Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Software IT

Y2.01K 269

After our recent discussion of decimal/hexadecimal confusion at the turn of 2010, alphadogg writes in with a Network World survey of wider problems caused by the date change. "A decade after the Y2K crisis, date changes still pose technology problems, making some security software upgrades difficult and locking millions of bank ATM users out of their accounts. Chips used in bank cards to identify account numbers could not read the year 2010 properly, making it impossible for ATMs and point of sale machines in Germany to read debit cards of 30 million people since New Year's Day, according to published reports. The workaround is to reprogram the machines so the chips don't have to deal with the number. In Australia, point-of-sales machines skipped ahead to 2016 rather than 2010 at midnight Dec. 31, rendering them unusable by retailers, some of whom reported thousands of dollars in lost sales. Meanwhile Symantec's network-access control software that is supposed to check whether spam and virus definitions have been updated recently enough fails because of this 2010 problem."
This discussion has been archived. No new comments can be posted.

Y2.01K

Comments Filter:
  • Didn't I hear this before? I remember people talking about scamming banking systems via the confusion caused by 2010.

    Does anyone remember this well enough to dig up the article?

    Thanks (and lazy),
    Todd
    • Re: (Score:3, Funny)

      Didn't I hear this before? I remember people talking about scamming banking systems via the confusion caused by 2010.

      Wait a second... isn't that the plot from Superman IV?

  • by rueger ( 210566 ) on Wednesday January 06, 2010 @01:58AM (#30666468) Homepage
    How on earth can things like this happen? After the Y2K debacle how can anyone
    not anticipate and extensively test for future dates?

    Is this sheer utter incompetence, or just a total lack of intelligence?

    Yee Gods!
    • Re: (Score:3, Insightful)

      Because everybody forgot about Y2K on Jan 1 2000. Planes didn't fall from the sky, remember (well not immediately, anyway).

      • by LoRdTAW ( 99712 ) on Wednesday January 06, 2010 @02:34AM (#30666646)

        Hmmm so the 9/11 hijackers were Y2K bugs then? We better keep an eye out for more aircraft bugs on Sept 11 2011 .... holy shit there is an 11 in 2011 AND 9/11! ZOMG!

      • by darkpixel2k ( 623900 ) on Wednesday January 06, 2010 @03:04AM (#30666776)

        Because everybody forgot about Y2K on Jan 1 2000. Planes didn't fall from the sky, remember (well not immediately, anyway).

        Yes. I anticipated this. I now store all my dates much like the Unix epoch, except I store it in a 1 gigabit integer field (f*ck 64-bit integers) that counts the number of seconds since midnight January 1st, 50,000,000,000^1024 years ago.

        We should be safe from now until the universe collapses, Jesus comes back, Allah blows us all up, or the Great Green Arkleseizure wipes his nose.

        Oh--and you do have that new holographic storage tech in your laptop, right? You'll need a few exobytes just to store the timestamps on all your files...

        • by thorndt ( 814642 )
          Better make sure your computer rounds that (way way down) to 13.7 billion. According to current cosmological thinking, that's when time began.
      • Re: (Score:3, Insightful)

        by MrKaos ( 858439 )

        Because everybody forgot about Y2K on Jan 1 2000. Planes didn't fall from the sky, remember (well not immediately, anyway).

        I've been confronted with the idiot at dinner(s) who says "what about that Y2K bug - what a load of crap that was, nothing happened". I gently remind them that a lot of people worked pretty hard to make sure nothing happened. Maybe this time around there won't be any budget to handle it. Guess we may find out on the 10/10/2010.

        • by Teancum ( 67324 ) <robert_horning@netz e r o . n et> on Wednesday January 06, 2010 @09:41AM (#30669324) Homepage Journal

          Amen this this sentiment. The effort to make sure that the Y2K bug didn't cause more havoc and mayhem is precisely due to the herculean effort on the part of hundreds of thousands of programmers who worked overtime to see that it didn't happen.

          I had the cell phone for my company to receive the complaints from customers seeking an engineering solution to fixing any potential problems on the night of December 31st, 1999. The company CEO had this number on speed dial for some very high end clients. That I got through the night with some excellent sleep is a testament to the work that did happen was well done.

          It turned out for the company I worked for, there was a Y2K bug that did get missed, but it was relatively minor and only impacted the error logging system. Even funnier was that particular system had only been developed six months earlier, by a programmer who clearly should have known better. The date being logged was recorded as the year "19100" instead of 2000.

          I'm far more worried about the 2038 Unix overflow bug, which is a much harder bug to try and root out of systems. We have 18 years to fix that bug, but I'm mainly worried that legacy applications on archaic computers used in situations that has no budget is where it will be the largest problem. Unix boxes in particular are known as workhorse computers that can be neglected and ignored... unlike a Windows computer that will most certainly be in the recycling bin within 18 years.

          Also, one of the typical "fixes" for the Y2K bug was to set an arbitrary "century window" on the software.... with sometimes random intervals for when this window actually falls. Instead of Y2K biting you all on the same day, it will happen as a class of failures on random dates when some major epoch happens.... such as 2010. So for me, this isn't even news as this is something I'm expecting. 2020 is going to be another year to watch for similar bugs, and 2040 is going to be a particularly ugly year as 1940 was set as a common century epoch point for a great many companies. 1970 was more common, but I hope that the Y2K bug is finally fixed by 2070.

    • Re: (Score:3, Insightful)

      by xous ( 1009057 )

      This is because they let people that shouldn't be anywhere near a production system write software.

      Almost all of these issues can be attributed to developers rolling their own date handling functions or misusing built-in functions.

      I'd blame some of it on retarded user interfaces that accept two digit year values.

      DO NOT REINVENT THE WHEEL!!

      • Re: (Score:3, Insightful)

        by ais523 ( 1172701 )
        Personally, I blame it on bad reverse-engineering. 9 looks the same in binary and binary-coded-decimal (the bit pattern for each is 00001001), but the bit pattern for 10 in binary-coded-decimal (00010000) is the same as the bit pattern for 16 in binary. I imagine what's going on here is people guessing at a protocol and not having enough information to distinguish binary from BCD. (If they do that because the protocol isn't available, it's forgivable; if they do it because they're too lazy to look it up, it
    • Re: (Score:3, Funny)

      Wait until Dec. 31, 9999. Watch as people panic about there being 5 digits in the year and how programs were only written to accommodate 4 digit years for the past 8000 years!

    • Is this sheer utter incompetence, or just a total lack of intelligence?

      you phrase that question as if it can't be both...

    • by jlarocco ( 851450 ) on Wednesday January 06, 2010 @02:18AM (#30666572) Homepage

      100% incompetence.

      I would bet all the money I have that 99.99% of these problems are caused by people not taking the time to learn the standard library of whatever programming language they're using. For some reason there's a gut instinct among programmers that they have to write all date processing code themselves. I can think of 4 separate occasions, off the top of my head, where I've replaced dozens of lines of sketchy, hand roled, date formatting code with a single call to strftime. [freebsd.org]

      • by gmack ( 197796 )

        How do you explain this bug from spamassassin?

        X-Spam-Status: Yes, score=6.1 required=4.0 tests=AWL,FH_DATE_PAST_20XX,
                HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY autolearn=disabled
                version=3.2.5
        X-Spam-Report:
                * 3.4 FH_DATE_PAST_20XX The date is grossly in the future.

        • by ais523 ( 1172701 )
          As reported on Slashdot earlier [slashdot.org], it was using a regex for date handling, that had the year 2010 hardcoded. (The irony here is that the SpamAssassin people had noticed in time and changed the date to a hardcoded 2020 instead, but forgotten to put the fix into the update channels, so nobody got it until after 2010 had already started. Of course, this is still the wrong way to do things...)
      • That’s more of a C programmer’s disease. Because it came with next to no libraries. I mean, the environment is not even developed to a point where basic memory management has a sensible abstraction from hardware. (No, you don’t need to hand-roll that. You just need to think harder, on how to generalize that thing.)

      • Re: (Score:2, Funny)

        by Anonymous Coward

        There are reasons of business and budget that trump incompetence, but your post reminded me of a story.

        Technical background: I worked in VAX/VMS, where dates were stored as binary but commonly displayed as dd-mmm-yyyy, such as "01-Jan-2000".

        Once upon a time, there was an Oracle DBA, whose primary claim to fame was being female and good looking in a line of work where such attributes were uncommon. She applied for a job in my IT department and we interviewed her. Although we found her visually refreshing,

    • Re: (Score:3, Insightful)

      by mlts ( 1038732 ) *

      Its neither. It's ROI and worrying about this quarter's earnings over anything else, pure and simple. Because there isn't any primary returns from finding date errors in the future, businesses just won't plunk down funds to fix them, and will reactively fix problems when they happen. I see this a lot in businesses, and not just the big boys. Plenty of SMBs also are not interested in hearing about anything they need to spend their money on, but stuff that has a positive return. They would rather forget

    • by Evil Shabazz ( 937088 ) on Wednesday January 06, 2010 @02:34AM (#30666644)
      At the Bank of Germany, we're not happy until you're not happy.
      • Re: (Score:3, Interesting)

        by thsths ( 31372 )

        > At the Bank of Germany, we're not happy until you're not happy.

        Indeed. They even said if the cache machine in your branch did not work and you had to get money from a competitor, you will not get the fee reimbursed at most banks. So far only one bank has promised to pay them back.

        • Re: (Score:3, Funny)

          by AtomicJake ( 795218 )

          Indeed. They even said if the cache machine in your branch did not work ...

          Well, this works actually very well. The machine is caching all the money ...

    • by JustinKSU ( 517405 ) on Wednesday January 06, 2010 @03:25AM (#30666848)
      A little bit of both!

      We have actually had TWO different Y2K10 problems at our job. One was related to someone setting certain rules to expire in 2010, because, you know, it was so far off in the future they wouldn't be working here anymore.

      The other bug qualifies as complete incompetence on the developer. We contracted another company to write some software to print barcode labels. They encoded pipe delimited values including a date. In order to save digits and thus reduce the size of the barcode they decided to take the year and append the Julian day. For example Jan, 6th of this year would be stored as 2010006. The problem was that they didn't feel that it was necessary to use four digits for the year. Which is understandable, but apparently TWO digits for the year was too much as well. So the end product was a one digit year ex. "0006". The code that reads the label was:
      year = 2000 + barcode.left(1);

      What's really scary, is that this code had to have been written post Y2K.

      The worst part of the whole thing is that we have to go back to the contractor to fix the problem which is going to cost us $$$ beyond the lost revenue of downtime.

      Now both of these problems have nothing to do with 2010 specifically, but it just shows how short sighted developers can be.
      • by Anonymous Coward on Wednesday January 06, 2010 @03:37AM (#30666904)

        Since the contractor is going to be paid a second time, I would say it demonstrates their forward planning.

      • by aix tom ( 902140 )

        That will actually be a problem in 2017 in code I wrote.

        I needed to implement 3-digit inventory taking IDs in 2007, whit about 20-30 inventories taken each year. So I have a one-digit year in those IDs, and in 2017 I will have to either delete the old ones or find a new approach.

        But since a few weeks all our barcode scanners also can handle letter barcodes, so I can probably push the real problem into 2043, when I'm retired. ;-P

      • We also had an issue where something stopped working on 2010-01-01 because it was so far off in the future that it wouldnt matter. When was this code written? 2006! On the other hand the dev responsible no longer works here so the Make-It-Someone-Else's-Problem method worked perfectly...
      • by Hatta ( 162192 )

        The worst part of the whole thing is that we have to go back to the contractor to fix the problem which is going to cost us $$$ beyond the lost revenue of downtime.

        Do you not have legal recourse against the contractor who sold you obviously broken software?

    • Re: (Score:3, Funny)

      by w0mprat ( 1317953 )
      End of the world? I just checked my calendar, and the last day is December 31st. This has me deeply concerned.

      How on earth could this happen? This is shear blistering incompetence that no one thought to include any more days past this point.
    • by bradley13 ( 1118935 ) on Wednesday January 06, 2010 @04:33AM (#30667156) Homepage

      Two reasons

      1. Many programmers are not particularly competent. Add in the untrained people writing scripts, VBA applications, etc, who have no clue about software engineering, testing, etc. No surprise that simple errors crop up.
      2. Dates are really, really horrible. If you have not had the privilege of writing an international application, worrying about different date and time representations, simultaneity across different time-zones (and the date line) - well, it's an adventure, and even careful testing may not catch everything. Gratuitous real-world example: WinXP allows users to set date-separators and the like in a way that makes unambiguous date/time parsing impossible.
      • by jimicus ( 737525 )

        Dates are really, really horrible. If you have not had the privilege of writing an international application, worrying about different date and time representations, simultaneity across different time-zones (and the date line) - well, it's an adventure, and even careful testing may not catch everything. Gratuitous real-world example: WinXP allows users to set date-separators and the like in a way that makes unambiguous date/time parsing impossible.

        Which is why you don't do that. You let standard library functions (which were mostly written years ago and have been tested far more extensively than any of your code is likely to be) handle it.

        And where this is impossible, you don't even attempt to parse dates. You work purely on something like "number of seconds since the epoch" and only turn it into a human-readable date just before you show it to a human.

        Really, the cases in which you're likely to need to parse a date in the real world are few and fa

      • Re: (Score:3, Insightful)

        Re. point 1: Coding is complex, and newbies turning out poor code doesn't mean they are morons or poorly trained. A lot of the finesse of proper software engineering comes through hard-won experience, and quess what: rarely do we give those newbies a chance to gain that experience.

        What I am talking about is mentoring and code reviews, two things that seem to have gone the way of the dodo. "Catch errors early" has always been a good coder's maxim; but there really is no excuse to have a newbie's code go
      • by jargon82 ( 996613 ) on Wednesday January 06, 2010 @07:33AM (#30668146)
        For your second point, does it really matter? Programmers will rarely if ever get dates, no matter how hard they try....
    • Simple. Y2k is being delivered ten years late. People never learn about late IT deliveries!
    • I think it's because the code was created here [slashdot.org]

    • by stesch ( 12896 )

      Because people still insist in using their old and silly date format everywhere. dd.mm.yy, dd/mm/yy, mm/dd/yy.

      There's an international format called ISO 8601, which is accepted in almost every country around the world. yyyy-mm-dd with 4 digits for the year.

      If such a date format would be common, nobody would even think about using only 2 digits (or less) to save a date. And no, 2010 wouldn't be interpreted as 2016. It would be wrong from the very beginning if somebody wants to interpret a BCD number as a

    • by Dan541 ( 1032000 )

      How on earth can things like this happen? After the Y2K debacle how can anyone
      not anticipate and extensively test for future dates?

      We'll worry about that when we get to it.

      • by Dan541 ( 1032000 )

        How on earth can things like this happen? After the Y2K debacle how can anyone
        not anticipate and extensively test for future dates?

        We'll worry about that when we get to it.

        True story

    • Yeah, so with the year 2000, we had ALL FOUR digits changing: 1999->2000, so any assumptions about the leading three being fixed would be broken. But a problem when the freaking tens digit increments?!? That's amazing carelessness. "Bah, the ones digit will never generate a carry in my lifetime!"
  • Several years ago - might've even been last decade - I wrote a flash movie that checks the version number of the flash player and informs you if you need an update. And guess what? It still works fine.

    That was Flash 4, I believe. Somehow due to my great forethought it was able to cope with Flash 10 without spazzing out.

    Whenever I do dates, and am not using long (for miliseconds), I usually put the year in as int. I guess that means I should be set until 2 billion years or so?

    Well, to be fair to the morons t

  • by michaelhood ( 667393 ) on Wednesday January 06, 2010 @02:25AM (#30666602)

    http://news.cnet.com/8301-13860_3-10425455-56.html [cnet.com]

    this is affecting me and the other 3 guys on the planet with a Windows Mobile phone, too. :(

    • Uhm, I am one of those other three guys but my phone (Touch HD, WM6.5 build 21896.5.0.82) is not affected.

    • My phone (TMO Shadow WM6 build 18170.0.5.1) isn't affected either, apparently. So, that's all of us? Looks like it's only you then.
    • Re: (Score:3, Informative)

      by jargon82 ( 996613 )
      My WM phone doesn't appear to have an issue. That's all 4 of us!
  • by hound3000 ( 238628 ) on Wednesday January 06, 2010 @02:27AM (#30666610) Journal

    Geez! Intel introduced MMX Technology [wikipedia.org] to take care of this problem in 1996! Get with the times!

  • by LiquidHAL ( 801263 ) <LiquidHALNO@SPAMgmail.com> on Wednesday January 06, 2010 @02:27AM (#30666614)
    January 1st our 15 year old security badge system started marking all badges as invalid. Couldn't fix it until we rolled back the system date.
    • January 1st our 15 year old security badge system started marking all badges as invalid. Couldn't fix it until we rolled back the system date.

      That's strange. If 10 is misrepresented as 0x10, you'd think that 0x95 would be even worse. Did it not start working until 2000?

  • by Tumbleweed ( 3706 ) on Wednesday January 06, 2010 @02:28AM (#30666616)

    Programmer: "I want to take some time to refactor some of the older code."

    MBA: "What's the ROI on that?"

    Programmer: "DIAF."

    • Re: (Score:3, Informative)

      by kestasjk ( 933987 ) *
      MBA: "And why do you need to do this refactoring?" Programmer: "I didn't expect my code to be in use (in these ATMs) for more than a few years. Numbers don't come cheap in computers you know"
    • Can you explain the TLAs and ETLAs used? Maybe we can all understand what you are trying to say...
  • by Anonymous Coward on Wednesday January 06, 2010 @02:42AM (#30666676)

    Playing wii new years eve. The thing hard crashed exactly as the year changed (it was in the menu not a game). After a reboot it was fine.

  • Is "network-access control software" the new term for a firewall? Even so, Symantec Endpoint Protection is primarily an anti-virus, with the usual additional features, as well as some enterprise ones like "device control" for pesky flash drives. It was an all-new product back in 2006. Although the problem only interferes with the reporting, and not the function of its management console, I think it's quite embarrassing.
    • All I know about Symantec and updates is that Norton Antivirus Corporate Edition had a bug where it would occasionally refuse to pull updates unless you were running their magical server product. You fixed it by uninstalling and reinstalling. This bug persisted at least from Norton 7 to Symantec AV 9.

  • Spamassassin (Score:4, Informative)

    by j_sp_r ( 656354 ) on Wednesday January 06, 2010 @02:51AM (#30666706) Homepage

    Spamassassin in Kerio Mailserver has a bug that flags all messages dated 2010 as spam. I think it affects the normal spamassassin as well.

  • Good. (Score:5, Insightful)

    by AK Marc ( 707885 ) on Wednesday January 06, 2010 @03:25AM (#30666844)
    I did Y2K remediation. I've seen it called a waste of resources and that because nothing happened, nothing would have happened. This is the smallest taste of what would have happened if Y2K weren't addressed. Only we would have had airliners fall from the sky (silly? Military jets had all navigation crash when crossing the date line, and if not for a tanker with them and that communications worked when navigation failed, they would have crashed). But with a lot of hard work, it was a non event.

    Though, if anyone could tell me why my power went out at exactly midnight on that night, I'd love to know. The Preston Hollow neighborhood in Dallas did have a power failure right at midnight. And I never could figure out what happened. But all the equipment I was responsible worked flawlessly.
    • ``Though, if anyone could tell me why my power went out at exactly midnight on that night, I'd love to know.''

      Same here. Why would the system supplying the power be dependent on the time? For navigation systems, I can sort of see a case ... not that it would be a good idea, but I can imagine how it could work (that is, fail). But this?

      • by pjt33 ( 739471 )

        Power requirements fluctuate. You get spikes caused by things like lots of people cooking breakfast at the same time (a 2kW electric kettle by itself draws more power than most of the other stuff in the house put together; if your country has a lot of electric showers then lots of people turning the shower on at the same time would be even worse); lots of people making drinks (those kettles again) during the ad breaks in popular TV shows; etc. Power generation needs to be ramped up in anticipation of these

    • (silly? Military jets had all navigation crash when crossing the date line, and if not for a tanker with them and that communications worked when navigation failed, they would have crashed).

      If avionics failed, they would have crashed. But if these fucks can't land planes on basic instrumentation then they probably shouldn't be piloting military hardware.

      • by sgtrock ( 191182 )

        Well, much of the international dateline is over the Pacific Ocean where land masses tend to be really small, few, and very far between. Depending upon where the jets were when the incident happened, I can see where a navigational systems crash may have meant attempting a water landing in an aircraft not exactly designed for it.

        Amelia Earhart isn't the only one to end up in the drink, after all.

  • I live in Germany and didn't notice a single problem with our cards. Granted we replaced ours a couple months ago due to another issue.
    • I live in Germany and on monday stood in line at the local bank when it opened behind about a dozen people who had their cards eaten by the ATM.
       

  • It's Y2K01 (Score:3, Interesting)

    by El_Muerte_TDS ( 592157 ) on Wednesday January 06, 2010 @03:34AM (#30666882) Homepage

    I think the proper way to denote year 2010 is Y2K01, just like 14K4 was used for 14400.
    Of course writing Y2K01 or Y2.01K is more difficult than Y2010, so why bother using that arcane notation.

  • With all the hype of y2k, you'd think that would be enough to push people into action and learn how to handle dates correctly... Instead, some people "fixed" y2k problems with another series of short sighted dirty hacks that are now starting to break again after only 10 years.

  • Is this some kind of job security feature?

    I mean, what idiot programs a number field to be ambiguously hexadecimal or decimal? Of course you'll be screwed as soon as you leave the single digits.

  • I'd be willing to bet that some of this has been caused by, "just change it so that if the year is 10 then assume it's 20??, we'll fix it properly before then".
  • by gorzek ( 647352 ) <`moc.liamg' `ta' `kezrog'> on Wednesday January 06, 2010 @08:48AM (#30668756) Homepage Journal
    I work for a software company that's been in business since 1978. The product I work on is a real-time pharmacy benefit adjudication system, so it has to be up 24/7. They had one guy do Y2K fixes back in '99, and he retired last summer without telling anyone his Y2K "solution" was to just add 100 to any data containing a year. With the way this software works, that was fine--until 2010. Something tells me the timing of his retirement wasn't coincidental! It wasn't hard to fix, but some people took really absurd shortcuts fixing Y2K bugs, when there are plenty of ways to do it that are just as simple and won't break after 10 years.
  • by Chris Mattern ( 191822 ) on Wednesday January 06, 2010 @09:27AM (#30669152)

    SunPCi cards are essentially x86 PC blades designed to be plugged into a PCI slot on a Sun SPARC machine. I use a SunPCi III in the Sun Blade 1500 (SPARC desktop) I have on my desk to run software I have to run that requires Windows. This Monday, I fired it up and got told by the driver software that my system date was in the future because "I can't believe it's really" 2010 (the exact words of the error message!). Looking at the Sun forum message traffic, apparently *everybody* with a SunPCi III card is getting this. Sun's supposed to be working on a patch now. Right now the only workaround is to set your system clock back to 2009 when you fire up the SunPCi card (you can set it back to correct after it starts).

  • SEP11 has a rather stupid bug that causes it to not update its virus-definition datestamp past 20091231. The definitions continue to be updated, but the program complains to the user that it's out of date, and so they panic and bother us until the dumbass Symantec engineers get around to fixing whatever the bug is.

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...