At 2:37 PM -0600 1/7/10, Wall, Kevin wrote: > Larry Kilgallen wrote... > >> At 10:43 AM -0600 1/7/10, Stephen Craig Evans wrote: >> >> > I am VERY curious to learn how these happened... Only using the last >> > digit of the year? Hard for me to believe. Maybe it's in a >> single API >> > and somebody tried to be too clever with some bit-shifting. >> >> My wife says that in the lead-up to the year 2000 she caught >> some programmers "fixing" Y2K bugs by continuing to store >> year numbers in two digits and then just prefixing output >> with 19 if the value was greater than some two digit number >> and prefixing output with 20 if the value was less than or >> equal to that two digit number. >> >> Never underestimate programmer creativity. >> >> Never overestimate programmer precision. > > While I never fixed any Y2K problems I worked next to someone > who did for about 6 months. What you refer to is pretty much what > I mentioned as the "fixed window" technique that was very common > to those developers who were addressing the problems at the time. > > IIRC, it was a particularly popular approach for those who waited until > the last moment to address Y2K issues in there systems because it still > allowed for 2 digit year fields in all their forms and databases and output.
Going back to the original Y2K issue, within the past 5 years my wife and I visited a friend of my late father. This friend had retired as somewhat of a bigwig at an industrial giant that formerly was in the business of manufacturing their own line of computers. He admitted that "back in the day" they had set up things to use two digits for storing year numbers, knowing that before the year 2000 came around, _they_ would all be retired. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
