Folks,
I've corrected some typos, revised a few words, and added some 19 footnotes (and a chart) to provide some backup and corroboration for the points I was trying to make.
As before, it's available at An Open Letter to Alan Greenspan
Paul, I'm sure this version will still fail your "molly-coddling" benchmark, but this is the best (and perhaps the only) way I know how to communicate.
As always, feedback and comments are welcome.
Ed
-- Ed Yourdon (HumptyDumptyY2K@yourdon.com), September 19, 1999
Answers
What a knock-out response to Alan Greenspan.
Thank you for both the response and formulating it so quickly. You might be surprised as to how
influencial it has been to people in my circle who sent me Greenspan's comments by way of ridiculing
my spectical viewpoint. I forwarded your article to them. Their tune has changed within hours.
Amazing the power of analysis.
IdProQuo
-- IPQ (IdProQuo@aol.com), September 19, 1999.
Okay ... "skeptical." Whatever.
-- IPQ (IdProQuo@aol.com), September 19, 1999.
spectral?
-- Mara Wayne (MaraWayne@aol.com), September 19, 1999.
How odd, as I was writing in my comments on this old Norwest
brochure, before I had read Ed's open letter, I used that same
analogy about having a house built. Some kind of wavelength UFO thing
or what? Anyway, here it is again, but with my sarcasm and questions.
Maybe just junk, but it seems relavant to me. How about it Mr G? Will
you respond to us, the Great "Un-Wise"?
THE YEAR 2000
Dealing With the Millennium Bug
-------------
"All of us have a responsibility to ensure the highest priority is
placed on the Year2000 Project within our business units, so that
we're ready for business as usual when the new century dawns. Our
goal is that, by year-end 1998, all systems supporting Norwest
businesses will handle the year 2000 without visible effect on our
customers."
Dick Kovacevich, Chairman and CEO, Norwest Corporation.
["� by year-end, 1998 ALL systems�it does NOT say "substantially
all", it says "ALL"]
The Year2000 Problem
The Year2OOO problem, issue, challenge. The Millennium Bug. Y2K.
Whatever you call it, every organization must deal with it. Ignoring
it could put you out of business. Correcting it may be the largest
systems project you've ever undertaken. And the time to get started
is now!
[Ignoring it could put you out of business]
At one second past midnight on January 1, 2000, many of the world's
computer systems will stop operating properly - or entirely. Why?
Because, after December 31, 1999, most computers won't know what year
it is. Is the problem really serious? Will it affect your company in
any significant way? We believe the answer to both those questions is
yes. We've produced this special brochure to alert Norwest customers
to the urgency of the Year2OOO issue and the importance of dealing
with the Millennium Bug before it bites you.
[Will it affect your company in any significant way? �yes, but it
WON'T be "Visible." To me this is a rather telling statement, in
other words, Norwest's non-compliance WILL affect me in a significant
way, but they won't tell me.]
Q: What is the Year2000 problem?
A: Most of us are accustomed to writing the year in shorthand, that
is leaving out the century and just writing the last two digits - '97
for 1997, for example. When the calendars roll from 1999 to 2000,
we'll know that '00 means 2000. Unfortunately, our computers won't.
Most com-puter programs were written to provide two digits for dates,
not four. So, when the year changes to 2000, a computer may
incorrectly read '00 as 1900.
["Unfortunately, our computers won't." Won't what? Work? Duh.]
Q: How will that affect my organization?
A: The Year2OOO problem affects any computer program that produces
information based on time or date. For example: accounts payable and
receivable, inventory tracking, and interest calcu-lations. When
computers use the wrong dates in calculating billings, earnings, and
date-sensitive information, the result will be errors in calcula-
tions, invoices, and processing - and, in some cases, complete
computer failure. Consider the information your business needs that
requires the calculation of how much time has passed from one event
to the next. When was this product produced? When is this invoice
due? When should this machine undergo maintenance? When must we make
payment to avoid late charges? When will this perishable product no
longer be safe? Now consider what would happen if your com-puter
could no longer make those calculations.
["When computers use the wrong dates in calculating billings,
earnings, and date-sensitive information, the result will be errors
in calcula-tions, invoices, and processing - and, in some cases,
complete computer failure" In other words, when Norwest's computers
fail, I will be affected, again, DUH!]
Q: Does this affect all computers?
A: Yes, because essentially all computers use dates for part of their
processing. The starting point for most dates is built into the
computer. Software uses the date provided by the computer for calcu-
lations using data that is entered or stored in files. If the
hardware, software, or data uses a two-digit year, the entire system
is at risk. The size of the computer is not a factor; the risks are
the same from PCs to mainframes. The problem is particu-larly serious
because almost all large computers and many PCs are linked together
to process information and manage other systems and devices. Errors
in or failure of one computer could have wide-ranging impact.
[ "All computers", "linked together", "entire system", "wide ranging
impact", this sounds like a "Systemic" problem to me]
Q: Are computers the only system at risk?
A: Unfortunately, no. Any electronic devices controlled by computers
may be affected. These include elevators, heating and cooling
systems, utilities, leased equipment, building access controls and
security systems, vaults, phones, fax machines, clocks, and more.
Many of these automated systems contain microchips that are triggered
by date-sensitive information.
[Unfortunately!]
Q: How did we get into this mess?
A: The seeds of the Year2OOO problem were plant-ed decades ago when
programmers instituted the practice of representing dates as two
digits instead of four. At the time, two digits saved two valuable
commodities: money and memory. They saved labor costs at a time when
most data was keyed onto 80-column punched cards then fed into a
computer. They saved computer memory when there was very little
memory available. Even when memory ceased to be an issue, money
remained one. The thinking went, why spend money to fix something
that isn't broken? And the year 2000 seemed very far away.
["The thinking went, why spend money to fix something that isn't
broken? And the year 2000 seemed very far away." Amazing, here is
someone actually admitting their lack of foresight! And now we are
supposed to trust these people? Why should we? They have already
proven they blew it!]
Q: How difficult is it to get out of it?
A: It isn't that the solution is so difficult. It's that the problem
is so massive. To change from two-digit to four-digit years,
organizations have to analyze every hardware and software system
operating in the company - every platform, application, database,
internal and external interface - to discover every line of code in
which date references are imbedded. Then the programs must be
rewritten or replaced and integrated back into your operation. It's
not as simple as giving "find" and "replace" commands to your
computers and computerized systems. We all wish it were.
[It's that the problem is so massive, not that greedy banking
executives kept putting it off!]
Q: How long will this take?
A: We can't speak for your organization, but Norwest has
approximately 100 million lines of code installed throughout the
corporation in main-frame and distributed systems. We estimate that
it will take one million plus people-hours to assess, repair, replace
or retire, and fully test our systems.
[Let's see, 100 million lines of code, one million plus people hours,
that works out to 100 lines of code per hour. I wonder who can
examine 100 lines of code, find and fix the errors and return those
100 lines to service with no errors, in 1 hour? No wonder they pulled
this brochure!]
Q: How much will it cost?
A: Norwest and other companies that have begun to tackle the Year2OOO
problem have found it to be larger and more costly than originally
expected. The IRS has ruled that Year2OOO re-programming costs can't
be amortized; they must be expensed. It's important to plan ahead for
the costs, so they don't cause cash flow problems for your company.
Plus, the longer you wait, the more expensive it will get, as the
supply of programmers able to fix the problems will rapidly diminish
as demand for their services increases.
[�"have found it to be larger and more costly than originally
expected." But HOW MUCH? They still don't know. How about that, how
would you feel if you hired a contractor to build a house for you and
they not only over ran the initial estimate, but then told you the
house would be no good unless you agreed to spend an unlimited and
unknown amount to finish it? And then added that even with an
unlimited budget, it may never actually be habitable? And then,
started telling you the problem was not their shoddy and
irresponsible management, but your desire to move in?]
Q: Aren't there off-the-shelf correction programs we can use?
A: There are tools available to help you assess where date-sensitive
problems may lie, and it's probably worth investigating them.
However; each company's systems are unique. Your programs may be
written in a variety of programming languages. The symbols used in
various programs to represent dates are likely not consistent. Your
applications may have been revised or modified over the years, and
they may connect and inter-connect to other applications in unique
ways. If you wait for an off-the-shelf solution, you may find your
company in serious trouble when the millennium rolls around.
[�"you may find your company in serious trouble when the millennium
rolls around." YOUR company? What about Norwest? Are they in serious
trouble? Have they been waiting for that "Silver Bullet"? Uh, yep, I
think they are STILL waiting for it, just like that 65% of
organizations are.]
Q: If I get my systems fixed, what about my vendors systems?
A: You're right. The Year2OOO problem does go beyond your own systems
and programs. Consider your payroll processor; your stock transfer
agent, your foreign manufacturers, your employee benefits providers.
You will need to contact every supplier and organization you exchange
information with or rely on to make sure their computer fixes are
compatible with yours, and yours with theirs. You will want to test
the interfaces between your companies to make sure everything works.
You should also contact vendors that have supplied you with any
automat-ed systems - computer hardware, software, and computerized
equipment - to learn when and how they plan to make their products
and services Year2OOO compliant.
[According to their website, they will NOT respond to questionnaires,
so just how do we get this information from THEM?]
Q: How soon will the Year2000 problem become a concern?
A: It's a serious concern NOW! Financial institu-tions such as
Norwest must have their systems re-programmed and tested by December
31, 1998. In our view, 1999 should be a year to re-test to ensure all
systems are "Go" by January 1, 2000. If yours is among the 65% of
organizations that have not yet begun to assess the impact of this
critical problem, start today! This is one deadline that is not
negotiable.
[The smoking gun� "Financial institu-tions such as Norwest must have
their systems re-programmed and tested by December 31, 1998" Emphasis
NOT mine. "This is one deadline that is not negotiable."
Nevertheless, they negotiated it to June of 1999, and even now, with
14 weeks left, they are not done. So much for a non-negotiable
deadline. Also, I wonder where they got the 65% figure? Perhaps they
have access to "inside" information? ]
Q: How do we get started?
A: By becoming aware of the urgency of the Year2OOO problem, you've
taken the first step. Now it's time to assess your systems and formu-
late your Year2OOO battle plan. Call in your systems programmers for
their advice, and treat them well. They could be your most valuable
allies as the 1900s draw to a close.
[Battle plan? I should have a battle plan? Should my battle plan
include ceasing to do business with non-compliant vendors, like
Norwest? Does this mean I should take my money out of the bank?]
There are many facets to the Year2OOO problem. Make it your business
to be informed. The Internet is a vast resource on the subject. For
starters, check out , ,
and . If you would like to know more
about Norwest's Year2OOO project, talk with your Relationship Manager
or Banker, or call 1-800-805-6571.
[This is the information given to me by my bank in October of 1998. I
have the brochure, which has since been replaced by an "updated"
lawyer approved version. According the most recent information from
Norwest, they will discontinue doing business with vendors who are
non-compliant, why shouldn't I adopt the same policy and cease doing
business with my non-compliant vendor, Norwest? ]
-- Tim Castleman (aztc@earthlink.net), September 19, 1999.
Dear mr. greenspan,are you jewish-if-so what does the TORAH say about=lying?
-- it is written. (dogs@zianet.com), September 19, 1999.
Ed -- I did a text search of your paper on the following words:
fraud, dishonest, fiat. No mention of any of those in a banking
system context.
-- A (A@AisA.com), September 19, 1999.
A,
Re the non-use of "fraud," "fiat," and "dishonest": I wasn't attempting
to comment on the banking system in general. Among other things, I
have no credentials in the banking field per se, and there's enough
amateur commentary about banking on this forum already .
I do feel qualified to talk about software, software projects, software
defects, and related topics. And I do feel that I've got a credible
basis for critiquing a speech that basically argues that Y2K is no
longer a serious threat to the economy, the banking system (whether or
not it's good, bad, or neutral), the government agencies that provide
our services (again, without regard to whether those services are good,
bad, or indifferent). I thought that was enough to tackle in one
essay...
Ed
-- Ed Yourdon (HumptyDumptyY2K@yourdon.com), September 19, 1999.
dEAR MR. YOURDON, seeing that your a sorta leader type fella,what about your spiritual STAND? OH please don,t tell me, it,s a private thingee,JESUS said whoever is ashamed of him BEFORE Mere men, HE jesus WILL BE ASHAMED OF BEFORE GOD. there ain,t no secret agents in HIS KINGDOM.WHAT DO YOU THINK OF AMERICA,S MORAL-DECLINE?HOW LONG DO YOU THINK GOD WILL LET US'GIVE HIM A COLD SHOULDER?WILL TECHNOLOGY [SAVE US?]
-- not ashamed of the TRUTH. (dogs@zianet.com), September 19, 1999.
Ed, I just wanted to drop you a note of encouragement for all of your effort in this regard. Your style of communicating has already saved more lives than any fire breathing name calling - mine and my family's included.
-- James (b@b.com), September 19, 1999.
Ed - I have the following fundamental concern about what Greenspan
has said. The all-important contingency or backup plans that
companies will have in case all is not really fixed assumes as part
of those plans a need to stockpile. Yet Greenspan seems to be saying
that virtually no companies have started to stockpile and that very
few will be able to. If that's true, then my concern has risen a
major notch. (I have similarly been concerned about what proportion
of companies or agencies are relying on backordered software,
hardware or supplies that will not be available in time, yet their
public assurances that they will be ready by a certain date assume
that they will be.) All of this adds up to the need to be 100%
remediated, because the contingency plans are destined to fail.
-- Brooks (brooksbie@hotmail.com), September 19, 1999.
Congrats Ed for your outstanding reponse to Mr Greenspan.He is
brilliant but your points show exactly where he missed the boat.I
resented his implication that those of us who have prepared for
possible disruptions are in the camp of the ignorant and
unpatriotic.Will Mr Greenspan give me 100% assurance and give me
assistance if there are problems in 1/00?When is being prudent anti-
American?Your point about contingency plans apparently being wise
for businees and government but not for Mr American Citizen was
beautiful.You clearly showed the subtle dishonesty of his comments
which will surely create more complacency than ever.Thanks for your
efforts antway.I appreciate them.
-- Dennis Chornomaz (Dchorno@aol.com), September 19, 1999.
Ed,
I think the content and tone of your letter are excellent. Some folks
on this forum seem to feel that you ought to sound the alarm, but I
like your approach of politely poking at the holes, as if to say,
some of us aren't fooled. My comments follow.
1. EY: "Meanwhile, the more serious flaw in your optimistic
assessment is that the difficult Y2K problems will involve interfaces
and interactions between companies."
This sounds as if interfaces is part of AG's assessment, whereas it's
really an omission in his assessment. This is made clear in the rest
of your paragraph, but I'm just trying to close off any weasel room.
2. EY: "In the worst case, when a bank fails, the FDIC will use
whatever banking records it can obtain to determine the status and
balance of customer account."
It's actually worse (for the public). FDIC regulations state that so
long as the bank's records are consistent and unambiguous {even if
they are wrong}, the depositor's records (statements, canceled
checks, etc.) are irrelevant.
3. AG: "But as I mentioned earlier, the probability of a cascading of
computer failures in mission-critical systems is now negligible,
given the testing that has been done, the backup plans that are in
place, and the great adaptability and ingenuity of the American
worker."
Your answer might be expanded to include cascading of computer
failures across an entire industry or even across industries, and the
difficulty in arranging testing on such a large scale.
Also, how does AG define negligible? 5%? 1%? .01%?
4. AG: "If only a small percentage of businesses choose to add to
their inventories as a hedge, the effect on production will be
insignificant. However, should a large number of companies want to
hold even a few extra days of inventories, the necessary, albeit
temporary, increase in production (or imports) to accommodate such
stock building could be quite large. Bottlenecks could develop, and
market pressure could ensue. Thus, the more we share information, the
more informed our decisions and, hence, the smaller the need for
precautionary hedging.."
Not necessarily. The information might tell businesses that things
are in worse shape than they thought, which in turn may require even
more hedging than had been planned.
5. The quote of Luigi Pirandello seems to be missing a close quote.
Thanks again for your efforts.
-- David L (bumpkin@dnet.net), September 20, 1999.
Dennis, "Ignorant and unpatriotic."?? Same tactic and guilt trip the
Chinese government uses on the people when they are about to lose
control and demand more from the people. Of course for govenrment
officials it's always "don't do as I do, but do as I say." They have
the best of both worlds, control, control and more control.
-- ~~~~~ (~~~~@~~~.com), September 20, 1999.
Ed, good work. A lot more... what's a good phrase here...
"impassioned edginess" than much of your other work. AG strike a
nerve here?
re: chance negligible of cascade failure comment by AG. Comparing to
other works of Alan, his statements here leave open to interpretation
the results of the testing - he did not say successful remediation -
and because of backup plans reference, one could infer the testing
proved problematic and the need for the good ole American fix means
the backup plan is a work in progress... in other words, "the risk is
negligible because we have found there are numerous problems therefore
the problems are not unknown, and the plan is to have someone smart
fix them on the fly and by so doing we will avoid cascade failures"
Seriously... 2/3 of his reasons as to low risk depend on contingency
plans and the "silver-bullet man (or woman)"? Gives one that warm
fuzzy feeling. If he were talking interest rates the market (and I)
would be expecting a rate hike. I can hear it now... "The chances for
a rate hike are slim based on the data, other factors which affect the
data, and assuming the consumers take the right actions so as to
affect the data in the right way." Then... "well we had to raise
rates because other factors and actions taken did not affect the data
as we would have liked"
MAybe it's just me, but I think the gov is starting to release "clues"
on purpose. The famed Navy report - stays online, AG's between the
line stuff, some other things said by Kos. on roadtrip (was it
Indiana?) ("definitely prepare for 3 day storm"), Other "works" people
keep finding.
-- W. Stalcup (wd.stalcup@toptexas.com), September 20, 1999.
Greenspan:
1. Has been a professional programmer
2. Worked in a professional IS shop
3. Managed IS projects (not to mention the Federal Reserve)
Here's the REAL IS work Yourdon has done:
0
So where's his credentials? Give me a reason to believe he has even a
fragment of an idea what goes on in IS shops.
-- N.Arro (Anony@mous.com), September 20, 1999.
Ed, with an attitude like that you are never going to get a job
managing software projects. You have to tell the top dogs what they
want to hear.
"While we're on the subject of Nasa" Too funny. There you go airing
that dirty laundry again.
To the poster above, Ed has 30 years experience in IT which is how he
developed his bad attitude. He has authored many books, done the
lecture curcuit, etc.
-- Amy Leone (leoneamy@aol.com), September 20, 1999.
Amy,
I wrote software when I was a wee young lad (including the assembler
for the PDP-
8, and the FORTRAN math library for a couple of DEC machines, among
other things). I managed software projects when I got a little older,
and saw the politics first-hand. I've been a consultant for quite a
while now, and I get a chance to visit more companies and observe more
projects than most of the programmers down in the trenches will see in
a lifetime.
One of the advantages of being a more-or-less independent consultant is
that you don't always have to tell the top dogs what they want to hear.
You have the option of telling them what you feel to be the truth, in a
polite, constructive fashion; sometimes they'll listen, sometimes they
won't. If they get annoyed by what you're telling them, you can agree
to disagree, and move on to find another client. It's one way of
maintaining integrity in today's business environment...
Ed
-- Ed Yourdon (HumptyDumptyY2K@yourdon.com), September 20, 1999.
Gee, Ed, you yourself must be mistaken about what you yourself have
done in your own career. Somebody called N.Arro (Anony@mous.com) says
you ain't got none of that there IS experience.
Geesh.
(I started out on a PDP-11/40 running RSTS V6C. Some COBOL
compilations would literally take hours of elapsed time.)
-- Lane Core Jr. (elcore@sgi.net), September 20, 1999.
Ed,
Thanks for another thorough article. I am going to send the link on
to my SDGI (still don't get it) family members.
I am curious about your decision to include "World Net Daily" as a
source. The article was shocking. I am under the impression that WND
has a reputation for presenting stories in a sensational manner, and
often with an anti-government bias (sometimes even leaving out
important facts that would give the story a different 'spin').
Personally, I would be able to give more weight to the article if the
source had been an LA paper, AP, or Reuters.
Thanks again,
Berry
-- Berry Picker (BerryPicking@yahoo.com), September 20, 1999.
Berry Picker,
Re the WND article ... yeah, I debated (with myself) about putting in
that reference. But I think that all of the warnings about people being
victims of criminals if they withdraw money from the bank is also
pretty sensationalist -- and it's being repeated over and over again by
all the Fed authorities, bank spokesmen, etc. So even though I'm not
sure how much credibility to put in the WND article (I agree, it would
have been better if it came from Reuters or AP), I thought it was worth
a brief mention, in order to reinforce the overall point in that
paragraph that there is a broad spectrum of risks that we citizens have
to contemplate whenever we make financial decisions.
Ed
-- Ed Yourdon (HumptyDumptyY2K@yourdon.com), September 20, 1999.
Well, you are polite and sometimes quite humorous. Still you must
know what they say about fighting city hall. They are always bigger
than you and there are always more of them. The best tactic for a
big enemy is to go around them (called manuver warfare) rather than
attempt to confront them. Of course I have no idea how you would do
this. I just can't stand watching you get beat up.
-- Amy Leone (leoneamy@aol.com), September 20, 1999.
Ed,
You may not be aware that the story of the tragedy in Compton
was also reported in the LA Times on August 26, and in several
subsequent articles. The first was referenced here in:
Compton story link
While the link to the LA Times story is obsolete, the report
is in their archives, but while it seems that it may be
searchable, it seems not to be linkable.
Jerry
-- Jerry B (skeptic76@erols.com), September 20, 1999.
From: Y2K, ` la Carte by Dancr near Monterey, California
For those who may have missed it, the handle of N. Arro, above was the
name used in an earlier character assassination.
Ed -- Thanks so much for all the work that you do. When I hear people
like Greenspan speak, I get so discouraged. I printed out the first
draft of your article to share with my husband, even though I have
long ago been told that he didn't want to hear another word about Y2K.
I felt justified in doing this because he had told me that "One has
to listen to Greenspan, you know. Anyone would have to be a fool to
think he doesn't know what he's talking about." I don't know if
he'll read it or not, though. I doubt it.
As impressed as I was with the first draft, the second is much
improved with only the addition of the footnotes. I have only cosmetic
comments, in addition to the comments I shared privately about the
first draft. I post them here, publicly, so that you may hopefully
avoid receiving 1000 or more similar comments in your mailbox.
An additional space is needed between the italicized word "Journal"
and the hyperlinked word "article" in first paragraph.
Link #2 in the footnotes does not work for me.
In footnote #10 ASsistance should be Assistance.
I can't read the percentages at the top of the bars on the graph.
-- Dancr (addy.available@my.webpage), September 20, 1999.
Ed:
Recomend you include the "time" (8 months delay in opeing the Denver Airport ?) as an example of the time that "fixing" computer problems inside of complex systems may take.
One thing I've consistently noticed is that the y2k problem is seen as a "programming" problem, and so "programmers" have to discuss its implications. Once outside of the "code" itself in the bigger systems (COBOL mainframes is the classic example), which only programmers can correct, or outside of the "business-business" or "business-government" data exchanges, the rest of the impact is in management, is between business divisions and departmetns and people, and is inside of production or distribution PROCESSES.
Thus, despite what the anonymous poster above claims, does it matter what older programming experience Greensan has? Or even your experience for that matter? The ability to recover from a control or data problem in a water plant, in a warehouse distribution system, or in a manufactoring facility is an industrial and civil engineering function: the programmer is only one small step in the process.
Greenspan (and every other federal spokesman I've heard) can only address (at this stage) the banks, a limited bit of the Socail Security System, and parts of the Security and Exchange processes, at most only the 8% of the federal systems that have been declared mission-critical have been remediated.
Consider independent testing. With the possible exception of the FAA - who have been unable to tell us whal exactly systems have been tested, much less audited by SAIC- and the NRC's 120 power plants, what other systems (worldwide) have been independently audited other than the banks? Now consider that of the 120 US nuclear power plants, "exceptions" and delays were required for 26 to be declared compliant .... despite having the best maintained and best documented designs, the best vender support, and the most highly trained operators of all power plants in the US.
How can we reconcile the fact that: the only independently-audited group of power plants receive a 78% completion rate, while the self-reported data from the non-nuclear group of power plants shows these are 99% successful, and all finished on time?
No other systems have been audited.
-- Robert A. Cook, PE (Marietta, GA) (cook.r@csaatl.com), September 20, 1999.
Moderation questions? read the FAQ