
Boeing 747s receive software updates over floppy disks - sleepyshift
https://www.theregister.com/2020/08/10/boeing_747_floppy_drive_updates_walkthrough/
======
ir77
i'm surprised that people are surprised by this.

i work for aerospace, and this is fairly typical -- albeit not floppy disk
examples, but we keep a bunch of old laptops running win 7 and other examples
around, hound around for them and spare parts. these machines are off the
network, etc.

these systems were developed 20+ years ago and per contract the a manufacture
is obligated to maintain them for the service life, so unless these are
obsoleted these are to last 20-30+ years.

the costs associated of porting all tools from win 7 to a newer system and re-
verifying 50K+ test cases to do a similarity analysis run into astronomical in
terms of $ and months (years) of work. no one really wants to poke that bear
so you have situations like these.

~~~
hindsightbias
It is interesting that people don't think on these scales. What percentage of
the HN crowd has developed something that has had (or will have) a 10, 20 or
40 year life span?

Because I've seen a bit of that and it's what makes the world go round.
There's certainly a lot of bad/crazy stuff out there but wonder if the
ephemeral fashions of today will stand the tests of time.

~~~
arethuza
I have built applications that have been around for 10 to 15 years.

The only thing that would have been good is to know in advance which ones will
last that long - one was a temporary proof of concept!

~~~
virtue3
The jerks always say that it will be 'temporary' and we can redo it later. HAH

~~~
HeyLaughingBoy
This is why at my last job we had a rule that said prototypes could not be
shipped as production software. It _had_ to be either completely rewritten, or
at least completely code reviewed and the "bad" parts rewritten.

~~~
sterlind
I approach this by writing exploratory prototypes with good modular
boundaries, but stub/hacky implementations. Keeping it simple lets me throw
modules away as I refactor, until everything's been rewritten and then I ship
it.

~~~
HeyLaughingBoy
Sure, and that works great for a _personal_ approach to _code_. But when your
lifecycle from requirements through release needs to be validated, something
more scalable is required. Sometimes that scalable thing is "anyone shipping
prototype code will be fired."

------
mtbnut
I worked in HAWK missiles in the Marine Corps for many years. This doesn’t
surprise me one bit. In 1994, Block II launchers were still effectively using
vacuum tubes. In fact, I still recall the one that faulted the most, from its
label in the FM: relay K-9! Ninety-percent of launcher issues were attributed
to that old relic of a tube.

Then, in 1995, Raytheon came out with Block III updates, which replaced the
entire trunk filled with hardware (about as crowded as a standard engine bay
of a modern car) with about 3 PC graphics cards-sized modules, each with an
NSN price tag of $170,000 per (don’t worry, you’re paying for the IP, not the
physical cards themselves, which iirc were MIL-spec versions of your standed
PCI card from back then).

Made my job as a tech so easy, since the launchers never really broke down
much after that, save for a hydraulic leak or two out in Dugway or White Sands
during a shoot or Red Flag exercises at Nellis AFB. Didn’t see aliens out
there but quite a lot of Soviet gear, which we acquired shortly after the
USSR’s downfall. MiGs are really cool and reliable, though pilot/user
comfort/convenience was not on their MVP list.

~~~
echelon
> each with an NSN price tag of $170,000 per

This is why we don't have decent public health care. That's obscene.

~~~
crispyporkbites
not really - how many software and hardware engineers do you think you need
for this? probably minimum 10, maybe 20-30 realistically. At SV salaries (you
need the best engineers, right?) that's $9m USD/annum.

You need to ship at least 50 of these devices to break even. To get a proper
margin and cover all the other costs (manufacturing, sales, marketing,
compliance, accounting, yada), you're probably going to need to create and
sell a couple hundred, every year.

~~~
snypher
They produced approx 40,000 between '59 and '94, so around 1,000 a year. So I
would assume they broke even.

~~~
ChrisLomont
That's not the device in question.

------
reaperducer
Did it work? Yes.

Was it secure? Yes.

So, what's the problem? Updating 30-year-old gear with media from its era
seems to make sense.

If they were really wedded to digital media and needed to bridge that gap,
Sony used to make a floppy disk that you could jam a memory stick into and it
would read in a normal 3½ inch floppy drive. Very cool gadget.

~~~
alfalfasprout
Frankly, provided you have error checking logic and don't store them next to a
magnet... floppy disks are pretty damn bulletproof. I've had _way_ more issues
per-use reading a thumb drive or a CD/DVD-ROM than I ever did reading floppy
disks.

~~~
gspr
Really? I'm not doubting you, but I'm surprised. I only used them up until I
was maybe 10 or 12 years old, but I still vividly remember often having to go
through a couple of floppies from my drawer to find one that was working. And
yelling at my little brother for putting a bad one back in the drawer.

Are they really that robust? Was I just storing them stupidly maybe? Or maybe
it was because all the ones we had were used ones from work.

~~~
MrDOS
I have similar memories from around the time when USB sticks started gaining
popularity. I think floppy disk manufacturers started slacking off on QA
through the last few years of large-scale manufacturing. They certainly didn't
used to be that bad.

~~~
rleigh
The final years of 3.5" floppy manufacture were bad. I think the quality was
tailing off from the mid nineties. But it could equally be poor quality of the
drive manufacture as well.

Certainly 5.25" floppies from the late 80s and early 90s were nearly
bulletproof in my experience. 1.2MB was a bit flakier than the 360KB though.
All were still perfectly readable 20 years later, though at this point they
all got thrown in the bin due to their obsolescence!

------
zdw
While this probably wouldn't pass muster with whoever certifies the 747's
avionics, over in the retrocomputing world the solution to "It only uses
floppies" has been the cheap Gotek floppy emulators that read from a USB stick
running this free firmware:
[https://github.com/keirf/FlashFloppy](https://github.com/keirf/FlashFloppy)

It has a great number of hardware mods that give it a display and a rotary
encoder for better disk selection:
[https://github.com/keirf/FlashFloppy/wiki/Hardware-
Mods](https://github.com/keirf/FlashFloppy/wiki/Hardware-Mods)

~~~
S_A_P
Agreed. Not for avionics, but I cannot overstate how much of an improvement
the Gotek/Lotharek/various other Floppy Disk/scsi to SD solutions are over
finding NOS/still working storage media from that era. Ive a couple of old
samplers from Emu and Ensoniq that I can continue using and not worrying (as
much) about data loss and storage.

------
code4tee
Not surprising at all, and not really a problem either provided it works.

More modern aircraft use things like USB sticks but often with old file
formats and they can’t use a stick bigger than 2GB (actually hard to find if
you want to buy one). Aviation engineering vastly prefers “old but works” over
“new and fancy” and this article is just one detailed example of that.

~~~
tomashubelbauer
I get why prefer old but works over new and fancy, but what about new and
works? They could trial new technology for five or ten years in parallel with
the old before switching gaining both the stability of old and proven and the
future-proof-ness of "new and we think it will stick but it might not". The
reason why it isn't done this way is probably cost, but at what point will the
difficulty of sourcing the old tech and people who know how to use it become
the more expensive option?

~~~
vorpalhex
You can still buy new, still shrinkwrapped, recent production floppy disks and
new drives. I'd imagine if you're supplying parts for these, a warehouse with
a stack of known-to-work floppy disk drives isn't much of an expense and
certainly not difficult.

Even if it became a problem, you reasonably have the margins to ask a
manufacturer to setup an assembly line and run a new batch just for you - the
only downside is that you're likely spending a lot of warehouse space to house
the new parts.

~~~
Wowfunhappy
I remember reading a news story ~4 (or more?) years ago that the last
manufacturer of floppy disks stopped making them. I’m not surprised to learn
there’s still plenty in circulation, but I’m a little confused by “recent
production”, unless my memory is just wrong...

------
inetsee
At one point in my career, I was working on maintenance software for the US
Air Force's C-130 Cargo plane. Floppies weren't used to update the flight
software (the Mission Computers didn't have floppy drives). A ruggedized
portable computer was used to load the Mission Computer software over a wire
connection. The software doing the loading was held to the same MIL-Spec
standards as the flight software itself, and we spent a lot of time convincing
the reviewers that the checksums used to verify the integrity of the load were
sufficient to the task.

If the software doing the load is performing its integrity checks to a
sufficiently high standard, then I don't see why using a 3.5" floppy disk
would be a problem.

------
Animats
So? There's nothing wrong with diskettes as a medium. They're not used much
any more, but they work OK.

F-16s still use PCMCIA cards to load combat flight plans. Obsolete, but small
and reliable. Also big enough to handle on a flight line while wearing gloves.
An SD card would be too small. A USB stick might accidentally get plugged into
something it shouldn't be plugged into.

~~~
outworlder
> but small and reliable.

PCMCIA cards may be. Floppy disks are not reliable at all. But I assume there
will be safeguards in place.

------
cpgxiii
Note that the article covers the 747-400, which first flew in 1988. Using 3.5"
floppies for updates made sense then, and aircraft avionics tend not to be
updated unless absolutely necessary.

------
rwmj
The Panavia Tornado fighter jet famously used cassette tapes for mission data.
I guess aircraft are a product of their time and because of stringent safety
requirements why try to update something if it works fine?

~~~
stuff4ben
Yep, same for the F-14...

"...Then there was the computing power on the aircraft—or lack thereof. It was
a Commodore 64 with wings on it ...For example: the mission computer loaded
off of magnetic tape.

That magnetic-tape computer had so little memory that its crew had to switch
programs depending on what the jet was doing at the moment—the RIO would hit a
switch to bring up the bombing program, and then after the bomb-dropping
ended, they’d reload the air-to-air program"

[https://nationalinterest.org/blog/buzz/navy-
deathmatch-f-14-...](https://nationalinterest.org/blog/buzz/navy-
deathmatch-f-14-tomcat-vs-fa-18-super-hornet-who-wins-74651)

~~~
temac
The F14 actually had a neat processor, with an architecture which remained
classified for a long time (arguably far too long at the end, but it was
plainly justified at the beginning)

It was very old so, yes, I'm sure it had plenty of limitation though.

------
dis-sys
US nuclear weapons relied on 8 inch floppy disks until 2019.

[https://www.nytimes.com/2019/10/24/us/nuclear-weapons-
floppy...](https://www.nytimes.com/2019/10/24/us/nuclear-weapons-floppy-
disks.html)

~~~
grishka
> The Air Force completed a replacement of the aging SACCS floppy drives with
> a highly secure solid-state digital storage solution in June

So probably an SD card adapter.

------
notacoward
The headline is misleading. According to the story text, the floppy is used to
load a new _navigation database_ , which is important to be sure but not a
critical software update.

~~~
WJW
Navigation is not critical? It seems like a pretty dangerous turn of events to
try a low-visibility landing based on outdated navigation data.

~~~
notacoward
Navigation data is _important_ , which is why it's required to be refreshed
within 28 days (this was a big worry during the recent Garmin outage BTW), but
whether it's _critical_ depends on often domain-specific definitions. AFAIK it
doesn't meet that standard by either software or aviation standards. Also,
it's definitely not software, so "critical software updates" is still
incorrect.

~~~
alfalfasprout
On an airliner that can land in cat III approaches (ultra low visibility down
below 100') then this data is _critical_ since it's used in automated systems
to help land the plane.

------
raxxorrax
And I feared they would use 5¼" floppies, those were terribly unreliable.

~~~
dhosek
When 3.5" floppies (stiffies) were introduced, the big selling points were
that (a) they could fit in a shirt pocket and (2) you could toss them across
the room and they'd still work.

At my first job, I kept a 5¼" floppy with "only copy of important data"
written on the label hanging off my filing cabinet with a magnet.

~~~
raxxorrax
They were before my time, but I had an old drive I "examined" (destroyed) as a
kid. It was unclear to me how such a large thing could hold so little memory.

~~~
dhosek
Your younger self would have been fascinated by these:
[https://www.ibm.com/ibm/history/exhibits/storage/storage_335...](https://www.ibm.com/ibm/history/exhibits/storage/storage_3350.html)

------
dekhn
When I worked for a major pharma company in the mid-to-late 2000s, their
entire security system (IE, the door badge ACLs) was run on an old vaxstation
that had its own full rack. It worked, they said.

~~~
folmar
Polish railway operator had last of their 1970's ICT-1900 clone decommissioned
in 2010.

------
JoblessWonder
I work on aircraft that up until last year received updates via _ZIP DISK_. Do
you know how hard it is to find a working ZIP disk and/or ZIP drive?

Luckily we convinced the owner to update their avionics and now it uses...
CDs? DVDs? A laptop? I honestly don't know. Something that isn't ZIP disks. We
also have aircraft that need floppy disks.

------
lizknope
The article said the floppy drive is kept behind a locked panel. The article
doesn't mention if the updates fit on a single floppy or a stack of 20
floppies. I don't see a fundamental problem as long as the data has checksums
to make sure that it transferred successfully. I used to get tons of errors on
floppy disks transferring data back in the 90's using Sun workstations and
PCs. I started making my own checksums to make sure my transfers were correct.

~~~
notjustanymike
> a stack of 20 floppies

Well now I'm having flashbacks of installing "Strike Commander".

~~~
hinkley
I got so much exercise trying to install Slackware from >20 floppies. Disk 5
has read errors. _go copy another, start over from disk 1_. Disk 8 has a read
error.

(By the time I was done I didn't have enough disks, so I had to go to the lab
in the middle)

~~~
lizknope
I installed Slackware 2.1 with kernel 1.1.59 in the fall of 1994.

I only had about 15 floppies between me and my roommate. I remember getting
the "a" series of disks and then the "d" series for development and so on. I
had to run back and forth to the computer lab about 5 times over the weekend.

------
dehrmann
The bigger story in the article is how little security review the software on
these planes get

> "Aircraft themselves are really expensive beasts, you know," said Lomas as
> he filmed inside the big Boeing. "Even if you had all the will in the world,
> airlines and manufacturers won't just let you pentest an aircraft because
> [they] don't know what state you're going to leave it in."

~~~
hinkley
The physical floppies use the same chain of custody that any other part of the
system use. Every floppy has essentially been signed off dozens of times
before it ever sees the insides of an airplane, and there is nowhere between
the manufacturer and a flying plane where there isn't a person who is
officially in charge of it.

From what I understood, there is (was) a real danger of a part that was used
in a stress test ending up in a bin full of spares. So every 'part' has an
identifier, responsible parties, and a tagging system that keeps the streams
from ever crossing. A floppy is physical, so they just did the same thing.

Imagine trying to convince a bunch of people who have always ever done things
physically to use electronic distribution.

~~~
JoblessWonder
The good news is that any new avionics system is going to have the ability for
electronic distribution. Mostly due to reduced cost (cheaper than mailing out
disks/CDs/DVDs) and better ability to correct any bad updates that are
released.

------
niffydroid
I cannot remember where I saw it a few days ago. They basically just use an
emulator and a fake floppy disk, just like people could play cd's over a
cassette player.

I assume they don't have to go through certification for the loading
device(the floppy drive), just the process of loading data instead (through
the emulator)

------
commonturtle
Only slightly surprised; domains where failure is really expensive aren't
likely to experiment with technologies. If it ain't broke, don't fix it.

I read something similar about the computers that control the US nuclear
arsenal: They're extremely primitive and can only be updated by floppy disks.

------
lm28469
If it ain't broke, don't fix it

------
ponker
The software that really matters, like _really matters_ (not talking even
about something like Google Search or Gmail)... is usually like this, since
it's built to be almost never changed, since changing it is so high risk that
it's almost never worth the cost.

------
deeblering4
How many 747s are still in operation? I thought they were being phased out

~~~
newsclues
400ish

[https://en.m.wikipedia.org/wiki/List_of_Boeing_747_operators](https://en.m.wikipedia.org/wiki/List_of_Boeing_747_operators)

~~~
0xcafecafe
Looks like a lot of them are cargo operators.

------
zikohh
Is the 747 the only plane that uses floppy disks or are there newer ones that
do have the same?

