Security's Everyman

Security's Everyman

Friday, February 09, 2007

What's the big deal about DST?

I had a conversation with someone yesterday who couldn't believe that some people were making a big deal about the DST change happening 3 weeks early. His comment was "It's only an hour. We change time twice a year and have been doing it for years." He didn't realize that in computer time an hour is a long time and can have a drastic effect on many different things. Some of them are small and trivial and some of them are pretty big and major.

I wanted to post here about it in hopes that if there is anyone else out there who doesn't think that this has the potential to be a big deal will take heed and do a little research. One example from real life. A secured web server uses time stamped cookies for authentication and access. The cookies are refreshed as the user continues to interact with the server. After a period of inactivity the session times out. You have sold this to customers across the country and it is a big part of your companies business. What happens if you don't plan for DST this year and all of a sudden customers are getting kicked out immediately after they log in? Obviously there are a couple of things here. One it's Sunday and your IT staff goes to Church and isn't available until after 12:30. You can't reach them because they keep their phone turned off during Church. Since all of your customers started attempting to access the system at 10:00 am that is at least 2 1/2 hours of down time and that is if the IT guy knows exactly what the problem is and fixes it immediately. What does this do to your SLA and customer satisfaction? Not good.

There are several good articles our on how to deal with this. I'm going to point to 2 places that I found to be useful. The first is the Microsoft DST page that has lots of good information on it. The other is a podcast the my friend Michael Santarcangelo did a couple of weeks ago. He brings up lots of things that need to be considered when planning for the change. Both of these are good places to start if you haven't already thought about this. I'd also check sites for your specific vendors to make sure that you know how to handle various applications and hardware that you may have. It's something that can be handled with relative ease and shouldn't cause too much of a headache for those who plan and prepare. For the rest of you.......................... good luck.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.