[IWAR] Y2K Yourdon on problem

From: 7Pillars Partners (partnersat_private)
Date: Mon Mar 02 1998 - 09:31:31 PST

  • Next message: Genci Pustina: "[IWAR] Crypto Lobby"

    a glitch in time
       BY SCOTT ROSENBERG | It could be the electricity that
       goes first -- the national power grid brought down by
       confused microchips. It could be the banks, brought to
       their knees by befuddled bookkeeping programs that
       think they've been flung backwards in time by a
       century. Or maybe it will be the telephone system. Or
       the stock markets. Government agencies like the IRS.
       Trains, planes, even some automobiles. 
       Whatever the order of our going, when the clocks on
       millions upon millions of computers and digital systems
       click over to "2000" at midnight on Dec. 31, 1999, we
       all may go down together. 
       That, at least, is the pessimistic warning from software
       management expert Edward Yourdon. There are lots of
       opinions out there about the so-called "millennium bug"
       or year 2000 crisis; no one knows for sure what will
       happen when parts of our vast electronic grid wake up
       on the morning of New Year's Day, 2000, and can't
       remember what day it is. But the warning voices are
       getting louder: Last week, Federal Reserve Chairman
       Alan Greenspan told Congress, "Inevitable difficulties
       are going to emerge. You could end up with ... a very
       large problem." In the face of such uncertainty,
       Yourdon's new book, "Time Bomb 2000" (Prentice
       Hall, 416 pages), argues for caution -- and prescribes
       some doses of healthy fear. 
       Don't relax and think, "They'll have it fixed in time,"
       and don't trust the executives and functionaries out there
       who blandly reassure you that they have the situation
       under control, Yourdon warns: Unless they can provide
       written assurances that their systems are "Year 2000
       compliant," they are probably simply crossing their
       fingers. Most companies and institutions got a slow start
       on the mammoth project of updating all their old
       software and systems to think of years in four digits
       rather than two -- and in many cases it's already too late
       to finish in time. 
       Software projects are notorious for running overtime --
       but the calendar won't wait. And throwing hordes of
       programmers at the problem at the last minute is likely
       to be worse than useless. Rushing a software project,
       the saying goes, is like rushing a pregnancy -- you can't
       make a baby in one month by putting nine women on
       the job. 
       But the real kicker of Yourdon's argument lies in his
       notion of "ripple effects." Even if your employer, bank,
       insurance company and electric utility all have their acts
       together, significant numbers of companies and
       institutions won't. It will do you no good to shop at a
       "year 2000 compliant" supermarket if its distributors'
       computers have gone kaput and the shelves are bare. A
       company may fix every line of software code on its
       mainframe computer systems, only to be hobbled by
       bad code in "embedded systems" -- chips that control
       mundane stuff like elevators and security systems and
       factory machinery. Even if only a small percentage of
       companies get into trouble, in today's economy we're all
       connected -- and just a few percentage points of year
       2000 trouble could spell recession or worse. 
       Yourdon's previous books -- like "The Decline and Fall
       of the American Programmer" and "Death March" --
       were aimed at professional programmers. But "Time
       Bomb 2000," which Yourdon co-authored with his
       daughter Jennifer, is written for the general public. It
       provides the reader with exhaustive scenario-planning
       and survival advice based on the prospects of a
       "two-day failure," "one-month failure," "one-year
       failure" and "10-year failure." While the book doesn't
       outright predict "a moderate, serious or devastating
       collapse of the nation's socio-economic system," it's
       chilling that it even brings up the possibility. Even if the
       worst-case scenarios never come to pass, Yourdon
       argues, "It's better to be terrified now." He has acted on
       his own advice, trading in a New York City home for
       one in New Mexico -- on the theory that Manhattan will
       be the worst place in the world to be in the event that
       our economic infrastructure collapses. 
       Yourdon -- a congenial and methodical man who seems
       genuinely distressed about the bad news he's bearing --
       spoke to me last week at the Salon offices. We've all
       grown jaded about books that tell us the sky is falling,
       but given the range of Yourdon's experience and the
       persuasiveness of his arguments, he may be one
       Jeremiah worth heeding. 
       What made you write "Time Bomb 2000"? 
       I've been a consultant for 30-odd years, and I'm
       accustomed to seeing large projects that have collapsed.
       You walk in, you see an organization that's launching
       this Mongolian horde project and, as an outsider, you
       can smell death in the air right away. You know they're
       doomed -- they won't admit it, they may not even know
       it, but it's obvious. And I'd say, well, that's OK, I'll
       collect my consulting fee, I'll make sure that I'm not
       standing anywhere near this thing when it goes under.
       And you move on. 
       But about a year and a half ago I woke up one morning
       and thought, uh-oh, this one is different. Because it's
       everything -- it's every insurance company and every
       utility company. And if they all go down, and they're all
       interconnected, then my family goes down with it.
       That's what got me going. 
       Typically, I would come home from a lot of work
       assignments and say to my wife, "You won't believe
       what those guys at company X did!" And my wife is
       actually very computer literate, so she would understand
       technically what I was saying. But her answer always
       was, "Who cares? What's this got to do with me?"
       Nothing whatsoever. Here, it does matter. That was
       kind of an epiphany for me. 
       Is the situation really as bad as you make it out in
       "Time Bomb 2000"? 
       We took a pretty neutral position, relatively speaking.
       Personally, I think it's worse than what we laid out,
       writing last summer. Things have gotten worse in the
       last six months. 
       If you see any of the informal surveys on any of the
       newsgroups -- like comp.software.year2000 -- they're
       pretty pessimistic. The last one I saw asked for your
       assessment of how bad it could be on a scale of 1 to 5,
       where 1 is no big deal and 5 is, you know, the end of
       Western civilization. And they're usually in the range of
       3 and a half to 4. Serious stuff is going to happen.
       These are people who are directly involved in year 2000
       projects and are beginning to see that, gee, this stuff is
       taking forever, and they're not really getting the support
       from senior management that they desperately need. 
       There are two groups of computer-literate people:
       people that are directly involved in year 2000 projects
       and everybody else -- including the Internet people, and
       the Java people, and the client-server people. And
       people in the latter category are often oblivious. "Oh, it's
       a few COBOL programs, who cares?" Or they'll say,
       "Well, my Macintosh is compliant, nyah nyah nyah." 
    Are we all vulnerable? Is anyone safe?
       Even if you work in a purely manual
       mechanical world with no computers
       within 20 miles of your office, if you've
       got customers and suppliers and any kind
       of interaction with society, or if you find
       electricity convenient, if you use a
       telephone, if you've got a bank account, then you're
       vulnerable, period. There's no doubt about that at all.
       It's just much more obvious if you work in a high-tech
       You can brush aside lots of secondary things and you've
       got this so-called "iron triangle": utilities, banks and
       telephone companies. Since the book came out we've
       gotten more and more information about the utilities.
       There are 9,000 electric utilities in this country. One
       hundred and eight nuclear plants, and none of them are
       compliant -- not a one. Recent surveys indicate that a
       third of them still haven't started. 
       The thing I find scary is that a lot of the utility
       companies that are working on year 2000 are working
       on their mainframe systems -- they want to make sure
       their billing systems are OK -- and they haven't thought
       about their embedded systems. It really is very
       frightening. I've started getting e-mail correspondence
       from some Deep Throat-style informants about a couple
       of the bigger telephone companies that are way far
       behind. AT&T, MCI and Sprint are all dealing with
       portfolios of 300 million or 400 million lines of code.
       That's a big job. 
       Why didn't companies start sooner? Is it because
       they don't see any short-term benefit in spending
       lots of money now to avert a disaster that no one
       can say for sure will happen? 
       I think we're past that stage. That was the big problem
       in the '93-'95 period: trying to persuade senior
       managements that they ought to do something when
       there was no return on investment. Now I think it's
       gotten to the point where senior management, if nothing
       else, is aware of the legal risk. They may still think that
       it's a financial pain in the neck, but their lawyers are
       saying, "You know what? If we don't get our stuff fixed
       we're gonna get sued right out of business." 
       So now the problem is that senior management says,
       "Yes! Do it! I hereby decree that it will be done." But
       they don't follow through, or they don't provide the
       funds or the active leadership to keep the troops in line.
       And they don't seem to acknowledge that traditionally
       all of their projects have been six months or a year late,
       and this one's going to be no better. 
       The thing that's scaring a lot of us now is that some of
       them are not even doing triage to concentrate on the
       mission-critical stuff -- and virtually none of them are
       doing contingency planning for what happens if they
       don't get it done. The reality is that we're not going to
       get it all fixed, and if you don't have backup, fall-back
       plans, then the business is going to go right under. 
       Can you point to companies or organizations that
       have gone about this the right way? 
       Two that you'll hear about most often are Bank of
       Boston and Prudential Insurance in New Jersey. In both
       cases they got started relatively early -- you know, '95
       or '96 -- but far more important, they organized it
       almost like a war. I've been talking a lot to the V.P. at
       Prudential who's in charge of the whole thing. She's got
       a pipeline to the CEO who says, this is life or death --
       anybody who doesn't want to play by the rules,
       court-martial them. 
       You'd certainly hope that a business like an
       insurance company would be doing good long-term
       planning -- its business depends on people's faith in
       The whole financial community -- insurance companies,
       banks, Wall Street -- as you say, it's a confidence game.
       The ones who really understand the significance of this
       stuff realize that they cannot afford to lose the
       confidence of their client base. And even aside from
       that, if they don't get this under control, they're not
       gonna be open for business. It's very straightforward.
       But it's not often that you see the fear of God at the
       CEO level. 
       What are some of the worst examples -- the year
       2000 basket cases? 
       I got on the Net this morning, and apparently the airport
       in Atlanta is thinking about whether they should do a
       year 2000 assessment this year or next year! Now,
       that's Step 1. And an airport's like a small city unto
       itself. Forget about the airplanes and the air traffic
       control; you've got this massive infrastructure. So
       Atlanta is still thinking about whether they're going to do
       an assessment. And it's irrelevant -- it's too late at this
       If you started assessing next year, you'd be finished
       just in time to learn whether your assessment was
       accurate or not. 
       You tend to get this stuff through the grapevine from
       the programmers in the trenches, because the public
       posture in most of these companies is: We're doing fine,
       everything's OK, we're highly confident, blah blah blah.
       A good example is: Each of the major federal
       government agencies is supposed to report on its
       progress with the year 2000 stuff every three months.
       The congressional oversight committee took the
       reported progress from these agencies and extrapolated
       forward, saying, OK, if they continue on at the same
       rate, when can we reasonably expect that they'll finish?
       The numbers were staggering. The Department of
       Energy will finish in the year 2019. Defense'll finish in
       2012. It's just mind-boggling. 
       At the IRS, the year 2000 stuff has been bundled
       together with this massive modernization program
       they're trying to do. They decided to outsource it, and
       the contract award is scheduled for October '98. This is
       all the brainchild of the chief information officer of the
       IRS, a guy by the name of Arthur Gross -- who
       resigned. He's gone -- left a week ago. So I think that's
       dead in the water at this point. 
       You ask yourself, what's really going on in these
       companies and government agencies where you have to
       assume that the leaders are not stupid people? Some of
       them maybe are stupid -- they're just saying, I don't
       want to hear about it. But somebody at the IRS has
       gotta know that they're hosed. You don't have to be a
       rocket scientist to just see, oh shit, we don't have
       enough people. You'd think that somebody would have
       gone to the president and said, "Ahem, Mr. President,
       can I get your attention for a minute? Uh, the federal
       government's not gonna be able to collect, whatever it
       is, $1.8 trillion, and you might want to come up with a
       backup plan." 
       What's the IRS gonna do? Put in a flat tax? Put in a
       national sales tax? Insist that all transactions take place
       through the Internet? What's the backup for IRS?
       What's the backup for FAA? When air traffic goes
       down, what're they gonna do? Get people out on the
       runway waving semaphore flags? I don't think they've
       got a plan yet. 
       In the U.S. our approach is always to wait for a
       crisis to develop, then mobilize the public. That's
       how our political system works, and maybe it's part
       of our national character. But mobilizing after the
       fact doesn't seem like it will help much in this case. 
       Something else I've become more aware of is that we
       now have trained a whole generation of clerical and
       administrative people to turn their brains off -- they
       don't have to do any thinking. All their instructions and
       day-to-day activities are guided by computers. If you go
       into a restaurant and the cash register is broken, the
       waitresses can't add up your bill anymore -- they've
       forgotten their third-grade arithmetic. We've already
       seen a couple of year 2000 versions of this. 
       The classic one is the disaster at Marks & Spencer [a
       British retailer]. Some corned beef hash came in. It had
       a bar code on the side of the boxes with an expiration
       date that happened to be 2002. So the clerk waved his
       bar-code reader on it and the computer rejected it,
       thinking it had expired in 1902. Well, the clerk thought,
       that's cool -- the computer said reject it, what do I care?
       And he can't read the bar-code anyway. So he puts it
       back in the loading dock and sends the stuff back. A
       day or two later it arrives back at the corned-beef hash
       company, and that clerk types in a transaction saying,
       six cases of corned-beef hash rejected by our good
       client Marks & Spencer. Fine, no problem, what does
       he care? Meanwhile, Marks & Spencer wanted the
       corned-beef hash, so they put in another order. A week
       later, another six cases show up. Rejected the same
       It went back and forth apparently four times before they
       ran out of inventory up at the store. Now the shelves
       are empty. Somebody comes down to the purchasing
       department and says, "What's going on? You guys can't
       manage your inventory!" After a lot of angry phone calls
       and finger-pointing, finally it percolated up to the point
       where somebody had his brain in the "on" position. 
       I'm concerned that there's gonna be a lot of this.
       There've been some stories about this in the last couple
       weeks about the whole "00" credit card problem, which
       began in '96 when some of the banks began issuing
       renewal cards with a four-year expiration date. It turns
       out Visa had to recall 12 million cards. So they got their
       stuff fixed, and they got all the banks to fix their stuff.
       Then of course they had the problem of getting 14
       million merchants to fix their credit card swiping
       machines. And when they got to the 99 percent level
       they said, OK, now we can start issuing 00 cards. So 1
       percent of the restaurants and stores and so on still
       haven't upgraded their terminals, which means that
       when you swipe your credit card it gets rejected. And
       half the time, the clerks don't know what to do with
       How did we get into this mess? Is it just sheer
       coincidence? What if the computer industry had
       evolved, say, in the 1920s -- would we have had
       more time and more generations of technology to
       get past this crisis? 
       I think the problem is that many of us put a lot of our
       sociological or anthropomorphic experiences into the
       code that we write. And even today our normal human
       conversation tends to abbreviate years down to two
       digits. That's a part of American society in the 20th
       century, at least for the next couple of years. So there
       were lots of programs that were written in the '70s and
       the '80s and the '90s that were non-compliant. You can
       kind of excuse the guys in the '50s and '60s, because it
       was still a lifetime away. But there's no excuse for any
       program written in this decade. 
       How will the Internet fare? 
       A lot of Internet people are going to be really surprised.
       There was a section in our book that we had to take out:
       I got an e-mail from a sys-op from an Internet site in
       Chicago who said, in addition to everything else, the
       Internet's gonna die -- because the routers and switches
       are noncompliant in many cases. And he named a
       particular vendor, one of the more popular ones. Well,
       we included this e-mail in the first draft of the book,
       which we put up on our Web site -- that meant
       everybody saw it. After we went into production I got a
       grumpy letter from the vendor saying it's not true. Then
       a lawyer called the publisher and said we should take it
       out. So we went to the vendor's Web site. And to their
       credit they have a year 2000 page, and we found the
       particular product -- and it said, if you're using release
       such-and-such it's OK, but previous versions have not
       been tested. There's got to be a percentage of people
       out there who haven't bothered upgrading, or didn't
       think about it, or thought year 2000 didn't apply to
       But the Net's supposed to be able to survive the
       failure of some routers -- though it could be hurt if
       enough fail at once. 
       Or if the backbones go down. You've got a couple of
       key trunk lines. Still, as long as a reasonable percentage
       of the Internet stays up, that's true. That's one of the
       ironies -- it's built to survive nuclear war and year 2000
    Your book draws a lot of analogies with the crash of
       1929, the bank holidays and the Great Depression
       that followed. How do you think the financial
       markets are going to handle the year 2000 problem
       over the next couple of years? 
       The thing that boggles my mind is that for the most part
       the Wall Street investment community does not have
       this on their radar screen. So they're busily buying and
       selling General Motors and IBM and everything and not
       saying, gee, I wonder if these companies are actually
       gonna be around? How much are they spending on year
       2000? What kind of risk do they face? 
       It's possible that may pick up later in the year. Edward
       Yardeni, for instance, the chief economist at Deutsche
       Morgan Grenfell, argues that the SEC and NASDAQ
       are putting enough pressure on publicly traded
       companies that they're going to have to start disclosing
       their year 2000 expenditures. The savvy investors and
       Wall Street guys might start thinking, jeez, this could be
       a problem. The Warren Buffets of the world might start
       pulling out, and so on. 
       I don't think the general public is going to start to panic
       till much later. But Yardeni argues that you're going to
       see a 20 percent drop in the stock market in the second
       half of this year, in anticipatory reaction to year 2000
       problems. Now the interesting thing about this as far as
       American psychology is, if I buy a bunch of emergency
       food today, I'm stockpiling -- but if I do it next year, I'm
       hoarding. In times of plenty no one seems to object to
       your buying extra supplies. If I want to take my money
       out of the bank this year, hey, it's not a problem. The
       thing that I'm watching for is whether the government
       will make some anticipatory decisions to prevent a run. I
       wouldn't be at all surprised to see a bunch of regulations
       put in at the end of this calendar year to say, you're
       absolutely prevented from taking out your IRAs and
       Keoghs. I wouldn't be surprised if the withdrawal
       penalty goes up from 10 to 50 percent next year. 
       "Time Bomb 2000" advises readers to consider
       taking steps like withdrawing money from the bank,
       moving away from big cities and stockpiling food.
       How are people reacting to that? 
       Six months ago, when we wrote the book, I had
       members of my extended family who said, oh, piffle,
       this is all ridiculous. But now fewer and fewer people
       are shrugging it off entirely, particularly as the story
       begins to enter the mainstream media. The thing that's
       most frustrating to me is to see reasonably intelligent
       people who will focus on it for a short period of time --
       a few minutes, or for the extent of a half-hour TV
       show, and they say, wow, this is serious! And then they
       go on to the next crisis of the day: El Nio! Iraq!
       Monica Lewinsky! Or whatever. And by now they've
       If you think, well, my ATM card may not work for a
       couple of days, ehhh, big deal, I'll get $100 of cash.
       That's trivial. Planning for a one-month disruption
       requires some effort: You've got to save some money,
       you've got to stockpile some stuff, but you don't have to
       really change your lifestyle. Where it really gets serious
       is when you say, you know, this could be really bad for
       a year -- and if I want to survive I'm going to have to
       change my lifestyle in a non-trivial way. 
       Most people aren't willing to do that easily. And I put
       myself in that category. If I told you that San Francisco
       is going to burn to the ground, and for the safety of your
       family and yourself you're going to have to quit this job,
       find a job somewhere else, move to a different part of
       the country -- you can't just casually make that decision.
       But I did get to that point about a year ago, on several
       different levels. We've sold our house in New York,
       bought a house in New Mexico. I'm out of the stock
       The thing I keep trying to repeat to people who are
       willing to listen to this at all is that you've got options
       today: It's not pleasant to consider moving to a different
       town, but you can work that into a plan. But doing that
       in panic mode in '99 is going to be a whole different
       kettle of fish. Then it'll be a lot tougher -- because then
       you're part of the stampede. And unfortunately I think
       that's what's going to happen to the great majority of
       SALON | March 2, 1998

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:08 PDT