Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bringing E-Com Sites Down for Y2K?

Posted by Cliff on from the better-safe-than-sorry dept.

dlb asks: "With Jan 1, 2000 just days away, the large wholesaler that employs me made the decision to disconnect our e-com web site from the rest of the 'Net. This was a heated debate for the past two months in the upper ranks between the paranoid and those who believe that bringing the site down manually is no different than some external entity creating the DoS for us (not to mention the loss of sales). For the other IT Professionals out there, are your companies bringing their sites offline this weekend? Why or why not?" Well, I guess if you are going to buy the hype, it's better safe than sorry, right?

6 of 208 comments (clear)

  1. *WHAT* sales? by lorimer · · Score: 4


    It's New Year's Day. What sales did they think they were going to generate ANYWAY? Everyone will be recovering from their hangovers, watching TV, or doing something TOTALLY unproductive.

    "normal" stores close on New Year's Day and don't seem to suffer any significant impact, right? I figure it like this: if one day per year is going to actually MATTER in your finances, it is time to quit using the company AMEX for those $1000-a-night strip club outings. Sheesh.

  2. I don't understand. by Kyobu · · Score: 4

    Why would you bring your site down? If the server is left on, it either crashes or it doesn't. If it doesn't, then you're fine. If it does, then you're not. If you turn the server off, however, then it's bad whether or not it's Y2K-ready. If it is, then you just DoS'ed n people, but if it isn't, then it'll explode or whatever as soon as you turn it on and it realizes it hasn't been invented yet. The problem isn't the changeover per se -- the problem is the first time it needs to know the year and it gets it wrong.

    --
    Switch the . and the @ to email me.
  3. If your site is down, you need a new IS manager by Bruce+Perens · · Score: 5
    If your site is down over New Years, think seriously about hiring a new IS manager.

    There are essentially two kinds of IS managers: those with a solid computer science background, and the other kind. To the other kind, computers are magic, programmers perform an un-understandable task, and what could happen is infinite because they have no rational means of assessing risk. They cover up the fact that they don't understand the computers by using buzzwords and keeping current with all of the trade rags so that they seem to be on top of trends.

    If your site can hold up on the average day, it should have no problem this weekend. There will not be a reign of terror by computer criminals (oh yes, if your IS manager calls them "hackers", that's another sign he's not a computer science pro). There will not be unforseen bugs from outside your site that damage you, and if you haven't fixed the inside bugs, well, some dates will be wrong. Big deal. Your backup tapes will not be magically erased on the very shelves where they lie.

    My sites will be up tonight.

    Bruce Perens

    --
    Bruce Perens.
    1. Re:If your site is down, you need a new IS manager by jedinite · · Score: 5
      If your site is down over New Years, think seriously about hiring a new IS manager.
      Amen, Bruce.

      I'm hear at work monitoring my sites (here and here to name a mere few), and I'll be here for the next 20+ hours.

      Our upper management approached me with this same idea... should we pull our sites, or shut down our email, or etc, . My flat out response... NO WAY!

      We're talking very important, very critical e-commerce, e-banking, and e-you_name_it sites that we've spent multiple millions on to keep running 24-7 x 365. Bulletproof sites which practically CANNOT go down due to disaster or mayhem, with state-of-the-art intrusion detection... so I'll be damned if i'm taking them offline due to the fear of a massive "CrackAttackY2k".

      In fact, those sites pulling their servers offline are most likely going to lose my future business (or viewership, or whatever)... because they've definately lost my confidence. Such a big part of a website is public perception... I can't see how pulling your site offline can help that perception.

      I think HNN said it best responding to the Pentagon and the Military Taking Down Their Sites
      If your web site is vulnerable today it will be vulnerable tomorrow. This tells me that you are not confident enough in your own web sites ability to fend off attack but you expect the American public to remain calm during the Y2K rollover


      ---------
      Question: How do I leverage the power of the internet?
      --

      ---------
      There is no try at jedinite.com
  4. Protection against errors, not attacks, silly. by hatless · · Score: 4

    There are good reasons to bring an e-commerce site offline for a few hours if you haven't tested the hell out of every last bit of functionality. You don't want order tables to be corrupted with records with incorrect timestamps, you don't want a bunch of old promotional prices to get reactivated, and so forth. You don't want to be vulnerable to similar problems in external systems your site uses as data sources. And when it's a commerce site, it's not just a cosmetic risk.. it's a business risk. Extremely cautious? Sure. But it's not an irrational move.

    Similarly, if your webservers are running on an OS particularly vulnerable to viruses like, say, NT with Office installed (for generating RTF documents, etc.), you may just want to sit out a few particularly high-risk hours.

    Where I work, I started only a couple of months ago and haven't had a chance to centralize and lock down virus protection. So prior to both Christmas and New Year's Eve, I made sure all Windows desktop systems and our lone NT server were all powered off, and they're staying that way until January 2. And all the fileservers got a full, level-0 backup a couple of hours before.

    I'm not worried about the Mac server we have or the Linux boxes.. The former doesn't have MS Office on it and its System folder isn't shared, and the Linux boxes were installed and configured by me.

    I want to enjoy this weekend, not spend it wondering if I'm going to spend Monday restoring systems from tape or cleaning a corrupted database.

  5. You mean let's be irrational and fearful by Bruce+Perens · · Score: 4
    So you know the status of my electric utility, and the capabilities of my UPS?

    That's a very fearful statement. If you've looked into the situation at all, you know that not only is your electric utility ready to meet the challenge, they have extra staff on duty tonight.

    IS facilities are not in business to provide downtime. If they can't cope with the Y2K roll-over while hot, it's a sign of long-term mismanagement, because the problems should have been fixed years ago.

    Again, if your site is down tonight, it's because your pants are down, buddy.

    Bruce

    --
    Bruce Perens.