Categories
Uncategorized

Your questions on the upcoming leap second

Just back in the office from a trip, I found several questions in my email box in regard to the upcoming leap second. I thought that I’d take a moment or three to answer several of the questions there, some not covered in past posts.

The first question on everyone’s mind could be summarized best as…

“Is there anything special I need to do to my computer or tablet?” (related questions included: Is there a hotfix for this leap second? When will I see the update applied? Will most average computer users notice the leap second? Is there anything they should do to prepare?)

Generally, as a Windows computer user, there’s nothing in particular to do – no special updates or hotfixes to apply. As I covered in this earlier post (and also summarized here), current supported versions of the Windows OS are plumbed to deal with such additional leap second. It’s recommended that you set your PC to sync with an Internet time server via the Control Panel in Windows 7 (as noted here), or in the PC Settings for “Time and Language” on Windows 8.1 (as shown here). With that done, you should be good to go. (If you’re device is part of a domain – such as PC provided by your company for business – then your clock sync is likely managed by your IT administrator.)

As called out on the Windows site with instructions on How to Set the Clock, you can sync your device clock with an Internet time server of your choice to help ensure your device’s clock is accurate. Typically time is updated once a week when your device is connected to the Internet, or the clock sync may be managed by your administrator (with domain joined devices). As a user, you probably won’t notice the extra second nor see any impact to your Windows devices.

Next was on the impact of the leap second on devices…

“Will this leap second cause any problems on my system?”

Generally, no, as my associate Matt Johnson noted. Usually leap seconds don’t cause a problem unless you are timing things less than a second in duration, or if you are re-sorting events that occur in high frequency. As Matt called out, most software applications and services have to cope with minute time adjustments to the system clock for a variety of other reasons anyway, and leap seconds are no different. I say “generally” as folks who need highly accurate time sources should refer to the detailed post on high accuracy W32time requirements on how to configure the Windows Time service for high accuracy environments and Kerberos standards. (NIST’s Physical Measurement Laboratory provides a list of several high accuracy manufacturers of time and frequency hardware receivers and software providers.)

Next was on the hype around this new leap second contributing to a Y2K event…

“I heard that the last time we had a leap second, the Internet melted down.” (Related: [Some have] compared this to the Y2K problem. Is that an accurate comparison? Will there be a massive disruption of computers and services? )

First, that’s not really a question but a statement I have heard a number of times, and not a true statement at that, as I noted in this appropriately titled post. Some reports (like this one in USA Today) were quick to associate the addition of a leap second in 2012 to the bug that “took down much of the Internet.” Generally, consumers have nothing to worry about when it comes to this non Y2K event: the timing of the 2012 leap second happened to unfortunately coincide with a power outage that impacted their service provider (as noted by the BBC). Yes, there were some reported impacts as noted by Robert McMillan at Wired in his post “The Leap Second Is About to Rattle the Internet. But There’s a Plot to Kill It”. But when the last leap second adjustment was made (back on June 30, 2012), I don’t believe we at Microsoft had any reports of leap second related issues for any of our products including Windows and Azure (or any customer applications running on Azure).

Then there’s a question about services…

“What about online services?”

Similar to connected devices that rely on NTP, various cloud systems also obtain NTP sync in similar ways, keeping in mind that cloud services aren’t just fluffy concentrations of water vapour but (in our case) more than 100 global datacenters supported by a multi-terabit global network. How leap seconds are applied to and appears on a local machine clock may be different from an online service but share many of the same traits as documented and understood in Windows, upon which Microsoft Azure has its origins. In speaking with the Azure team, I learned the service has been designed to be resilient to clock discrepancies across our numerous infrastructure components and regions. Azure has proven application compatibility for handling leap seconds given it uses the Windows time-synchronization protocol, which is used by all Windows systems.

And then this question about when to adjust your watch…

“Should I set my watch at midnight?” (related: Is this similar to New Year’s or the adjustment for daylight saving time?)

Unless your watch is accurate to the second, or you happen to live in an area like Casablanca, Morocco, no. Contrary to some media reports, the change does not happen at midnight local time in each time zone, unless that time zone currently has a zero offset from Coordinated Universal Time or UTC (en Francais, temps universel coordonné) meaning the country uses the UTC+0 offset (like Morocco). For me and my compatriots in Redmond (which is UTC -7:00), the leap second will be added on June 30, 2015 at what essentially will be 4:59:60PM local time. And it doesn’t hit everywhere on June 30: some time zones will see the leap second added on July 1: folks in London will see a leap second added on July 1, 2015 at 12:59:60AM, and Paris (to which my watch is still set) at just before 2:00AM local time.

Further, unless you’re managing a satellite or a space mission, leave the update to your system: there’s no need to ping the time server manually. If everyone in the world called the Internet time servers at the same time, there could be a strain on the server. 

[063015: I saw another example of the above error on NBC’s “Today Show“, whereas their competitor over on ABC got it right.]

I also received questions on the various approaches of how system providers plan to accommodate the a leap second. Aside from how Microsoft syncs the system clock to the accurate time, I’ll leave the explanations of the benefits and potential drawbacks of the approach to those companies.

 

Also available at https://aka.ms/leapsecqna

Categories
Uncategorized

The story around Leap Seconds and Windows: It’s likely not Y2K

Today I woke to a number of hair-on-fire press articles decrying the coming and dreaded Leap Second… with the mainstream USA Today calling out…

“But last time it happened, in 2012, it took down much of the Internet. Reddit, Foursquare, Yelp and LinkedIn all reported problems, and so did the Linux operating system and programs using Java.”

Not quite correct: IIRC, although some may’ve succumbed to bugs noted in Wired, several popular Internet services (including some of those mentioned) went off line due to a serendipitous and unfortunately timed power outage that impacted their service provider as chronicled by the BBC.

So, why isn’t Windows mentioned?

Glad you asked.

As I noted a couple of years ago, you’ll find more documenting the impact of a leap second in heartwarming Knowledge Base article “How the Windows Time service treats a leap second” and (excerpted) for everyman by the well-read and  Michael Kaplan. Essentially, after the leap second occurs, the NTP client that is running Windows Time service is one second faster than the actual time. This time difference is resolved at the next time synchronization.

“In short, W32Time does not account for a leap second being dependent on the NTP server. Most applications and services may be unaffected, but sysadmins and IT professionals should know that the leap second is not addressed until the next time sync following the official addition/ subtraction of the leap second.

KB 816042, How to configure an authoritative time server in Windows Server 2003, and KB 884776, How to configure the Windows Time service against a large time offset.

As The Telegraph noted, “Many computing systems use the Network Time Protocol, or NTP, to keep themselves in sync with the world’s atomic clocks.” As called out on the Windows site with instructions on How to Set the Clock, you can sync your device clock with an Internet time server of your choice to help ensure your device’s clock is accurate. Typically time is updated once a week (when connected to the Internet – who isn’t?), or the clock sync may be managed by your administrator (with domain joined devices). As a user, you probably won’t notice the extra second nor see any impact to your Windows devices.

In addition to the historical blog record in the Windows Time Service blog, more articles/ information in which you may be interested:

Generally, consumers have nothing to worry about when it comes to this non Y2K event. IIRC, the concept of a leap second is actually in question, and an ITU working group has debated whether or not adding/subtracting leap seconds should be discontinued (as noted here). We’ll see what 2015 brings. Or January, 2038 for that matter.

BTW, a few additional notes today from my associate and venerable time lord Matt Johnson

“It may be worth noting a couple of things from a developer’s perspective:

  • Most applications do not handle leap seconds, as their time structures only allow seconds numbered to 59 – not to 60.
  • Most applications do not care about this, as they will never receive a leap second from the system clock – even when one occurs.
  • Most applications have to cope with minute time adjustments to the system clock for a variety of other reasons anyway – so leap seconds are no different.  Consider that clock drift does occur, and is often corrected by NTP sync – so it’s not abnormal for an app to receive timestamps out of sequence.
  • Depending on implementation, sometimes a system just won’t observe the leap second at all, but that just means its clock will be off by one second until the next NTP sync.
  • Even when the leap second is observed perfectly, it only affects code that needs to be precise to sub-second accuracy.  Consider how the clock will tick over an observed leap second when you observer it by tenths of a second: 23:59:59.8, 23:59:59.9, 00:00:00.0, 00:00:00.1

“So, it usually doesn’t cause a problem unless you are timing things less than a second in duration, or if you are re-sorting events that occur in high frequency.”

[Note: Part two of the story around Leap Seconds and Windows: #NotY2K]

Also available at https://t.co/8ZVoch44QO

Categories
Uncategorized

Satya Nadella: the new president in Microsoft’s Server & Tools Business

News today: we have a new president in the Server & Tools Business: Satya Nadella, a respected technical leader here at the company (as noted here: http://bit.ly/i5ovIb). Satya moved from MBS to the Online Services Division to head up the engineering division there, which includes Bing, MSN and AdCenter (our advertising platform).

Satya Nadella hasn’t blogged in quite a while – I’ll suggest that he pick this back up ;)  You can check out his old posts at http://bit.ly/iejhvy. In particular I enjoyed one of his last posts on “making complex things simple” mantra, with observations from the book "The Laws of Simplicity" by John Maeda…

"I recently read The Laws of Simplicity by John Maeda. He has a cool web site as well. In the Dynamics group there is a lot of passion around this subject.

"John’s first rule – REDUCE: Simplicity through thoughtful reduction…strikes me as the most critical, when it comes to software design.

"I remember going to for my first meeting with the technical team at Navision before the acquisition. Their entire presentation was around how little code they have in their application. Mind you this was before we had settled on price!!

"This spirit of “minimalism” has helped us a ton as we have looked to evolve our apps and make them modern both in terms of user experience, runtime infrastructure and design time tools."

This reminds me of another discussion: Tony Scott, our CIO, asked Steve Ballmer (as noted on the Microsoft CIO Network site) about the biggest lessons he has learned over the ten years Steve has been CEO.

"… there’s a quote from a college basketball coach who just died here in the U.S., a guy named John Wooden, who was the coach at UCLA for many years.  But his writing on this sort of stands out to me.  He used to tell his players, "Be quick, but don’t hurry."  In our business more than any, you’ve got to be quick, but don’t hurry.  You can hurry things and you get a bad outcome if you try to rush, rush, either half-baked, not forward-looking enough.  But if you just take your time, you’re slow, you’re not in the market, you’re going to fail too.  And so really being thoughtful about — it doesn’t mean — there’s no implied algorithm of how you be quick but don’t hurry, but I know that a lot of the bad decisions I made, I made when I did hurry or when I took too much time to make a decision.  One or the other.  And so those are sort of my principles that I’ve learned.  I mean, I can also tell you I’ve learned a lot of things from specific projects."

 

Tags: announcements, Microsoft, Windows Server.

Delicious Bookmark this on Delicious Bookmark and Share

Also available via http://bit.ly/hXrbf5

Categories
Uncategorized

Announcement: Microsoft Security Advisory 2490606: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

This just published on TechNet’s Microsoft Security Advisories and notred on the MSRC Blog: details on Microsoft Security Advisory 2490606, Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution…

Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Affected Software:

  • Windows XP Service Pack 3 and Windows XP Professional x64 Edition Service Pack 2 
  • Windows Server 2003 Service Pack 2, x64 SP2 and SP2 for Itanium-based systems
  • Windows Vista Service Pack 1 and SP2, as well as Windows Vista x64 Edition SP1 and SP2
  • Windows Server 2008 RTM

Non-Affected Software: Windows 7 for 32-bit and x64-based Systems, Windows Server 2008 R2 for x64-based and Itanium-based systems.

As noted, teams are are working to develop a security update to address this vulnerability. The circumstances around the issue do not currently meet the criteria for an out-of-band release; however, we are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog.

As always, we encourage Internet users to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at Home.

For more details on the Security Advisory you can subscribe to our comprehensive alerts here to receive email when there’s new information.

 

Tags: Security, what I read, Microsoft, Windows 7.

MSRC references: Security Advisory, Workarounds, Defense-in-depth, Exploitability

Delicious Bookmark this on Delicious Bookmark and Share

Also available via http://bit.ly/fQLtln

Categories
Uncategorized

Announcement: Microsoft Windows December 2010 Updates to Daylight Saving Time and Time Zones

Check out Microsoft Knowledge Base Article 2443685, “December 2010 cumulative time zone update for Windows operating systems”, which the Windows team just posted.  This is the December Daylight Saving Time and Time Zone (DST & TZ) Cumulative Update (CU), and the current KB/blog text focuses on the less common changes, such as adding the timezone for Magadan. 
 
The good folks in Windows (thanks, KC) provided some additional commentary and clarifications to the posts…

  1. Explaining that the Namibia DST support changes begin in 2011
  2. Listing other regions with dynamic support which get routine annual updates

The December 2010 DST Cumulative Update for Windows operating systems focuses on the following changes:

Magadan

  • A new timezone has been created for Magadan. The Magadan timezone has support for Daylight Saving Time, with 2011 DST running from March to October.
  • The existing timezone “(UTC +11:00) Magadan, Solomon Islands, New Caldonia” has been renamed “(UTC +11:00) Solomon Islands, New Caledonia”.   This is only a  displayname update – the rules for this timezone have not changed. As before, this timezone does not have DST support.
Namibia: The offset has been changed from UTC +2:00 to UTC +1:00. In addition, for 2011 and forward, the DST start date will occur in September, and the DST end date will occur in April.
Egypt :  the 2011 DST start date is set to occur in April and the DST end-date is set to occur in September. This is provided to address cases in which 2010 Fix-its for temporary DST changes were only partially applied.
In addition to these changes, the December DST CU contains 2011 adjusted DST start and end-dates for the following timezones:
·    Israel Standard Time
·    Morocco Standard Time
·    Pacific SA Standard Time
·    Samoa Standard Time
·    Syria Standard Time
For more information on these adjustments, refer to this Microsoft KnowledgeBase article: http://support.microsoft.com/kb/2443685 
The following blogs have been updated  – the KB updates are coming :

For more information about how daylight saving time changes may affect other Microsoft products, click the following article number to view the article in the Microsoft Knowledge Base: 914387  (http://support.microsoft.com/kb/914387/ ) How to configure daylight saving time for Microsoft Windows operating systems.

A holiday nod of thanks to the good folks across our company working on our effort to help manage time (particularly in daylight saving time and time zone changes) — documented and followed at http://www.microsoft.com/time and over at the blog at http://blogs.technet.com/dst2007 — and to the folks coordinating the efforts on our daylight saving time and time zone updates and releases for current products across the various product groups at Microsoft.  As noted, this is a tough job, to say the least.

Tags: Windows, Microsoft, Daylight Saving Time, Daylight Savings Time, RSS, DST; 18,600,000 (up a bunch from just six months ago); 18,800,000 (down ~2M)

Delicious Bookmark this on Delicious Bookmark and Share

Also available via http://bit.ly/hSHwXz