Millennium Bug (20yrs on) - Computerphile

Red Falcon

[H]ard DCOTM December 2023
Joined
May 7, 2007
Messages
12,381
Definitely worth the watch; hopefully the UNIX 2038 bug will be fixed in the next ~19 years.
Was the Y2K bug a complete non-event? Dr Steve Bagley on why it was 'a thing' and how it was worked around.

 
I remember having to look through thousands of lines of dbase III code written by someone who was in a dispute with management at the time the code was written. No documentation and variable names like aaa, aab, aac,. At least the dates were obvious and searchable for. We had management buy in and they repeatedly told everyone to double check ALL their myriad hoard of Wordperfect, Word and other documents, spreadsheets etc. We had a few rollover problems but nothing that landed us on the front pages of the papers or local newscasts. This and the soon to follow Nimbda virus convinced management to take IT and IT security seriously.
 
Yeah, companies did the bare minimum effort, which was why I was last-minute (so it was very expensive). It's amazing wit that last-minute push we didn't have more critical things fail.

It would have been a lot harder fixing the smaller things that did fail if necessary infrastructure had also been taken down; then it would havebeen a huge mess.
 
My first "real job" was with a y2k company. The company I worked for led clients to believe they had some super high tech solution. In reality - a scan of cobol code for two digit year with the date function. The "high tech solution was to surround the date function calls with an if-then statement and change the two digit dates to four digits. Pretty pathetic and lots of manual labor. A lot of retired cobol programmers came out of retirement and made a fortune fixing their own flawed code. Of course at the time it was written - no one dreamed it would still be in use,
 
Y2K was a very real and very serious issue.

The only reason we didn't have problems from it was because for fucking once the industry took something seriously, and actually fixed it in time (in most cases).

exactly. Everyone always wants to say “see y2k wasn’t an issue even though everyone made a big deal about it.” However it was the fact that they made a big deal about it that it ending up not being an issue.

People that call the Y2K “bug” a non event are no different than somebody saying that a nuclear reactor being stopped from going into thermal runaway isn’t a problem since it didn’t actually get into run away status and blow up. You were texting and slammed on your breaks 2 inches from hitting a person when you went off the road? Well you didn’t hit them so that is fine, there isn’t an issue there and people just need to stop crying over what could have happen. Right?

That was probably the first and last time the world will see an issue and take the right corse of action to avoid it when it comes to IT.
 
My first "real job" was with a y2k company. The company I worked for led clients to believe they had some super high tech solution. In reality - a scan of cobol code for two digit year with the date function. The "high tech solution was to surround the date function calls with an if-then statement and change the two digit dates to four digits. Pretty pathetic and lots of manual labor. A lot of retired cobol programmers came out of retirement and made a fortune fixing their own flawed code. Of course at the time it was written - no one dreamed it would still be in use,

Not that I heard of.. It was "the end of the world" until nothing really happened.

nothing happen because of companies like yours that fixed many of the issues. People either fixed it in house, replaced systems with ones that didn’t have the bug or hired companies like where you worked.

Not only did people not think it would still be used, it was a mix of trying to save on space and the belief that the code would be replaced in time before it was issue. When you only have 2 or 4KB of space you want to make sure you size everything as best as you could. Why waste 4 digits worth of space when you only need 2 for now. Once memory is cheaper the next version that replaced that code can fix that issue. It is just that time never came until the years leading up to the end of time for the issue.
 
Another thing about the 2038 clock: unlike the year 2000, you can't just fall back to "doing it with paper" like the US government did with licensing new gun dealers through the ATF.

https://www.baltimoresun.com/news/bs-xpm-2000-01-04-0001040080-story.html

As Ransomware shows, a government website shutdown in 2019 means HALF YOUR NORMAL WORKLOAD gets done. In another twenty years, even MORE services will be online-only.

Imagine thousands of government websites going down al at once! The year 2038 is going to be a lot bigger mess, unless we start now!

And Microsoft is not immune either, as they used open-source libraries in their earlier compilers. It wasn't until Visual Studio 2008 that they fixed the bugs. There's lots of older software that will continue to work, thanks to Windows compatibility, plus there's the complexity of upgrading your project to the latest Visual Studio (assuming you even have the source code).
 
Last edited:
That was probably the first and last time the world will see an issue and take the right corse of action to avoid it when it comes to IT.

You're joking, right? CTOs value their jobs and corporations take IT seriously. All the successes and hard work - you never hear about. It's the couple failures that catch the media headlines. It's a thankless job, to be honest.
 
You're joking, right? CTOs value their jobs and corporations take IT seriously. All the successes and hard work - you never hear about. It's the couple failures that catch the media headlines. It's a thankless job, to be honest.
This is true, and in the line of IT work and employment, no news is good news.
 
You're joking, right? CTOs value their jobs and corporations take IT seriously. All the successes and hard work - you never hear about. It's the couple failures that catch the media headlines. It's a thankless job, to be honest.
Yes, if there are no problems: "Why do we even need IT?" if there are problems: "Why do we even have IT?"
 
2038 is going to be amazing. It's not some catchy, easy to remember nonsense that everyone knows about. Tell some rando shits going down Dec 31 1999 23:59, they're gonna take notice. Tell em it's gonna happen January 19 2038 03:14:08 Zulu nobody gonna listen.
 
I still remember exactly what I was doing, drinking hard and partying at my friend John's house in northern New Mexico. I made it the latest, around 2 am and passed out watching some James Bond flick. Fun times.
 
I still remember exactly what I was doing, drinking hard and partying at my friend John's house in northern New Mexico. I made it the latest, around 2 am and passed out watching some James Bond flick. Fun times.

I was at our data center monitoring the servers and equipment. We had patched all of our equipment and had taken other contingency plans as well. When midnight rolled around, nothing happened (fortunately!) and I got home around 1 AM.
 
I worked through Y2k, and it was largely nothing. We had 24/7 war room going on and zip nada nothing.
 
  • Like
Reactions: Mega6
like this

I'm not a programmer, so I could be wrong, but this seems like it would be fairly easy to patch.

Just change the 32 bit integer for a 64 bit one, and voila, instead of an ending year of 2038, we will have an end date in the year 292,471,210,647, almost 300 billion years from now, a point in time which it will be GUARANTEED to be irrelevant.

With Linux/Unix systems this is easy. Just make switching 32bit integer for 64 bit integers a coding standard in every open source project, and eventually everything will work its way through updates through the package manager, and all is good.

Unlike Windows, Unix and Linux systems don't have as much proprietary binary shit, so this is less of a daunting problem.

Now, that said, there are still idiots who take open source code, integrate it into their shit, and then never touch it again. This software will have problems. And these people are fucking idiots.

Code for all actively used software needs to be living. The moment it becomes static, and is not actively maintained, it is dead, and should no longer be used.
 

Reading more about that, it looks like it has already been addressed in Linux and most of the BSD's, for 64bit systems, using time as a 64bit integer. An effort is underway to backport this to 32bit Linux.

As always, where it will wind up being a problem will be in embedded systems.

I won't fly, take a train or drive on January overnight on the night January 18th 2038 (our timezone) just as a precaution :p
 
The problem is quite a few companies just "fixed it" to 2020... guess what year it is :)
Ironically enough, I've been to quite a few places that have been having massive issues with their credit/debit card readers, chip readers, scanners, etc. due to the Y2K2 issue that's been happening.
Damn lazy fixes! :D
 
I made a lot of money fixing nightmares last time, and tried to explain the options sufficiently. As has been indicated, almost nobody wanted to pay to do the "once and for all" solution, and were more than happy to kick the can.

It might be cynical to point out most of the managers who okay'ed the can-kicking had retirement dates before 2020, so they knew they'd be gone. And of course no budget or process was setup to ever "do it right" before they left.

I have said more than once that working as an engineer feels like living a weird version of groundhog day. I've said that many times bef... oh no.
 
Ironically enough, I've been to quite a few places that have been having massive issues with their credit/debit card readers, chip readers, scanners, etc. due to the Y2K2 issue that's been happening.
Damn lazy fixes! :D

Come to think of it, yeah. the Subway near work, since January 1st always complains that something (CPAK? CPKD? Some four letter acronym) is expired. Seems to work anyway though.
 
I remember on the Monday 3rd of January 2000 at around 5pm I casually pushed the 18" high pile of Y2K compliant application/hardware sign off and testing certifications I had spent the previous year or so getting from a countrywide corporation off my desk and into the bin and went home.
 
I made a lot of money fixing nightmares last time, and tried to explain the options sufficiently. As has been indicated, almost nobody wanted to pay to do the "once and for all" solution, and were more than happy to kick the can.

It might be cynical to point out most of the managers who okay'ed the can-kicking had retirement dates before 2020, so they knew they'd be gone. And of course no budget or process was setup to ever "do it right" before they left.

I have said more than once that working as an engineer feels like living a weird version of groundhog day. I've said that many times bef... oh no.
Where I am they won't have the same job in under 5 years, let alone 20. So you can imagine the short sightedness.
 
o_O
I made a lot of money fixing nightmares last time, and tried to explain the options sufficiently. As has been indicated, almost nobody wanted to pay to do the "once and for all" solution, and were more than happy to kick the can.

It might be cynical to point out most of the managers who okay'ed the can-kicking had retirement dates before 2020, so they knew they'd be gone. And of course no budget or process was setup to ever "do it right" before they left.

I have said more than once that working as an engineer feels like living a weird version of groundhog day. I've said that many times bef... oh no.

I think there is hope. It just doesn't lie in private enterprise. In that setting the incentive is always to spend as little as possible and look financially as good as possible for the next quarterly earnings statement. Long term thinking is almost completely absent.

Some of it is feeds cynicism, not wanting to spend money to do it right, and thinking you will haveoved on before it becomes a problem anyway, but one of it is simply a matter of, "I have a million things on my list to get done before 20 years from now, I'm going to focus on what needs to get done first". That thought process is just human nature.

There are those who are concerned with long term thinking though. Mostly they are engineering task forces, consortiums, open source projects and the like.

You'll note that the Unix/Linux time issue is 18 years away, yet still, current Linux and Unix releases have already addressed it for 64bit distributions and are working on backporting the fix to 32bit.

There is IPV6, where the IETF went totally overboard in the name of long term considerations. I don't think we will ever need an IP address for every atom on earth, when they could have just added another octet to IPV4 and called it a day, and it would have had more than enough IP addresses to be future proof...

It's private enterprise that is failing us.

This is why I always roll my eyes when politicians running for office cite their business experience as an asset to the office they are pursuing.

We seriously don't need any more of that shortsighted mentality in politics. Business may reward short term progress, but when you are running a country it is absolutely crucial to resist short term fixes and keep working towards long term goals.

There is hope, as long as we don't rely on private enterprise to accomplish it.

Financial incentive is funny like that. It both makes everything possible and ruins everything at the same time o_O
 
Last edited:
You're joking, right? CTOs value their jobs and corporations take IT seriously. All the successes and hard work - you never hear about. It's the couple failures that catch the media headlines. It's a thankless job, to be honest.
I have yet to see any company take IT as seriously as they should. We just replaced our 30 year old analog system with VOIP system. First company I've worked for since 2006 that didn't have caller ID. We do now though. We're using a 30 year old billing system we've outgrown too. We're replacing that with something more modern as well, so at least we're making progress. For most companies, IT is a just seen as a drain on their budget. Sure, the CTO and IT personnell may care, but the management generally doesn't want to spend the money if what they have "works" "good enough".
 
I have yet to see any company take IT as seriously as they should. We just replaced our 30 year old analog system with VOIP system. First company I've worked for since 2006 that didn't have caller ID. We do now though. We're using a 30 year old billing system we've outgrown too. We're replacing that with something more modern as well, so at least we're making progress. For most companies, IT is a just seen as a drain on their budget. Sure, the CTO and IT personnell may care, but the management generally doesn't want to spend the money if what they have "works" "good enough".

Until recently we were still using paper for document change logs and a ftp for sharing files with manufacturers. Now we use a PLM system but was a hard thing to sell to management.
 
I have yet to see any company take IT as seriously as they should. We just replaced our 30 year old analog system with VOIP system. First company I've worked for since 2006 that didn't have caller ID. We do now though. We're using a 30 year old billing system we've outgrown too. We're replacing that with something more modern as well, so at least we're making progress. For most companies, IT is a just seen as a drain on their budget. Sure, the CTO and IT personnell may care, but the management generally doesn't want to spend the money if what they have "works" "good enough".

Until a company can be sued for having out of date or weak systems they won't take it seriously. And that's a huge problem.

At my company the systems I am partly responsible for are constantly updated and kept up to date.

Why... because it's stuff that if it has a problem we can be sued for a LOT of money. Plus it's the core of our business. So it is built with 4x redundancy in mind as well. And we STILL have a team dedicated to it's care and maintenance. :)
 
There is IPV6, where the IETF went totally overboard in the name of long term considerations. I don't think we will ever need an IP address for every atom on earth, when they could have just added another octet to IPV4 and called it a day, and it would have had more than enough IP addresses to be future proof...


When I first heard about IPv6, I really thought it was going to be like IPv4... with 6 octets.
 
but the management generally doesn't want to spend the money if what they have "works" "good enough".

Also, Temp fixes are Permanent fixes, so think through those bandaids before suggesting/applying them.
 
You're joking, right? CTOs value their jobs and corporations take IT seriously. All the successes and hard work - you never hear about. It's the couple failures that catch the media headlines. It's a thankless job, to be honest.

Believe me, many companies don't take IT seriously. I've seen several customers not take actions to prevent ransomware even after being hit TWICE!! I had a business owner so pissed and cursing IT that he was more willing to go back to pen and paper than to invest in IT.

I could tell you dozens of horror stories that could be prevented if companies invested in IT. And thats just the ones I've witnessed myself.
 
Believe me, many companies don't take IT seriously. I've seen several customers not take actions to prevent ransomware even after being hit TWICE!! I had a business owner so pissed and cursing IT that he was more willing to go back to pen and paper than to invest in IT.

I could tell you dozens of horror stories that could be prevented if companies invested in IT. And thats just the ones I've witnessed myself.

I believe you, since I worked IT for DECADES. I have few stories myself, that I am not at privilege to discuss. Generally speaking though - a majority of businesses I've worked it had been run poorly in many aspects, including IT. It's a culture "thing". To point out "just IT" is bad and neglected is sort of a misnomer though in my experience. Poorly run businesses fail at many aspects. It really depends on the core business. if the core business is "clothing" for example - yes, IT is probably at the bottom and neglected. If the business is Computing, IT is at the top of course. Most of the time it falls in the middle. Again, it's the "as long as it works, it's insignificant - until a fail and the end of the world" mentality. Prevalent throughout all businesses.
 
Back
Top