a senior Boeing engineer/programmer speaks out

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

Got this in an e-mail forward....this guy's the cousin of a friend, who forwarded it to me...


>Y2K, The Millenium Monster > >Y2K is not a bug. It's a dragon, and we the Knights Of Software have >set forth on a crusade to slay it, even though we ourselves created >it. Like most dragons, it is largely an imaginary creature, much >larger in our fears and our fictions than it is in life. Just the >possibility that it could really be lurking over that next mountain, >however, leads us to spend huge amounts of energy plotting its >demise. > >Certain greedy spinners of tales deliberately exaggerate the size of >this dragon, to strike fear in the hearts of mortal kings so they >will give up their gold for protection. >They talk of billions of lines of code that must be sifted through >one by one, an impossible task for an army of our bravest knights. >Give us a bigger army, they cry, so that we might slay this huge >monster before the day comes that it breathes fire upon the world and >leaves only a blackened cinder spinning aimlessly about the Sun. > >But in reality, this dragon is not a huge fire-breathing monster but >a subtle, insidious wisp of a thing. It is a ghost dragon, hiding in >the cold dead hearts of a million former workhorses of technology, >used-up animals that we thought we could forget about. Most of our >billions of lines of code are irrelevant because they do not depend >on date/time computations for proper function. The few that do, >however, lie buried among the billions, tiny ghostlets of the ghost >dragon waiting for the day they will rise up and act as one, >breathing not fire, but ice, upon the machines of the modern age. > >Some of these ghostlets will not be found. Some of our machines will >freeze. But this wisp of a dragon will never wreak the horror in the >real world that we so vividly envision in the storybooks of our >software. > >Bill Tolson (425)342-8348 >Engineering Applications Programmer >william.m.tolson@boeing.com


Of course, this fellow's missive doesn't jive with the worst-case scenario, so I immediately assumed that his credentials were suspect, that maybe he was a part of the knee-jerk right-wing conspiracy (Infomagic has proven conclusively that anyone who doesn't subscribe to the worst-case scenario is an Iraqi secret agent, has he not?), and so I e-mailed him, asking for his credentials. They are as follows:

**********(no sarcasm from this point forward, promise!)

>"My degree is in psychology, but I have been exclusively a computing >professional since 1985. From '68 to '78 (I'm not afraid of >two-digit years!) I was an electronics technician in the Navy working >on digital systems. Then, during my MS-Psych program, I rebuilt the >hardware interface for the operant chamber at the Primate Research >Center at Western Washington University, and wrote the software that >allows researchers to control operant schedules in the chamber, a >room-size compartment heavily laden with microprojectors, buttons, >switches, lights and feeders that the computer must control in >exchange with the simian occupants.

>At Boeing, I design simulations and applications on engineering test >systems, simulating airplane signals so that newly designed avionics >units can be "flown," tested and redesigned in simulation before >being tested in flight. I also teach classes in simulation design on >our systems. As a peripheral duty, I was assigned to assess the Y2K >safeness of our systems and make modifications where necessary."


I e-mailed Mr. Tolson to ask if I could reproduce his original e-mail on this here forum, and he responded, in part:


>"I do believe that there are bound to be little surprise Y2K packages >hiding around in the software to annoy us for some time to come. >Such snippets can be very sneaky, because people have found some very >creative ways to use dates in the past forty years. That's what I >meant by "ghostlets" in my little fairy tale.

>The problem will surely be haunting us for a while; I just don't >believe it will be TEOTWAWKI.

>After distributing my little millenium ditty the other day I received >some mild admonitions from friends for making light of the coming >Y2K Apocalypse. The following is copy/pasted from a reply I wrote >for them.

>Warning: it's a sprawler. And I wax a little sarcastic at times >because my friends know my position.

>Here it is:

>Although part of my job is to examine and test our code for Y2K >safeness, I am not a full-time Y2K consultant whose job depends on >the issue. Were this true, it's possible that I would be among the >True Believers. As it is, it appears to me that much of the intense >concern about this problem is the result of deliberate hype by those >who would gain from the rush to hire programmers to solve it. >Ironically, the greatest danger that I see in Y2K is the possible >effect of widespread panic among the masses if they swallow the >exaggerated predictions of the scaremongers. The mongers will make >money, but the panic may make the money worthless.

>I am not saying that Y2K is a non-problem. A problem indeed exists >in any system that 1) uses 2-digit years, 2) performs date >computations involving them, and 3) uses dates to make decisions. >All three must be true to create a serious programming problem. >Code using 2-digit years just to display or print dates is >essentially safe, because the people reading the dates will know that >00 means 2000, not 1900. Code performing date computations for >display or printing only, may print out bad data, but again people >will quickly learn to interpret it. Such programs should be fixed >eventually, but there's no rush. They will not cause bank failures, >power-grid meltdowns or airplanes to fall out of the sky.

>This narrows the real problem down to code that makes decisions based >on date computations using 2-digit year designators with no prior >correction for Y2K. No doubt there is a lot of code that qualifies, >especially in accounting systems. But it's not hard to find such >code and not hard to fix it, except maybe in the case of embedded >microcode permanently burned into chips. I am ignorant in this >area, but I would imagine that almost all true date dependencies >occur at a higher level than op-code. In exceptional cases where a >chip has been built to work with time and date computations, and >failed to include perpetual calendar algorithms, the chip may have to >be replaced. But my watch works fine across the Y2K boundary, and so >will a huge percentage of the other date/time chips in use.

>This brings up testing strategy. I set one of our systems to >near-midnight 1999, ran it across the millenium several times and >tested all the primary software tools we use or build, with only >minor problems. We will do the same with networked systems on our >"Y2K Weekend," in which a large number of interdependent systems of >various architectures will be tested. I expect the results to be >about the same. On Unix systems like mine, and in all major >spreadsheet products on IBMs, dates and times are stored as serial >numbers representing the number of seconds and sometimes milli- or >microseconds since the 'epoch,' usually 12AM on 1/1/1970. Some of >our older library functions will run into problems in the year 2038, >68 years or 2,147,483,648 seconds after the epoch. Few of us use >those functions any more, and the newer ones are good for thousands >of years. Besides, 2038 doesn't lend itself to a catchy acronym.

>I realize that my perceptions are biased by the fact that I work in >the Unix world, relatively safe from the problems of >micro-short-sightedness. >Allow me to diverge into a discussion of a theory I studied in >collegeexplaining the wide disparities among expert opinions in so >many areas:

>Festinger's Theory of Cognitive Dissonance. If psychological theory >bores you, just skip to the end.

>Festinger's Theory of Cognitive Dissonance in a nutshell: >*That which I see truth in, I will commit myself to. >*That which I commit myself to, I will see truth in. (Each tendency >feeds the other.) >*Once committed, I will be uncomfortable with any ideas or evidence >against my perceived truths. >*I will remove such 'dissonance' through doubt or denial of the >evidence.

>I have seen evidence of Cognitive Dissonance in operation ever since >I studied Festinger in the late 70s. I believe that there are broad >implications from it and good reasons why we operate this way, so >I've done a kind of Cost-Benefit Analysis of Festinger's theory: >Benefits of Cognitive Dissonance: stability, confidence, consistency. >Sticking with that which we believe in has helped us coexist in >groups, develop kinship and family/country/ethnic identity, and build >clans, tribes, and nations with strength and solidarity of belief.

>Costs of Cognitive Dissonance: inaccuracy, ignorance, disagreement. >Denying or ignoring evidence that contradicts our beliefs has led to >periods of stagnation in science, religion and our efforts to govern >ourselves.

>Ultimate costs: dogmatism, hatred, war. When our denial of each >others'ideas leads to fear and loathing of other groups who threaten >them, we may divide ourselves into violent camps and attempt to >destroy each other. >Perhaps the groups with the 'better' or more adaptive ideas are more >likely to survive such exchanges. That would result in a kind of >social evolution. But it seems to me that those most immersed in the >dissonance mechanism, those with the fiercest loyalty to their ideas, >are the most likely to initiate war and to put up with its intensely >ugly consequences for the sake of their beliefs. Social Devolution? > I don't know.

>The effects of Cognitive Dissonance are most pronounced in areas such >as politics, religion, economics and psychology because in these >complex areas it is very difficult to test our ideas. But even in >physics, men have long stuck to their ideas in the face of >contravening evidence, as elucidated in Thomas S. Kuhn's 'Structure >of Scientific Revolutions,' the monogram that introduced the word >'paradigm' into modern usage.

>I am not a True Believer in Cognitive Dissonance as the explanation >for all human behavior, any more than I am of Y2K as the End Of The >World. But I can see strong evidence of Cognitive Dissonance at work >among the Y2K Believers. None of the contravening facts above will >move them -- or perhaps they will be moved to anger and I will >receive hate mail, but that will only strengthen my case.

>And again, perhaps it is I who am in denial. If anyone knows of Y2K >problems outside the boundaries I've described, especially problems >that document the risk of catastrophic system failures, I would like >to know. >I'll try not to doubt or deny. Don't give me appeals to authority; >plenty of computer science 'authorities' are True Believers. I'm >interested in specific scenarios in which the Y2K problem could cause >catastrophic failure of a system, especially a critical system and >especially through problems that might be difficult to predict or >fix.

>Of course, as Dilbert has pointed out to his pointy-haired boss, it >is >logically impossible to plan for the unknown. I'm unlikely to hear about problems we can't predict. I say let's fix the ones we >can. And although I can't be absolutely sure, I'd be willing to be > that the actual direct impact of Y2K (apart from the effects of > panic) will be quite innocuous in comparison to the dire warnings > that preceded them.

>Thanks again for your missive, Mr Howard, and I hope we stay in >touch. >Bill Tolson >Engineering Applications Programmer >william.m.tolson@boeing.com


Mr. Tolson's points of psychology are well stated and well-taken, hopefully. Hope they're well understood. His ignorance on embedded chips, but then his hope that he "would imagine that almost all true date dependencies occur at a higher level than op-code" has been borne out by real-world tests (which have NOT been reported on this forum much at ALL) that embedded chip tests have revealed MUCH less problems than previously imagined.

Bottom line of this post is that there are some really smart front-line dudes, engineers, computer scientists and such, who think this thing will be a manageable calamity. Way less than a 10. Mr. R.D., Mr. Cook, et. al., you're some real smart dudes too, and I salute your intellect, but you aren't the only opinions in town.

BTW, I asked Mr. Tolson about including his e-mail address in this post...he said go right ahead...if you doubt the veracity of this info, send him an inquiry

-- John Howard (Greenville, NC) (pcdir@prodigy.net), December 23, 1998


John - it's a *WORLDWIDE* *systemic* problem. Russia will fix on failure. Europe is way behind and wasting resources with the Euro. The top 19 Japanese Banks have allocated the same as one US Bank for remediation (Citigroup). Latin America - toast. Only 120 countries bothered to send delegates to the recent UN conference. The interdependencies are mind boggling. We do trade globally don't we?

-- Andy (2000EOD@prodigy.net), December 23, 1998.

Yup - right on. My first post on this forum stated that as Y2K was an unknown. I admit that my ideas about Y2K are a guess. How many TEOTWAWKI scenarios do the same?

-- Paul Davis (davisp1953@yahoo.com), December 23, 1998.

As the days wind down and more and more evidence of the impending calamity becomes apparent, the voices of people like John Howard will be drowned out. I find it hard to believe that an intelligent person that has done serious research on where we are headed could show this level of optimism. At this point in time, there is very little doubt that Y2K, the coming depression, terrorism & war, and the Earth's escalating environmental problems (including famine and disease) are going to forever change the world as we know it.

It's time to face the music and prepare for it. Anything else is irresponsible.

-- a (a@a.a), December 23, 1998.

I really hope that guy's right. If so, I'll donate my grain to a relief organization and throw one heck of a party.

A note on cognitive dissonance: I assumed that it would kick in when I started making serious preparations, and I would become convinced that the world was coming to an end. It hasn't happened that way. The more I prepare, the less I fear. The less I fear, the more I'm open to thinking that maybe it won't be that bad after all. Preferring not to fear, I continue my preparations. Whichever way it goes, I can accept it.

-- Shimrod (Shimrod@lycosmail.com), December 23, 1998.

Everytime I see a happy-face no-big-problem commentary like this one, which I hope as much as anyone turns out to be the case for Y2K (especially regarding the "airplanes falling from the sky" -- I mean, you know that that is the #1 worry among us Y2K doom-and-gloomers!), I always re-visit the article "Industry Wakes Up to the Year 2000 Menace" that appeared in Fortune last April (which, ironically, gives honorable mention to Boeing). Click on it at the following link, and contrast it with what this guy is claiming....

Fortune Y2K Article

-- Jack (jsprat@eld.net), December 23, 1998.

His example, and his logic, are based on the small program samples he has worked with. No problem with that - he's correctly applying Y2K extrapolations to his system, in his section of his company, based on his experience in one kind of computer operating systems.

His section of his company in his operating system running his programs may work. If he has power. Heat. Lights. A paycheck. Suppliers running their systems (which need to be entire companies) able to reliable and safely built aircraft-qualified parts for Boeing.

For example, a simple wing-root assembly here in Marietta failed several years ago (affecting Lockheed wings) becasue of heat-treatment affects caused by cooling temperature changes after the part was machined and annealed. Do you want to fly in a Boeing aircraft made of parts built without strictly inspected CAD/CAM machined tolerances?

He is not (maybe because of his own theory of psychology) applying the "small" failures he also experienced in y2K testing to a world dependent on multiple-simultaneous-interrelated irreplaceable event being controlled by computers. Each computer requires power, communication, and control working exactly right for the output to be trusted.

he is absolutely correct for his small piece of the world. My experience in the "bigger" world tells me that widespread simultaneous illogical things will fail - and fail hard, cold, dead stop - all over a period of several weeks. I would share his optimism but:

Aukland lost gas for (6 weeks ?) due to one failure.

The US and Canada and Mexico lost 3.4 of their pagers, many ATM, and many banking links when one computer program failed affecting one satellite.

San Francisco - and the pennisula south of it - lost all power for the most part of one day when one component in one substation blew it guts out.

Eastern Canada and many areas in Maine and Vermont (NY, NH too?) lost power for several days (and longer) when lines dropped due to one ice storm affecting one area.

One telephone switchroom failure affected 911 service down here in 11 counties.

One Medicare computer programming error this summer already seniors 560 million in excess charges.

Now, none of these are specifically Y2K caused - but they show the widespread impact of a single failure stopping a city, county, or region from functioning normally until the failure is cured.

He is correctly relating his experience to his office, in his section, in his company- if he still has power, food, water, and heat and a job. He has shown me absolutely no reason why his experience can be extrapolated to anything larger than his office.

-- Robert A. Cook, P.E. (Kennesaw GA) (cook.r@csaatl.com), December 23, 1998.


I echo your thoughts exactly. I wish we didn't have to make this "prudent investment" in Y2K survival, but doing so has allowed our family to approach opposing views with a calm that was unknown only a few weeks ago.

We're still checking lists, watching for that next great store bargain and generally going about the business of finishing up what we deem to be the critical needs and purchases.

This will be a special Christmas for our family. The unknown future we will face one year from now, makes it so. But, the level of planning that we have accomplished to date, even if it is ultimately proven insufficient, will free us from the fear or panic that may result over these next months. To corrupt an old quote: "It's better to have planned and missed, then to never have planned at all."

Merry Christmas!

-- Bob Walton (waltonb@kdsi.net), December 23, 1998.

It amazes me that people are spending so much valuable time trying to predict how "bad" or "not-so-bad" Y2K will be.

I think *everyone* agrees that there will be *some* problems.....

I approached the decision to begin preparations this way: I took inventory of just my own home and vehicles, and tried to imagine the impact on my way of life if ONLY 10% of all the things I depend on suddenly didn't work. I had to admit *life-as-I-know-it* would be SERIOUSLY disrupted, especially if all the businesses which I would normally depend on to replace or repair my things were also seriously disrupted by the same 10% margin.

That scenario I believe, leads any thinking person to the ultimate conclusion that the *domino effect* of escallating problems and eventual collapse is inevitable.

I think we are in for a very bumpy ride. Fasten your seat belts folks, and don't waste any precious time looking for good news! If there IS good news, we will learn it on Jan 1, 2000, and that will be cause for major celebration.......

Just my two cents.

-- Sheila (sross@bconnex.net), December 23, 1998.

Macrocosm v.s. microcosm, its all interdependent. Keep watching and preparing.


-- Diane J. Squire (sacredspaces@yahoo.com), December 23, 1998.

In response to Festinger's Theory of Cognitive Dissonance, I would like to predicate Hunt's Theory of Personal Perspective, which is that one assumes that the rest of the world is fairly similar to one's own.

Mr. Tolson seems to think that the relative infrequency of date usage in engineering software is repeated in other fields.

"No doubt there is a lot of code that qualifies, especially in accounting systems. But it's not hard to find such code and not hard to fix it...Such programs should be fixed eventually, but there's no rush. They will not cause bank failures..."

Mr. Tolson's dismissive attitude toward accounting systems is typical of engineers. Accounting programs are exactly what could cause bank failures - if the interest figures are calculated incorrectly, then customers will immediately pull out their cash and take it elsewhere. What does he think would be the cause of bank failures if not the failure of their accounting for money, the only "product" a bank deals with? And if accounting failures cause failures of a bank's borrowers, then the bank can fail through excessive loan losses.

-- Dan Hunt (dhunt@hostscorp.com), December 23, 1998.


I'm in the camp of those who say "no one really knows". That goes all ways including to the Pollyanna and the Doomsayer.

But, my perspective follows those who view the problem as something that will effect entities on a worldwide scale of unknown magnitude.

I live in earthquake country in a suburb of L.A., California.

Once in a while we get a jolt that shakes us up but there isn't any damage. Once in a while we get a jolt that destroys property and kills people. Anyone who is a native will tell you that it isn't the magnitude that is always the problem. There are many other factors such as the kind of soil the structures sit atop that actually dictate the degree of damage, etc. But, mostly, it's the length of time of the quake that really matters. So, if there is a magnitude 4 quake that hits ALL of the L.A. basin and lasts for two to three minutes... L.A. is toast. There would be so much damage to the entire area that millions of people would die, the whole basin would be leveled and it would not only be the end of the world as we knew it but for many it would just be the end of their world.

So, what will y2k do to the worldwide economy, business and government entities that suffer disruptions at the same time? How will that affect the dision of labor and can there possibly be enough programmers and spare parts worldwide to fix the problems quickly? Will y2k, even if it's just a 4, shake things up long enough all over the globe to level and topple and create enough chaos to be TEOTWAWKI?

I couldn't even begin to try to convince anyone I knew what might happen or especially what *will not* happen. I don't think anyone could do that including Mr. Tolson.

Mike ================================================

-- Michael Taylor (mtdesign3@aol.com), December 23, 1998.

There is a HUGE difference between TEOTWAWKI and the end of civilization. They are not the same. But most of the posters here have obviously confused them and I haven't argued with the custom. No doubt even a 2 would bring many changes. But a huge chasm lies between the total and permanent breakup of the functioning world and the death of billions, and a disaster that can be fixed - even if things take months to get back to somewhat normal. And yes, there are very good chances that many in Congress will try to get their favorite 'control the population' laws enacted during the furor. We will find out all about it after it happens, not before. And if you want to help prevent those restrictive laws - write your Congressman now - he'll probably be too busy to read mail later - if he gets it.

-- Paul Davis (davisp1953@yahoo.com), December 26, 1998.

The problem there, Paul, is the termedous uncertainity w/r the response of the people (assumed almost entirely unprepared but dependent entirely on the current infrastructure) in the "meantime" between loss of certain services (all sevices ?) and recovery of those services.

If these "unprepared people" behave themselves ethically, morally, and responsibly - doubtful in light of recent events and the demonstrated immature behavior of many - but demonstrated in times of widespread natural disasters like floods, earthquakes, fires or hurricanes - then I've no doubt recovery to "normalcy" will be much simplified.

If they do not - that is if rioting or a general further loss of civilized behavior happens - then recovery may well be in doubt.

-- Robert A. Cook, P.E. (Kennesaw GA) (cook.r@csaatl.com), December 27, 1998.

Moderation questions? read the FAQ