“We learn from experience that men never learn anything from experience.”
George Bernard Shaw
Introduction
Born in 1992, I have often heard of the Y2K bug as being the stressful event that marked the start of the millennium (before September 11, 2001).
My mother, then a night nurse in the emergency room, told me about this unique moment.
“All the doctors had been requisitioned for the night. Flashlights, sleeping accommodations on site… everything had been arranged to accommodate as many patients as possible.”
And finally: nothing. After years of hype, the world was filled with a mix of relief and disappointment.
What happened at the end of the 20th century? And what does this have to do with cybersecurity?
Well, absolutely everything. This is what I will detail in this article.
Note: this post was partly inspired by Astronogeek’s video from December 26, 2025, thanks to him.
Disclaimer: the content of this article represents the informed opinion of a random citizen. If you want a source of information, look for peer-reviewed scientific publications. Kisses.
Y2K bug
Why fear the transition to the year 2000?
To understand all this, let’s go back to the genesis of computing. In a world where we did not count RAM in multiples of 8GB, but in KB, every byte of optimization was worth taking. And in the same way as “I was born in 92”, and not “in one thousand nine hundred and ninety-two”, we quickly got into the habit of coding the year in 2 digits and not in 4 digits.
Here, we do not think in terms of number of bits, but in number of characters. Thus, in 1998, the year was composed of 2 digits on 2 bytes: 9, 8.
The problem?
Going to the year 2000 has the effect of returning to 00 (the equivalent of the year 1900). If this still seems anecdotal to you, here is a concrete example.
You borrowed 100,000€ on 20 years to buy a house, and this in 1998.
In 1999, your loan has been running for 99 - 98, either one year. So you paid 1 year due dates And of interests at the bank.
In 2000, your loan has been running for 00-98, either -98 years old. So you paid -98 years of maturities And of interests at the bank. What you paid for a year, you now owe 98 times over. The banking system brings you into the very select club of banking bans, congratulations!
This example can be applied to countless areas: monitoring health data in a hospital, air traffic outages, onboard systems in aircraft, crashes of industrial systems in factories, nuclear power plants, billing for internet boxes that still count browsing minutes…
Thus, the flying cars dreamed of in 1970 were gradually replaced by hints of the apocalypse in 1999.
Then came the fateful date: nothing.
Nada. Nothing. Zilch.
For the mainstream media of the time, this event was gradually transformed into a joke, even a scam.
What no one saw was several years of colossal work engineers and developers for apply patches wherever it was needed. Some isolated incidents did occur, but they were underreported enough to be ignored.
We have witnessed the opposite of climate change: all States and experts working, hand in hand, to successfully prevent a catastrophe. Enough to make the IPCC nostalgic.
2038: ah shit, here we go again…
In 2025, we still haven’t invented infinite memory.
Consequently, the problem of the year 2000 is not definitively neutralized: as long as we need to store a date, the latter will be limited by the quantity of data allocated to it.
The epoch, for example. For those who don’t know this almost ubiquitous format: This is the number of seconds that have passed since January 1, 1970 at midnight, UTC. It is accurate to the second and has the advantage of being encoded on 32 bits. This allows you to count a total of 4,294,967,296 different seconds.
Obviously, it may be relevant to use a date before 1970 in certain cases. This is why this format is called “signed”. It therefore reserves half of its possible values for negative numbers.
To summarize:
- This format can therefore represent, at the earliest, January 1, 1970 - 2,147,483,648 seconds
- Or January 1, 1970 + 2,147,483,647 seconds
Which brings us to 2038.
So yes: we have time to see 2038 coming.
But let’s not forget that 2000 was preserved after years of work, after specialists in the field had warned everyone at length. They were forced to persist and fight for years before being taken seriously.
Today the world has changed:
- Specialists in the field are often taken less seriously than eloquent presenters who claim expertise in everything;
- Distrust of science and the rise of conspiracy thinking accelerated by the Internet do not help raise collective awareness;
- And above all, the world is fully connected, out of all proportion to 2000.
And then: replace the epoch format with what?
Genesis of a standard
In order to replace the epoch with something else, it is necessary to define a new standard used by everyone. Otherwise, the Internet will become an infernal puzzle where each piece is incompatible with the next.
Yes, a timestamp must circulate on the network and be accepted by everyone, interpreted in the same way.
By the way, how is a standard born? Currently, each big company, each State, is trying to impose THEIR solution in order to win the market. USB is just one example, it took 25 years to see Apple connectors, mini-USB, micro-USB then USB-C. And even today, several standards coexist.
13 years will not be too long to redo the same work, x1000, with balls and chains around your ankles and great powers trying to pull the cover towards them.
Cybersecurity: Lessons Unlearned
The issue cybersecurity that comes to mind is obviously the issue of resilience. Preventing this type of crisis means increasing your chances of providing continuous service to your customers, not forcing your staff into temporary layoff, ensuring the continuity of factory production, etc. Another, more insidious issue, only entered people’s minds very recently.
Who here has lived in a cave for the last 10 years? Delighted. Even you have heard of Wannacry.
In May 2017, this widely publicized ransomware made its mark by perfectly illustrating what represents lack of prevention. And paralyzing airports and several multinationals, in the process. Because cybersecurity, like the Y2K bug, remains above all prevention: invisible, unproductive work and costs, not bringing in any money for the company and society in return.
Prevention only seems essential when it is too late. Whether it is the two Koreas, Japan against China, the Baltic countries, or the United States: no one waited for WannaCry to become interested in cybersecurity. Some were aware of the issues, others had already suffered major cyberattacks (like Estonia in 2007).
But fortunately, today we have an asset to solve all of humanity’s problems: AI, right?
…
Isn’t it?
AI: automating human flaws
After all, AI can protect us from cyberattacks, right? Could it also prevent us from a global crash in 2038?
It is not for nothing that the code produced by AI is often riddled with vulnerabilities. An LLM learns from humans. Vibecoding perfectly reproduces the bad practices learned on Stack Overflow.
Today, hundreds of miracle AI-powered solutions are hitting the market. They have a common selling point: gain efficiency and productivity by automating what is currently done 10 times slower by humans. Security is the blind spot.
I am hopeful that, in 10 years, advanced AI tools will be able to develop a functional, vulnerability-free product on demand. But this is clearly not the case at present.
As it stands, asking an AI to modify the code of a program to resolve the epoch time problem is at best to risk postpone the problem in the short term instead of solving it, at worst introduce vulnerabilities or other more serious problems.
Knowing that before implementing a solution, it will obviously be necessary to adopt the standard mentioned above.
Conclusion
As Ray Dalio illustrates in his book “Principles for dealing with the changing world order”, the great powers of this world for 2000 years are ending inexorably by fall, and always for 3 same reasons.
This observation is symptomatic of the human nature: forget. Basing your decisions on current metrics while ignoring what history is screaming at us not to do anymore.
In the same way, the remarkable management of the transition to the year 2000 was only a beautiful story encouraging us to forget the price to pay when a lack of anticipation comes back to haunt us.
The reminder of the first publicized ransomware will one day fade. It’s up to us to remember. Study, research, analyze, plan.
Let’s learn from cybersecurity news, from this competitor who went out of business after a theft of customer data.
Let’s analyze the risks to which we are exposed. Why am I an interesting target? For whom, with what means? What impact in the event of a successful attack? How can I protect myself to avoid bankruptcy?
Beyond cybersecurity, all of these topics have one thing in common: a thought process that is rarely adopted.
Feed on the successes and failures of the past, ours and those of others.
Analyze the current situation, what has evolved, for good or for bad.
Anticipate future crises, powered by the engine and weight of this data.
For 2000 years, this process has structured our lifespan, on the scale of a company as well as that of a State or the world.
Credits
- “The story of the Y2K bug” - Astronogeek (December 26, 2025): https://www.youtube.com/watch?v=nE7M6Q6eUl4
- “Principles for dealing with the changing world order - why nations succeed and fail” - written by Ray Dalio: www.amazon.fr/dp/1471196690
- USB - Wikipedia:https://fr.wikipedia.org/wiki/USB
- Unix time - Wikipedia:https://en.wikipedia.org/wiki/Unix_time
- Wannacry - Wikipedia:https://fr.wikipedia.org/wiki/WannaCry
- “Baltic security strategic report”: https://media.voog.com/0000/0051/2796/files/BSSR2019.pdf
- Interview with Gary Marcus by David Bombal - BlackHat Convention 2025:https://www.youtube.com/watch?v=Pq1PtOiXAwQ