X-Message-Number: 10209 Date: Sun, 02 Jan 2000 08:38:38 -0800 From: Peter Merel <> Subject: Y2k: which problems are "minor and surmountable"? Perry Metzger writes, >I still think you're nuts, but I decided there was little point in >discussing it at length. I've been monitoring lots of Y2K verification >tests at clients, and I've done a bunch of the work, and I personally >*know* that the problems will be minor and surmountable. After all the gloom I've found online it's a genuine pleasure to hear such reports of success and confidence; with the new "good samaritan" laws in place, which will indemnify organizations against damages caused by their releasing potentially flawed y2k data, I hope we'll hear a lot more detail about status and confidence levels to counter the dire-sounding studies published so far. I'd like to ask a few more specific questions of Perry and anyone else here with direct, positive, experience of y2k amelioration so we can get a better feeling for the basis of their confidence. I don't expect detailed answers; to answer these properly would be far too much to expect for just a casual enquiry. A simple, "yes, this too is well in hand, don't fret" would be a wonderful reassurance. -- 1) One way to gauge progress in a y2k project is to determine how far along it is, how long it's taken to get this far, and to map this onto published experiences of the proportions of time taken to complete y2k work. A common breakdown of the stages of y2k amelioration suggests projects follow 5 phases: Inventory, Assessment/Planning, Conversion, Testing and Implementation. I've seen two published estimates of proportions of time spent in these phases: http://www.cips.ca/papers/y2k/paper/checklist2.htm gives 5%, 20%, 20%, 45%, 10%. http://www.year2000.ca.gov/correspondence/CA2000WhitePaper.asp gives 2%, 20%, 20%, 40%, 18%. Other estimates place a larger emphasis on time spent testing - up to 70%. If this is a fair characterization of progress, then, of projects with which you have familiarity, how long have they been running and can you say what phase you think they've reached? -- 2) Embedded systems issues have only recently become the focus of y2k concern. Some embedded systems problems, such as the "time dilation" effects in many RTC chips (http://www.nethawk.com/~jcrouch/dilation.htm), have only come to light in the last few months. The effects of such problems, if uncorrected, are very likely to interfere with mission-critical business functions. This week's Gartner Group study of 57,000 US businesses found that only 11% have paid any attention at all to embedded systems issues. In some businesses, such as oil drilling and pipelines, just inventorying embedded systems is extremely difficult for logistic reasons. In terms of the phases above, to what extent have projects with which you have familiarity resolved embedded systems issues? -- 3) Almost all organizations are dependent on external suppliers of services for mission-critical functions. To properly gauge compliance your businesses must survey their suppliers (and their suppliers, and so on the whole way around their supply life-cycle) to anticipate glitches. How much contingency planning and/or stockpiling has your organization undertaken and has this taken into account the strong likelihood of multiple simultaneous supply-chain failures in early '00? -- 4) Utilities and their distribution networks may fail for periods of days or weeks in many areas all over the globe in early '00. One of the worst effects of embedded systems problems may be oil shortages. Offshore oil rigs are constructed in dry harbour and then towed into position; some of their embedded systems are on the sea floor where they are very difficult to find and fix. Land-based oil drilling enterprises are most often in countries with minimal y2k preparedness, and so are vulnerable to both direct negligence and failures in support structures. The UAE, for example, has only this month announced its first y2k campaign. Do your y2k contingency plans factor in the likelihood of utility failures and oil shortages? -- 5) There's a high likelihood of global bank runs during 1999. What effects will these have on your business, and could they effect the viability of your y2k amelioration efforts? -- >I am therefore not worried. As I noted, most organizations other than >governments don't survive long by being totally incompetant. In the presence of overwhelming published evidence to the contrary, and with no empirical support for your position beyond your own anecdotes, I'm sure you'll forgive me if I remain a little skeptical. But you raise another excellent question: 6) Senator Horn, in summarizing congressional testimony on government Y2k compliance, gave US federal departments grades between D and F; the "A++" exception to this, the department of transport, was blown out of the water just this week when the GAO trashed the FAA's claims of having achieved 70% compliance in just 3 months. US State and County governments appear to be in still worse straits. To what extent is your organization dependent on the functions of these state-run systems for its mission-critical functions, and do you have any contingency plans should these state-run systems fail? >There is no need to wait very long periods to get an answer here. In >17 months, we'll just know who's right, and 17 months is a blink of an eye. 17 months gives each of us some chance of preparing for what will happen. I think it's worth burning a few bits to try to figure out the scale of this problem now, while we can still act on the knowledge. But 17 months is probably much longer than we've got until the bank runs; that April Fools '99 date - on which Japan hits fiscal y2k - is the one that has me most immediately concerned. To finish on one more less than happy note: most folk are aware that Windows '95 is not y2k compliant. But it turned out this week that Windows '98 isn't compliant either: http://www.sunday-times.co.uk/news/pages/sti/98/08/09/stibusnws01022.html?1733620 Now ask yourself how that could possibly have happened if anyone inside MS had spent even five minutes doing the most basic test for y2k compliance. Peter Merel. Rate This Message: http://www.cryonet.org/cgi-bin/rate.cgi?msg=10209