Systems suffer new year hangover

Software systems across the world went haywire on 1 January because they were not programmed to handle the year 2010.

Many of the world’s largest companies were caught out by the problem, which left up to 30 million people in Germany unable to withdraw cash from ATMs or use credit cards, while shoppers in Australia could not use debit cards in retailers’ point-of-sale systems.

In the UK, organisations using Symantec’s network access control software to protect themselves against spam and viruses were unable to receive updates due to a similar bug, potentially leaving them open to attack from malware launched after 1 January.

Another problem affected Microsoft Windows Mobile smartphones, with text messages received from 1 January onwards dated as having been sent in 2016. Elsewhere, users of the PalmOS calendar application on Palm smartphones complained that the software stopped working on 1 January 2010, showing blank pages for the year.

Organisations using Cisco’s CSM load balancer faced network application performance problems when the default cookie expiration was set to 01/01/2010, while SAP databases were affected by an issue that caused spooled print and email requests to be given the wrong date, 01/01/2100, meaning they were never deleted from the queue.

The fact that both the Australian Bank of Queensland’s EFTpos terminals and Windows Mobile smartphones experienced the same problem is probably no coincidence.

The date 2010 is commonly represented as a binary code decimal by devices but is interpreted as a hexadecimal number by others, which translate it into 2016. The hexadecimal system uses 16 digits, 0 to 9 plus A to F, rather than 10 in the decimal system and is favoured by computers because of its ability to handle large numbers. Any system set to hexadecimal that discounted the first two digits of the year will have read “10” as “16”.

The “Decennium Bug” has been likened to the infamous Millennium Bug, which was widely expected to cause havoc on 1 January 2000 but actually turned out to be a damp squib.

The problem on this occasion arose because many software applications, particularly those written for mainframe computers in the banking industry, were never intended to last until the end of the last century, meaning programmers accounted only for two- rather than four-digit dates.

The level of anticipation in 2000 meant that organisations made sufficient alterations to their software to handle the date changes at that time, but some contributors to software developer forums believe the 2010 problem was caused by stop-gap application recoding to handle the millennium bug 10 years ago. They also warn that similar problems could occur in the future.

One disgruntled developer wrote: “A lot of people made a lot of money by delaying the problem for 10 years or more. Other common dates of 2030, 2031 and 2050 were used by coders who instead of changing years to four digits or more, simply used a slider window of ‘if greater than xx then 19xx, else 20xx’.”

The Symantec Endpoint Protection Manager (SEPM) server application checks whether corporate spam, virus and intruder detection system databases have been updated to handle the latest malware, but would not recognise any date later than 31 December 2009 11:59pm, which meant customers were unable to get updated virus definitions.

At the time of writing, the company was working on a solution, promising to update customers when one became available. In the meantime, instructions on a temporary workaround that time stamps SEPM updates as December 31 2009 can be found at http://tinyurl.com/y9vdw22.

The texting issue affects Windows Mobile smartphones running on OS 6.1 or 6.5, but was attributed to the mobile phone provider’s centralised SMS gateway clashing with the device’s in-built clock. Microsoft says forcing the software to use the phone’s own clock rather than the operator’s SMS gateway eradicates the problem, while downloading the latest version of Palm’s software, webOS 1.3.5.1, resolves the problem with its calendar.