It's still happening
25 years later, it's still happening.
Not one damn manager in Fujitsu or the PO saw fit to prioritise getting these bugs fixed in a quarter of a century.
There's a problem all right, but it's not with the developers.
Nine hundred people have had their lives blighted, even destroyed. One of the world's oldest independent judicial systems has been perverted as a publicly owned company – the Post Office – brought private prosecutions* against postmasters. At the heart of it all is a brutal corporate cover-up of a broken IT system. The Fujitsu …
25 years later, it's still happening.
Not one damn manager in Fujitsu or the PO saw fit to prioritise getting these bugs fixed in a quarter of a century.
There's a problem all right, but it's not with the developers.
manager> Why are you spending so much time on writing tests? Have you not done the feature already?
developer> We need to ensure we have covered all known edge cases and see if there are scenarios we have not thought about
manager> Are you saying that you are not confident with what you created? I have pulled up your resume and you have quite impressive projects there. What's going on?
developer> It's not about a lack of confidence in my skills. In fact, it's quite the opposite. My experience has taught me that even the best developers can't predict every possible scenario. Testing is a critical part of the development process. It's about diligence and ensuring quality, not a lack of confidence.
manager> It seems to me that you just want to spend time on tinkering. I've seen the demo and feature is working, so don't delay otherwise we may have to revise your rate as you are clearly underperforming or look at other options. I don't want to have that conversation again.
Have you seen some of the code?
Computer weekly has an article about it, naturally.
From that article: “Whoever wrote this code clearly has no understanding of elementary mathematics or the most basic rules of programming."
"Crap at all levels" describes the software industry in general.
Yes, management shoulders a large portion of the blame. But the fact is that a great deal of software is very poorly written. That's true of open source and of proprietary, in my experience, and I've read a great deal of code, in many different languages and coming from many different domains.
Many programmers know very little about their craft. They often aren't familiar with the specifications for the languages and APIs they use, for example. Many show little interest in techniques for improving software quality. Basic safeguards are routinely omitted. Code is often far from optimal, poorly constructed, copied and pasted, difficult to read, uncommented,1 and so on.
While insufficient resources (particularly overly-tight schedules) can often be blamed for insufficient testing and some other ills, a great deal of bad code actually represents more time and effort than a superior implementation would be. It's the result of insufficient training, laziness, and arrogance on the part of developers.
1I'm aware of the argument, popular in some circles, that source-code comments are a code smell, because 1) they imply the code is not comprehensible on its own, and 2) they can get out of sync with the code under maintenance. This argument is wrong.
Come on, it is either a joke, or conceivably written on some basis of getting paid by the line. (I well remember being told about some ICL 1900 project where they never used one or some particular registers - the 1900 had eight registers - because they were only used in dummy code to get the line count up). Calculating d=d-(2*d) is quite an obscure way of doing the sum compared with all the much simpler ways, so the programmer clearly did have some knowledge of elementary maths. Not defending the code or the programmer, just it's such a stupid piece of code it shouldn't be taken as if the programmer didn't know it was stupid.
Indeed.
One of the stories I've read about the origins of the IBM PC was that they'd been unable to design one in-house, partly because the programmers couldn't write the code to fit the hardware. Traditionally coder productivity was measured in KLOCs (kilo lines of code) - and hence they only knew how to write bloated code that improved their KLOC count. I could imagine so many other organisations using the same metric as it's really the only one that's measurable as a number - and beancounters love things measurable in numbers.
It also has the smell of code that is written to be slower than the simpler, obvious, code. For example, to work around a timing bug that they didn't have the time, or skill, to correctly diagnose. Arguably, this is a much worse code smell, of course, and even further from "correct" than mere ignorance.
This kind of thing looks like an attempt to work around endemic data issues where one just cannot trust the data spewed out from another part of the system. In other words, the value in sna might incorrectly come with negative values and this had to be handled. As a result the "ReverseSign" function is probably just an implementation of ABS, but if it's not then there are serious questions to be asked but as it looks like the data from other parts of the system cannot be trusted, then this is indicates much more serious problems. Because if a function might sometimes write a value as negative, but not always, this is a really serious thing as handling this stupidity has to happen consistently everywhere that value is referenced.
If it was the case of always needing to subtract the value 'sna' then
'foo = bar - ABS(sna)'
would do the job but if it's a simple case of doing the reverse of whatever the sign in then the previous poster's
'foo = bar - sna'
is the right way to do it.
EDIT: Just found the web archive reference copy of the item that Stack Overflow removed where the question was what programming language that Horizon was spewed out in - it appears to Visual Basic 5 which would explain so much as while commonly used, almost nothing of any value or reliability whatsoever was churned out using VB5. So yeah, 'foo - bar - sna' is the way to go and the code implemented was both dumb and dangerous too.
"Coding skills they should of hired from LINKEDIN, there are thousands of "QUALIFIED" Professionals on there who have the skills, come to think of it I have zero experience but i will add it to my Linkedin profile to increase my chances of getting a coding job"
err, the Horizon project was deployed in 1999, a full 3 years before limkedin came about.
People forget that the software industry was very different then. Jobs were found at the back of magazines, or via agencies who pushed candidates for profit.
Knowledge and experience was limited and very compartmentalized. No Stack Overflow, no Github. You read books, and generally learnt on the job. It was hard to determine best practice or code quality because you had no other examples.
Should they have done better. Yes, but the blame goes in not who wrote the code, but the spineless managers who would not raise their hands up when issues were found to protect the companies bottom line
> Have you seen some of the code? Take a look.
This question was removed from Stack Overflow for reasons of moderation.
Code sample from Post Office Horizon application - what language is this?
I have written some crap code in my time (I was never employed as a professional programmer, you will be glad to hear), but that code, although excessively lengthy, is at least comprehensible, and does what it appears to be meant to do, change the sign of the call of the (hopefully numerical) variable 'd'. What I would like* to see is whatever functions called 'ReverseSign' and why. My guess is that the 'programmer' was actually quite pleased to have 'solved' the problem of changing the sign on a variable using a function. It may well be the good old 'Dunning-Kruger' effect, well known in this parish.
*Well, 'like' may be going too far, 'am afraid to look at' is probably closer to the mark.
**For want of a more appropriate word that won't get the moderator to remove this post.
The issue here is that a numerical overflow becomes possible.
'p' (the input variable) is probably ok, but when the compiler expands 2*p then it may not be ok for whatever type is actually being used.
Given that the function appears to be at the heart of the 'reverse transaction' process (which has been implicated in doubling the size of the transaction or otherwise not functioning correctly) such 'cleverness' is (as usual) not a good thing.
"No, managers simply using programmers’ who are not as good as they think"
Why are managers doing that, if they are good managers? Explain...
Perhaps there's a problem in UK where managers thend to know sh*t about what they are managing? Why does Boris the Clown come to mind?
You have seen the sample code? It's managers' fault for employing such shit developers.
It's also the senior managers fault for allowing the code to be deployed despite it failing so many internal tests.
I'm not trying to say developers are immune, but managers must be held accountable too.
It's managers' fault for employing such shit developers.
90%+ of managers manage things they aren't capable of doing themselves. Mostly due to the modern myth that a BA in Management means you can manage anything, because all organisations are basically the same...
Which means it's highly likely the managers can't tell which developers are shit or not, even if you showed them sample code.
I'm not excusing them - with the higher pay grade and decision-making power comes the responsibility after all, but there is a more widespread systematic problem here.
"Which means it's highly likely the managers can't tell which developers are shit or not, even if you showed them sample code."
Then they shouldn't be managing that.
Yes, I'm well aware of the Peter Principle and have seen it's truth. However if their job, as a manager, is to pick capable coders and they can't tell a good one from a bad one because they can't read the code, that's not incompetence, it's negligence.
Pete Sdev Mostly due to the modern myth that a BA in Management means you can manage anything
I think you'll find that is an MBA in Management. And when I was considering doing one for 'personal / professional development', I was worried that mostly they seem to be about enhancing the person's career, rather than actually teaching you how to run a business or, as is essential for almost all managers, being a good and effective subordinate. Or, indeed how to respond when a 'good and effective subordinate' correctly tells you that you are wrong and need to stop and do something else or the shit will hit the fan 'big time'.
I refer people to a disposition by Adm. Rickover in 1979. See section 7 "Technical Competence" on page 7. Something thatshould be impressed on those leading any project, not just something with the potential consequences of nuclear reactors. Note how he is very specific about taking people who understand the technology and making them into managers.
The developers created the bugs. The IT world really needs to stop blaming managers and clients for its endemic inability to produce secure and effective software.
I don't know about you, but if I went round the software I'm responsible for programming swatting bugs as I saw fit without bringing them to anyone's attention first I would be asked what the hell I was doing. After 25 years we can be sure managers in Fujitsu and the PO have had these problems brought to their attention and they saw fit to ignore them. A reminder that the cash account module required mere weeks for a rewrite and here we are 25 years later (feel free to follow links to the transcript and the original report written two decades ago).
If the development team had many poor developers and management decided to keep them on, that's a management problem. If there was no process for dealing with bugs, that's a management problem. Management can't simply not take an interest in the suitability of their own workers for their projects or their own processes then blame developers for the inevitable failure.
I see a theme here. End users and developers get the blame, management and board are somehow above it all and are free of any wrongdoing.
I don't know about you, but if I went round the software I'm responsible for programming swatting bugs as I saw fit without bringing them to anyone's attention first I would be asked what the hell I was doing.
I would hope you'd be asked why you - or your colleagues - were writing such buggy code. The programming community seems to accept it as axiomatic that they will produce terrible code and that the role of a good manager is to give them time to fix their own mistakes. Other industries do not work like that.
>> Other industries do not work like that.
Absolute bollocks. Every engineering company that I have worked for fully expects the first prototype (mechanical/electronic/software) to basically work, as a proof of concept. Then we make it better to the point at which it is suitable for release. Source - I design in the medical device industry.
Other industries do not work like that
Looks like you don't get out much if you've not seen it elsewhere.
But being a bit more serious, you have to remember that software as an engineering disciple is fairly young - and it takes time to work out what the "design codes" and such like should be. Other engineering disciplines have had longer, some of them centuries some millenia, longer to do that - and still get it wrong from time to time.
We look back and see icons like Isambard Kingdom Brunel as great engineers. In reality they were "winging it" much like software developers do today. Materials science was in it's infancy, so it was largely "guess and double it for good measure" in terms of structural designs. After centuries, we now understand (mostly) about strengths of structures, materials, geology, etc., etc., etc,. But we still get it wrong from time to time - look at RAAC (Reinforced Autoclaved Aerated Concrete) for instance, in fact that's a good example of where the people doing the design knew of the limitations (limited design life), but were ignored by others (people using the buildings beyond the known design life).
But I digress a bit. In other engineering disciplines the size fo the project is limited. The most complicated "things" we design and build are things like space vehicles and nuclear submarines - but they pale into insignificant when compared to the complexity of a typical large software project.
Plus, again, most of the disciplines involved are "mature" - we've had a long time to refine design codes and processes, often learning from mistakes. USS Thresher is one of the "don't do this" classics (safety systems and operating procedures were changed substantially after that), as is SL-1 after which design codes for reactors were changed so that it needed withdrawal of several control rods to take it critical.
Unfortunately software is not developing in practices as well as it ought to. I think there are many reasons, but one is the viewpoint that "anyone can write software if they read a book". In most more responsible settings, and especially in safety critical ones, there are design processes laid down so as to improve things - modular design & testing, code structure standards, and so on. But this does cost, and most of us would not buy (for example) consumer devices with code done to that sort of standard.
So we still have the equivalent of engineers "winging it" with dubious design practices - try reading about the Tay Bridge and see if any of it sounds like the sort of things done in software engineering ?
The problem is that people who are not developers do not treat software development as an engineering process, and as such, they go for the cheapest option, rather than acknowledging that doing it properly takes more time and costs more. Sure, you can hire cheap developers to write code fast with no formal design process, tests, or modularity, and it might even work. You'll have no way of verifying it, though, short of extensive integration testing, which, in many cases, because the software crosses boundaries such as asynchronous processing, storage, and database access, are impossible to make comprehensive. In some cases, even unit tests are damn hard to write, and might be more work than the code they are designed to test, for example, tests that use fixtures to cover all edge cases in a database layer might require extensive mocking of test data and enumeration of expected results, whereas the functional part of the code they are testing might be a dozen lines of code or less.
I would hope you'd be asked why you - or your colleagues - were writing such buggy code. The programming community seems to accept it as axiomatic that they will produce terrible code and that the role of a good manager is to give them time to fix their own mistakes. Other industries do not work like that.
So this post tells me you have no experience of a legacy codebase and what that means and also you spend more time looking to blame someone than prioritising the bugfix.
Meanwhile, it seems you haven't familiarised yourself with the Horizon evidence where it was that half the team were unsuitable (management had to replace or allocate work according to their skills) and decisions were taken by management to not address bugs.
Something tells me the projects you are/were involved in aren't going too well?
The only way to 100% avoid bugs is to never write any code. I'd be interested to see your (Ian Johnston) codebase from the last 5 years ^^.
I think part of the problem here is fundamental. To program at least half-decently requires, if not talent per se, at least a certain mindset. There's only a finite number of such people, and not all of them work as programmers by half.
Today we have a higher demand of software that needs to be written than there are people capable of doing it properly.
Even if that wasn't the case, there would still be bugs sometimes.
The main cause of the scandal isn't that there was a bug in Horizon, but how the Post Office went about it.
Not only is a certain mindset required, but so is a clear specification of what the software needs to do, and how it should handle fault conditions. Then enough time should be given to do the job.
I've been in many meetings where the 'management' hadn't a clue what needed to be done, or how much time it would take to define. I even left one company mid-ERP implementation becase 'they' said I had to complete it 5 times faster than the predicted timescale and with 1/10 of the staff required. Yes, of course that system failed, £2M lost and the company folded. (Yes, it was run by an accountant).
"but so is a clear specification of what the software needs to do"
Hasn't this old fashioned stuff been thrown away by the mindset that is "agile"? The idea, so it seems, that it is possible to begin a project with a rough idea of what it will become, but able to change and adapt as the situation dictates...
...and yet somehow be quality code delivered on time and on budget.
When I was writing code (never as professional, hasten to add) if I drew the flow chart beforehand, the only errors in the code were typographical. If I didn't bother with. flow chart I would have much more difficult bugs to sort out, because although I am wonderful*, I am not the greatest genius to walk the Earth since Einstein.
This is unsubstantiated. We don’t know what caused the bugs, bugs can be caused by bad specifications, which come from above the
But even if you’re right and this was a developer mistake, ok, company hires developers who either made a mistake, or are terrible… what’s your point? When discovered, the COMPANY/MANAGERS made the calls to destroy lives, not fix the bugs. What the hell kind of prejudice are you rocking to blame developers for the Horizon shitshow? I suppose you blame war on soldiers?
But even if you’re right and this was a developer mistake, ok, company hires developers who either made a mistake, or are terrible… what’s your point?
That El Reg is full of programmers saying "It's not our fault that we can't do our jobs. It's our managers' fault for not giving us enough time to fix our mistakes." That's a different issue from the behaviour of Fujuitsu management, which was contemptible.
As has been said that "managers" can manage anything lets switch from software bugs to comparably inconvenient machine issues.
Lets say (of course puuuurely fictitional, not that any such company might exist) there is a customer who wants a certain specialised lifting device for a specific purpose delivered on a specific date.
What might happen is that the date passes and the purchased machine doesnt exist. After a considerably inconvenient amount of time, a machine is delivered that cannot do what it should. After another delay and the usual blamegame tournament, additions and modifications are made to the machine, the cost explodes, any timeline decides to commit suicide, the amount of legalese threats and suchlike explodes.
In the end, the machine delivered and remodified is not quite what was purchased, cost a lot more and is a lot more expensive than any party involved ever assumed.
Oh, and i am talking about pure private sector, no government or suchlike (except of course when it comes to H&S and taxes) is involved.
So who is to blame ?
- The customer due to incorrect understanding and/or imprecise communication of his own needs ?
- The guys in the office who despite years and decades of working for the lifting device company somehow did not filter out uncertainties, imprecisions and/or outright irreal bullshyte in the contract and machine definitions ?
- The mechanical construction due to oversight of really obvious information blunders like said imprecisions, lack of definition of all kinds (including measurements, intended purpose of the machine and the functions it must deliver) ?
- The electrical/electronical construction for not clarifying the exact functions/processes/safety standards/ whateverlectrics ?
- The welders for not mystically getting visions that the construction diagrams include false measurements ?
- The painters for not mystically "knowing" thet the colour scheme in the papers cannot be the correct one ?
- The hydraulics and mechanics people who should have known better that to trust the orders and papers they were given as clearly a totally new customer is well known to want it in a specific way ?
- The electricians because they did not adhere to standards and regulations they were never informed of ?
and for the final question: Where in all this mess is the so called "management" happening ?
IMHO it all comes down to the issue of unclear/imprecise/false information that is never checked or corrected, milestones that only exist on paper to make haste, not to be used as checkpoints, no oversight or control, no checks, no corrections, noone to actually manage the project but a chain of seperate instances that cannot and do not question orders or the previous instances.
So they are to blame ?
Or is there someone to blame who actively discouraged any checks,tests, confirmations,correctures, someone whos only intent is to deliver anything regardless of its state so that he/she can say "i made sure we delivered" ?
Again: where is "management" in all this ? How does it prevent such blunders ? Whats it good for if it is unable to actually manage to such extent that everywhere in the production everything goes as smooth and well informed as possible ?
Last words: the described chaos is sadly not as fictitional as it might seem. The absurdity and irreality is hard to belive, i know, and only those who suffered similar "projects" may believe this can happen. But even if you think its pure absurd fiction, where in the descibed mess have you seen "management" ?
Well, if you watch the amazing BBC documentary series about how Claridges Hotel* in London managed a refit, building a 5 storey dungeon (sorry, basement)**, adding two stories on top without actually closing (except for Covid) and you will see them fitting a proper crane into a lift shaft. It was absolutely wonderful. The only complaint I have about the documentary is they did not interview Tracey, the crane driver.
*No, I cannot afford to stay there either, but it is important to know that it is there, and that rich people have somewhere nice to go in London.
**If you want a basement dug out of London Clay, Irish navvies are absolutely the best
Yes, it is a different issue, which is why it’s very strange you chose this article forum to make that complaint. I’m also interested whether you simultaneously hold the view that software quality is generally shit, and if so, whether more time spent developing it would improve that quality.
That El Reg is full of programmers saying "It's not our fault that we can't do our jobs. It's our managers' fault for not giving us enough time to fix our mistakes."
Absolute horsehit.
As a developer, with many years experience, I can assure you that when buggy code is delivered, nine times out of ten, it is because the developer was not given adequate time and resources to do their job properly. This stems from the expectation that we will be able to say how long a job will take before we have done it, and then always be absolutely spot on with that finger-in-the-air guess. Almost by definition, the job we are doing is producing new code, so an estimate on development effort can only ever be an estimate. When we say "that will take about ten days" and then our manager says, "That's too long, the client won't pay for that, I want it done in five", that means that corners get cut. Tests don't get written, programmers put in extra hours to meet unrealistic deadlines and make mistakes.
You wouldn't want to be on a bus driven by someone working 12 hour shifts driving without a break, all the while with their manager sat behind them telling them to drive faster. That dickheads think that this ethic should be applied to developers, and then think it is fine to blame them when they fail only deeply underlines their total unsuitability to be in charge of anyone, ever.
Add to this, that programming is a creative process, akin to a craft, which requires an understanding of requirements, in order to produce software that meets those requirements, If those requirements are vague, or poorly expressed, or, as is all too often the case, partial or contradictory, then they won't be met to the expectations of the person expressing them. Add to this "magical thinking" that goes on from some people where, "make the computer do this thing that I can't be bothered to write requirements for," is the whole of the specification, and quite often we are set up to fail.
If, for example, you were to employ a craftsperson to make a piece of furniture for you, and gave them the only requirement that "it has to have things on top of it", then complain that they deliver you a standard flat-pack Ikea-style table when what you actually wanted was a French 16th century-style walnut desk, that is entirely on you for not expressing your requirements, not getting a written specification, with diagrams, schematics, and agreement on costs. Your bad, not the craft person's.
Then, of course, you get programmers who think they are more competent than they are. Again, the failing here is lack of peer-review, and an expectation that professional development happens organically, when you're not looking, and certainly isn't something that you should be paying for.
Anyway, it's pretty obvious that the failings of Horizon are primarily ones of stupidity, arrogance, and laziness. These failings didn't sit merely with the developers, who, it seems were either incompetent, or motivated somehow to write bad code (I suspect, paid by the line by managers who didn't understand what they were doing, hence overly verbose code); they were deeper organisational failings, not only within Fujitsu, and within the Post Office, but almost certainly, within those in government responsible for initiating, overseeing, and reviewing the overall project. Blame should be aimed at everyone who didn't do their job.
"The developers created the bugs. The IT world really needs to stop blaming managers and clients for its endemic inability to produce secure and effective software."
You don't seem to understand how software development works.
Programmers that don't get paid to do their work, don't get to eat. So the onus is on the ones paying them to get things done.
Whats this "responsibility" you speak of ?
If anyone in production sees a mistake and reports it, if anyone in production sees an issue and reports it, then isnt allowed to fix it who is to blame ?
With no intent of insulting you but your current texts seem to be a bit too manager friendly and reality averse.
Every issue needs time and resources to fix. If you dont get neither, there will be no fix . Except in the few cases where simple correction actually works i have never seen anyone in production not openly reporting issues except in places where management actively discourages such reports and corrections and is solely fixated on timeline, ego issues and nothing else.
I have personally experienced way too many of such "managers" in my working environment, not even listening when you give them a printout of the real applicable standards of "their" project. With the applicable parts lit up with luminous marker and an additional written explanation in dummyspeech. They wont listen, they wont accept the necessity of any fix and they WILL make sure the printouts vanish as soon as the brown stuff hits the air moving thingy and suddenly its all your fault because you should have known and never said anything.
A decent professional developer will check their own work before they announce "this module is written". Such check take time, and as already mentioned, often they will not be allowed that time. The next stage is unit testing - where someone independent of the person/people who wrote the code will write a test specification (and usually a test module) that will exercise the code module based on the specification of what it is supposed to do - again this takes time and is often one of the things "managers" demand be cut back on to save cost. And so it goes, with units being put together (like building something with Lego) to make larger chunks, and tests designed to test those larger chunks.
And designing tests is another, different, skill to writing code - but often not something given any thought when "anyone" is thrown at the task.
So not a profession, then, because no responsibility to check their own work. It's very clear how the Horizon software came to be so bad.
If you read the evidence you would see there were no processes in place for unit testing, QA, or CAT. Is that the developers' fault too?
It's not developers who gather requirements (or should not be) - that is essentially marking your own homework. That too many organisations fail to see the need for adequate project management, and business analysts is not the fault of developers. Claiming as much is exactly the sort of buck passing that you are alluding to that needs to stop.
Requirements first. Full, written, specifications of what the system must do, and all constraints (i.e. what it must not do). Failure to plan is planning to fail.
You have never worked in a paid role before.
Developers are welcome to make all the fuss they want about having excellent tests coverage, thinking about edge cases and ensuring that system is robust, but as long as the happy path passes the demo - ship it. And if you are a grumbly old fuck who keeps mentioning that we are running into a silent data corruption issues in a BANK (something I am living through right now, 2 weeks to go) - well, there's no immediate problem, there's no return on investment and there's no way to put it on the critical path without threatening "return of investment".
I have the luxury to step out of it and hope I'll get a good role next. But there's about 2bn euros that are ripe for picking in the fencing account.
As much as engineering works to achieve great things incentives in the company culture are far more important. Ship it? You have a time bomb on your hands you'll hide. Sofware engineering has little to do with engineering excellence, but all about managing incentives of all parties involved.
Local vs global maxima. Not quite the question I'll ask in my interviews, but fucking freaking important one.
You have never worked in a paid role before.
Yes, because I am in the fortunate position of not requiring food or housing, so having no need of an income, I don't have to work for money. Would you like to come and visit me in the magical land of the Fae?
I have been working as a professional software developer for over two decades, all the time being paid for it. If there aren't proper requirements for the work, it doesn't get done. If I have to gather those requirements, I make damn sure that, once they have been written down, the person stating them signs off on them. I also make it clear that my role is not one of a business analyst, and I do not possess the skill set that would allow me to do this job effectively, in terms of time taken, and costs.
I also have very strong opinions about "golden path" programmers. If your code falls over the second it is given arguments that are out of the ordinary, then you have not fulfilled the requirements. If you have not defined the parameters under which your code should function, and not enforced them, then you are also not doing your job. You wouldn't accept that attitude from a mechanic working on your car.
"If there aren't proper requirements for the work, it doesn't get done."
And that is fine of you are working for yourself or are in a position too enforce that, but suppose you happen to be a software developer working for a company, let's call then 'Shit-isSu', and part of your job is to write a module to do X, except that X is poorly defined, you do the best you can, but explain to your immediate managers that this routine is fine except I don't know all the detail about where it will be used and in what circumstances, there may be some edge cases where not may well produce incorrect results and needs more testing.
Ok, fair enough, that's the way it works, you don't ever get any feedback but find yourself moved on to some other project. Later on you find that your code, unaltered' has been merged in to the 'finished' product, and because of the aforementioned, but never disclosed, 'issues',* some poor souls spend time in prison.
Are 'you' Mr. programmer at fault here, or is it your manager, and his/her manger, all the way up the chain?
* except you did disclose them, but some bean-counting manager ignored it, got to think of the bottom line, no?
Well, in my role, I will typically know how any new code fits into the "whole". Small "modules" specified without any context (usually shipped off to cheap devs in India) must define all inputs or outputs, or they won't do the work.
If the end users of the software use it in a way beyond what it was specified for, the response of the business would typically be, "it wasn't designed to do that, would you like to pay us some money to change it so it does do that?"
Problems only arise when the salespeople tell prospective clients that the software does things it doesn't, we find out at the last minute about such promises and have to drop all the well-organised and specified work to run around like headless chickens hacking together a solution so that we don't get sued. When this happens, I always make damn sure that everyone knows that this is the case, and that when the shit inevitably hits the fan, it is documented that I am not at fault. Anyone who doesn’t cover their arse in this way is hopelessly naïve. The fact that this seems to happen on a semi-regular basis indicates a trade-off that has been made at a level above my head, and those people are the ones who are culpable if something goes wrong.
Now, of course there are bad programmers - usually those who have never heard of encapsulation or SOLID, and who write blocks of monolithic code with no division of responsibilities. It looks like Fujitsu were in the habit of hiring such programmers. It is incumbent on the employer to make sure that they hire someone suitably qualified or experienced, and to ensure that they are doing their job properly. If they didn't issue coding guidelines, they were at fault. If they did, and they weren't followed, and the code still went into the product, then the obvious question is why the code was not reviewed, or if it was, why it passed that review. If the coding standards were so lax, or absent, that no checks were made on code going into production on a flagship multi-million-pound piece of software, that is very definitely a management failure. To make another pointless car analogy, if a mechanic builds a car out of cheese, it's not the fault of the cheese when it falls apart.
I think that last sentence should say the problem isn't with just the developers. You could even say that the developers are probably least at fault here, but they did ultimately create the broken system. Being on the other side of the Atlantic, if not for El Reg occasionally covering this and my skimming a couple of the pieces on it, I probably wouldn't even know it was happening, but as I recall one of the issues is that they could alter audit trail entries after they were created. Then, despite people at the top knowing this wasn't the case, represented it as this immutable and infallible bit of evidence when prosecuting people. So, like 99% of the blame goes elsewhere, but ultimately the developers do have to own up to creating an audit system that was about as secure as a wet paper bag.
Everyone in any job makes mistakes. Someone puts up wallpaper, they will make mistakes. Some get fixed, some are not very visible, and some the customer complains. The difference being a software developer, every mistake will be found. In this project, every mistake is multiplied by ten thousands of post masters, using the software every day for 20 years.
So there will be mistakes. It is unavoidable. Where management failed was what they did about it. In this case, mistakes were just not fixed. Full fault with management.
You just said mistakes are inevitable, but then give the people making those mistakes a free pass. If I'm being pushed to make 50 widgets/day, and that means sometimes I grab the wrong screw or miss a screw, the error is still mine. I am the one who made the mistake. Were there extenuating circumstances? Is the demand of mgmt to make 50 widgets/day unrealistic? Are they going to go ahead and sell those widgets even knowing they have issues? Possibly, but even if they were both true, it still doesn't completely absolve me for making the mistake(s) that I made.
The only time I'd give the devs a free pass here is if they were told to make a simple audit system that didn't have any stringent security requirements, and meanwhile in pitches to customers the sales and mgmt droids were telling customers that it's the Ft. Knox of audit systems in order to get the sale. Otherwise, the best I can do, is something like 99% of the blame going elsewhere. Maybe 99.9%, but it will always be less than 100%.
Again, whoever employs people who don't have the required skills is at fault for employing them. This can't be so hard to understand, surely?
You cant put the blame on the under-qualified who doesn't know he/she has large knowledge gaps, but just gets told to do stuff. It's up to the team leaders to pick this up and do something about it.
UK management culture is so awful. (Which is why so many UK industries keep failing.)
It was cheaper to keep making manual corrections than to fix the software, which is fine, if not as good as writing the code properly in the first place. The bit where loony bosses managed to conclude that data errors were evidence of criminality is the scandal.
I have mentioned here before that what actually appears to have happened is that Fujitsu reported to the PO brass that they were having to correct lots of errors, totaling to some very large sum, and the idiots at the PO managed to conclude that if they stopped correcting the errors, they'd have that much more money. Everything else followed: lots of lower-level PO employees were given directions on that basis, and had no idea that the errors existed.
I disagree (but no downvote from me). I expect it would have definitely been cheaper in the long run to rewrite the code, but in the short term it was politically better to pretend the issue did not exist, and have secret admins correcting the financial errors introduced by the system without the knowledge of the users, and often without trace / audit trail (although how the secret admin's managers ensured that each sub-post office system was only corrected by one person would be interesting to know, maybe that will come out in the inquiry later).
The real question is why Fujitsu seems to have not bothered to rewrite the code at all for over a decade when they must have been spending millions on out of hours corrections.
"It was cheaper to keep making manual corrections than to fix the software, which is fine"
Upvote from me, but that's not "fine" at all. That's extremely "not fine". The culture of not doing things right is a very bad one, eventually leading to very bad things.
UK is good at this. Dump sewage. Sh*t insulation of houses. Sell our gas reserves. Start massive vanity projects with little planning. Brexit. The list goes on.
You've never worked for services companies have you? Ha ha!
I worked at a well known services company and I was "caught" offering to tune a single, simple SQL query, just 5 mins of my time. I got a verbal dressing down, told that's not in the contract and if the client wants that done then they must request it thorugh the account manager, it will be priced and charged appropriately, it's not my decision to make a client's IT systems work better unless we're gettig paid to do so! No surprise I left after 6 months, everyone I worked with was terrified of touching anything without written permission, they wouldn't do anything or learn anything at all even for their own edificaiton. It was soul destroying.
I'm not gung-ho lunatic just playing at IT but most places appreciate a little extra effort just to keep the wheels greased, but not services companies. You are f**king mindless drone, you will do exactly what you're told ( what the client has paid for, nothing more! ) then if anything goes wrong it's not yours, your manager's or your manager's manager's fault, everyone is guilt free squeky clean. I did learn one thing, never work for, with or buy services from services companies!
Keep jabbing the finger at the sore until someone decides to fix things - and not just the code.
This kind of conversation is needed at a global level. Why do private companies like Fujitsu or Capita never seem to be held accountable for their shambolic performance ?
Why do they continue getting awarded new contracts ?
Yes, I know Fujitsu has declared not answering tenders until this matter is resolved, but that does not change the fact that, if it hadn't made this decision, somebody would have awarded Fujitsu a new contract. Who is that somebody and why is that person not under fire for continually awarding gobs of money to companies that do not actually provide a good service ?
I really do hope that public opinion is, for once, going to sit up and take notice, and demand action from the elected gobshites that surf as far away from trouble as they can.
Your hard-earned money is being wasted and the people in power don't care. It is high time you remind them that they work for you.
I used to work for Civica. They were OK, but the systems they had were largely created by companies that Civica had bought out. This meant quality was dependent on the original companies and integration was none existent or at best an afterthought.
Then they purchased an Indian software house and started shipping new development over there. Quality from there was not good.
Finally, Civica were purchased by a private equity company and costs were squeezed hard.
Last I heard was that over the last 12 months or so there have been multiple rounds of redundancies in the UK across multiple areas.
Working for Civica, and having survived two rounds of redundancies in the last year, the company has now been bought by BlackRock. One of two things will now happen, things will improve as inward investment happens, or I get a redundancy payout after the next statutory period of no redundancies expires.
I have to say, this is the first time that I have seen my employer mentioned in the comments here. This is a little surprising, as they have a lot of fingers in a lot of pies.
AC for obvious reasons.
Anyone involved in bidding for government work will know the answer - it involves long, complex RFIs demanding lots of meaningless tick-box qualifications, statements about DEI practices, etc. so that only large players can afford to bid, and smaller (often cheaper and more competent) organisations are effectively blocked. In the end, it's too often a choice between Fujitsu or Capita. And this applies far more widely than just IT projects.
Maybe if those smaller organizations had invested in and developed their own permanent talent instead of reying on hiring contractors then they would have grown expert/competent/lautonomous/profitable enough to have been able to compete. How can you imply that they are more competent if they rely on contractors for that competency and then lose it because IR35 legislation changes?
Full disclosure - I'm a contractor.
If you are a smaller outfit, you have more need for contractors than the big outfits.
As a big outfit, you win some contracts, some expire - but in the big scheme of things you can manage by moving bums to different seats. In a smaller outfit, if you win a big contract you need extra bums on seats fairly quickly, and probably in the run up to getting that contract (i.e the tendering process) you will have needed skills that you don't have a steady need for. So you will be reliant on short time "buy in" of skills that you know you won't need later, and short term buy in of skills that you know you will need but will take time to recruit.
So it makes a lot of sense to keep a core team appropriate to your "base load" of work, and hire in contractors to cover the peaks. And if IR35 has severely dented that model, then it's given a further advantage to those who are big enough to not need the flexibility of hiring skills as and when required.
Absolutely correct.
The complexity of some tenders beggars belief, it's practically a specialism in itself just responding to them. The level of absolutely pointless garbage required just to qualify to tender is equally ludicrous, it would not be the first tender document I've reviewed and decided to walk away from simply because completing the tender was such an onerous & time consuming process it simply wasn't worth our while to do it, despite being fully qualified and capable of doing the work.
The process itself is clearly designed to favour large-scale bidders who can absorb the unproductive cost of completing the tender process, a cost which is, of course, recovered tenfold in the ultimate cost of the contract. Since only the large corporates can afford to bid there's literally no competition to keep those costs in check.
Jobs for the boys... how are are they going to be able to pay for those 'donations' ?
Here in the Colonies, we have a similar problem, albeit 51 times as widespread. Government contracting is not at all like private industry work. There is this idiotic idea that the "low bid" is the one to take; if a higher bidder is awarded, a lower bidder can tie up the project for years protesting. So the RFP has to be extremely detailed, and cover for all of the "known unknowns", meaning a lot of repetitive work just to be sure that the one case needed gets done. So it ends up costing far more than it should. Low bids are very expensive! But with all of the contractual rigamarole, most companies simply don't bother. So instead there is an industry of "Beltway bandits" who do almost nothing but government work, and usually do it badly. Each state, of course, has its won similar rules, and its own approved contractor list, while the best potential contractors wouldn't qualify, or wouldn't bother to try getting on the list. A lot of this goes back to the "Good Government" movement of the early XX, which was supposed to root out corruption, but merely moved it from blue collar to white collar and on a larger scale.
Well tell their Business Development Managers to fuck off. RFPs are often drafted on the advice of these consultants -- after all they are not the easiest documents to write. The consultants will naturally promote the strengths of their own companies. If you want it to be done properly make sure that whoever helps to draft the documents have no skin in the game when tenders are received.
I mean all the large companies do this. It's standard practice. BDMs are often permanently assigned to such organisations because they are so influential in generating new business. That's how the process works.
"Your hard-earned money is being wasted and the people in power don't care. It is high time you remind them that they work for you."
Except they don't work for me, or you, or any of us proles. MPs live on a gravy train, they get a fabulous salary even as a backbencher doing next to nothing, exceptionally generous pensions and pay offs, plus whatever they can snaffle from the bottomless trough of expenses, "fact finding trips" and the like. I routinely see the House of Commons looking quite exceptionally empty, maybe I could check on my MP's attendance? No, the ghastly, toffee nosed Jacob Rees Mogg arranged for MP's attendance data to be deleted.
We can demand action as much as we like, all we'll get back is a letter full of waffle drafted by an intern. And anybody hoping for change through the ballot box is going to be exceptionally disappointed after the next election.
> MPs live on a gravy train, they get a fabulous salary
MPs don’t get “fabulous salaries”. I spend 80% of my time at work actually coding and I am paid better than MPs. They have an awful job that I would never want to do. And many of them today are not sure they have a job at the end of this year.
This envy towards politicians is just stupid.
Pretty well any employer who requires you to work in two geographically separated places will cover the costs of that - otherwise they'd simply not get people to do the work. If my employer needs me to go [somewhere] for a business reason (which in my job can be several days at a time), they pay my travel, pay for a hotel, and pay reasonable expenses - if they don't, I don't go (and none of my colleagues will either), and the job won't get done.
If you actually think about what some people seem to be wanting, the only people who would consider standing as an MP would be those "of independent financial means" who could afford to keep a pad in London at their own expense, and pay for weekly travel back and forth. Do you really want a government formed only by "rich people" because you've excluded any "ordinary people" ?
Also, please remember that we only really see/hear about the few at the top - those that have toed the party line and climbed the greasy pole. We don't tend to see/hear much of the ordinary back benchers, most of whom I think are a bit more down to earth and prepared to do what they believe is best for their constituency and the country (which isn't going to let them climb the greasy pole as it will often not tie with party directions).
The now Lord Arbuthnot comes out pretty well from the ITV series, and the late Sir David Amess who was murdered in his constituency office seems to have been decent chap. Both of them Tories too. Glenda Jackson (Labour) also seems to be well-liked. But, as is often the case the diligent, hardworking getting the 'little things' done people with no ambition other than to actually serve their constituents well often get ignored.
"continually awarding gobs of money to companies that do not actually provide a good service ?"
More to the point, why is it silly money sent to clearly deficient companies instead of, say, making an open specification, finding people to work on it, and putting the code in GitHub... that way there's transparency, an impetus to do the job properly, and nobody is beholden to one big corp that can ask what they want for the support and change the definitions as it suits them (look at Oracle, for example).
>More to the point, why is it silly money sent to clearly deficient companies instead of, say, making an open specification, finding people to work on it, and putting the code in GitHub... that way there's transparency, an impetus to do the job properly, and nobody is beholden to one big corp that can ask what they want for the support and change the definitions as it suits them (look at Oracle, for example).
Wouldn't putting the source code for government IT projects in GitHub just make it all the easier for our "friends" with the black hats to find the security flaws and exploit them?
Wouldn't putting the source code for government IT projects in GitHub just make it all the easier for our "friends" with the black hats to find the security flaws and exploit them?
That may or may not be the case, but either way GDS policy is that all code, with some exceptions, should be made available. I think all the reasoning for this is that we are paying for it, so it should be publicly available for reuse if appropriate. Exceptions would be, areas where security could be implicated or services supported. For example, while the MOT service code is available to anyone to peruse with the bit that allows you to calculate certain validators for the MOT certificate is deliberately withheld. GDS guidelines here - https://www.gov.uk/service-manual/technology/making-source-code-open-and-reusable
In a lot of cases, it probably doesn't make an awful lot of sense. For example, why would you want a copy of the source code for the MOT service? Other things, for example integration with payment services or SMS messaging services, may be of use to somebody depending on what they're doing.
Also, why do each Council need a bespoke system?
The Councils must follow the same set of Government rules - these are the Specifications.
So, all they really do is decide on the budgets for the service areas and who gets which contracts - these are the Parameter Data Items.
It should be easy to produce one set of code to the specifications, with the local decision making in the PDI.
No, each Council wants to spend your hard earned on their own little pet project! (See Birmingham CC)
I certainly hold no candle for GitHub, but find no fault in the idea of making the contractor open-source the code.
After all, the Post Office owns the IP*, and is (or was) an agency of government, i.e. us.
If I knew that my code was available for anyone to view you can be sure that I would take care that it would be as good as I could make it. Or, at least, not total crap. This is the real bonus of open-source, far more important than the "many eyes" thing.
-A.
*If they don't then their lawyers need sacking.
The answer is really very simple: no-one who's any good at this stuff wants to work for clients who will bugger them around, and no-one buggers you around like governments. So, there's a special ecosystem in which only the people who will work for the government only work for the government.
I really do hope that public opinion is, for once, going to sit up and take notice,
Er, we've had quite bit of wind recently (and some lovely pictures of waves). Oh, and it's going to rain quite hard tomorrow. Post Office? Well, what are they going to do about all this flooding? ...
Why Paula Vennels, plus the rest of the PO board and the Fujitsu board of the time and since, haven't already been prosecuted and imprisoned for perverting the course of justice fraud, perjury, misconduct in public office, false accounting, libel, false imprisonment. Add, as a special for Paula Vennels: answering to her chosen deity for bearing false witness.
All the above and add returning any and all financial reward they have received individually and collectively in cash or in kind whilst in the positions they held, and since, and have that distributed to all those who suffered at their deceitful. lying hands.
Then substantial fines and or sequestration of their assets.
To say I'm pissed off having to still use the post office for some services I can't shift elsewhere is an understatement.
Why Paula Vennels, plus the rest of the PO board and the Fujitsu board of the time and since, haven't already been prosecuted and imprisoned for perverting the course of justice fraud, perjury, misconduct in public office, false accounting, libel, false imprisonment.
Because they are - comparatively - rich. Wilhoit's Law applies: "Conservatism consists of exactly one proposition, to wit: There must be in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect."
Because they are - comparatively - rich. Wilhoit's Law applies: "Conservatism consists of exactly one proposition, to wit: There must be in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect."
Whilst I'd agree that's true of the Conservative party, you may wish to recognise that the system was botched on Labour's watch, that concerns were ignored so that Mandelson and Blair could be placated, that Blair himself ignored one of his own advisors who warned that the system was flawed, and 525 postmasters were prosecuted whilst Labour were in power.
https://www.wsws.org/en/articles/2024/01/09/qsux-j09.html
There's been a long enough timeframe that all political parties have been dragged into it in some way.
It's all very well pointing at politicians, but I'm struggling to put either them or Fujitsu as first in line for blame. Bugs happen (even though these were particularly egregious) and and weak political oversight is situation normal in the UK. But to me it seems like the vast majority of the harm was done by the continued prosecutions by the Post Office long after they had been directly informed - externally and presumably internally - that these were unsound.
"Conservatism" only had a capital because it started the sentence. Our legal system is innately and overwhelmingly small-c conservative, whoever is in power. That's why it gives the Post Office powers to prosecute, accepts their own commercial partners as expert witnesses, believes everything they say without question and gaols the victims.
Because a modern western prison is a form of welfare. What else would you do with all these otherwise unemployable high-earners?
Rather a question should be asked about how money stops being the medium of information about competence in a welfare and redistribution society.
When was money a medium of information about competence? Money is a proxy for value, and strongly related to the concept of ownership. As a result of being able to transfer ownership, and own land, you immediately lose the competence argument. Both of these concepts have existed before money was invented (multiple times).
Money is a proxy for trade of value, nothing else. The only idiots who tried to say it had anything to do with competence were those who already had money, and were incompetent, and trying to justify why they had so much.
Also, what value does such a medium provide? You’re saying “if only we abolished welfare, so we knew who the competent people were by way of their wealth, so we could short cut actually thinking about who should win the contract and just give the contract to these rich guys as they are by definition competent”? How is that different to now? Haaa
"Why Paula Vennels, plus the rest of the PO board and the Fujitsu board of the time and since, haven't already been prosecuted and imprisoned for perverting the course of justice fraud, perjury, misconduct in public office, false accounting, libel, false imprisonment."
The enquiry has shielded them. It was set up to come first, before any prosecutions of possible witnesses. It started in 2020 and is still scheduled to run at least well into 2024. If you look at the history of this you'll find that witnesses have been delayed because of delays in finding documents or delayed because a whole lot of evidence turned up just before they were due to be called so had to be put back whilst that was considered. Surprisingly some of this "newly discovered" delaying evidence turned out to be duplicates of documents already in evidence.
It would be good to think that once the enquiry is finally disposed of (and I doubt the same tactics can be continued now they've got public attention) that these delays will be investigated as obstructions of justice. Somehow, I doubt they will.
Sir Wyn Williams, Chair of the Inquiry, has already put the PO pull any more discovery (production of documents) shenanigans then he'll sanction them go the extent of the Inquiries' powers.
Which, given it's a Judicial Inquiry, rather than a Statutory one, are considerable.
Witnesses are legally compelled to give evidence and sworn in on oath.
Vennells is yet to be dragged in but it'll happen in the next stage (there's six stages, looking at it from different angles, with Stage 4 just coming to an end).
Seems like it's taking a long time but the Inquiry is forensically picking over every detail, turning over every rock, to see what crawls out.
The police are already conducfing preliminary enquiries but it wouldn't make sense for them to do too much yet, while the Inquiry is still bringing the evidence to light.
The PO can run but it's, and Ms Vennells', hiding days are over.
Under normal circumstances you'd be right.
However, ITV have rather put a spanner in the works of the "drag it out forever until everyone who remembers is dead" process.
Vennels is clearly desperately trying to "manage" the public outcry - hence attempting to hand back the gong.
Indeed. I just did searches for 'Horizon', 'Post Office' and 'Fujitsu' on the homepages of the Grauniad, Mail, Torygraph, and BBC. Only the BBC gave a result:
https://www.bbc.co.uk/news/live/uk-politics-68061662
The media work on a 'news cycle' that pushes stories off the front pages after about 10 days, and this story is no different.
Private Eye and Computer Weekly have longer memories and won't let this go away, but the mainstream media have lost interest already and the general public will too.
As others have said, while it's patently clear that "sh*t was going on", it's not completely clear who knew what and when - that's one of the things the enquiry is supposed to figure out. A criminal conviction needs a high level of evidence - "beyond reasonable doubt" - and that means you need a meticulous investigation to gather the evidence. Go into a court room and argue "it's clear she's a bad un" and you won't get far before the judge throws you out.
The Met have already said they have opened investigations for a number of potential criminal activities, but it makes sense for them to wait for the evidence that will come out of the enquiry - eventually.
I strongly suspect that there are quite a few people getting a bit nervous now the truth is getting out - and the evidence that could put people away.
>The point of a good morality tale, which is where Horizon has become, is not to say 'Look at the bad people' but 'That could be us."
Hear, hear. Unfortunately, that point gets missed more and more frequently as the "righteous wrath" culture gets ever stronger. Getting mad is the new high. Punishment is its own objective. Cult-like faith in the notion that harsh sentences will deter further miscreants, an effect that has pretty much zero proof of existance.
Actually fixing the underlying cultural problems is a secondary concern at best. Probably because it would involve actual work, changing stuff we've been doing since forever, and who would want that?
Cult-like faith in the notion that harsh sentences will deter further miscreants, an effect that has pretty much zero proof of existance.
Any sentences at all would be a start - that would make people think twice. At the moment the worst decisions imaginable receive gongs.
One said Ms Vennells was being rewarded for taking a tough approach to the scandal in an effort to keep costs down for the Post Office, including refusing to acknowledge wrongdoing towards postmasters.
“This was her reward for bending her conscience and holding the line,” the source told the newspaper.
They will certainly affect its bottom line: the company has said it's not pitching for new public contracts until the inquiry is complete. It may be hard to recover from that.
So kind of them. In reality all their existing contracts should be cancelled and reviewed.
There is such a massive breach of trust, we cannot have any other public services run by this company, given the circumstances, cover ups and so on.
I'd say Fushitesu should get Huawei treatment and be booted out from the country.
Whatever they're doing for whatever department stops, today.
That's not how it works. Government could appoint administrators that could take over the operations (the company would no longer be in control) and continue to run services until a company that could take over could be found.
The other way is to pass legislation that will nationalise the company and bring all operations "in-house".
This will also give a signal to cowboy corporations that their gravy train reached the final station.
This is one of the major problems we have. The government doesn't have any administrators who could take over operations, at least not without making a colossal mess. They've spent the last 25 years outsourcing everything they can get their hands on, and all the skilled technical staff are gone now - or more likely, given how long ago the rot started to set in, no one competent to understand IT at scale was never hired in the first place.
There has been a massive institutional brain drain, where all the in-house expertise that we used to have in the civil service for running complex projects is gone - which is of course a large part of how scandals like this are allowed to take place. There's no one in the government side who's qualified to take a look at the evidence and say "Hey, that looks wrong to me based on my years of experience with this sort of project. Someone get me more details." Everyone involved is pretty much forced to take the lies at face value because they don't know any better.
If we're going to cancel all the contracts of these big tech firms - and I actually think we should - it will first require the re-hiring of entire departments of specialist staff who are capable of understanding what it is that they currently do.
Government can appoint administrators from private sector.
There has been a massive institutional brain drain, where all the in-house expertise that we used to have in the civil service for running complex projects is gone
This is true and sadly have not been investigated yet. Set civil service pay scales below the market and let them backfill shortages from private sector where civil service pay scales don't apply while ensuring certain corporation can get massive profit out of it, then further ensure the money go to "right places" by changing IR35 to limit any left over competition.
it will first require the re-hiring of entire departments of specialist staff who are capable of understanding what it is that they currently do.
That should happen and it would be much cheaper in the long term as you remove massive mark up these big corporations charge.
"Government can appoint administrators from private sector."
From the same pool of employees of large companies you're complaining about. Yes, I know about freelancers, I used to be one. But to un a large project you need a large team which is going to require several levels of management to coordinate it. You can't just put that together from the freelance market ad hoc.
"This is true and sadly have not been investigated yet."
No investigation needed. We know all about it. Those in post would be TUPEd over with their projects and not replaced because they "weren't needed now"
From the same pool of employees of large companies you're complaining about.
No. There are companies beside the usual suspects that specialise in this sort of thing.
But to un a large project you need a large team which is going to require several levels of management to coordinate it. You can't just put that together from the freelance market ad hoc.
Not necessarily. Often large teams are "required" to maximise profit and to justify high cost, but actual work is done by very few people. In terms of small business, it's not necessarily about them bidding for contracts, but about medium sized business losing access to expertise. Without access to talent, they can't effectively bid for those contracts.
We know all about it.
That doesn't mean it shouldn't be formally acknowledged and investigated where exactly this came from who stood to make profit and so on and then charges should follow and asset seizures.
The other way is to pass legislation that will nationalise the company and bring all operations "in-house".
Don't be daft. If Fujitsu are in the frame, so are Crapita, Atos, and all the others snouts in the IT and services trough, not to mention big defence contractors. How do you think financial markets and foreign nations would react to the British government undertaking arbitrary seizures of mostly foreign companies' UK operations?
undertaking arbitrary seizures
Now that's a leap. It would be a seizure (not seizures) and it's far from arbitrary - I suggest you get familiar with Post Office scandal. The other big corporations should distance themselves from the "bad apple" and support this if they want to keep having the snout in the trough (and knowing the consequences of misbehaving).
Wouldn't it be more like the way the government took train franchises on when LNR, Northern, TPE, etc. failed? The government creates a new body to run the project and the staff are TUPEd across.
Although you'd still have the problem that you have the same staff that caused the problem in the first place.
"Wouldn't it be more like the way the government took train franchises on when LNR, Northern, TPE, etc. failed?"
No, those were where the existing contract was up for renewal or extension, and government elected not to extend it (not clear if the incumbents wanted to continue). Absent any obvious private provider able and willing to run the failing service, these operations were transferred to the state owned "operator of last resort". Essentially, just as with energy, it turns out the privatisation model for rail isn't sufficiently robust to address industry challenges in the light of government policy requirements. Bear in mind that all the other operators aren't really private, in the sense that they are not taking any commercial risk: they just launder a huge management fee in return for very little - as failing operator Avanti kindly pointed out recently, in the now famous presentation that had slides titled "Roll up, roll-up get your free money here!" and referred to the government payments as "too good to be true".
"Now that's a leap. It would be a seizure (not seizures) and it's far from arbitrary - I suggest you get familiar with Post Office scandal. The other big corporations should distance themselves from the "bad apple" and support this if they want to keep having the snout in the trough (and knowing the consequences of misbehaving)."
OK, the armed forces have missed all recruitment targets, that's all in Crapita's lap, but you'd say that's no problem? Magistrates courts IT ....oooh, that another Fujtisu mess, Crapita and G4S for the failed offender monitoring project? ESN, years later and Motorola coining it in for their own failure? National Offender Management System, Swanwick, Rural Payments Agency, Defence Information Infrastructure, NHS NPfIT, eborders project......the list of outsourced public sector IT failures goes on and on and on. They'll be projects with the usual suspects failing at the moment, we just don't know it yet - although I'd guess the BEIS Matrix Cluster project is currently flying into the ground at a rate of knots. So suggesting there's one bad apple rather ignores the evidence that all big IT and services providers are pretty crap.
On the specifics of criminality, regardless of the wrongs done on Horizon, you can't tar all of Fujitsu with the same brush, and any retribution is the job of the courts, not government.
This article grossly understates the damage. There were over 900 prosecutions of subpostmasters, but many many more people had their lives damaged or ruined. The Post Office falsely demanded money from many that it never prosecuted and suspicion fell on all the staff in a branch. Families were ruined through the feelings of guilt and shame. Friendships were lost and whole communities were affected. The stress caused suicides and illness. In a few cases the friendships were so strong that the community were brought together but even so the stress caused by the untrustworthy evidence from Horizon and bullying by enforcers was enormous. The current Post Office and Fujitsu organisations need to be replaced with bosses losing their jobs.
"Nobody asked the obvious follow-up - what other systems do you run?"
Actually, BT asked that question of itself. It was called the Argent project, named after a director in charge. I know because I had the job of handling it in the ruin-up to my retirement. It was handled with all the thoroughness of an ISO9000 exercise. As I'd retired by the time it was complete I've no idea of any real changes that resulted.
"the Post Office, had the very unusual power to bring private criminal prosecutions"
Just like Railway Operating Companies (ROCs).
I found this out myself in 2008 when the then South West Trains prosecuted me, initially for fare evasion (two of their staff provided written statements confirming I had my valid season ticket & photocard with me and that it had been checked when requested etc.). Then when I stood up to them and agreed to go to court they changed the summons for an obscure Act from the 1870's about opening a gate! That naturally failed when they apparantly deleted the CCTV evidence - which then confused the court - when I provided it myself.
Having been warned they were not able to provide the CCTV evidence, I went to their system and obtained images myself showing I could not possibly have opened the gate.
What I realised was that they were not following the CPS guidlelines for prosection and I wrote to the then DPP, Kier Starmer, asking to have the case thrown out. He wrote back and advised me of the status of ROCs and that he couldn't help.
I wonder how many of the Post Office's prosecutions would have failed if they had been challenged by Starmer and his team?
Sadly, the organisation that Starmer was in charge of, the CPS, wasn't responsible for bringing those prosecutions. As its name suggests, the CPS brings prosecutions for "The Crown", although it is generally accepted that the "C" actually stands for "Clown".
Private prosecutions, brought by ROCs or the Post Office, are not within the remit of the CPS, and my understanding is that most (but not all) prosecutions sidestepped the CPS in this way. Arguably, those brought by publicly owned bodies, such as the Post Office should have been handed over to the CPS for a charging decision, which many, if not all, would quite likely not have got, due to lack of evidence. I think one of the things to come out of this scandal should be to make the CPS the de facto body for bringing all prosecutions on behalf of publicly owned bodies, and not just on behalf of the police. That is, if they don't starve from the lack of funding and swingeing cuts inflicted by the last 14 years of tory government.
They still hope it will fizzle out. Month or two and nobody is going to remember it and it will be back to business as usual.
Given that all major parties are implicated, there is slim chance anything is going to happen beside some token compensation and quashing convictions.
But why, on flippin’ earth, has it taken this long to become the MEGA story that it always was?
I guess it's like everything else which never breaks through to collective public consciousness.
I am quite surprised the ITV drama has finally succeeded in making the public aware of what many others have known for years, but am of course extremely glad it has.
The real question is how people can remain so ignorant of, or turn a blind eye to, things they really should be aware of, should have an interest in, have an informed opinion upon.
"All it takes for evil to flourish is for good men to stand by and do nothing" - or something like that.
"The real question is how people can remain so ignorant of, or turn a blind eye to, things they really should be aware of, should have an interest in, have an informed opinion upon."
Because they're exhausted.
Just getting through the day gets harder and harder for a lot of people, and worrying about things that haven't impacted on them personally is just too much to deal with on top of all the things that are impacting on them personally. Can I afford my heating bill? What happens if my sick parent dies before they get through the massive NHS waiting list? Are my kids safe at school, or is it one of those ones that might fall down? What if the mortgage rates go up even more and I lose my home?
There comes a point where all the troubles pile up and pile up until the only way of coping is by just turning your back on anything and everything that you don't absolutely have to deal with.
On my more cynical days, I look at our government and do sometimes wonder if this is by design.
> The real question is how people can remain so ignorant of, or turn a blind eye to, things they really
> should be aware of, should have an interest in, have an informed opinion upon.
Because they can? with no apparent bad effects to themselves.
I have been trying to "get something done" about what I believe to be a large scale ongoing breach of data protection law for 10+ years by the Health Service affecting the whole Northern Ireland population and I've been getting nowhere.
I opened 2 complaints with the ICO regarding (a) my GP Practice, a Data Controller, and (b) the central body, a Data Processor, running the IT system and "project" in question. The ICO took more than 2 1/2 years to deal with my complaints and bit-by-bit they whittled down, for various reasons (mainly "we are not going to investigate that aspect", i.e. no actual reason given), the list of complaint points that they would consider investigating until there was practically nothing left. Even when the ICO did decide that on a specific point (the DC failed in their attempt to delete my personal data from the system as the DP said there "was no procedure defined to do so") that both organisations had failed in their Data Protection responsibilities the ICO decided to take no action at all (including not requiring my data to be deleted - it is still on the system).
During the ICO's investigations the central body on *numerous* occasions gave conflicting information to the ICO case officers yet the case officers displayed a lack of interest in this behaviour. The case officers seems unconcerned that the central body initially said there was a Joint Data Controller agreement in place between 350+ orgs, then later said that the Data Sharing Agreement (DSA) had only been signed 4 years after the data sharing started, then admitted that none of the 330+ GP Practices had ever signed the DSA, and then later still admitted that they had no records that some of the other orgs ever signed the DSA, then I obtained via FOI "evidence" of the DSA signatures at which point the central org admitted that even more of the orgs had not signed it, and then more recently the central body confirmed that the DSA had never actually came into effect at all as all parties to it did not sign it. None of this seemed to cause even the slightest interest or concern to the ICO.
The ICO themselves have misled me - they initially said they had no legal powers to investigate the aspects of my complaints that occurred under the previous law (UK DPA 1998), then later when I queried this they then admited they *did* have legal powers but rather that it was ICO *policy* to not investigate matters that occured under the previous law unless it related to criminal offences - when I then pointed out several potential criminal offences covered in my complaints then the ICO once again changed their story and said that they wouldn't investigate matters that occured under the previous law unless it related to criminal offences *and* "sufficient" people had complained about those matters (where "sufficient" obviously meant more than just myself).
This behaviour is what passes for "enforcement" by the likes of ICO, OFCOM, etc...
Too technical for the general media. The tech coverage has zero impact on the public. The Eye would be seen as fringe and probably not worth believing. The key was having an actual case won which not only provided the basis for the drama, it also avoided any risks of it being sub judice or, with the facts established in court, exposed to defamation action from the PO or Fujitsu.
Until now it's been possible for the PO to even drag out the enquiry but I doubt they'll manage to continue that stunt.
I'd say the Australian Robdebt scheme was about as bad, although subject to investigation more quickly. Hands yet to be laid on the shoulders of the perps, however.
There's an interesting parallel here as the first application for Horizon was payments of benefits for the DWP or whatever name it traded under at the time. One of my clients did some work for them. Another freelancer who had rather more dealings with that work than I did summarised them as "not the sharpest knives in the box" which more or less confirmed my own dealings with their predecessors of 3 decades earlier.
Maybe the entire shit-show is en illustration of "start as you mean to go on".
Here's an interesting read, a bit complex, but seems that ICL/Fujitus were shafted by the government, Post Office and DSS over a not-dissimilar sounding system in 1996. I'd guess that led them to the conclusion that there was no point doing any proper work, because the public sector would keep dicking around with the requirements until the project became undeliverable.
https://publications.parliament.uk/pa/cm199899/cmselect/cmtrdind/530/9061409.htm
Another thing that needs looking at is how the PO were able to drag out the public enquiry the way they have. Without the ITV programme it stood every chance of going on indefinitely until nobody involved was left alive or at least mentally competent to give evidence. As it is they've not only managed to postpone getting the convictions overturned and compensation paid, they've also delayed any criminal investigation into either the business or its employees.
See
https://www.postoffice.co.uk/branch-services
for a list of services available from the Post Office. The main PO in Reading has a photo booth for taking identity / passport / driving licence images. They can also certify a copy of an official document. When I was registering for lasting power of attorney the solicitor needed certified copies of various documents, I got them certified at the Post Office.
The post office is not unique in using Private Prosecutions and has no special powers to do so, (in spite of its origin as being one of the earliest Investigations function.
The difference for the PO was that the Legal system was *accustomed* to them doing so *at scale*, some of the usual scepticism that maybe another private company would get was missing.
(as repeated fairly often) is that its not the fault of the developers of horizons if the system is full of reported bugs that they have not had time to deal with
Its the fault of the managers at fushitshow who insisted the system go live, and told the PO that "Yupp it will go live on April 1st 1999" even though they had memos and emails to the effect that horizons was not ready to go live.(this was done to protect fushitshow from having any 'late delevery' deductions to their contract.
Then the PO begin noticing the faults and fujshitshow admit that horizons is a bag o'shite, by this time postmasters have already been charged and convicted of theft.
So the PO took the decision not to disclose the fact horizons was shite in order to protect themselves and the PO's reputation.
From there the sorry saga trundled along steam rollering anyone unlucky enough to have horizons burp on them.
All to protect fushitshow and the PO and the managers who made the crappy decisions instead of the correct ones (explain again why managers get huge rewards for screwing up when us mere mortals would be out on our arses?)
And Vennals could have earned her CBE by standing up when she got the job and saying "Horizons is a shite show" and admitted the PO screwed up.
Probably as no-one was actually looking at the call logs or recording the fact that they were all reporting the same thing. Without this data being collected and passed up the chain the higher ups will sit in blissful ignorance.
I worked at a company where one of our big customers knew the CTOs mobile number. The customer was getting the runaround from service about an issue so called the CTO, who promptly went f-ing ballistic at engineering as to how this problem had not been fixed. He got even more irate when we collectively said 'this is news to us!'.
After doing some prodding of various people it came to light that this was actually a well known and long standing problem, several customers have it and quite simply no-one in service had bothered to tell anyone else.
Whilst this sounds like a plausible explanation, it also doesn't ring true, if, as is alleged, all the victims were told "you are the only one this is happening to." This implies a call centre script including those words, which, at the very least, implies knowledge of the underlying problems by the person who authored that script. The same person who probably thought, "ignorance of the problem sounds like a plausible explanation, nobody will question it."
Horizon was originally $hat out by a British company - ICL.
It was only later that Fujitsu came onto the scene, bought it and renamed it Fujitsu Services.
The point in saying this is that it's not some anonymous developers in a Japanese company the other side of the planet who did this.
This whole thing is entirely home grown, "Made in the UK".
Point I'm making is no foreign nationals involved - everyone single person guilty is British - and easily arrestable.
That's not true at all, Fujitsu bought 80% of ICL in 1990, long before the Horizon contract was signed (in 1996). At that point Fujitsu were essentially the European arm of Fujitsu.
In 1998 Fujitsu purchased the other 20%, Horizon didn't a Post Office counter until November 1999. In 2002, ICL was officially rebranded Fujitsu.
Instead of being like Donald Trump and denying everything, if Fujitsu and the Post Office would have worked together properly, swallowed their pride, and said, "We are aware of a number of issues. We will look into them, and work with you".
None of this would have happened.
Listening to the enquiry and the tit that was a manger of a team of "technical people" and in security it seemed, knew fuck all about anything technical so most of his answers were along the lines of:
"I wasn't involved with that. I just went off the data Dave gave me"
Yes but you are the manager of that team.
"Yes but I still just go off the data Dave and Sue give me. They are the technical people"
This guy Peter Sewell
https://youtu.be/wKN0JHkrW8g?si=lesmBXC_C-pHXPZ5
> The law was changed in the late 90's that changed that made computer created evidence infallible
You misunderstand that law.
The law says the computer system results should be trusted unless there is evidence they should not. There was evidence, but Fijitsu people (including their software architect who should have known better) testified that the system should be trusted.
The law exists to prevent lawyers trying to derail trials by claiming you have to prove your calculator does sums correctly.
I used to work as a Field Application Engineer for a large silicon chip supplier. Working in the pressure of the sales office it was common to have a big boss explode because of a customer issue that could only be caused by incompetence on the part of someone. My job would to resolve the problems during which I never once detected any incompetence, just intelligent people making good decisions based of the information they had available to them.
I bet that at the end of the inquiry no one is found to be at fault.
The main problem is not that they made mistakes, is that they knew mistakes were made and hid them and lied about them later on to save face (for decades).
But you are probably right the judge will say no one is at fault "personally", because is the UK justice system.
Is it just me or has anyone else noticed that nobody in the inquiry team seems to have any IT experience.
I say this because were I advising the inquiry I would be tabling some obvious questions.
What were your testing procedures?
Can we see the results of your system test?
What were your bug tracking procedures?
Which bug tracking software did you use?
Can we have the logs from the bug tracking system?
The answers to the last two questions (or failure to answer ) should provide the “smoking gun”.
This is what happens with official inquiries. For example, the UK's Covid inquiry is run by lawyers and a judge, no scientists or medics are on the panel. it seems that lawyers consider themselves to be 'the best' at asking questions. My issue is that they have succeeded in an adversarial system, whereas what is really needed is an inquisitive approach ('inquiry'). Scientists are skilled at finding out reality.
The Challenger disaster was a case in point. It was Richard Feynman the physicist who found out what went wrong and why, not the lawyers, politicians, or even Neil Armstrong (remember him?). And he had the courage to put in his minority report saying what he found.
The purpose of any inquiry in the UK is to give the plebs the impression that something is being investigated and will be done, without actually holding anyone who matters to account, however inept, stupid or guilty they might be.
Just look at the multitude of inquiries into for example racism in the Metropolitan Police. Every one finds that there is racism, misogyny, homophobia, and recommends significant changes, but only superficial things are done.
Having someone competent inquiring into a disaster risks putting the truth out there, and important rich people being held to account for their greed, lack of ability, and arrogance. And the establishment cannot possibly have that.
Feynman finished his report with the most eloquent demolition of political involvement in science ever:
"For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled."
This inquiry has been going on for quite a while already. Phase 2 (18 October to 2 December 2022) was all about the system itself, with an expert witness instructed by the inquiry who talks about all these things and goes into bug and error logging processes. Their testimony and report are freely available on the Inquiry website.
I was on the jury of a trial some time ago. The prosecution entered some emails into evidence "proving" communication at some "time of day". I had to point out to the judge that the times on the emails were PDT not, as they were alleging, GMT. The defence barrister had not picked up on this, either.
"Fujitsu is a once in a generation opportunity to start those conversations"
Not happening. Certainly not under the Tories.
Transparency is the enemy of the crony system.
Sure, Fujitsu may get ostracised, rightfully so. But nothing else much will change.
What will happen is that those damaged will be paid off with what is peanuts, relatively.
Sweeping things under the carpet is utterly ingrained in our society,
Perhaps I'm relying too much on what was said during the ITV drama here, but it seems:
1. The ability of someone in Fujitsu to patch the data with no checks and balances means the Horizon Accounting system did not use "double entry bookkeeping". If it had, every patch of a number in one account would require a matching patch in another.
2. Horizon was by design unable to supply subpostmasters with a log of the transactions they had performed that day, thus preventing them from being able to find errors.
If true these are powerful reasons for the problems for they would prevent meaningful acceptance or system testing from taking place and allow major bugs to go unnoticed.
And would indicate monumental arrogance and incompetence by the architects in the Post Office and Fujitsu.
2. Horizon was by design unable to supply subpostmasters with a log of the transactions they had performed that day, thus preventing them from being able to find errors.
That seems like a pretty basic feature for anyone handling cash all day long.
If the system was deliberately designed like this, it effectively prevented the accused from raising evidence in their own defence.
OK, so the article makes some good points, but it is unfair to assume from the management of the security of the Prestel system, where HRH Duke of Edinburgh actually had his password on his login screen, allowing it to be hacked in real time when displayed on the BBC's 'Tomorrow's World' TV programme was the same level as that of other, more important and actually more secure systems. I worked for BT for over a decade and some of our systems were actually quite secure, and passed independent certifications to both ISO 27001 and Check technical security assessments.
No, there's nothing unusual to it. Everybody has the power to bring a private criminal prosecution.
You used to just have to pop into the nearest magistrates court and 'swear out an information' but nowadays you just toddle along to gov.uk, grab a copy of the form "Application for summons or warrant for arrest for alleged offence under Magistrates’ Courts Act 1980 section 1, CrimPR 7.2(6)", fill it out and submit it to the court. There's a lot more detail to actually conducting a prosecution, but the essential thing is that anyone has the power to bring a private criminal prosecution, perhaps not the expertise to, but certainly the power to.
The issue of Horizon having bugs isn't the central issue. It's why Post Office investigations didn't question that so many Post Masters were suddenly committing fraud after a new system was introduced and just ran with the assumption the company was being defrauded and launched persecution after prosecution (not a typo, since PO mangers have been heard describing at least one former Post Master as a nasty person, despite being exonerated).
I was planning to bring this up when I saw that one person, in all these comments, had seen it too. How was it that no one noticed that this "crime" came up suddenly, widely spread among people with no relationship to each other? If over 1,000 people who have never had any trouble with the law or serious infractions at work are suddenly brought before the court for the same thing, it really seems like someone would have noticed.
Way back in my IBM days we had a project that needed some coding,
which we outsourced to an offshore partner.
We actually delivered a good project in the end, but discovered some insights into offshoring:
Coders who are distanced from the requirement process often don't understand the ask
They can be very keen and rush to deliver something, but in doing so, made decisions without checking
Many of those decisions were "weird" - i.e. out of context, not understanding the ask, etc., - see above
But with a drive to deliver lots of code fast, lost sight of effectiveness, quality, etc.,
Near the end of the project,we had to pile on lots more local consulting for QA, tighter project management, etc.,
all of which resulted in the cost savings by offshoring not being anywhere near what was expected.
All this suggests that inexperienced offshoring results in unexpected cost & time pressures late in the delivery cycle
... and no wonder code gets shooed out the door to meet deadlines, with quality suffering.
Of course it's the weird edge cases that get missed, and are harder to spot when they arise in production.
It's all down to poor management, who then get poltiical and cover their *sses like crazy when things go wrong.
No wonder it failed. And shame on everyone concerned