Security

Software glitch brings Y2K deja vu

Applications running on thousands of computers worldwide will become inoperable in a few weeks because of an obscure date-related glitch. Sound familiar?

Software running on thousands of computers worldwide will become inoperable in a few weeks because of an obscure date-related glitch, and developers are rushing to create and apply patches.

Sound familiar?

Software maker PTC, a specialist in product lifecycle management applications for engineers and product designers, has rekindled memories of the Year 2000 bug, or Y2K, as it scrambles to patch a glitch that will render most of its products inoperable after Jan. 10.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.


The flaw was discovered late last week, and PTC engineers have been working around the clock since then to create and test patches, PTC spokesman Joe Gavaghan said. Two patches that address some of the company's most widespread products were released early Friday, and fixes for other applications are on the way.

The flaw involves the way the programs handle date entries, Gavaghan said. To be able to recognize dates, PTC programmers had to set a date for infinity. They mistakenly chose about 1 billion seconds--2 to the 30th power, to be precise--since Jan. 1, 1970, which is when the Unix operating system was developed and is Year Zero for many Unix applications.

Unix itself uses a similar method to resolve dates, but developers chose the maximum infinity value of 2 to the 31st power--about 2 billion seconds. That means that PTC software will "time out" Jan. 10, while most Unix programs will continue to operate until 2038.

Left uncorrected, the error in the PTC software would be inconvenient but not destructive, Gavaghan said. "It's not something where they would lose data," he said. "The software just stops working."

PTC was alerted to the flaw last week by a customer who was unable to use the software to process work with future dates, Gavaghan said. Upon investigating, PTC engineers discovered that the flaw was widespread, affecting most of the company's 35,000 customers worldwide who use PTC products such as Pro/Engineer, Pro/Intralink and Windchill.

"It goes back to release 20 (from 1997) of our Pro/Engineer product," Gavaghan said. "It then just continued with our successive products as well as some of the software used to install our products."

While customers credited PTC for promptly and candidly alerting them of the problem, several were not too happy with timing, which threatens to interrupt extended holiday breaks with trips to the office to test and install patches.

"Like many people, I wanted to have the next two weeks off for the holidays," said Brian Kirsch, a network administrator at a small Wisconsin company that uses PTC products. "That leaves five days to ensure that our systems will be working after the 10th. While we don't have many seats of the software, I cannot understand how a serious bug like this can be carried through five major product releases."

Gavaghan said PTC regretted any inconvenience to customers but was working as quickly as possible to create patches and ensure that they are easy and quick to install.

"It's such a simple flaw; we don't believe it requires extensive testing to deploy the patches," he said. "It should take only a couple of minutes for most customers."

Gavaghan said the patches will reset the infinity value to 4 billion seconds, buying current PTC products another few decades of life. Subsequent releases will eliminate date dependency, he said.