Software Glitch Caused 911 Outage For 11 Million People

HughPickens.com writes: Brian Fung reports at the Washington Post that earlier this year emergency services went dark for over six hours for more than 11 million people across seven states. "The outage may have gone unnoticed by some, but for the more than 6,000 people trying to reach help, April 9 may well have been the scariest time of their lives." In a 40-page report (PDF), the FCC found that an entirely preventable software error was responsible for causing 911 service to drop. "It could have been prevented. But it was not," the FCC's report reads. "The causes of this outage highlight vulnerabilities of networks as they transition from the long-familiar methods of reaching 911 to [Internet Protocol]-supported technologies."

On April 9, the software responsible for assigning the identifying code to each incoming 911 call maxed out at a pre-set limit; the counter literally stopped counting at 40 million calls. As a result, the routing system stopped accepting new calls, leading to a bottleneck and a series of cascading failures elsewhere in the 911 infrastructure. Adm. David Simpson, the FCC's chief of public safety and homeland security, says having a single backup does not provide the kind of reliability that is ideal for 911. "Miami is kind of prone to hurricanes. Had a hurricane come at the same time [as the multi-state outage], we would not have had that failover, perhaps. So I think there needs to be more [distribution of 911 capabilities]."

backup for 911

[iggymanz]

have your local police and fire phone numbers in your cell phone and posted next to your land line.

Re:backup for 911

[aaarrrgggh]

Which is kind of ok as long as your problem happens in that area, and there is no actual natural or man-made disaster in play.

A 911 dispatch center has much better resources than a local police or fire department main desk. If you are lucky, they can operate at 10% of the capacity as a proper dispatch center.

The system should be more robust. It has improved dramatically since 9/11 with absurd amounts of cash poured into many facilities, but it can't do everything. An alternative solution is to not expect 9/11 to be robust, but hard to tell if that is a good approach for most communities.

Re:backup for 911

What are you going to do? Shoot the cardiac arrest?

Re:backup for 911

[i+kan+reed]

Have you ever actually called those?

They say "If this is an emergency, please hang up and dial 911".

Re:backup for 911

[Wookact]

The police department in my area has both Emergency and Non-Emergency numbers. It is listed that way in the phone book.

Re:backup for 911

[geantvert]

This is a recording of Archangel calling 911:

Operator: What can I do for you?
Archangel: My friend ... he ... he has a cardiac arrest. I think he is dead.
Operator: Calm down! Go back to your friend and check that he is dead.
Archangel: Ok ... ... ... PAN ... ...
Archangel: I confirm! He is dead now.

Re:backup for 911

[iggymanz]

use your brain, you have no point

Re:backup for 911

[iggymanz]

wow, do tell how your gun delivers babies, provides oxygen to elderly, puts out fires. For that matter, it won't even stop a crime at your vacationing neighbor's house without likely sending you to prison.

I love firearms but brainless people with guns are a big problem.

Re:backup for 911

[Russ1642]

They also list their dispatch numbers. That's what you call when you want to report a non-emergency. For example, I called it to report a completely wasted drunk lady causing a disturbance. Not quite enough to call 911 but I wanted to report her before she wandered into traffic.

Re:backup for 911

[tlhIngan]

It actually is as part of 911-NG (next generation) which is meant to better handle next-generation telephony systems as well. Right now cellphones and VoIP 911 is more of a hack than anything in the current system, while the next-gen system switches to a completely VoIP (over a private network) system with failover and tagging and all that.

So the next-gen system will allow 911 to be contacted in many ways, including texts and SMS, VoIP (both private and internet), POTS, cellphones and all sorts of other mechanisms. And support for metadata is better, so GPS location information is available to everything (right now positional information is a hack for cellphones and non-existent for VoIP which often relies on just sending the subscriber's address info).

And load balancing as well - a center can go down and its calls get switched transparently to another center to take the excess with all the information the local center had being displayed as well (it's metadata is forwarded with the call).

Of course, it's supposed to only be deployed in a few year's time because it's a massive overhaul - it's going from circuit switched (POTS primary) to a packet switched (POTS secondary, but compatible) network and all that.

http://en.wikipedia.org/wiki/N...

Re:backup for 911

[David_W]

Or failing that, do what we used to do before 911 was implemented in our town: Call the operator, tell them who you want (police, fire, ambulance) and that it is an emergency. Not quite as effective since it lacks the central control 911 has, but it generally works. (And in some areas the operator may have the back-end number for 911 and can transfer you to that, which could also work.)

Re:backup for 911

[Shadowhawk]

What is this land line you speak of?

Re:backup for 911

[Charliemopps]

have your local police and fire phone numbers in your cell phone and posted next to your land line.

That is a great idea.
But, I used to handle 911 outages. Most 911 outages are due to cable cuts, which would often leave those facilities unreachable as well.

I'd say that if your phone works, and you can't call 911 or the local hospital, you should assume the trunk leading to those services (foolishly all usually located next to each other) is cut or damaged. So your next best bet would be to call a NON-LOCAL ER. i.e. Call the next town over. Just because downtown is broken doesn't mean the trunk leading to the next exchange is as well. We'd often route that way ourselves until it was fixed. So if you can call there, then they can radio to your local EMTs.

Also, a lot of times the local network is made up of all of these trunks, but your internet connection heads strait out of town. You might have better luck making a voip call or sending an email. A relative may be able to reach someone when you can't, etc... Text messages might be a good route as well, they are handled entirely different (though I've never dealt with that tech myself so take that with a grain of salt.)

Re:backup for 911

[i+kan+reed]

I think I specifically have a point that they're not a substitute for emergency calls.

Re:backup for 911

[sremick]

What landline?

If you care enough about 911 and emergency situations to be reading this article, and you don't have a landline, then that's on you for being irresponsible. People spend more on texting than it costs to have a landline. No excuses.

The monthly cost of a landline is cheap insurance in the event of an emergency. Cell towers go down, fail, become over-congested, and cell phone batteries die.

Re:backup for 911

[davester666]

No, you shoot AGAINST the wind, not with it.

Re:backup for 911

[Archangel+Michael]

For the idiots that don't comprehend because their rose tinted liberal glasses don't work, here is the relevant portion highlighted:

Have a gun. In a real emergency, the police are too busy to help everyone.

You see, you're deliberately changing the parameters to make fun of me. I get it, you're too stupid to have a valid argument against what I actually said, in context, so you change the context. The reality is, it makes you look stupid.

But okay, lets go with the hypothetical "cardiac arrest" mentioned below. Okay, you're cardiac arrest is because your shop is being overrun by a mob of thugs on a rampage, do you think that calling 911 for an ambulance is going to help you while they are rioting in the street outside your shop?

If you're going to change the parameters, so can I.

Re:backup for 911

[umghhh]

if you shoot a fire maniac before he manages to start the fire then a gun helps indeed. Not sure how that goes for delivering babies - shoot a man before he ejaculates? but you would have to know this in advance, hmm

Re: backup for 911

[umghhh]

but interwebs were designed to survive nuclear holocaust not some small emergency. If a nuclear holocaust occurs they will still be operating I am sure....

Re:backup for 911

[umghhh]

if you had a gun as one proposed you could have shoot her which kinds of proves the point of rather having population all armed instead of spending money on 911 and some other commie crap.

Re:backup for 911

[umghhh]

Now seriously. For years already my landline is an IP device that does some fancy SIP messaging. It does not even have its power supply coming from the line - it is all coming from the power supply of a DLS modem. I am not even sure if I could get this old fashion phone line anywhere in Europe except maybe in UK but this is not Europe so it does not count. I recall there was some research (or exercise) on this last year (in Germany) where they found out that switch to fully digital communication of emergency services made their communication capabilities extend for maybe 10h or so in case of complete blackout. It used to be days - If memory serves well, then old digital telephony exchange had to have batteries for 2 days of service or so, but I am an old fart so maybe that is a result of my Alzheimer. Actually that is the trend in all other areas (alzheimer and short term abilities to sustain service under duress). We assume that the rest of the world stays online and is able to help. If disaster strikes province in which I live and all surrounding ones and quarantine is assumed - we will have no food in two days or so - thanx to JIT delivery. The same with fuel and water. VW had to stop production after a few days of stopped air traffic (Island vulcano with odd and lengthy name exploded at the wrong moment). UK gov had to call in army after 100 or 200 hauliers went on strike few years back - no fuel and JIT delivery of food etc. This has something to do with computers and interwebs indeed.

The problem like the one in TFA has become a big problem because you do not you have a dispatcher in your county and each county but one for 7 states so any small glitch that happens will cause significant misery. Redundancy has to be built in. Sadly everytime I hear redundancy I see all the L2 loops of the past.

Re:backup for 911

[umghhh]

so if there is no emergency calls what then? we all go suck your dick because we have to follow some rule that assumes emergency calls work? let us say that 30% of those 6k people that could not reach emergency number came to your dick for sucking you will be terribly sorry for expressing silly views on how the rules are superior to reality.

Re:backup for 911

[K.+S.+Kyosuke]

I've heard of some cases of crimes in progress where the 911 refused to send anyone saying that there were no units available, so the guy called again and said he was going to shoot the people in question, and suddenly, a unit appeared within five minutes! Apparently, it works like magic...

Re:backup for 911

[Cramer]

Right, so I can pay $30+ per month for something I might use once in my lifetime, or $20/mo for unlimited text that I [i]will[/i] use every day. You failed elementary school math, didn't you?

(Also factor in the number of LECs (read: Verizon, and AT&T) doing everything they can to do away with POTS, and it's even more a waste of money. FYI, if you have FiOS, your copper loop was removed, and is forever more not an option.)

Re:backup for 911

[Cramer]

30 years ago, MAYBE. Today, "0" could be answered by a call center anywhere. Your call a) might not be answered by a human at all, or b) might not be answered by someone on the same continent.

Re:backup for 911

[dgatwood]

Sounds like a variant of a famous joke.

Operator: 911. What is your emergency?
Hunter: My hunting partner just had a heart attack. I think he's dead.
Operator: Go make sure.
[sound of a gunshot]
Hunter: Okay. Now what?

Re:backup for 911

[dgatwood]

The monthly cost of a landline is cheap insurance in the event of an emergency. Cell towers go down, fail, become over-congested, and cell phone batteries die.

Not around here. I'm paying about $40 per month for a nearly bare-bones land line (only Caller ID). Even if I were on a $0.35 per text plan, I'd spend more money on that land line every month than I would on texting for ten years. Cheap, it ain't.

Re:backup for 911

[antdude]

What if one travels a lot in USA? 911 does local ones. Can 411 go to 911?

Re:backup for 911

[cyberchondriac]

Sounds like a variant of a famous joke.

Operator: 911. What is your emergency? Hunter: My hunting partner just had a heart attack. I think he's dead. Operator: Go make sure. [sound of a gunshot] Hunter: Okay. Now what?

Yep, this is the right way to phrase it, makes more sense this way.

Re:backup for 911

[cheater512]

And the brain size seems inversely proportional to the number of guns. At least it seems that way viewing from a safe distance (Australia).

Re:backup for 911

[ShaunC]

If you care enough about 911 and emergency situations to be reading this article, and you don't have a landline, then that's on you for being irresponsible. People spend more on texting than it costs to have a landline.

Every line in the US is required by law to be able to dial 911, even if you aren't paying for any service at all. This applies to landlines and cellphones. I often keep the police scanner on as background noise, and I can say at least a quarter of the 911 calls in Memphis originate from disconnected cell phones. If your landline gets a dial tone or your cellphone is charged and has a signal, you can dial 911 whether you have a phone plan or not.

Of course that doesn't help in the event of a 911 outage but those are, fortunately, quite rare. I can't justify $50 a month to pay for landline service in the extremely unlikely event that both the cell network and the local 911 network go down. If something like that occurs, there's been a catastrophic event on a scale where emergency officials aren't going to be much help anyway.

Re:backup for 911

[evilviper]

In FIOS areas, it's no longer possible to get a POTS landline. You can get a phone service over FIOS, but it's subject to wall-power being available, and you're using the same E-911 system as normal VoIP or cell phone services, anyhow. It's the FCC that's to blame for me not having a landline.

Also, there's no reason cellular 911 service shouldn't be ultra-reliable. There are 4 different nationwide carriers in the US. What are the odds that all 4 of them will have ALL their overlapping cell towers in an area knocked-out? That does happen, today, but ONLY because the FCC pussied-out on requiring them to have backup generators in each cell tower, and lets them just keep a few backup batteries in there for short power outages.

And if some event damages the fiber-optic line to my house, there's no chance I'm fixing it... At least with a cell phone I have the option of climbing onto higher-ground and trying to get a signal from a more remote tower, or even just SMS texting emergency services (coming real-soon-now) and hoping.

With ad-hoc WiFi in cell phones, people may soon be able to self-assemble into their own wireless network that spans whole cities, after a disaster knocks-out all other local service. Try that with your land-line.

Re:backup for 911

[sremick]

Also, there's no reason cellular 911 service shouldn't be ultra-reliable.

http://www.mychamplainvalley.c...

What are the odds that all 4 of them will have ALL their overlapping cell towers in an area knocked-out?

What are the odds your family isn't all on a single cellular carrier, making you unable to take advantage of such redundancy?

Re:backup for 911

[dcw3]

In FIOS areas, it's no longer possible to get a POTS landline.

Hmmm. My home, built in 2001, originally had a Verizon landline. FIOS has been available here for several years, but I never signed up for that (we use cable for everything else). When our power drops out, the old landline still works just fine. Are you saying that just new installations are affected?

Re:backup for 911

[iggymanz]

Wrong, in the USA there is very high per capita ownership of guns in nice areas with no crime. It takes a lot of money to own and maintain firearms.

Fear the inner city punk with just one. Most the gun crime (and rape, armed robbery, etc.) is done in inner cities by a couple of subcultures with no respect for life and property.

Re:backup for 911

[kmoser]

And the brain size seems inversely proportional to the number of guns. At least it seems that way viewing from a safe distance (Australia).

That ratio is usually more closely related to an organ located a bit closer to the middle of the body. (The same organ whose size is inversely proportional to the size of one's SUV or to the speed and price of one's sports car.)

Re:backup for 911

[iggymanz]

This is my rifle (raise weapon),
this is my GUN (grab crotch),
this is for fighting,
THIS is for fun

Re:backup for 911

[evilviper]

What are the odds your family isn't all on a single cellular carrier, making you unable to take advantage of such redundancy?

Verizon and Sprint are compatible, while AT&T and T-Mobile are compatible. And with them all switching to LTE, it's likely they will all be mutually compatible in a few more years, when manufacturers start selling multi-band LTE phones.

Most every post-paid cellular plan includes voice roaming. Even if you're not paying for roaming normally, when you dial 911, all restrictions are dropped, and your cell will connect to any available tower from any provider that it can.

Why 40 millions?

[AqD]

40 millions doesn't seem to cross any boundary?

Re:Why 40 millions?

Probably crosses a licensing boundary. Beats me!

"We're sorry, your 911 call centre didn't pay their software licensing fee this month. Please call 1-800-RU-LEGIT and report this instance."

Re:Why 40 millions?

[Archtech]

The word "architecture" is bandied around a lot, partly because it sounds so important. But if architecture means anything, it should include scoping out ALL limits embedded in the software or adjustable through a UI. At the very least the limits should be documented in such a way that those responsible for managing and maintaining the system are fully aware of them at all times. Because they are just as important as the speed at which your car will come off the road when you drive round a tight bend.

Ideally, resources permitting, a better solution should be systematically adopted. Such as having the software itself warn (in good time) that a built-in limit is being approached. Or simply allocating a type that can store numbers vastly greater than could ever conceivably arise. This, of course, is one of the useful aspects of strong typing: before using any variable, you MUST specify its type, and a good programmer will learn to stop at that point and find out what the requirement is.

Re:Why 40 millions?

[pushing-robot]

I think I found the offending code:

static unsigned int counter[640] // ought to be enough

...

void countcall() {
    int i;
    for (i = 0; counter[i] = 65535; i++) {} // skip the ones we filled up
    counter[i]++;
}

Re:Why 40 millions?

[umghhh]

this is OT but this and other SW faults of a kid are getting more and more common because we value working software over comprehensive documentation without understanding what the hell that means thus we do not have either.

Re:Why 40 millions?

[umghhh]

Sir you are damned naive. We have no money for shit like reason and qa. potentially shippable product will be shipped as soon as it compiles and sometimes even without fulfilling this requirement. Actually in a project I work for we reached release and discuss happily faults on a fault list while a customer on which our industrial application got installed for testing gave us another very short but not empty list with faults that it sees as a show stoppers. The lists do not overlap on any single point. Which of the lists would you start discussing at the release meeting? Yes bravo - the ones on the little problems list. I actually had some designers denying that the customer list existed, that the faults on the list existed and one stubborn guy claimed that the problems on the list have been fixed albeit question about how that was verified was left without answer. The funny thing is - 2 of these faults I have seen before even the preliminary software version our customer got was packaged. Now you say this is anecdotal and has no bearing on wider production practice - I dare to differ on that based on experience I had over last 10y.

I agree with you at least as far as to say that if need be such considerations have to be made at some point during development. Often enough they are not because people live their fantasy of craftsmanship or being an artisan doing some fancy stuff where hard rules of reality do not apply.

In other words: there are no requirements in the jungle. There is only you and your agile team in search of holy Grail of software development practice (BTW: I think agile manifesto is actually nicely organized set of principles of what is important but none of the agilists I worked for over the years, did actually read it).

killbots have a preset kill limit

You see, killbots have a preset kill limit. Knowing their weakness, I sent wave after wave of my own men at them until they reached their limit

OMG, we ran out of numbers

[alen]

sounds like some dummy read a best practices and conserve the resources book and made a column an interger data type instead of big interger. or whatever the corresponding names are for Oracle or non-MSSQL. some auto process or identity column creates the keys and it reached the max amount. and it wasn't set up to use negative numbers either

cities themselves have limited service.

[nimbius]

While you might find 911 service operable and efficient in the burbs, cash strapped cities with large populations like Miami run out of operators before they run out of capacity. dialing 911 in Cincinnati for example, or any other major city in the rust belt, results in a pre-recorded message instructing you to stay on the line and wait for the next available operator. Its a fun joke to make on sitcoms, but when you've actually in danger its not. Having been backed over on a motorcycle by a truck, I was at the mercy of this hold system for nearly 10 minutes in a busy downtown intersection.

Re:Hint

[Russ1642]

That's just about the most ridiculous thing I've heard here in a while.

possible solution, fallback to voicemail

Thank you for calling Springfield RescuePhone!
if you know the name of the crime being committed, press one!
To choose from a list of felonies press two!
If you are being murdered or are calling from a rotary phone please stay on the line!

Entirely preventable software error

[Thanshin]

An entirely preventable software error was responsible for causing 911 service to drop. "It could have been prevented. But it was not,"

So, let us be clear. The error, was not simply preventable but absolutely and completely preventable in all cases. There was no impediment to prevent it. Its prevention was not only possible but also within the reach of any error prevention effort or action. It could have been prevented.

The preventability of the error was absolute. No situation, fictive or factual, in this or other world, would allow a situation in which this error was not preventable.

Finally, it's important to note that the eventual series of events that would lead to the fully avoidable non-prevention of this error, would be unfortunate.

Re: Entirely preventable software error

[cdrudge]

All kidding aside, when I read that line I wondered what type of software error isn't preventable. There's things that are easily preventable and should be thought of, but ANYTHING is "entirely preventable".

Re: Entirely preventable software error

[danlip]

Bad wording. Perhaps "obvious and preventable" would have been better (and why does the counter not go to at least max int, e.g. 2^31-1 = 2,147,483,647).

preventable software error

[tomhath]

the FCC found that an entirely preventable software error was responsible for causing 911 service to drop

As opposed to what? An entirely unpreventable software error? Sounds more like a configuration issue than a software error anyway.

Failure started at the Administrative level....

[Lumpy]

It's the fault of the administrators to begin with. I am friends with one of the technical advisors for the midwest EOC and the problem is that the administrators dont know their ass from a hole in the ground and ignore their tech guys and listen to the vendors.

He has been screaming for all call centers to have analog failover, but the administrators refuse to hear it.

So who is to blame for the failures? That top moron of Homeland security. IT would have been in place if he would realize that he is not an expert and to actually LISTEN to the experts in the field.

Re:Failure started at the Administrative level....

[uksv29]

I'm not convinced you need an analogue failover but you do need fully duplicated systems right down to the power subsystems and cables which you periodically switch between. There is no point having a backup if you don't use it on a regular schedule to be sure it is working properly.

The solutions are not all technical, you have to be monitoring them properly with the right people who are motivated and properly trained. You also need the proper organisational processes .

I've seen NOCs on emergency service networks where the staff on duty have been asleep or out of the room for long periods. Motivation, training and accountability are frequently not given the importance that they deserve.

Re:Failure started at the Administrative level....

[uksv29]

I've been specifying emergency service systems for over 10 years, duplication, monitoring, management and processes are always at the top of the list.

Re:Failure started at the Administrative level....

[Hognoxious]

they could have talked to each other over a simplex analog channel.

10-1 to that good buddy, got me a smoky on my six, what's your 20 come back?

Typical government waste and inefficiency.

[140Mandak262Jamuna]

11 million people, 24/7/365 etc works out to 96.360 billion citizen-hours per year. Assuming these 40 million calls all happened this year and each call took place one full hour each, it works out to a load factor of 0.04%. In other words citizens are NOT calling 911, 99.96% of their time. Since most 911 calls do not last an hour the load factor is even lower than that. This is how over built and inefficient government services are.

If a private railroad owns rolling stock that would occupy, say 10 miles of track, but actually owns 2000 miles of track, it is no skin off your nose. Your taxes are not funding it. But if the government is running that railroad, we should restrict the total track length owned by the government to the actual track required by those rail cars and not an inch more.

That is how we reduce the size of the government, reduce deficits and reduce taxes. When will America see the logic here?

Re:Typical government waste and inefficiency.

[sribe]

This is how over built and inefficient government services are.

That was one of the most stupid nonsensical posts I have ever seen here. You calculated the "load factor" based on each of 11,000,000 people instead of on the number of 911 operators.

And of course that's not even counting the fact that 911 services pretty much need to be provisioned to handle *peak* loads, not average (nor even median).

Re:Typical government waste and inefficiency.

[140Mandak262Jamuna]

I have failed miserably looks like. Even adding the bit about railway rolling stock did not help. Well, that is the problem when you speak with a tongue in the cheek. You end up chewing your own tongue.

Re:Typical government waste and inefficiency.

[sribe]

I have failed miserably looks like. Even adding the bit about railway rolling stock did not help. Well, that is the problem when you speak with a tongue in the cheek. You end up chewing your own tongue.

That was meant to be tongue in cheek? Oh, OK then ;-)

Problem is, it's election season, and what you said there was really not much different than some of the bullshit that we're inundated with nightly on TV commercials, and flyers in the mail. My favorite so far is the one accusing a Democrat of attempting to "replace Medicare with a completely government-run system". Uhhhmmm, excuse me???

Re:Typical government waste and inefficiency.

[140Mandak262Jamuna]

I don't blame you, politicians, especially the Republicans have gone so far out, it is nearly impossible to parody them by exaggerating anything they say or do. No wonder Jon Stewart and Steven Colbert are reduce playing back their footage unmodified and make faces.

Re:This is why you use unsigned integers

[mrchaotica]

Brb, committing seppuku

Wait, what?

Re:Hint

[Archtech]

Don't do critical things in hastily-written, poorly designed software. Instead, take sufficient time and make the design and implementation robust. Tried and tested methods exist for all of this. (Consider avionics, for example).

This will have impacted the outcome of incidents

[uksv29]

If calls are lost then help is delayed. This impacts the outcome of incidents.

I'm not saying that people died because of this but I'm absolutely certain that there were some who suffered worse injury and losses because of the delays. Loss of 6,000 calls will result in a lot of hurt.

Like so many other issues, it wasn't a single fault but a chain of events. In this case there was a software failure but the fault monitoring systems and support services failed to immediately note that there were no calls going through the affected systems. A change from 1,000 calls per hour to zero should be pretty obvious.

They didn't appear to have a credible mitigation process to handle this sort of failure like diverting calls to another location. This could have been automated or manually initiated by the NOC operators.

Shit happens in all systems, the important thing is how you deal with problems.

I used to handle this...

[Charliemopps]

I used to work in the NOC for a large Telco and we'd handle 911 outages. Usually 911 goes down because the entire networks down. Like the switch failed, or the trunk from one area that leads to the area the 911 center is in would get cut. Most of this stuff is in a ring so there's usually an alternate route, but in some areas that's not physically possible. For example a remote mountain town with a single road in, would likely have its only trunk running along that same road and it'd get cut all the time as the road constantly needed repair. Chose where you live wisely.

We'd handle this in different ways depending on the situation. For example, if we had 4 trunks that could handle 4X number of calls, and 3 got cut so it could only handle 1X, we could actually prioritize certain numbers so 911 and emergency services would get priority. If the trunk leading to the 911 center failed, we could do something like re-route the calls to the local police dispatcher who literally had no warning and would suddenly have their phone ringing off the hook. You may say "you should warn them!" but our policy was "Get it done" because who's dieing while you're arguing with the dispatcher about how her days going to suck?

The most important skill you can have in any NOC is your ability to triage problems. That term comes from the medical world but it's just networking equipment... until you get into the situation I was in. And you're making triage decisions that could actually result in death. These were real engineers that really cared and did what they could. But when you have an area ravaged by hurricane and you tell the tech to put gas in generator 1 instead of 2, because you've been up for 30hrs strait... and a remote goes down so they can't call 911? I just couldn't detach myself from that. I took a pay cut to leave. A lot of people floated through that job, it wasn't just me. It takes a special kind of person that can detach themselves from the consequences of their decisions.

Single Point Failure

[PPH]

For 911 services in 7 states? Set aside issues about the backup system for the moment (which may be a second server in the same data center): Why do all the 911 calls have to funnel through a single system? Emergency services are largely local. Not many people have to make 911 calls across a large region. So why isn't the energency call routing handled by local systems? And calls routed to local service centers?

Even if there was a common software glitch in all the handling systems, I doubt everyone would hit some call limit in a database field simultaneously.

Re:Single Point Failure

[PPH]

Actually there are mirrored data centers

OK. That fixes an event that can take one data center out*. But why mirrored? Why aren't these systems distributed and colocated with the municipalities that they serve? And why a globally unique call ID that overflows at 4E7 records?

* I helped develop a system that achieved its reliability through the use of distributed servers. And then had the IT people put all the servers in one rack, in one building. For cost savings, of course. The building sits right on top of the Seattle fault. So you'll have to excuse me when I don't take details like this for granted.

Okay, I've been doing this for 30-something years

[Trailer+Trash]

And the number "40,000,000" doesn't come up on my list of "potential overflows to watch out for". What's special about 40 million?

I see a suspicious bag full of ebola-laced bombs

[timothy]

At least there are no current / recent worries what might make someone want to call 911 ...

Actually, it's an interesting question -- just what is the threshold? Suspected ebola vomit? Suspicious bag on suburban street? Seems like it would be a very easy system to game, or even to unintentionally render useless. Takes a lot of goodwill and good behavior, all around.

I took a CPR class last night, and the instructor (a firefighter in his dayjob) basically encouraged people to use 911 more, even for things about which the caller might be on the fence. "We'll sort it out. Don't call about your kid's math homework, but don't *not* call because you're not sure it's serious enough" was the gist.

I've called 911 quite a few times, or asked others to (hypothermia case, guy on railroad tracks, gun shots, more gunshots, drunk drivers, etc), now I wonder what the mean / mode is for that ;)

Re:Okay, I've been doing this for 30-something yea

[danlip]

As near as I can tell from the TFA somebody just put an arbitrary limit of 40 million in the code somewhere. Would be nice to have more technical details.

Re:Or you can do like before there were phones...

[umghhh]

and they were dying like flies for millennia too. we have arranged and are paying for these services to help us out when need be. Some of those things that happen (fire or stroke) can kill or maim if not dealt with fast. This said it is indeed true that you need to accept that accidents happen also to such emergency centers. You can also expect that in this day and age such centers are handled in a way assuring redundancy. There many things that failed apparently. This is an occasion to improve. For some it is occasion to course and blame game (Putin would be a nice candidate to blame). For you this is just a statement of surprise why others are so shocked.

Re:Hint

[cyberchondriac]

Well, what the gp suggests is pretty much impossible, but the truth is, software *is* the weakest link. OSes and apps are never or rarely bug free, and each new patch often introduces new bugs. Some things, like OSes, have tens of millions of lines of code, and where just a missing or misplaced semicolon can wreak random havoc, that's practically a guaranteed problem waiting to happen.
Flexibility is proportional to complexity, and inversely proportional to reliability/stability. Dedicated hardware devices are the most stable, followed by firmware driven appliances. I've been in IT (repair, then administration) for about 20 years now, which is a fair amount of time, and I've seen far fewer hardware issues than I ever have with software.
Then there are the issues of security; Windows, for one example, has been around for two and a half decades now, and there are still numerous bug fixes and security patches released on a weekly basis. It is permanently flawed.

I sometimes wonder if it's really a language thing. I'm not a developer though. High level coding (that I'm aware of anyway) is in English, yet there is a pervasive attitude these days, even here at /. among IT and science people, against "grammar nazis", with the frequent defense of "you know what I meant". Well, computers don't know. And recently I've seen a surprising number of typos in SuSE/SLES conf file comments and whatnot.. it makes me wonder if developers are screwing up in the code too, syntactically.