[onei]

From that article (and a few others)

> In fact, staff at Fujitsu, which made and operated the Horizon system, were capable of remotely accessing branch accounts, and had “unrestricted and unaudited” access to those systems, the inquiry heard.

This has always bothered me. Sure, it's possible to build APIs that audit access completely. But I can easily write code that circumvents those APIs. Code isn't like a building where the walls are impenetrable and the doors the only possible access points - we can redecorate without ever touching the door. Building in an unaudited backdoor for operators seems bad, but if you can edit the source code the backdoors are infinite.

[fbdab103]

There should be application level auditing and database level. The people with access to managing the database level auditing should be extremely limited.

[robaato]

Accounting 101 use journal entries to correct mistakes. Dont edit original records... Have a transaction log...

[onetimeuse92304]

Listen. We all know what should have been done.

They were not able to do the first thing about running a transaction (ensure that one side of the transaction isn't executed multiple times). What you are saying is an obvious thing and yet it probably is well beyond the maturity of the team that was working on it.

[willvarfar]

Interestingly, it seems they may have built their own master-master xml-based database. It's easy to guess that they didn't add an audit feature etc.

[mavhc]

They were using Riposte from https://www.eschergroup.com/riposte-platform/ and Oracle.

They were using dial up ISDN lines to send the data back, but Riposte didn't support that, or scale to 20k terminals, so that was all new code

In general they had a distributed database that couldn't do ACID

https://www.postofficetrial.com/2019/12/fisking-horizon-tria... https://www.computerweekly.com/news/252496560/Fujitsu-bosses... https://www.benthamsgaze.org/2021/07/15/what-went-wrong-with...