For those of you planning on enjoying the sunset on June 30, 2015—an extra second of bliss awaits, compliments of the Earth’s inconsistent wobble. However, if Y2K sent you running for the hills, start packing again.
Analysts predict technological fallout ranging from undeliverable tweets to outright digital armageddon, but for faithful IT folks with more grounded concerns like SLAs and business continuity, keeping critical systems up and running trump all other concerns. Fortunately, resolving potential issues related to the Leap Second Bug is a fairly straightforward matter—as long as you know what to look for and where to find it.
The Leap Second Bug caused quite a commotion when it caused service disruptions for prominent sites like Yelp, FourSquare, Reddit and LinkedIn back in 2012. In a nutshell, the earth’s occasional rotational irregularities cause astronomical and atomic clocks to fall out of sync from time to time, which in turn prompts the IERS (International Earth Rotation & Reference Systems Service) to add/subtract a second from the Coordinated Universal Time (UTC).
The bulletin from the IERS displaying the extra second being added. Source: IERS.
In fact, this has happened 26 times since 1972. So if the IERS has been making periodic adjustments on an ongoing basis, why didn’t problems surface prior to 2012—and more importantly, why is it a major concern this time around?
The answer has to do with the rise of Linux in the enterprise and its eventual predominance in the data center. By 2012, many of the world’s largest companies were relying on various *nix platforms to power their businesses—with many technology upstarts following suit. And since the Leap Second Bug is related to issues in the *nix kernel—specifically, the Network Time Protocol’s (NTP) inability to handle unforeseen extra seconds— widespread problems and outages plagued systems synchronized to an NTP server. Many organizations affected by the bug had to disable NTP in order to get back up and running.
Cloudera’s systems during and after the 2012 Leap Second. Source: Cloudera.
As it stands, leap seconds cause no problems for the latest versions of *nix flavors, but unpatched versions are still susceptible to the bug. The following is a partial list of technologies affected by the Leap Second Bug:
The more important and difficult question is not why, but how—that is, how can companies not just survive, but thrive in a landscape of digital threats?
In preparation of Leap Second, organizations should ensure that appropriate patches have been applied to their *nix servers—as well as any of the above technologies. The bug was found to affect kernel version numbers 2.2.26 to 3.3, with versions 3.4 and higher not susceptible to the bug. Also, keep in mind that the Leap Second Bug is not relegated to the above—switches, routers, firewalls, and load-balancers are also equally at risk. UpGuard can scan all of these and more, ensuring that critical patches and updates have been applied and are consistent across environments.
How CSTAR Works What's In the Website Risk Grader? Understanding Risk in the 21st Century
So how do events like 000webhost's massive data breach involving free web hosting providing 000webhost transpire? In a word, negligence. Gross negligence, to be precise.
Read Blog >
Access to free vulnerability assessment should be a basic right in a world where computing is integral to social and economic life. For our part, we're offering our full product, including vulnerability assessment, free forever for a user's first ten machines.
Read Blog >
Even today, the risk of data breaches in particular threaten to hamper business innovation. So what is cyber risk, and what can be done about it?
Read Blog >