[CTRL] No Humble Pie For Yourdon...

[William Shannon]

 -Caveat Lector-

Y2K - Ed Yourdon's
'Jan 1, 2000 Assessment
Of The Y2K Situation'
Ed Yourdon's Web Site (http://www.yourdon.com)
>From Paula Gordon <[EMAIL PROTECTED]>
1-2-99

I got up this morning and found that my e-mail inbox was already filled with
messages with questions and commentaries about Y2K. Some asked if I was
prepared to admit that I was wrong, and that Y2K had been a scam all along;
some thanked me for making them think about the issue more carefully than
they would otherwise have done; and most asked what I thought about the
current situation.

The fact that I was even able to receive e-mail this morning obviously says a
lot. The Internet is up, the lights are on, I got dial-tone when I picked up
the phone. Terrorists did not attack the New Year's celebrations in
Jerusalem, Rome, Paris, London, New York, or Washington. As best I can tell,
none of the 100,000 computer viruses we had been warned to expect have
attacked my computer system. In short, the world has not ended as of 10:00 AM
Mountain time, here in Taos, New Mexico.

What does all of this mean?

I don't think there is a single correct answer to this question. Keep this in
mind during the coming days, for there is a tendency in many discussions,
commentaries, arguments, and analyses for people to assume a "binary"
either-or, yes-or-no, all-or-nothing, black-or-white attitude toward issues
like Y2K, not to mention several other complex issues and problems facing
society. I believe that the current Y2K situation reflects a combination of
several factors:

Potential Y2K problems have been fixed. Let's give credit where credit is
due: hundreds of thousands of computer programmers around the world worked
long, hard hours (usually without being paid for the overtime work they put
in) to fix some, or most, or possibly all of the potential Y2K bugs that
would otherwise have occurred. I've stated publicly on several occasions that
if any industry managed to muddle through the Y2K situation, it would be the
banking industry -- because they had their own built-in sense of urgency,
they had the financial resources, they had the technological sophistication,
and they had more regulatory oversight and pressure than any other industry.
The same is likely to be true for the military weapons "industry" -- i.e.,
the fact that none of the advanced countries of the world launched nuclear
missiles at one another last night implies, among other things, that they
worked diligently to remove whatever bugs might have caused a problem. The
most notable outcome of Y2K last night is that, in almost all parts of the
world, the lights stayed on. Industry experts like Rick Cowles are better
qualified than I to comment on this, but it's easy to see why people would
conclude from last night's success that the electric power industry did a
better job, and achieved a higher degree of completion, than the preliminary
reports and data suggested would be the case.

Potential Y2K problems were exaggerated. This has been a common theme on the
part of many Y2K "optimists," and I am one of many people who has been
accused of exaggerating the nature, degree, and potential severity of Y2K
problems. As I'll suggest below, I think it's premature to make this
conclusion about software-related Y2K problems -- but I must confess that I'm
beginning to wonder whether terrorist problems, and cyber-terrorism problems,
might have been exaggerated. I have absolutely zero expertise when it comes
to terrorism, so I simply don't know whether the intense media focus on
potential terrorist attacks on New Year's celebrations, which we heard
repeatedly for the final two weeks of December, was over-done. Indeed,
several media reporters and anchor-persons seemed concerned about this
possibility, and asked government authorities whether the constant coverage
was creating more of a problem than there really was. Given the nature of
this problem, there's a good chance that we'll never know how many threats
really existed, how many were nipped in the bud, or how many were foiled at
the last moment. In a similar vein, I'm amazed to see that there have been
almost no reports of viruses or other cyber-attacks; this was perceived to be
such a major problem that many corporate and government web sites have been
shut down for the weekend; I was so nervous about it that I used a backup
machine to access the Internet and pick up my email on the morning of January
1st -- just in case there were such virulent viruses that everything on my
computer would somehow be deleted.

It's also possible that the embedded-system threat was exaggerated, though I
feel strongly that it's far too early to make such a statement. But one of
the frustrating things about the Y2K problem has been that (a) no one is
precisely sure how many chips and/or embedded systems actually exist in the
world, or (b) how many of these actually have a real-time clock with
date-awareness, or (c) what percentage of the date-aware chips and embedded
systems might fail on Jan 1, 2000 even if the "official" use of that chip did
not involve any date calculations, or (d) what percentage of the "official"
date-sensitive applications were actually non-compliant, and thus subject to
failure, or (e) what percentage had actually been fixed, or (f) what degree
of testing would be sufficient for an organization to confidently predict
that it had actually solved the problem. The estimates for all six of these
categories varied widely from one industry to another, and from one expert to
another. My personal belief had been that even if the optimistic estimates
were ten times too pessimistic, there was still such an enormous quantity of
embedded systems that we would surely encounter some serious problems ... but
perhaps we will eventually conclude that a large number of well-meaning
computer experts exaggerated the extent of the problem.

Could we also have exaggerated the extent of the software problem? Again,
it's too early to tell; but it's hard to argue with the statistics that have
been reported by Y2K IV&V vendors who have examined code that had been
remediated, tested, and put back into production. Typically, the IV&V vendors
have found between 100 and 1,000 undiscovered Y2K errors per million lines of
code, and typically 30-40% of these errors have been judged as "moderate" to
"serious" in terms of their potential impact. The reports from the first
10-12 hours of the new millennium suggest that no "serious" software-related
Y2K bugs have occurred. Did we exaggerate the problem? I don't think so, but
time will tell.

Many potentially faulty systems were turned off for New Year's, or run
manually. We know that the Russian electric system was switched to manual on
New Year's Eve; and we know that a large number of banks, ATM machines,
seaports, pipelines, chemical plants, refineries, and other environments were
either turned off, or run manually during the critical rollover period.
Obviously, if a system has been shut off, we won't notice whatever Y2K
problems may still be lurking inside; and if automated processing has been
bypassed in favor of manual operations, we won't see the Y2K bugs. To the
extent that this explains our initial success, we should be careful before
celebrating too loudly.

Some systems had a lower load, and many systems had a higher degree of
support, than normal. One common explanation for the success with electric
utilities is that the winter-season demand in the northern Hemisphere is
about half the peak demand in mid-summer. This allowed the U.S. to scale back
the output of many utility plants to approximately 80% of their normal
output, so that standby and spare plants could be powered up to handle any
extra load that would have been needed if there were failures. Aside from
that, almost every company whose systems were expected to be operational
during the rollover had a far higher degree of support and supervision than
would normally be the case. Thus, whatever Y2K problems did occur during the
rollover were probably spotted more quickly, and fixed more quickly, than
would have been the case under normal conditions. This situation will
continue throughout the Jan 1-2 weekend in many organizations, and possibly
on into the first business week of the year. This is not intended as a
criticism at all; it's simply a reminder that if there are "delayed" Y2K bugs
that pop up later in January, when the support staff has been reduced to
normal levels, they might not be found or fixed as quickly.

Some, and perhaps many, Y2K bugs have not become visible yet. I've suggested
this already in my earlier comments, and it's also a common theme in many of
the other reports and commentaries on January 1st. Even if a Y2K bug has
already occurred, it may not have become visible to the computer technicians
observing the system, let along the customers and end-users who depend on the
systems. In many of the testing efforts that took place prior to January 1st,
it was observed that a period of hours, days, or even weeks transpired before
the Y2K bug finally caused externally-visible consequences; this is no great
surprise, for the same thing happens with "normal" software testing. In
addition, there are a number of potentially serious Y2K bugs that won't occur
until businesses resume operations on Monday, January 3rd; or when the
payroll system is run for the first time on Friday, January 7th; or when the
end-of-month accounting systems are run on January 31st; or when February
29th is encountered, and the computer systems have to decide whether 2000 is
really a leap year; or when the end-of-quarter processing takes place on
March 31st; etc.

Some problems have been covered up, de-emphasized, ignored, or not reported.
I'm not suggesting a conspiracy theory here, though some observers have a
more cynical and jaundiced view of the situation. But it has always been
common practice for individuals, corporations, and government agencies to fix
their problems "behind the scenes" whenever possible, and to maintain a
facade of normal operations whenever possible. There's no reason to imagine
that it will be any different than Y2K problems; the only obvious difference
is that customers and end-users may be more vigilant in looking for such
problems than they normally would. Indeed, if one scans the news reports and
Internet postings for the first 10-12 hours of 2000, there have been some
problems, though it's not always clear whether they're Y2K-related. Two U.S.
nuclear plants shut down during the evening of December 31, and a third plant
scaled back its output significantly; the initial reports indicate that these
problems were not Y2K-related, but that may turn out to be a premature
assessment. Y2K-related problems occurred in approximately 8 other U.S.
utilities, but were quickly fixed; and power brownouts and brief outages were
reported in Texas, Kentucky, California, and New Mexico. Meanwhile, two
nuclear plants in Japan experienced alarm conditions shortly after midnight,
though radiation levels apparently remained normal; while these problems were
apparently Y2K-related, they were not judged serious enough to shut the
plants down or to report them prominently in the worldwide media coverage.

If all of the Y2K problems fall into this category, the optimists can
reasonably argue that Y2K was not a problem after all -- for it did not
injure or inconvenience a large number of people for a long period of time.
Again, I think it's premature to make that overall judgment about Y2K; and
for those who feel more pessimistic, these initial failures, bugs, and
disruptions might be seen as a harbinger for more serious problems when the
systems are subjected to heavier loads on January 3rd, and when they no
longer have the augmented support staff to pounce on the problems. Time will
tell...

Inevitably, there will be observers who dismiss all of these arguments, and
who conclude that the whole thing was a deliberate, malicious scam
perpetrated by greedy charlatans. If so, these charlatans have succeeded far
beyond anything ever before accomplished: they convinced hard-nosed business
executives, and cash-strapped government agencies around the world to part
with roughly $100 billion in remediation costs. They convinced the U.S.
government to build a $50 million command center to watch for problems; they
persuaded business executives and government leaders to shut down thousands
of systems around the world, in order to avoid the impact of the non-existent
Y2K bugs. How they managed to coordinate all of this, and how they managed to
fool so many people for so long a time, must remain a mystery. If you want to
believe that this is the "real" explanation of the Y2K situation, you're
welcome to do so. If you're asking me to admit that I was a part of such a
grand conspiracy, the best I can do is politely respond. "No, I'm not that
clever."

Conclusion

The good news about the first 10-12 hours of post-Y2K existence is that (a)
the world has not come to an end, (b) no serious, life-threatening problems
or crises have been reported, and (c) there was hardly any evidence of panic.
Many stores in the U.S., Japan, and a few other parts of the world, reported
hectic business during December 30-31, as people stocked up on toilet paper,
bottled water, flashlights and batteries. Heavy cash withdrawals were
reported in parts of Nigeria, Hong Kong, Turkey, and a few other isolated
spots; but there were no full-scale bank runs, and initial reports in the
U.S. and England indicate that ATM usage was not much greater than normal.

The bad news -- at least potentially -- is that people will assume that the
Y2K problem is "over," and that they can relax their vigil. It's easy to
become complacent when "victory" has already been declared in the media.
Before I went to bed on New Year's Eve, I set the clock on my computer back
to 1998, and then unplugged it from my household electrical outlet. My plan
was to start up my backup machine this morning, observe the rollover, run
through a series of tests to ensure that all of the applications were working
properly, and then log in on the Internet to see if a horde of viruses would
destroy the machine. But after hearing repeated reports on television that
nothing had gone wrong, and after seeing that the electricity and phone
service had not been disrupted overnight, I wondered if I was going
overboard. Indeed, I did begin with my backup machine, and I did log in very
carefully to see if there was any evidence of viruses. But I have to admit
that I'm susceptible to rampant optimism, too: I didn't have the discipline
to go through a laborious exercise of running all of my systems on the backup
machine, before finally starting up my primary machine. And so far,
everything seems to work ... except ... ackkk!!! .... urghhh!! ... gadzooks,
how did all of those files get deleted? ... oh, no! ... my machine is being
destroyed before my very eyes! ... eek!

Just kidding ... so far, everything does seem to be working fine. But in my
opinion, Y2K isn't over yet. I'm less worried than I was 24 hours ago, and
I'm delighted that things have worked out so well, so far. "No news," as Y2K
czar John Koskinen said in an interview yesterday, "is good news," and I hope
it continues. My family is delighted that they won't be subjected to a diet
of tunafish and rice; but I'm going to hold onto that food for a while. Here
in northern New Mexico, we actually do get three-day winter snowstorms from
time to time, and the power occasionally goes out even without Y2K as the
explanation. I have no regrets or apologies for the preparations I made, or
the precautions I took -- no more so than I regret the money I spent last
year on automobile insurance, health insurance, and fire insurance, none of
which turned out to be necessary.

Let's hope the good news continues. In the meantime, my best wishes to
everyone for a Happy and Y2K-uneventful New Year!

DECLARATION & DISCLAIMER
==========
CTRL is a discussion and informational exchange list. Proselyzting propagandic
screeds are not allowed. Substance—not soapboxing!  These are sordid matters
and 'conspiracy theory', with its many half-truths, misdirections and outright
frauds is used politically  by different groups with major and minor effects
spread throughout the spectrum of time and thought. That being said, CTRL
gives no endorsement to the validity of posts, and always suggests to readers;
be wary of what you read. CTRL gives no credeence to Holocaust denial and
nazi's need not apply.

Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://home.ease.lsoft.com/archives/CTRL.html

http:[EMAIL PROTECTED]/
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]

To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]

Om