Software Engineering. Most software is basically just houses of cards, developed quickly and not maintained properly (to save money ofc). We will see some serious software collapses within our lifetime.
Then you start off fresh going “this time it’s going to be different” but the same fucking things happen and you end up cramming that project in 3 weeks.
(Y2K, i.e. the “year 2000 problem”, affected two digit date formats. Nothing bad happened, but consensus nowadays is that that wasn’t because the issue was overblown, it’s because the issue was recognized and seriously addressed. Lots of already retired or soon retiring programmers came back to fix stuff in ancient software and made bank. In 2038, another very common date format will break. I’d say it’s much more common than 2 digit dates, but 2 digit dates may have been more common in 1985. It’s going to require a massive remediation effort and I hope AI-assisted static analysis will be viable enough to help us by then.)
My dad is a tech in the telecommunications industry. We basically didn’t see him for all of 1999. The fact that nothing happened is because of people working their assess off.
How much software is still running 32 bit binaries that won’t be recompiled because the source code has been lost together with the build instructions, the compiler, and the guy who knew how it worked?
How much software is using int32 instead of time_t, then casting/converting in various creative ways?
How many protocols, serialization formats and structs have 32 bit fields?
The most common date format used internally is “seconds since January 1st, 1970”.
In early 2038, the number of seconds will reach 2^31 which is the biggest number that fits in a certain (also very common) data type. Numbers bigger than that will be interpreted as negative, so instead of January 2038 it will be in December 1901 or so.
Why not just use unsigned int rather than signed int? We rarely have to store times before 1970 in computers and when we do we can just use a different format.
Because that’s how it was initially defined. I’m sure plenty of places use unsigned, which means it might either work correctly for another 68 years… or break because it gets converted to a 32 bit signed somewhere.
Is a website running on WordPress? That’s a system built on failed practices and is constantly attacked. It needs a serious overhauling and possibly replacement, but the software runs a huge majority of websites.
While most instances of WordPress you we’ll find in the wild are insecure and nothing more than bloated garbage. The CMS is actually fairly secure with minimal intervention if you properly configure it on setup and maintain software updates as they continually roll out patches for vulnerabilities as they are discovered.
If you turn off comments and the ability for new users to self-register and throw it on PHP 8.2 with a WAF and enable file write protection it’s actually very robust.
At least when WordPress breaks you have WP-CLI to troubleshoot it
I work for a web hosting company. So many WP sites are out of date with plugins and core. I’ve dealt with many compromised sites. Granted there are auto updates on the WP side and the hosts service, it’s still pretty often.
I also work for a WH. Yeah most idiots don’t do basic maintenance which is why I just rename the dir as xxx.old make a new folder install core and then delete the blank wp-content an copy over the wp-content DB and wp-config.php from the borked install. Takes 10 min rather than 30 to update and fix. I call that the “Doctor Frankenstein” method
As a tech person outside Twitter, looking in: Twitter is metaphorically a huge airliner with one remaining engine, and that engine is pouring smoke.
The clown who caused the first four engines to fail has stepped out of the pilot’s seat, but still has the ability to fire the new pilot, and still has strong convictions on how to fly a plane.
That plane might land safely. But in the tech community, those of us fortunate not to be affected are watching with popcorn, because we expect a spectacular crash.
If anyone reading this is still relying on Twitter - uh, my advice is to start a Mastodon account. Or Myspace or something.
I can’t imagine the shit show it would be if that log4j vulnerability and software update hit Twitter in its current state. I could see shutting off all external web traffic until the overworked devs finish committing while being held up with a visa loaded gun pointed at their head.
Package management is impossible. When a big enough package pushes an update the house of cards eill fall. This causes project packages with greatly outdated versions to exist in production because there is no budget to diagnose and replace packages that are no longer available when a dependency requires a change.
Examples: adminJs or admin bro… one of them. Switched the package used to render rich text fields.
React-scripts or is it create react app, I don’t recall. Back end packages no long work as is on the front end. Or something like that? On huge projects, who’s got the budget to address this to get the project up to date?
This has to be a world wide thing. There is way to many moving targets for every company to have all packages up to date.
It’s only a matter of time before an exploit of some sort is found and who knows what happens from there.
Software Engineering. Most software is basically just houses of cards, developed quickly and not maintained properly (to save money ofc). We will see some serious software collapses within our lifetime.
deleted by creator
Then you start off fresh going “this time it’s going to be different” but the same fucking things happen and you end up cramming that project in 3 weeks.
In the news this week: https://publicapps.caa.co.uk/docs/33/NERL Major Incident Investigation Preliminary Report.pdf
This is unprecedented since, well, January: https://en.wikipedia.org/wiki/2023_FAA_system_outage
Y2038 is my “retirement plan”.
(Y2K, i.e. the “year 2000 problem”, affected two digit date formats. Nothing bad happened, but consensus nowadays is that that wasn’t because the issue was overblown, it’s because the issue was recognized and seriously addressed. Lots of already retired or soon retiring programmers came back to fix stuff in ancient software and made bank. In 2038, another very common date format will break. I’d say it’s much more common than 2 digit dates, but 2 digit dates may have been more common in 1985. It’s going to require a massive remediation effort and I hope AI-assisted static analysis will be viable enough to help us by then.)
My dad is a tech in the telecommunications industry. We basically didn’t see him for all of 1999. The fact that nothing happened is because of people working their assess off.
My dad had to stay in his office with a satellite phone over new years in case shit hit the fan.
My dad still believes the entire Y2K problem was a scam. How do I convince him?
Well my dad does too and he worked his ass off to prevent it. Baby boomers are just stupid as shit, there’s not really much you can do.
deleted by creator
How many UNIX machines in production are still running on machines with 32-bit words, or using a 32-bit time_t?
How much software is still running 32 bit binaries that won’t be recompiled because the source code has been lost together with the build instructions, the compiler, and the guy who knew how it worked?
How much software is using int32 instead of time_t, then casting/converting in various creative ways?
How many protocols, serialization formats and structs have 32 bit fields?
Irrelevant. The question you should ask instead is: how many of those things will still be in use in 15 years.
What is the basis for the 2038 problem?
The most common date format used internally is “seconds since January 1st, 1970”.
In early 2038, the number of seconds will reach 2^31 which is the biggest number that fits in a certain (also very common) data type. Numbers bigger than that will be interpreted as negative, so instead of January 2038 it will be in December 1901 or so.
Huh interesting. Why 2^31? I thought it was done in things like 2^32. We could have pushed this to 2106.
Signed integers. The number indeed goes to 2^32 but the second half is reserved for negative numbers.
With 8 bit numbers for simplicity:
0 means 0.
127 means 127 (last number before 2^(7)).
128 means -128.
255 means -1.
Why not just use unsigned int rather than signed int? We rarely have to store times before 1970 in computers and when we do we can just use a different format.
Because that’s how it was initially defined. I’m sure plenty of places use unsigned, which means it might either work correctly for another 68 years… or break because it gets converted to a 32 bit signed somewhere.
Maybe this is just a big elaborate time travel experiment 68 years in the making?
Windows, Linux, FreeBSD, OpenBSD, NetBSD, and OSX have all already switched to 64 bit time.
So they have a year 202020 bug then
Are there currently any that are showing signs of imminent collapse? (Twitter, maybe?).
Or what are the signs to look for those who are untrained in this field?
Is a website running on WordPress? That’s a system built on failed practices and is constantly attacked. It needs a serious overhauling and possibly replacement, but the software runs a huge majority of websites.
While most instances of WordPress you we’ll find in the wild are insecure and nothing more than bloated garbage. The CMS is actually fairly secure with minimal intervention if you properly configure it on setup and maintain software updates as they continually roll out patches for vulnerabilities as they are discovered.
If you turn off comments and the ability for new users to self-register and throw it on PHP 8.2 with a WAF and enable file write protection it’s actually very robust.
At least when WordPress breaks you have WP-CLI to troubleshoot it
I work for a web hosting company. So many WP sites are out of date with plugins and core. I’ve dealt with many compromised sites. Granted there are auto updates on the WP side and the hosts service, it’s still pretty often.
I also work for a WH. Yeah most idiots don’t do basic maintenance which is why I just rename the dir as xxx.old make a new folder install core and then delete the blank wp-content an copy over the wp-content DB and wp-config.php from the borked install. Takes 10 min rather than 30 to update and fix. I call that the “Doctor Frankenstein” method
Regarding Twitter: yes.
As a tech person outside Twitter, looking in: Twitter is metaphorically a huge airliner with one remaining engine, and that engine is pouring smoke.
The clown who caused the first four engines to fail has stepped out of the pilot’s seat, but still has the ability to fire the new pilot, and still has strong convictions on how to fly a plane.
That plane might land safely. But in the tech community, those of us fortunate not to be affected are watching with popcorn, because we expect a spectacular crash.
If anyone reading this is still relying on Twitter - uh, my advice is to start a Mastodon account. Or Myspace or something.
I can’t imagine the shit show it would be if that log4j vulnerability and software update hit Twitter in its current state. I could see shutting off all external web traffic until the overworked devs finish committing while being held up with a visa loaded gun pointed at their head.
Mostly tge first sign is something like all old .doc files can no longer be opened. So some thing like.
Package management is impossible. When a big enough package pushes an update the house of cards eill fall. This causes project packages with greatly outdated versions to exist in production because there is no budget to diagnose and replace packages that are no longer available when a dependency requires a change.
Examples: adminJs or admin bro… one of them. Switched the package used to render rich text fields.
React-scripts or is it create react app, I don’t recall. Back end packages no long work as is on the front end. Or something like that? On huge projects, who’s got the budget to address this to get the project up to date?
This has to be a world wide thing. There is way to many moving targets for every company to have all packages up to date.
It’s only a matter of time before an exploit of some sort is found and who knows what happens from there.
That’s basically what happened with log4j or whatever that java bug was a few years ago. A lot of things still haven’t been patched.
As an everyday user of software who’s not a developer, this is not a secret. Nothing works well for any extended period of time.
Does leftpad count as a collapse?