I have thought long and hard about writing this but seeing as this happened about 30 years ago I think I may be on firm ground.
I used to work for a company that did DOS/VSE to MVS migrations, in fact I was the travelling support man and spent much time in the air so to speak but only in airplanes. For those of you unacquainted with what they call mainframes these days the closest analogy I can think of is moving applications from Windows to macOS or Linux.
The migration was done automatically, in other words we had programs that read source programs and modified them so they worked on the target system. This is a massive over simplification but I am desperately trying to avoid technobabble. Rest assured there will be some at some point.
The first step in such projects is to locate all the source programs. The customer has to deliver to us all his source and we process it to ensure that everything is there. We use JCL, or scripts in today’s terminology, to find out which programs are used, We then ensure we have the program and them look at the source of those programs to see if they use sub programs (i.e. CALL SUB1) and then go and locate the aforementioned SUB1.
This particular customer was in Kuala Lumpur. It wasn’t a Malaysian company but one of the massive oil companies the name of which I will not divulge.
I had nothing to do with this project but there were two missing sub program sources and though they had searched high and low the customer had not found them. Only one was really interesting. What they did have was the load modules, or executables in PC terms. Seeing as I could code Assembler and decipher dumps, I was sent to KL to reconstitute these source modules from what was in effect the executables. For the faint hearted the executables are basically the Assembler code. My job was to take this and recreate the original COBOL source.
I had never done this before but I do remember later during the Y2K panic there were several companies offering such services. Step 1 was the easy bit, IBM provided a program that took an executable and provided an Assembler listing. The head office did this for me and so these lists were available when I landed in KL. My job was then to take these listing and convert them to COBOL source.
<technobabble>
My first shock was that DOS/VSE had no relocating loader and so the first several pages of this listing was relocating all the address constants. MVS and its descendants do all this kind of thing automatically using something called the RLD (relocation dictionary). Once I had figured this out I was able to forget several pages of listing.
</technobabble>
The main program was called M115 (how can I remember that from 30 years ago, I know, I am sad) and it had a large number of sub programs from M115A to M115R or thereabouts. The missing program was called M115X which set alarm bells ringing, why not M115S ? Anyhow M115 was the invoicing program, it built the details in the invoices. One of its functions was to give discounts, presumably for customers who bought a lot of whatever they were selling.
As I struggled through rebuilding the M115X COBOL source it struck me that this program was playing with the discounts. It had a list of customers and products and if one of these matched the current detail it gave an extra discount. So it looked like somebody had taken a back hander to give extra discounts and hidden the source code that did it. Little did they know that if they had left the source in the right place nobody would have been any the wiser. We would have found the code, nothing in it needed changing so it would have sailed through unnoticed. After all the computer is always right innit.
Final question is what did I do about it. I had to tell the Operations Manager about it. This was an English chap who was quite pale to begin with. As I explained this to him he got even paler. He decided they needed to leave this in their application. Remember, when we tested this stuff we just wanted to have exactly the same results on the new system as on the old system. Without M115X we would almost certainly have had different results. I have no idea what he did about this later, I guess he kept schtumm and hoped nobody else noticed. He wasn’t a programmer so he hadn’t written the code.
Such was my life travelling the globe (well mostly Europe) sorting out all sorts of brown stuff. I stayed in a hotel called the Pan Pacific in KL, it was the equivalent of 7 or 8 stars in Europe. Never been in a place like it before or since and the staff were exceptional.
The only other time I heard of dodgy software was in Zurich. Working at a company that handled ATMs for several banks among other things there was a kerfuffle one day. Swiss plod arrived and arrested one of the programmers and frog marched him out. It turned out that this programmer had put a test in one of the ATM programs that if his card was being used it only deducted 10% of the amount from his account. So if he withdrew 1000 francs, only 100 was deducted from his account. This set off alarm bells on day one, the reconciliation didn’t agree, and it didn’t take them long to find the culprit. Luckily for us he was Swiss and not a foreigner.
It must be true that there were more shenanigans than this but I never heard about them.
© well_chuffed 2024
