Language Selection

English French German Italian Portuguese Spanish

Y2038 bug may hit Unix, Linux machines

Filed under

After the Millennium bug for which several billions of dollars were committed for research and updations in computer systems the world over, there is yet another bug on the horizon. It is the Year 2038 bug that is slated to hit computer users in that year.

To be precise, on Tuesday, January 19 03:14:07 2038, machines prone to this bug will alter calendars to go back to Friday, December 13 20:45:52 1901.

Computer programmers predict that this can result in incorrect and wildly inaccurate dates being reported by the operating system and applications. It is likely to cause serious problems on many platforms, especially Unix and Unix-like and Linux platforms, because these systems will "run out of time". They are reluctant to predict the extent of the damage.

What is special about this date? It is explained that Unix and similar operating systems do not calculate time based on the Gregorian calendar. Instead, they are known to simply count time in seconds from their arbitrary "birthday", that is, GMT 00:00:00, Thursday, January 1, 1970. The accepted practice among software programmers is to use a 32-bit variable for this number (32-bit signed time_t). The largest possible value for the end integer in this calculation is 2**31-1 = 2,147,483,647. So, 2,147,483,647 seconds after Unix's birthday falls on Tuesday, January 19, 2038. And one second later, theoretically Unix systems will revert to their birth date (like an odometer switching back from 999999 to 000000).

Experts are of the opinion that Linux users will be the hardest hit, because of the wider acceptance of this OS for its security and cost features. They are feared to grind to a virtual halt or go into a loop. This Linux's own Y2K nightmare can be more damaging than the Y2K bug, because the latter basically involved applications while the 2038 bug affects the time-keeping function itself.

Linux gurus are apprehensive about the bug's impact on the embedded field, where software does not get replaced frequently. As such, major telecom gadgets and equipment will be greatly affected. However, one ray of hope is that the 32-bit processing can be replaced thus overcoming the impact of the bug -- definitely before 2038.

But, the optimism must end there. The bug can have severe impact on records created today with calculations going beyond 2038, like insurance policies. There could be error messages splashing on Unix and Linux screens then. And Linux is getting to be the popular operating system these days.

Experts say one and sure-short way to overcome the problem is to switch over to 64-bit or longer time_t data storage. Some of the existing 32-bit codes can be changed and the programs recompiled. However, all these are not very easy tasks.



I'll be dead by then so I'm not worried.

me too

that's what I was thinking... or at least so old I won't care... Tongue

You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Games: Ostriv, Back to Bed, EVERSPACE, Hiveswap: Act 1

Openwashing and Microsoft FUD

BlueBorne Vulnerability Is Patched in All Supported Ubuntu Releases, Update Now

Canonical released today new kernel updates for all of its supported Ubuntu Linux releases, patching recently discovered security vulnerabilities, including the infamous BlueBorne that exposes billions of Bluetooth devices. The BlueBorne vulnerability (CVE-2017-1000251) appears to affect all supported Ubuntu versions, including Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus) up to 16.04.3, Ubuntu 14.04 LTS (Trusty Tahr) up to 14.04.5, and Ubuntu 12.04 LTS (Precise Pangolin) up to 12.04.5. Read more

Security: Updates, 2017 Linux Security Summit, Software Updates for Embedded Linux and More

  • Security updates for Tuesday
  • The 2017 Linux Security Summit
    The past Thursday and Friday was the 2017 Linux Security Summit, and once again I think it was a great success. A round of thanks to James Morris for leading the effort, the program committee for selecting a solid set of talks (we saw a big increase in submissions this year), the presenters, the attendees, the Linux Foundation, and our sponsor - thank you all! Unfortunately we don't have recordings of the talks, but I've included my notes on each of the presentations below. I've also included links to the slides, but not all of the slides were available at the time of writing; check the LSS 2017 slide archive for updates.
  • Key Considerations for Software Updates for Embedded Linux and IoT
    The Mirai botnet attack that enslaved poorly secured connected embedded devices is yet another tangible example of the importance of security before bringing your embedded devices online. A new strain of Mirai has caused network outages to about a million Deutsche Telekom customers due to poorly secured routers. Many of these embedded devices run a variant of embedded Linux; typically, the distribution size is around 16MB today. Unfortunately, the Linux kernel, although very widely used, is far from immune to critical security vulnerabilities as well. In fact, in a presentation at Linux Security Summit 2016, Kees Cook highlighted two examples of critical security vulnerabilities in the Linux kernel: one being present in kernel versions from 2.6.1 all the way to 3.15, the other from 3.4 to 3.14. He also showed that a myriad of high severity vulnerabilities are continuously being found and addressed—more than 30 in his data set.
  • APNIC-sponsored proposal could vastly improve DNS resilience against DDoS