Compared to ranting at each other about Kosovo, religion or, heck, just plain ranting at each other out of boredom, it seems scarcely fair to discuss those pesky little PERSISTING Y2K problems. IMO, this is what we know about Y2K and what we don't, as of today.

-----------------------------------

Here is what we know about Y2K now (except where stated, I am referring to enterprise-level systems):

We know that a lot of work in general has been done and a lot of work that should have been done by now hasn't been done, especially worldwide.

While we can't place an exact number on it, we know that the original estimates that a maximum of 80% mission-critical systems would be fixed worldwide remains valid or optimistic.

We know that, with rare exceptions, governments and enterprise-sized businesses are only remediating mission-critical systems. This means that somewhere between 50% and 80% of all computer systems will go untouched.

We know that there is no standard for defining mission-critical systems.

We know that most small and medium-sized businesses state publicly that they will fix on failure.

We know that, generally, reported budgets continue to rise and that amounts spent against budgets lag when measured against classic IT project requirements (for instance, 50% for adequate testing).

We know that deadlines, taking remediation worldwide, have slipped against earlier estimates.

We know that independent Y2K audits are rare and, where conducted, point to serious problems that went unrecognized during remediation.

We know that there is not enough time remaining this year for conducting adequate testing worldwide, especially for system and cross-enterprise interfaces.

We know that embedded system failures remain a wild card, though there is more optimism about limiting them when compared to a year ago.

---------------------------

Here is what we don't know:

We don't know whether the lowered number of mission-critical systems reported in the mix reflect better analysis of the domain or a public relations effort.

We don't know the degree to which non mission-critical systems will fail.

We don't know the degree to which non mission-critical systems are necessary to ensure the functioning of large government and corporate entities.

We don't know how many Y2K incidents will be caused by inadequate testing and/or errors introduced as a consequence of testing or how serious the lack of testing overall will be.

We don't know what percentage and type of embedded system failures will occur and at what level they compromise world infrastructures.

We don't know how much noise from Y2K failures (e.g., system degradation) is required in a given industrial sector or entity (government, corporate) before the entity cannot function.

We don't know the degree to which Y2K noise and/or outright failures within an entity or sector will cascade to other entities.

We don't know what the impact of Y2K failures worldwide will be on international relations between countries.

We don't how quickly individual entities or countries will be able to recover from infrastructure failures, should they occur. Put slightly differently, we don't know how long it will take to complete Y2K remediation, testing and recertification in the midst of system breakdowns.

---------------------

I could add that we also now know how tremendously competent and successful our government has been, at least until now, in so restraining "panic" that they have nearly eliminated preparation as well.

Given what we know and don't know, full-speed ahead preparation remains at LEAST as prudent today as it was several months ago. Maybe more so, depending on your personal view of what we know and what we don't.

-- BigDog (BigDog@duffer.com), April 05, 1999

Answers

Thanks, BigDog: it does help to have someone attempt to summarize things once in a while.

I generally agree but note you are quite optimistic in your analysis.

One for instance: " We don't know what the impact of Y2K failures worldwide will be on international relations between countries." True, BUT, unless the world changes by 1/00, we've seen what "misunderstandings" or fear has prompted in the past. Is there any reason to believe there will be significant cooperation under duress?

Not arguing, you are stating what we KNOW, but the extremely high probability deductions of what we "don't know" but have much evidence for make the "prudent" preperations you mention extremely imperative.

-- Jon Johnson (narnia4@usa.net), April 05, 1999.

That's pretty sneaky, BigDog, trying to slip a discussion of Y2K into the mix. What do you think this is, a Y2K forum?

Jerry

-- Jerry B (skeptic76@erols.com), April 05, 1999.

Hi ... click on the link to read a mind-blowing article on the Military & Y2K!

Military Computer Numbers! + more ...

xxxxxxxx xxxxxxxx xxxxxx

-- Leska (allaha@earthlink.net), April 05, 1999.

Jon --- I expect that even what "we know" and "don't know" will be chewed over and debated but, you're right, my attempt here was to focus on stuff that is relatively indisputable. I may be optimistic, but if this is optimism, I'd hate to see pessimism!

-- BigDog (BigDog@duffer.com), April 05, 1999.

What we DO know is that the government chooses to downplay potential Y2K problems and suggest minimal preparations, because the "system" as it is, cannot handle a large-scale shift in economic buying patterns.

We DO know that corporations have a vested interest in legally covering their Y2K "exposures."

We DO know very few bureaucrats, politicians and business managers will put their jobs on the line in truth telling for the "greater good."

We DO know that whatever happens, many will be unprepared for it, some will.

We DON'T know how long (duration) or where or how.

What we DON'T know is how "going through" this will or will not change our local world and the greater one. We can only speculate. And learn to rely on our own capabilities and those around us.

Change Happens. Are you ready? For anything?

Diane

-- Diane J. Squire (sacredspaces@yahoo.com), April 05, 1999.

Please cite your sources on your data. In particular, I'd like to know your source on the small business quote.

Mr. Decker

-- Mr. Decker (kcdecker@worldnet.att.net), April 05, 1999.

The small business source data is taken from Gartner, I believe, and is something over 50%. Maybe someone else has the specific number. I don't have it ready to hand. Most of my statements above are trivially true (they have been reported many times, even by mainstream media). Which other ones do you have specific questions about?

-- BigDog (BigDog@duffer.com), April 05, 1999.

We do know that "Koskinen has entered into discussions with a public relations firm to devise a media strategy designed to thwart overreactions to Y2K, including the possibility of bank runs and stockpiling-sparked shortages."

Note that this "media strategy" says nothing about presenting unbiased factual progress and contingency data so that the public might reach their own conclusions as is their right in a free and open society.

-- Nathan (nospam@all.com), April 05, 1999.

Diane and Nathan --- Yes to both of you. One thread, as I recall, cites Yardeni as pretty torqued by the lack of out-front, honest leadership on Y2K at this late date.

Many of us are criticized on this forum for being too skeptical of reported news, yet Koskinen and others are quite explicitly and openly managing Y2K news to put the most positive possible spin on ANY of it, ALL of it, ALL of the time. We do indeed KNOW that.

-- BigDog (BigDog@duffer.com), April 05, 1999.

Big Dog:

[This is really excellent! I'd like to make a couple of comments about what you say we know. Not really disagreements, but...]

We know that a lot of work in general has been done and a lot of work that should have been done by now hasn't been done, especially worldwide.

[Absolutely. We started too late. Many businesses and some whole countries don't seem to have started at all.]

While we can't place an exact number on it, we know that the original estimates that a maximum of 80% mission-critical systems would be fixed worldwide remains valid or optimistic.

[Sounds about right, but depends on another issue you raise here -- what does 'mission critical' mean anyway. No real attempt has been made (that I'm aware of) to distinguish between systems critical for a particular mission, and missions that are themselves critical.]

We know that, with rare exceptions, governments and enterprise-sized businesses are only remediating mission-critical systems. This means that somewhere between 50% and 80% of all computer systems will go untouched.

[Not sure quite what this means. At least in the industrialized world, we've done a fairly complete job of assessment. If by 'untouched' you include systems that either we determined don't deal with dates at all, or have been determined to be obsolete or unnecessary, this 50-85% number seems pessimistic. From my reading, government departments and large businesses are all over the map. Some (a lot more in private than public sector) really are addressing systems further down the critical list. I don't think it's all that rare. It appears to depend on the exact nature of an organization's systems.]

[Interestingly, the article posted on military computers (in another thread) said that half of DoD's nonmisson-critical computers have been repaired. There's a long way to go, but half finished isn't that close to "only" mission-critical systems, which implies NO nonmission- critical systems have been touched.]

We know that there is no standard for defining mission-critical systems.

[Yes and no. This (to me) is a really important issue. There is no line drawn in the sand, with mission-critical on one side and everything else on the other. A more realistic model is a continuum, with the most important system at the top, down to the least important at the bottom. Hopefully, oversight has happened at a high enough organizational level to prioritize among multiple missions. It appears that the 'fix-it line' was first drawn well down the list. When (and if) this turned out not to be feasible, the organization had three choices -- slip the schedule, increase the budget, or raise the line. Or some combination of these. How common it will be that organizations end up raising the 'effective fix-it line' (that is, the subset of systems actually finished in time) above the point where they can continue to function at all, is a wide open question.]

We know that most small and medium-sized businesses state publicly that they will fix on failure.

[Yes, but in most of these cases this isn't as bad as it sounds. For most small and medium sized businesses, their key vulnerability is outside their jurisdiction. They rent their spaces (so can't fix them), they use unmodified packaged software. What's left that they're responsible for is really quite small, and FOF isn't an unreasonable strategy.]

[Did you see that study from Mike McCormack? He pointed out that if you break the last 100 years down into 5-year periods (in the US), the number of businesses that vanished among the Fortune 5000 (died or were acquired) varied from a low of 16% to a high of 25%. And the high didn't happen during the Depression. This strongly implies that the dominoes aren't all that close together.]

We know that, generally, reported budgets continue to rise and that amounts spent against budgets lag when measured against classic IT project requirements (for instance, 50% for adequate testing).

[Important and true. Sigh. My guess is that more than half of all inter-system testing will be done live. The classic smoke test. Interesting times indeed.]

We know that deadlines, taking remediation worldwide, have slipped against earlier estimates.

[Sort of. I think we know that few if any of these deadlines actually represented estimates. They were imposed as a matter of policy, without regard to the scope of the actual task being faced by the imposees. So these slippages don't reflect underestimates so much as they reflect late starts. And the late starts don't reflect underestimates either -- they reflect the fact that the awareness phase was one hell of a big first step in the process. There's only one deadline that isn't artificial.]

We know that independent Y2K audits are rare and, where conducted, point to serious problems that went unrecognized during remediation.

[True, but independent audits on the scale we'd all like to see are a pipedream. This would require an 'audit industry' nearly matching the entire IT/embedded industries in size, and be staffed with people at least as expert, if not moreso, than the people doing the remediation! And I'm not aware of just how serious these problems are that auditors have been finding. I've seen bug counts, but not severity estimates of those bugs. Double-checking (code reviews, whatever) by qualified people is *always* a good idea. Not near enough of this is being done.]

We know that there is not enough time remaining this year for conducting adequate testing worldwide, especially for system and cross-enterprise interfaces.

[Adequate, eh? Hehehe. It was too late for that a year ago. With very few exceptions (finance, banking, some utilities) and those limited, we have chosen to use FOF for inter-system testing.]

We know that embedded system failures remain a wild card, though there is more optimism about limiting them when compared to a year ago.

[My gut feeling is that embedded failures will prove a lot less frequent than first feared, and that workarounds for most of these will prove a lot easier than first feared. AND, that despite this, really catastrophic embedded failures will be all too frequent. Sigh.]

[And we also know that the demand (and salaries) for remediators is dropping fast. It's hard to find work in this area any more. We just don't know what that means. Maybe we really are finishing up, and maybe it's just too late to add new people unfamiliar with the code base.]

[We also know that a lot of anonymouse geeks are expressing confidence with their projects. But we don't know if this is a representative sample. It's been a while since a remediator has told a 'no hope' tale for his/her own project, either here or in csy2k.]

[Finally, let's face it, we know that the observed failure rate so far is astoundingly less than anticipated. We don't know if this is a good sign or not. As Andy says on another thread, we ain't seen nuthin' yet. Let's hope this condition continues for a year or two...]

**********

And for Mr Decker: I've seen survey results on the status and plans of small businesses put out by Gartner, Capers Jones, the SBA, taskforce2000, Action2000, and some outfit in Australia (there may be others). These were all substantially in agreement. I haven't seen any disagreement on this yet.

-- Flint (flintc@mindspring.com), April 05, 1999.

Flint -- You'll note I wasn't trying to interpret WHY mission-critical systems "are" what they are. IMO, both things are happening: some mission-critical systems aren't; some are being dumbed down to meet PR deadlines.

With respect to SME's, I guess the jury is out, especially on their impact post 1/1/2000. While there is always much turn-over of them re macro economy, the kind of disruptive breaks in supply chain that they could cause next year to the big boys still warrant serious concern, I believe.

I am in complete agreement with you that testing (e.g., the lack thereof) is probably the most disturbing aspect of Y2K currently. Frightening, in fact. There's just no historical way to slough off the requirement to test and the known penalties for failing (the endless, "we're still at 90% complete, the &^TY^^$%^$ thing just doesn't work right."

Much though the two of us infuriate each other sometimes, I was thinking today that, compared to those who haven't prepared, both of us are well into the kook-dom league.

The truly infuriating thing starts and ends with the first "KNOWN" fact, as you yourself added to it: "we started too late." Boil it down and that's the experiment that the world's governmental and business leaders decided to run .... without asking.

-- BigDog (BigDog@duffer.com), April 05, 1999.