More like this

Security

No, the Linux leap second bug WON'T crash the web

Fear the fear, not the second

There’s a reason space missions don’t launch on the day a leap second is added to international clocks.

Scientists don’t want to run the risk that the computer systems running things might hiccup on the new time and then malfunction, sending their multi-million dollar lifetime’s investment into a fatal nose dive.

The rest of us aren’t so lucky and daily life must be lived.

Time lords in Paris will add a leap second to UTC on 30 June this year. The last time they added a leap second to the world's clocks was on 30 June, 2012, extending UTC by an additional second.

One by-product of that was that they temporarily took down air travellers in Australia. The Altea reservation and departure system run by Amadeus, one of the largest computer travel reservation systems on the planet, couldn’t cope and crashed. For 48 minutes, passengers and staff at Qantas and Virgin Australia were thrown back into the 1990s world of manual check-in and delayed flights.

The reason? Altea ran a version of the Linux kernel that harboured a long-dormant Linux bug that meant the freeware didn’t recognise leap seconds.

The second the clocks ticked past midnight GMT, the bug awoke and took down Altea. 135 airlines had implemented the Altea reservation system by 2012 but the Australians were the first to go down once the clocks hit midnight.

Servers run by Mozilla, StumbleUpon, Yelp, FourSquare, Reddit and LinkedIn were also reported to have been hit by the same bug, meaning a lot of people couldn't post their “critical” status updates or restaurant reviews.

The problem was they all ran Linux, and back then the addition or removal of a leap second sent the system into meltdown – the system would deadlock.

The bug was found to affect kernels version numbers 2.2.26 to 3.3, inclusive.

Not that it was all Linux’s fault: Mozilla’s Hadoop and ElasticSearch Servers using Java were also taken down. A Java fix was quickly developed.

Since that inglorious day the kernel has been patched. Distro makers like Red Hat also released their patches to make sure the problem didn’t crop up again.

As for Amadeus, the giant it reckoned it had sidestepped the bug with a workaround that it had implemented within an hour of things going south.

An Amadeus spokesperson told The Reg it's monitoring very closely industry discussions on the new leap second and following best practice standards. "Planning is already in progress and we are preparing to ensure a smooth transition," the spokesperson said.

All of which means there won’t be a problem this time, right?

Not according to some.

“The year 2015 will have an extra second — which could wreak havoc on the infrastructure powering the Internet,” according to one national newspaper. The operative word here is “could.” Its translation is: “probably won’t.”

Others reckon the leap second is dangerous and will rattle the internet.

If this all smacks of a manufactured, Daily Mail style panic of the sky-is-falling proportions to send you running for central Montana with a high-power telescopic rifle and a large tin of baked beans, then you’re right – it is. Analogies have been drawn with Y2K, which doesn't exactly help the scaremongers' case.

Prior to 2012, the last time a leap second was deployed was in 2005 – twice. Then before that, 1998. These were times when Linux hadn't hit the kind of wide-scale and mission-critical deployment it enjoyed by 2012 with operations like Amadeus. No reason the Penguins were caught sans pants.

Now they've gone belt and braces.

For those of us not lucky enough to work in a space programme, daily life will likely carry on as per normal on around midnight 30 June to 1 July 2015. Just no rocket launches. Business as usual. ®

Sponsored: Customer Identity and Access Management