Bringing E-Com Sites Down for Y2K? 208
dlb asks: "With Jan 1, 2000 just days away, the large wholesaler that employs me made the decision to disconnect our e-com web site from the rest of the 'Net. This was a heated debate for the past two months in the upper ranks between the paranoid and those who believe that bringing the site down manually is no different than some external entity creating the DoS for us (not to mention the loss of sales). For the other IT Professionals out there, are your companies bringing their sites offline this weekend? Why or why not?" Well, I guess if you are going to buy the hype, it's better safe than sorry, right?
investmentchallenge.com will be up. (Score:1)
I work for Investment Challenge [investmentchallenge.com], a somewhat-large stock market simulation provider. We're confident that our machines won't break, and will be leaving them connected to the rest of the net. I won't be here tonight, but certainly another of the techies will, and I'll have my cel phone on, Just In Case [tm]
I'm hoping that I won't be let down, and that Big Brother won't disturb my party.
/. is a little slow (Score:1)
dlb asks: "With Jan 1, 2000 just days away..."
Days away?!?! Slashdot needs to post stories much faster.
*WHAT* sales? (Score:4)
It's New Year's Day. What sales did they think they were going to generate ANYWAY? Everyone will be recovering from their hangovers, watching TV, or doing something TOTALLY unproductive.
"normal" stores close on New Year's Day and don't seem to suffer any significant impact, right? I figure it like this: if one day per year is going to actually MATTER in your finances, it is time to quit using the company AMEX for those $1000-a-night strip club outings. Sheesh.
My Server at Work is Down (Score:2)
Of course, it's an NT server and it's for a group of about 60 people who work standard 40 hour weeks on the weekdays. I'm more concerned about power fluctuations because our site pulls a lot of juice.
Now the Linux server I use for my websites and mail (not at work!) is staying up....
--
I can't believe it! (Score:1)
An internet connected host should be secured anyway, so what's the big deal (other then Year 2000 paranoia)???
I think it's pretty unprofessional to treat this weekend any different from any other end of year.
Re:/. is a little slow (Score:1)
not really, only one hour
What does it accomplish (Score:3)
VW.com is off the air until 4am January 1, 2000. (Score:3)
I went to check on something there, and was faced with a 1960s style television test signal image, saying that VW.com is off the air until the night passed.
As an aside, I want to make a personal thank you to the Volkswagen Corporation... all through this year I'd been dreading the inevitable marketing hype about "The most anticipated event, the new Millennium Bug," or "the VW2K." Never saw a license plate Y2KBUG or anything. Kudos to avoiding schlock advertising!Re:My Server at Work is Down (Score:1)
Yeah, the only time we take WGZ [wgz.com].(org|com) offline is when our provider folds or sells out and forgets they have customers.
We did a partial shutdown! (Score:1)
I work for a research corporation so fortunately we didn't have any customers with which to deal. We get to spend New Year's Eve with our friends, families or strangers in Union Square.
/*slightly offtopic
Early reports indicate few Y2K problems. (Those places that are actually having problems can't really report them--can they?)
I'm waiting until it hits Eastern Europe before I sound the all clear.
*/
Funny you should ask . . . (Score:2)
Nothing like a little hysteria (Score:2)
---
Servers are down where I work. (Score:2)
1. This way no one has to stay there and watch them.
2. We don't have to worry about damage due to power problems.
I don't understand. (Score:4)
ASC (American Skiing Co) is disconnecting... (Score:1)
The American Skiing company [peaks.com] has chosen to disconnect all internal networks from the Internet at large from midnight last night (ie 00:00 31 Dec 99 EST) until 24 hours after Y2K begins (ie 00:00 1 Jan 00 EST). Since the company databases and stuff are so poorly integrated with anything online, I doubt much will be noticable--but email won't get though, and meTicket [meticket.com] applications on the web won't get processed until at least Tuesday.
OTOH, ASC is largely NT-based and who knows what might crop up. I'm sure IS doesn't.
Site going down for 1.75 days (Score:2)
We run linux(duh), with apache and postgres. I personally have no qualms about the machine staying up, and I am not afraid of the server succomming to backdoors. But I don't pay the bills.
To turn it off, all we are going to do is ifconfig down the alias for their server. The machine will still stay up, running just the same as always.
If your site is down, you need a new IS manager (Score:5)
There are essentially two kinds of IS managers: those with a solid computer science background, and the other kind. To the other kind, computers are magic, programmers perform an un-understandable task, and what could happen is infinite because they have no rational means of assessing risk. They cover up the fact that they don't understand the computers by using buzzwords and keeping current with all of the trade rags so that they seem to be on top of trends.
If your site can hold up on the average day, it should have no problem this weekend. There will not be a reign of terror by computer criminals (oh yes, if your IS manager calls them "hackers", that's another sign he's not a computer science pro). There will not be unforseen bugs from outside your site that damage you, and if you haven't fixed the inside bugs, well, some dates will be wrong. Big deal. Your backup tapes will not be magically erased on the very shelves where they lie.
My sites will be up tonight.
Bruce Perens
Server Outages (Score:1)
Re:/. is a little slow (Score:1)
"just days away...."
that would imply that this story was sent in a few days ago...
Virii and Y2k bugs (Score:1)
As far as I know, we're all y2k bug-free, so this isn't a concern. As for virii in email, those will still be waiting for us on our hosted email servers on Monday -- whether we pull the DSL line or not.
The only thing left to be scared of is DoS and cracking attempts, and I figure we're so small, who would try to make a statement by hacking us??
I figured thet panic caused by any stray weekend or early-monday-morning workers not getting internet access would be worse than the risk caused by DoS and cracking attempts.
I have to do everything I can to ease the panic, not help it spread.
Protection against errors, not attacks, silly. (Score:4)
Similarly, if your webservers are running on an OS particularly vulnerable to viruses like, say, NT with Office installed (for generating RTF documents, etc.), you may just want to sit out a few particularly high-risk hours.
Where I work, I started only a couple of months ago and haven't had a chance to centralize and lock down virus protection. So prior to both Christmas and New Year's Eve, I made sure all Windows desktop systems and our lone NT server were all powered off, and they're staying that way until January 2. And all the fileservers got a full, level-0 backup a couple of hours before.
I'm not worried about the Mac server we have or the Linux boxes.. The former doesn't have MS Office on it and its System folder isn't shared, and the Linux boxes were installed and configured by me.
I want to enjoy this weekend, not spend it wondering if I'm going to spend Monday restoring systems from tape or cleaning a corrupted database.
Pull 'em down? Never! (Score:1)
Stefan.
--
Y2K? Indeed, we ask: why? There's a whole year left in the 20th century.
Re:If your site is down, you need a new IS manager (Score:1)
ebay (Score:2)
The eBay site will be unavailable for Y2K verification from 15:30 PST to 18:00 PST on Friday, December 31 and from 23:00 PST, Friday, December 31 to 03:00 PST, Saturday, January 1. If you try to connect to eBay during these times, you may receive a "Failed to connect" error message.
We hope you'll read Meg's Letter [ebay.com] to the Community. Thanks for your understanding and see you in the Year 2000!
Servers Up (Score:1)
Audi (Score:2)
I don't see why any company should take down their website for Y2k... If the website is going down for Y2K (unlikely) then let it die a natural death. If there are no problems then you haven't lost any business have you.
kepp it up (Score:2)
I have taken all precautions, done tests, applied patches... blah blah blah
btw, i am pretty sure both my linux boxes (at home) aren't gonna rollover, but they are staying on.
I defy the "bug", I will make my stand here!
Re:Not really down? (Score:1)
Y2K Paranoia IS the Y2K Bug (Score:2)
More often than not, remedies for Y2K were worse than the problem. Senseless date expansion in interface files caused needless work.
I hope that VW is really upgrading their site. As a VW driver, I found using their site quite unworthy of their automobiles.
As an outsourced function, my companies web site will stay up as long as our ISP doesn't have any problems hosting it. There are no date sensitive components on our site.
Of course, I think it is silly that my company grounded the fleet over midnight local time, but is in full swing at 00:00 GMT. sigh
Shutting Down (Score:1)
--
Uptime is Key (Score:1)
On a funny little side-note, our NT administrator is re-installing a hard-drive in the NT 4 server sitting next to the Red Hat box. >:)
No Downtime Here (Score:1)
More likely cause of shutdown than Y2K... (Score:2)
We too had a partial shutdown. (Score:1)
I don't understand it, myself, but maybe it has more to do with preventing lawsuits than preventing technical failures.
Acting for PR reasons (Score:2)
Power considerations are the main factor (Score:2)
Paranoia here too :( (Score:1)
distributed.net (Score:1)
-Saxton
_________
Bringing sites down for the millenium weekend... (Score:1)
This (http://2.digital.cnet.com/cgi-bin2/flo?x=dYAKKYA
It is also a lot easier to monitor a live site, than it is to switch on a machine on Monday morning with a simple prayer!
A friend of a friend who works at AT&T Unisource in Holland, is in the former situation and none too pleased about it. Partly 'cos it shows managements lack of faith in the developers networks staff, and also due to the lack of understanding toward the problem itself. Suffice to say that he is not looking forward to Monday morning!
--
"I count him braver who overcomes his desires than him who conquers his
enemies; for the hardest victory is over self." -- Aristotle
--
The opposite (Score:3)
Even if you have PLANNED downtime and announce it, it will shake the customers' confidence.
Re:What does it accomplish (Score:1)
wouldn't. wouldn't. Sorry. And to think I previewed twice.
Re:If your site is down, you need a new IS manager (Score:1)
You're never free from risk--learn 2 deal with it! (Score:3)
It is ridiculous to shut down sites as a precaution against "hacker" or virus attacks. Ask yourself this question:
When I bring the site back up, has the risk of compromise gone away?
The answer is a resounding "NO". There is always a risk of compromise. If the Internet is so dangerous that you have to occasionally disconnect from it to protect yourself, then why do you even reconnect?!?! When you reconnect, nothing has changed except the calendar. Also, how do you know that the hacking hype wasn't designed to get you to disconnect now, and then reconnect days later only to have a false sense of added security since y2k is over and get 0wn3d on the 5th?? Isn't this an unknown, unsubstantiated risk too? You'd better never reconnect then...
The idea of disconnecting due to a y2k virus trigger is equally as ridiculous. April 1 is a more common day for virus and hoax triggers. Should every company disconnect then as well? Also, out of the thousands of viruses, only a handful have been very widespread. A massive virus infestation is historically unlikely.
Disconnecting due to some unknown, unsubstantiated threat is especially ridiculous (look at Seattle shutting down the y2k party...). It's CYA for lame IS and security people, IMHO. There are always going to be unknown, unsubstantiated threats. IS and security folks' jobs are to set up defenses to protect from day to day--that will work regardless of the amount of attacks. Shutting a site down for fear of someone breaking in is a self-induced DoS. E.g. the military sites that are being shut down (see http://www.hackernews.com [hackernews.com] for yesterday and today) during y2k are still going to have the same holes they did on the 1st....
Check out more specific information on y2k virus hype, "precautionary disconnects", etc. at the following links and see what:
"Precautionary disconnect" -- a disturbing new trend [kumite.com]
OVERBLOWN: "Y2k Viruses" [kumite.com]
Y2K viruses: "It's Orson Wells all over again" [kumite.com]
Fearmonger vs. skeptic: a Y2K virus conversation [kumite.com]
The virus grinches who tried to steal Christmas [niu.edu]
-core
Depends on the circumstance.. (Score:1)
People just don't seem to be able to THINK about things. For instance, if the box has a virus that goes into effect when the clock rolls over, isn't it pretty damned likely to activate as soon as you turn the box back on?
In what way is taking the machines offline staving off the date rollover? It aint - all you're doing is postponing FINDING and having a chance to FIX all the problems.
Might as well let it happen on the night when no one expects things to work right anyways.. Who cares about some dumb stigma re: our equipment isn't Y2k compliant - I'm only interested in making sure that it works as soon as possible.
You cannot forsee the unforseen, it's that simple. Be prepared, do backups, and stay alert.
And smack the stupid executives around when they need it. I find yelling at the top of my lungs in meetings is a good way to make a point.
--
blue, who is no longer invited to meetings, but who also didn't have any of the machines he runs turned off for the date-over.
Rationale (Score:2)
Christopher A. Bohn
Web Servers at UC Berkeley (Score:1)
Y2K disaster: All in the Code (Score:2)
The History of Y2K Problems
1994:
VP of IT: I'd like you all to meet Jimmy, the new Intern. Jimmy is a Sophomore from State U. Don't mind his complexion - it'll clear up, he just left his job at BurgerCzar.
Jimmy, it'll be your job to maintain these old systems. Ralph, you've been here 15 years
1995:
VP of IT: Ralph, we find it much cheaper to have interns maintain our code. Sorry, 3.8% raise this year.
1995:
Programmer: Ralph, heard you quit! Good luck in the Consulting market... I'm sure you'll be doubling your income.
1999:
VP of IT: Ralph, this is your old VP Ted. These old systems we have are screwed up! And we understand that your company manages Y2K conversions. Can you help? We'll pay anything!
2000:
CEO: Good job Ted, you saved our bacon! Let's not do that again - let's think about outsourcing all our IT functions to RalphCo. They're the pros. By the way, the president's son, Jimmy, works for RalphCo.
Re:Server Outages (Score:1)
Re:Server Outages (Score:1)
Damn - that really is paranoid. Is it really a concern that water services are likely to go? Badly enough that the toilets won't work anymore?
What an unbelievable waste of time and money. But what can you do...
Re:Servers are down where I work. (Score:1)
When you power your systems back on, are they any more immune to power problems???
This answer is NO! Nothing is different. You are still just as vulnerable to power surges.
If you don't have enough faith in your existing UPSs and power surge equipment to protect you, why will you ever power back up? Do you shut down whenever there is a lightning storm? By your logic, you should. There's millions of volts flying around the air that might come bite you
You purchase UPSs with surge protection to protect you against any surge. An unsubstantiated, unknown y2k surge is not going to be any different...
(BTW, everyone should have a surge protector at your circuit panel as added protection--they're only like $30 and protect everything on the panel by creating least-resistance to ground. You don't need any other surge protector with one of those.)
-core
Not putting down the self-educated (Score:3)
Bruce
It's y2k. if we brought anything down we'd be dead (Score:1)
When you see an e-commerce site go offline for y2k, ask yourself this: "If after this much warning, they don't trust their security or computers, why should you give them your credit card number?"
Wanna buy a big french clock? It's good for 999 days.
Re:If your site is down, you need a new IS manager (Score:5)
I'm hear at work monitoring my sites (here [escout.com] and here [umb.com] to name a mere few), and I'll be here for the next 20+ hours.
Our upper management approached me with this same idea... should we pull our sites, or shut down our email, or etc, . My flat out response... NO WAY!
We're talking very important, very critical e-commerce, e-banking, and e-you_name_it sites that we've spent multiple millions on to keep running 24-7 x 365. Bulletproof sites which practically CANNOT go down due to disaster or mayhem, with state-of-the-art intrusion detection... so I'll be damned if i'm taking them offline due to the fear of a massive "CrackAttackY2k".
In fact, those sites pulling their servers offline are most likely going to lose my future business (or viewership, or whatever)... because they've definately lost my confidence. Such a big part of a website is public perception... I can't see how pulling your site offline can help that perception.
I think HNN [hackernews.com] said it best responding to the Pentagon and the Military Taking Down Their Sites [yahoo.com]
---------
Question: How do I leverage the power of the internet?
I agree with Bruce. (Score:1)
On the other hand, the administrative systems (e-mail, file and print serving) were taken down by the administrative IS managers. Why? Because "they want to be safe". Well, I believe that e-mail is a mission-critical function, but the servers are down nonetheless.
There is one file and print server on our site which will remain up, but only because its my box and it doesn't belong to the "Lets reboot and see if that fixes it" group. That one lone administrative server is running RH 6.0 and Samba. And, of course, I can still send out e-mail from any of my Linux boxen. I had to re-direct my incoming worksite e-mail to my commercial ISP (fire-wall issues made it hard to re-direct to my personal Linux box).
I'm looking forward to the New Year, when I can get more customers to say "I didn't know that there was a NT Server 4.2", which is how the Samba Server appears.
Happy New Year to All, C Novom Godom!
Re:Site going down for 1.75 days (Score:1)
hackers will take advantage of y2k problems to mask attacking systems.
Let's explore this a bit:
hackers will pick the one night that everyone in the world is actually *monitoring* their sites carefully to break in--way 2 go! Many hackers are stupid and there will surely be stupid hackers trying things during y2k. They've been duped by the same hype that y'all have been fed!
It would be much smarter to wait until after y2k and then attack after everyone thinks it's clear...
The other part of the claim is that y2k problems will be used to mask attack attempts.
Hmmm. I can't think of a y2k problem that would cause massive portscanning and buffer overflow attempts to my systems. That would be some screwed up system to log that kind of information due to y2k! "Someone is pingflooding our systems. We must have not caught that y2k bug!".
Do you see how ridiculous this is?
People need to look at these fearmonger claims RATIONALLY . Don't just react--use your heads and make your own decisions based on reason and fact!
-core
Re:Java Java Java Java Java java java java java!!! (Score:1)
Well.. technically the millenium isn't till another year, so save the off topic posting till then eh?
nonsense; let's be rational about this (Score:3)
There are lots of factors, costs, and probabilities that a rational business must take into account when deciding if they should go offline. Like factors beyond the companies' control. Like expected benefit/revenue of staying online and the cost of dealing with a worst-case scenario.
If a company expects to take in some 1 percent of an average days' sales between 11pm and 1am on New Year's (who's shopping, really?), but their systems would cost millions of dollars and three days (== something like 250 times as much revenue as they would lose in a volunatry, two-hour shutdown, plus hardware and staff costs) to restore if heavily damaged in a worse-case-scenario, then who could blame them for giving up very small profits in order to be certain they avoid very high costs?
Bruce, you're getting hyterical about the "technology" and missing the business case. You don't really think we're going to see a headline in the Wall Street Journal like "Ford overtakes General Motors in Q4 1999 due to GM Web site being offline for 120 minutes", or "Amazon underperforms; missed out on big New Year's Eve midnight sales", do you?
Get real.
-Peter
EFF Cracked! (Score:1)
-
How about we just "quarantine" your Email??? (Score:1)
I guess communication with the "outside" world isn't a priority...
+++++++++++++++++++++++++++++++++++++++++++
Subject: Year-end E-mail Process
I am writing today to apprise you of our plans to implement additional controls in our e-mail system from Dec. 17, 1999, to ending Jan. 7, 2000.
Industry research indicates a strong likelihood that computer virus activity will grow dramatically as we approach the year 2000.
To better understand the implications to NAME-DELETED, consider the following:
* On an annual basis, NAME-DELETED receives more than 6 million e-mail messages from outside the company via the Internet. Unfortunately, one in every 1,000 is infected with a virus and is ultimately cleansed by our virus protection software before it is released into our company.
* To date, we have identified more than 42,000 different viruses that have been introduced into NAME-DELETED via e-mail messages. Two of these
viruses actually shut down our network while our virus software vendor created new virus control measures.
* Internet experts estimate that as many as 100,000 new viruses will emerge during the last three months of 1999 and the first half of 2000.
This includes a dangerous new breed of computer virus called the "Bubble Boy" virus, which has the ability to infect a computer without the recipient taking any action to evoke it.
Given the above situation, we have designed an e-mail handling process to lessen NAME-DELETED's risk of having potential viruses introduced into our company during the critical year-end processing period. The basic elements of this process are as follows:
* From Dec. 17, 1999, to Jan. 7, 2000, we will intercept e-mail messages sent from outside the company and hold them for seven days in a repository that is insulated from our company's e-mail system. These "quarantined" messages will be scanned using the most up-to-date version of virus detection software. Once we verify that all viruses are eliminated the cleansed, messages will be released into the NAME-DELETED e-mail system. The seven-day period is required to enable the industry to detect new viruses and create the virus cleansing software changes. Note:
internal messages and outbound messages from NAME-DELETED will not be restricted.
* Upon receipt of each incoming message, a return message will be sent to inform the author that the delivery of this message could be delayed up to seven days. This will prompt the author to make direct contact with you, if appropriate.
* Any messages determined to be "business critical" will be prioritized above the general message population. If the volume is low enough, we will attempt to scan, clean and deliver these messages by the end of each business day. If you believe you have e-mails that fit into the true "business critical" category, please contact your supervisor to determine if an exception process has been established.
If your site is down, you know why - not bruce (Score:2)
While I can appreciate your zeal for placing MIS into two discreet factions, it just isn't that simple.
First, you have no idea what legacy connections exist between front line servers to the Internet a.k.a. web servers. All people see when they go to many sites is just that... a web server. There is no database box or ancient mainframe wide open on the net... also, if there is integration with authentication systems there is a possbility that an internal edict affects the external perception and functionality of a "site".
So, if you want to control input for a time when people will simply NOT be around and there is risk assessment regarding the personal lives of the professionals that report to you. For many the escalation plan is a pager on a belt loop.
Basically, if you airgap a web server you have just cut down the possible attack paths by at least 50% since nobody can come around to hit the site. Or, you have complied with the team decision to take it offline to take any possible stressors off internal systems that form a basis for external funcitonality.
Third, if it isn't a mission critical site then you take it offline and recall the functions. Most good commerce sites will engineer a boolean off value for maintenance purposes. It doesn't hurt anyone... are you intent on browsing heavily while getting toasted on champaign or sparking fruit juice tonite? I have bought some guitar strings tonite and might browse around but you know it isn't critical to me. :)
If you are a business you likely pay salary individuals to ride out situations like this. Since y2k is "hype" and misplaced concerns why not give people a night off so that they don't have to worry about the lesser qualified less certified more likely to play Quake on the corporate network at the expense of the website?
Shutting things down isn't a bad thing. Uptime is cool... but if it is a site that connects to other systems that require additional MIS staffing in the event of a unforseen circumstance are you as a "manager" going to explain to everyone why they need to stay alert just in case?
If your site is down this New Years, think seriously about wanting to be at work on New Years and buy your MIS manager a beer.
I respect what you are saying about IS managers not knowing what is up... but there is more to understanding a complex system than a computer science background.... you just open a whole can of worms when you go there gf.
Most seasoned IS managers know enough NOT to do something stupid.
I just think there is more than one way of looking at things in this area. So, unless you burned in the belly of corporate MIS and was there when things really hit the fan you might want to consider alternative views.
I know I am NOT one of those so I reserve judgement since I don't know all the pieces or the politics. Computers are still run by people ya know.
My sites will be up tonite too...
http://www.mp3.com/fudge/ [mp3.com]
We elected to stay online... (Score:1)
However, after we talked about it further, we decided that the risk in shutting down would be greater. We are leaving things alone, running exactly as usual, so we know any problems are Y2K related.. If we were to make any significant changes and then had trouble, we wouldn't necessarily know where to look.
That argument was compelling enough to me to change my mind and agree to it; we'll be watching to see what happens. We're really not expecting anything major, but we definitely are expecting minor glitches. And we are planning to continue to devote some time to Y2K issues for the next six months or so -- we figure they will keep cropping up for awhile.
We are under no illusions that Jan 1, 2000 is the miraculous End of All Date Bugs.
Waste of the Day for me (Score:1)
If anyone knows of any reason I should be worried about having just installed SP7 for Novell 4.11 please let me know....
All of our web sites are up and running.
www.ets-inc.com [ets-inc.com]is up
www.nasdce.com [nasdce.com] is up (User Name: Free, Password Demo)
even hic.nasdtraining.com is up
for the moment
Here I sit, waiting for a Novell 4.11 server to finish updating to Service Pack 7 for the Y2K fixes. Why? Because I know nothing about Novell. I was an English Major for crying out loud! Yes I'm OK with QuickBasic and am learning VB5, but does that mean I can be an MIS Director?!?!?!?
I wanted to be a technical writer for heaven's sake. I'd love to be one of those lucky souls working on the Sam's and For Dummies / Idiots / Morons / AOL Users Books, but here I sit.
We HAD relations with some IT contractors, but they haven't returned any calls in months, so the people who set up and installed the Novell Server are nowhere to be found.
Yes, I took a few Programming classes, and yes I'm good with computers, and yes, I've only been stumped half a dozen times in the last year and a half as an MIS Director and yes I'm rewriting software we sell for M$ Style prices and not having any trouble with it, but I've never upgraded a Novell server before!
Help!
I'm not worried about the Win95/98 systems. I've installed every necessary patch from MS, Symantec and everyone else.
Ah, for the legendary stability of Linux! Y2K compliant by it's native design! If only I had the time to take the Mandrake install and my copy of Running Linux and become more than a mildly pathetic Linux Newbie.
Now, if Act 4.0 and Omniform 4.0 run under Wine, I'd be able to migrate most of the office to Linux.....
Re:nonsense; let's be rational about this (Score:1)
That is an excellent point. You do not always have control and the ability to mandate or enforce an edict against a utility.
Simply put, if you don't consume that much electricity you just need to suck it up and realize that there won't be a 18 wheel semi loaded with a portable diesel generator to keep your 100 hit per month website up to insure that there will be people downloading the PDF file for how to tear apart their new birdhouse correctly.
Just an example -- if you are an MIS person at a place that makes birdhouses I am just using this as an example ;)
http://www.mp3.com/fudge/ [mp3.com]
Re:Slashdot censorship. (Score:1)
Had I not already posted on this thread, I would have moderated the parent comment down myself.
TigerDirect.com (Score:1)
Another rant about web-site uptime (Score:2)
Imagine an internet provider with the feature that they will cause your site downtime when it hits an arbitrary transfer limit for reasons that are entirely out of your control. It's practicaly an advertisement to find another provider.
Bruce
Re:Uptime is Key (Score:1)
Not so fast (Score:2)
I've got to disagree with this generalization.
At our company, the MIS reports to me. Back in May, he said he planned to down all but our external servers.
Is he an idiot? Should we fire him?
He had just spent a weekend having the *entire* company's systems do a Y2K rollover, and then did transactions with all critical business apps. He found many problems, mostly small. One issue was that several older systems would not roll over correctly, but, once set to a post Y2K date, they were fine.
Rather than have a hardware/firmware remediation party, he figured we could just manually set the RTCs on boot after the new year. Sounded good to me.
Hard drives won't spin up... (Score:1)
Another uninformed rant about web-site uptime (Score:2)
The reason those throttle controls exist in Apache are for very specific reasons.
If you are looking for a shared hosting environment it is that same error message which allows other websites a chance at being seen for their payment of the exact same fees as Mr. Joe Popular website.
Price it out and do the math sometime... most providers use other means such as network throttles that don't afford you the 500 transfer limit message... also... that message can be tailored to have a more meaningful message.
Apparently, you have never read about people writing robots for site indexing that DO NOT conform to RFCs meant to govern the manners of a robot.
Its a sign that you are getting what you pay for from your provider _perhaps_.
Heck, do a Altavista search and see sites like OpenGL.Org which have that word indexed in the search engine database... it happens.
http://www.mp3.com/fudge/ [mp3.com]
Re:I agree with Bruce. (Score:1)
Re:VW.com is off the air until 4am January 1, 2000 (Score:1)
The only time I've *ever* been jealous of either a car or a custom plate. Schlock? Maybe, but cool anyway...
You can bank on TD (Score:1)
Happy new year everyone, and rest assured that we will be working through the new year, and even into the new millennium (2001).
Re:Power considerations are the main factor (Score:1)
Y2K == CYA: Cover Your A$$ (Score:3)
It would seem that doing anything with this mindset would be, at the least, bad practice, but I know of some exec's that would stop at nothing to cut costs, and cut corners.
That's bologna (Score:3)
Personally, I was in favor of taking our systems down overnight, simply to prevent date subtraction bugs. Someone else pointed out that this was making a change right before a major event, and that this probably wouldn't be wise -- a compelling argument, to which I acceded.
Regardless, claiming that I am somehow incompetent because I wanted to shut down systems over NY is flat stupid. Computers are not magic; they are highly predictable devices. However, the software that runs on a large fraction of them is not well understood by anyone. Trusting it unconditionally is foolish.
Consider that Microsoft was still releasing patches as of December 15.
Strikes me that you have a mighty strong opinion about how to run large networks, when it appears your expertise is not in that area. From what I can tell, you are a programmer, and a very good one. That's wonderful, but does not qualify you to make pronouncements about system administration. You probably don't deal, every day, with the stupid bugs and problems caused by unforeseen interactions in closed-source software. You live in a tightly controlled world of your own code. I don't have that luxury.
I don't presume to tell you how to do your job, and expect the same respect in return. And it strikes me that making public pronouncements on the competence of people working, every day, in an area you don't is not just arrogant, it's foolhardy.
You can trust I won't value your opinion as much in the future.
Yahoo Store Y2K problem (Score:3)
It turns out that Cybercash has been sending upgrade notices to Yahoo Store about this for months, but only in the last few weeks did Yahoo Store tell me about it. They notified me of this about two weeks ago, and First Data sales hasn't gotten back to me yet. (They have a "don't call us, we'll call you" sales policy.) So I'm offline for a few days. I can run transactions through by hand if I have to, so it's not too serious.
We'll be up, dammit! (Score:1)
www.synecdoche.net [synecdoche.net]
GNU-based Cooperative Web Hosting
However, I am bringing a NetWare system down for
a client today. Their AST Bravo 486s won't roll...
Re:Silly PHBs (Score:1)
I consider this part of my job not to be one of prestige, but of avoiding risk. If I take a needless risk with my company's equipment, data, or even my time merely to satisfy my own vanity, I am doing them a disservice.
Vanity I save for new implementations and new projects -- for administration and upkeep, I'm perfectly willing to lose some prestige if that's what the job requires.
(If you didn't see my other comments on this topic, we did leave our systems up, FYI... seemed the least risky option.)
Re:Waste of the Day for me (Score:1)
You have a very good solution sitting there under your nose -- don't disregard it because lots of people like Linux. Netware has been around awhile and is really, really good. Apparently it did have some Y2K issues, but, hey... nobody's perfect.
From The Providers Point Of View (Score:3)
Re:Not so fast (Score:3)
---------
Question: How do I leverage the power of the internet?
Not just web sites (Score:2)
This struck me personally as a tad draconian, but I can't really fault management; there's no reason to keep the facility open, especially since most of us weren't going to be there anyway. :)
They do understand the repercussions: a full shutdown means insane amounts of work just for our IMS department, let alone the actual R&D labs.
I suppose this is somewhat off-topic, since I'm talking about more than just web sites, but I thought I'd mention it and find out if any other companies are doing something similar.
Any other employers doing full shutdowns?
Re:nonsense; let's be rational about this (Score:3)
Yeah sure, lets make sure no one can read it! Thats always the best way to respond to someone elses argument - deny everyone else the ability to read it! Talk about an irrational response. You should have added your response to his thread and sank with it. Its a bit hippocritical, IMHO, to rate down the original post and yet have your response rated up. Let people read the whole thing.
How is this irrational? There basically are two categories of people in this work, with regards to technology (IT managers are no different): Those that understand how the technology actually works, and those that treat any sufficiently advanced technology as magic. Its not an ad hominem, its not untrue and its not irrational. It explains alot about how people think about and treat technology. So why would this be an irrational assertion?
How is midnight tonight any different from any other day, when the power could go out just as easily? The power goes out all the time and yet we don't see people pulling their sites down because it might happen. If you have a good disaster recovery plan (which includes things like "what do we do if the power is down for more than a few minutes", backup tapes and so on) it is true that you will survive y2k without any more disruption than you would have on any other day. If what you are asserting is that you are not prepared for what could happen any day, then you have other more important things to be concerned about and maybe you should shutdown altogether. These things can happen at any time. The power could go out for hours at a stretch (look at the ice storms in Canada for an example of that, the power was out for a week!), you could have an Earthquake that might not out your NOC for months, you might have a poor security model that makes your customers lose confidence in you and so on. These are daily risks and if you can't deal with those same risks at midnight tonight then you have bigger problems that shutting down your website for a few hours will not fix.
You talk about being rational, consider for a moment the propability that enough things will go wrong to outweigh the lost profit and the bad press for shutting down your site because you might have a failure. If your business is so unprepared for the midnight rollover, you do need to get a new MIS manager!.
Your straw man argument aside for the moment (and making funny noises, which is always a clear indication of a poor argument), yes calling a computer criminal a hacker is a clear indicator of cluelessness. Its like calling the internet "Netscape" or similiarly indicating you do not understand what you are talking about. If any MIS manager that works for few me starting calling crackers "hackers" I would look into getting another MIS manager (and yes, I do have MIS managers that work for me, and no none of them are that clueless).If your company hasn't squared away your computers, programs and network or taken steps to prevent system failure (shutting it all down because you aren't prepared is basically the same thing as a failure) by now you need to fire the person(s) responsible for that. Its not like we found out about this yesterday, everyone has had years to prepare! Closing down your website for a few hours also demostrates a clear lack of understanding about the threats involved as well. Any "y2k" attacks will not just occur at midnight EST5EDT, they won't just happen for a few hours, technically they could have been happening all day (it doesn't just become midnight once on planet Earth). The bugs involved don't just manifest themselves during the rollover, the big bad y2k viruses won't just get sent at exactly midnight EST and so on. Again, I think Bruce is very correct about this: some people treat these technologies like its magic.
Regardless, this is the most ignorant thing I think I've heard of and its going to make a laughing stock out of the companies that do it. And if you can't understand a business case analysis for that, you understand the business word less than you think.
--
Python
Taking a site down for y2k (Score:2)
Dec 31 23:46:36 util -- MARK --
Jan 1 00:06:36 util -- MARK --
Needles to say we didn't take our machines down. And its all working nicely thankyou
Linux is fine. (Score:3)
---
Re:Another uninformed rant about web-site uptime (Score:2)
Nobody should tolerate deliberate downtime. If you get too many hits, they should add something to your bill. If their server can't stand the hits, they need more bandwidth.
Thanks
Bruce
You mean let's be irrational and fearful (Score:4)
That's a very fearful statement. If you've looked into the situation at all, you know that not only is your electric utility ready to meet the challenge, they have extra staff on duty tonight.
IS facilities are not in business to provide downtime. If they can't cope with the Y2K roll-over while hot, it's a sign of long-term mismanagement, because the problems should have been fixed years ago.
Again, if your site is down tonight, it's because your pants are down, buddy.
Bruce
You've got a bigger problem (Score:2)
OK, you've got a bigger problem than Y2K. Your IS manager picked the wrong software, because everybody uses it. That software is downtime prone, but your IS person can point a finger at Microsoft, say but we have to use it, everybody does, and provide excuses rather than running systems.
Believe it or not, people don't have to continue to buy unreliable software. OK, you might think I'm uncompromising, but if that's what is happening in your organization, you already had a reason to find a new IS person before Y2K came around.
Thanks
Bruce
Re:If your site is down, you need a new IS manager (Score:2)
Bruce
Re:nonsense; let's be rational about this (Score:3)
Ideally, all Y2K (and other) bugs have been found and fixed, but assuming that they have is the disease of the modern computer professional -- the sort of person for whom the famous quote about programmers vs. builders vs. woodpeckers was invented.
So, you've got a choice. Leave the systems running over Y2K (my personal preference), which risks hitting that particular class of bug. The results could be reasonably catastrophic, depending on all sorts of factors (and I've certainly seen plenty of such results from simple bugs like this), but you get that extra, what, 1 hour of uptime? Or shut the system down and avoid that class of bug entirely.
Downsides, though: that sort of bug isn't necessarily local-time based -- it might be GMT-based; and there's a (my-guess-much-smaller) class of bug that prevents systems booting shortly after Y2K but doesn't affect their running through it. (I've seen non-time-related bugs like this.)
So it boils down to a simple choice. If your systems are specified to be up 7x24, leave 'em up (unless you know they'll fail over Y2K, of course, and can't do anything about it).
Otherwise, it's not a big problem for the systems to be down for an hour or two and skip a whole class of bug potentially biting.
After all, it's already been pointed out that systems go down ("DoS") due to power outages and other things not Y2K-related. Why shouldn't that lead one to the opposite conclusion for which these assertions have been intended, and accept that another hour or so downtime, especially in light of the fact that the systems will be least likely to be used at that time, isn't going to hurt anyone any more, and probably less, than any other outage?
Next point: rare activities, like doing incremental backups, since they invoke rarely-executed and rarely-seen code, are more likely to contain hidden Y2K bugs, perhaps including some not necessarily visible during certain forms of testing.
Given that, it's reasonable to do a "final Y1K" backup, right?
Now, as soon as Y2K rolls around, do another backup, then carefully verify all backups (perhaps moreso than usual).
Only problem -- what about transactions entered into the system, say by "enthusiastic" employees, between the last Y1K backup and the first Y2K backup, if that backup fails and the system gets corrupted?
Since that's more predictable (Y2K, after all) then any other random outage, it's not unreasonable to do the final Y1K backup with the system effectively shut down to further transactions.
That way, there is much less risk of lost transactions due to Y2K failures in rarely-executed code.
It simply is not stupid to shut down systems over Y2K, if that's what a reasonable analysis of the overall situation suggests. My wife's facility is doing this even as we speak (she's not the IT manager, but he works for her, and we just visited the site). Yes, I had an urge to say "that's stupid", and 20 years ago, when I was less experienced and less able to rationally assess risk, I would have.
Fortunately, I know better now.
I am concerned about how much hysteria might result from people reporting downed web sites in the early hours of Y2K, due to widespread use of the shutdown strategy.
But I'd rather people think, for a few hours, that Y2K bugs themselves shut these systems down than for actual Y2K bugs to cause real problems just because some overly macho IT managers decided to leave some non-critical systems on through Y2K.
And, really, would anyone here claiming this shutdown strategy is stupid (hi, Bruce! ;-) prefer that the world's nuclear arsenal be left on over Y2K, instead of being shut down and rebooted, on the theory that someone might want to use it? (Okay, that's a loaded question...sure wouldn't want to announce to the world that the USA's arsenal will be off-line for two hours starting at Y2K.... ;-)
Shutting systems down over Y2K. It's not what Joe Macho Hacker would do, but it's reasonably sane. And leaving it off permanently, if it's running any version of Windows, is especially sane. (I was watching my wife's organization actually shut down one of its few remaining VAX 6000 machines, permanently, while I was there tonight, by the way. It took me back a few years seeing the VMS diagnostics on the screen. Though, back when I actually worked there, their main computer was running TOPS-10....)
Re:My Server at Work is Down why? (Score:2)
I meant the whole site, with hundreds of servers and somewhere over four thousand people. Luckily, I only have the one big box.
--
Re:kepp it up (Score:2)
Re:kepp it up (Score:2)
Chris
Re:What have they go to lose by shutting down? (Score:3)
Customers?
Re:If your site is down, you need a new IS manager (Score:3)
Now, re-examine BP's post. Those "suits" who took their sites down are responsible for the greatest DoS in history... and it's not from a distributed synflood or any group of elite crackers... but a group of PHB's giving in to FUD.
Happy New Year, SlashDot....
---------
Question: How do I leverage the power of the internet?
Re:things you control vs. things you're told (Score:2)
Actually, my utility has said a lot about its readiness. I happened to visit Hoover Dam recently, and they made a point of showing how they could manage the system with switches and relays, and without a computer, when necessary. As things played out, we lost one transformer here when someone shot it out, putting about 6000 people in Oakland in the dark. That is the only failure known for Pacific Gas and Electric at this time.
I think there's an emotional factor in this for me, too. Pride, I guess. I wouldn't feel proud to shut down for Y2K. I left my systems going, unattended, while I went to a party. The FTP log says the server was in use continuously, across midnight, by programs performing unattended downloads of the U.S. Map database. The Zope server log says that access of my web sites kept on throughout the night. Nothing has gone wrong.
Thanks
Bruce
Re:You've got a bigger problem (Score:2)
I do have a systems administration background since 1981. OK, it's all Unix and all for scientific facilities, but we ran 24/7 without UPS systems, using V6 unix and other things that didn't have fsck. Things are easier today.
Thanks
Bruce
Different Timezones - that's it! (Score:2)
You know, timezones are not the same all over the world, so while it may be midnight here in Europe, in New York it is still around 18:00 in the afternoon. Why would americans stop buying at midday 31st?
If we wanted to switch off our servers for midnight, we would have lost a whole day of sales. But we didn't, and we were right.
Who where those panic-makers? Where are they now? Let's lough!
ms
What We Shut Down & What We Didn't (Score:2)
1. They're outsourced at a hosting center which has 24/7 staffing, UPS, health-checks, etc etc etc.
2. Our sites are behind a firewall.
3. We did tests of our own to simulate the roll-over.
4. Full backups of all data, etc prior to rollover.
5. We had access to tech staff if necessary to resolve issues.
6. Close monitoring of data & performance over the first couple of weeks of Jan and the leap year to ensure "sneaky" corruptions get through.
Following assessment of the risks (power issues, communications issues, [cr/h]ackers, viruses, etc) we felt that we had done what was possible and that all should be OK. If there were any major hassles, it was likely that everyone would be in the excrement so we wouldn't be alone
Now, my other company does consulting to various clients. In the Small to Medium Business area, we recommended that they apply the latest patches and check their PC's for compliance. Some had PC's that failed the "tick over" in RTC and/or BIOS but worked fine in DOS, on the leap year and when rebooting post-1999. We recommended that they not throw out those machines (keep the $$$ to pay us more consulting fees, thank you
For those that did not need their systems turned on during this time, we recommended that they shut everything off and unplug it. While the electricity companies had stated that they were ready, they had (naturally) used guarded language. As such, when we reviewed the possibilities of power issues (brown-outs, surges and/or spikes) comm's issues (modems & ISDN connections) and software issues (relying on patches and information off the net, etc), we figured it was better to just avoid the whole thing so we could all be out partying and not sitting there watching a bunch of computers tick over.
So, in the end, it was all based on risk assessment. What level of testing had been done, were the systems required over the transition, what the unknowns were and how much risk the client could afford. It was easier to turn it all off, have fun and start it all up again when we knew what we were dealing with.
Of course, if I were the MIS Manager in some company, I would have been doing reviews, tests, simulations and so on for all systems. The results of all this would have been assessed with business management (MIS does not tell business what to do, we help them make their decisions