“programmers should fix their past mistakes for free.” QED: case closed.
Not a lot of common ground there,
and not a lot of data supporting either
proposition, although Y2K experience,
as well as the principles of a capitalist
economy, dictate that getting programmers to handle leap seconds correctly
will be expensive.
a Possible Compromise?
Warner Losh, a fellow time-and-com-puter nerd, and I both have extensive
hands-on experience with leap-second
handling in critical systems, and we
have tried to suggest a compromise on
leap seconds that would vastly reduce
the costs and risks involved: schedule
the darn things 20 years in advance instead of only six months in advance.
If we know when leap seconds are to
occur 20 years in advance, we can code
them into tables in our operating systems, and suddenly 99.9% of our computers will do the right thing when leap
seconds happen, because they know
when they will happen. The remaining
0.1% of the systems, involving ready,
cold spares on shelves, autonomous
computers on the South Pole, and
similar systems, get 20 years to update
stored tables rather than six months to
do so.
The astronomical flip side of this
proposal is that the difference between
earth rotation and UTC time would likely exceed the current one-second tolerance limit, at least until geophysicists
get a better understanding of the currently not understood fluctuations in
earth rotation.
The IT flip side is that we would still
have a variable radix time scale: most
minutes would be 60 seconds, but a few
would be 61 seconds, and code that really cares about time intervals would
have to do the right thing instead of just
adding 86,400 seconds per day.
So far, nobody has tried, or if they
tried, they failed to inject this idea into
the official standards process in ITU-R.
It is not clear to me that it would even be
possible to inject this idea unless a national government, seconded by another, officially raises it at the ITU plenary
assembly.
What happens next?
Proposal TF-460-7 to abolish leap sec-
onds will come up for plenary vote at the
ITU-R in January 2012, and if it, modulo
amendments, collects a supermajority
of 70% of the votes, leap seconds would
cease beginning in approximately 2018.
the Philosophical Issues
One of my Jewish friends explained to
me that all the rules Jews must follow
are not meant to make sense; they are
meant to make life so difficult that you
never take it for granted. In the same
spirit, Van Halen used brown M&Ms to
test for lack of attention, and I use leap
seconds: if a system has not documented and tested what happens on leap
seconds, I don’t trust it to get anything
else right, either.
But Linus Torvalds’ observation
that “95% of all programmers think
they are in the top 5%, and the rest are
certain they are above average” should
not be taken lightly: very few programmers have any idea what the difference
is between “wall-clock time” and “
interval time,” and leap seconds are way
past rocket science for them. (For example, Posix defines only a pthread _
cond _ timedwait(), which takes
wall-clock time but not an interval-time
version of the call.)
When a large fraction of the world
economy is run by the creations of lousy
programmers, and when embedded
systems are increasingly capable of killing people, do we raise the bar and demand that programmers pay attention
to pointless details such as leap seconds, or do we remove leap seconds?
As an old-timer in the IT business,
I’m firmly for the first option: we should
always strive to do things better, and do
them right, and pointless details makes
for good checkboxes. As a frequent user
of technological marvels built by the
lowest bidder, however, the second op-
tion is not unattractive—particularly
when the pilots tell us they “have to turn
the entire plane off and on again before
we can start all the motors.”
As a time-nut, a small and crazy fra-
ternity that thinks running an atomic
clock in your basement is a require-
ment for a good life (let me know if
you need a copy of my 400GB record-
ing of the European VLF spectrum
during a leap second…), I would miss
leap seconds. They are quaint and
interesting, and their present rate of
one every couple of years makes for
a wonderful chance to inspire young
nerds with tales of wonders in physics
and geophysics.
Related articles
on queue.acm.org
Principles of Robust Timing
over the Internet
Julien Ridoux, Darryl Veitch
http://queue.acm.org/detail.cfm?id=1773943
You Don’t Know Jack about
network Performance
Kevin Fall, Steve McCanne
http://queue.acm.org/detail.cfm?id=1066069
Fighting Physics: A Tough Battle
Jonathan M. Smith
http://queue.acm.org/detail.cfm?id=1530063
References
1. International earth rotation and reference Systems
Service. Information on u TC-TaI; http://data.iers.org/
products/16/14433/orig/bulletinc-041.txt.
2. International earth rotation and reference Systems
Service. relationship between TaI and u TC; http://
hpiers.obspm.fr/eop-pc/earthor/utc/TaI-uTC_tab.
html.
3. Microsoft. How the Windows Time service treats a
leap second (2006). (november 1); http://support.
microsoft.com/kb/909614.
4. Sobel, D. Longitude. Walker and Company, 2005.
5. Williams, M. Power glitch hits Toshiba’s flash memory
production line. Computer World (Dec. 2010); http://
www.computer world.com/s/article/9200738/Power_
glitch_hits_Toshiba_s_flash_memory_production_line.
Poul-henning Kamp ( phk@FreeBSD.org) has
programmed computers for 26 years and is the inspiration
behind bikeshed.org. His software has been widely
adopted as “under the hood” building blocks in both open
source and commercial products. His most recent project
is the Varnish HTTP accelerator, which is used to speed up
large Web sites such as Facebook.
