o try to make it safer.
Software "patches" represent new, untried un-"stable" software, which
is by definition riskier.
The modern telephone system has come to depend, utterly and
irretrievably, upon software. And the System Crash of January 15,
1990, was caused by an IMPROVEMENT in software. Or rather, an
ATTEMPTED improvement.
As it happened, the problem itself--the problem per se--took this form.
A piece of telco software had been written in C language, a standard
language of the telco field. Within the C software was a long "do ...
while" construct. The "do ... while" construct contained a "switch"
statement. The "switch" statement contained an "if" clause. The "if"
clause contained a "break." The "break" was SUPPOSED to "break" the
"if clause." Instead, the "break" broke the "switch" statement.
That was the problem, the actual reason why people picking up phones on
January 15, 1990, could not talk to one another.
Or at least, that was the subtle, abstract, cyberspatial seed of the
problem. This is how the problem manifested itself from the realm of
programming into the realm of real life.
The System 7 software for AT&T's 4ESS switching station, the "Generic
44E14 Central Office Switch Software," had been extensively tested, and
was considered very stable. By the end of 1989, eighty of AT&T's
switching systems nationwide had been programmed with the new software.
Cautiously, thirty-four stations were left to run the slower,
less-capable System 6, because AT&T suspected there might be shakedown
problems with the new and unprecedently sophisticated System 7 network.
The stations with System 7 were programmed to switch over to a backup
net in case of any problems. In mid-December 1989, however, a new
high-velocity, high-security software patch was distributed to each of
the 4ESS switches that would enable them to switch over even more
quickly, making the System 7 network that much more secure.
Unfortunately, every one of these 4ESS switches was now in possession
of a small but deadly flaw.
In order to maintain the network, switches must monitor the condition
of other switches--whether they are up and running, whether they have
temporarily shut down, whether they are overloaded and in need of
assistance, and so forth. The new software helped control this
bookkeeping function by monitoring the status calls from other switches.
It only takes four to six seconds for a troubled 4ESS switch to
|