Page last updated: December 27, 1999.
In general, all Cycla software applications based on Microsoft FoxPro and Visual FoxPro are Year 2000 compliant. This is because:
[Note: Cycla is also continually investigating the compliance of its own internal network and Internet connection. This affects only those systems that are hosted on Cycla's servers. The status of this examination is presented in the section entitled Cycla Network below.]
The following table shows general Y2K areas of concern and Cycla's assessment of any vulnerabilities:
| Area of Potential Concern | Cycla Vulnerability Analysis |
|---|---|
| Data Storage: Date information may be stored using 2 digit years, such that upon reaching 2000, date values become ambiguous. | All Cycla systems that store specific date values use Visual FoxPro's
DBF format, which stores complete (4-digit) year information.
Conclusion: No Vulnerability |
| Date Sorting: There is a potential for functions that index or sort data in date order to place dates after 2000 prior to 1999. | Where sorting is done using the actual date data type, there is no issue
for the same reason as that for data storage. In general, however, to support
concatentation with other data types in sort sequences, Cycla has used the
Visual FoxPro DTOS() function, which converts any date to a YYYYMMDD 8-character
string. Such strings are impervious to Y2K issues, and even to other problems,
such as local settings of date format (i.e., European vs. American). This
DTOS() conversion is enforced within Cycla's framework by default on all date
fields.
Conclusion: No Vulnerability |
| Date Arithmetic: If dates are stored (or converted at runtime) to any format with ambiguity as to year, the potential for incorrect date arithmetic exists. | Any date calculations in Cycla's systems use the "date" data type,
which is Y2K-compliant.
Conclusion: No Vulnerability |
| 2-Digit Data Entry Ambiguity: Data entry forms that receive dates with 2-digit years as "input masks" ("xx/xx/xx") may cause data entry errors, or even prevent users from entering dates after 12/31/1999. Further, even if entered properly, such a form would only show the final 2 digits, thus preventing the user from reviewing the accuracy of the data. | The Cycla framework always uses the SET CENTURY ON and the
SET DATE AMERICAN command, which forces
all dates without specific input masks to a default of "mm/dd/yyyy".
Custom input masks (that could override this default) are never used on date
fields. Cycla has reviewed 2 of its systems thorougly, and not found a single
instance with a 2-digit year in an input form.
Conclusion: No Vulnerability |
| 2000 as Leap Year: Some systems may not represent the year 2000 as a leap year, thus thinking the day after 02/28/2000 is 03/01/2000. (Note: 1900 was not a leap year.) | All versions of FoxPro and Visual FoxPro used by Cycla correctly
represent 2000 as a leap year. For example, issuing this command: ? {02/28/2000} + 1 yields the result: 02/29/2000. Conclusion: No Vulnerability |
| 2-Digit Years in Output Reports: If output reports show only the final 2 digits of a year, then there may be ambiguity as to century. (That is, does "06/01/50" refer to 1950 or 2050?) | As stated above, Cycla's framework always uses SET CENTURY ON. For output,
this means that, unless specialized formatting were applied to a given field,
it would display with 4-digit years shown. (Aside: If the field were visually
truncated, say limited to 8 character in width, the right-most digits would
truncate, vs. losing the century information. This would be immediately obvious.)
Conclusion: No Vulnerability |
| Non-compliant Hardware: Some workstations or PCs have older system clocks and BIOS systems that cannot properly recognize the year 2000. |
Conclusion: Computers whose internal system clock cannot
properly distinguish the 4-digit years, should not be used for data entry
purposes running Cycla software after 12/31/1999. Note: This does not apply
to browsers of Web applications, since all date manipulation and formatting
is done on the Web server machine(s).
Important Note: Cycla does not provide hardware for its systems, and is not responsible for limitations caused by inadequate hardware. Further, Cycla suspects that most other software applications will have significant problems, or even be unusable if run on such machines after 12/31/1999. |
| Embedded Systems: Non-compliant software embedded in other equipment (e.g., routers and hubs) may manipulate date information incorrectly. |
Conclusion: Administrators should verify that all such systems in
their infrastructure are compliant. Given connectivity with the Web server,
all manipulation is performed on that server without reference to date
information supplied or manipulated by other embedded systems.
Important Note: Cycla does not provide the network equipment on which its systems operate, and is not responsible for limitations caused by inadequate hardware. Further, Cycla suspects that any such problem would manifest itself in the complete prevention of user connectivity (as opposed hidden problems) after 12/31/1999. |
| Web Browser Issues: In web-based systems, non-Y2K-compliant browsers on the client end could cause problems, in particular with systems that use "permanent cookies" to help store "state" information during user web site navigation. | Cycla has seen that older versions of Netscape Navigator cannot
handle cookie expiration dates after the year 2010.
Cycla seldom has control over client Web browser selection. Further,
since most browser software is virtually free, and this problem manifests
itself only in the application "forgetting" user preferences or denying
certain functions to just users with non-compliant browsers, there is no
hidden vulnerability. For its systems that use cookies (vs.
authentication schemes), Cycla specifies 12-31-2010 as "forever", thus
ensuring these systems will work with most older mainstream browsers for
at least 12 more years. (This is an easy setting to change, once the
browsers in use have all addressed this issue.)
Conclusion: No Hidden Vulnerability. Clients should avoid use of 2.X versions of Netscape Navigator after 12-31-1999. |
| Microsoft Issues: Microsoft rates Visual FoxPro 2.6 as "compliant with minor issues" and Visual FoxPro 5.0 as "compliant", but lists some specific suggestions for developers. |
Conclusion: The specific issues/suggestions consist of:
Conclusion: No Vulnerability |
For clients who maintain systems based on Cycla's Level 5 framework library and methods, suggested changes are delineated on a separate page.
Internet Connection - ISP: UUNET, a division of MCI WorldCom, is Cycla's Internet Service Provider. The UUNET Year 2000 program information is available at http://www.wcom.com/about_the_company/year_2000_compliance/uunet_y2k/. Due to the vast reliance of any ISP on public utilities and other networks, UUNET makes no specific guarantees about Y2K compliance.
Internet Connection - Telco: Bell Atlantic is the local carrier that provides the T-1 connection from Cycla's offices to UUNET's backbone. Per Bell Atlantic's Web ( http://www.bell-atl.com/year2000/) site on 10/22/1998, Bell Atlantic's anticipated full compliance date for all Year 2000 issues on their network was listed as July 1, 1999. Cycla will monitor this Web site periodically for updated information. [Last monitored 12/27/1999. All upgrades were listed as complete and contingency planning is in effect.] Additionally, the connectivity with Bell Atlantic is part of Cycla's guaranteed service level agreement with UUNET.
Internet Connection - DSU/CSU: Cycla uses the ADC Kentrox D-SERV series
DSU/CSU. Cycla makes no explicit statement of this product's compliance. Per, the
manufacturer's Web site (www.kentrox.com/)
as of 10/22/1998, this product line is listed as being
"not applicable" because it has no clock. Further, the operability of our
DSU/CSU is covered by an extended service agreement with UUNET.
Internet Connection - Router: Cycla's servers are connected
to the Internet using a Cisco 2501 router running Cisco Internetwork
Operating System (IOS) Version 11.1. Per
Cisco's
Web site on 10/22/1998 this router was listed as fully
compliant with all IOS versions starting with 11.0. Cycla also was contacted by Cisco
during 1999 and specifically confirmed that the router/IOS combination in use on
Cycla's network is compliant.
Further, the operability of our Cisco router is covered by an extended
service agreement with UUNET.
Network - Hubs: Cycla uses the Hewlett Packard Advance Stack line
of Ethernet hubs. Per
Hewlett
Packard's Web site on 10/22/1998, this
entire line is Year 2000 compliant.
Server Hardware: The physical servers are Dell PowerEdge series servers.
According to the Dell
Web site on 10/22/1998, all released BIOS versions of this entire line of servers
has been Year 2000 compliant and no action is necessary.
The network LAN cards are the 3Com Fast EtherLink series. Cycla is also checking
specifically on the compliance status of these cards, which were procured with
the servers in which they are installed.
Network - Web Server Software: Cycla uses Microsoft Internet
Information Server, Version 4 or later, running on Windows NT Server,
Version 4, Service Pak 4 or later.
[Cycla last monitored the Microsoft web site on 12/27/1999 to review compliance status of the
relevant Microsoft server software. No compliance issues were noted.]
Network - Mail Server Software: Cycla uses Gordano NTMail, Version 3.02.
Gordano's web site does not provide specific information about version 3 compliance.
Users can upgrade to version 4 or beyond, which are listed as compliant. Cycla will
download the latest version prior to 12/31/1999 so it becomes available in case the
current version experiences problems. Since Cycla's Web-based systems all use
store-and-forward designs for SMTP server interfacing, no messages will be lost, even if there
is a temporary main server outage.
| © 1998-1999 by Cycla Corporation | [Questions?] [Home Page] [Software Page] |