I think IT rag
The Register's been covering this since around 2013 or so, not long after I remember reading about it first in
Private Eye (IIRC the same journalist who'd done the pieces for
Computer Weekly) - IT bods there have been having a field day. One of them had been browsing through one of the document dumps which included some of the Horizon source code, here's fun snippet for starters:
Code:
Public Function ReverseSign(d)
If d < 0 Then d = Abs(d)
Else d = d - (d * 2)
End
If ReverseSign = d
End Function
If you've not got a scooby what this is for... you're not far wrong. It's a function designed to turn a number in to a negative number... here we're multiplying the input (let's say 500) by two (to give 1000) and subtracting that from the input (500 - 1000 = -500). But as anyone with a rudimentary understanding of arithmetic will tell you, and as far as I can the "The Right Way to do so, is that you can turn any number in to a negative one simply by multiplying by -1.
forums.theregister.com
Even more egregious is the seeming lack of
atomic transactions and larger
ACID compliance;
An example of an atomic transaction is a monetary transfer from bank account A to account B. It consists of two operations, withdrawing the money from account A and saving it to account B. Performing these operations in an atomic transaction ensures that the database remains in a consistent state, that is, money is neither lost nor created if either of those two operations fails.
Atomic transactions are so absurdly standard in
any database system, especially financial ones, that it's difficult to understand why any system built since the 70s - especially a giant, distributed financial database - might not support them. I don't think it's been proven yet so take my words with a generous helping of sodium chloride, but a great deal of the discrepancies experienced by the sub-postmasters absolutely smack of the system as a whole not being ACID-compliant, with some transactions (or various parts of transactions) occurring more than once, and some transactions seemingly not happening at all.
But that brings us to the most unforgivable technical aspect of this whole farrago - the fact that all the behind-the-scenes changes done by Fujitsu to cover up these discrepancies were seemingly un-audited and appeared to be done under the same credentials as the PO staff. This is so utterly boneheaded as to defy understanding - normally in most institutions great,
great pains are taken to make sure the person or process making the transaction is identifiable. If someone like an IT admin is deliberately impersonating someone else (unlikely to actually be needed in usual practice but might be useful for testing a bug, say) - especially on the live system - there'll be a record of exactly
when they were doing the impersonations, the source address of every user login and every associated transaction, so that it becomes relatively simple to disambiguate transactions done by "User A", versus transactions done by "User B impersonating User A". From the sounds of things, there was no such facility built in to Horizon - the Fujitsu workers appeared to be remotely logged in to the same terminals as the SPMs themselves, and seemingly were able to impersonate them transparently.
This is so amateurish it'd make even a rookie coder* blush, because it's so obviously open to abuse. You could quite easily have a crook turning the wheels at Fujitsu decide to dump £100 a week out of every PO in to a bank account of their choosing if they really wanted to, with little risk of redress. There doesn't seem to have been anything in the system to stop that from happening or, more importantly, any record to show that it ever did happen by anyone other than the PO staff. I do have to wonder if this was just stupidity on the part of the designers/developers, or an expedient managerial decision to make sure that the Fujitsu changes were essentially invisible so they couldn't be pulled up on malfunctions or malfeasance at a later date. For now I'm being charitable and saying the former but, to paraphrase Clarke, sufficiently advanced stupidity is indistinguishable from malice.
* Disclaimer: I'm not a coder myself, I'm a sysadmin; I have a passing knowledge of programming but I wouldn't have the first clue where to start on how to design and write something like Horizon - that's what people with systems engineering and computer science degrees and decades of experience are for. But I have spent most of my career in and around financial systems of one sort of another and have done my fair share of hunting the buggy transaction or finding the audit trail for who did what to what. If I'd have ratcheted my eyebrow up half a millimetre every time I read something about Horizon which came across as "Well, that sounds fucking stupid" my Roger Moore caricature would be visible from low earth orbit.
This XKCD remains particularly apposite, even if it is ostensibly about electronic voting:
Does it really take a docu-drama before government does the right thing these days?
It certainly looks that way doesn't it? I really do think a lot of this is down to the looming general election and the government trying to claw back popularity by any means necessary. Although as many, many others have pointed out, there's been plenty of other disasters that have received docu-drama treatment in the very recent past that still go manifestly ignored. Not that I'm trying to belittle the plight of the sub-postmasters and the utter cuntery of POL/Fujitsu but I think it's largely a measure of perceived distance. Thousands destitute, turfed out on the street, denied access to medical and mental health, unable to pay for food? I'm Alright Jack, and it was probably their own fault anyway - they should just man up and get a job. Hundreds burned to death in some tower? Well they were all in Kensington and therefore rich bastards, who cares. But old Mrs. Goggins from the village shop
wasn't a thief and a cheat and a liar after all? Well, now I feel bad about taking a shit through her letterbox and setting fire to her cat.
www.theguardian.com
