Comment On Sampo Uh-Oh

Over the course of 100-plus years, Sampo Bank had grown into one of the largest banks in Finland. Since its founding in 1887, Sampo stayed ahead of the technology curve, introducing the first modern payment system -- the postal giro -- in 1939, becoming Finland's first adopter of IBM's "electronic brain" in 1958, and amassing nearly one million users of its online banking service by 2006. [expand full text]
« PrevPage 1 | Page 2 | Page 3 | Page 4Next »

Re: Sampo Uh-Oh

2008-08-05 10:06 • by RandomDreamer (unregistered)
Denied - no Euro for you.

Fist !!

Re: Sampo Uh-Oh

2008-08-05 10:08 • by guruofgentoo (unregistered)
Imagine the next job interview - "I see on your resume you worked for Danske.... NEXT!"

Re: Sampo Uh-Oh

2008-08-05 10:11 • by A Nonny Mouse
Danske opted to expand its integration project team to a whopping 2,500 employees and the budget to more than $300 million


with enough resources, it could have been built in a day!

Re: Sampo Uh-Oh

2008-08-05 10:12 • by Ilyak (unregistered)
210195 in reply to 210191
guruofgentoo:
Imagine the next job interview - "I see on your resume you worked for Danske.... NEXT!"

I don't think it's any bit of Danske programmers fault.

Switching a good system to something half-baked couldn't yield any other results.
This decision was doomed to fail, no matter how hard would they work.
"If it works, don't touch it"

Re: Sampo Uh-Oh

2008-08-05 10:12 • by Outlaw Programmer
Great WTF, but it left me with 1 question. If everything is done through a Java Applet, how come the site only works with IE?

Re: Sampo Uh-Oh

2008-08-05 10:13 • by Cujo (unregistered)
Great choices:

1. You will meet the deadline or you will not be paid.
2. You will not meet the deadline and you not will be paid.


Re: Sampo Uh-Oh

2008-08-05 10:15 • by Joakim (unregistered)
You have no idea how many Danes think Danske Bank is a bunch of monkeys on typewriters.
I don't know about Sambo but Danske Bank's online system still only works in Windows using Internet Explorer

Re: Sampo Uh-Oh

2008-08-05 10:16 • by Sir Twist
210199 in reply to 210196
Outlaw Programmer:
Great WTF, but it left me with 1 question. If everything is done through a Java Applet, how come the site only works with IE?
"The most obvious oddity in the Danske applet was that it made extensive use of platform-specific native DLLs -- such as non-Java code -- for no apparent reason, thereby effectively undoing the platform-independence of the Java applet."

Re: Sampo Uh-Oh

2008-08-05 10:21 • by Julius (unregistered)
Being an ex-customer of Sampo Pankki, I've visited their new online bank three times: to check the new functionality (it gave an error and refused to work), to transfer my money to a different bank (two tries, the first one gave an error saying "multifail" and the second try worked). Using Mac OS X / Safari.

Re: Sampo Uh-Oh

2008-08-05 10:21 • by Mads (unregistered)
210203 in reply to 210198
Joakim:
You have no idea how many Danes think Danske Bank is a bunch of monkeys on typewriters.
I don't know about Sambo but Danske Bank's online system still only works in Windows using Internet Explorer


Wrong. It works perfectly well on linux and solaris as well. The only thing that makes trouble is Java 1.6 - stick to 1.5 and it just works.

Re: Sampo Uh-Oh

2008-08-05 10:21 • by Anonymous Bastard (unregistered)
210204 in reply to 210199
Sir Twist:
Outlaw Programmer:
Great WTF, but it left me with 1 question. If everything is done through a Java Applet, how come the site only works with IE?
"The most obvious oddity in the Danske applet was that it made extensive use of platform-specific native DLLs -- such as non-Java code -- for no apparent reason, thereby effectively undoing the platform-independence of the Java applet."


It's still just as bad, absolutely nothing has happened. I have friends who have actually been unable to access their web banking stuff from their own computers for months now. They use 64-bit Linux... Apparently some run 32-bit Windows on vmWare just to be able to access Sampo.

Re: Sampo Uh-Oh

2008-08-05 10:23 • by Anonymous Bastard (unregistered)
210205 in reply to 210203
Mads:
Wrong. It works perfectly well on linux and solaris as well. The only thing that makes trouble is Java 1.6 - stick to 1.5 and it just works.


Only on 32-bit. On 64-bit it's still all broken.

Re: Sampo Uh-Oh

2008-08-05 10:25 • by Jack (unregistered)
Hehe. And later on some hackers placed a pic of Comical Ali on the Sampo online banking page.

I think I prefer the captcha that my credit union makes me enter to access my online banking. Oh, and it works in Firefox, too. Yippee.

Re: Sampo Uh-Oh

2008-08-05 10:25 • by Martin (unregistered)
Suddenly I'm embarresed being a Dane and a developer.

Not that I need to defend Danske Bank (I actually switched away form that bank 10 years ago). Sometimes it seems company names are anonymized like "a certain fairly large california based bank" - at other times they are not like in this case. Is there any good explaination to this (risk of lawsuits or whatever)?

By the way - the bank's danish motto is "Gør det du er bedst til - det gør vi". Which translates to: "Do what You are best at - We do"

Re: Sampo Uh-Oh

2008-08-05 10:25 • by bitblit
if (RandomErrorNotEnoughRandom == hasEnoughRandomErrors()) {
makeMoreRandomErrors();
}

Re: Sampo Uh-Oh

2008-08-05 10:27 • by yet another Matt
After buying the other bank why did they want to throw away so much money?

If you buy a product in a real world, like a PC, you don't throw away it's brand new, high speed hard disk and replace it with one that you have lieing around in a draw.

Someone really should have pointed that the other product was better, and replaced their own.

I actually feel sad for Sampo.

Re: Sampo Uh-Oh

2008-08-05 10:28 • by Walleye
210213 in reply to 210195
[quote user="Ilyak"If it works, don't touch it"[/quote]

So, do you wait until the jet's engines break down in flight before doing preventative maintenance?

Re: Sampo Uh-Oh

2008-08-05 10:31 • by Outlaw Programmer
210214 in reply to 210199
Sir Twist:
Outlaw Programmer:
Great WTF, but it left me with 1 question. If everything is done through a Java Applet, how come the site only works with IE?
"The most obvious oddity in the Danske applet was that it made extensive use of platform-specific native DLLs -- such as non-Java code -- for no apparent reason, thereby effectively undoing the platform-independence of the Java applet."


Yeah, I read that part, but what does that have to do with browser dependency? I can understand the DLLs causing a platform dependency, but my understanding is the Java plug-in for both browsers is pretty straightforward.

Re: Sampo Uh-Oh

2008-08-05 10:33 • by Joakim (unregistered)
210215 in reply to 210203
I switched from Danske Bank before I had a chance to try it out myself, however I was told this by a ... (not quite so) happy ... linux user and Danske Bank customer. He also told me they have a different system for which you need an actual memory key in hand in order to access it and THAT works under linux

Re: Sampo Uh-Oh

2008-08-05 10:33 • by Peter (unregistered)
I've always thought that Danske Bank would be a great place for developers that care about quality and such stuff ... now I'm not so sure ...

However, the article explains this job-add for Danske Bank:
http://www.danskebank.com/da-dk/Job/soeg-job/ledige-job/it/Pages/JOB391974364583333299386890.aspx

I know, it's in danish, and only a very select few can read that, but the gist of it is that they are looking for developers that have an education in computer science, engineering or something like that, or may have several years experience in developing large administrative systems. There are NO requirements for technology-experience, no mentions of platform (mainframe, Java, VB??) nothing ...

Re: Sampo Uh-Oh

2008-08-05 10:37 • by Foo (unregistered)
I've been waiting for this story to show up in Daily WTF. It took longer than I expected :-)

Re: Sampo Uh-Oh

2008-08-05 10:39 • by Moo (unregistered)
If you are looking for a job, there are plenty of second level technical support positions open in Sampo, Helsinki. Your mission is to act as a bridge between the first level customer support problems and Danish developers. The jobs have remained open since Easter.

Re: Sampo Uh-Oh

2008-08-05 10:39 • by Matt (unregistered)
210219 in reply to 210208
Martin:
Sometimes it seems company names are anonymized like "a certain fairly large california based bank" - at other times they are not like in this case. Is there any good explaination to this (risk of lawsuits or whatever)?


It seems like when the details are public, such as this story, the names are not changed.
Its the insider stories from current/ex employees that are changed to protect the WTF perpetrators

Re: Sampo Uh-Oh

2008-08-05 10:41 • by Anonymous Cowardly Lion (unregistered)
210220 in reply to 210210
yet another Matt:
After buying the other bank why did they want to throw away so much money?

If you buy a product in a real world, like a PC, you don't throw away it's brand new, high speed hard disk and replace it with one that you have lieing around in a draw.

Someone really should have pointed that the other product was better, and replaced their own.

I actually feel sad for Sampo.


They're not so much buying the bank's infrastructure as it's customer base. Bank's make money by spending other people's money (generally,) and the more clients they have, the more money they have to spend.

Östgöta Brandstodsbolag

2008-08-05 10:45 • by Mirar (unregistered)
I'm happy I switched. I used to have Östgöta Enskilda Bank, which was a nice old local bank for the province near Linköping. They had a perfect banking solution that worked with Linux and everything. Very nice logos (old weapon and all), overall very pleasant.

Then Danske Bank ate them. IT systems changed, Linux were no longer possible - IE only. Logos and layout changed (as you can see above). I switched bank quickly, and I'm happy for it. :p
Even more happy now. :)

(Although my current bank - Länsförsäkringar - also just now switched to something horrible, so I'm bound to change again soon.)

Re: Sampo Uh-Oh

2008-08-05 10:45 • by Daniel (unregistered)
I just hope someone very high up in management got fired for this.

Re: Sampo Uh-Oh

2008-08-05 10:47 • by mizchief (unregistered)
We must meet our arbitrary deadline at all cost! Why to business types have to have a strict deadline on every project? I understand if you have a limited budget and can only pay your staff for so long before making sales, but when you have $300 million to throw at the problem in the end, why not just monitor the project's progress then move the estimated completion date and adjust resources on a weekly basis?

There is simply no excuse for a failure this large involving something as important as people's money. Especially any project taking place in this century. We figured out why software projects fail in the 90's and it's time to learn from our mistakes.

Re: Sampo Uh-Oh

2008-08-05 10:54 • by Anon (unregistered)
210227 in reply to 210223
mizchief:

There is simply no excuse for a failure this large involving something as important as people's money. Especially any project taking place in this century. We figured out why software projects fail in the 90's and it's time to learn from our mistakes.

Sadly, the reason why software projects fail in the 90s (the management) is also the only thing that's unchangable. *cry*

Re: Sampo Uh-Oh

2008-08-05 10:57 • by Buzer
There was several other WTFs with the system as well. Like several XSS holes due to extensievelink/3gmobilban use of javascript and document.write(). Also, their communication director kept saying "It's not a hole before we have confirmed it's a hole" in public when the XSS holes were being released and only accepting that they "might" have been holes when finally fixed.

Ironically, the best web interface they have is the mobile interface that remains unchanged :) ( http://mobiili.sampopankki.fi/ )

Oh yeah, and they are running SharePoint somewhere in their site...

Addendum (2008-08-05 11:09):
So managed to somehow add "link/3gmobilban" (/link/3gmobilbank is the last part of the url to mobile interface) after extensieve, you can ignore it :)

Re: Sampo Uh-Oh

2008-08-05 10:58 • by Mike (unregistered)
210229 in reply to 210213
[quote user="Walleye"][quote user="Ilyak"If it works, don't touch it"[/quote]

So, do you wait until the jet's engines break down in flight before doing preventative maintenance?[/quote]

Bad analogy! Migration is not maintenance. Do you replace a P&W engine with a RR one (which the jet was not designed for) whilst the jet is in flight?

Re: Sampo Uh-Oh

2008-08-05 11:01 • by moltonel (unregistered)
About a year ago my previous company had (probably still has) Danske Bank as a client, and would send them automated emails containing embeded images.

* Did the Danske Bank employees see the images we sent them ? No : it turned out that their email software (IBM Lotus) didn't support this advanced technology.
* Is it implemented in current versions of Lotus ? Yes.
* How old is Danske Bank's version of Lotus ? 3-4 years past official end-of-life statement from IBM.
* How was the mater resolved ? I was tasked to send images as file attachment, of course :)

Re: Sampo Uh-Oh

2008-08-05 11:01 • by Alex Papadimoulis
210233 in reply to 210208
Martin:
Sometimes it seems company names are anonymized like "a certain fairly large california based bank" - at other times they are not like in this case. Is there any good explaination to this (risk of lawsuits or whatever)?


This'll all be explained in an upcoming "Policy" article, but the anonymization factor comes down to the source. In this case, all of the information published came from researching news articles and the like. An anonymous Finnish reader pointed me to the story and helped a lot with navigating various Finnish articles (many of which were not technical of nature) to piece together the story.

As for "a certain fairly large california based bank," I almost always know the real company behind it (usually through a dialog with the submitter), but it's redacted because the majority of the information is non-public and is tangential to the story/lesson.

There's little risk of lawsuit for me, as our libel laws burden the plaintiff with proving a statement is maliciously false, but it's a big professional risk for submitters if I name the company. There's only so many people who are that close to a WTF. Redacting the company name and relocating it to "California" creates more than enough plausible deniability. Aside from occassionaly redacting some of the finer details (and, of course, adding in some absurd/humorous hyperbole), the location is about all that changes these days.

Re: Sampo Uh-Oh

2008-08-05 11:04 • by TroelsL (unregistered)
This explains the less-than-optimal reputation Danske Bank has along many of my peers. But atleast the cantena has good food, or so I've heard.

Re: Sampo Uh-Oh

2008-08-05 11:04 • by R (unregistered)
210235 in reply to 210222
Daniel:
I just hope someone very high up in management got fired for this.



Hmmm.. you seem be having a slight break with reality. Less coffee maybe?

The manager in charge will be given a 400 million dollar successful completion bonus for getting it out on time, as well as a huge 'redundancy' package. They'll also be moving to another larger corporation which they can screw up even more successfully for more renumeration.

Re: Sampo Uh-Oh

2008-08-05 11:08 • by Satanicpuppy
210238 in reply to 210210
yet another Matt:
After buying the other bank why did they want to throw away so much money?

If you buy a product in a real world, like a PC, you don't throw away it's brand new, high speed hard disk and replace it with one that you have lieing around in a draw.

Someone really should have pointed that the other product was better, and replaced their own.

I actually feel sad for Sampo.


Having been through a similar corporate situation recently, I can sympathize. The corporation I worked for had a much much larger information infrastructure, better support staff, etc. The new company...well...didn't.

The sad thing is, they didn't even fire the old staff, they just left them in place and put another level of processing OVER them, so the formerly straightforward flow of financial information has become a byzantine nightmare of "Who the hell has my money?"

To top it, the new guys have this massive arrogance which is only barely matched by their incompetence. I dealt with a guy recently who was so proud of his MCAD that he'd actually made it part of his name, (e.g. Bob Smith, MCAD) and he told me flat out that I wouldn't be able to install, or support his code, more less make the changes necessary to update it to our different business unit, like there was something magical there, something that lowly me, with no acronym after my name could never comprehend (Works fine now, btw, but I had to update it to the .Net 3 framework to make it work on our system, and there was some hilarious wtfery that I may one day share that needed to be expunged).

Re: Sampo Uh-Oh

2008-08-05 11:09 • by bar (unregistered)
210239 in reply to 210228
The whole site seems to be a customized SharePoint app

Re: Sampo Uh-Oh

2008-08-05 11:10 • by Joel Robinson (unregistered)
Tom Servo, what is a SAMPO?

Re: Sampo Uh-Oh

2008-08-05 11:17 • by MBV (unregistered)
210244 in reply to 210216
Peter:
...
I know, it's in danish, and only a very select few can read that, ...

I guess all Scandinavians can read it, and in The Netherlands too (although it requires some effort). So not as select as you might think...

Try reading a Dutch article on some page, I'm curious if it works the other way around :)

Re: Sampo Uh-Oh

2008-08-05 11:20 • by Bappi
210245 in reply to 210223
mizchief:
We must meet our arbitrary deadline at all cost! Why to business types have to have a strict deadline on every project? I understand if you have a limited budget and can only pay your staff for so long before making sales, but when you have $300 million to throw at the problem in the end, why not just monitor the project's progress then move the estimated completion date and adjust resources on a weekly basis?

Because then the project will never finish (work expands so as to fill the time available for its completion). The proper way to handle this is to adjust scope.

I'm not saying you should never move a go-live date, just that making it elastic is not the answer either. In a project of sufficient size, there are a lot of parties involved that need some degree of certainty as to when they'll need to perform certain things. You can't keep calling them up every week to tell them the go-live date has been moved again. You adjust scope, and if that doesn't work, you move the go-live date.

Re: Sampo Uh-Oh

2008-08-05 11:36 • by Ken B (unregistered)
210246 in reply to 210214
Outlaw Programmer:
Sir Twist:
Outlaw Programmer:
Great WTF, but it left me with 1 question. If everything is done through a Java Applet, how come the site only works with IE?
"The most obvious oddity in the Danske applet was that it made extensive use of platform-specific native DLLs -- such as non-Java code -- for no apparent reason, thereby effectively undoing the platform-independence of the Java applet."
Yeah, I read that part, but what does that have to do with browser dependency? I can understand the DLLs causing a platform dependency, but my understanding is the Java plug-in for both browsers is pretty straightforward.
Perhaps there are other IE-only constructs?

The County Clerk's office for Westchester County, NY (population ~9 million) is IE-only. Why? I have no idea, but they have things like vbscript code for simple links. For example:
<td ... onClick="SomeVbScriptFunction()">

click here
</td>

rather than using a standard "<form>" tag and "submit" button, or even a simple "<a>" link.

http://ccpv.westchesterclerk.com/

Re: Sampo Uh-Oh

2008-08-05 11:38 • by Gnonthgol
210247 in reply to 210244
MBV:

I guess all Scandinavians can read it, and in The Netherlands too (although it requires some effort). So not as select as you might think...

Try reading a Dutch article on some page, I'm curious if it works the other way around :)


You can sort of make out the context of a deutch text by some simular words. But it is not an easy task. It helps to know german as well as norwegian theugh.

Re: Sampo Uh-Oh

2008-08-05 11:46 • by ChessKnught
210248 in reply to 210194
I imagine someone will be nailed to a cross for this fiasco.

Re: Sampo Uh-Oh

2008-08-05 11:47 • by jbrecken (unregistered)
210250 in reply to 210194
A Nonny Mouse:
Danske opted to expand its integration project team to a whopping 2,500 employees and the budget to more than $300 million


with enough resources, it could have been built in a day!


Get nine women pregnant, and you can make a baby in a month.
(Phrase it that way and even a manager can understand.)

Re: Sampo Uh-Oh

2008-08-05 11:50 • by Mnc_ (unregistered)
210251 in reply to 210244
MBV:
Peter:
...
I know, it's in danish, and only a very select few can read that, ...

I guess all Scandinavians can read it, and in The Netherlands too (although it requires some effort). So not as select as you might think...

Try reading a Dutch article on some page, I'm curious if it works the other way around :)
I've stumbled upon (no, not the browser addin) an idol-kinda thing, from the netherlands, on youtube. I perfectly understood one of the judges, while the other two... Well, nothing whatsoever.
Strange.
I'm Danish BTW.

Re: Sampo Uh-Oh

2008-08-05 11:51 • by biziclop (unregistered)
TRWTF is that only 20000 customers left. In a proper world all the big customers would've jumped ship plus at least 10% of the smaller ones and the ensuing barrage of lawsuits should've forced the bank to fold.

Re: Sampo Uh-Oh

2008-08-05 11:57 • by silent d (unregistered)
210254 in reply to 210235
R:
Daniel:
I just hope someone very high up in management got fired for this.



Hmmm.. you seem be having a slight break with reality. Less coffee maybe?

The manager in charge will be given a 400 million dollar successful completion bonus for getting it out on time, as well as a huge 'redundancy' package. They'll also be moving to another larger corporation which they can screw up even more successfully for more renumeration.


If only we could find a way to outsource management...

Re: Sampo Uh-Oh

2008-08-05 12:18 • by Tuuli Mustasydän (unregistered)
<nitpick>AFAIK, ATMs aren't locked to any one bank in Finland like they are in America/Canada; everybody uses the same machines, regardless of their bank.</nitpick>

Re: Sampo Uh-Oh

2008-08-05 12:18 • by ME (unregistered)
210261 in reply to 210240
Joel Robinson:
Tom Servo, what is a SAMPO?


http://en.wikipedia.org/wiki/Sampo

Re: Sampo Uh-Oh

2008-08-05 12:19 • by IV (unregistered)
210262 in reply to 210210
yet another Matt:
After buying the other bank why did they want to throw away so much money?

If you buy a product in a real world, like a PC, you don't throw away it's brand new, high speed hard disk and replace it with one that you have lieing around in a draw.


Of course you don't use one you have in a drawer. For instance, I just got a new computer with an SATA hard drive. I then paid many people to replace it with a solid state drive using a SCSI interface. And limit the transfer speed to about a fifth of what that interface is capable of. I am rather happy with the results- my family no longer wants to use my computer, and it only cost a few hundred thousand extra.

Re: Sampo Uh-Oh

2008-08-05 12:28 • by Ben4jammin (unregistered)
210264 in reply to 210245
Bappi:
mizchief:
We must meet our arbitrary deadline at all cost! Why to business types have to have a strict deadline on every project? I understand if you have a limited budget and can only pay your staff for so long before making sales, but when you have $300 million to throw at the problem in the end, why not just monitor the project's progress then move the estimated completion date and adjust resources on a weekly basis?

Because then the project will never finish (work expands so as to fill the time available for its completion). The proper way to handle this is to adjust scope.

I'm not saying you should never move a go-live date, just that making it elastic is not the answer either. In a project of sufficient size, there are a lot of parties involved that need some degree of certainty as to when they'll need to perform certain things. You can't keep calling them up every week to tell them the go-live date has been moved again. You adjust scope, and if that doesn't work, you move the go-live date.


And to add to that, when dealing with non-technical managers/directors you can easily use technical terms to create confusion about why something is not working (the rear discombobulator is out of alignment, the magic Java beans were defective from the factory, etc). And non-technical types can't really argue because they wouldn't know what they are talking about. But everyone understands a date/time deadline.
So if you are the project manager your choice is usually this:
1) "Complete" on time no matter what and get a fat bonus and deflect blame (and move on).
2) Don't complete on time and get yelled at with no bonus and get fired.
« PrevPage 1 | Page 2 | Page 3 | Page 4Next »

Add Comment