 )

        What we have here is a known problem, called the "Normal Accident Theory." [princeton.edu] As systems get more and more complex, eventually, something is going to come into conflict at some point.

        It's also "big news" because people are mad about the airline delays. But let's be honest, CrowdStrike's competitors can be far worse. McAfee causes wide-ranging Windows BSOD issues at least yearly, they just had one outbreak in January.

        • by micheas ( 231635 )
          Or you could come up with an architecture and defense strategy that doesn't involve using CrowdSrike nor their competitors.
          • by Moryath ( 553296 )

            Here's the thing though: any choice in this arena will almost certainly be in the zone of Normal Accident Theory. Most companies do not have their own fabrication teams, nor programming teams large enough to code entire operating systems plus all of the other software they might need.

            They're buying computer hardware, premade, from a major vendor.

            They're running a Windows version of some sort, or maybe some Unix/Linux variant. (Side note: Apple has basically given up even trying for the enterprise systems

            • by micheas ( 231635 )

              If they are using CrowdStrike they almost certainly have a seven figure or greater security expense.

              CrowdStrike is a "we have no clue what to do about what to do about ransomware let's buy something" mentality.

              If you are going to stop ransomware you need to rethink your recovery strategy. Immutable infrastructure is generally very resilient to ransomware as there can be a huge amount of read only disks which greatly resist encryption and allows you to delete and recreate much of your infrastructure reliabl

              • by Moryath ( 553296 )

                If they are using CrowdStrike they almost certainly have a seven figure or greater security expense.

                Thank you for confirming you have no fucking clue what you're talking about.

            • by cusco ( 717999 )

              Banks don't even bother to hire a web developer any more, it's all contracted to lowest-bidder in India. That's why a few years ago Chase customers could change the account number in the URL for their online banking web page and be in someone else's account.

            • >(. . . MacOS is a forked Unix variant so that Apple can barely-legally
              >steal FreeBSD and NetBSD's code, write their prettified front-end,
              >and never give any code back to the community.)

              Of course, that is utterly untrue.

              They *did* pump massive numbers of fixes back.

              On top of that, Darwin, it's resulting *BSD, is released under a free license.

              But don't let facts get in the way.

          • by EvilSS ( 557649 )

            Or you could come up with an architecture and defense strategy that doesn't involve using CrowdSrike nor their competitors.

            Good luck explaining that to your auditors, regulators, and cyber insurance company.

            • by micheas ( 231635 )

              Or you could come up with an architecture and defense strategy that doesn't involve using CrowdSrike nor their competitors.

              Good luck explaining that to your auditors, regulators, and cyber insurance company.

              I have been there.

              If you know what you are doing, It is just a couple of extra meetings before the auditors sign off on your alternative remediations. If you have no clue why you are doing what's on the checklist but just following the checklist then you won't be able to explain to your auditors why you have effective remediations for what they checklist is trying to accomplish.

              I say this as having been a security officer at a health tech company that held Anthem PHI without being HITRUST compliant and re

              • by Moryath ( 553296 )

                before the auditors sign off on your alternative remediations

                Please, do list these that are not "competitors of CrowdStrike." I dare you so we can all laugh at your dishonest ass.

        • by Bahbus ( 1180627 )

          I also don't necessarily want them to have complex, bleeding edge stuff either. There can be, and is, a good middle ground and Southwest isn't near it.

        • by cusco ( 717999 )

          McAfee once labeled the OnGuard.exe program a virus and destroyed the functioning of thousands of Lenel (the largest vendor of integrated security software/hardware) installations, including their own. Yep, they hadn't even tested the update file against their own network before releasing it. I started working in the physical security profession about a year later, and heard horror stories of electricians, cable pullers, even the salescritters, being pressed into service to restore the damn file on my emp

      • by cusco ( 717999 )

        Interestingly Russia is unaffected by the CrowdStrike issue, because of the sanctions CrowdStrike isn't operating in Russia at all. Yet another way the sanctions benefit Russia more than intended.

    • seems fair it poured on the clouds.
    • by Megane ( 129182 )
      I still think it should be Clownstrike.
  • 3.1? (Score:4, Insightful)

    by bill_mcgonigle ( 4333 ) * on Saturday July 20, 2024 @12:51PM (#64640886) Homepage Journal

    ```
    Microsoft introduced a new operating system called Windows 95, to replace its predecessor operating system Windows 3.1. The 95 in Windows 95 refers to the year of its introduction: 1995. By some accounts, major portions of Southwestâ(TM)s scheduling system for pilots and flight attendants is built on the Windows 95 platform.
    ```

    Is there a reliable source for the 3.1 claim other than this linked contradictory source?

    • by HiThere ( 15173 )

      Yes, but they must be running MSWindows95b. And IIRC even that version required an add-on to access the internet. (What was the name of that add-on? I forget.)
      But Windows95a crashed every month (well, every 49.7 days), so they're probably not using that.

      • by PPH ( 736903 )

        required an add-on to access the internet.required an add-on to access the internet.

        socks?

        At any rate, that may have been the source of their security. Everything you need to do your job is on your LAN. You don't need the Internet. So you can't have it. No Slashdot, eMail, Pornhub or Amazon on your work system

        But Windows95a crashed every month

        So, just turn it off every night and back on in the morning. Even some planes [theregister.com] need to be rebooted once in a while.

      • by Malc ( 1751 )

        Are you thinking of Trumpet Winsock?

  • by aglider ( 2435074 ) on Saturday July 20, 2024 @12:55PM (#64640904) Homepage

    I maybe have a better approach for all those enterprises. You can call me at 555-DEAD-BEEF

  • Clearly there are occasional advantages to being a technological backwater, but in the main this must just impede progress. OTH their crew scheduling system was a giant cock up last winter.
  • Comment removed based on user account deletion
    • Ironically enough they replaced the ATM at my last company with one running XP.

      Guessing it needed the extra capability to serve up all those ads and play commercials and do all that other shit no one asked an ATM to do. Ever.

      • by Moryath ( 553296 )

        More likely, the hardware in the old one finally failed, and isn't made any more, Win 3.1 doesn't have drivers for something in the "next generation" repurposed-old-hardware model, and the manufacturer chose to move forward a kernel or three rather than hire someone to try to code new drivers.

      • No one is a bit of a stretch. The c-suite execs almost certainly did ;-)

    • Back in the mid '00s, ATMs tended to use eComStation (an OS/2 derivative) and Windows XP Embedded was starting to be rolled out on the newer ones. I doubt they moved back to Windows 3.1, although there may be some ATMs that still use it.

      You're right that Windows 3.1 didn't include TCP/IP. Microsoft specified the WinSock API, but you needed to install a third-party implementation of it.

    • Back in that era, most UK ATMs ran OS/2.

    • by Bert64 ( 520050 )

      Very few (if any) ATMs run windows 3.1 or ever did...
      Older ones often ran OS/2, newer ones tend to run XP, 7 or 10. Most of the hardware in any ATM made in the last 20 years is attached via USB which win3.11 doesnt support.

      • by dwywit ( 1109409 )

        The first ATM I ever used - in the early 1980s - was a batch-mode machine with a display that was presented on a roll of some sort of flexible material - it might have been rubber or similar - spooled around two cores, and moved forwards and backwards. Think of 35mm chemical film, with a different image on each frame. It belonged to a credit union but was able to process cards from other organisations.

        You put your card in, poked a "start" button, and the roll was positioned at the frame that told you enter

    • by dwywit ( 1109409 )

      XP, or OS/2 (ecomstation)

  • ...Commodore 64 in a cave.

  • by iwulinux ( 655433 ) on Saturday July 20, 2024 @01:19PM (#64640950) Homepage

    I went two articles deep looking for the root-level citation. Here it is:
    "Some systems even look historic like they were designed on Windows 95."

    Read that again. "Look historic like." Not *are* Win95, or indeed Win3.1. Probably just VB6 applications with outdated controls.

    But nobody bothered to read two articles deep, and then somebody tweeted authoritatively that they were running Win3.1, and now it's a Known Fact. This shit pisses me off so much. Great example of how stories grow in the telling.

    • But the joke going around is that they run their whole airline on a single Commodore 64!
    • by EvilSS ( 557649 )
      I went down the same rabbit hole. It's like a game of telephone: the article quotes a tweet that misinterpreted a quote in an article that misinterpreted a quote in a different article.
  • I used to work for a business travel agency back in the 90's. We developed for their systems using Win31 and 95.

  • Only it's a lie (Score:5, Informative)

    by EvilSS ( 557649 ) on Saturday July 20, 2024 @01:29PM (#64640986)
    Southwest does not run their shit on Windows 3.1. The article is based on a tweet the author admitted was a joke. He later dug up a quote about SkySolver comparing it to running your systems on Windows 3.1 in this day and age and misunderstood what was being said, thinking his joke turned out to be true. SkySolver does not run on 3.1, it's just really fucking old. It's also the software that caused those recent Southwest network meltdowns. Remember those. So not sure anyone should be bragging on it no matter it's age.

    So congrats, you all bought it hook, line, and sinker.
    • Southwest does not run their shit on Windows 3.1.

      For one thing, there's no TCP/IP stack in Windows 3.1, so how would that otherwise even meet an airline's requirements?

      • by EvilSS ( 557649 )
        Trumpet Winsock of course! Seriously though, it's a hilarious chain of articles misquoting/misunderstanding references in other articles that will now live on as fact because people want it to be true. Which I guess is kind of the internet in a nutshell.
      • by segin ( 883667 )
        Windows for Workgroups 3.11 (which I'd imagine is included colloquially when one says "Windows 3.1") has the TCP/IP-32 stack available from Microsoft. This is the TCP stack which was further refined for direct inclusion with Windows 95.
      • by cusco ( 717999 )

        It's a two floppy disk ad-on to make your Win 3.1 install run TCP/IP.

  • ...that's known as failing upward. And only the oblivious are proud of it... which is a lot of them.
  • Just use handwritten tickets like what grandpa used to fly with. If it was good enough for taking a flight on Pan Am to Rio, it's good enough for you today.

  • Southwest Airlines Avoids Cloudstrike Issues

    So are they saying "Counter-terrorists win"?

  • Since Nazis could fly a spaceship from the backside of the moon with an iPad...

  • Out of curiosity yesterday, I read an article that showed what airlines had reported major problems due to the Crowdstrike issue. I noticed the following.
    American Airlines was largely impacted along with their hubs. No surprise there. They are the most incompetently run airline in the USA.
    United Airlines reported problems. So did their major hubs. Ugh. Was hoping for better here, but not completely surprised at this.
    Delta Airlines reported problems along with its major hubs. I honestly expected better from Delta here.
    All the big minor carriers reported problems except ...
    Southwest. Kind of shocked. I thought they did a recentish major IT upgrade and they probably didn't go Linux. Maybe their lack of problems was that their crap is still old as hell.
    Alaska Airlines didn't report any problems.
    Hawaiian Airlines, now a subsidiary of Alaska Airlines, also reported no problems. Maybe those 2 have good (Linux) tech.
  • One of the most insane things many enterprises do these days is not keeping a strong perimeter. "Zero Trust" by Google is a striking instance of that insanity. If you isolate things well, there is really no issue using older systems. But you really need to know hat you are doing.

  • by Eravnrekaree ( 467752 ) on Saturday July 20, 2024 @11:11PM (#64641816)

    Some airlines probably use something older, TPF, that dates back to 1979 running on Z system mainframes, and PARS, which is built on it. I imagine the bad crowdstrike thing probably impacted the terminals at airports that run Windows but interface to a mainframe

    • by bunyip ( 17018 )

      Yes, CrowdStrike would have affected Windows machines running as front-end terminals for any airline that has that. It may also affect a lot of the operational systems that often run on Windows (flight planning & dispatch, gate planning, etc)
      Southwest does not use TPF any more, they're hosted by Amadeus and they're completely off the mainframes these days. SWA's previous system was running TPF, it was originally based on a clone of Braniff's system years ago, but this system was shut down about 8-10 y

  • Trigger warning for any hardcore originalists
    The 1979 show was good but I really liked the new one better

  • Every major business should have a Business Recovery Plan, formerly called DR or Disaster Recovery. And a risk plan. The CEO's bonuses should all be cut for having single point of failure baked in, with no binding vendor compensation clauses. This proved most did not, and the vendor, perhaps believed in production testing. You may now consider having a warm failsafe site immune from vendor negligence. The skinny is that effort may cost something - unless the offline time was 'worth it' . As for running
  • Disappointed again. Another humor-rich target missed. (But I can't help. Stopped flying long ago, though I'm pretty sure I've flown on Southwest at some time in the past.)

"Pull the trigger and you're garbage." -- Lady Blue

Working...