Home Office slams PNC tech team: 'Inadequate testing' of new code contributed to loss of 413,000 records An independent review of a technology failure that led to the loss of 413,000 records of evidence from the UK’s Police National Computer (PNC) has found a lack of reviews and effective testing contributed to the debacle. Although the lost data has all been recovered, according to Kit Malthouse, minister for crime and policing …
'The team introducing the code did not have fully defined business requirements and was not maintaining an accurate record of tests undertaken [...] Meanwhile, there was a failure to "design effective and complete tests..."'
The common (erroneous) interpretation of agile strikes again.
The Agile Manifesto did not recommend not bothering to plan, test, or keep records. That's been added later by those who saw agile merely as an opportunity to save themselves effort.
Completely agreed on Agile, but is it clear what methodologies were used here? The article talks about the team having been there for a long time, so they might not be Agile or indeed have any methodology at all.
So, something without fully defined requirements isn't tested properly? Colour me surprised. But TBF it sounds like they couldn't be arsed testing it anyway and should therefore should be first up against the wall in the subsequent search for scapegoats.
And before people start: this kind of thing isn't restricted to government projects - I've seen plenty of it in the private sector as well...
That contractor “Dave” wrote the script, 10 years ago. It’s been used ever since with appropriate mods over time.
No one looks at it and no one knows in detail what it does but it’s used to achieve the specified goal and has been used monthly for years.
I hate running automation I can’t examine what it does. It’s blind luck every time. Even stuff I’ve crafted myself I need to be sure it does what I need. I like to test it too.
If you want me to blindly run your automation on my change, you should do the change.
> That contractor “Dave” wrote the script, 10 years ago. It’s been used ever since with appropriate mods over time.
PFY: Does that mean it's gone wrong every time and they only just noticed with the last run? And they only restored the deleted data from the last run, not the earlier ones?
BoFH :Sssh!
"TBF it sounds like they couldn't be arsed testing it anyway and should therefore should be first up against the wall in the subsequent search for scapegoats."
Fire them all and chances are that in a few months you'll be rehiring them - on higher salaries, if they've got any sense. Because even if you can get hold of people with the skills at the price the government is willing to pay (ha!) they won't have experience of a bespoke system. And training people up takes time. (And you've just fired anyone who could train them...)
That's why the conclusions seemed to be bring in someone from the outside to challenge them and make sure they follow the processes. (Although one suspects following the processes means they won't meet their targets and work will slow.)
"The team who operate it have worked together over a long period of time. The expertise and closeness of the teams involved in running the PNC increased the risk that their work would be accepted rather than checked by a leadership that were in a poor position to challenge their decision making. The PNC services team has very limited police experience in the team and have limited understanding of how the police operate," the report said.
so because the PNC Services team have no clue about what they are doing its the fault of the experienced team that keep the PNC/PND running on a day to day basis.
this is nothing but a call for more outsourcing by a bunch of wits that know nothing about what they are talking about.
Hogan-Howe would have no clue about the detail of what happened so he got help from an "independent" consultancy group. Whats the betting that that group has deep links with outsourcers.
They have no clue about the hard work that go's on to maintain systems, let alone ageing systems that are hard to replace because the people doing the replacement have no working knowledge of what the system needs to do and why, or they are trying to emulate a bespoke system on an off the shelf replacement.
I interpret it as the skilled team that look after the PNC made a change that they were asked to make, but it was so poorly specified that it didn't do what the requester intended. But because the requester knows the ins-and-outs of how the police operate (rather than how the database operates), they can't be blamed for what's clearly a database problem.
Apparently "affective" is actually a word - e.g. relating to, arising from, or influencing feelings or emotions : emotional.
So perhaps their spell chucker was just fine. It is however hard to imagine why actual "affective testing" might be useful in this context.
The SE700 is (if I recall correctly) the previous generation hardware, in this case configured with only 3 CPUs (well, three activated CPUs). It was introduced I guess about five-ish years ago. There is also a virtualised version running atop an x86 platform (the SU-series), though those seem to have a lower throughput, if memory serves me. Have not looked into the specs for a while...
43-year old system refers to the software, and considering that Fujitsu (used to be Fujitsu-Siemens, and Siemens before that) came out with an updated machine (SE-710) there is a future in having legacy code around - at least for companies selling those computer systems (similar with IBM "mainframes"). Usually the customers are insurance companies, banks, the board of trade, or the government. This makes sense as these were some of the early adaptors. They also still teach people how to write COBOL code...
Nope, not on the market as "fully trained". Talent: yes. Hire them when they are young, train them well in these things. Then watch them leave because those skills are actually in demand (legacy systems, migration projects...).
I know from talking to people working for different companies that there are several projects to move away from legacy systems, with mixed success. One problem is that these systems are mission critical, so there is a high risk involved. The data throughput of (optimized, over decades) programs on this type of system is also better than what those migration project usually achieve, this is the second problem. And, as remarked by @stungthebag, there are not too many around who can work on these systems...
Looks to me like a classic case of second-rate techies having become complacent, and having driven away any really bright people.
Management alone will never solve this unless they appoint and fully support a first class techie. Not quibbling over budgets and procedures, but recognising a good technical plan and giving management support to get the budgets, equipments, and staff.
The job of management will be to fight the stifling effects of public service procedures.
I suspect that removal of records was the easy part, removing only the records that should be removed appears to have been the hard part. Generally wiping stuff is easier than correctly managing wipes or storage, now where did I put my hammers, marked for use on active storage and for use on back-up storage?
The quote "the National Law Enforcement Data Programme (NLEDP), which enables the decommissioning of PNC, is undergoing a fundamental reset" speaks volumes and could be interpreted thus: We've f**ked up the replacement for the PNC database multiple times, wasted huge amounts of public money, and are now reliant on a creaky old system that is largely undocumented and supported by a small team of people with the necessary legacy skills needed to keep supporting this system and we'll hang them out to dry when anything goes wrong.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
