Submitted by Hoosac_Love t3_123wk8o in massachusetts
HeyaShinyObject t1_jdxoki0 wrote
Reply to comment by BellyDancerEm in Greenland turns clocks forward for last,should Massachusetts/eastern US do the same by Hoosac_Love
Too soon to make a change. Every computer needs to be updated, probably millions in MA alone. In companies with thousands of computers and network devices, this could take six months of testing and actual production deploys.
ckfinite t1_jdxp5w3 wrote
There's a whole protocol for doing exactly this. It's the time zone database/tz/tzinfo and is regularly updated for this very reason. Lots of countries and regions fiddle with their time on a regular basis and every major operating system has been able to accommodate it for decades. You can see a long discussion about managing DST or lack thereof in Egypt and Lebanon in the associated mailing lists just this month.
tzinfo updates usually are packaged into broader OS updates. Getting the right time is just a matter of running Windows Update or whatever other update utility you use. You can even check out the list of all of the DST-specific updates that Microsoft has done here.
HeyaShinyObject t1_jdxpzu9 wrote
The key being that some companies change control will require a structured plan to roll it out, possibly in phases. My last company only had a few thousand production servers, in a non emergency would probably do this over a month or two. In tandem with regular patching. Network devices are sometimes another story.
People don't realize it's a bit more complicated than just saying "don't change your clocks".
swatlord t1_jdzpjrg wrote
Not really. Most internet enabled devices would probably get it on their regular round of updates. Just a switch to no longer flip between $ST and $DT. Most apps go by system time anyway so they’ll go by whatever device time is. The only thing that would be a pain would be anything that doesn’t receive automatic updates or anything not internet-connected.
HeyaShinyObject t1_jdzvxgm wrote
I understand how ntp and timezone files work. I know most people won't have an issue, or maybe their lights won't come on at the right time because their automation hub didn't update, but no big deal. In commercial environments, often with thousands of devices, automatic updates are often disabled. Updates are tested in a lab, then a QA environment, then rolled out to production servers in phases. In regulated industries like healthcare and finance, there is typically more process. Every change is documented, scheduled, authorized and verified. The actual change might only take a couple days to roll out, but it's not like companies have people sitting around waiting to do this, they have day to day business to take care of as well.
swatlord t1_jdzykji wrote
Yep, I'm one of those people who works in said environments. I can say, with confidence, that with automation available at the orgs you mention (Commonly MECM, Intune, or GPO for Windows and Ansible for Linux/anything else SSH) this change would be pretty dang trivial.
Windows Registry example (likely delivered through GPO, MECM, or Intune) - This would cover most use-cases for the environments you mention.
To add, I also work in one of those "regulated industries" (government/defense). There are specific processes for stuff like this that requires quick action and to bypass normal CCBs. An example for the gov/mil side is when 0-days are discovered (think SolarWinds and Log4J). Do they want to spend months testing and approving? Hell no! While flipping a time-zone config isn't exactly the same as remediating a vulnerability, fixing it would be important to business continuity to justify some expedited changes.
> The actual change might only take a couple days to roll out, but it's not like companies have people sitting around waiting to do this, they have day to day business to take care of as well.
Most of the companies you mentioned in regulated industries do have folks that spend their work day doing this. People like ISSOs/ISSMs, change/config managers, automation engineers just to name a few. It is their business to stay abreast of upcoming changes and respond.
HeyaShinyObject t1_jdzzp82 wrote
The company I must recently worked at would turn a zero day around essentially overnight as well. But we didn't like it, because something else got pushed aside for it. This will be somewhat more than a typical zero day because it will affect every class of device, whereas most zero days only affect certain classes or versions of devices. The original point was that you don't want to turn something like this into a last minute emergency by passing legislation that doesn't allow industry time to deal with it.
swatlord t1_je019j9 wrote
Yep, and my rebuttal was that if it passed now (or even in the next few months) i believe orgs would have plenty of time to implement the change before the next clock change in the fall.
HeyaShinyObject t1_je02r69 wrote
Realistically, it won't pass for months. My bet is it will take effect next year, if at all.
Interestingly, CT tried to pass a bill last year, but broadcasters opposed it and it never got passed. Apparently Congress has to approve the change as well.
CT 's bill would have been contingent on MA, NY, and RI also adopting AST.
swatlord t1_je03msv wrote
Oh yeah, no argument there. While we have the technology to implement something like this pretty quickly, the legislature does not move as fast.
Viewing a single comment thread. View all comments