• friendlymessage@feddit.org
    link
    fedilink
    arrow-up
    1
    ·
    8 days ago

    I would hope that these kinds of parsers are not used in critical applications that could actually lead to catastrophic events, that’s definitely different to Y2K. There would be bugs, yes, but quite fixable ones.

    Regarding Y2K, it wasn’t horse shit - thousands upon thousands of developer hours were invested to prevent these issues before they occurred. Had they not done so, a bunch of systems would have broken, because parsing time isn’t just about displaying 19 or 20.

    “There’s no glory in prevention”. I guess it’s hard to grasp nowadays, that mankind at some point actually tried to stop catastrophies from happening and succeeded

    • FooBarrington@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      8 days ago

      Even if such parsers aren’t used directly in critical systems, they’ll surely be used in the supply chains of critical systems. Your train won’t randomly derail, but disruptions in the supply chain can cause repair parts not to be delivered, that kind of thing.

      And you can be certain such parsers are used in almost every application dealing with datetimes that hasn’t been specifically audited or secured. 99% of software is held together with duct tape.

      • friendlymessage@feddit.org
        link
        fedilink
        arrow-up
        1
        ·
        8 days ago

        True. But I wouldn’t see this as extremely more critical than the hundreds of other issues we encounter daily in software. Tbh, I’d be glad if some of the software I have to use daily had more duct tape on it…

        • FooBarrington@lemmy.world
          link
          fedilink
          arrow-up
          4
          ·
          8 days ago

          I think you might be underestimating the potential impact.

          Remember the Crowdstrike Windows BSOD? It caused billions in damages, and it’s the absolute best case scenario for this kind of issue. Our potential Y10K bug has a bunch of additional issues:

          • you don’t just have to patch one piece of software, but potentially all software ever written that’s still in use, a bunch of which won’t have active maintainers
          • hitting the bug won’t necessarily cause crashes (which are easy to recognize), it can also lead to wrong behavior, which will take time to identify. Now imagine hundreds of companies hitting the bug in different environments, each with their own wrong behavior. Can you imagine the amount of continuous supply chain disruptions?
          • fixes have to be thought about and implemented per-application. There’s no panacea, so it will be an incredible amount of work.

          I really don’t see how this scenario is comparable to anything we’ve faced, beyond Y2K.