Charlotte's Web: An Overview of Infrastructure Vulnerability

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Hyperlink: http://www.kiyoinc.com/WRP100.HTM

Substitute "terrorism" for "Y2K" and this qualitative mathematical model of modern civilization, with its fragility and vulnerability to collapse, becomes highly relevant.

SET RECOVERY ON

PART 1: CHARLOTTE'S WEB

In the mainframe editor that many programmers use to edit their source code, the command "SET RECOVERY ON" causes the editor to save partial updates so that, in the highly unlikely event of a mainframe crash, the work the programmer has done will not be lost. Pollyannas don't use this command much because they know that mainframes are so reliable they never fail. Of course, pollyannas occasionally lose hours of work that has to be done all over again. Pollyannas also say that Y2K isn't a big problem and our economy is so robust and our programmers are just so brilliant that we can easily fix any problems that are left. They are dead wrong, as you will be if you believe them.

Our modern, technological, civilization has all of the strengths and all of the weaknesses of Charlotte's web. It is strong enough to support the weight of the spider and to hold it's prey. It is strong enough that one or two broken strands can be easily repaired and the web can last for years. But break enough strands and the entire web instantly collapses, beyond any possible repair.

The strands of the web are the myriad interconnections between each of the "nodes" of our civilization. We, ourselves, are the nodes, as are business and non-profit organizations and government agencies (webs within webs, if you will). Some of the nodes are computer systems with Y2K problems which will not be fixed before they fail, taking all of their connected strands with them. In fact, some of the nodes have already failed (e.g. the credit card and POS terminals which failed in 1997 and still have not been completely fixed almost two years later). Others will fail in surprising ways next January and still others will fail, randomly, throughout 1999. More and more strands will fail the closer we get to New Year's Evil. It is a dangerous blunder of epic proportions to believe that we have any of 1999 for more remediation and testing.

So far, we have been able to fix the broken strands, because they are few and we, the programmers, are many. But at some point, the number of failures will exceed the number of programmers, and the strands will be permanently broken. Inexorably, the failures will continue and they will propagate to the rest of the web, like a run in a nylon stocking. I have a nasty feeling this will happen quite some time before the great phalanx of failures on New Year's Evil itself. Even, perhaps, as early as January 1999.

To understand why the entire web will fail, we must consider a number of factors. First, look at the consequences of a major system failure. I remember an incident when a small group of programmers attempted to extort millions from a large european business, Unilever, by stealing the current copies of their master files and destroying all the backups. (One of the group was my successor as Systems Programmer at another company). They were lucky and got their files back, thanks to police intervention. Others have not been so lucky. Statistically, when a medium/large organization has a major loss of IT capability, 50% declare bankruptcy within a month and fully 90% declare bankruptcy within a year. Essentially, a major IT failure means the end of the business, even under the ideal conditions of a fully functional economy, with readily available capital to borrow for recovery.

Many Y2K failures will be limited in scope to just the few strands with which they are connected but some will, indeed, cause the total failure and collapse of the business itself. This in turn will cause more, and more significant, failures elsewhere in the web. One of the big three auto manufacturers has more than 60,000 supppliers, of whom more than 12,000 are considered "critical". If just 5% or 600 of these critical suppliers go out of business, so does the auto manufacturer and most of the other 56,400 suppliers. And if you think you can resurrect 600 data systems, or replace them with manual systems in time to stop the larger failure then, quite frankly, you are nuts! The failure of a handful of small suppliers will, inevitably, bring down all of the major auto manufacturers, destroying all of their nodes and all of their strands in the web. And this is only one industry, critical though it is. The web might be able to survive one or two such failures, but not any more.

At this point, we are no longer talking just about software failures, we are talking about larger, macro-economic failures throughout the web. Supplier dependencies exist between industries, as well as within them. For example, all industries depend to a certain extent on ball bearings, most of which are produced in Brazil -- a country far behind the power curve on Y2K and already on the verge of economic collapse as a result of other factors. Another "supplier" upon which all of the other nodes are dependent is the banking and finance industry, which brings me neatly to the next point I want to make.

Y2K is only one of the disasters facing the real-life world wide web and, perhaps, one of the least significant. Many parts of the world are already in deep economic trouble. Japan has been in a depression for two years and is now entering an ominous deflationary spiral. Other parts of Asia are in even more trouble (particularly Malaysia, North and South Korea and China, but all the rest, as well). The Russian economy has effectively ceased to exist, and millions are about to die as their problems are passed on to their German neighbors and financial backers. Brazil and South America are next and their neighbor and backer is US (United States). On top of all this we have a grossly overvalued stock market and, of course, that little problem of "derivatives" and the exposure of all of the major banks to hedge funds like LTCM.

And none of the bailouts are working. Billions from the IMF, and the Russian Ruble continues to crumble. Billions lent to LTCM, and they are still in trouble. Drop Japanese interest rates to 1/2% and there's still no "interest" in buying from the consumer. Do you know why we in the US had our last 1/2% drop so soon after the first? Well-informed rumor has it that the request to Greenspan came from the Federal Reserve Bank in San Francisco, home of one of the nation's best known banks. Apparently, if the discount rate wasn't lowered, they couldn't stay in business . . . But don't single them out just because of their name. In Japan, nine of the ten largest banks are, basically, insolvent. They don't have the reserves to do business in Japan, let alone on an international basis (although in Japan it is "tolerated"). Believe it or not, many of our own US banks are equally deep in the doo-doo. And if you really want, I could talk about their Y2K projects . . .

Now, the bulls (pollyannas) will tell you it just isn't so. They will tell you that lowering already low interest rates is a "good thing" and will stimulate dropping economic activity (which isn't happening). The bears (doombrood) say that they won't invest when the return is so low, and they'll put their money somewhere safe to weather the storm (which really is happening). The bulls shout that this company promises they will be Y2K compliant and therefore everything is going to be OK in all of the other companies and, sigh, WE'RE GOING TO MAKE IT! The bears ask "where is the independant proof"? and point to the flat out lies from supposedly honest organizations such as the Federal Aviation Administration, the Department of Defense, the IRS and the major banks.

For the moment the bulls are winning, psychologically. And that is the most important to them because they have no true foundation in reality. It is so easy to convince the idle masses that everything is hunky-dory as long as they can't see what is really happening to them (and most of them won't until it is far, far too late). This is why the stock market is so ridiculously over valued and why it has gained so much since the drops of September, based upon nothing but the superficial optimism of the bulls and their utter disregard of reality. But, at some point very soon, the "bull-shit" stops and the "bear-facts" will be known.

At this point the stock market bubble will burst. I have predicted that this would happen in the October/November time frame, and I stand by my words. Shortly after the November elections, I expect some outside trigger event, probably the devaluation of the Brazilian Real, and the collapse of their economy. This will be so close to home, and it's effect on US banks so great, that the bear-fact will be readily apparent even to the bulls -- the global economy really is in deep trouble and none of the economic gimmicks are going to work.

However, the market will not just crash as it did in 1929. Trading stop measures put into place since then will prevent a massive drop all in one day. Rather, there will be a series of major drops over a period of several days or even weeks. I expect a two to three thousand point drop in the DJIA by the end of November, with continued declines throughout December and early January. It will not be a happy holiday season for many. Doors will close and jobs will be lost, and the general sense of depression will weigh heavily on many.

Then, in January '99, we will see a sharp rise in the number of software failures attributable directly to Y2K. Many will fail because they hit data event horizons one year into the future, in 2000 itself. Others because they hit the year-99 special handling boundary (which includes, but is not limited to, treating "99" as "end-of-file"). Most of these early failures will be among the tardier members of the pack, including federal, state and local government agencies. Especially hard hit will be those who didn't think they had a problem or who decided to "fix on failure". But some will be among banks who think they have "remediated" their software and still have "all of 1999 to test". One thing I can guarantee is that all of these failures will be unxpected, just like the POS credit card failures, and they will take a great deal of highly skilled effort to track down and fix.

We may have enough good programmers to fix most of these early problems but some will undoubtedly cause business failures or interrupt critical public services. This will be the trigger of the second barrel and the noise will wake the sleeping giant. Finally, John Q. Public will sniff, smell the coffee, and suddenly realize that there really is a Y2K problem. This is when the bank runs will start and prices for survival items will go up.

We will also see something that has never happened before -- runs on the mutual funds which have fueled the growing market bubble. Unlike banks, there are no government guarantees for these investments and there are no procedures in place to limit withdrawals. Therefore, liquidity must come from the fire-sale of stocks held by the funds. Effectively, the small investors will be wiped out overnight, just as they were in 1929. The market will experience a secondary crash, the largest ever seen.

This is the climate in which we will have to find and fix the rest of the Y2K problems. A global depression reducing the cash flow of those businesses trying to remediate, limiting the amount which can be spent on Y2K. Tax base reductions limiting the resources which government can spend on their own problems, let alone those of others. A programmer pool, already too small, further reduced by those who have to work on the early failures (and the continuing failures throughout 1999). A banking and finance structure already so badly weakened that it can do little or nothing to help. A general public on the verge of panic and in fear of their lives as well as their jobs. Then, in January 2000, it all gets worse . . .

It is the end of Charlotte's web and the beginning of a downward spiral in population, technology and business (I will expand on this in the next article). There is nothing we can do to avert this problem. We might have been able to fix the computer problem if we had ignored the pollyannas and started on a massive, co-ordinated effort five years ago. We might have fixed the economic problem if we had ignored the bulls and taken the necessary economic steps five years ago. But we did neither, and now they are both combining, feeding on each other, to give us the biggest, deepest, disaster in human history (with the possible exception of Noah's flood).

It is too late to fix Charlotte's web. It is too late even to place backup strands in the most important places. It is time to SET RECOVERY ON. We must now make plans and preparations to ensure our own personal survival and to pass on as much of our technology as we can to our children. Perhaps, then, some future generation can rebuild what we are about to lose. Perhaps, even, they will learn from our mistakes.

But we can only SET RECOVERY ON if we plan for the very worst we can imagine (short of the extinction of the human race). To this end, the next article in this series will discuss just how bad I think it is going to get, how deep we are going to fall. The rest will deal with practical plans for survival, methods of passing on our technology, and suggestions for making social life easier after reaching the bottom.

Copyright (C) 1998, y2000@infomagic.com, Fair Use for Educational and Research Purposes Only

-- Robert Riggs (rxr.999@worldnet.att.net), October 06, 2001


Moderation questions? read the FAQ