Date: Tue, 3 Mar 1998 09:17:32 -0500
From: "Trei, Peter" <ptrei@securitydynamics.com>
Yourdon is in the business of selling books, but I'm
worried enough about y2k to take this with only a
medium sized pinch of salt.
Peter
From: Vladimir Z. Nuri [SMTP:vznuri@netcom.com]
Sent: Monday, March 02, 1998 6:17 PM
yow, this is really enough to make anyone freak out. I respect
yourdon and think he is more on top of the problem than just
about anything.
------- Forwarded Message
Date: Sun, 1 Mar 1998 17:21:10 -0700
To: Y2K@exeter.moundsview.k12.mn.us
From: Allen Comstock <comstock@wild-life.com>
- SearchNet's SNETNEWS Mailing List
Ed Yourdon is highly respected in mainframe programming circles. He is
co-author, along with his daughter, of the new book, "Time Bomb 2000"
which is the best layman's introduction to the Y2K crisis to date. Ed
Yourdon will tell you that Y2K (year 2000 computer problems) pose a
direct threat to the physical well being of every person on the planet
whose lives are influenced in any way by computers or electronic
circuitry--that's most of us.
Ed's letter below was written February 25,1998, and is his response to
a letter sent to him from an apparently clueless member of a usenet
rural life newsgroup.
Reading Ed's letter, you're getting a good review of what is now known
and accepted as accurate about how the Y2K computer problems are
shaping up. Remember all the problems Ed addresses are interconnected
and the worst failures will likely happen virtually simultaneously
world wide. Virtually everything dependant on computers and software
will be paralyzed and rendered disfunctional. Mainframe failures will
have the widest impact but virtually every machine, vehicle, or
electrical device with any reactive, programmable or controller
circuitry is suspect as being subject to potential failure. Desktop
PC's that are not fully Y2K compatible are still being sold as are
many, many software packages, including programs from Microsoft and
other major companies.
To date, there has been no unqualified announcement of a successfully
completed Y2K remediation program from any major government entity or
from any Fortune 1000 company or from any major market center banks or
from any other major financial institutions, anywhere in the world.
There are current Y2K impacts being noticed and most people who have
studied the problem believe those impacts will happen more and more
frequently up to and through rollover into the year 2000. Main frame
computers have been primed for the last forty years to shut down or
take other now unfortunate actions when they discover 99 in a date
field. Computer science and programming textbooks used to advocate
such uses of 99 because the authors expected programs, computers,
machines and devices would have much shorter useful lives. Instead,
short-sighted, cut corner thinking has caused those legacy programs to
be maintained and expanded without attention to the ticking bombs they
contain.
Now the Y2K dues our society is about to pay may bankrupt us because
of the compounded effects of inertia and unfortunate management
practices. The State of New York could experience serious computer
problems as early as April 1, 1998, when it enters its 1999 fiscal
year. July 1, 1998 is when the majority of States enter their fiscal
year '99 and the Federal government fiscal year 1999 follows on
October first. No one knows how bad the 99 factor or the fiscal year
problems might be.
The warm up for the January 1, 2000 computer meltdown includes much
more than the fiscal year problems. There are also what are known as
"look ahead" problems where programs cause computers to crash or
behave unpredictably over amortization or depreciation or inventory
needs or budget projections or any other matter involving data or
calculations dealing with dates ending in 00 and beyond.
There are many other isolated problems expected before 2000 but
January 1, 2000, while expected to be a catastrophic computer event,
will not necessarily be the final failure date. Any residual computer
infrastructure remaining intact and functioning in 2000 will face
continuing problems throughout that year with known crisis dates
including virtually all of January, February 29 (leap year) and March
1, and before and after April 1, July 1, October 1, and year end
reporting during December.
At this writing there is still 22 months to prepare for what is being
called by very reputable and responsible people "the worst industrial
disaster of all time." But the best people in the business say twenty
two months is not enough time to prevent the onslaught.
If you aren't making preparation for the harshest long term
catastrophic situation you can conceive of which might be survivable,
you can expect to be one of the huge numbers of casualties of
Y2K. Preparation may not guarantee survival but it is now almost a
given that without serious personal preparation the odds are you and
your family will experience large scale physical threats and worse in
January of the year 2000. There are those who argue that you should
worry about societal disruptions even sooner than 2000.
Those political mavens reading this should wonder why political
institutions world wide are being so passive in the face of their
imminent demise. National governments and politicians do not naturally
die without violent resistance. The federal government and politicians
are offering only making token public efforts toward facing and
working on this crisis which could obviously destroy the US as well as
every other government on the planet. And the miniscule government Y2K
efforts are even stranger in the face of looming financial market
stressors which can only exacerbate the Y2K problems. The two problems
compounding together could lead to a total destruction of all existing
currencies.
By 2000 military command and control will be non-existent and it seems
likely most hi-tech weapons systems will be non-functional. Two weeks
ago the Y2K honcho for the US Department of Defense resigned and his
resignation was immediately followed by the resignations of his two
top assistants, leaving no one with the ability to rapidly step into
this critical national defense command position. No one wants to
command a sinking ship.
*********************************************************
Last week it was announced publicly that Y2K defective embedded
circuitry programming has been found in the United States nuclear
missile launch systems. Face it, Y2K is serious stuff.
*********************************************************
And all the while governments world-wide are maintaining a public
posture of being essentially indifferent to this threat that has been
recognized among programmers for over twenty years. In fact, European
leaders insist European Financial Union concerns, a fully arbitrary
matter, must be in place by 1999, even at the expense of delaying Y2K
programming which has no deadline flexibility.
We are privileged to have lived in the best of times. Soon things are
going to get much worse but there will be fewer of us alive to
remember. Computers that have been inadequately programmed to be
unable to accurately recognize and calculate with four digit years and
years ending in 99 or 00 are about to disrupt the world as we know it.
Allen Comstock
comstock@wild-life.com
ps. Copy this message to all those in your circle of influence.
Everyone deserves a chance to have advance warning of what is a
guaranteed fast approaching massively destructive event. It's time to
scream "FIRE" in the burning theater.
-------------Begin Forwarded Material------------------
The following letter was written by Ed Yourdon to a member of the
Homestead list and I thought some of you might be interested.
Remember some of the people he mentions in his letter are the top dogs
in the industries he is referring to so their opinion should not be
brushed off as "fear mongers." Some of them are: Arthur Levitt,
Edward Yardeni, Alan Greenspan, Stephen Horn, and, why hell Ed Yourdon
is himself a significantly significant computer industry figure.
Joseph
Begin Letter:
Greetings from Montreal... Thanks for your mail...
Here's something your homestead group might want to consider:
There are approx 9,000 electric utility plants in the U.S., including
108 nuclear plants, and at the present time (Feb 25, 1998), NONE of
them are Y2K compliant. None. Zero. Zip. Nada. Last survey that I saw
indicated that one-third had not started any Y2K effort at all, one
third were seriously behind schedule, and one-third were on-schedule.
This is not an exaggeration; NONE of the nuclear plants are compliant,
and the Nuclear Regulatory Agency (NRC) is currently drafting a letter
to the plant operators to warn them of their vulnerability and
liability. The Chairman of the SEC, Arthur Levitt, has drafted a
letter to the non-nuclear agencies, also warning them of their Y2K
exposure; this will probably go out in the next week or two. Most
likely scenario: 20-30% of the utility plants will suffer at least
sporadic Y2K problems on 1/1/2000, primarily with their embedded
systems, including intermittent blackouts; and it's not at all beyond
the realm of possibility that portions of the nation's power grid will
be brought down for several hours, days, or weeks. Don't take my word
for it; take a look at the web sites of two Y2K-oriented utility
experts, Roleigh
Martin(http://ourworld.compuserve.com/homepages/roleigh_martin/) and
Rick Cowles (http://www.euy2k.com/index.htm). Both of them think the
situation will be MUCH worse than what I've suggested.
If you're a computer professional, you may be aware of the statistics
for project success, whether's it's utility plants or any other kind
of software project: even if you completely eliminate project failures
caused by budget problems, the data that we have from the last 30
years of software projects tells us that 15% of all projects are late,
and 25% are cancelled before completion. The projects that are late
turn out to be late by approx 7.6 months; for large projects (1+
million lines of code), the behind-schedule projects are late by an
average of 13.8 months, and for VERY large projects (10+ million lines
of code), the behind-schedule projects are late by an average of 25
months. This is not an exaggeration; I can give you citations of
books and references if you care to see the details. And it doesn't
take a rocket scientist to conclude that this does not bode well for
Y2K projects.
So much for utilities (and note that I haven't commented on water
supply, oil, gas, and sewage). When it comes to banks, consider these
statistics: there are approx 11,000 banks in this country. Even
taking into account the holding companies that own several small
banks, and the banks that outsource their IT development to service
bureaus, you have to assume that there are at least 5,000 separate
enterprise-level banking software systems that need to be fixed. The
numbers from one large banking institution are instructive: Bank of
America currently has an army of 1,000 programmers working on 250
million lines of code, and as of late Jan 1998, they reported they
were 1/3 of the way done. More statistics from another large bank:
Chase Manhattan was quoted in an article in the NY Times last October
as saying they have interfaces with 2,950 external entities.
Naturally, we can be highly confident that all 2,950 will be Y2K
compliant with no problems, right? ... nevertheless, it's interesting
that Edward Yardeni, chief economist of Deutsche Morgan Grenfell,
predicts that between 5% and 20% of the small banks in the U.S. will
fail because of Y2K problems. That's the good news; the bad news is
that Europe is approx one year behind us and is dangerously distracted
by their Eurocurrency projects, Latin American is sound asleep, and
Asia is preoccupied with its current financial crises. If you're a
computer-literate person, here's an interesting statistic: 70% of the
Japanese banking systems are inhouse, customized systems, while in the
U.S., 70% of the banking systems are packages. Conclusion: maybe the
international banking system will survive, but when Alan Greenspan
says Y2K could be a serious problem (as he did today, in his testimony
to the Senate) you'd better pay attention. >From my perspective, this
is not a theorectical, academic issue: this affects my retirement
savings and it's not something I feel like risking.
Bottom line: the banking system, as we currently know it, is in
serious danger of collapsing.
The other component of the "iron triangle" of critical infrastructure
services is telecommunications. Each of the "big three" of ATT, MCI,
and Sprint is dealing with a Y2K portfolio of 300-400 million lines of
code; there are interesting rumblings from all three that indicate all
is not rosy with their Y2K efforts. Even if they make it, there are
now hundreds of small, independent, deregulated carriers that can
wreak havoc on the overall telecommunications "grid". An example of
this occurred two days ago with a problem caused by a random firm
called Illuminet; see the attached news release below. Even assuming
we get dial tone on 1/1/2000 in the U.S. and England, you can
reasonably expect that several third-world countries are going to be
cut off from telecommunications for several weeks or months because of
Y2K problems.
Meanwhile, within the typical corporate environment, consider yet
another statistic: 90% of the PBX switchboards installed before 1996
are NON-compliant. Small-medium enterprises (SME's) are generally
oblivious to this problem, and are not at all interested in upgrading
their equipment. If you look at this on a global basis (as I'm
currently doing with one of my consulting clients, who has 100+ MAJOR
offices on 7 continents), the problem is horrific.
Then there's the government. The smart-ass character who critiqued my
email to your list-serve member seemed amused by my oblique reference
to Clinton's executive order; I suspect he had never heard of it
before, which isn't surprising considering how little media attention
it got. For what it's worth, the Executive Order was quietly
published on Feb 4th and began with the words "Minimizing the Y2K
problem will require a major technological and managerial effort, and
it is critical that the United States Government do its part in
addressing this challenge." But it turns out that the "Y2K Conversion
Council" that Clinton has created with the Executive Order is just
another bureaucratic committee, and won't have much impact on the
outcome. Your homestead group may not care about such things, but
it's worth noting that 16 of the 26 major federal agencies are
predicting that they'll finish their Y2K testing in Nov or Dec 1999;
that's enough to make any veteran software professional break out in
howls of laughter. Congressman Stephen Horn (R-CA, and a former
university president) predicts that 14 of the 26 agencies won't finish
even their mission-critical systems on time. IRS appears to be
doomed; perhaps that's why the CIO, Arthur Gross, resigned last month.
FAA has gotten lots of press recently about their Y2K problems (and
the top Y2K person in that agency has resigned, too) -- but that's the
GOOD news about the Dept of Transportation, which is currently
estimated to finish its Y2K work in 2019; the bad news is that 95% of
the exports from this country go by sea, and the maritime industry
only held its first Y2K conference this week (in NYC; I attended it),
and doesn't have a clue about Y2K. HHS (Health & Human Services) has
basically shot itself in the foot by firing its
outsourcing-contractors and bringing its partially completed software
projects inhouse without Y2K compliance; as a result, Medicare and
Medicaid are seriously threatened. Etc, etc, etc. I can't claim that
my crystal ball is perfect, but I will tell you that my own personal
Y2K plans include a very simple assumption: the government of the
U.S., as we currently know it, will fall on 1/1/2000. Period.
I just noticed your sig file says you're from Georgia. Well, here's
what's going on in GA: about a month ago, the Governor woke up and
announced that the state would have to spend approx $130 million to
"combat" the Y2K bug, most of which would be spent to hire approx 400
programmers. By itself, a proposal from the governor doesn't mean
diddly-squat, but it's amazing to see that the GA legislature actually
approved the funding proposal within a matter of weeks; by contrast,
states like Texas (where my daughter recently addressed the
Appropriations committee of the state legislature on the global
economic impact of Y2K) cannot easily do so, because they operate on a
constitutionally-mandated balanced budget, which doesn't allow deficit
spending. Anyway, GA apparently has approval to spend $130 million,
which means that it has approval to hire 400 programmers. But the
governor doesn't want to hire them himself -- the appropriation has to
trickle down two or three levels to the various departments that will
actually decide how much they need, and how many programmers they
need. How long will that take? Three months? Six months? Whenever it
happens, the state IT departments will go out into the marketplace to
try to hire 400 people at civil-service salaries. In today's
marketplace, how many do you think they'll be able to hire? How
about: ZERO. The "great sucking sound" that Ross Perot warned of in
his last Presidential campaign turns out to be the sound of
programmers being sucked out of the public-sector government agencies,
into the private sector, where competitive salaries can be paid, and
salaries are rising at the rate of 2-5% per month. And even if they
could hire 400 programmers 3-6 months from now, it's too late. IT'S
TOO LATE! Of course, maybe God will smile on Georgia, and maybe the
critical state agencies in your state will get their Y2K work done in
time; meanwhile, there are 49 other states, several of whom (ND, MT,
WY, AK and several others) appear not to have even begun doing any Y2K
work. The chances that even a reasonable majority of them will finish
is pretty small, in my humble opinion. And then there are the
counties, and the cities....
I could go on at great length, because there's a lot more detail that
we Y2K "warriors" know about and are dealing with, but I think you see
the point: those of us who are living with the problem on a day-to-day
basis are terrified. You indicated that some of your listserv members
have 20 years of computing experience. Wow. Big deal. I've got 34
years of experience in the field, and I've got a public reputation
that (if nothing else) suggests that I probably should not be
dismissed as an alarmist quack; see my web site at
http://www.yourdon.com for more details. Yes, I've written a Y2K book
which will sell more copies if Y2K is a problem-- but I've also
written 24 other software-engineering computer books, starting in
1967, that are doing quite well, and generating much higher royalties
than a mass-market, low-priced, heavily-discounted Y2K book. I could
make at least as much money, if not more money, during the next two
years by focusing my efforts on OO technology, Java, and the Internet;
but in my opinion, the Y2K problem will make any discussion of OO and
the Internet roughly akin to rearranging deck chairs on the Titanic.
Frankly, I couldn't care less whether your computer veterans agree or
disagree with my views on Y2K; my daughter and I wrote our "Time Bomb
2000" book to articulate personal Y2K contingency plans for our
family, our friends, and other personal acquaintances. If Y2K does
turn out to be as bad as I think it will be, nobody is going to care
abut the opinions of software professionals on 1/1/2000 (other than
possibly lynching them for having created the problem in the first
place!); instead, everyone is going to be concentrating on how to get
food, shelter, clothing, and the basic necessities of life. Y2K
threatens all of this, except in the backwards economies that have
never depended on automation or socio-economic interactions with other
automated societies. Rural China will probably be okay; but in my
humble opinion, New York, Chicago, Atlanta and a dozen other cities
are going to resemble Beirut in January 2000. That's why I've moved
out of NYC to rural New Mexico a couple months ago.
You're welcome to post these remarks on your listserv if you think it
would serve some constructive purpose; I'll leave that up to you. But
in general, I assume that your listserv group has come to the
conclusion that Y2K is not a problem, and that you'd rather not hear
any opinions of the sort that I've expressed above. That's fine with
me; as Spock says on Star Trek: "live well and prosper." I wish you
well, and hope that we'll all be able to compare notes about the Y2K
situation in a calm rational fashion on 1/2/2000.
But in the meantime, I've got work to do. There are only 674 days
left.
Sincerely, Ed Yourdon
-- Are you aware of the Year 2000 problem? We all need to be. ************************ http://pw2.netcom.com/~helliott/00.htm http://www.year2000.com http://www.yourdon.com http://www.garynorth.com http://ourworld.compuserve.com/homepages/roleigh_martin/- Posted by: Allen Comstock <comstock@wild-life.com>
------- End of Forwarded Message
===================================================================== Donald E. Eastlake 3rd +1 978-287-4877(tel) dee@cybercash.com 318 Acton Street +1 978-371-7148(fax) dee@world.std.com Carlisle, MA 01741 USA +1 703-620-4200(main office, Reston, VA) http://www.cybercash.com http://www.privacy.org/ipc