Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Coding Flaws Caused Moody's Debt Rating Errors

timothy posted more than 6 years ago | from the uh-oh-spaghettios dept.

Bug 277

An anonymous reader writes "The Financial Times has the story that billions in incorrect AAA ratings given out by Moody's were the result of a coding error in its computer models. 'Internal Moody's documents seen by the FT show that some senior staff within the credit agency knew early in 2007 that products rated the previous year had received top-notch triple A ratings and that, after a computer coding error was corrected, their ratings should have been up to four notches lower.'"

cancel ×

277 comments

Sorry! There are no comments related to the filter you selected.

not err (2, Insightful)

Anonymous Coward | more than 6 years ago | (#23497880)

Cue the onslaught of economists and generally math-illiterate people saying that computer models just can't be trusted. They can, ya morons, just not when they're implemented by penny-a-day visual basic dolts.

Re:not err (5, Informative)

Anonymous Coward | more than 6 years ago | (#23497966)

The problem is that the credit agencies used past data for new types of asset backed securities. While this works with most asset backed securities, the use of CDOs and MBSs caused a perfect storm. They assets they were backed up with were housing values and the AAA ratings they had made them very popular, inflating the housing values. When the housing values took a nosedive, there were no assets to back up these securities.

This isn't a trivial issue. False AAA ratings are what have caused the global credit crunch and mortgage crisis. For those who aren't familiar with a AAA rating, it is considered as good as a US government bond. It is a very hard rating to get and only 8 US companies are rated AAA by all of the credit agencies.

In my opinion, there is a very strong need for regulation of the credit agencies. If they didn't allow for CDOs and MBSs to get AAA ratings, this credit crunch and likely recession wouldn't have occurred.

re: not err (1, Offtopic)

ed.han (444783) | more than 6 years ago | (#23498132)

while i disagree that even more regulation is needed in the financial services industry (SOX, anyone?), i'm worried about the imminent bloodletting as people try to find even safer investment vehicles--and the inevitable billions in lawsuits that will be filed in the coming weeks.

Re:not err (5, Insightful)

jedidiah (1196) | more than 6 years ago | (#23498140)

IOW, they are blaming the coders for generating results that should have
failed even the most basic sanity checking. All of their finance geeks
upon seeing these ratings should have been individually and collectively
scratching their heads.

I'm not sure I buy it really. It just seems like corporate blame deflection.

I dunno. I'm no MBA but I would imagine that the rating of any composite
security should be the lowest rating of the most risky component.

Re:not err (4, Insightful)

Hemogoblin (982564) | more than 6 years ago | (#23498500)

I dunno. I'm no MBA but I would imagine that the rating of any composite
security should be the lowest rating of the most risky component.
That's not correct in general. Many structured products and derivatives have components that cancel each other out. A really silly example is a portfolio that buys a stock and short sells it at the same time, which will net out to nothing (except lost transaction fees). Obviously CDO's and whatever are ridiculously more complicated, but you get the point.

Re:not err (4, Interesting)

Anonymous Coward | more than 6 years ago | (#23498514)

It looks like the problem is that these investment vehicles are really hard to understand the intrinsics of, let alone model properly. The FT's awesome finance blog, FT Alphaville [ft.com] goes into a lot more depth on the whole issue - they "explain" the investment thingies themselves, the CPDOs [ft.com] , as well as the failures themselves [ft.com] .

"I'm not sure I buy it really. It just seems like corporate blame deflection."

If anything, the story paints a completely different, much worse picture:
1) Coding bug found to be cause, internally at Moody's
2) Internal docs show adjustment of model factors, ruling out high volatility as part of the model, in order that ratings after the bug fix don't deviate much from those before the bug was found.

That's my understanding of the story, anyway - IANAFinancier. But to me this paints Moody's in a much, much worse light than if they had *just* had a bug in the initial model which they then fixed - after all, that would have resulted in a re-rating...

(Again, I don't quite understand what's going on here, but that was my initial take on the situation)

Re:not err (5, Insightful)

dubl-u (51156) | more than 6 years ago | (#23498652)

IOW, they are blaming the coders for generating results that should have
failed even the most basic sanity checking.
Indeed. This isn't a coding error, it's a testing error. Or perhaps a process design error.

Any professional knows that coding has a certain error rate. So you add practices, like pair programming, unit testing, acceptance testing, external code reviews, parallel implementation, and black-box testing until you get below the error rate you need.

For some part-time e-tailer's web site, you can skip a fair bit of that; if you fuck up badly enough, you might cost them an entire $500. But in the financial world, they know that errors can cost a lot more, like a million times more, and so it's worth spending more on quality-oriented practices.

Blaming this on the coder who happened to make the key error (if indeed their was one) is like blaming the Titanic disaster on some guy who missed a rivet on that side. It's the purest bullshit, designed to deflect responsibility from the people in charge. If they set it up right, a single person would be unable to make a mistake of this magnitude.

Re:not err (2, Insightful)

tqft (619476) | more than 6 years ago | (#23498926)

Coder? More like junior messed up a spreadsheet and higher ups had no way to know if it was right or wrong other than the issuers who pay Moody's & S&P (and others) big time for ratings kept coming back for more.

Now if the users paid for ratings the customers would be whining pretty hard - to some extent the users of ratings do pay in deciding what effective interest rate they will pay to hold a bond.

Re:not err (5, Insightful)

DragonWriter (970822) | more than 6 years ago | (#23498752)

I'm no MBA but I would imagine that the rating of any composite
security should be the lowest rating of the most risky component.


To the extent that different investments in a portfolio (which is what a "composite security" is, in essence, a prepackaged portfolio) have independent risks, there is a leveling effect (this is why, e.g., when you roll two dice, the distribution of the results is tighter proportionate to the range than when you roll one, and tighter still when you roll three, etc.)

OTOH, to the extent they tend to vary together, they don't level each other. Assessing the degree to which two different investments are independent in their risks is, AFAIK, still more art than science to start with, and when the people doing the assessment often have financial interests (even if only indirectly) in promoting the sales of the packaged investments, well, the results are likely to represent those interests more than any rational assessment of reality.

Re:not err (0)

Anonymous Coward | more than 6 years ago | (#23498790)

Yeah, that's what I was saying, but I tried to stay away from complicated stuff like correlation, gamma, vega, etc :)

Re:not err (0)

Anonymous Coward | more than 6 years ago | (#23498188)

Well, I think the guys in the brokerages who were passing this crap off on everyone are trying to blame the programmers instead of admitting they were selling economic snake oil.

It can't be Coders complaining (4, Funny)

cps42 (102752) | more than 6 years ago | (#23498728)

Any dev worth his salt would be blaming, in order:
1) The Firewall
2) The Load Balancer
3) The Firewall
4) The Network Routers
5) The Firewall
6) The Network Cables
7) The Firewall
8) The Network Engineering Team
long before they figured out it was a Layer 8 issue in the code.

Re:not err (1)

homer_s (799572) | more than 6 years ago | (#23498382)

In my opinion, there is a very strong need for regulation of the credit agencies.

And who would regulate the regulators? You think the regulators won't have political pressure to alter the ratings in an election year?

The ratings agencies operate in a market where competition is prevented by the SEC. In 1975, the SEC mandated that debt be rated by a Nationally Recognized Statistical Rating Organization (NRSRO).

Before that, they were paid by those looking to buy bonds or make loans to a company. If a rating company did poorly it lost business. If it did poorly too often it went out of business.

But now, since there are only 5 to 7 such companies, the issuers of debt have to pay to get it rated or they couldn't sell it. So this leads to shopping around to see who would give the debt the highest rating. And no matter how badly Moody's or any member of the cartel screws up, they won't go out of business.

Re:not err (0)

Anonymous Coward | more than 6 years ago | (#23498420)

False AAA ratings are what have caused the global credit crunch and mortgage crisis.

That is far too strong. The ratings agencies played a part, but you are you a fool if you look at something that will "promise investors very high returns with little risk" and don't think something is fishy. It's not like the ratings agencies duped everybody.

What's a perfect storm? (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23498450)

No, actually I already know, BECAUSE EVERYONE ON THE INTERNETS FEELS OBLIGED TO USE THAT LAME AND DATED METAPHOR.

Peese rub bbq sauce on body and comit sucide on fornt lawn. Thank yoo Zeeba naybor!

A Moody Bug? (2, Funny)

SIR_Taco (467460) | more than 6 years ago | (#23497904)

Great... sounds like my girlfriend

Re:A Moody Bug? (1)

eln (21727) | more than 6 years ago | (#23498212)

I can see how your Real Doll would get bugs, but I don't understand how it would get moody.

Likely a feature (5, Interesting)

bartle (447377) | more than 6 years ago | (#23497906)

This doesn't explain how Standard and Poor's arrived at the same ratings. One possible explanation is that Moody's code was initially correct but they introduced the "bug" to make sure they were providing the same valuations as S&P.

In any case, it sounds like they found a new scapegoat and they're going to take it for a test ride.

Re:Likely a feature (5, Insightful)

Bryansix (761547) | more than 6 years ago | (#23497950)

Exactly because they need a reason why they rated securities backed by sub-prime negative amortizing loans at AAA. This in turn caused serious miscalculations of risk which led partially to the current economic downturn we are now facing.

The other part was that companies were all too willing to offer these risky products and buyers were all too willing to lie on their loan applications to get approved for them.

Re:Likely a feature (5, Informative)

dal20402 (895630) | more than 6 years ago | (#23498282)

I worked in a predatory lending clinic for the last few months (as part of my last semester of law school).

In many of our cases, the buyers didn't lie at all. Instead, the broker modified income and employment information on the application forms it sent to the lender, sometimes forging applications entirely

Lenders, for their part, turned a blind eye to obviously suspicious information (like a security guard making $80,000/year).

This worked for both lenders and brokers in the short term because the broker was only interested in getting more business written and the lender would quickly sell the obviously flawed mortgage to someone else.

Of course, all of this resulted in a lot of borrowers getting approved for products they couldn't afford. Why did they apply for such products? Because brokers often flatly misrepresented the terms of the products.

The incentive to get business done at any cost was a major cause of the outright fraud that underlies the current housing crisis. Borrowers are not totally blameless, but lenders and brokers were the really evil parties here.

Re:Likely a feature (4, Informative)

Belial6 (794905) | more than 6 years ago | (#23498712)

No, the buyers were evil too. It was common for the buys to be fully aware that incorrect information was going on their applications, and while I have no doubt a lie was told here and there to the buyers, I cannot count the number of people who were openly bragging that it didn't matter that they couldn't afford their loans because they wouldn't own their house long enough for the higher rate to kick in.

That being said, the lenders were definitely committing crimes. Both of the lenders my wife worked for before the crash were committing crimes on an hourly basis. The funders were expected to keep a stock of different pens at their desks to modify documents and signatures. It was common for my wife to come home worried that they were going to fire her because she wouldn't forge documents. "When the police come in to make arrests, the management is NOT going to protect you." and "It is more expensive to spend time in jail than it is to get fired." became mantras in our house.

Re:Likely a feature (5, Interesting)

ejecta (1167015) | more than 6 years ago | (#23498984)

I'm one of those people who got fired for not forging documents.

Apparently I was meant to be okay with plugging someone earning $2,000 a month into a mortgage that would cost him $4,000 month. He had $6,000 savings. Simple maths indicates he'd be against the wall in 3 or less months - but they simpled fired me, and then submitted the loan application in my name.

Thankfully I was smart enough to email myself all the emails on such topics before I was escorted out of the office - so should I ever get a visit from the boys in blue I can simply pass on the evidence and they can go sweat someone else.

Re:Likely a feature (1)

nguy (1207026) | more than 6 years ago | (#23498896)

all of this resulted in a lot of borrowers getting approved for products they couldn't afford

The borrower signed on the dotted line for their monthly obligations; they don't need the lender to tell them whether they can afford that.

Borrowers are not totally blameless, but lenders and brokers were the really evil parties here.

The borrowers are 100% responsible for the obligations they signed for. The lenders and brokers are not responsible for protecting the borrower's interests.

Re:Likely a feature (1)

blackmonday (607916) | more than 6 years ago | (#23498980)

This worked for both lenders and brokers in the short term because the broker was only interested in getting more business written and the lender would quickly sell the obviously flawed mortgage to someone else.


I don't understand how the lenders tanked so quickly, since they were selling the loans as securities immediately after closing the deal. Can anyone shine a light on this for me? For instance, why is Countrywide up a creek, if they weren't left holding the bag? It would seem to me that Pension funds are where the real sh*tstorm would be, but that doesn't seem to be the case.

Re:Likely a feature (4, Interesting)

Zeinfeld (263942) | more than 6 years ago | (#23498446)

Looks like the corporate equivalent of 'the dog ate my homework'.

So perhaps they could explain why municipal bonds have much lower default rates than equivalently rated commercial paper and this has been the case for several decades? Is this also a computer bug? I suspect not, I think they rate the commercial paper higher because they pay for the ratings.

So where is the accountability here? Do people who relied on these faulty (or fraudulent) ratings get to sue? If not, why did they ever trust a rating that nobody can be held accountable for?

Re:Likely a feature (1, Offtopic)

Thelasko (1196535) | more than 6 years ago | (#23498082)

One possible explanation is that Moody's code was initially correct but they introduced the "bug" to make sure they were providing the same valuations as S&P.
I wouldn't be surprised if S&P also introduced a "bug" to make their ratings match Moody's. The whole thing reeks of the method the RIAA uses to pick the top 40 songs, Payola [wikipedia.org] .

I think the parent is correct, in its allusion. The creator of said "bug" could stand to make quite a bit of money doing so intentionally.

Re:Likely a feature - also the cat ate my homework (1)

waveman (66141) | more than 6 years ago | (#23498422)

You're right. They all got paid big money to come up with these bogus ratings. They got paid the same money and came up with the same ratings. "Programming error" is the new "cat ate my homework". The fact that the ratings business is a cosy oligopoly doesn't help either.

Re:Likely a feature (5, Informative)

ztransform (929641) | more than 6 years ago | (#23498438)

Very possible.. banking coders tend to be rather cowboy-ish in my limited experience of Investment Banking companies in the UK and Australia.

In a short 5 week stint in an investment bank in Australia I was shocked at the way my manager at the time would order the DBA to "just authorise" some SQL query he'd written on the production database.

The idea of having a DBA authorise a query on the production databases was to prevent stupid things from happening.. but all too often I saw these safety systems bypassed at a human level.

If you want reliable safe systems, I'd bet on telecommunications companies rather than banks.

Likely S&P cheating (5, Interesting)

Scareduck (177470) | more than 6 years ago | (#23498930)

Calculated Risk [blogspot.com] believes this is a case where S&P decided not to believe their own models and tweaked them to match the results derived by Moody's, which spit out the wrong results in the first place. Call it bug-compatibility, but it's also clear that there were plenty of financial incentives at the time for the rating agencies to deliver results in step with their peers lest they lose out on lucrative "second opinion" business.

Yeah right, that's what it was... (3, Funny)

Colin Smith (2679) | more than 6 years ago | (#23497908)

A coding error.

 

Re:Yeah right, that's what it was... (1)

kcelery (410487) | more than 6 years ago | (#23498206)

An opulent coding error.

Re:Yeah right, that's what it was... (1)

omnipresentbob (858376) | more than 6 years ago | (#23498322)

Yes! All those heretical programmers should burn! Burn them, burn them alive! It's THEIR fault I defaulted on my loan!

It's suddenly getting warmer in here...

Re:Yeah right, that's what it was... (5, Funny)

PotatoFarmer (1250696) | more than 6 years ago | (#23498590)

while (true) {
if (isSECWatching = false) {
commitEgregiousFraud();
}}


Assignment vs. equality check strikes again!

Re:Yeah right, that's what it was... (1, Interesting)

Anonymous Coward | more than 6 years ago | (#23498746)

This is B.S. They were double dipping because they provided ratings and at the same time consulted about how to get better ratings... and getting paid for both. They are simply crooks looking for excuses.

unlikely (4, Interesting)

blackcoot (124938) | more than 6 years ago | (#23497912)

this is probably more a feature than a bug --- those instruments are rated by multiple agencies, each of which use their own risk evaluation methodologies and software. i find it highly unlikely that s&p would make mistakes, independently, that would cause it to give the same junk paper the same AAA rating that moody's gave.

Re:unlikely (1)

trybywrench (584843) | more than 6 years ago | (#23498066)

this is probably more a feature than a bug --- those instruments are rated by multiple agencies, each of which use their own risk evaluation methodologies and software. i find it highly unlikely that s&p would make mistakes, independently, that would cause it to give the same junk paper the same AAA rating that moody's gave.
i bet a million dollars they're all using the same, industry standard, software.

Re:unlikely (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23498142)

You failed to capitalize the beginning of a sentence, as well as a proper noun, and improperly placed a comma. Your post is invalid.

Re:unlikely (1)

powerlord (28156) | more than 6 years ago | (#23498268)

You failed to capitalize the beginning of a sentence, as well as a proper noun, and improperly placed a comma. Your post is invalid.


He plans on correcting that bug in the next release of his post.~

Re:unlikely (0)

Anonymous Coward | more than 6 years ago | (#23498274)

You failed to suck my balls. Your life is invalid.

Re:unlikely (1)

Spatial (1235392) | more than 6 years ago | (#23498298)

I don't know about being invalid, but it's, got a, few, too many, commas. William, Shatner, has a, Slashdot, account!

Re:unlikely (0)

Anonymous Coward | more than 6 years ago | (#23498338)

You are an obnoxious asswipe. Your post is invalid.

Re:unlikely (1)

Otter (3800) | more than 6 years ago | (#23498260)

i find it highly unlikely that s&p would make mistakes, independently, that would cause it to give the same junk paper the same AAA rating that moody's gave.

I don't think anyone is claiming that. The question is why their supposedly "correct" ratings were as hare-brained as Moody's erroneous ones.

Re:unlikely (4, Interesting)

ejecta (1167015) | more than 6 years ago | (#23498992)

Fitch, S&P and Moodys often have very similiar ratings. It's as if one goes first and the others follow so they don't have to answer questions about having a largely different rating.

Plus, if you rate someone poorly they may not pay you to rate them again. One of the lenders I worked for had the option to use S&P or Fitch, they got a poor rating from Fitch one year and used S&P ever since - that's a heck of a lot of cash not going to Fitch anymore.

code writing Brother ... (1)

joeyspqr (629639) | more than 6 years ago | (#23497928)

can you spare a stock tip?

Re:code writing Brother ... (1)

Bieeanda (961632) | more than 6 years ago | (#23498934)

"Plastics."

Can't read the article... (1)

avronius (689343) | more than 6 years ago | (#23497930)

Think maybe Moody's would like to finance my FT subscription?

Good economy news go unchecked (5, Insightful)

Denial93 (773403) | more than 6 years ago | (#23497978)

This is another example of how good news in the economic field can easily go unchecked because it is beneficial for everyone involved (in the short term) for the world to believe them.

My favorite, and perhaps the most drastic, example is how the US government grossly misrepresents employment stats, the consumer price index, and the GDP [shadowstats.com] . This creates another bubble; not for the New Economy or for the housing market, but for the US as a nation. As long as people keep believing in the "world's strongest economy", investments pay off much as they do in a pyramid scheme - but the point where they won't becomes ever more dangerous the longer the scheme holds.

I for one prefer investments in Europe if only for the seemingly more reliable numbers they have there. Investing in the US is a way too dangerous gamble right now.

Re:Good economy news go unchecked (3, Insightful)

Jeff DeMaagd (2015) | more than 6 years ago | (#23498094)

Regarding the shadow stats site, I'm wary of the type of conspiracy proponent that tries to push a product, book or service. Especially for this, non-subscribers wouldn't be able to pick apart the results. In the same way, this is why I don't like the articles based on what financial analysts say, because you have to buy the original report in order to make sure they aren't pulling any shenanigans.

Re:Good economy news go unchecked (4, Interesting)

nido (102070) | more than 6 years ago | (#23498872)

This is how the author makes his living - everyone has to support themselves somehow, you know. If he gave his insights away for free, he wouldn't have nearly as much time to devote to his specialty as he does.

I wrote a diary on k5 a few years back which referenced Shadow Stats [kuro5hin.org] , which linked to an interview [caseyresearch.com] that links to a fuller interview of John Williams, the guy behind the Shadow Stats site.

My impression is that while Mr. Williams is quite right about the government mangling the statistics, he's wrong about the long-term implications (inflation forevermore). I like Mish of the Global Economic Analysis [blogspot.com] blog's take: he's been saying for some time that the end-game of current economic developments is massive deflation, as all the loans in the economy go bad one at a time, in a sort of cascading system failure. We're now seeing the deflation prediction come to pass - while Gas & food are skyrocketing, other assets (housing, etc) and prices are dropping fast, as homeowners and businesses struggle to find buyers at any price. This is what you'd expect if the amount of money available in the economy (read: available for the everyday working Joe to spend - the trust fund manager who made $1billion last year doesn't count) was decreasing.

For the record, I don't subscribe to Mr. Williams' newsletter - much too poor for that right now.

Re:Good economy news go unchecked (1)

Gat0r30y (957941) | more than 6 years ago | (#23498192)

It would appear they caught the error and then proceeded to do jack about it:

after a computer coding error was corrected, their ratings should have been up to four notches lower.
Now why exactly didn't they immediately act to correct the error? So even if everyone else was just hopping on the good news bandwagon, there was serious fraud here on the part of moody's

Re:Good economy news go unchecked (1)

powerlord (28156) | more than 6 years ago | (#23498348)

So even if everyone else was just hopping on the good news bandwagon, there was serious fraud here on the part of moody's


I say we downgrade their rating.

Bullshit (2, Insightful)

Anonymous Coward | more than 6 years ago | (#23497980)

Total B.S. The ratings were wrong because various companies needed these AAA rating to stay in business. (And if you need a AAA rating to stay in business, you don't deserve a AAA rating.)

A bug management knew about for 2 years.. (4, Insightful)

WarwickRyan (780794) | more than 6 years ago | (#23497982)

..isn't a bug, it's a feature. Of fraudlent behaviour from management.

Re:A bug management knew about for 2 years.. (0)

Anonymous Coward | more than 6 years ago | (#23498078)

Send them to the Martha Stewart jail!

Re:A bug management knew about for 2 years.. (2)

kcelery (410487) | more than 6 years ago | (#23498330)

The question remains, does the 'CDO coding error' ends there? How faulty are the bonds and commodities ratings?

After the OpenSSL bug (5, Interesting)

Ckwop (707653) | more than 6 years ago | (#23497990)

... and this bug.. is it not time we started acting like engineers and started building software in a way where we can show it is correct.

As an industry, we really need to start growing up and using the tools the mathematicians have provided us, just as other engineers do in other disciplines, to show our programs actually work as advertised.

The competent have nothing to fear from formal verification and anyone who is not capable of doing such verification should not be writing software anyway.

Simon

Re:After the OpenSSL bug (1, Informative)

Anonymous Coward | more than 6 years ago | (#23498018)

To be fair the OpenSSL problem wasn't caused by the OpenSSL developers. It was an idiot (or two) that hacked up shit when they obviously had no skill.

Re:After the OpenSSL bug (4, Insightful)

nomadic (141991) | more than 6 years ago | (#23498104)

The competent have nothing to fear from formal verification and anyone who is not capable of doing such verification should not be writing software anyway.

This is Slashdot, where everyone just blames management. Because you know, there are no incompetent programmers in existence.

Re:After the OpenSSL bug (3, Interesting)

vux984 (928602) | more than 6 years ago | (#23498130)

... and this bug.. is it not time we started acting like engineers and started building software in a way where we can show it is correct.

As an industry, we really need to start growing up and using the tools the mathematicians have provided us, just as other engineers do in other disciplines, to show our programs actually work as advertised.

The competent have nothing to fear from formal verification and anyone who is not capable of doing such verification should not be writing software anyway.


Lock it all up tight, and make sure every line of code being executed is signed and certified.

And given how difficult it is to right correct code, I'm not sure a 'formal verification' would be worth that much. I mean, you think Windows is expensive NOW?

Not sure OSS could even exist in a world like that. After all, 'formal verification' isn't free. And you wouldn't be allowed to modify your own source... the liability issues alone!

Be careful what you wish for.

Re:After the OpenSSL bug (2, Funny)

Gospodin (547743) | more than 6 years ago | (#23498456)

And given how difficult it is to right correct code...

No kidding! Look how difficult it is to "right" correct English!

Re:After the OpenSSL bug (0, Offtopic)

Cal Paterson (881180) | more than 6 years ago | (#23498606)

Posting to undo moderation. Silly web 2.0 moderation.

Yep (4, Insightful)

Sycraft-fu (314770) | more than 6 years ago | (#23498638)

You can already buy systems like this. You can buy systems that absolutely have to work all the time, no downtime, no crashes, etc. However, there are some major stipulations:

1) It isn't cheap. There is going to me some major engineering to design it, and it will require some major redundancy in hardware to protect against faults. As such, you are going to pay a lot for it.

2) It isn't fast. No you can't have it today, you can't have it this month, you can't have it this year even. The development and testing will take a long time. This can't be rushed, it simply takes lots of time and lots of testing to make sure there are no faults.

3) You can't add features to it. Once the system is in place, it can run only what it was designed for. You can't go and install new software or anything. If you want any changes made, those will have to go through a full set of testing. No unverified code can be running.

4) It must be accessed only in approved ways. You can't just hook it up to the Internet and go wild, input will need to be properly regulated to make sure it doesn't cause an unforeseen problem.

5) You can't mess with it. Your people will not be screwing around trying things with it. It'll be maintained under a support contract only by certified personnel.

If that's not ok with you, well then some bugs are something you have to accept. This idea that programmers should be able to easily engineer perfect, bug free software quickly and cheaply is just amazingly ignorant. Especially when people come up with false analogies "Oh well people would sue if cars were made as badly as computers!" No, you'd get arrested (or killed) if you tried to use a car like people use computers. If people treated cars like computers they'd expect to be able to run in to a wall at 80 miles an hour and suffer no injuries to themselves or the car.

Cars work well if an ONLY if they are operated properly (and even then not always). You have to do things like obey proper driving regulations, maintain the engine, and so on. If you don't, well shit is going to go wrong, maybe catastrophically wrong. Yet people do just that with their computers all the time. They install random shit, never perform any maintenance, and expect that the computer will magically protect them from all problems.

Re:After the OpenSSL bug (4, Insightful)

Rakishi (759894) | more than 6 years ago | (#23498176)

... and this bug.. is it not time we started acting like engineers and started building software in a way where we can show it is correct.
Well enjoy paying $200k per copy of MS Office, personally I'll take some bugs instead.

As an industry, we really need to start growing up and using the tools the mathematicians have provided us, just as other engineers do in other disciplines, to show our programs actually work as advertised.
Last I checked mathematicians can't even say if my program will finish running much less if it will work as advertised.

Re:After the OpenSSL bug (1)

jareds (100340) | more than 6 years ago | (#23498578)

Last I checked mathematicians can't even say if my program will finish running much less if it will work as advertised.
Misconception. It is of course the case that some programs can neither be proven to halt nor be proven not to halt. That doesn't mean you should be writing such programs. It should generally not be conceptually difficult to prove that your program halts (or, perhaps everything but one or more deliberate event loops and whatnot halts). It might be extremely time-consuming and expensive, but possible. It's also possible to write code that should halt but really can't be proven to halt, but it's probably very bad code.

Re:After the OpenSSL bug (0)

Anonymous Coward | more than 6 years ago | (#23498788)

Really? I'm pretty sure I don't want my operating system to halt except under abnormal conditions...

You talk about 'generally'--but generally does not exist at 100k lines. Pointers happen, malloc happens, people forgetting to check what it returns occurs along with other badness.

The entire point of programming is really the act of abstraction--of simplifying the hard to generalize cases away and out of sight. I don't think dealing 'generally' with things that are specific and mathematically defined is nearly as easy as you seem to pretend it is...

Re:After the OpenSSL bug (1)

Hotawa Hawk-eye (976755) | more than 6 years ago | (#23498964)

There are some programs that are very easy to write or describe, that involve very basic operations, but for which the question of whether or not it terminates is very, very hard. One such program is the Collatz conjecture [wikipedia.org] :

Step 1: Start with an integer n.
Step 2: If n is 1, stop.
Step 3: If n is odd, replace n by 3*n+1.
Step 4: If n is even, replace n by n/2.
Step 5: Goto Step 2.

Re:After the OpenSSL bug (1)

SquirrelCrack (522382) | more than 6 years ago | (#23498186)

Who would enforce this?

Re:After the OpenSSL bug (2, Interesting)

blahplusplus (757119) | more than 6 years ago | (#23498246)

"we really need to start growing up and using the tools the mathematicians have provided us"

Mathematicians are only part of the answer unfortunately, there needs to be standardization in functions and code, so coders do not have to rewrite the wheel.

I've been thinking a bout making a completely visual compiler where you should not have to code in abstract numerics and other function statements beyond construction, all mathematical statemetns and programming statements can be virtiualized and rendered into a virtual 3D environment, and represented in a flowchart like format but much more like a diagram of an electric circuit and with things like what the size of X is and it's computational *load* on the cpu and whatnot.

Software engineering tools are really really bad, what really needs to be done is taking the math and expressing it as geometry in standardized ways IMHO so that you can actually *engineer* stuff, virtual structures and visual shapes and understand and visualize what the hell you are actually coding so that you can see the mistakes in the structure visually, since visualization is very very powerful and highly underutilized in software engineering,

I may have not described my ideas very well but hopefully those reading my posts get the idea, that software engineering has a lot in common with circuit design and should borrow and modify principles and concepts from hardware side in terms of expressing their programming and math in a format akin to electricity flowing through a circuit, etc.

Re:After the OpenSSL bug (2, Insightful)

Rich0 (548339) | more than 6 years ago | (#23498554)

software engineering has a lot in common with circuit design and should borrow and modify principles and concepts from hardware side in terms of expressing their programming and math in a format akin to electricity flowing through a circuit

Ironically the hardware side has been going in the opposite direction. How many transistors in a modern dual-core processor do you think were actually put there by hand with manual checking of voltage/resistance/heat/etc? Somebody writes up some code essentially and a program creates millions of gates to do what the algorithm dictates.

The problem with this visual rendering of software you suggest is that any non-trivial program is going to turn into a monstrosity of flow charts that would probably require tens of thousands of pages to print on paper. A single line of code could potentially be a few different boxes in a language like C.

The reason software engineering isn't like civil engineering is that while a bridge has maybe a few tens of thousands of parts, a computer program has the equivalent of hundreds of millions of parts (if you were to express the software as the equivalent machine). The best you can do is at least develop libraries that can have some level of specifications and testing around them so that you minimize the amount of code that is unique to a particular application. Software is just a different kettle of fish...

Re:After the OpenSSL bug (1)

mOdQuArK! (87332) | more than 6 years ago | (#23499004)

Many people might find that kind of programming environment valuable, but there are times when being able to define your program as a set of abstract symbols is MUCH more powerful than anything you can visualize (and/or it's really difficult to come up with a good visualization that fits the type of operation that you want to perform).

Re:After the OpenSSL bug (1)

maxume (22995) | more than 6 years ago | (#23498248)

Please send me $100,000,000, I would like to purchase a formally verified version of solitaire.

Yes, but (1)

MichaelSmith (789609) | more than 6 years ago | (#23498512)

As an industry, we really need to start growing up and using the tools the mathematicians have provided us, just as other engineers do in other disciplines, to show our programs actually work as advertised.

The competent have nothing to fear from formal verification and anyone who is not capable of doing such verification should not be writing software anyway.

How can I keep unvalidatable requirements out of my system? In my field, validation is used to show that the software satisfies requirements, not that the requirements are in any way correct.

Re:After the OpenSSL bug (1)

LordLucless (582312) | more than 6 years ago | (#23498658)

Hey, as soon as I can get a client to provide me (or hell, even sign off on) a mathematically correct specification that covers every aspect of a system, you got a deal.

The last "specification" (and I use that term loosely) I got was something along the lines of "hey, can you add a members section to this website?". Good luck demonstrating the resulting functionality to be mathematically correct.

Re:After the OpenSSL bug (1)

Maestro485 (1166937) | more than 6 years ago | (#23498780)

You actually bring up a very good point. However, as others in this thread have noted, designing flawless software can be quite expensive. This article [fastcompany.com] shed's some light into the programmers responsible for the NASA shuttle program. As stated in the article, they are among the most expensive programmers in the US.

Of course, prominent financial institutions should be required to implement a system comparable to the NASA technique given the obvious importance of the data, but like most truly important things I doubt it will happen (especially considering the $35 million budget this group has).

Need for more stringent coding practices (3, Insightful)

Neuroelectronic (643221) | more than 6 years ago | (#23498000)

How about that, a coding error that makes lots of money. These are so rare so I think we can say this was a simple mistake.

Lying Through Their Teeth (2, Insightful)

littlewink (996298) | more than 6 years ago | (#23498014)

The corrupt bastards are going to "shoot the programmer" on this one?

I want a federal investigation.

something like? (1)

nih (411096) | more than 6 years ago | (#23498024)

10 Print "Hello World!" 20 GOTO 10

Scapegoat (0)

Anonymous Coward | more than 6 years ago | (#23498026)

Someone tag the article with scapegoat.

Some poor IT guy's head's currently careening down the halls in Moody's.

Bullshit (0)

Anonymous Coward | more than 6 years ago | (#23498050)

Yeah right, a coding error. Made by someone no longer with the company I'm sure...

Or more likely the model was completely incorrect because they assumed low levels of defaults based on the default rates from when lenders actually required some money down (skin in the game from the borrower), didn't just just trust you when you said "yes I earn $200,000 a year, no I don't have any tax returns or pay stubs or bank statements", and occassionaly actually said "no" to a request fort $600,000 to buy a one bedroom apartment in the middle of the desert.

But let's go with typo.

Offending code exposed (0)

Anonymous Coward | more than 6 years ago | (#23498054)

if ($debt_owner_paid_off_moodys == 1) {
        $rating = "AAA";
}
else {
        $rating = "Junk";
}

monetary incentive to inflate ratings (5, Insightful)

nickhart (1009937) | more than 6 years ago | (#23498068)

Suuuuure... a coding bug is to blame! Nevermind that the agencies selling this financial toxic waste *paid* Moody's, S&P and others to provide good ratings. Software bug or no, there is fraud all around within the US economy--and no one was complaining as long as people at the top were raking in billions of dollars in profits.

Re:monetary incentive to inflate ratings (2, Funny)

spun (1352) | more than 6 years ago | (#23498300)

Damn it, it can be so hard to count your money with one hand while covering your ass with the other. Sort of like talking out of both sides of your mouth, it takes practice.

Calculated Risk (5, Insightful)

ewhac (5844) | more than 6 years ago | (#23498100)

Disclaimer: I am nothing more than a happy reader of the site.

This entry [blogspot.com] at Calculated Risk openly wonders if Moody's jiggered its model expressly so that it would line up with whatever the Standard&Poors ratings were.

Personally, I'm concerned this revelation will result in a concerted effort to blame the whole mess on a computer error, rather than the profoundly bad judgment exhibited by fund managers and investment banks. Expect some hapless programmer to be located and pilloried.

Schwab

Moreover... (5, Interesting)

mpapet (761907) | more than 6 years ago | (#23498646)

They won't go after some low-profile wonk. The French bank with billions of losses from a couple of months ago is trying the same thing. It's not plausible.

This is very quickly how the scam works:
The way bond agencies survive is by acquiring new business. Let's say a utility issues a bond for a new water project. They shop the issuance around. Highest rating gets the business. The higher rating means (roughly) less "insurance" they have to carry and the more they can use free cash to do other things.

The bond agencies are as "financialized" as a low-end broker sweat shop. No one seemed to care when the money was flowing. It's easy to take shots after the fact.

Few people follow the Fed's TAF's and its junk-filled balance sheet. It's worse than the credit agencies situation. Who knows if that will ever blow up like the credit markets.

blame the black box (0)

Anonymous Coward | more than 6 years ago | (#23498120)


honest guv, it was the magic black box with a screen that made the error

wouldn't someone notice? (4, Insightful)

belmolis (702863) | more than 6 years ago | (#23498126)

If the errors are as large as it seems they were, wouldn't one or more human analysts notice? When your software says "Buy SCO" you should know that something is wrong.

Re:wouldn't someone notice? (1)

Maestro485 (1166937) | more than 6 years ago | (#23498816)

Not if your boss doesn't care ;)

Re:wouldn't someone notice? (1)

ejecta (1167015) | more than 6 years ago | (#23499002)

But it's that the highly reputable company that owns unix? ;)

I hear they might be planning to sell us air soon too!

Fool Me Once, Shame on ?. (1)

wa2flq (313837) | more than 6 years ago | (#23498216)

To err is human, to really screw things up takes a Spreadsheet.

trickle down (1)

solweil (1168955) | more than 6 years ago | (#23498226)

IT folks should realize that they've been bureaucratically set up to take the fall for these sorts of things. CYA, obviously.

Blame it on the programmers (4, Insightful)

Whuffo (1043790) | more than 6 years ago | (#23498234)

Moody's were a part of the substandard financing disaster that's led to the current (arguable) recession. Rather than face the music for their (maybe fraudulent) misrepresentations they decided to blame it on "a coding error".

They're depending on us believing their media stories to escape responsibility; anyone who thinks about this situation would quickly realize that for a company full of financial analysts to not realize that an error of this magnitude was happening - well, it beggars the imagination.

What almost certainly happened is that they played the same game that so many other financial institutions did during the real estate bubble. But when the bills came due, they chose to deny responsibility and pass the blame on to someone else. The real crime here is that they'll be allowed to get away with this...

Re:Blame it on the programmers (1)

mpapet (761907) | more than 6 years ago | (#23498694)

The debt situation and the recession aren't related as much as you may want to believe.

No one is going to jail. Mere mortals are already paying for their mistakes through paying more for everything.

Better cite/site (2, Informative)

conlaw (983784) | more than 6 years ago | (#23498238)

If you want to read the whole FA without paying for it, there's a good writeup at Bloomberg: http://www.bloomberg.com/apps/news?pid=20601087&sid=aA57lFH5Exj4&refer=home [bloomberg.com] In it the Moody's folks explained that they "adjusted their analytical models" so that they didn't have to downgrade these instruments. But we're not to worry that they did anything wrong. In their words, they:

adjusted [their] analytical models on the infrequent occasions that errors have been detected,'' the[ir] statement said. ``It would be inconsistent with Moody's analytical standards and company policies to change methodologies in an effort to mask errors.,.

BS (1, Insightful)

zogger (617870) | more than 6 years ago | (#23498252)

And I am not referring to Briggs & Stratton either.

Them boys at moodys need to open a farm, they sure got a lot of fertilizer on hand!

coding error..hehehehehehe...I think this story comes from the Jon Lovitz school of excuses...."ya...that's the ticket! It was a coding error!" uh huh

I don't think their story is going to fly with investors and lawyers around the world who are the proud recipients of all the creative "write downs" and other sorts of negative profits this year from all those wall street loons trying to push worthless junk paper on each other and actually *believing* their own fantasies that they can just keep coming up with different names for IOUs and keep reselling them back and forth to each other. You can't printing press your way to wealth creation, whether what you are printing up is called "money" or a "collaterlized debt obligation" or whatever other fancy crap term they think up. Not for very long anyway.

You Gotta Be Joking (5, Interesting)

HangingChad (677530) | more than 6 years ago | (#23498352)

The Financial Times has the story that billions in incorrect AAA ratings given out by Moody's were the result of a coding error in its computer models.

So one of the top financial services companies in the world, staffed with MBA's and finance professionals, and none of them noticed a coding error that changed debt ratings by that big of a margin? That strains credibility to the breaking point. And on the other side of the table, none of the financial institutions buying collateralized debt instruments ever looked at those ratings and thought they were a little optimistic? Come on. The entire sub-prime mortgage mess was a computer glitch.

Guess that means cocaine use is alive and well on Wall Street. Because you have to be really, really high to field a whopper like that.

Not the whole story (4, Interesting)

analog_line (465182) | more than 6 years ago | (#23498402)

According to one of the Financial Times reporters on the story, interviewed on my local NPR station, the rating was unchanged AFTER Moody's supposedly found and corrected the error, because they "changed their methodology" between the original flawed rating, and the discovery of the flaw.

This guy didn't sound especially convinced, and no one's mentioned any kind of due diligence requirement on the rating agency to actually make sure that their ratings are correct. Apparently whatever gets spit out of the formula is accepted as official, and in this case, they had a lot of incentive to fail to get around to any due dilligence.

Billions of... (4, Insightful)

dave562 (969951) | more than 6 years ago | (#23499000)

The wording of the summary is confusing. Were there literally billions of bonds given incorrect AAA ratings, or were the incorrectly rated bonds worth billions of dollars because of the flawed rating?

Confusing summary aside, this is the biggest load of crap I've read in a long time. The financial world made a really bad guess on just how much "money" was really in the US economy and now they are paying for it. They can't actually be held accountable because then people might catch a glimpse of the fact that the financial wizards who run our lives are really full of shit. So instead of taking responsibility for their mistakes they are blaming it on a computer bug. How effin convienent for them.

"Hey everybody, we aren't fucking idiots. You see, it was the computer! I just told you what it told me on my screen. Hold on... my third trophy wife is on the phone... she's telling me that her and the Lamborghini are stuck in traffic somewhere between my multi-multi million dollar home and the club house where I spend multiple tens of thousands of dollars a year. I'll get back to you right after I blow a few more rails of coke!"

How the hell did these people get to be in charge of society?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>