Billennium's Over - Anything Break?

An Anonymous Coward writes: "The billennium party at OpenProjects.Net rocked! Check out the log for the whole event over here. Please don't forget to use one of the mirrors. Thanks :-)" Well, anyone have anything break due to the rollover?

Re:really small stuff

[Cef]

You could just prepend a 0 to the front of the old filenames, and it'll sort them all correctly.

See what happens when you don't use leading zeros? *grin*

older Kmail (from KDE 1.x) billenium bug

[romanm]

Apparently there is a bug in older version of KMail from KDE 1.x that prevents KMail from correctly displaying the current date since billenium. More information about KMail billenium bug is on www.kde.org.

broken CVSup on FreeBSD

[mbadolato]

Well, anyone have anything break due to the rollover?

This was sent out to the freebsd mailing lists by John Polstra:

This morning a bug was discovered in most versions of CVSup up to and including SNAP_16_1c. The bug causes all newly-updated files to receive incorrect timestamps. Usually the files receive timestamps from early in 1970. This bug has been present for a very long time,
but it only began to have an effect when the Unix representation of the date and time passed 1,000,000,000. That occurred on 9 September
2001 at 01:46:40 UTC. Yes, other people had Y2K bugs, but I managed to produce an S1G bug.

There was more, but that was the jist.

Re:Oh yeah...

[JabberWokky]

MySQL doesn't have a ANSI Date field? Why am not surprised...

It very much does, which brings up the point that the reason many MySQL databases suck is not due to the engine itself, but rather due to the newbies who create them.

--
Evan

Re:really small stuff

[Bronster]

You could just prepend a 0 to the front of the old filenames, and it'll sort them all correctly.

See what happens when you don't use leading zeros? *grin*

So you'd recommend using 000000000000000000000000000000000000access_log.txt
just in case then?

Seriously though, in this case there's a known maximum size of that value, and one more 0 would have been enough (at least until we go 64bit time_t)

Jumping down to shorter values though (say 3 digit long), do you write:

23 387 96 1 12 32 43

or

023 387 096 001 012 032 043

or even
00000023 00000387 00000096 00000001 00000012 00000032 00000043

I vote for realising that you have a numeric value and splitting the int off the start and sorting by that. Bit hard in shell scripts though.

knode

[anshil]

knode (0.4)

The kde news reader now orders incoming messages false. All new messages after the billenium are ordered older than the ones from before.

CVSup got bit by the 1 billion seconds epoch bug

[krausedw]

Updates to Fix the CVSup 1000000000 Second Bug
http://people.freebsd.org/~jdp/s1g/

BTW,

[popeyethesailor]

Thanks for the Log. The commentary was brilliant.

My mail client - pronto broke.

[crazney]

It uses strings of unix time to sort the messages in the message list by date. So after the billenium all new messages where going to the bottom..

Anyway, i've made a small fix, incase anyone wants it..
Put it in MessageList.pm line 530.

# fix for billenium, we want to be able to make sure all string that get sorted are the same length so no boo boo's happen
if (length($row[5]) == 9)
{
my $tmp = $row[5];
$row[5] = "0$tmp";
}

Re:My mail client - pronto broke.

[AdamT]

The only time this matters is in comparisons and sorting. Perl has explicit numeric and string tests for both of these activities.

$a &lt=&gt $b :- sort numericaly
$a cmp $b :- sort as strings

$i lt $j :- compare as strings
$i &lt $j :- compare numericaly

... if someone uses the wrong test they've no one but themselves to blame.

Re:My mail client - pronto broke.

[muhri2]

I just wanted to clarify things a bit here as the reason Pronto broke was not Perl related. It was because Gtk+ (Which I depend on it for sorting) used alpha numeric sorts. I just replaced the default Gtk+ sort routines with my own PERL sort routine and its fixed.

PS, What can I do to get my nickname muhri back? I changed my email since the last time I logged onto slashdot and now I can't seem to get it to mail me my password, I feel like a hotmail user hehe, muhri2!!

Re:My mail client - pronto broke.

[GreyPoopon]

The problem with the billennium bug is that there's a risk that programmers did not allocate enough digits

Actually, I think most of the posts I've read so far indicate not a problem in storage allocation, but instead a problem in sorting -- IE, they used a string sort rather than numeric.

your Python will succeed or fail in an equal number of situations as Perl

Sorry, I disagree. I'm neither a Python nor Perl biggot (don't have much time to devote to either), but the point made in the parent post was that in a strongly typed language like Python, programmers are prevented from using the wrong form of comparison. Yes, Perl has different comparison methods for numeric and string and yes, the programmer has nobody to blame but themselves if they make such a mistake, but having the language do a bit of idiot-proofing will ultimately yield fewer bugs. So no, I don't think there will be an equal number of failures in Python.

Note that I don't think this makes Python "better" or Perl "worse." It's just a feature that needs to be considered when choosing a language for a project.

Canon S10

[AftanGustur]

I haven't had time to fully investigate the cause but the software that came with my Canon S10 digital camera now claims that I took all my pictures on August the 26th (at different times though that day).

The software (is supposed) to read the time from a field in the images .jpg comment field.

The cause could be 1) The software in the camera that stores the dates in the images or 2) the photo viewing software itself. or 3) Something totally different. (Windows ?)

OpenLDAP slave servers completely broken

[che]

I submitted this as a story, but I guess it never got accepted. Ah well..

OpenLDAP has massive breakage both in the 1.2 and 2.x series with the S2G Unix time rollover.

The slurpd server completely fails to push updates from the master server to the slaves, due to string compares of timestamps in 1.2 and a related problem in 2.x. There are patches for both in OpenLDAP CVS.

The problem is detailed in the openldap-bugs mailing list -- it was extremely scary to come to work this morning and find out that all the LDAP servers had stopped pushing updates, causing account creations to fail and mail to bounce!

Re:Anything Break?

[IvyMike]

Nope, there are some more dates with problems prior to 2038, see this list for some of the more important ones. (I saw a more extensive list once during the pre-Y2K buildup, but those web sites have mostly disappeared. Anyone?)

Re:really small stuff

[Zero__Kelvin]

"You could just prepend a 0 to the front of the old filenames, and it'll sort them all correctly."

"See what happens when you don't use leading zeros?*grin*"

Workarounds are for when you can't do it right. In this case the solution is way too simple to merit a workaround. Simply do math on scalar types, not strings. If your language doesn't know the difference never use it for anything again. If you don't know the difference, learn. Simple, see?

Maildir-based IMAP server broke

[Dave+Dribin]

My ISPs IMAP server broke. It used the maildir format and got *really* confused with file names like:

% ls -tr | tail
999878615.18243.pop.xxx.com:2,S*
999882709.76833.pop.xxx.com:2,RS*
999883989.13343.pop.xxx.com:2,S*
999900385.97510.pop.xxx.com:2,S*
999906796.21947.pop.xxx.com:2,S*
999914926.66179.pop.xxx.com:2,S*
999922220.49590.pop.xxx.com:2,S*
999975475.10798.pop.xxx.com:2,S*
1000040737.72591.pop.xxx.com:2,S*
1000062814.85554.pop.xxx.com:2,*

I think it was an old version of uw-imapd with maildir patches.

I wrote a short script to rename all files created before 1,000,000,000 with a leading zero. The resulting file names with "09*" fixed the problem!

-Dave

Notice about seconds overroll

I would like to make your attention on bug which was introduced tonight and can affect some people who are using (var)char field to store timestamp data.

It is not worst security bug. It affects only people who already had bug in their code. Just now this bug become visible/exploitable.

This is not MySQL bug. This is how people use their database. Also similar situation can be found in other software. I would like to inform people in public list as maybe some people have to search similar problems.

The problem: Computers store time and date usually as integer value representing amount of seconds from 1 January 1970. Tonight it overrolled from 999999999 to 1000000000.

Possible bug and exploit relies on fact that some people have used character type of field to store this seconds information (we have already such case)

example:

mysql> create table session (expire varchar(100) not null);
Query OK, 0 rows affected (0.31 sec)

mysql> insert into session values (999999997), (999999998), (999999999),
(1000000000), (1000000001);
Query OK, 5 rows affected (0.00 sec)
Records: 5 Duplicates: 0 Warnings: 0

mysql>
mysql> select * from session;
+------------+
| expire |
+------------+
| 999999997 |
| 999999998 |
| 999999999 |
| 1000000000 |
| 1000000001 |
+------------+
5 rows in set (0.00 sec)

mysql>

Let's assume that this table contains values we use somewhere to authenticate users. After user logs in, we write down session expiry time and later we check it like this:

mysql> select count(*) from session where expire >= '1000032535';
+----------+
| count(*) |
+----------+
| 3 |
+----------+
1 row in set (0.00 sec)

mysql>

WOW, what happened? Shouldn't be 100003253 bigger than any value in table? It worked yesterday!

In MySQL we suggested people to use quotation marks around integer values. This can avoid many web-based attacks targeted to modify SQL commands (more information on http://www.mysql.com/doc/G/e/General_security.html ). This is the reason why people put quotation marks around integer expressions and this is correct. Also automatic type casting will fix the source problem is column data is integer or some time/date vale. But when both column is character type and expression, they get compared as strings. And as we know, strings get sorted in order:

1,11,2,22

but integers:

1.2.11.22

So, this is why 100003253

It is possible that some web applicatons have endless expiry times now and not only in MySQL contexts.

Re:Anything Break?

[Bj�rn+Stenberg]

2,147,483,647 is the biggest number a 32-bit system can register.

Umm, no. That'd be a 31-bit number, as is the case with time_t which is a SIGNED integer. A 32-bit value can hold 2^32-1 = 4,294,967,295.

Can anyone tell me why this is a Real Problem? The obvious solution is to simply change the compilers from:

typedef long time_t;

to:

typedef unsigned long time_t;

And we can merrily keep using time_t on our 32-bit systems until 2106.

Yeah, fubar systems will break. And yeah, we'll have to change some kernel API parameter types. Cry me a river!

Veritas Netbackup

[TBone]

Veritas issued an alert that the indexing on it's backup files was broken - don't remember what it said, but basically everything would show as Jan 1, 1970 00:00:00. The datestamps were right, but the conversion routine for displaying the dates was broken. A patch that fixed the display routine fixed things up.

Re:Anything Break?

[pne]

(I saw a more extensive list once during the pre-Y2K buildup, but those web sites have mostly disappeared. Anyone?)

There's a really extensive one at http://www.merlyn.demon.co.uk/critdate.htm, by J R Stockton.

pine / UW IMAP

[tmu]

We use an older version of UW IMAP ad UW Pine both patched to use Maildir support (because they are too short-sighted to integrate such support themselves).

After the roll-over both programs started mis-sorting newly arrived messages to the top of the folder, rather than the bottom (but newly arrived messages are still sorted below older, within each category of 'before' and 'after' the 1 billion second point). Also getting 'mailbox changed unexpectedly, reloading' messages constantly.

Re:pine / UW IMAP

I'm running Pine 4.33 with Maildir mods. It seems to be a sorting problem, and what I did was add a "0" to beginning of all the 9* filenames.

cd Maildir/foo
for iii in `ls 9*`
do
mv $iii 0$iii
done

A bit easier-to-understand explination.

[NNKK]

Incase someone wants this in a bit plainer english, let me explain. (Thank you, Jesse Liberty)

In C, C++, and probably most other programming languages (I'm not a guru on programming), an integer is either "signed" or "unsigned". They are also either "long" or "short". The reason for the distinctions is primarily memory-related, using a long int (4 bytes) is a waste of memory if you're just going to store say, a number up to 300 in it, in which case a short int would be more appropriate. And if you're only going to store a single byte (such as 1 or 0) there's usualy something like the int type "bool", a 1-byte long int, that allows a 1-byte value to be stored (technicaly this value could be 0 to 9, I'm not sure if negatives are allowed).

An unsigned integer is (rather obviously if you think about it) a positive-only number, you can't have a negative number in an unsigned int (well, you can try, but it'll just wrap around to its maximum value).
an unsigned long int can go from 0 to 4,294,967,295

Now, with time_t, the time is being stored in a signed long int. This can be any value from -2,147,438,648 to 2,147,483,647 (you've just split the area avalible for values between negative and positive) on a 32bit system. Unfortunitely, in 2038, that's no longer enough (DOH!) as the # of seconds from UNIX Epoch will pass the maximum (positive) value of a signed long int, and suddenly our system clocks (on POSIX-compliant, and even some/many non-compliant UNIXish systems) will wrap around to, well, the turn of the century. This is *precisely* what the fear was with Y2K, just further in the future. And this isn't theory based on a couple systems, this is a real fear, because POSIX compliant systems WILL do this. Fortunitely we have ~36 years to solve this problem.

The first solution, and probably the cleanest, is to go to 64bit systems, this transition is just beginning, but personaly I think it will be complete within 30 years... ancient business systems might still have something to worry about (as with Y2K) but I doubt it.

The other, not-as-clean-but-quick-and-simple, solution is to bump the variable holding the time to a signed long int. This could be done by a newbie with a C book, and will allow UNIX time to go to 4,294,967,295, sometime after 2100 (I think it was 2106?). This is a band-aid and doesn't really fix the end problem that what we need is an EFFICIENT dynamicaly allocated int type, but just moving to an unsigned long will buy us time if, for some reason, we haven't fixed these damn problems by 2038.
(I THINK Java has dynamic int variables, but i don't think they're efficient. I'd have to grab an extensive book on Java, and I don't have that kind of time or patience:).

And no, we can't just make infinite-sized variables in our current infrastructure, the first one that got initialized would use all the memory and lock the system :)

Re:A bit easier-to-understand explination.

[Ben+Hutchings]

There are so many errors in this that I find it very worrying that it ever got a score of 4.

• There are several other integer types in C and C++, in particular plain 'int' and 'unsigned int'. These are often equivalent to the corresponding short or long types, but this is not necessarily so.
• The bool type is specific to C++, and it holds a single bit. The number of bytes used for its representation varies between implementations.
• The number of bytes used for a 'long int' also varies between implementations.
• The type that time_t is typedef'd to be also varies between implementations, but it is true that on Unix it is generally a 32-bit signed integer.
• Consequently it is not necessary to use a 64-bit system; only to change the typedef for time_t. Unfortunately this will break a lot of code that was written with the assumption that time_t means int or that it means long or that it can safely be converted to and from that type. Such assumptions were never valid.
• I think you mean to change time_t to be an unsigned long int. This should work since this type is guaranteed to hold at least 32 bits. Unfortunately it would also break a lot of that code written under invalid assumptions.

Actually 4Gigaseconds is the largest for 32bit

[cculianu]

4Gigaseconds is the larges for 32bit ints. However, I'll bet 50% of the programs out there use a signed data type.. :(

Re:Anything Break?

[RuneB]

As a guess, probably because of the way the time() function works.

You can pass a pointer to time(), and it will store the current time in the specified memory location, in addition to returning the value.

What happens when you pass an invalid pointer to the function? errno is supposed to be EFAULT, and thus time() can return -1.

In Linux, system calls directly return the errno as a negative number, and the kernel and libc reserve the first 4095 negative numbers for this purpose. Since time_t is signed, this isn't a problem. However, you would have a problem if you could not distinguish an errno return from a valid return value.

Now, forcing everyone to use gettimeofday() instead of time() would help solve this problem.

billenium non-bug

[Paolomania]

one of my perl scripts that sorted some stuff via timestamp broke over the billenium because i was using "cmp" instead of "<=>". silly me.