Possible Y2K problem that has not been addressed

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

There have been many different areas of concern about possible failures. Each has been looked into, worked on and fixed or getting fixed. It seems every area has been covered.

What if there is an area that no one has thought of to look into?

What if there is an area that has been completly missed?Random number generators. As "pi" cannot be programmed into computers, the date is usually used as a base for generating random numbers.

I don't think anyone has looked into possible failures caused by the date generation in random nymber generators hanging up or crashing.

One instance of how this is used is to generate passwords or security codes. If the random number generator uses 010100 will all codes come out the same? Will the RNG's out puts become so predictable that a simulation could be made to make a small amount of possible "codes" that could be used to "hack" into secure areas? If for some reason the "date" the RNG uses goes to all 0's then will the security numbers be accessable to everyone.

I was just thinking and came up with this possible Y2K impact that I have never seen mentioned.

-- Cherri (sams@brigadoon.com), November 11, 1999

Answers

You know Cherri, (as if things weren't scary enough), I've wondered the same thing occasionally. We don't know what we don't know. Even contingency planning is only useful for scenarios you can anticipate.

But what if we all missed something fundamental? Wouldn't be the first time in this business. Your RNG question is something I've never even heard about before, let alone tested and checked for. Can't guess at if it would be a major problem or not.

Hmmm.

I happen to be in Access97 right now (which uses Visual Basic syntax for coding). A look at the Help files yields this:

~~~~~~~~ Randomize Statement

Initializes the random-number generator.

Syntax

Randomize [number]

The optional number argument is a Variant or any valid numeric expression.

Remarks

Randomize uses number to initialize the Rnd function's random-number generator, giving it a new seed value. If you omit number, the value returned by the system timer is used as the new seed value.

If Randomize is not used, the Rnd function (with no arguments) uses the same number as a seed the first time it is called, and thereafter uses the last generated number as a seed value.

Note To repeat sequences of random numbers, call Rnd with a negative argument immediately before using Randomize with a numeric argument. Using Randomize with the same value for number does not repeat the previous sequence.

Timer Function

Returns a Single representing the number of seconds elapsed since midnight.

~~~~~~~~~~

That last sentence interests me. I wonder what will happen on a PC with an unremediated BIOS? What happens when the last "Midnight" it is aware of was 48 hours ago?

I'm not claiming that this is a Horrific New Threat to Our Way Of Life. Just something I never thought of or heard of before. I'm the first to admit that my coding skills pale in comparison with others on this board, but I think Cherri is making an important point. Anyone else think this might be an issue in certain circumstances?

What haven't we thought of?

Like I was looking for something to do....

-- Lewis (aslanshow@yahoo.com), November 11, 1999.


Cherri,
The date only provides a "seed" for the RNG.
Even wrong dates will provide good seeds because
the minute and second data are also used.

-- spider (spider0@usa.net), November 11, 1999.

Good point Spider. Again using the VB example above, (where it is counting the seconds since midnite), the only problem I can see offhand is: is that number validated in any way? What happens if there are more than 86,400 seconds since midnite? (ex: BIOS errors)

the Single data type is defined as:

Single (single-precision floating-point) 4 bytes -3.402823E38 to -1.401298E-45 for negative values;

1.401298E-45 to 3.402823E38 for positive values

3.402823E38 is a damn big number.

I dunno. I can't prove it will be a problem, I'm just bugged (as it were), that I don't ever remember the issue even being raised before.

And are there others?

-- Lewis (aslanshow@yahoo.com), November 11, 1999.


Cherri, I've wondered the same thing. What if something is missed and results in users of the internet to lose their privacy like in the following article.

Sony glitch reveals subscriber e-mail addresses Margaret Kane, ZDNet

A software flaw allowed advertisers to view the e-mail addresses of subscribers to Sony Music Entertainment Corp.'s Infobeat service, the company said. The roughly 2.5 million users who subscribe to Infobeat get a daily e- mail update of music and entertainment news. The newsletter contains advertisements that give special URLs for interested consumers.

"By clicking on select advertisements, certain advertisers had the ability to obtain the e-mail address of the user who clicked on the link," the company said in a letter to subscribers.

Sony said it had recently been informed of the error and had fixed the problem, but advised subscribers to set up passwords for their accounts.

The company said it contacted its advertisers, who "confirmed that they did not collect or use any of this information."

Privacy issues have become a hot topic recently. Last week, RealNetworks (Nasdaq: RNWK) ran into trouble after it was disclosed that the company had been tracking data about the music its customers downloaded.

Today, the Federal Trade Commission and the Commerce Department will host a workshop to review whether online profiling practices invade users' privacy. Advocates last week called for the FTC to order a halt on online profiling pending an investigation.

http://dailynews.yahoo.com/h/zd/19991108/tc/19991108112.html

-- LOON (blooney10@aol.com), November 11, 1999.


Or how about what will happen when you are parked in a parking garage, where you have to push the button to get a timestamped ticket. You leave your car parked there while you are celebrating at some huge New Year's bash, and then you leave the garage at 1:20 AM? How much will you be charged for parking? Huh? I bet no one thought of that...

-- You Knowwho (debunk@doomeridiots.com), November 11, 1999.


Cherri, I think this is the basis for why NERC has as part of its contingency plan (or did at one time) the possibility of a common mode failure. IOW, something wide spread, but presumably not thought of or found and therefore not addressed.

There was also an interesting brainstorming thread on Rick Cowles forum last summer, trying to think of unique ways that electricity might fail next year (other than chips, fuel, terrorism or squirrels). Some of the most bizarre examples were actually real life incidents.

-- Brooks (brooksbie@hotmail.com), November 11, 1999.


I've had a hunch for many months that the real killer Y2K problem will come from some obscure application that no one has even considered. That's the way things often work out.

-- cody (cody@y2ksurvive.com), November 11, 1999.

I've seen it discussed in c.s.y2k. Deja search turned these up looking for: comp.software.year-2000 +random+number+generator

http://www.deja.com/dnquery.xp?DBS=2&VW=&QRY=comp.software.year-2000+%2Brandom%2Bnumber%2Bgenerator&svcclass=dnold

-- Tom Beckner (tbeckner@xout.erols.com), November 11, 1999.


Last night I was going through some boxes of old stuff at my Dad's house and came across one of my old manuals on the Sperry/Univac V-76.

Glancing through it is what brought this to my attention. That mainframe used the date as the seed, as apposed to the seconds from midnight as has been shown here.

If there are any big, common failures it is bound to be by something so simple that everyone has over looked it.

There will be a lot of people smacking their foreheads saying DAMN! I should have seen that!

As for the car being stuck in the garage, just break the gate post, thats what's called a fix on failure workaround *grin*

-- Cherri (sams@brigadoon.com), November 11, 1999.


Or how about what will happen when you are parked in a parking garage, where you have to push the button to get a timestamped ticket. You leave your car parked there while you are celebrating at some huge New Year's bash, and then you leave the garage at 1:20 AM? How much will you be charged for parking? Huh? I bet no one thought of that...

You Knowwho, I must admit that you may have come up with a real money making proposition here. Lets say the parking building is charging $1:00 per hour and you park there at 8:00 pm on 12/31/99. You leave at 1:30 am on 01/01/00. If their computer is not compliant then you have been there for -9330.5 hours, and as you left almost 100 years before you arrived, you are due for a refund of $9330.50.

Malcolm

-- Malcolm Taylor (taylorm@es.co.nz), November 11, 1999.



But if their system calculates the hours in an unsigned integer then the negative sign may be dropped and you will be charged for that many positive hours...

-- You Knowwho (debunk@doomeridiots.com), November 11, 1999.

Tom,

Thanks for the references. It was interesting reading about the different ways people generated random numbers. This basicly answers my question, except if a RNG takes the seconds from 1970 as 70 then what will it do when it encounters 00? Come up with a negitive number? And if a negitive number crashes the program?

Subject:

Re: Random number generation

Date: 1999/05/16

Author: Steve Dover

Posting History

Ken Winters wrote:

>

> Random number generators generally use what is called a "seed" to start

> their sequence (that's right, most are not really random). Often programs

> will use a tic counter (# ticks since system restarted) or time (# seconds

> since 1/1/70), etc. as the input for that seed. The only purpose of this is

> so that the random # generator won't duplicate the same sequence of

> suposedly random number each time the program is run. What this means is

> that, unless Y2K somehow causes the computer to report the exact same time

> every time the program is run (I don't think anyone would claim this as a

> consequence of Y2K) the "seed" will be different on subsequent program

> executions. So it doesn't matter if the time is correct, only that the

> value (be it time or some other changing factor) used as a "seed" varies.

Agreed. One clarification.

*All* (not most) random number generators are not truly random.

It is impossible to have true random numbers generated by computer.



-- Cherri (sams@brigadoon.com), November 12, 1999.


If my calculator isn't malfunctioning there are 876,000 hours in 100 years.

-- Chekyni Toutman (chekyni@safety.net), November 12, 1999.

Impressive.

I always knew Cherri was one of ours.

-- lisa (lisa@work.now), November 12, 1999.


He's a hardware geek. True on the impossible but a sound card and an am receiver tuned to static can get you a pretty random data stream... dump that to a CD (~650megs) and you have a hell of a good start at generating truly random data. Hey, Cherri, sorry about the attitude. I think it has passed.

-- (...@.......), November 13, 1999.


Moderation questions? read the FAQ