[SomeCallMeTim]

"Type your password into your telephone"; already they're asking me to do the wrong thing. If my password is anywhere near secure, then typing it into a phone would be a nightmare. A combination of 16 numbers and letters that I need to convert to numbers? I'd be pressing zero and hoping for an operator before I even opened up my password vault to find the secure password to begin with.

If you want a phone interface, give me a PIN option. Sure you'll not want me to be able to buy plane tickets with just the PIN, but that should be sufficient to protect user data.

[ubernostrum]

already they're asking me to do the wrong thing

Now, yes.

The original SABRE dates back to the 1950s, and was not an airline-customer-facing system; SABRE dates to an era when the phone interface was used by airline ticket agents.

So if you're going to argue that the design is wrong, you need to argue for why it was wrong for the 1950s use case and interaction patterns, not try to retrofit 2014's use cases and interaction patterns onto it.

[hellerbarde]

The architecture might have been state of the art and completely reasonable back in "ye olden days". The fact remains that it's not appropriate for 2014.

If the reasons for this behemoth are compatibility with 50 years old processes, then these processes have to be modernized so this software can be scrapped. (or fixed, either way a huge project)

[roel_v]

" then these processes have to be modernized"

How so? So people can use Q's and Z's in their passwords? What would your business case look like? "Hey everybody let's spend $500 million so people can use arbitrary passwords, because [entropy], never mind most people use the name of their cat anyway?"

[gpcz]

As ridiculous as that pitch might sound, it makes the implied security-money tradeoff directly visible to management and causes them to make a formal decision.

[rnovak]

How so? if it's been used for 60 years, how many records do you think would be compromised if someone gained access to the system? Millions? Billions? Sounds like a good reason to 'modernize' to me.

The target breach would be nothing compared to the breach of a system in use for 60 years.

[wakeless]

But my cat's name is quizzical.

[bela_lugosi]

surely you mean quizzicat

[DonHopkins]

If their computer system is from the 1950's and they can't modernize it, why don't they also allow smoking and box cutters on the plane, and dress their stewardesses up all sexy?

[imjustsaying]

You're missing out. Try KoreanAir.

[gaius]

Yeah, call me when you've got some code running in production for 60 years. Kids these days...

[Fuxy]

There's a reason we invented the term bit rot and this is probably one of the reason only in this case the code works perfectly fine it's just the entire use case that is outdated.

Instead of bringing the code into 2014 they would bring the world into the 1950's.

[dreamfactory2]

i guess requirement rot is partly why we have agile

[chiph]

"Type your password into your telephone"

DTMF/Touch-Tone wasn't introduced until 1963 (and then being an extra-cost option from the Bell System). So more like "Dial your password into your telephone". Rotary phones didn't have Q or Z either.