
The NYC subway system runs on OS/2 - yankcrime
https://tedium.co/2019/06/13/nyc-subway-os2-history/
======
_hardwaregeek
Is it just me or does this article feel kind of shallow? Like there's a lot of
fancy text boxes and nice big text, but it doesn't cover a whole lot of
information. Like how did the MTA build this infrastructure? Who lead it? What
went into their decision making process for OS/2? Were there other options?
They briefly discuss how the MTA is moving to contactless payments and
casually mention Andy Byford's hiring (incorrectly citing him as the former
head of the Tube—unless the MTA hired another former Tube employee?), but they
don't delve into that either.

It's nice to have a succinct article, but I'd much prefer a long form version.
If this article ran in say, the New Yorker, it'd provide a level of depth and
information that I'd find really valuable. I assumed from the design of the
site, namely the very pretty interludes, that I'd be in for some really good
long form journalism. Unfortunately not the case.

Edit: Here's a funny snippet from an article about Andy Byford in which the
credit card processing for the Metrocard machines goes down.

> It seemed that only Miguel knew how to log in to the relevant subprocessor
> and do the reboot.

> “Where is Miguel?”

> He was in a car, apparently, on his way home. He wasn’t answering his cell.
> He lived in Port Jervis.

> Byford looked at Meyer and Nugent. They shook their heads. Port Jervis was
> upstate, three hours away.

> “Unbelievable.”

> More calls were made, more cages rattled. Was it really possible that
> hundreds of vital machines, the main revenue engines of the subways, could
> be repaired by only one person at the M.T.A.? It seemed so.

Perhaps an upgrade isn't such a bad idea.

~~~
OBLIQUE_PILLAR
Andy Byford was manager of several Tube lines

Theres a good New Yorker article about him

~~~
_hardwaregeek
Yep, I quoted the article in my edit. He's incorrectly referenced as the
"former head of London’s train system" and they claim the reason for his
hiring was "ultimately eliminating MetroCards", which is flat out wrong.
Byford was brought on to "fix" the inevitable trainwreck that is the MTA while
also taking the fall for said trainwreck.

------
gerbilly
They could have done a lot worse.

OS/2 was very stable compared to the NT of the same era.

I'm not sure why we laugh at old systems that are still doing their job thirty
years later. If anything we should celebrate the resilience and longevity.

Would it be immediately better if we replaced it with a bunch of docker
containers connecting to mongodb or something?

I think we'd be better off as a society if we became tech luddites a bit more.
Maybe we could start by replacing all of the facial recognition advertising
panels with OS/2.

~~~
_underground

      I'm not sure why we laugh at 
      old systems that are still 
      doing their job 
    

Because other countries are hacking our infrastructure, as we hack theirs, and
those laughing are doing so nervously, because with an operating system that
is decades out of date, it's painfully obvious that anything defended by a
password protected user account on that operating system isn't really
protected against a determined enemy at all, and any of the permissions and
privileges conferred by user accounts on that system are likely a facade
protected by an honor system, and mostly physical security.

In truth, even if the operating system were newer, we would not want it hooked
up to the internet, but if the operating system were up to date, and not well
isolated and became exposed to any public gateways, it would stand a fighting
chance of not spilling its guts to the world.

With such a system disconnected from the internet, one can still bet that a
determined attack is going to implant remote connectivity under their own
control, and their job is much easier once the implant is connected. They
don't need to sweat OS level password rotation, probably won't worry about
strong encryption key changes or having to prove identity to policy
enforcement tools with signing keys or tokens. Very little in the way of
locking the integrity of the system is built into the concept of the OS. The
application layer may offer better protection with proprietary controls, but
the contents of disk and RAM are very probably possible to dump, inspect, bit
twiddle and write back in place to just do anything you want, if your
expertise runs deep enough.

~~~
Wowfunhappy
Is the NYC subway's OS/2 connected to the internet?

~~~
xvector
I think the real question is “what is the physical security model of the
OS/2?”

I would imagine a determined attacker could infiltrate the system in-person.
The question then becomes - how easy is it to compromise the system given
physical access? And, assuming total compromise, how much damage and loss of
life can be caused? (Do the subways have physical fail-safes?)

~~~
flomo
OS/2 was a single user PC OS, it didn't have any physical security or account
passwords or etc.

~~~
tw04
Countless ATMs ran it for decades. They obviously figured something out to
secure it.

~~~
nickpsecurity
Cameras, locks, and obfuscation, basically. Ti hack it, you need to be alone
with it long enough to find the flaws, figure out how dispensor works, etc.
People hardly ever try to bypass them.

Recently, hackers have been buying, studying, and hacking ATM's. They're not
secure. You can see them in action searching for DEFCON ATM hacking on
YouTube.

------
Maxious
The trains in Melbourne ran on a DEC PDP-11/84 based signalling system.

In 2003 they started to move the application to PC running Windows XP using a
special processor card to virtualise the old CPUs although "Due to the core
software limitation (no source code available) we were compelled to integrate
some original PDP-11 computer cards into the final product and this resulted
in a hybrid PC platform"

[https://www.equicon.de/images/Virtualisierung/LegacyTrainCon...](https://www.equicon.de/images/Virtualisierung/LegacyTrainControlSystemStabilization.pdf)

~~~
xvilka
Why not to hire a reverse engineering company and restore the source code for
them?

~~~
adrianN
Would that be legal?

~~~
anonymfus
Australian lawyers from the top of Google Search results say that it can be if
done careful:

 _> Generally, where a computer program is reverse engineered by copying the
idea of the function presented in the program code, the original computer
programmer’s copyright is not infringed. Where a computer program’s
expressions in code are reproduced or adapted (including into a different
computer programming language), the original computer program’s copyright is
likely to be infringed. This means that where reverse engineering occurs by
“clean room” design, Australian courts are unlikely to find that there has
been an infringement of the original author’s copyright._

Source: [https://www.dundaslawyers.com.au/reverse-engineering-of-
soft...](https://www.dundaslawyers.com.au/reverse-engineering-of-software-
what-are-the-legal-boundaries/)

------
shereadsthenews
The system does not “run on” OS/2\. That is used to glue the metrocard
terminals to an IBM mainframe. The subway “runs on” relay logic. Trains occupy
a block because they short the two rails together, which completes the
necessary circuit. Only part of the NYC subway is computerized. That part uses
off-the-shelf hardware and software that I believe runs at least partly on
Solaris.

~~~
endorphone
This seems needlessly argumentative and unwilling to allow for any editorial
leeway. A subway is composed of many parts that all need to operate for the
system to work.

But if we want to get pedantic, the subway wouldn't exist without revenue, and
that revenue is indirectly managed through an OS/2 system. Ergo, the subway
runs on OS/2.

~~~
astrange
Most subways don't pay for themselves; it's funded by the state. Really
there's no reason to charge for usage except that everyone in government likes
to steal money from them when nobody's looking.

------
geofft
> _In the future, people will access New York’s subway like they’re queuing
> for a roller coaster at Disney World. The process will require users to have
> an internet connected device that gets you through the gates, whether that’s
> a phone or a smartwatch. If we’re lucky we get a new MetroCard option. But
> it’s no guarantee._

This is false:

\- You do not need an "internet connected device." (There isn't even reliable
cell service at all turnstiles.) You can use an offline device that's
previously had a card added to mobile wallet. You can also just use an actual
physical credit card that supports contactless payments.

\- The MTA has indicated that they're replacing MetroCard with an OMNY-
specific contactless payment card, which you can buy using cash if you want.
"Although cash isn’t accepted for OMNY right now, cash will always be an
option to access MTA services. You still have the option to use MetroCard
until OMNY rolls out system-wide."
[https://new.mta.info/omny](https://new.mta.info/omny)

"In 2020, we will enable mobile ticketing in the OMNY app. In 2021, we will
introduce a new MTA-issued contactless transit card for OMNY that you will
find at retail locations throughout the New York region. In 2022, we will
install OMNY vending machines at subway and commuter rail stations. In 2023,
we will say goodbye to MetroCard. You will always be able to pay with cash at
retail locations and vending machines." [https://omny.info](https://omny.info)

------
walterbell
The OS/2 ecosystem helped to bring the Windows "start button" back to Windows
8/10.

After Microsoft removed the _Start_ button, the former #1 OS/2 ISV (Stardock
Systems) created the Start8 utility as a 3rd-party $5 replacement start
button. They sold millions of copies, proving market demand and motivating the
return of the button in future Windows releases.

~~~
choiway
This is a more interesting tidbit about os/2 than the entire article

~~~
walterbell
OS/2 had an object-oriented GUI (Windows "Cairo" never shipped) and Stardock
was a pioneering ISV. They later moved onto Windows games and utilities.
Commentary by Stardock CEO,
[https://www.stardock.com/press/customerreports/stardock2014....](https://www.stardock.com/press/customerreports/stardock2014.pdf)

 _> Over the years, we’ve developed and/or published a lot of software that
was “ahead of its time”. Sometimes, too far ahead of its time. :) ... Broadly
speaking, Stardock is a bunch of “techies” who have let their hobby get out of
control ... most consumers would be shocked if they knew the actual dollars
earned by reasonably “popular” iOS and Android games and apps ... Our poorest-
selling DLC for PC games generates more income than nearly every iOS or
Android developer app we've gotten numbers for ... Start8 will undoubtedly be
obsoleted by a future version of Windows as its stunning popularity (over 30
million downloads and counting) makes it clear it was a mistake for Microsoft
to get rid of the Start menu in Windows 8. In the meantime, Start8 has been an
unexpected boon. If it makes Microsoft feel better, the revenue from Start8
has helped us hire a lot of new developers making new Windows software.

> ... In 1998, the OS/2 market died off. Stardock went from a multimillion
> dollar business to one that made less than $400,000 in one year. The only
> reason we survived was because our former OS/2 user base bought Object
> Desktop for Windows, sight unseen, a year before it would be released. While
> “Kickstarter” is now common, most of you reading this know that in 1998 just
> doing credit cards over the Internet was a new thing, let alone giving $50
> to a company to make a product that didn’t exist._

------
protomyth
Given what I have seen in some large corporations, I honestly believe that
eBay has the data on which companies use very old computers in mission
critical processes. The amount of "vintage" parts that were bought off sellers
on eBay by a couple of corporations I was at was rather large. It amazes me
what has to happen for some companies to realize that your logistic system
needing parts from eBay is a bad thing.

~~~
hanniabu
It's the "whatever keeps it moving" mindset rather than the "take a hit now
for a better return later" mindset. I used to work as a Colgate factory making
liquid soap and it blew my mind how poor of a condition their machinery was in
and how it was run. Machines help together literally with ductape, zipties,
and miscellaneous objects that we could find around the plant to repurpose or
materials we could find at Walmart (it's the only place around open 24hrs).
Many times machines would be down and instead of fixing them we would just
"throw people" at the issue and keep the lines running with manual labor,
creating an insane amount of inefficiency and waste so that there's no
"downtime".

~~~
xzel
That shows how little value most labor has, unfortunately, versus how much
money can be make just keep the business running. It’s a simple computation
for anyone upstairs.

~~~
caseymarquis
In that kind of manufacturing environment, typically it's just middle
management keeping things at a local maximum and hiding problems from plant
managers. Middle management is incentivized to maintain said local maximum
based on some arbitrary metric (ie uptime) which can be decoupled from
productivity. This is the primary mistake. Plant managers usually have the
bigger picture in mind, but aren't aware of the issues, as they trust the
people below them. Operators eventually stop complaining when nothing gets
done, as they assume that's how it works. This leads to money spent fixing
operator culture, which is really just a more visible symptom of the actual
issue.

Long story short, you get what you incentivize for. Incentivize carefully.

------
Lowkeyloki
I grew up on OS/2 Warp on a PS/1 Consultant. I still have a couple of boxes
with original copies of OS/2 Warp and the manuals and optional software disks
in my back closet. I guess you could say I have a soft spot for it. It was
really ahead of its time compared to its contemporaries, second only to BeOS.
But people who weren't techies back in the early 90s didn't see the value in
buying a different operating system when their system came with DOS and
Windows 3.1. And, honestly, they were probably right! Computers didn't really
have the oomph or the networking capabilities at the time to power all the
multimedia applications IBM had in mind.

So I can't really judge the MTA too harshly because OS/2 is solid and it'll
probably gladly do the job for another 30 years so long as the hardware lasts.

------
dehrmann
This got me wondering...if you were building out a system like this today,
which OS would you choose that wouldn't seem ridiculous 30 year later? And why
aren't we building OSes that are simple and feature-poor with the intention
that they'll be used for 30 years? Or the airline problem: it must be annoying
that the tech you put in seatbacks has a short shelf life and will look
primitive compared to the phones in everyone's pockets.

~~~
ComputerGuru
The seatback device is a consumer electronic that can (and should) be
experimented with, updated, upgraded, and replaced regularly. I don't care
what OS it is using today or how fancy it looks - that has nothing to do with
the first part of your question, which should (and fortunately usually is)
altogether separate.

The off-the-shelf answer today is a variant of QNX or VxWorks. No one gets
fired for picking those.

~~~
metildaa
I thought most seatbacks ran Linux?

For more critical applications, Boeing is using Ada on Linux atop AMD's new
embedded CPUs, which have no closed firmware (to ensure auditability).

Sadly, Boeings culture rot has led to some poor design decisions recently.

~~~
pjmlp
I am yet to see any Linux distribution certified for high integrity computing.

Usually Linux always runs in a VM sandbox on top of such OSes, like Green
Hills INTEGRITY OS.

------
Thorrez
Well there's probably not a whole lot of OS/2 ransomware, so they're less
likely to wind up in the situation of the San Francisco Muni

[https://www.sfexaminer.com/news/you-hacked-appears-at-
muni-s...](https://www.sfexaminer.com/news/you-hacked-appears-at-muni-
stations-as-fare-payment-system-crashes/)

~~~
ma2rten
I don't think it's better security-wise to run software which doesn't get
updates since 17 years.

~~~
zrobotics
"IBM had long given up on it, even allowing another company to maintain the
software in 2001. (These days, a firm named Arca Noae sells an officially
supported version of OS/2, ArcaOS, though most of its users are in similar
situations to the MTA.)"

So I suppose there are still updates. As an aside, at $129 for the personal
edition [0] I want to pick it up just for the novelty of having an OS/2
machine running on modern hardware.

[0] [https://www.arcanoae.com/shop/arcaos-5-personal-
edition/](https://www.arcanoae.com/shop/arcaos-5-personal-edition/)

------
burfog
London's runs on iRMX III. The hardware is x86 but non-PC, based on Multibus.

[https://en.wikipedia.org/wiki/RMX_(operating_system)](https://en.wikipedia.org/wiki/RMX_\(operating_system\))

That OS was pretty much a feature demo OS for the x86. All that task switching
stuff is used to the max, and of course the segments are as well. Good luck
porting anything, even if you did have the source code and a budget. Also, the
popular language was PL/M, which is impressively awful.
[https://en.wikipedia.org/wiki/PL/M](https://en.wikipedia.org/wiki/PL/M)

------
RyanAF7
Favorite quote from the article, "Despite the failure of OS/2 in the consumer
market, it was hilariously robust..."

Would this make the NYC subway system more or less prone to hacking? Can't
imagine there are a ton of exploits in OS/2 that modern hackers would know
about.

~~~
gruez
Does os/2 even have TCP/IP support?

~~~
freehunter
If you're running Warp, yes. I believe it's dial-up only though.

~~~
shereadsthenews
Nope. Ran Warp on a PC with a PCI bus Ethernet adapter and TCP. Worked fine.

------
myrandomcomment
I used OS/2 on a 486DX-66 back in the day at home. I ran also ran it on a my
first SMP system - Dual PPro (custom IBM build that did SMP - I worked there
at the time and even wrote some code for it). It was rock solid for the most
part. I still miss parts of the GUI - the ability to rip off a template for
printer or a Doc, etc. There are still things that the latest OS just do not
do well. Biggest issue was alway the single input queue issue in the GUI that
could lock up the GUI but the system would just keep running.

Also Galactic Civilizations was a damn good game and only on OS/2 at the time
-

[https://www.stardock.com/stardock/articles/article_sdos2.htm...](https://www.stardock.com/stardock/articles/article_sdos2.html)

~~~
deathanatos
I think I played some sort of predecessor to that game, called Star
Emperor?[1]

But from the first link in your link… they also made Trials of Battle! That
it's listed under "Other Products" does not do it justice, IMO. _And_ Stellar
Frontier. I did not realize how much of their stuff I had played.

[1]: [https://www.os2world.com/games/index.php/native-
games/strate...](https://www.os2world.com/games/index.php/native-
games/strategy/306-star-emperor)

------
ceautery
As late as 2003 (when I separated from them), Sterling Commerce, a Columbus
based EDI network now owned by IBM, used an OS/2 system to convert zModem and
FTP traffic to SNA, so that PCs could talk to a mainframe without needing to
to buy special modems that could talk bisync. That was the only non-trivial
use of OS/2 I've seen, and for all I know it's still running.

In the 90s, the CompuServe online service had a dedicated tech support team
for people using OS2CIM to connect, and they were pretty evangelical about
using OS/2 over Windows or pre-OSX Macs. It's a fun ecosystem, and its users
were pretty passionate about it. I'm glad to see it's still being used for
something interesting.

------
orionblastar
[http://www.osfree.org](http://www.osfree.org)

The free and open source OS/2 clone OS. Some things cannot be ported to
Windows.

------
eps
Canadian flavour of this, from the late 90s was that

1\. SkyTrain (driverless monorail) in Vancouver ran under OS/2

2\. All street lights in Toronto were managed by a single 486 box running QNX

Not sure how true #2 was, but Skytrain had an OS/2 position open for a while,
so it was a part of their setup for sure.

[https://en.wikipedia.org/wiki/SkyTrain_(Vancouver)](https://en.wikipedia.org/wiki/SkyTrain_\(Vancouver\))

~~~
goodcanadian
SkyTrain is not a monorail. It is standard (driverless) light rail.

~~~
eps
Quite possible. It's been 10 years since I last used it.

------
southern_cross
One thing that the IT world (being a field which is only a few decades old) is
going to have to come to grips with is the fact that, in general,
infrastructure doesn't necessarily get thrown out just because it has grown a
bit long in the tooth. In the US we have physical infrastructure which is many
decades to centuries old, and elsewhere in the world there's still
infrastructure in active use which dates back to at least Roman times. Now
that old stuff certainly may not be ideal by modern standards, of course, but
to the extent that it gets replaced this is usually done relatively slowly,
and some of it may yet end up sticking around indefinitely.

------
emersonrsantos
If I remember well, Trenitalia POS and many European banks still use OS/2\. A
lot of mainframes have OS/2 as a frontend to boot (IPL) the big iron. Got
heartbroken when OS/2 got sold.

~~~
unixhero
That mainframes need a standard computer of some sort to run as a controller
to reach IPL boggles my mind.

~~~
dfox
It is done in this way on almost any platform that is classified as mainframe.
Originally one would IPL such platforms by manually toggling in either some
simple code that would somehow DMA the OS bootloader from some external
device. This was not exactly user friendly and replacing the front panel
blinken lights with some sort of interactive monitor/debugger running on
separate smaller CPU was common approach (for example many PDP-10s have PDP-11
in them used as "console processor").

For more recent systems (IBM mainframes, Sun/SGI large machines, etc.) the
controller also handles things like power sequencing, hardware configuration
(e.g. physical partitioning of interconnect buses, resource allocation...) and
mainly also enforces the hardware licensing policies.

------
trollied
"In the future, people will access New York’s subway like they’re queuing for
a roller coaster at Disney World. The process will require users to have an
internet connected device that gets you through the gates, whether that’s a
phone or a smartwatch. If we’re lucky we get a new MetroCard option. But it’s
no guarantee."

Is that actually true? Seems like a terrible decision, if so. I fundamentally
don't understand why the onus would have to be on the user to have internet
connectivity.

London lets you use contactless payments with normal bank/credit cards, Apple
Pay etc.

~~~
cddotdotslash
There's been a ton of FUD around this concept since the moment OMNY was
announced as the MetroCard replacement. They've committed to supporting phones
with NFC, contactless credit and debit cards, as well as a future vended card
that can be paid for with cash, likely from any nearby convenience store or
machines in the station. Yet despite the hundreds of options that enables,
there are still people spreading fear that this change will somehow lock out
hundreds of thousands of people from using the subway (the argument being that
lower income riders don't have access to the contactless payment methods).
I've seen nothing to indicate this will be the case and they've committed to
supporting the additional card before retiring the existing MetroCard.

------
meddlepal
I used to work for a bank with a large number of OS/2 based ATMs.

It's out there, in a lot of places.

~~~
eps
Diebolds?

------
wolfi1
I remember IBM even handed out freebies of OS/2, I was quite a fan of it and
its Scripting language REXX. Jokingly we pronounced Os/2 as "O - S - half"

------
michaelcampbell
> 5.7M The number of people that rode the New York City subway on an average
> weekday in 2016.

Shouldn't that be:

> 5.7M The AVERAGE number of people that rode the New York City subway on a
> weekday in 2016.

You're averaging the number of people, not the weekday. (I guess this is a
stylistic linguistic choice, but it's always bothered me.)

~~~
nerdponx
Why so? Very likely they took every weekend ridership and averaged them
together. If anything, "averaging the day" makes more sense than "averaging
the people". The latter would be something like "the average person takes the
train every other weekend".

~~~
michaelcampbell
I never said averaging the people; I said averaging the NUMBER of people,
which is what's being done. "Averaging the day" makes no LOGICAL sense; what
is being summed? Over what is that sum being divided?

------
exabrial
I'm actually surprised it's this advanced. This is the system that still uses
glass insulators and cloth wire. The unions keep any technology advancements
out to prevent displacing jobs

------
whiddershins
I think Citibank did too, for the longest time. I had multiple occasions of
visiting their ATMs and being treated to a space invaders style interface ...

------
bayareanative
Wow. The last time I saw OS/2 in production was at Egghead Software's back-
office on PS/2's in the very late 1990's.

------
patsplat
It's a bit unclear. So does OS/2 run on the turnstiles?

Also my mom loved OS/2 Mahjong so it had a long life in my house growing up.

------
todd3834
Someone once told me that a lot of the big navy ships run on a customized
version of Windows XP! Can anyone here confirm?

~~~
todd3834
[https://www.computerworld.com/article/2939435/us-navy-
paid-m...](https://www.computerworld.com/article/2939435/us-navy-paid-
millions-to-stay-on-windows-xp.html)

~~~
userbinator
Interestingly, in 2011 they were still using MS-DOS:

[https://en.wikipedia.org/wiki/File:US_Navy_110129-N-7676W-15...](https://en.wikipedia.org/wiki/File:US_Navy_110129-N-7676W-152_Culinary_Specialist_3rd_Class_John_Smith_uses_the_existing_DOS-
based_food_service_management_system_aboard_the_aircraft.jpg)

...and a lot of (physical) stores still use a DOS-based application for their
POS systems, judging by the appearance, although they might not actually be
running it on DOS but a later version of Windows.

~~~
dredmorbius
SCO UnixWare / OpenServer was the basis for many POS systems, with curses
displays resembling (though not) DOS.

[https://en.wikipedia.org/wiki/OpenServer](https://en.wikipedia.org/wiki/OpenServer)

------
a-dub
The MVMs have been on Windows for some time... you can see when they crash.

But yeah, it was huge in banking when they released 2.0...

------
anoncake
This is not at all surprising. There are still a lot of mechanical signal
boxes in operation.

------
epynonymous
there's a saying that if it ain't broken, don't fix it.

but the new york city government must be dumping tons of tax dollars
maintaining this outdated technology, i'm speaking mostly about the hardware
required to run this operating system and software.

------
jtl999
Similar situation in Vancouver as of 2010.

------
ggg2
I had never ever seen that neon colored os/2 logo before. why pick such an
outline oddity to report on some unknown banality from the past?

