This particular case reported on the BBC has a nice excuse...
Adele tickets: Fans claim personal data has been breachedBy Mark SavageMusic reporterFans buying tickets for Adele's tour have told the BBC they were shown the address and credit card details of customers other than themselves.
But several fans said they saw other people's shopping baskets, including payment details, upon check out.
Ticketing company Songkick said due to the "extreme load" on the site some customers could see others' account details. It apologised for any "alarm".
"At no time was anyone able to access another person's password, nor their payment or credit card details (which are not retained by Songkick)," it said.
So let's go through this and start with the last paragraph which states that no-one was able to access another person's password nor their payment or credit card details, yet, in the first paragraph it states that people were able to see payment details.
I assume it means that the full credit card number, expiry date and CVC number were not available, however whoever makes these statements really needs to check with the engineers and really understand what they are being told.
The one I particularly like is that these errors happened due to "extreme load". Which suggests that the underlying system - UI, middleware, database etc were not implemented with concurrency in mind.
I could imaging that the system probably wasn't load tested and/or that probably someone didn't use BASIC TRANSACTIONS which are present in, well, all databases - it has been part of the SQL standard for years and years.
Worse is that someone probably tried to reinvent transactions or semaphores in an inherently distributed system and failed. Probably the system only worked up until now because various race conditions had never materialised - not even in testing - assuming that the tests had been properly created.
I can also imagine that the developers were rushed and probably forced to use some new technology that they didn't understand and that some manager somewhere had probably read an article about NoSQL and demanded that everything become a bizarre mix of Java, Clojure, Python, Ruby, XML, JSON, MongoDB and whatever web framework is currently in vogue.
Of course, at the end of the day it will be the engineers' fault ... which fails to address the issue of how such a system got signed off in the first place, let along from where came the requirements.
Furthermore I can imagine that testing was skipped or done badly because of a manager's false idea of what agile is...
So what we have here is a simple system that fails because of a misunderstanding of technology, non-functional requirements and most likely mis-management. I'd be willing to wager on that if we as engineers actually performed proper post-mortems or accident analyses on system failures instead of being forced to patch them up.
Ironically if they'd written in it COBOL it would all have worked fine... :-)
No comments:
Post a Comment