Do you believe in magic? Of course not – it’s just against logic! Programmers are serious-minded and well-educated people of a realistic outlook. Well, you didn’t favor fairy tales as a child either, did you? OK, I’m not going to answer for you. Just please make yourself a cup of tea, peel a tangerine, look at the snowflakes falling outside the window, and only then go on to read this Story.
What you are about to read is a story about an Evil Bug and its multiple attempts to spoil Christmas Eve and New Year’s Eve. It did manage to fulfill its sinister plans a number of times, but, fortunately, in every true fairy tale, evil is always opposed by good.
On December 17, 1987, a student at the Clausthal University of Technology, former West Germany, a beginner programmer at the time, had a bright idea of an ingenious Christmas greeting for his friends. He sent them a Christmas tree! Of course, he hadn’t cut it down in a forest, nor had he even bought it in a store. He was a programmer, remember? He just wrote a program in the scripting language REXX for VM/CMS that would draw a nice Christmas tree on the screen and print a few warm words.
Figure 1 – Christmas Tree worm
The hero of our story surely meant well, but Evil Bug interfered, overloading the network and exploiting the self-replicating Christmas program to paralyze private email network IBM Vnet all over the world for two days (the chain was this: university network – EARN – BitNet – IBM Vnet). The hero was suspected to be an anti-hero and his touching greeting, a worm. The programmer’s malicious intent was never proved, but Evil Bug was surely involved in that story.
People traditionally exchange presents on Christmas Eve and New Year’s Eve. Beautifully packed boxes under the Christmas tree or cute souvenirs in Christmas stockings hung by the fireplace – this is what traditional Christmas and New Year presents look like. However, surprises are particularly pleasant.
Amazon was one of the first Internet services with dozens of thousands of goods of all kinds sold and bought daily. A perfect place to pick presents! That’s what site visitors were doing on December 12, 2014. Huge excitement was caused by the fact that thousands of goods were selling for the wonderful price of just 1 penny (source). Infinitely grateful to Amazon for such a gorgeous Christmas present, the buyers were enthusiastically filling their carts. Meanwhile, Evil Bug was watching and smirking, anticipating the reaction of the sellers who knew nothing yet about the huge losses they had suffered.
The bug was hiding in RepricerExpress software responsible for synching prices in online stores. This software facilitates competition by enabling sellers to respond promptly to price fluctuations for like products.
What did Evil Bug do? It sneaked into RepricerExpress when it was only going through development and testing, but never showed up until… one of the sellers, caught in the pre-holiday turmoil, accidentally set a single price – 1 penny – for all of their stock. The software took that value as a minimum price and cut the prices for other sellers’ like products accordingly.
That behavior had to do with the fact that when developing the UI, the software authors had not implemented a feature to allow sellers to specify individual minimum prices. More than that, the prices would automatically update within certain intervals. The bug was fixed in the subsequent versions of the software.
Figure 2 – Fixed UI (with newly added column Your Minimum Price)
The day when the bug revealed itself will be remembered for long by the Amazon sellers. That day, they lost thousands of dollars and many nearly went bankrupt (source). But for the prompt action taken by Amazon, which managed to cancel the majority of orders placed on the affected items, the largest online store’s reputation would have been severely damaged.
The RepricerExpress developers apologized for the bug in a statement posted on their official blog.
Apple VS New Year
Remember the film “How the Grinch Stole Christmas“? It seems that the Evil Bug took it as a source of inspiration when thinking up a plan of attacking Apple devices. In February 2016, Apple users discovered an interesting bug. There was a legend going around on social networks saying that if you changed the date to January 1, 1970, on your iPhone or iPad and restarted it, the system would completely crash leaving you with a brick with an Apple logo on it. The procedure was claimed to be irreversible. The bug was reported to be found on devices that employed 64-bit processors, such as Apple A7, A8, A8X, A9, and A9X: iPhone 5S and newer, iPad Air and iPad Mini 2 and newer, and the 6th generation iPod Touch. The operating system’s version number did not matter.
Did anyone try it? Sure! A wave of Apple-gadget killings swept through the world. Fortunately, some handymen found a way to bring the “bricks” back to life. Apple never revealed the official cause of the bug, but they did confirm it could occur when manually changing the date to May 1970 or earlier on an iOS device.
Users carried out their own investigation and came up with the following explanation: the bug could have been caused by a negative-value variable used to store time in UNIX format. How could the value become negative?
Version 1. Since time was stored in UNIX-format, timing would start with January 1, 1970, that is, this date was a zero value. When changing time zones, the value could decrement below zero.
Version 2. The bug was typical of 64-bit devices, so perhaps the 32-bit time mark was computed first and then, after changing time zones, would be cast to the pointer size, causing the most significant bits to be filled incorrectly and… Welcome to the XXII century!
Sleep long with iPhone
Long, long sleep not interrupted by an alarm clock – isn’t it what most of us dream of? Though not Gasprom, iPhones do make their owners’ dreams come true! All those who were planning to start the first day of 2013 fresh and early and set up an alarm on their devices to January 1, “happily” overslept. Evil Bug obviously meant to turn a huge number of users into “sleeping beauties”, as the iPhone alarm clock wouldn’t work until January 3.
Apple preferred to keep silent again. However, rumors about the possible cause of the bug spread anyway. Apple uses the ISO week date standard, which is widely used by finance companies, as it enables convenient fiscal year planning. What is special about this standard is that a new year is considered as such only starting with the week the first Thursday of the year falls on. The ISO week date calendar contains 52 or 53 weeks (364 or 371 days), so it turned out iPhones were still living in the previous year and stepped into the new one (2013) on January 7, when the first week of the year began.
There was also an alternative explanation, where Steve Jobs himself took on the role of Evil Bug. The Apple founder was allegedly fond of sleeping in, hence that “feature”. It’s just a joke of course, but the consequences of that seemingly harmless bug were far from funny: the people were late for work, failed to get to important meetings in time, and lost money (source).
The price of a software bug is the factor that developers should never ignore. Here is another Christmas bug story to support this statement.
On December 12, 2014, the UK’s air traffic control center of National Air Traffic Services (NATS) was faced with a software glitch, which brought the work of some of the airports, including such heavily loaded giants as Heathrow, Gatwick, Stansted, Birmingham, Cardiff, and Glasgow, to a halt. The problem was aggravated by the time that Evil Bug chose for the attack. It was a Friday afternoon, Christmas Eve.
The fault persisted for a little longer than half an hour – 36 minutes – but the price of the error behind it was steep, as illustrated by the following figures, which Evil Bug can be proud of:
- 92 flights cancelled
- 170 flights suspended
- 10 planes re-routed to alternate airports
- 125,000 passengers experiencing inconvenience
- 623 million pounds of losses suffered
A situation like that could not pass unnoticed. An investigation was carried out. In their final report, the Civil Aviation Authority (CAA) and NATS described a bug found in the software of the System Flight Server (SFS). The SFS is responsible for real-time delivery of data to the Controllers of workstations within the NATS management system. There are two identical SFSs: primary and secondary. Both compute the same data. When the primary SFS shuts down, the secondary one comes into operation. The system did provide for hardware faults but for some reason lacked any protection against software exceptions.
The maximum permitted number of operational workstations (i.e. terminals from which traffic control and monitoring are carried out) running at a time was 193 – well, in theory at least. In reality, the SFS’s code checked for another value, 151. That’s why when 153 workstations attempted to connect simultaneously, the system reset with a subsequent crash. It was found later that the “latent software fault” had been present since as early as 1990. It’s a wonder that it hadn’t shown earlier.
The Year 2000 and Year 2038 problems
The New Year of 2000 was one of the most anticipated ones. As some experts of all sorts believed, the turn of the millennium was definitely going to be accompanied by the Apocalypse or, which is no less terrifying, rise of the machines.
What arguments did they give for their fear of Terminators? Logic! The first computers were slow, so programmers, unwilling to waste precious performance on trifles, decided to use two digits to represent the year in dates. For example, March 23, 1991, was represented as 23.03.91. This notation is nice and normal to the eye. However, from computers’ viewpoint, it’s not that simple. The years 2000 and 1900 were encoded by the same pair of digits, 00, so when the New Year of 2000 began, their internal clock would be set back to the year 1900.
People could not help visualizing the dreadful effects of such a terrible fault: software crashes, spontaneous missile launches, the financial market collapse. The most horrible things were expected to happen in Russia as a country worst prepared for the new millennium.
Well, 2017 is approaching, which means the Apocalypse never happened.
That said, certain bugs did show when the new millennium came:
- British Telecom’s computer networks were paralyzed and engineers had to analyze about a million of code lines to bring them back to life. It cost British Telecom quite a big sum of about 0.5 billion dollars.
- In Spain, emergency conditions were observed at 9 nuclear plants – fortunately, without any serious consequences.
- In Mongolia, the “Year 2000 problem” affected railway operation and ticket offices.
Some of the bugs were quite amusing:
- Terms of imprisonment in one Spanish prison were stretched/cut by 100 years
- In some Greek stores, buyers would get sales slips dated 1900
- In a South Korean hospital, the patient monitoring software declared a one-year-old baby an old man of 99
- The citizens of a small US town got electricity bills overdue by 100 years
The “Year 2000 problem” is a striking example of the profound effect that mass media have on humankind. The next wave of mass panic for a similar reason is expected in 2038. On January 19, 2038, at 03:14:07, Greenwich, computers and other devices using 32-bit operating systems will no longer be able to measure time properly. In many devices, system time is measured in seconds starting with January 1, 1970. The seconds are stored in a 32-bit value of type signed int (32-bit signed integer). Soon after the beginning of 2038, the counter will update with the 2,147,483,648th second, which the system will not be able to store, and switch to a negative value.
How to avoid a system error that will follow? Replace all 32-bit processors with 64-bit ones.
How to help Good?
Traditionally, Good always defeats Evil, but the struggle doesn’t stop for a moment. Is there any chance to exterminate all Evil Bugs for good? That’s unlikely, but we definitely have every chance to deal massive damage to their troops. To do that, programmers fighting on Good’s side, i.e. for quality code, should wisely pick tools to help them in the fight. Arm yourself with PVS-Studio static analyzer! And be sure to check this short horror film about Unicorn PVS-Studio saving Penguin Linux from Evil Bug.
Feel inspired? Then let’s help Good together! The PVS-Studio team has already made a big step forward by offering you the free version of our analyzer.
Dear programmers, good luck with your projects, and may Good always win in your evil-bug stories! Merry Christmas and a Happy New Year!