[LEAPSECS] Leap seconds ain't broken

Warner Losh imp at bsdimp.com
Tue Jan 3 12:07:26 EST 2017


On Tue, Jan 3, 2017 at 6:35 AM, Rob Seaman <seaman at lpl.arizona.edu> wrote:
> And Steve is discussing a specific legacy telescope.

That rather sums up the situation today with software. We have a
specific legacy standard called POSIX that's causing all kinds of
issues that pop up when you least expect it (taking out DNS server,
that's impressive), but there's no heir apparent to the standard, and
no history of willingness to change the standard to allow it to
properly model the current reality. Sure, it's just this bizarre
interface that we have to cope with, and it should just work by
default. But it doesn't. And that's before we get to the unspecified
behavior in the SQL standard or any of a large number of other
standards and APIs both great and small that punt on the issue
entirely. So instead of having this one telescope in the corner that's
old and ironically has issues with leap seconds with the rest of the
fleet working great and having high confidence the fleet will work
great, the situation with software is rather different. Here the bits
of software that work right on purpose are rather the rare exception
than the rule. The rest of the 'fleet' of software applications may or
may not handle the leap second correctly, which may in turn cause
problems great or small (or no problems at all). The issue here is
that it's hard do audit to know that it all works, hard to detect
issues before the failure and extensive testing of every single bit of
code across the leap second is prohibitively expensive.

So even before we get to "should work" or "should model reality" we
are confronted with a situation where we know that they don't, have
lots of examples of issues around them and such a general fear of leap
seconds causing something to go wonky we paper over it by introducing
a frequency error and hoping for the best since it breaks the fewest
number of things, at least as studied at Google and other places. Such
a permanent and ongoing impedance mismatch can not end in a happy
place.

So Rob and I can argue about what should happen, but I do know what
does happen and will continue to happen unless something radical
changes.

> There are subtleties to timekeeping. Removing leap seconds wouldn’t remove the subtleties, rather it would promote them to significantly more importance, perhaps “breaking” even more software and systems.

I suspect strongly, based on two decades of fixing bugs large and
small with leap seconds, that vastly more software will behave
correctly than badly by simply removing them. Time will no longer go
backwards, have a large step, or other weirdness that systems with
leap seconds and faulty software experience today. Given the rise of
smeared leap seconds to paper over it, I think that lots of people
have come to this same conclusion (mostly for reasons that have been
discussed at length).

Warner


More information about the LEAPSECS mailing list