Slashdot Mirror
Bringing E-Com Sites Down for Y2K?
dlb asks: "With Jan 1, 2000 just days away, the large wholesaler that employs me made the decision to disconnect our e-com web site from the rest of the 'Net. This was a heated debate for the past two months in the upper ranks between the paranoid and those who believe that bringing the site down manually is no different than some external entity creating the DoS for us (not to mention the loss of sales). For the other IT Professionals out there, are your companies bringing their sites offline this weekend? Why or why not?" Well, I guess if you are going to buy the hype, it's better safe than sorry, right?
I work for Investment Challenge, a somewhat-large stock market simulation provider. We're confident that our machines won't break, and will be leaving them connected to the rest of the net. I won't be here tonight, but certainly another of the techies will, and I'll have my cel phone on, Just In Case [tm]
I'm hoping that I won't be let down, and that Big Brother won't disturb my party.
- In Capitalist America, law violates YOU!
Posted by Cliff on Friday December 31, @01:28PM (PST)
dlb asks: "With Jan 1, 2000 just days away..."
Days away?!?! Slashdot needs to post stories much faster.
Anonymous Hay goes in and I come out...
It's New Year's Day. What sales did they think they were going to generate ANYWAY? Everyone will be recovering from their hangovers, watching TV, or doing something TOTALLY unproductive.
"normal" stores close on New Year's Day and don't seem to suffer any significant impact, right? I figure it like this: if one day per year is going to actually MATTER in your finances, it is time to quit using the company AMEX for those $1000-a-night strip club outings. Sheesh.
Of course, it's an NT server and it's for a group of about 60 people who work standard 40 hour weeks on the weekdays. I'm more concerned about power fluctuations because our site pulls a lot of juice.
Now the Linux server I use for my websites and mail (not at work!) is staying up....
--
how to invest, a novice's guide
Assuming you did your homework and you know the site doesn't have any date problems, why would you take it down?
An internet connected host should be secured anyway, so what's the big deal (other then Year 2000 paranoia)???
I think it's pretty unprofessional to treat this weekend any different from any other end of year.
In my mind, there's no doubt that this is the equivalent of a DoS. My question is this: is the site being brought down for a specific reason, or is it just vague paranoia? If the latter, then the bringer-down is responsible for any lost business. 'Something bad might happen, but I'm not sure what' would be an acceptable excuse for a mall owner to lock the front gates, and it shouldn't be acceptable for an ISnon-P.
I went to check on something there, and was faced with a 1960s style television test signal image, saying that VW.com is off the air until the night passed.
As an aside, I want to make a personal thank you to the Volkswagen Corporation... all through this year I'd been dreading the inevitable marketing hype about "The most anticipated event, the new Millennium Bug," or "the VW2K." Never saw a license plate Y2KBUG or anything. Kudos to avoiding schlock advertising![
if you're in the website business, your number one priority is keeping that site going.
We shut down all (including Linux) of our Intel-based desktops out of (BIOS) rollover and virus concerns. We left our servers, UNIX workstations, settops and Macs running.
I work for a research corporation so fortunately we didn't have any customers with which to deal. We get to spend New Year's Eve with our friends, families or strangers in Union Square.
/*slightly offtopic
Early reports indicate few Y2K problems. (Those places that are actually having problems can't really report them--can they?)
I'm waiting until it hits Eastern Europe before I sound the all clear.
*/
--Al
Thank god porn sites are still working. I'll be doing what I've been doing every new years for the past 4 years if you get my drift.
The company I work for never mentioned bringing our e-commerce site down. However, we (unfortunately) have it hosted at cihost, so we don't have much choice in the matter . . .
I work at a university and we were ordered to shut down all computers during new year. We left a few running though just to see if this order was really necessary... The only thing that bothers me is that my SETI@home stats will suffer from this shutdown!
---
--
If I actually could spell I'd have spelled it right in the first place.
Where I work, the servers are shut down for two reasons:
1. This way no one has to stay there and watch them.
2. We don't have to worry about damage due to power problems.
Why would you bring your site down? If the server is left on, it either crashes or it doesn't. If it doesn't, then you're fine. If it does, then you're not. If you turn the server off, however, then it's bad whether or not it's Y2K-ready. If it is, then you just DoS'ed n people, but if it isn't, then it'll explode or whatever as soon as you turn it on and it realizes it hasn't been invented yet. The problem isn't the changeover per se -- the problem is the first time it needs to know the year and it gets it wrong.
Switch the . and the @ to email me.
The American Skiing company has chosen to disconnect all internal networks from the Internet at large from midnight last night (ie 00:00 31 Dec 99 EST) until 24 hours after Y2K begins (ie 00:00 1 Jan 00 EST). Since the company databases and stuff are so poorly integrated with anything online, I doubt much will be noticable--but email won't get though, and meTicket applications on the web won't get processed until at least Tuesday.
OTOH, ASC is largely NT-based and who knows what might crop up. I'm sure IS doesn't.
A site my company hosts is going to be going down from 6pm CST, Dec. 31(00:00 GMT, Jan. 1) until Sunday, 2pm CST. The company we host this for has requested that we take it down, not due to Y2K issues, but due to hackers trying to exploit servers due to Y2K issues.
:|
We run linux(duh), with apache and postgres. I personally have no qualms about the machine staying up, and I am not afraid of the server succomming to backdoors. But I don't pay the bills.
To turn it off, all we are going to do is ifconfig down the alias for their server. The machine will still stay up, running just the same as always.
There are essentially two kinds of IS managers: those with a solid computer science background, and the other kind. To the other kind, computers are magic, programmers perform an un-understandable task, and what could happen is infinite because they have no rational means of assessing risk. They cover up the fact that they don't understand the computers by using buzzwords and keeping current with all of the trade rags so that they seem to be on top of trends.
If your site can hold up on the average day, it should have no problem this weekend. There will not be a reign of terror by computer criminals (oh yes, if your IS manager calls them "hackers", that's another sign he's not a computer science pro). There will not be unforseen bugs from outside your site that damage you, and if you haven't fixed the inside bugs, well, some dates will be wrong. Big deal. Your backup tapes will not be magically erased on the very shelves where they lie.
My sites will be up tonight.
Bruce Perens
Bruce Perens.
I work for a webhosting company, and I know several people who work for large corporations as well. I know that we personally are not planning any downtime because of Y2K (since we use UTC it's only about 2 hours out now). I do know that many large companies with several layers of management are shutting down virtually EVERYTHING, because they are afraid of Y2K issues (one such local company dug a 1500ft well in their parking lot, added a US$600k generator to their aresenal and brought in futons and port-o-lets for their Y2K staffers in case of wide-scale failures). Does anyone work for a large company that isn't going crazy over Y2K already, or are all of the big companies planning for the end of the world? (seeing from the CNN reports perhaps it was all much ado about nothing ;)
-R
The CEO of one of our subsidiaries suggested I pull the plug on our internet connection over the weekend. This suggestion followed an e-mail I sent out asking people to please not open any strange attachments over the holidays.
As far as I know, we're all y2k bug-free, so this isn't a concern. As for virii in email, those will still be waiting for us on our hosted email servers on Monday -- whether we pull the DSL line or not.
The only thing left to be scared of is DoS and cracking attempts, and I figure we're so small, who would try to make a statement by hacking us??
I figured thet panic caused by any stray weekend or early-monday-morning workers not getting internet access would be worse than the risk caused by DoS and cracking attempts.
I have to do everything I can to ease the panic, not help it spread.
There are good reasons to bring an e-commerce site offline for a few hours if you haven't tested the hell out of every last bit of functionality. You don't want order tables to be corrupted with records with incorrect timestamps, you don't want a bunch of old promotional prices to get reactivated, and so forth. You don't want to be vulnerable to similar problems in external systems your site uses as data sources. And when it's a commerce site, it's not just a cosmetic risk.. it's a business risk. Extremely cautious? Sure. But it's not an irrational move.
Similarly, if your webservers are running on an OS particularly vulnerable to viruses like, say, NT with Office installed (for generating RTF documents, etc.), you may just want to sit out a few particularly high-risk hours.
Where I work, I started only a couple of months ago and haven't had a chance to centralize and lock down virus protection. So prior to both Christmas and New Year's Eve, I made sure all Windows desktop systems and our lone NT server were all powered off, and they're staying that way until January 2. And all the fileservers got a full, level-0 backup a couple of hours before.
I'm not worried about the Mac server we have or the Linux boxes.. The former doesn't have MS Office on it and its System folder isn't shared, and the Linux boxes were installed and configured by me.
I want to enjoy this weekend, not spend it wondering if I'm going to spend Monday restoring systems from tape or cleaning a corrupted database.
Stefan.
--
Y2K? Indeed, we ask: why? There's a whole year left in the 20th century.
The truth shall make you fret. (Ankh-Morpork tImes motto)
I work in a physics research lab at my university, and we got the order yesterday that nothing is to be left powed on tonight except those things absolutely necessary. Pretty much everything is offline for work now anyway, but I'm gonna love to see what that does, along with all the other morons who are doing similar things (does this light still work? howabout this one?) to our power grid.
eBay Availability on New Year's
The eBay site will be unavailable for Y2K verification from 15:30 PST to 18:00 PST on Friday, December 31 and from 23:00 PST, Friday, December 31 to 03:00 PST, Saturday, January 1. If you try to connect to eBay during these times, you may receive a "Failed to connect" error message.
We hope you'll read Meg's Letter to the Community. Thanks for your understanding and see you in the Year 2000!
signal, noise, to me it's all the same.
All of our servers/workstations are staying up...they are all new machines and we have done extensive research to make sure that they will be fine, plus all necessary patches are installed.
Whoa... this guy's thing was posted right after the audi story...
I don't see why any company should take down their website for Y2k... If the website is going down for Y2K (unlikely) then let it die a natural death. If there are no problems then you haven't lost any business have you.
Restating the obvious since nineteen aught five.
I left everything up and running... the last thing i need is customers calling and not getting our voicemail, or other amenities, and then thinking these outages are related to the date. If sh*t happens, I wont be alone, and people will be far busier with their own problems to be harassing me.
.. as long as the game is played at Ralph Wilson Stadium, and the Bills win I will be happy....
I have taken all precautions, done tests, applied patches... blah blah blah
btw, i am pretty sure both my linux boxes (at home) aren't gonna rollover, but they are staying on.
I defy the "bug", I will make my stand here!
"there's a big difference between kneeling down, and bending over" - FZ
The Environmental Protection Agency (for whom I am a contractor) is shut down for the weekend, save for a little message on their home page.
Try the Golf page. It's still up as of 5PM EST
signal, noise, to me it's all the same.
I think that all this Y2K paranoia IS the Y2K bug.
More often than not, remedies for Y2K were worse than the problem. Senseless date expansion in interface files caused needless work.
I hope that VW is really upgrading their site. As a VW driver, I found using their site quite unworthy of their automobiles.
As an outsourced function, my companies web site will stay up as long as our ISP doesn't have any problems hosting it. There are no date sensitive components on our site.
Of course, I think it is silly that my company grounded the fleet over midnight local time, but is in full swing at 00:00 GMT. sigh
This is a boring sig
Our ISP is shutting down for about three hours. We have no choice but to shut down as well. I have also heard many small colleges and universities are doing the same thing.
--
*Condense fact from the vapor of nuance*
Keeping all 10 Linux Servers up, connected, and serving today, and always.
On a funny little side-note, our NT administrator is re-installing a hard-drive in the NT 4 server sitting next to the Red Hat box. >:)
www.dedserius.com
VB != VisualBasic
Out of both the sites that I SysAdmin and Webmaster for, neither of them are going offline for the New Year unless there is a technical issue. Like there isn't enough of those... 8-) We have already spent the time and the $$ to make sure that everything will be ok for the rollover. The sad thing is that the Y2K update patches caused one of the sites to go offline. The machine had not been rebooted in so long, one of the drives turned out to be corrupt. The fsck and re-mirror process took most of the day to complete. So far so good. To bad, I am on call for two jobs at the same time. 8-( Looks like I am up for a busy night. Anyone think it was a bad idea to give upper managament and executive staff my home phone number? Now I guess this means they get to bug me at 12:00:01 am just to see if things are running ok. Oh well... but at least it pays well. 8-)
A more likely cause of a computer shutdown tonight is probably some drunk driver ramming a nearby power pole and shutting power to the entire building (and region). I would place that as many times more likely than a Y2K glitch. Dastardly
My employer (who is not my isp), had a policy of shutting down all servers that were not required to maintain basic network infrastructure. Just about everything except for our routers, firewall and DNS servers was shut down. Coincidentally, most of our clients seemed to maintain similar policies.
I don't understand it, myself, but maybe it has more to do with preventing lawsuits than preventing technical failures.
Ahh - My eye!
The doctor said I'm not supposed to get Slashdot in it!
Java is super! The new millennium belongs to J A V A.
Signal 11 caught.
Internal JVM error 5378.
I think there is a valid PR reason to do it. There are enough factors that are out of the control of any IT manager: the power to the building, connectivity to the net, etc. Even if you have taken every measure within your power to be sure that you are Y2K compliant, your site may disappear. And that is really bad for public relations. People get the wrong idea, and nobody fully believes that it wasn't your fault. If you voluntarily take a site down and then bring it up early on January 1st when you are sure that everything around you is okay, you look a bit overcautious. None of this means that I think that there is any reason to be worried. I don't. I expect a quiet night, and I am on call.
The net will not be what we demand, but what we make it. Build it well.
The IT building at my university is going to backup power pre-emptively. There is a small power plant on campus that will take over if the main grid goes down. As such most of WSU's site will be up. The downside is that any non-UPS'd machines will go down during the 15 seconds it takes to transfer from external to internal power.
External links will be shut down for several hours surrounding the Y2K event... Ostensibly for validation, but in reality management doing it to lock out the perceived hordes of Evil Hackers(tm) they think are waiting for an opportunity to storm the barricades!
-MattT *** Not speaking for my employer, or any other sentient beings ***
Like I'm going to take down all my workstations here to sacrifice not doing csc blocks for distributed.net? ALL servers and workstations here (50+) will be on over the new year.
-Saxton
_________
My name is Aaron Landry, and I approve this message.
Never saw a license plate Y2KBUG or anything.
There is at least one. Check NJ DMV. Admittedly OT and not VWs fault
Hi,g AwEhYKuE) article on Cnet explains at least one reason for not shutting down servers for the weekend.
This (http://2.digital.cnet.com/cgi-bin2/flo?x=dYAKKYA
It is also a lot easier to monitor a live site, than it is to switch on a machine on Monday morning with a simple prayer!
A friend of a friend who works at AT&T Unisource in Holland, is in the former situation and none too pleased about it. Partly 'cos it shows managements lack of faith in the developers networks staff, and also due to the lack of understanding toward the problem itself. Suffice to say that he is not looking forward to Monday morning!
--
"I count him braver who overcomes his desires than him who conquers his
enemies; for the hardest victory is over self." -- Aristotle
--
-- "To ask a question is to show ignorance; Not to ask a question means you'll remain ignorant."
Even if you have PLANNED downtime and announce it, it will shake the customers' confidence.
I'm a security specialist so I've dealt with this already in my company:
It is ridiculous to shut down sites as a precaution against "hacker" or virus attacks. Ask yourself this question:
When I bring the site back up, has the risk of compromise gone away?
The answer is a resounding "NO". There is always a risk of compromise. If the Internet is so dangerous that you have to occasionally disconnect from it to protect yourself, then why do you even reconnect?!?! When you reconnect, nothing has changed except the calendar. Also, how do you know that the hacking hype wasn't designed to get you to disconnect now, and then reconnect days later only to have a false sense of added security since y2k is over and get 0wn3d on the 5th?? Isn't this an unknown, unsubstantiated risk too? You'd better never reconnect then...
The idea of disconnecting due to a y2k virus trigger is equally as ridiculous. April 1 is a more common day for virus and hoax triggers. Should every company disconnect then as well? Also, out of the thousands of viruses, only a handful have been very widespread. A massive virus infestation is historically unlikely.
Disconnecting due to some unknown, unsubstantiated threat is especially ridiculous (look at Seattle shutting down the y2k party...). It's CYA for lame IS and security people, IMHO. There are always going to be unknown, unsubstantiated threats. IS and security folks' jobs are to set up defenses to protect from day to day--that will work regardless of the amount of attacks. Shutting a site down for fear of someone breaking in is a self-induced DoS. E.g. the military sites that are being shut down (see http://www.hackernews.com for yesterday and today) during y2k are still going to have the same holes they did on the 1st....
Check out more specific information on y2k virus hype, "precautionary disconnects", etc. at the following links and see what:
"Precautionary disconnect" -- a disturbing new trend
OVERBLOWN: "Y2k Viruses"
Y2K viruses: "It's Orson Wells all over again"
Fearmonger vs. skeptic: a Y2K virus conversation
The virus grinches who tried to steal Christmas
-core
As in, the network guys where I work took all of the NT servers offline for fear of as-of-yet undiscovered virii.
;)
People just don't seem to be able to THINK about things. For instance, if the box has a virus that goes into effect when the clock rolls over, isn't it pretty damned likely to activate as soon as you turn the box back on?
In what way is taking the machines offline staving off the date rollover? It aint - all you're doing is postponing FINDING and having a chance to FIX all the problems.
Might as well let it happen on the night when no one expects things to work right anyways.. Who cares about some dumb stigma re: our equipment isn't Y2k compliant - I'm only interested in making sure that it works as soon as possible.
You cannot forsee the unforseen, it's that simple. Be prepared, do backups, and stay alert.
And smack the stupid executives around when they need it. I find yelling at the top of my lungs in meetings is a good way to make a point.
--
blue, who is no longer invited to meetings, but who also didn't have any of the machines he runs turned off for the date-over.
i browse at -1 because they're funnier than you are.
My employer shut down all its websites (at least at my location) not so much to prevent mischief, but rather to rule it out should any problems arise. Like the deductive principle so-often attributed to (but never explicitly uttered by) Sherlock Holmes, once you rule out the impossible (crackers getting into a system isolated from the rest of the world -- no modems, no internet, etc), then whatever's left (Y2K, loitering malicious code, etc) must be possible.
Christopher A. Bohn
cb
Oooh! What does this button do!?
ALL of our stuff will continue to run, with a slight pause at midnight of production machines ( robots ) just in case we get a power blip. SOME of us have tested and KNOW we dont have a problem....at least with Y2K... :)
The web servers at my school (UC Berkeley) are going to be down for the rollover. They state that it's because they're worried about power outages...which kind of makes sense but still isn't that what UPS systems are for??? Are other Universities doing this too???
The History of Y2K Problems
1994:
VP of IT: I'd like you all to meet Jimmy, the new Intern. Jimmy is a Sophomore from State U. Don't mind his complexion - it'll clear up, he just left his job at BurgerCzar.
Jimmy, it'll be your job to maintain these old systems. Ralph, you've been here 15 years
1995:
VP of IT: Ralph, we find it much cheaper to have interns maintain our code. Sorry, 3.8% raise this year.
1995:
Programmer: Ralph, heard you quit! Good luck in the Consulting market... I'm sure you'll be doubling your income.
1999:
VP of IT: Ralph, this is your old VP Ted. These old systems we have are screwed up! And we understand that your company manages Y2K conversions. Can you help? We'll pay anything!
2000:
CEO: Good job Ted, you saved our bacon! Let's not do that again - let's think about outsourcing all our IT functions to RalphCo. They're the pros. By the way, the president's son, Jimmy, works for RalphCo.
Bruce
Bruce Perens.
When you see an e-commerce site go offline for y2k, ask yourself this: "If after this much warning, they don't trust their security or computers, why should you give them your credit card number?"
Wanna buy a big french clock? It's good for 999 days.
No Zen is good zen
Clueless.
Idiots.
Whenever a site clims to be down I trie all sorts of URLs. index2.htm[l] index-old.htm[l] welcome.htm[l] help/ images/ main/ english/ etc. Just keep porbing until you hit on something. Is this "cracking"? Hardly. Just more proof that most "webmasters" who took that 2 week quickie course on Frontpage don't know squat. Why should they? They probably don't even know how to set up the apache server that runs their web site. They think "uploading" their pages to the "secret directory" makes them visible to the web. Morons.
On the other hand, the administrative systems (e-mail, file and print serving) were taken down by the administrative IS managers. Why? Because "they want to be safe". Well, I believe that e-mail is a mission-critical function, but the servers are down nonetheless.
There is one file and print server on our site which will remain up, but only because its my box and it doesn't belong to the "Lets reboot and see if that fixes it" group. That one lone administrative server is running RH 6.0 and Samba. And, of course, I can still send out e-mail from any of my Linux boxen. I had to re-direct my incoming worksite e-mail to my commercial ISP (fire-wall issues made it hard to re-direct to my personal Linux box).
I'm looking forward to the New Year, when I can get more customers to say "I didn't know that there was a NT Server 4.2", which is how the Samba Server appears.
Happy New Year to All, C Novom Godom!
With all the paranoid people across the world shutting down systems, I wonder how much power will be saved? hahaha. That's some funny stuff.
There are lots of factors, costs, and probabilities that a rational business must take into account when deciding if they should go offline. Like factors beyond the companies' control. Like expected benefit/revenue of staying online and the cost of dealing with a worst-case scenario.
If a company expects to take in some 1 percent of an average days' sales between 11pm and 1am on New Year's (who's shopping, really?), but their systems would cost millions of dollars and three days (== something like 250 times as much revenue as they would lose in a volunatry, two-hour shutdown, plus hardware and staff costs) to restore if heavily damaged in a worse-case-scenario, then who could blame them for giving up very small profits in order to be certain they avoid very high costs?
Bruce, you're getting hyterical about the "technology" and missing the business case. You don't really think we're going to see a headline in the Wall Street Journal like "Ford overtakes General Motors in Q4 1999 due to GM Web site being offline for 120 minutes", or "Amazon underperforms; missed out on big New Year's Eve midnight sales", do you?
Get real.
-Peter
Due to workload, I was unable to even begin y2k preparedness until way late in the year. Late enough that I was still working on it when the various computer security groups started trumpeting the warnings about suspected intensified hacker activity during the holiday period. So I simply added to my list the task of double-checking my external router, firewall and external web server for security policies and latest security-oriented patches.
All I did as an abnormal precaution was temporarily tighten-up the anti-spam provisions on the e-mail gateway and put a 1MB e-mail size limit on.
But shut down??? I don't think so.
Looks like someone's been busy trying to co-incide with the Y2k bug. EFF was cracked last night (my time, Australian Eastern Daylight Time), by Oyster n Clam. I think rootshell would have an archive by now, if not I do, just email me =)
-
-
I rather like cows.
From the "I'm glad I don't work for these guys anymore department"....
I guess communication with the "outside" world isn't a priority...
+++++++++++++++++++++++++++++++++++++++++++
Subject: Year-end E-mail Process
I am writing today to apprise you of our plans to implement additional controls in our e-mail system from Dec. 17, 1999, to ending Jan. 7, 2000.
Industry research indicates a strong likelihood that computer virus activity will grow dramatically as we approach the year 2000.
To better understand the implications to NAME-DELETED, consider the following:
* On an annual basis, NAME-DELETED receives more than 6 million e-mail messages from outside the company via the Internet. Unfortunately, one in every 1,000 is infected with a virus and is ultimately cleansed by our virus protection software before it is released into our company.
* To date, we have identified more than 42,000 different viruses that have been introduced into NAME-DELETED via e-mail messages. Two of these
viruses actually shut down our network while our virus software vendor created new virus control measures.
* Internet experts estimate that as many as 100,000 new viruses will emerge during the last three months of 1999 and the first half of 2000.
This includes a dangerous new breed of computer virus called the "Bubble Boy" virus, which has the ability to infect a computer without the recipient taking any action to evoke it.
Given the above situation, we have designed an e-mail handling process to lessen NAME-DELETED's risk of having potential viruses introduced into our company during the critical year-end processing period. The basic elements of this process are as follows:
* From Dec. 17, 1999, to Jan. 7, 2000, we will intercept e-mail messages sent from outside the company and hold them for seven days in a repository that is insulated from our company's e-mail system. These "quarantined" messages will be scanned using the most up-to-date version of virus detection software. Once we verify that all viruses are eliminated the cleansed, messages will be released into the NAME-DELETED e-mail system. The seven-day period is required to enable the industry to detect new viruses and create the virus cleansing software changes. Note:
internal messages and outbound messages from NAME-DELETED will not be restricted.
* Upon receipt of each incoming message, a return message will be sent to inform the author that the delivery of this message could be delayed up to seven days. This will prompt the author to make direct contact with you, if appropriate.
* Any messages determined to be "business critical" will be prioritized above the general message population. If the volume is low enough, we will attempt to scan, clean and deliver these messages by the end of each business day. If you believe you have e-mails that fit into the true "business critical" category, please contact your supervisor to determine if an exception process has been established.
While I can appreciate your zeal for placing MIS into two discreet factions, it just isn't that simple.
First, you have no idea what legacy connections exist between front line servers to the Internet a.k.a. web servers. All people see when they go to many sites is just that... a web server. There is no database box or ancient mainframe wide open on the net... also, if there is integration with authentication systems there is a possbility that an internal edict affects the external perception and functionality of a "site".
So, if you want to control input for a time when people will simply NOT be around and there is risk assessment regarding the personal lives of the professionals that report to you. For many the escalation plan is a pager on a belt loop.
Basically, if you airgap a web server you have just cut down the possible attack paths by at least 50% since nobody can come around to hit the site. Or, you have complied with the team decision to take it offline to take any possible stressors off internal systems that form a basis for external funcitonality.
Third, if it isn't a mission critical site then you take it offline and recall the functions. Most good commerce sites will engineer a boolean off value for maintenance purposes. It doesn't hurt anyone... are you intent on browsing heavily while getting toasted on champaign or sparking fruit juice tonite? I have bought some guitar strings tonite and might browse around but you know it isn't critical to me. :)
If you are a business you likely pay salary individuals to ride out situations like this. Since y2k is "hype" and misplaced concerns why not give people a night off so that they don't have to worry about the lesser qualified less certified more likely to play Quake on the corporate network at the expense of the website?
Shutting things down isn't a bad thing. Uptime is cool... but if it is a site that connects to other systems that require additional MIS staffing in the event of a unforseen circumstance are you as a "manager" going to explain to everyone why they need to stay alert just in case?
If your site is down this New Years, think seriously about wanting to be at work on New Years and buy your MIS manager a beer.
I respect what you are saying about IS managers not knowing what is up... but there is more to understanding a complex system than a computer science background.... you just open a whole can of worms when you go there gf.
Most seasoned IS managers know enough NOT to do something stupid.
I just think there is more than one way of looking at things in this area. So, unless you burned in the belly of corporate MIS and was there when things really hit the fan you might want to consider alternative views.
I know I am NOT one of those so I reserve judgement since I don't know all the pieces or the politics. Computers are still run by people ya know.
My sites will be up tonite too...
http://www.mp3.com/fudge/
http://fudge.org
I work for an ecommerce-ish company. We debated about it somewhat heatedly. I was in favor of disconnecting and shutting everything down, because any likely corruption bugs are probably going to hit at the rollover. The most likely equations to break are the ones involved with subtracting some earlier date from now; with the numbers on both sides of the rollover, that's where problems are most likely.
:)
However, after we talked about it further, we decided that the risk in shutting down would be greater. We are leaving things alone, running exactly as usual, so we know any problems are Y2K related.. If we were to make any significant changes and then had trouble, we wouldn't necessarily know where to look.
That argument was compelling enough to me to change my mind and agree to it; we'll be watching to see what happens. We're really not expecting anything major, but we definitely are expecting minor glitches. And we are planning to continue to devote some time to Y2K issues for the next six months or so -- we figure they will keep cropping up for awhile.
We are under no illusions that Jan 1, 2000 is the miraculous End of All Date Bugs.
If anyone knows of any reason I should be worried about having just installed SP7 for Novell 4.11 please let me know....
All of our web sites are up and running.
www.ets-inc.com is up
www.nasdce.com is up (User Name: Free, Password Demo)
even hic.nasdtraining.com is up
for the moment
Here I sit, waiting for a Novell 4.11 server to finish updating to Service Pack 7 for the Y2K fixes. Why? Because I know nothing about Novell. I was an English Major for crying out loud! Yes I'm OK with QuickBasic and am learning VB5, but does that mean I can be an MIS Director?!?!?!?
I wanted to be a technical writer for heaven's sake. I'd love to be one of those lucky souls working on the Sam's and For Dummies / Idiots / Morons / AOL Users Books, but here I sit.
We HAD relations with some IT contractors, but they haven't returned any calls in months, so the people who set up and installed the Novell Server are nowhere to be found.
Yes, I took a few Programming classes, and yes I'm good with computers, and yes, I've only been stumped half a dozen times in the last year and a half as an MIS Director and yes I'm rewriting software we sell for M$ Style prices and not having any trouble with it, but I've never upgraded a Novell server before!
Help!
I'm not worried about the Win95/98 systems. I've installed every necessary patch from MS, Symantec and everyone else.
Ah, for the legendary stability of Linux! Y2K compliant by it's native design! If only I had the time to take the Mandrake install and my copy of Running Linux and become more than a mildly pathetic Linux Newbie.
Now, if Act 4.0 and Omniform 4.0 run under Wine, I'd be able to migrate most of the office to Linux.....
"Live Free or Die." Don't like it? Then keep out of the USA
None of this is related to Y2K issues. There is no reason to bring up XiG here, nor deadlines, nor X itself.
Had I not already posted on this thread, I would have moderated the parent comment down myself.
TigerDirect is down, too with some fancy "as purely a precautionary measure" garbage. They're probably afraid for their NT boxen. I called them and an (non)IVR answered saying the are closed for the holiday. They sure are good at avoiding telling me where my order is... oops.../rant
Imagine an internet provider with the feature that they will cause your site downtime when it hits an arbitrary transfer limit for reasons that are entirely out of your control. It's practicaly an advertisement to find another provider.
Bruce
Bruce Perens.
If your site is down over New Years, think seriously about hiring a new IS manager
I've got to disagree with this generalization.
At our company, the MIS reports to me. Back in May, he said he planned to down all but our external servers.
Is he an idiot? Should we fire him?
He had just spent a weekend having the *entire* company's systems do a Y2K rollover, and then did transactions with all critical business apps. He found many problems, mostly small. One issue was that several older systems would not roll over correctly, but, once set to a post Y2K date, they were fine.
Rather than have a hardware/firmware remediation party, he figured we could just manually set the RTCs on boot after the new year. Sounded good to me.
After all these paranoid shutdowns, care to guess what percentage of hard drives won't spin back up? (ie. weak spindle motor, stiction type issues, cold/hot expansion)... I've lost several drives over the years that were normally running 24/7, and wouldn't come back after cooling off..
The reason those throttle controls exist in Apache are for very specific reasons.
If you are looking for a shared hosting environment it is that same error message which allows other websites a chance at being seen for their payment of the exact same fees as Mr. Joe Popular website.
Price it out and do the math sometime... most providers use other means such as network throttles that don't afford you the 500 transfer limit message... also... that message can be tailored to have a more meaningful message.
Apparently, you have never read about people writing robots for site indexing that DO NOT conform to RFCs meant to govern the manners of a robot.
Its a sign that you are getting what you pay for from your provider _perhaps_.
Heck, do a Altavista search and see sites like OpenGL.Org which have that word indexed in the search engine database... it happens.
http://www.mp3.com/fudge/
http://fudge.org
There's a really nice 2000 Beetle driving around the St. Louis area with the plates "BUGY2K".
The only time I've *ever* been jealous of either a car or a custom plate. Schlock? Maybe, but cool anyway...
Happy new year everyone, and rest assured that we will be working through the new year, and even into the new millennium (2001).
"values of beta will give rise to dom!"
I don't understand how shutting down the site over the Y2k transition helps. If there's a Y2K problem with the site, the problem won't go away just because you shut down the site over the transition ;it'll show up once you start the server again.
It would seem that doing anything with this mindset would be, at the least, bad practice, but I know of some exec's that would stop at nothing to cut costs, and cut corners.
In the real world, where most of us live, there is a lot of Microsoft software. It has not been shown to be especially reliable, and I can't look at the code or hire someone else to look at the code for me. I have no idea what bugs lurk there -- and I don't think Microsoft does either, to be frankly honest.
Personally, I was in favor of taking our systems down overnight, simply to prevent date subtraction bugs. Someone else pointed out that this was making a change right before a major event, and that this probably wouldn't be wise -- a compelling argument, to which I acceded.
Regardless, claiming that I am somehow incompetent because I wanted to shut down systems over NY is flat stupid. Computers are not magic; they are highly predictable devices. However, the software that runs on a large fraction of them is not well understood by anyone. Trusting it unconditionally is foolish.
Consider that Microsoft was still releasing patches as of December 15.
Strikes me that you have a mighty strong opinion about how to run large networks, when it appears your expertise is not in that area. From what I can tell, you are a programmer, and a very good one. That's wonderful, but does not qualify you to make pronouncements about system administration. You probably don't deal, every day, with the stupid bugs and problems caused by unforeseen interactions in closed-source software. You live in a tightly controlled world of your own code. I don't have that luxury.
I don't presume to tell you how to do your job, and expect the same respect in return. And it strikes me that making public pronouncements on the competence of people working, every day, in an area you don't is not just arrogant, it's foolhardy.
You can trust I won't value your opinion as much in the future.
It turns out that Cybercash has been sending upgrade notices to Yahoo Store about this for months, but only in the last few weeks did Yahoo Store tell me about it. They notified me of this about two weeks ago, and First Data sales hasn't gotten back to me yet. (They have a "don't call us, we'll call you" sales policy.) So I'm offline for a few days. I can run transactions through by hand if I have to, so it's not too serious.
We'll be up -
www.synecdoche.net
GNU-based Cooperative Web Hosting
However, I am bringing a NetWare system down for
a client today. Their AST Bravo 486s won't roll...
Carefree highway, let me slip away on you.
*sigh*
I work for an ISP and they have all the techies schedualed for 10pm to 2 am... Just In Case(tm).
Atleast they are providing food and drink.
-- The intelligence on this planet is a constant, but the population is growing. --
Someone posts about something that would make Linux stocks plummit, it gets marked down right away.
Someone complains, and the complaint gets marked down..
Can we please be a little less obvious.
And XFree 3.9.17 STILL isn't out.
I work in a NOC, for a fair sized east-coast-based ISP, and I'll tell you this. TURN YOU CPE BACK ON! All of you that are turning off you equipment are making my new-years-eve a living hell! I can't imagine being at a UUnet, or AT&T right now. Those poor operators have to be pulling their hair out, calling all the down customers. So please out of the kindness of you hearts go to work for 5 min before you go out tonight to get loaded, and turn your crap back on!
The major sites have finished their holiday TV ad runs. Everyone's done their Holiday shopping. It's bill season now: January has got to be the lowest sales month of the year. And on top of this, it's New Years. People are going to be partying all night and recovering all day, not flipping through online mail order catalogues for cute sweater sets and cheap CD-R drives. Not to mention that even accessing the site would require the end users to not experience any Y2K glitches on their end.
Besides, I think the online retailers have scared off a good chunk of the market with their sloppy work over the holidays. They're probably just avoiding a lot of spur-of-the-moment drunken "Hey! Where's my Christmas presents?" complaint mail. Can't say I'd blame 'em for that.
I plan of having my site www.sorehands.com up. Now if my ISP chashes and burns, someone will be in trouble!
I have a couple of servers that must be backed up manually. One of them I backup only when some thing changes, which is less than once a month. I had backed it up less than a month ago.
I was sick and could not come in today for the last paranoid little backup before Y2K. My boss somehow hosed this server by backing it up and i spent a few hours reconstructing that server from scratch. Not easy with fever making me a bit out of it. But i had to get it up quickly lest the rest of the company think we had Y2K issues.
If he had done nothing, i am sure the system would be fine. *sigh*
--- If you don't want to know the answer, don't ask the question.
This struck me personally as a tad draconian, but I can't really fault management; there's no reason to keep the facility open, especially since most of us weren't going to be there anyway. :)
They do understand the repercussions: a full shutdown means insane amounts of work just for our IMS department, let alone the actual R&D labs.
I suppose this is somewhat off-topic, since I'm talking about more than just web sites, but I thought I'd mention it and find out if any other companies are doing something similar.
Any other employers doing full shutdowns?
what timezone is everyone supposed to submit "first post of the year 2000" in? and i'm surprised i didn't see a "first article of y2k gmt" on the front page of slashdot yet.
hi!
we had several clients and our own hosting servers
running thru the millennium shift o.k. decision to run thru millennium was based on debian slink 2.1r4 beeing installed when available.
I received a stange phone call Wednesday from one of my companies promenant clients asking for their site to be down until 1/2/00. Freaks. I tried to convince them that nothing will, and nothing can happen to the site itself, and since I am not taking down the server it runs on since it hosts 200+ other clients, they aren't achieving anything but giving in to Y2K paranoia. Their will prevailed and now you get a 403 error when you visit their site. Ahh the stupidity!
My employer isnt shutting down, and i have to be at work in a couple of hours to watch things roll over..
Although, most of our mainframes are set to GMT, and GMT just hit midnight about 15 minutes ago..
But, we have taken extra measures to ward off hacks and exploits. IMO, things they should do all the time..
Happy new year, Slashdot.
The only problem I have now is that the client whose site I just passed a transaction through isn't in the office to take that $60,000 charge off of my credit card... and I don't really have need of a Steadicam Ultra Cine rig. Anyone shooting a movie and need a new one? ;-)
Happy New Year, All!
It's a good thing that tomorrow never comes, because most of us are stuck in yesterday.
There's a bug driving around in the Twin Cities (Minneapolis, MN) area w/ "Y2KBUG" plates. I thought it was kinda clever, actually. :)
Today, We took many of our servers (Solaris, Novell & AS400) off line for disk maintenance (Vrepair / reclaim storage) and extra backups. So email and such were interuted for a while. The dispatcher systems and the big mainframe. All servers should be back on line before midnight.
Heck, it was a state holiday anyway - time for a cleanup anyway.
Jan 1, testing before resumption of business hours.
I don't see many reasons to take servers offline. The only advantage you have is that your server is not prone to attacks. Since your servers should be secure anyway, I don't see any reason to take them down.
If they aren't Y2k compatible (if you don't have a y2k server, you're in some deep shit...), booting them after Y2K will not work, duh.
I suppose the final decisions come from the bosses, the ones at the top of the company, who don't know that much about the technology. I'm not trying to make them look bad, because it's not their area of the business, so they should stay out, and let the sysadmin decide.
I manage two ecom sites for my employer. They're gonna stay plugged in - the way I figure it, if my web sites are down because of a Y2K glitch, that probably means that most of the western world is screwed anyways...
Cheers!
after all the hits on the above link, are THEY gonna be chagrined! :-)
----------
(Not original) I'm Y2K complacent. Zzzzzzzz...
I think Y2k has re-affirmed what *REAL* programmers have known all along...
Testing really isn't all that important...
</troll>
:)
Not looking forward to the scary barrage of 11:59PM "LAST POST!" messages.... Could that take down Slashdot?
For everyones amusement, the syslog of our web distribution machine over y2k:
:)
Dec 31 23:46:36 util -- MARK --
Jan 1 00:06:36 util -- MARK --
Needles to say we didn't take our machines down. And its all working nicely thankyou
You can't win a fight.
I had to wait 'til xmas to make sure I didn't buy anything I might get as a gift. Now I can get back to my new addiction. ^_^
"I'm nobody suspicious... That makes me sound even more suspicious, doesn't it?" - Spike (Cowboy Bebop)
...has taken all their systems down. They were turned off early on the 31st, and will be back on the 4th, and are expected to actually work on the 5th.
On the other hand, the university doesn't exactly go for 24x7 uptimes. Problems appearing during a weekend are never fixed until the staff turn up again on Monday. The servers, AFAIK, don't have UPSes. Actually the main reason it's all being taken down is to allow someone to be there when it all goes wrong!
This should not be taken as a comment on the IT services department of the university of St. Andrews; they do what they are paid to do, very well. I just wish they were paid to keep the servers up all the time.
try to connect to a .mil site ;-P
"I have no special gift, I am only passionately curious." - Albert Einstein
The Suits are paranoid that crackers (or "hackers" as they know them as) will have a field day just because it's New Years for 2000..
I agree that it may be a bit overzealous to take sites completely offline, but if it was a matter of taking my site down or chancing an "invasion" just to keep it online for a few hours, I'd probably take it down also... what would it hurt?
"I have no special gift, I am only passionately curious." - Albert Einstein
If someone wants to do some New Years Eve shopping and try to blow out their credit card, hoping the CC companies will screw up, we're right there for them.
(I'd say which site, but I keep my online at home life seperate from my online at work life.)
If it's down on Monday, I'll deal with it then.
Digital Wokan, Tribal mage of the electronics age
The Linux kernel has had code to correct for the BIOS jumping "back" 99 years since mid 1995. The code resets the centenial portion of the RTC to 20 if it detects the jump.
---
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Why? We know we did everything we could, but we don't know that everyone else did. I don't trust Microsoft, Novell, Oracle, IBM, HP, Compaq, or the local power companies.
Thursday and Friday we completed full backups on all systems and then we shut it down and pulled the plugs. If the power burps tonight, I don't have to worry about frying a few billion $$ worth of hardware. Saturday morning we start bringing it back up. All very nice and controlled. If something doesn't work, we go around it as best as we can.
Get this cheese to sick bay!
-Aaron
----------------- Who is Jesus?
We're an isp with 50k+ subscribers. We did a freeze of the account info at just before 5 pm on the 31st. Why? Well, sometimes there's problems with the transfer from the database to the production servers for various reasons. This meant shutting down portions of our website that allow clients to change their acct info. Was it worth it? maybe, maybe not... the damage that would be done to our reputation due to even a non-y2k related failure tonight is just too high though, we figured. I'd much rather deal with a few complaints that we were to cautious than 20000 people who think that we didn't do enough. not to mention the lawsuits... ~ac for the day.
That's a very fearful statement. If you've looked into the situation at all, you know that not only is your electric utility ready to meet the challenge, they have extra staff on duty tonight.
IS facilities are not in business to provide downtime. If they can't cope with the Y2K roll-over while hot, it's a sign of long-term mismanagement, because the problems should have been fixed years ago.
Again, if your site is down tonight, it's because your pants are down, buddy.
Bruce
Bruce Perens.
you pull alot of juice? gripies! try having more than ONE server and serving hundreds! we pull more juice in a day than you use in a month and we're up and screaming!!! We're not taking anything down and we're starting several things 30 minutes before midnight..... If you worry about "what if" then you need to get out of the business..... taking the site down.... only the stupid would do that...
Hell No!!!! I'm not bring my sites down!!!!
A chance like this (to see what happens) comes
along only once every 1000 years. I'm curious what happens. Bring it on, baby, bring it on.
I agree, bringing your sites down voluntarily is no different than letting some y2k bug bring them down for you. by doing so you are essentially betting that there is some bug triggered *by the transition* into y2k. (i.e. I'm assuming you plan to bring your site back up once "safely" into y2k....This seems like an unlikely bug...
However, I can imagine some ROM bugs causing machines not to (re)boot after y2k...
Bang the head that doesn't bang!
My favourite:
VW beetle here in Silicon Valley, CA with the plate 'FEATURE'
SCO gave away a garishly painted yellow and blue VW bug dubbed the "Y2k bug" at SCO forum 1999.
Saw it with my own eyes.
Bang the head that doesn't bang!
People like Bruce probably drive around in 4-wheel drives with studded snow tires in the winter, and smile knowingly as they drive by someone who's muffler side up after a little black ice and too much speed.
If your data center is running a POS (Persnickety Operating System), then maybe you are justified by staying home, all curled up on a snowy day. Stay home, read a book. For punishment, I recommend "Under the Radar".
Things are getting quiet at Starshiptraders.com... 1/2 hour ago there were 12 people logged in. Now there are 3. I guess they're gearing up for the parties. Meanwhile, my system clock is set to GMT-4 hours (11pm EST it will roll over midnight) and I'm not about to bring it down.
;)
It's a Linux 2.0.36 system running mostly custom software. I don't expect any problems.
Meanwhile, over at my real job, I have a Sun 6000 and a Sun 10000 rolling over in 1.5 hours. That is a tiny bit more worrying, but we're going live there too.
"The user is lying to you."
OK, you've got a bigger problem than Y2K. Your IS manager picked the wrong software, because everybody uses it. That software is downtime prone, but your IS person can point a finger at Microsoft, say but we have to use it, everybody does, and provide excuses rather than running systems.
Believe it or not, people don't have to continue to buy unreliable software. OK, you might think I'm uncompromising, but if that's what is happening in your organization, you already had a reason to find a new IS person before Y2K came around.
Thanks
Bruce
Bruce Perens.
I meant the whole site, with hundreds of servers and somewhere over four thousand people. Luckily, I only have the one big box.
--
how to invest, a novice's guide
Packardbell/NEC has made the same decision as many companies in pulling down their ASPLive pages from the internet from Dec. 29 through Jan. 3 for the Y2K scare. For those of you not familiar with PB/NEC the ASP pages are access pages provided to Authorized Service Providers like my company to verify the warranty status of machine, order parts, and receive technical specs on machines. I am assuming their paranoia is that out of warranty machines may show up as under warranty and parts be mistakingly send out at no charge.
Either way, I figure they just paid their Y2K readiness team way too much, if they even had one.
I work for DISH Network, and they informed us only today that most of our website would be offline for Y2K, and all of our servers run on UNIX for the love of the gods!!!! C'mon! UNIX does not suffer from this defect, nor does my fave OS linux! How paranoid can you get!!!!
Kez
Many US military sites are going to be down (including ours). They're not down because of any technical problems (of course not, you think the US military would admit that they're scared that their solid Micro$oft investment isn't Y2K compliant?), but because of terrorism. People try to crack US military sites all the time. I recently helped one of our guys assess possible damage and/or insecurities after some lame kid tried to access a perl script on the server (the server didn't even run perl). We expect that people will try even harder to crack the sites around Y2K, so we shut down access. As far as technical stuff goes, we're not too worried. Just tryin' to keep the script kiddies away, that's all. I'm sure there's lots of other organizations doing the same thing.
Those who can't do, teach. Those who can't teach either, do tech support.
However, if you run a big site, you better have access to a generator! Nonetheless, even then a generator to hold up a HUGE NOC is several orders of magnitude cheaper than the machines it protecting, and can easily hold up a NOC with thousands of systems for as long as you keep feeding it fuel - not to mention even those large generators (those that run around the size of a few cars stacked up) are not terribly high (10-200K depening on the options, wattage, fuel tank size and so on). Any MIS manager too stupid to do the math and realize the cost of a generator (or co-locating for that matter) versus the cost of an outage that could go on for days, should be fired. It makes no business sense. Generators are cheap!
So the point about utilities is moot even in the smallest case (and in the largest case, what the hell are you doing running a NOC without a generator?!). There are too many cheap solutions to mitigate this risk that its just plan dumb not to build a NOC this way (hell you can buy a decent 40amp generator at Sears that will hold up a dozen boxes for as long as you keep it fueled, for a few hundred bucks!)
Now, would anyone like to comment on how the world did not end, how the power did not go out and how absurd and ignorant it was for this silly company to shut their site down? It sure looks dumb of them to overreact no matter how you slice this. The power did not go out, and if it did the cost of keeping a NOC running is well within the reach of even the smallest company.
Not to mention all the other intelligent reasons for them not to have shut down that I'm not going to enumerate again. This is just chicken little syndrome combined with ignorance and pinch of magical thinking on their part.
--
Python
Python
I'm referring to the disproportionate number of viruses set to do their thing on January 1. We're pretty well protected, but not perfect yet, and given that nobody on the PC side of things is going to be in the office on January 1, my point was that it seemed silly to not take such a simple precaution.
I've been at this company for less than 2 months. Everyone's on ratty old P133s. Locking down systems and moving to network-booting or, heck, thin-client, or even rolling out proper, all-points-of-entry virus protection isn't something you can roll out in a day or two.
Now go take your medication and settle down. I'm not a retard, you know.
There must be examples of people with money who pushed the Y2K nonsense.. Surely there is now an opportunity for a come back by all parties injured. It would be justice. I cannot count the number of documents I have been asked to sigh that attempted to release the other party from obligations that might have occurred if the Y2K bug caused problems. ( which I have quite happily sighed,; bloody idiots;).
I bet there are no documents signed releasing those generating the hysteria from the consequences of their actions. Actions that resulted in people wasting money that could have been put to other uses.
Oh well, now that costs are reasonable again, time to get applications that do have two digit date
dependencies fixed up.
Did I mention that the world is coming to and end in 2038.
What a joke.
to your clients/customers.
Off-the-wall analogy: Shutting down your radio station during thunderstorms because it might be struck by lightning. Just like the radio CE, you design as best you can, test, retest, worry about worst-case scenarios, redesign again... then stand there and (sometimes, in spite of everything you've done) take the hit. But you're there, which you have to be if you're going to be taken seriously. I wonder how many people will try to access some site this weekend, fail to find it (or get some dumb "out of service" message), and wonder to themselves whether the company owning it really knows what they're doing.
-------
Posted late, after a 5-hour end-of-(every)-year data reorganization that ran from 2030 to 0030 local with no problems, thank-you-very-much. [Read the italics like John Cleese.] Y2K--- bah!
I love how you totally skip my rational, cost-benefit-risk argument and latch onto one minor thread. Actually, I don't know the readiness of any system outside my control. External systems cannot be completely trusted: sure, they vendor may certify compliance/readiness, but I've got no way of verifying that. You mention the fact that many utilities have extra staff on duty tonight. Why? Could it be, oh, that they suspect/fear something may go wrong? Are they, too, "irrational and fearful" (you mean to say "stupid", don't you?) for taking extra precautions? How do you know your utility is ready? What first hand, direct evidence have you gathered?
Case in point: some power utilities sell, and ship, power across state borders to other utilities. They can test their systems, but can they really help test, or witness tests, of all the other utilities they might depend on? No. Everyone is dealing with some uncertainty when it comes to other people's systems. Everyone.
As I said, the chance of the infrastructure failing dramatically is very slim (and everything seems to be going fine), but the costs of worst-case failures will, in almost all Web commerce systems, vastly outweigh the costs of revenues lost by brief downtimes.
If my site crashes, then, yeah, it's likely (though not necessarily) my fault. But we're not talking about crashes, Bruce. We're talking about voluntary shutdowns. While I agree that these shutdowns could be called "fearful", they're anything but "irrational".-Peter
I recommended that our servers should be taken down for the holiday period - not because I was worried they wouldn't roll over, but because our UPS systems hadn't been fully tested, and wasn't fully installed across all the servers.
Eventually we did some simple battery tests on the UPS devices, and other members of the office recommended leaving them up over the duration. This was due to fears that giving the mechanics of the hardware a long rest could mean problems when restarting the servers in the new year.
These are high-end Compaq ProLiant servers - unlikely to become unreliable, but I guess they're too expensive to mess with.
I've just logged into our servers from home, all up and running fine. No worries.
The home network was different. I worked through the roll-over with half the network on and running. My P75 Primary Domain Controller (!!!) rolled through no problem, despite the NSTL Year2000 software proclaiming it wasn't compliant.
It seems that I was right all along - Y2K was just media hype.
insignificant sig
You know, timezones are not the same all over the world, so while it may be midnight here in Europe, in New York it is still around 18:00 in the afternoon. Why would americans stop buying at midday 31st?
If we wanted to switch off our servers for midnight, we would have lost a whole day of sales. But we didn't, and we were right.
Who where those panic-makers? Where are they now? Let's lough!
ms
My site was up on the rollover, and according to the logs, nothing out of the ordinary happened.
To those that pulled plugs: The worst that would've happened is that you ended up "offline" for a period of time .
If you didn't want anybody to watch the system at the rollover, you should've sent everybody home. If, now 1/1/00, you're sending someone in to reboot the system, you could've done that anyway. However, if you'd left your system running he'd have gone for nothing: just to see if everything was ok. If you're satisfied with the system going back online on 03/01/00, fine. It might have survived.
Now the only thing that can be worse than just outage is material damage. A power dip won't damage much equipment. A power "jump" might. But how likely is that? That costs SERIOUS energy, and where is that going to come from. And keep in mind that power companies have lived with parts getting disconnected on short notice before.
Roger.
Roger.
I received this e-mail, raising another concern:
-----
Due to Y2K security reasons Thomson & Thomson will not accept inbound Internet mail between 12/31/99 - 1/4/00. We trust this will not unduly inconvenience you, please contact Thomson & Thomson at (800) 692-8833 for assistance or further clarification. All mail services will be available on 1/5/00 and we look forward to working with you in 2000.
Thank you for your consideration
-----
Debate the business ramifications if you wish. Something else seems more important: if a majority of e-mail servers had been managed in this way, we all could be offline for days.
Imagine every server re-sending every e-mail every four hours or so, for four days, then finally sending four days' mail successfully at 08:00 on 5 Jan 2000
Remember that throughout that time, Company A would reply to Company B's rejection of their e-mail with a similar rejection each time, and vice versa. Would we call that growth curve geometric, exponential, or NASDAQian?
Question: Bob's Company and Sue's Company are afraid of Y2K e-mail, and reject everything. Each uses an otherwise standard sendmail configuration. If Bob sends two e-mails each day to Sue, and Sue sends one e-mail each day to Bob, how many e-mails would Bob receive on the fourth day?
Answer: probably none--at least for a week or so.
HNY/NC/NM!
Stuart = bout227ths at aol
Also, I suspect a lot of sites with distributed server farm architectures quietly pulled some servers offline last night, voluntarily reduced capacity to be safe. Just as conservative, but not as visible. We may never know.
Happy new year.
-Peter
At my company we had a masive Half-life deathmatch and we didn't even notice that 12:00 had come for about 10 minutes.
We took most of our servers down, however, our ICVerify machines and e-commerce web servers had to stay up.
BARNEY DOWNTIME - 12/30 to 1/1/2000
Barney will be shutdown from approximately 5pm Thursday, December 30th to 2pm Saturday, January 1st. This shutdown is being done to minimize number of online systems during the transition to the year 2000. While Central Computing doesn't expect any significant Y2K related problems, we are taking most central servers down as a precautionary measure.
It's back up now, but it's pretty damn paranoid if you ask me....
They're not down because of any technical problems, but because of terrorism
So you've decided to do the terrorists's work for them?
I can see it now:
"Hey, Mustafa, I can't DoS the Pentagon's web servers... I think they're down already."
"Ahh... I guess someone else beat us to it!"
... exactly who's side are your managers on, anyway?
This probably explains why I cannot connect to www.techdata.com today...
Folks, not all downtime is created equal. If you are down at 12:01 on New Years' Eve, a holiday, and Saturday... big deal. Nobody is shopping then anyway.
I'd rather be down for awhile early Saturday morning than at 6PM Monday evening.
Planned downtime is a lot better than unplanned downtime. All the assertions I've seen to the contrary have so far been completely stupid.
OK - one of my companies does web development in Cold Fusion. We left our sites up over NYE for the following reason:
:)
:) All they had to do was turn them off on Dec 31 and turn them back on in the new year - no problems. That's what was done and what we're doing.
:) Once we figured what our risk parameters were, we could enact a plan (run with staff on hand/don't run/run without staff/etc).
1. They're outsourced at a hosting center which has 24/7 staffing, UPS, health-checks, etc etc etc.
2. Our sites are behind a firewall.
3. We did tests of our own to simulate the roll-over.
4. Full backups of all data, etc prior to rollover.
5. We had access to tech staff if necessary to resolve issues.
6. Close monitoring of data & performance over the first couple of weeks of Jan and the leap year to ensure "sneaky" corruptions get through.
Following assessment of the risks (power issues, communications issues, [cr/h]ackers, viruses, etc) we felt that we had done what was possible and that all should be OK. If there were any major hassles, it was likely that everyone would be in the excrement so we wouldn't be alone
Now, my other company does consulting to various clients. In the Small to Medium Business area, we recommended that they apply the latest patches and check their PC's for compliance. Some had PC's that failed the "tick over" in RTC and/or BIOS but worked fine in DOS, on the leap year and when rebooting post-1999. We recommended that they not throw out those machines (keep the $$$ to pay us more consulting fees, thank you
For those that did not need their systems turned on during this time, we recommended that they shut everything off and unplug it. While the electricity companies had stated that they were ready, they had (naturally) used guarded language. As such, when we reviewed the possibilities of power issues (brown-outs, surges and/or spikes) comm's issues (modems & ISDN connections) and software issues (relying on patches and information off the net, etc), we figured it was better to just avoid the whole thing so we could all be out partying and not sitting there watching a bunch of computers tick over.
So, in the end, it was all based on risk assessment. What level of testing had been done, were the systems required over the transition, what the unknowns were and how much risk the client could afford. It was easier to turn it all off, have fun and start it all up again when we knew what we were dealing with.
Of course, if I were the MIS Manager in some company, I would have been doing reviews, tests, simulations and so on for all systems. The results of all this would have been assessed with business management (MIS does not tell business what to do, we help them make their decisions
I left my body to science, but I'm afraid they've turned it down...
Some of it may be personality, that I don't give up when I am right. That I asserted my rights and after trying to work with them, I demanded my rights. You have not dealt with the MSI management (from what you said).
MSI did have a good benefits package. The package included short term and long term disability policies. These policies paid me for the same illness and time off that I was fired for taking(the insurance company would not pay the money unless they determined that I could not work, insurance companies don't pay out money to be nice).
Mattel is continuing this case. Even though Mattel paid the judgment, they continue with a libel suit. Neither MSI, TLC, or Mattel prior to filing suit stated what was factually incorrect in 3 year. Have you?
You are right, anyone who sticks up for their rights must be either a loser or mentally ill!
My site has helped others going though similar problems, is it wrong to help?
RSI injured geek wins against Mattel, Mattel still retaliates!
If you are down at 12:01 on New Years' Eve, a holiday, and Saturday... big deal. Nobody is shopping then anyway.
Yes, but people might be surfing our site, or sending email (What about the other 95% of the planet, who are in a different time zone?)
Planned downtime is a lot better than unplanned downtime.
Yes, but _NO_ downtime is better than any downtime at all.
"Specious" or not, if you take your site down so that "someone else can't" then you're just doing your enemies work for them.
My network gets hit with over 100 attacks (script kiddie hack attempts) every week... and the majority of those (>50%) happen on the weekend. Should I then recommend to my boss that we should take all the web servers, email servers, and DNS servers offline every weekend "just in case"?
I didn't think so.
All the assertions I've seen to the contrary have so far been completely stupid.
I don't know how you define "stupid", but your statements would certainly fall under _MY_ definition of "stupid."