• FooBarrington@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    4 hours ago

    Even if such parsers aren’t used directly in critical systems, they’ll surely be used in the supply chains of critical systems. Your train won’t randomly derail, but disruptions in the supply chain can cause repair parts not to be delivered, that kind of thing.

    And you can be certain such parsers are used in almost every application dealing with datetimes that hasn’t been specifically audited or secured. 99% of software is held together with duct tape.

    • friendlymessage@feddit.org
      link
      fedilink
      arrow-up
      1
      ·
      3 hours ago

      True. But I wouldn’t see this as extremely more critical than the hundreds of other issues we encounter daily in software. Tbh, I’d be glad if some of the software I have to use daily had more duct tape on it…

      • FooBarrington@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        60 minutes ago

        I think you might be underestimating the potential impact.

        Remember the Crowdstrike Windows BSOD? It caused billions in damages, and it’s the absolute best case scenario for this kind of issue. Our potential Y10K bug has a bunch of additional issues:

        • you don’t just have to patch one piece of software, but potentially all software ever written that’s still in use, a bunch of which won’t have active maintainers
        • hitting the bug won’t necessarily cause crashes (which are easy to recognize), it can also lead to wrong behavior, which will take time to identify. Now imagine hundreds of companies hitting the bug in different environments, each with their own wrong behavior. Can you imagine the amount of continuous supply chain disruptions?
        • fixes have to be thought about and implemented per-application. There’s no panacea, so it will be an incredible amount of work.

        I really don’t see how this scenario is comparable to anything we’ve faced, beyond Y2K.