Data cleanser did its job, but – oopsie! – also doubled customers' bills
As the customers lined up with pitchforks and burning brands, the question in the cleanup meeting was 'Who, me?'
Who, Me? Welcome once again, gentle readerfolk, to the comforting haven that is Who, Me? – in which Reg readers share tales that show we're all just human underneath.
This week we are once again joined by semi-regular raconteur "Bernard", who told us a while ago about a prank that he had played on the auditors at his place of work. The Reg does not recommend playing jokes on auditors any more than we recommend annoying spiders or giving your bank details to anyone selling NFTs. It might be fun for a while, but eventually the consequences will become unpleasant.
Anyway, at the end of Bernard's story, we wondered wistfully what might have happened the next time Bernard came under the withering gaze of the auditors. This is that story.
It happened about a year after the jolly jape with the wet PCs, and Bernard had been tasked with modernizing the banking system for the local government authority. You see, banking data was all couriered about by people on motorcycles with sacks full of magnetic tapes. Much could go wrong.
Bernard set up a PC with a dial-up modem and a four-step validation procedure – this is banking you know, and things have to be secure.
Some test data was obtained from the old system and run through the new system. Unfortunately there were some errors, but nothing a whizz like Bernard couldn't overcome with a filter program to ensure that data passed to the system was clean and could be validated.
- A toast to being in the right place at the right time
- Fed up with slammed servers, IT replaced iTunes backups with a cow of a file
- Seriously, boss? You want that stupid password? OK, you get that stupid password
- Rigorous dev courageously lied about exec's NSFW printouts – and survived long enough to quit with dignity
So data came in, went through Bernard's filter into an "interface file" which was then passed on to the PC which directed it to where it needed to go. It either went to the "Creditor" account (for stuff the Council had to pay) or the "Debtor" account (for stuff people needed to pay Council).
Trust us, this excruciating level of detail is necessary.
The first month's banking went through, and all appeared to be well. Everyone was paid, everyone was happy.
In the second month, chaos reigned. While the outgoings were fine, the incomings were causing problems. Residents' payments were effectively double what they should have been and, understandably, this did not make them happy and some were not afraid to say it.
As the torches and pitchforks appeared around the local government authority at which Bernard toiled, auditors asked if he could possibly explain what had gone wrong.
Well, it seemed, his clever filter was catching all of the mistaken data and cleaning it up before passing on to the interface file. But it didn't actually have a procedure to clear itself.
That would obviously have to be fixed, but in the meantime there was an angry mob approaching and Bernard had to convince the banking team (who had only recently been convinced that doing all of this over a modem would be better than doing it with mag tape) to reverse a whole bunch of transactions and pay money out of the Debtor account, which was only supposed to have money going in.
Once the smoke had cleared, a tense meeting with the auditors took place. Bernard argued that his task was to ensure the data in the interface file was valid – not that it was correct. The mainframe team argued that their job was to ensure that the interface file was full – not that it got cleared afterwards.
So whose job was it to ensure that the filter was actually cleared between uses? Everyone's answer seemed to be the same: Who, me?
Eventually Bernard "added a hash-total function to the interface filter and exceeded his authority by instituting a security check procedure to match the sender's hash-total to what was about to be transmitted" which, apparently, fixed things?
Have you ever found yourself creating a problem by fixing a problem and then having to fix more problems ad infinitum? We'd love to hear about it in an email to Who, Me? Tell us and we'll tell the world. ®