Wednesday, June 27, 2012

Leap Second, yes it has security and privacy relevance

There is a leap second on June 30th. The security relevance is,  how will your software deal with this leapsecond. Will events that happend during the extra second be properly accounted for? will it be shown as 60 seconds, or will 59 show up for 2 seconds? -- the 'accountability' side of Security.

Will your timers handle a request to delay by 60 seconds, when there actually are 61? Will a deadlock occur? -- the 'availability' side of Security.

Will your software adjust the clock at all? Or will it be terminally behind a second, likely many seconds since we have had almost a half minute of leapseconds. This is what the GPS system does, rather than deal with the accounting mess.
of course on the other side of GMT they see it differently
and businesses care too
a good quality implementation of NTP will simply smooth the second out so that there never is simply a leapsecond, but rather a bunch of leap microseconds.
but not all time sync are that advanced
Update: July 2, 2012 -- Fantastic analysis done By Rob Horn. Not just what the problem was, but why we find ourselves in this strange space where this matters yet doesn't really matter.


  1. At the last relevant standards meeting, the US and multiple other countries voted to eliminate the leap second. China and multiple other countries voted to keep it. The issue comes up again in about 2yrs.

    The balance has been slowly shifting towards eliminating the leap seconds and accepting a slow drift of sunrise/sunset times. The forecast drift is about 1 minute per century. The drift is subject to earthquakes, core fluid motion, volcano activity, glacial shifts, ocean warming, etc. so the forecast is not very precise. Just a few more members need to agree, and then the leapseconds will be eliminated.

  2. It appears there may have been quite a bit of failure all due to a minute with 61 seconds. Here is a Wired article that does a good job of itemizing them all

    This makes me wonder, just how innumerate are programmers?

    A bunch of other Falsehoods that Programmers believe