Embedded systems and buffer overflow threatgreenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread
Is it just a theory about buffers overflowing in embedded systems or software or is it a well known technical fact that exists? If this is true with the case of the embeds issue, does it only affect non compliant embeds or compliant or both? if this is true about embeds that they are vulnerable with each rollover to overflowing their own buffers then over time we will see more failures even though they are very small now. But as we go through each rollover date Feb 29 and other dates to come could have a negative compounding effect on existing embedded failures and on the economy and this can easily escalate into a global crisis. I just wish to know if overflow of buffers is a known technical fact.
-- Brent Nichols (email@example.com), January 19, 2000
Brent, This item was reported on this forum by Paula Gordon on 11th Jan. See for more information.
So far the claim has not been backed up by anyone here who has had actual embedded programming experience. I might add that none of the embeddeds in any of our power stations here have been programmed to buffer any failed commands.
-- Malcolm Taylor (firstname.lastname@example.org), January 19, 2000.
The TAVA Report also indicates that this is the case within the oil industry. In Pre-Y2K testing and remediation, they found Chevron refineries were having problems with chips buffering and not showing problems until after January 31st.
The Paula Gordon testimony comes from one of the embedded systems engineers who met with John Koskinen in November and who was part of the NIST Report from US Dep't of Commerce. I think that ought to be pretty decent credentials.
OH, btw, it seems that oil is already experiencing these problems. In case you hadn't noticed...we've got refineries now going down right and left. 2 in Venzuela...includes one of the 2 largest in our hemisphere...and both ship their gasoline to the USA. Also we just had a Louisiana refinery blow up last night about 6pm CST. AND Brazil is reporting that a large underwater pipeline just blew a leak big time...500 tonnes estim so far near a Rio beach.
In addition we've had other refineries going down/still down and we've had to Gulf of Mexico refineries in such production problems that they had to go on the open spot markets to buy gas to meet contractual obligations for their wholesalers because their refineries are apparently stopping and starting...they're paying retail to sell to wholesalers at wholesale...don't think that's not costing em some $$$. We also have reports of at least one large Gulf Coast offshore oil platform (multiple wells) go down. Rumors abound now of more well problems. AMOCO's Yorktown Va refer is down, the Motiva refer is down Koch refinery is down, and I've lost track of some of the others.
Hearing reports/rumors of more problems at other west coast refineries involving embeddeds.
Weather at these refineries was mild at the time of problems. Now cold weather has set in and will compound problems for Northeast US.
Then there is the matter of mutiple problems/explosions of Natural Gas pipelines. One oil field reportedly was taken off line. I have not heard if it's come up again yet or not.
Meanwhile, oil is going nuts on the markets and it shouldn't be. With all the refers going down, less demand for oil is needed but yet its going up,up, up.
You'll see links to many of these stories elsewhere on this page or in the new archived parts of the oil section. Stay tuned, there's more news yet to come.
-- RC (email@example.com), January 19, 2000.
It was "a well known technical fact" (Mr CEO) that enough embeddeds would go 'pop' on 1-Jan-1900 to cause outages in (let's see if I remember) 40%-60% of the USA grid for at least a year.
Oh yes, and banks would crash; anyone remember "cascading cross defaults"? We couldn't remediate it. There was just too much code, too much interconnectedness. Fact.
It was inevitable that looting would begin straight away. Social science. Fact.
The UN/Russians/Arabs/Canadians would invade the USA with the full co- operation of Komrade Klinton, and put everyone in Death Camps. We'd be too weak to resist from all the chemicals being sprayed on us.
Political science. Fact.
Own up Brent, you're just fishing. You can't really be that scared of your own shadow. ;)
Sure, it might happen. What do you plan to do about it?
If it's keeping you awake at night, then just switch off your computer.
Why live in fear?
-- Servant (firstname.lastname@example.org), January 19, 2000.
Hey RC! thanks for the post. Your posts are easy to read and clear.
By the way, do know where I can find a link to a listing of oil futures prices?
I posted an email note from a Colombian oil engineer back in November. He went to school with a friend of mine. He was very worried. My friend has emailed him several times since the roll-over and he has not yet responded. I guess he must be real busy.
take care and hang on to your preps! (smile).
-- JoseMiami (email@example.com), January 19, 2000.
Malcom it is good that Power stations did not have chips that buffered failed commands but the oil industry looks like it has chips that buffer failed commands so that could escalate the curve of failures as this week there has been gas pipelines are blowing up left right and center and the oil refineries have been going down one by one, one or two a week, that is most unsuual. I've taken down the failures before the rollover and also after the rollover, it appears the failures are on a slow increase. There is an Unusual amount of gas explosions this week we are halfway through Jan, so far the economy is doing ok and is holding out.
-- Brent Nichols (firstname.lastname@example.org), January 19, 2000.
Buffer overflow can indeed cause problems, notably in the case of the Ariane 5 blowup in June '96. A number needed by the controlling computer for attitude correction was too big for a peripheral navigational processor to fit into the available 16 bits. The peripheral detected this and sent an error code to the controller. The controller interpreted this error code as though it were the navigational info it was expecting, with hilarious consequences.
Sources: choose from the fu ll Report by the Inquiry Board or the summarised highlights.
Footnote: I'd expect the problem of being unable to express a number in the available space to hit with numbers that are powers of 2 like 256, 65536 and so on, rather than powers of 10. Buffer problems don't happen because the processor says "oooh, we're going from 1999 years to 2000...CRASH", they happen when it says "oooh, we're going from 4294967295 to 4294967296 milliseconds. I can't represent 4294967296...CRASH". Leap years and years with lots of zeroes on the end aren't particularly special (and yes, I know about the Tiwai Point smelter).
-- randomdigits (email@example.com), January 19, 2000.
Russians/Arabs/..Canadians. I know this was written in jest but why would you incluse Canadians in this? Just to let you know almost all of the main retailers in Canada are US companies, most of our natural resourses are owned by US firms. And most of our customers for our products are US.So if Canada invades the US it would be the US invading itself. I take exception to this comment even if its in jest, I think as neighbours we try hard to be good ones.
Not nice. Justthinkin
-- justthinkin com (firstname.lastname@example.org), January 19, 2000.
In view of how much we do not know, even about the problems of which we do know, the discussions, that seem to be attempts to estimate possible impacts of embedded buffering, seem very likely to be quite fruitless.
-- Jerry B (email@example.com), January 19, 2000.
P.S. I'm in Oregon.
-- Squirrel Hunter (nuts@need an addre.ss), January 19, 2000.