German railway seeks IT admin to manage MS-DOS and Windows 3.11 systems

Misleading title: SIEMENS Mobility is looking for said Windows 3.11 admin. NOT the German Railway
- Deutsche Bahn is the circus and Siemens in this case the clowns.
  
  Clown Siemens, you say?

Legacy hardware and operating systems are battle tested, having been extensively probed and patched during their heyday. The same can be said for software written for these platforms – they have been refined to the point that they can execute their intended tasks without incident. If it is ain't broke, don't fix it. One could also argue that dated platforms are less likely to be targeted by modern cybercriminals. Learning the ins and outs of a legacy system does not make sense when there are so few targets still using them. A hacker would be far better off to master something newer that millions of systems still use.
Tell me you know nothing about cybersecurity without telling me you know nothing about cybersecurity. Wtf is this drivel?
- Simple solution: Don't connect it to the Internet. Hackers hate this one weird trick.
  
  And said trick ends when an attacker manages to socially-engineer their way in. (But maybe they’ll drop floppies instead of flash drives around the block this time)
- It really depends if these systems (that appear to control arrival boards) are on a network or not. If they're not, then there is minimal risk to leave them the way they are. Somebody would need physical access to the devices to do harm. If they are on a network then that's a pretty big deal, but some attacks could be mitigated against by tunnelling and/or additional packet filtering to ensure the integrity of messages.
  Continuing on a railway theme you should be FAR more worried all the devices that run up and down the side of railway lines - PLCs that talk with each other and operations centres to control things like lights, junctions, crossings etc. If they're more than 5 years old then chances are then all that traffic is in the clear, and because these things live in boxes by the railway line, it wouldn't take much to break into a network and potentially kill people by running two trains into each other.
  
  the job was advertised as being remote.....
  
  Exactly. And these things are on an internal bus network, but they are not connected to the internet.
- they can execute their intended tasks without incident
  Now if only the Deutsche Bahn could do that too
- Lmao they don't know all the exploits people learn first are the brutally insane and easy stuff that works on outdated machines like heartbleed and eternal blue.
- What exactly is the issue? Everything mentioned is true.
  It even goes further when you consider how newer technology often incorporates more technology, which means a greater attack surface.
  Tell me you know nothing about cybersecurity without telling me you know nothing about cybersecurity.
  Oh, the ironing. Sad how you have >100 upvotes.
  
  Not sure how to link a reply on lemmy so I’ll just copy from another comment I wrote here:
  I’m not talking about this specific instance, just that block of misinformation/generalisation. Saying that legacy systems are well-secured because they’re “battle tested” is sheer ignorance.
  Take side-channel attacks for example. A timing attack is something programmers from the 60’s and 70’s would not have taken into account when writing their hashing algorithms. And speaking of hashing, what hashing algorithms were available back then? CRC32 or something similar? What about salting? You get the idea.
  Not to mention that legacy operating systems don’t get security updates. Let’s assume that DOS is secure (which it definitely isn’t), but if that statement were correct, would it apply to Windows XP as well?
  All I’m saying is that the article is dead wrong. As software developers in this century, we’ve come a long way. We’ve developed security best practices, written libraries and frameworks, and come up with mitigations for a lot of these security vulnerabilities. These solutions are something that closed-source legacy systems (and anything without active maintenance) would never benefit from.
  The “ironing” is lost on you in this case.
- Cybersecurity != Safety Critical
  
  It is when safety-critical systems are the target of a cyberattack.
- The author's grammar ~~rammar~~ isnt that great as well. Those typos can be should have been catched easily by the spellcheck.
  Edit: Including me :p
  
  The author’s rammar
  Finally caught a *grammar cop doing a typo in the wild. Pure joy.
  
  Yeah, Techspot is pretty trash

Ooh, someone is about to make BANK!
- Some retired old fart who can't be bothered to learn fancy-schmancy Web 2.0. Rock on like it's '93
  
  Or a middle-aged fart who did learn new stuff but remembers the old stuff too
  
  Web 2.0 was a mistake.
- They're gonna party like it's 1989
  
  Celebrating Ceaușescu's death? /j
- Why would someone make a lot of money from this?

Imagine both the annoyance and job security having to manage MS-DOS and 3.1 systems for a railroad would entail.
- I would love it so much. I’d feel right at home. I miss sitting in my room and learning everything I could about DOS. That was the best time I ever had with computers.
  I once built, setup, and maintained about 20 computers for a Christian school for free just because I loved doing it so much.
  I wish I still had that enthusiasm for tech.
  
  Me too.
  In high school, there was a kid who was always trying to make money. Like even then, he wanted his own business. In fact he had a couple small ones back then.
  One of his endeavours was massive LAN parties. He had the capital to rent spaces, hardware, and was even able to get sponsorships.
  He did not have the tech chops to do it though.
  Myself, and one circle of friends were THE computer nerds of the school, but it wasn't really seen as a negative for us - then again we did orchestrate a "free day" and got away with it by taking down the schools network from inside and one person had a loud fucking mouth, but we covered our tracks.
  Anyways, we got in free to these LAN parties as long as we set up and maintained shit. Surprisingly very few problems, about once a LAN party we had to fix something. And it was useful experience.
  That shit was fucking amazing. I loved it.
  I got home from work. Wife works from home. She has had an ongoing tech issue I can't really touch because it's that companies property. But I just don't want to hear it. At all. I'm dead inside in that regard.
  It's gotten so bad that I had an issue with my gaming rig.
  I needed to reseat the RAM. Not hard, except the case is mounted on the wall as a display piece that would require moving a bunch of shit before getting a ladder and yada yada.
  I just didn't game for three days. Just could not muster the energy to care about that. I hate it.
- Frankly that's nothing. In the worst case a train won't start, which for DB really isn't something unusual. It's far more disturbing how the whole global financial market sometimes rely on code that's still written in COBOL.
  
  rely on code that’s still written in COBOL.
  Does this really matter? It's more of a maintenance issue than a functional one.
  It all gets compiled down to binary, anyways.
- Well, DOS is open source now. And that old hardware was quite reliable. Fewer moving parts, I'd expect fewer things to break.
  
  Only MS-DOS 1.25 and 2.0 are open-sourced under MIT license, anything newer is not. These versions were pretty bare-bones, only DOS 2.0 implemented directories for example.
  Unless you mean FreeDOS, which is an open-source DOS-based operating system, which generally should work with any DOS programs/games, but it still may not be 100% compatible with some proprietary software.
- As a young person who loves legacy software - sign me up!

We're maintaining and developing OpenVMS OS, and both we and our customers need Cobol, Fortran, and other half-dead languages coders.
Many large companies maintain their old systems and use them for production or data processing purposes. Sometimes it's too expensive to migrate off, but im many cases "it just works"
- I work primarily in a Long Tail language (languages don't die, but they have a long tail where usage slowly creeps away). I tell the business that we could ultimately solve all the problems with the platform except for one: finding new programmers to hire for it. That's what will ultimately force us to migrate. Doesn't have anything to do with cost or ability to take on new features or handle new ways of doing things.
- Isn't pretty much all airport scheduling based off software from the 80s or something?
  Edit: Found a video about it.
  
  Probably! APOLLO and SABRE and stuff look ancient.
  
  Why change what isn't broken, right?
  
  I know for sure several airports are using OpenVMS, and there are more we don't know about, as some companies keep running yheir stuff for decades not asking anyone for support.
  And I'm sure There are multiple other old systems out there, it's too hard to replace them.
  And they work! Our VMS stuff runs great, it's fast, and the uptime is measured in decades sometimes. So the problem is hardware: we rolled out the first production x86 version this year, so our users are fine (it's still an issue of porting your software, but it's not as terrible as building everything from scratch), but before that OpenVMS could run on Itanium servers at latest, and the platform was dying off since the beginning of 2000s, so it is a problem to find a normal replacement machine now.
- And in many cases if it gets replaced it's for a system that looks fancier but actually has more problems than the original... See Phoenix for the Canadian government employees pay.
- You mean I can use my decades of Fortran knowledge somewhere?! If I could get a wfh position in about 3 years, that'd be awesome.
  
  If you actually do have decades of fortran experience, work for NOAA. Their weather models are mostly fortran and they need engineers. Specifically the NOAA EPIC contract that i worked on previously definitely needs people knowledgeable in fortran and was 100% work from home. Feel free to DM me if you want more details.
- I've seen those postings and some executive is living in dreamland thinking they can hire someone to do that for $25/hr.
  
  My bosses tried to ask me if I knew anyone the could hire for a full time position at a hospital. I ask for more details and eventually they relent because they aren't having any luck on indeed/craigslist/temp recruiter.
  It's a 24 hour on call position for 'up to' $55,000 to be the sole IT staff for a 100 bed hospital in upstate NY.
  I literally laughed at them, but they seem to insist they are gonna find someone to take the job.
  I actually think the job isn't even legal as described.
- Such things make me angry. LoL
  
  It can be viewed as a success. A bridge or building that only lasts five years wouldn't be considered successful, especially if it took monumental effort to make it in the first place. For some reason, we don't value that in software.
- both we and our customers need Cobol, Fortran, and other half-dead languages coders
  Visual Basic? (fingers crossed)
  
  Oh, I'm sorry man. I don't know everything, I'm working there less than a year, but I only heard of VB a couple of times. In order of popularity it's like: C, C++, Java, then everything else

Do I get to move to Germany for this?
- You might, actually. Provided there is no available EU applicant.
  
  There are probably many people in Japan with this skillset given that they're only now getting off disks for certain government processes.
  
  The article itself says the listing has been removed :(
- AND you get to enjoy the DB Verspätungen all the time! Possibly even cause them!

Better hope those systems are not network enabled
- They’re probably still running on their own Netware network. Is there still Win16 compatible malware going around?
  
  If it's in a current metasploit package you can be sure that someone is scanning the IP at some point.
  
  Johnny Castaway can live on at least.
- So say we all.

10/10 would install Doom on it.
- Play doom with physical rails and trains
  
  Use railroad switches as logic gates and trains as binary information?
  Tbh I think people would understand why it had to be done.

At least it's not windows 8.

Remote? Do you connect yourself over telnet or what?
- SSH to a KVMoIP or IPMI?
  
  BMC is doubtful, other sources indicate that the hardware is from 1996, so it's not just old software. So I'll guess a KVMoIP device is bolted on (probably a relay on the power input, VGA, USB for keyboard and 'floppy' (Win3.11 was well before USB, but the hardware from 96 may have USB and the BIOS would likely make it viable for a DOS to use it).

Not gonna lie, part of me wants to relive the SoundBlaster and DOS extenders era and watch stuff with QuickTime. Tinkering with config.sys and autoexec.bat was quite fun back then.
- Was it really FUN or is it not just nostalgia? I would not reaaaally want to fiddle with the autostart-crap again. It often took soooo long. Even with those auto-optimizers...
  
  I am so happy not to have to mess with that. LOADHIGH agony.
  
  With dos 5.x I started creating some fancy auroexec menu at boot that switches between several configurations depending if I wanted to run windows, need a lot of xms or a big chunk of Ems (640k was NOT enough for everything).
  It was somehow fun.
  But at least, if something is not working, it was entirely your fault. Now? It's probably windows update who fucked up something you desperately need right now.
  
  just nostalgia
  Surely mostly nostalgia. But I do remember feeling a sense of accomplishment whenever I managed to run a game and get the sound working 😅

Thats the reason, why they have Problems to find drivers (If you know, what i mean) 😜

Sign me up if you're paying $300k+
- lmao, 60k eur tops. wages in Germany suck ass, earning at least something is possible if you are running independent consulting or climbing corporate ladder, having some unique expertise or going extra mile as an employee is pretty much pointless.
  
  How much of that 60k is left after taxes? Is it enough to live on, or buy a home, or buy a home and support a family, or none of the above?
  EDIT: Thanks for the responses everyone, very informative and interesting. That's the kind of perspective that may not often be shared and helps understand costs of living.
  For the Deutchlanders wondering about the USA's taxes and my question.... 60k would be enough to live on in most of the USA but might not be enough to buy a home or raise a family. But it's highly dependent on your area's cost of living, and the USA is massive with many different areas and tiers of costs of living.
  My example for tax costs: I make more than 60k and I only had to pay about 20% of it to taxes and retirement for 2023, in the USA. In my low cost of living area, 60k would be enough to buy a house and support a family but it would have to be on a very frugal budget. I bought my house when I was making about 45k but my spouse also had an income of almost that much.

Why use MS-DOS? Why don't we just re-write it in Rust?
Edit: I should have mentioned /s in my comment. It's never a good idea to rewrite a mission-critical software.
- The fact they're still running on dos is a clue that either they can't figure out how to upgrade or they don't want to upgrade or they simply won't allocate the budget to upgrade.
  It generally boils down to money. Shops like that are toxic. They somehow don't have the budget to keep their business afloat, means you're not getting a raise.
  If you take this job, you're obsolete. Getting the next job will be tough. You're interview at the next potential role what did you do at your current role? I ran dos on 30 year old machines. Interviewer: I'm sorry, but we need someone with experience in Windows ME.
  
  If you take this job, you’re obsolete. Getting the next job will be tough.
  There is a meme that COBOL programmers still make bank to this day because no one learns COBOL and old enterprise systems run on COBOL. How much of this is true?
- We should just re-implement DOS in Rust and call it RS-DOS.
  
  DROS (DISC and Rust based Operating System)
- You think the existing system is documented?
  It's going to be a mess of things written in 6 different languages, magic numbers all over the place. Unit tests? Predates all that. Even if you tried, the first you'll know about an error is when you turn the news on and there's two trains upside down and on fire.
  
  It is definitely the exact opposite of this. Even though I understand why you would think this.
  The thing with systems like these is they are mission critical, which is usually defined as failure = loss of life or significant monetary loss (like, tens of millions of dollars).
  Mission critical software is not unit tested at all. It is proven. What you do is you take the code line by line, and you prove what each line does, how it does it, and you document each possible outcome.
  Mission critical software is ridiculously expensive to develop for this exact reason. And upgrading to deploy on different systems means you'll be running things in a new environment, which introduces a ton of unknown factors. What happens, on a line by line basis, when you run this code on a faster processor? Does this chip process the commands in a slightly different order because they use a slightly different algorithm? You don't know until you take the new hardware, the new software, and the code, then go through the lengthy process of proving it again, until you can document that you've proven that this will not result in any unusual train behavior.
- Because they like their OS to be Dirty

I know a guy fitted for the job. He's well versed in MS-DOS, Win 3.1, 3.11 etc. Hell, he's even fluent in German, but he's due a hip and knee replacement this month...
That's all I'm gonna say.
- Good luck with the robot joints!

If it ain't broke, don't fix it.
- Until it becomes obsolete, unsupportable, the crux of your operation, and/or the basis for all of your decisions 😬
  (Yes, I read the article, it’s just the signs, but yes, the above still applies!)
  
  COBOL has entered the chat
  e: good for legacy employment though. A relative of mine is a Z80 programmer by trade, and he can effectively walk into a job because the talent pool is so small now. Granted - the wages are never great but never poor, and the role is maintenance and troubleshooting rather than being on the leading edge of development - but it's a job for life.
  
  Not to mention when you want to change the entire system it becomes a huge operation and problem.
  
  I'd consider those various states of not working. So... Don't fix it if it's not broken!
- Too critical to be upgraded is something I wish I'd never hear or see again in my professional career.
  
  ha, whats the failover look like???
- Oh, everyone who ever travels by train in Europe will tell you that the German infrastructure is very much broken. You're lucky if your delay is less than a day travelling through Germany.
  
  Well I live in germany and therefore use the train network on short and long distance frequently and while it is unreliable, "a day" of delay is something I have never experienced.
  Most of the delayed trains are late by less than one hour (still atrocious, but not a day's worth by any means).
  I actually experienced only once a situation where we were given the choice of a hotel or a continuation of our travels by taxi (which we chose) because the train we were in was late one hour or something and the other (last for the day) train could not wait.
  
  Afaik Deutsche Bahn loses 5 mil a day: https://www.theguardian.com/business/2023/oct/14/its-the-same-daily-misery-germanys-terrible-trains-are-no-joke-for-a-nation-built-on-efficiency
  
  That's another part of the infrastructure, though: We just don't have enough rail as well as backup rolling stock.
  And as the federation finally decided to spend some money it's going to get worse in the next decade or so due to outages due to new constructions being linked up to the old stuff.
  As to the age of the infrastructure -- I mean it's the railway. If a rarely-used branch line still uses mechanical interlocks and there's no need to upgrade the capacity then the line is going to continue using infrastructure build in the times of the Kaiser. It's not like those systems are unsafe, it just might be the case that unlike in the days of ole those posts with a gazillion levers aren't manned all the time so you'll see an operator drive to it with a car while the train is on its way. Which really isn't that much of a deal when the branch line goes to a, what, quarry maybe sending out a train every two months or so. Certainly better than to demolish the line and use trucks instead.
  
  German re-unification cost trillions. It's entirely unsurprising.
- Is it broke if no one is able to fix it?
  The reason for it to run on such an ancient device is because nobody wants to touch the scripts running on these devices.
  
  A lot of these systems are also always on.
  Used to work at an airport that had a similar issue, turning some of these systems off simply isn't possible. So you end up having to run the replacement system simultaneously with the old system for a few days. Can't simply take it off line for a day.
- These probably operate completely shut from other networks/internet, so I definitely agree. But I guess a lot of folks here are Linux maniacs and can't stand something running ancient and obsolete OS while the all-mighty Unix-based operating system could solve all of the problems, not mentioning that it would create more in the process.

That's really fucking cool, if you ask me.

Those where the days! <3
- They still can be!
  
  Well, i suppose we can use the internet on them, what more should we want :-)

Let's hope the salary is decent.
- If it were a private company I’d bet it was astronomical. But I don’t know about the German government though, it’s hard to say.
  
  It's a private company... and the salary is not gonna be great.
  Germany doesn't pay wages

It’s the only way to keep the trains free from cylon interference.
Battletrain Deutchlandica
- Eventually AI’s gonna be so cheap, someone reading this thread could just be like “eh fuck let’s see if the first episode is good” and then just paste that comment into a website somewhere, wait ten seconds, and click the big play button next to “Season 1, Episode 1”

If it works, don't change it!
- Yeah, that's kinda the problem
  
  The secret is to develop your software, then fire all the developers. Then it never changes again!
  Come to think of it keeping developers on staff, and familiar with the codebase enough to debug it efficiently, almost guarantees they’re gonna be adding new features. “Well we’ve got this talent sitting around …” and then it’s new features and ….
  I mean I guess this is evidence they’ve managed to isolate themselves from dependencies they don’t control. It’s the external dependencies updating and losing support that causes at least the minimum of codebase maintenance.
  The fact they’ve stayed on this older platform indicates they’ve managed to avoid that constant upgrading. Because if any part of the system has to upgrade, it tends to pull the rest of the system with it.
  This gem requires this version of ruby requires this operating system etc.
  Or maybe they’ve isolated the parts really well and this is just some window3.11 container that’s one of a hundred services.
  I’d love to go back to tech without the constant insomnia and panic attacks.

Eternal September

Yeah, but it will feel like 16MB on a Mac. PowerPC.

Time for a rewrite
- Rewriting a legacy system that's been patched and amended for 30 years... Good luck with that. It seems simple on paper but it's anything but.
  
  Just make it from scratch?
  For sure there is so much useless shit in there, that's why nobody gets their head around it anymore.
- As long as it's not à la Musk where the new versions will be inferior to the previous one because "no modern trains should rely on antiquated technology so we're scrapping everything from before to start from scratch".

Reminds me of the lessons from Chad Fowler’s talk on “Legacy”. https://youtu.be/P4xSmYr7PEg
- Here is an alternative Piped link(s):
  https://piped.video/P4xSmYr7PEg
  Piped is a privacy-respecting open-source alternative frontend to YouTube.
  I'm open-source; check me out at GitHub.

C:WIN

Based

Could be good money in this because who wants to do this... :)

Just saw a video and certain instruments/displays on trains (original ICE 3 for example) run with Windows 3.11, so thats probably why they are searching for one

Can I install Linux on the old systems so they work better?
- i like linux but this sounds as nightmarish as rewriting everything, because thats probably what you'd need to do to make it work.
  and by that point you can upgrade the hardware.
- why would you think it would run better if you don't even know if is it possible to install it in the first place? 🤔
- This, I had multiple old machines with these kinds of specs, I put Slackware on them, dropped in an ethernet card (or two), and used them for all sorts of things, iptables firewall/router, email server, network storage, irc server, etc. It breathed new life into seriously outdated hardware.
  
  Those german railways shouldn't be running proprietary winblows garbageware to begin with. Shouldn't they be running Suse?