Coding Flaws Caused Moody's Debt Rating Errors 277
An anonymous reader writes "The Financial Times has the story that billions in incorrect AAA ratings given out by Moody's were the result of a coding error in its computer models. 'Internal Moody's documents seen by the FT show that some senior staff within the credit agency knew early in 2007 that products rated the previous year had received top-notch triple A ratings and that, after a computer coding error was corrected, their ratings should have been up to four notches lower.'"
not err (Score:2, Insightful)
Re:not err (Score:5, Informative)
This isn't a trivial issue. False AAA ratings are what have caused the global credit crunch and mortgage crisis. For those who aren't familiar with a AAA rating, it is considered as good as a US government bond. It is a very hard rating to get and only 8 US companies are rated AAA by all of the credit agencies.
In my opinion, there is a very strong need for regulation of the credit agencies. If they didn't allow for CDOs and MBSs to get AAA ratings, this credit crunch and likely recession wouldn't have occurred.
re: not err (Score:2, Offtopic)
Re:not err (Score:5, Insightful)
failed even the most basic sanity checking. All of their finance geeks
upon seeing these ratings should have been individually and collectively
scratching their heads.
I'm not sure I buy it really. It just seems like corporate blame deflection.
I dunno. I'm no MBA but I would imagine that the rating of any composite
security should be the lowest rating of the most risky component.
Re:not err (Score:5, Insightful)
security should be the lowest rating of the most risky component.
Re:not err (Score:5, Informative)
That actually is (used to be?) a tax dodge.
Take the money you want sheltered. Spend all of it on buying stock and selling an equivalent amount short. If the stock plummets, write the purchase off on your taxes. If it soars, write the short off on your taxes.
Step 3: Profit. Anyone taking notes should question why we have such a screwed up tax system.
Re: (Score:3, Informative)
Re:not err (Score:4, Interesting)
"I'm not sure I buy it really. It just seems like corporate blame deflection."
If anything, the story paints a completely different, much worse picture:
1) Coding bug found to be cause, internally at Moody's
2) Internal docs show adjustment of model factors, ruling out high volatility as part of the model, in order that ratings after the bug fix don't deviate much from those before the bug was found.
That's my understanding of the story, anyway - IANAFinancier. But to me this paints Moody's in a much, much worse light than if they had *just* had a bug in the initial model which they then fixed - after all, that would have resulted in a re-rating...
(Again, I don't quite understand what's going on here, but that was my initial take on the situation)
Re:not err (Score:5, Insightful)
failed even the most basic sanity checking.
Any professional knows that coding has a certain error rate. So you add practices, like pair programming, unit testing, acceptance testing, external code reviews, parallel implementation, and black-box testing until you get below the error rate you need.
For some part-time e-tailer's web site, you can skip a fair bit of that; if you fuck up badly enough, you might cost them an entire $500. But in the financial world, they know that errors can cost a lot more, like a million times more, and so it's worth spending more on quality-oriented practices.
Blaming this on the coder who happened to make the key error (if indeed their was one) is like blaming the Titanic disaster on some guy who missed a rivet on that side. It's the purest bullshit, designed to deflect responsibility from the people in charge. If they set it up right, a single person would be unable to make a mistake of this magnitude.
Re: (Score:2, Insightful)
Now if the users paid for ratings the customers would be whining pretty hard - to some extent the users of ratings do pay in deciding what effective interest rate they will pay to hold a bond.
Re:not err (Score:5, Insightful)
To the extent that different investments in a portfolio (which is what a "composite security" is, in essence, a prepackaged portfolio) have independent risks, there is a leveling effect (this is why, e.g., when you roll two dice, the distribution of the results is tighter proportionate to the range than when you roll one, and tighter still when you roll three, etc.)
OTOH, to the extent they tend to vary together, they don't level each other. Assessing the degree to which two different investments are independent in their risks is, AFAIK, still more art than science to start with, and when the people doing the assessment often have financial interests (even if only indirectly) in promoting the sales of the packaged investments, well, the results are likely to represent those interests more than any rational assessment of reality.
Re:not err (Score:5, Interesting)
Even if you know you're holding a pile of dog crap mortgages, you know that most will be able to make first months payment. Each successive monthly payment pool is likely to have more defaults, and thus uncertainty grows. If you take 1000 loans, and group the payments together, you can theoretically predict the risk of each band of payments. If you buy the first band, aka tranch, you're far more likely to get paid than if you buy the junior tranches that are expecting payments 30 years from now.
Here's where the fun stuff happens. Those earlier tranches that are more likely to get paid will usually be given very high credit ratings, as it's likely that the owner will collect the income from the pooled debtors. Since the security their holdings is so highly rated, perhaps AAA, then other institutions are willing to accept that AAA security as collateral for additional borrowing. This all continues on in a crazy cycle of leveraging until you have hunders of dollars of leverage to cents of actual income. All the while, these leverage products maintain a high credit rating, because it's all based off of AAA securities.
What happens when people start to default on the orignal loans and the person who bought that orignal pools of loans doesn't get paid? They can't pay their interest to a person who in turn can't pay their interest to a person who gets screwed and has to bring this "safe" security onto their balance sheet and write it all off as a loss. TADA! Credit crunch.
Re: (Score:3, Informative)
Tranche is just the french word for "slice" (Score:4, Interesting)
Re: (Score:3, Insightful)
Re:not err (Score:5, Interesting)
security should be the lowest rating of the most risky component.
Nor are you a statistician (which I'm not either, BTW, but I slept in a Holiday Inn Express last night...). Not dissing you, BTW.
The risk of a portfolio is dependent on the individual components' correlation with each other, as well as their individual risk. You can make a fairly safe portfolio out of relatively risky investments, IF the individual investments are not correlated in their behavior. If you have stocks and bonds in your portfolio, for example, this reduces portfolio risk because prices of stocks and bonds tend to not track each other tightly. Something that trashes the stock market overall may not impact the bond market as much, thus the variability in the overall portfolio is reduced.
This assumption of lack of correlation is what is causing the house of cards to tumble. Risk packagers assumed that there would be no fundamental common fall to the subprime housing market, and priced risk accordingly, which caused interest rates to be too low for the associated risk, which caused over-purchase of the loans. Everyone could have been completely honest, and we would still have this problem.
From my limited understanding of the problem, there are several fun things going on in this situation, any one of which are troublesome:
1) the real estate bubble as a whole, where we lost sight of what a piece of property can really be worth. Regardless of how pretty the house is, the price has to be something that can be paid for out of the income stream of the owner. This was enabled by
2) the mispricing of loans by the industry, in part due the flawed risk assessment, and in part by the complete breakdown of law and morality in the mortgage brokering business, well described elsewhere. These two factors made it cheaper for marginal borrowers to get into property that they couldn't afford, and in that deal (this is subtle) the ultimate lendors endangered themselves because they made loans at an interest rate which did not properly compensate them for the risk they took on. This was enabled by
3) the growth of the securitization of the mortgages into portfolio securities. This was and is I think a good idea, as it allows flow of capital into housing loans from sources that wouldn't otherwise easily be able to supply it. However, apparently the risk modeling that was used to price these was flawed, well before the aforementioned bug surfaced. That meant that these loans were mispriced, as I mentioned before. Since the price was too low, people overpurchased the product. Several somebodies, somewhere, didn't factor in the risk of the bubble in the prices mentioned in one, and what a price collapse would do. That fundamental risk, and the resultant mispricing of the loans is what is bringing the house of cards down. That risk makes this bug trivial in comparison. IMCLTHO
Re:not err (Score:5, Interesting)
* The "senior" security is the size of 5 mortgages, and pays it's buyer as long as *any* 5 of the 10 mortgages are paid.
* The "junior" security is also the size of 5 mortgages, and assumes all the risk for all 10 unless 6 or more of them go unpaid (but pays a really nice interest rate).
How reliable is the senior security? If you look through all historical American data and see that failure of 60% of mortgages has never happened (assuming here that we're taking the mortgages from different markets in theis simple example) then you have created a security that, based on all available historical data, is quite reliable.
Of course, the reality of thse securities is far more complicated, but this gets the basic idea across: in order for the AAA rated securites to fail, we'd need a fall in house prices unprecedented in American history. A few of have been predicting such a fall for years, but so what? There are always some loonies predicting doom and gloom, and the hard data supported the ratings.
Re:not err (Score:5, Insightful)
So the senior tranches of CDO's have to be based on the risk ratings on the whole mortgage pool, and this is precisely where Moody's and S&P bamboozled the public and are now trying to blame it on a bug. They would bless the claim that the top of nearly any pool was great stuff, no matter what the contents of the pool were. As others have observed, that's no coding bug, it's a policy to willfully ignore reality to facilitate the sale of more securities.
The mortgage market was hardly unserved when the securitizers entered it - rather it was full of banks offering conventional mortgages at rates that properly priced the risk (and the banks took care to do that, since they held on to the risk at that time, and federal insurance laws require them to have sane risk holdings). The introduction of securitized mortgage products flooded the market with much cheaper debt. That meant that the pools kept getting progressively worse and worse as the lenders headed down-market to try to sell mortgages to people who didn't already hold more than enough debt.
And as for the loonies, as asset bubbles go, the runup in housing has only one precedent in American history: the speculation before the Great Depression. Now there are a lot more safety valves in the finance system these days, but to claim that it is or was doom and gloom to be concerned about the size of the bubble is pretty a blinked view of the world.
Re: (Score:3, Insightful)
Which is the fundamental issue here. The ratings, or rather, the underlying risk models depended on some assumptions about the data, that past trends will continue. In a bubble situation, which I think is how history will view the real estate situation, the trends are not reliable indicators. It's a black swan problem [wikipedia.org].
Re:not err (Score:4, Insightful)
You forgot about 1929, didn't you? There is prior precedence for such a fall. And the US housing market really sucked thereafter too until just after WWII at which point it picked up steam and stabilized until the late 1980's where it jumped and started the creation of a big bubble that is only just starting to deflate. There's a study out there of housing data from the late 1800's until pretty recently. (Wish I had the specific link, but you can find it on-line. It was done by Harvard/Standford/ or such.) The study adjusted for inflation and leveled, which set the adjusted housing price at $100k. During the Great Depression it dropped considerably (over 50%), and didn't revive until after WWII, when it came back up to around $100k and stayed there until the late 1980's when it started to go skyward, peaking near $190k or so around 2002 or so, and then starting to decline. I think the most recent number was still above $180k. Guess what? That number still has a long ways to drop before it'll be back in reality.
The problem is larger than simply what you are stating, though it certainly didn't help at all - and problem made things worse.
What you have to look at is the long term trend and also the affordability to the base market. For example, in Northern Virginia buying a house went skyward after 2000. My sister's townhouse went from $93k (1997) to a peak of $330k (2005) - little to no change in the property itself outside of standard maintenance. It's settled down some, but is still well above $200k. The primary causes were (a) zoning laws modified to "keep the way of life the same" (i.e. houses spread apart, country feel), (b) growing increase in population, and (c) the belief that the prices would forever go up b/c the gov't is there and thus makes a stable economy.
The problems ended up being: (a) there existed a $20k gap between what an individual could leave on under subsidized housing ($42k salary max) and what the same person could live on without subsidized housing (roughly $60k salary) due to housing (renting) prices alone, and (b) the base market (people in their mid-20's to early 30's) were being forced out of the market - they simply couldn't afford to buy a house any longer; moreover, it was showing signs of the problems even in 2005 when people that had been in the area for a while wouldn't have been able to buy their own homes.
I still have quite a few friends in that area, and while the market has come down some, it is still quite crazy and unaffordable (the reason my wife & I moved out of that area). Sadly, many are in a very tough position b/c if the housing market keeps going the way it is (and it will until it reaches a full correction) many are going to end up in bankruptcy as a result. But that's the "high demand" side of the story.
On the other hand, out in Columbus, OH - city officials decided they wanted to "clean-up downtown" and get rid of the "poor people", so they worked with lenders to get those people loans and move them out to the suburbs. For example, in my parents development there was a high school student who (a) just graduated high school, and (b) didn't have a job (period!) but had been qualified for a mortgage and allowed to buy a home. She's now in bankruptcy. The "clean-up" simply put the poor people elsewhere, essentially making them someone else's problem while making the politicians look good. In the meantime, that "someone else's problem" has resulted in mass foreclosures in neighborhoods as things caught up to people that weren't have been able to pay the mortgage to start with and ended up in foreclosures quite predictably, which is on
Re: (Score:3, Informative)
This assumption of lack of correlation is what is causing the house of cards to tumble. Risk packagers assumed that there would be no fundamental common fall to the subprime housing market, and priced risk accordingly, which caused interest rates to be too low for the associated risk, which caused over-purchase of the loans. Everyone could have been completely honest, and we would still have this problem.
They didn't assume lack of correlation, they assumed low correlation is calculated on historical data, and historically, loans were not given to subprime borrowers. As they gave out more and more loans, the marginal quality of the loans decreases, increasing the risk of the loans, but more importantly, increased the correlation between defaults.
Now, this phenomenon is pretty well known, since it had been observed in other lending markets, but one thing made things very different in this case... they al
Re: (Score:3, Insightful)
security should be the lowest rating of the most risky component.
Nope. That's precisely the opposite purpose of a composite security. Think about a mutual fund: the risk of one component is mitigated by the risk of all the other components.
You'd have no possibility of retiring if your pension was predicated on the risk of your riskiest investment.
Re: (Score:2)
And who would regulate the regulators? You think the regulators won't have political pressure to alter the ratings in an election year?
The ratings agencies operate in a market where competition is prevented by the SEC. In 1975, the SEC mandated that debt be rated by a Nationally Recognized Statistical Rating Organization (NRSRO).
Before that, they were paid by those looking to buy bonds or make loans to a company. If
Re: (Score:3)
There. Fixed it for ya.
Seriously, they wilfully looked the other way. There is NO way that hundreds of these "new investment vehicles" could have been expected to receive AAA credit ratings when there are only a handful of corporations that have that rating.
This was a case of "don't ask, don't tell - because then the game is over". Everyone knew it was bogus, but nobody was going to be the firs
Re: (Score:3, Insightful)
In my opinion, there is a very strong need for regulation of the credit agencies. If they didn't allow for CDOs and MBSs to get AAA ratings, this credit crunch and likely recession wouldn't have occurred.
Yes, giving CDOs and MBSs AAA ratings just because house prices have never before declined sharply enough to affect the reliability of these securites was a problem, but government oversight wouldn't have helped here: securities regulation is good at preventing us from repeating past errors, but that's about it.
Of course the credit agencies used past data: that's how insurance works. You examine the past for hard data on the likelyhood of events, and the cost when those events occur. Stating a couple yea
It can't be Coders complaining (Score:5, Funny)
1) The Firewall
2) The Load Balancer
3) The Firewall
4) The Network Routers
5) The Firewall
6) The Network Cables
7) The Firewall
8) The Network Engineering Team
long before they figured out it was a Layer 8 issue in the code.
A Moody Bug? (Score:2, Funny)
Re: (Score:2)
Likely a feature (Score:5, Interesting)
In any case, it sounds like they found a new scapegoat and they're going to take it for a test ride.
Re:Likely a feature (Score:5, Insightful)
The other part was that companies were all too willing to offer these risky products and buyers were all too willing to lie on their loan applications to get approved for them.
Re:Likely a feature (Score:5, Informative)
I worked in a predatory lending clinic for the last few months (as part of my last semester of law school).
In many of our cases, the buyers didn't lie at all. Instead, the broker modified income and employment information on the application forms it sent to the lender, sometimes forging applications entirely
Lenders, for their part, turned a blind eye to obviously suspicious information (like a security guard making $80,000/year).
This worked for both lenders and brokers in the short term because the broker was only interested in getting more business written and the lender would quickly sell the obviously flawed mortgage to someone else.
Of course, all of this resulted in a lot of borrowers getting approved for products they couldn't afford. Why did they apply for such products? Because brokers often flatly misrepresented the terms of the products.
The incentive to get business done at any cost was a major cause of the outright fraud that underlies the current housing crisis. Borrowers are not totally blameless, but lenders and brokers were the really evil parties here.
Re:Likely a feature (Score:5, Informative)
That being said, the lenders were definitely committing crimes. Both of the lenders my wife worked for before the crash were committing crimes on an hourly basis. The funders were expected to keep a stock of different pens at their desks to modify documents and signatures. It was common for my wife to come home worried that they were going to fire her because she wouldn't forge documents. "When the police come in to make arrests, the management is NOT going to protect you." and "It is more expensive to spend time in jail than it is to get fired." became mantras in our house.
Re:Likely a feature (Score:5, Interesting)
Apparently I was meant to be okay with plugging someone earning $2,000 a month into a mortgage that would cost him $4,000 month. He had $6,000 savings. Simple maths indicates he'd be against the wall in 3 or less months - but they simpled fired me, and then submitted the loan application in my name.
Thankfully I was smart enough to email myself all the emails on such topics before I was escorted out of the office - so should I ever get a visit from the boys in blue I can simply pass on the evidence and they can go sweat someone else.
Re:Likely a feature (Score:5, Interesting)
The best part is that when we counted up the costs of daycare, gas, clothes, taxes, etc..., we only lost $400 a month when she wasn't working. It never made sense for her to go back to work.
Re: (Score:3, Interesting)
They forwarded my termination papers inside. Which is bizarre in itself seeing as I was the only person accredited by the lenders to sign off on loan applications - but I guess that's no hinderence when they are happy to put my sign off on things I've never approved when I'm no longer there.
I'm not that worried though, whilst it sucks supporting a family of four on no i
One thing I don't understand (Score:3, Insightful)
What I read here are admissions of guilt: you knew of a very serious crime with very serious consequences (and helped commit those crimes sa well) and chose to remain silent. It is both stupid
Re: (Score:3, Interesting)
Secondly, as I already said, things going to shit had VERY LITTLE to do with this type of fraudulent loan. Especially considering our (Australia) economy is still rock solid & growing rapidly despite such issues.
So again, what options existed to raise the alarm? You think a newspaper honestly would run a story about someone no one cares about?
At the end of the day regulation failed as all parties were interested in gaming the system - compliance & auditing wo
Re: (Score:3, Informative)
http://www.thisamericanlife.org/Radio_Episode.aspx?episode=355 [thisamericanlife.org]
(Unfortunately, link does not contain a podcast, though it does link to a shorter All Things Considered version of the story.)
An hour-long insightful and comprehensive examination from many different angles.
Re: (Score:2)
The borrower signed on the dotted line for their monthly obligations; they don't need the lender to tell them whether they can afford that.
Borrowers are not totally blameless, but lenders and brokers were the really evil parties here.
The borrowers are 100% responsible for the obligations they signed for. The lenders and brokers are not responsible for protecting the borrower's interests.
Re:Likely a feature (Score:5, Insightful)
Re: (Score:3, Informative)
Maybe you didn't catch any of the "seminars" that real estate and mortgage companies had going back in the early part of this decade. A friend of mine convinced me to go to one and this is what they tried to hammer into the audience for a couple of hours:
1 - Personal income always increases over time.
2 - The value of real estate always increases over time.
3 - ARMs are to
Re:Likely a feature (Score:5, Informative)
A lot of the lenders didn't have the money needed to make the loans. They would make loans, package them and sell them and the money that they made from selling the loans would finance the next batch of loans that they were packaging.
Without a steady cash flow from selling mortgages, they can't make any new loans. So when companies stopped buying mortgage securities, their cash flow dried up and they couldn't make any more loans. Game over.
Re: (Score:3, Informative)
Re:Likely a feature (Score:5, Interesting)
So perhaps they could explain why municipal bonds have much lower default rates than equivalently rated commercial paper and this has been the case for several decades? Is this also a computer bug? I suspect not, I think they rate the commercial paper higher because they pay for the ratings.
So where is the accountability here? Do people who relied on these faulty (or fraudulent) ratings get to sue? If not, why did they ever trust a rating that nobody can be held accountable for?
Re: (Score:2, Offtopic)
One possible explanation is that Moody's code was initially correct but they introduced the "bug" to make sure they were providing the same valuations as S&P.
I wouldn't be surprised if S&P also introduced a "bug" to make their ratings match Moody's. The whole thing reeks of the method the RIAA uses to pick the top 40 songs, Payola [wikipedia.org].
I think the parent is correct, in its allusion. The creator of said "bug" could stand to make quite a bit of money doing so intentionally.
Re:Likely a feature - also the cat ate my homework (Score:2)
Re:Likely a feature (Score:5, Informative)
Very possible.. banking coders tend to be rather cowboy-ish in my limited experience of Investment Banking companies in the UK and Australia.
In a short 5 week stint in an investment bank in Australia I was shocked at the way my manager at the time would order the DBA to "just authorise" some SQL query he'd written on the production database.
The idea of having a DBA authorise a query on the production databases was to prevent stupid things from happening.. but all too often I saw these safety systems bypassed at a human level.
If you want reliable safe systems, I'd bet on telecommunications companies rather than banks.
Re: (Score:3, Funny)
*rimshot*
Thanks, I'll be here all week.
Likely S&P cheating (Score:5, Interesting)
Yeah right, that's what it was... (Score:4, Funny)
Re: (Score:2)
Re:Yeah right, that's what it was... (Score:5, Funny)
if (isSECWatching = false) {
commitEgregiousFraud();
}}
Assignment vs. equality check strikes again!
unlikely (Score:5, Interesting)
Re: (Score:2)
Re: (Score:2)
He plans on correcting that bug in the next release of his post.~
Re: (Score:2)
I don't think anyone is claiming that. The question is why their supposedly "correct" ratings were as hare-brained as Moody's erroneous ones.
Re:unlikely (Score:4, Interesting)
Plus, if you rate someone poorly they may not pay you to rate them again. One of the lenders I worked for had the option to use S&P or Fitch, they got a poor rating from Fitch one year and used S&P ever since - that's a heck of a lot of cash not going to Fitch anymore.
Can't read the article... (Score:2)
Good economy news go unchecked (Score:5, Insightful)
My favorite, and perhaps the most drastic, example is how the US government grossly misrepresents employment stats, the consumer price index, and the GDP [shadowstats.com]. This creates another bubble; not for the New Economy or for the housing market, but for the US as a nation. As long as people keep believing in the "world's strongest economy", investments pay off much as they do in a pyramid scheme - but the point where they won't becomes ever more dangerous the longer the scheme holds.
I for one prefer investments in Europe if only for the seemingly more reliable numbers they have there. Investing in the US is a way too dangerous gamble right now.
Re:Good economy news go unchecked (Score:4, Insightful)
Re:Good economy news go unchecked (Score:5, Interesting)
I wrote a diary on k5 a few years back which referenced Shadow Stats [kuro5hin.org], which linked to an interview [caseyresearch.com] that links to a fuller interview of John Williams, the guy behind the Shadow Stats site.
My impression is that while Mr. Williams is quite right about the government mangling the statistics, he's wrong about the long-term implications (inflation forevermore). I like Mish of the Global Economic Analysis [blogspot.com] blog's take: he's been saying for some time that the end-game of current economic developments is massive deflation, as all the loans in the economy go bad one at a time, in a sort of cascading system failure. We're now seeing the deflation prediction come to pass - while Gas & food are skyrocketing, other assets (housing, etc) and prices are dropping fast, as homeowners and businesses struggle to find buyers at any price. This is what you'd expect if the amount of money available in the economy (read: available for the everyday working Joe to spend - the trust fund manager who made $1billion last year doesn't count) was decreasing.
For the record, I don't subscribe to Mr. Williams' newsletter - much too poor for that right now.
Re: (Score:3, Informative)
http://www.shadowstats.com/article/292 [shadowstats.com]
A summary of this FUD might be that it is about what American residents can do to prepare for a depression coming RSN. It gets even more absurd the FUD paper mentions how the US dollar will undergo seven to ten digit percentage hyperinflation RSN. It also gives questionable suggestions like buying "financial hedges" like gold, and using the gold and other items
Re: (Score:2)
Re: (Score:2)
I say we downgrade their rating.
Bullshit (Score:2, Insightful)
A bug management knew about for 2 years.. (Score:5, Insightful)
Re: (Score:3)
After the OpenSSL bug (Score:5, Interesting)
As an industry, we really need to start growing up and using the tools the mathematicians have provided us, just as other engineers do in other disciplines, to show our programs actually work as advertised.
The competent have nothing to fear from formal verification and anyone who is not capable of doing such verification should not be writing software anyway.
Simon
Re:After the OpenSSL bug (Score:4, Insightful)
This is Slashdot, where everyone just blames management. Because you know, there are no incompetent programmers in existence.
Re:After the OpenSSL bug (Score:4, Interesting)
As an industry, we really need to start growing up and using the tools the mathematicians have provided us, just as other engineers do in other disciplines, to show our programs actually work as advertised.
The competent have nothing to fear from formal verification and anyone who is not capable of doing such verification should not be writing software anyway.
Lock it all up tight, and make sure every line of code being executed is signed and certified.
And given how difficult it is to right correct code, I'm not sure a 'formal verification' would be worth that much. I mean, you think Windows is expensive NOW?
Not sure OSS could even exist in a world like that. After all, 'formal verification' isn't free. And you wouldn't be allowed to modify your own source... the liability issues alone!
Be careful what you wish for.
Re: (Score:3, Funny)
No kidding! Look how difficult it is to "right" correct English!
Yep (Score:5, Insightful)
1) It isn't cheap. There is going to me some major engineering to design it, and it will require some major redundancy in hardware to protect against faults. As such, you are going to pay a lot for it.
2) It isn't fast. No you can't have it today, you can't have it this month, you can't have it this year even. The development and testing will take a long time. This can't be rushed, it simply takes lots of time and lots of testing to make sure there are no faults.
3) You can't add features to it. Once the system is in place, it can run only what it was designed for. You can't go and install new software or anything. If you want any changes made, those will have to go through a full set of testing. No unverified code can be running.
4) It must be accessed only in approved ways. You can't just hook it up to the Internet and go wild, input will need to be properly regulated to make sure it doesn't cause an unforeseen problem.
5) You can't mess with it. Your people will not be screwing around trying things with it. It'll be maintained under a support contract only by certified personnel.
If that's not ok with you, well then some bugs are something you have to accept. This idea that programmers should be able to easily engineer perfect, bug free software quickly and cheaply is just amazingly ignorant. Especially when people come up with false analogies "Oh well people would sue if cars were made as badly as computers!" No, you'd get arrested (or killed) if you tried to use a car like people use computers. If people treated cars like computers they'd expect to be able to run in to a wall at 80 miles an hour and suffer no injuries to themselves or the car.
Cars work well if an ONLY if they are operated properly (and even then not always). You have to do things like obey proper driving regulations, maintain the engine, and so on. If you don't, well shit is going to go wrong, maybe catastrophically wrong. Yet people do just that with their computers all the time. They install random shit, never perform any maintenance, and expect that the computer will magically protect them from all problems.
Re: (Score:3, Informative)
I'm not sure you've got the right end of the stick, here. "formal verification" doesn't mean "code review by some officially-sanctioned third party". It means "verification using formal methods [wikipedia.org]".
As such, the only cost is time. People already volunteer their time to work on open source projects; there's no particular reason [
Re: (Score:3, Insightful)
As such, the only cost is time. People already volunteer their time to work on open source projects; there's no particular reason [other than mind-numbing tedium] why they wouldn't volunteer time for this too.
Well the mind-numbing tedium for one thing.
But the real issue isn't lack of volunteers, its that voluntee
Re: (Score:3, Informative)
But the real issue isn't lack of volunteers, its that volunteers are just as likely to turn in bad proofs as they are to turn in bad code.
Not if you're using the right formal methods... the whole point behind most code verification approaches is that it can be verified automatically. If a human had to review the proof, then sure, this will never work, but if you're using proof-carrying code in a relatively formal language, the verification can be an automatic part of the process.
The point about having programmers who are capable of writing those kinds of code is still valid -- there are lots of them, but it's definitely a smaller set than
Re:After the OpenSSL bug (Score:5, Insightful)
Re: (Score:2)
Last I checked mathematicians can't even say if my program will finish running much less if it will work as advertised.
Misconception. It is of course the case that some programs can neither be proven to halt nor be proven not to halt. That doesn't mean you should be writing such programs. It should generally not be conceptually difficult to prove that your program halts (or, perhaps everything but one or more deliberate event loops and whatnot halts). It might be extremely time-consuming and expensive, but possible. It's also possible to write code that should halt but really can't be proven to halt, but it's probably
Re: (Score:2)
Step 1: Start with an integer n.
Step 2: If n is 1, stop.
Step 3: If n is odd, replace n by 3*n+1.
Step 4: If n is even, replace n by n/2.
Step 5: Goto Step 2.
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
Mathematicians are only part of the answer unfortunately, there needs to be standardization in functions and code, so coders do not have to rewrite the wheel.
I've been thinking a bout making a completely visual compiler where you should not have to code in abstract numerics and other function statements beyond construction, all mathematical statemetns and programming statements can be virtiualized and rendered into a
Re: (Score:3, Insightful)
Ironically the hardware side has been going in the opposite direction. How many transistors in a modern dual-core processor do you think were actually put there by hand with manual checking of voltage/resistance/heat/etc? Somebody writes up some code essentially and a p
Yes, but (Score:2)
As an industry, we really need to start growing up and using the tools the mathematicians have provided us, just as other engineers do in other disciplines, to show our programs actually work as advertised.
The competent have nothing to fear from formal verification and anyone who is not capable of doing such verification should not be writing software anyway.
How can I keep unvalidatable requirements out of my system? In my field, validation is used to show that the software satisfies requirements, not that the requirements are in any way correct.
Re: (Score:2)
The last "specification" (and I use that term loosely) I got was something along the lines of "hey, can you add a members section to this website?". Good luck demonstrating the resulting functionality to be mathematically correct.
Lying Through Their Teeth (Score:2, Insightful)
I want a federal investigation.
monetary incentive to inflate ratings (Score:5, Insightful)
Re: (Score:3, Funny)
Calculated Risk (Score:5, Insightful)
This entry [blogspot.com] at Calculated Risk openly wonders if Moody's jiggered its model expressly so that it would line up with whatever the Standard&Poors ratings were.
Personally, I'm concerned this revelation will result in a concerted effort to blame the whole mess on a computer error, rather than the profoundly bad judgment exhibited by fund managers and investment banks. Expect some hapless programmer to be located and pilloried.
Schwab
Moreover... (Score:5, Interesting)
This is very quickly how the scam works:
The way bond agencies survive is by acquiring new business. Let's say a utility issues a bond for a new water project. They shop the issuance around. Highest rating gets the business. The higher rating means (roughly) less "insurance" they have to carry and the more they can use free cash to do other things.
The bond agencies are as "financialized" as a low-end broker sweat shop. No one seemed to care when the money was flowing. It's easy to take shots after the fact.
Few people follow the Fed's TAF's and its junk-filled balance sheet. It's worse than the credit agencies situation. Who knows if that will ever blow up like the credit markets.
wouldn't someone notice? (Score:5, Insightful)
If the errors are as large as it seems they were, wouldn't one or more human analysts notice? When your software says "Buy SCO" you should know that something is wrong.
Blame it on the programmers (Score:5, Insightful)
They're depending on us believing their media stories to escape responsibility; anyone who thinks about this situation would quickly realize that for a company full of financial analysts to not realize that an error of this magnitude was happening - well, it beggars the imagination.
What almost certainly happened is that they played the same game that so many other financial institutions did during the real estate bubble. But when the bills came due, they chose to deny responsibility and pass the blame on to someone else. The real crime here is that they'll be allowed to get away with this...
Better cite/site (Score:3, Informative)
You Gotta Be Joking (Score:5, Interesting)
The Financial Times has the story that billions in incorrect AAA ratings given out by Moody's were the result of a coding error in its computer models.
So one of the top financial services companies in the world, staffed with MBA's and finance professionals, and none of them noticed a coding error that changed debt ratings by that big of a margin? That strains credibility to the breaking point. And on the other side of the table, none of the financial institutions buying collateralized debt instruments ever looked at those ratings and thought they were a little optimistic? Come on. The entire sub-prime mortgage mess was a computer glitch.
Guess that means cocaine use is alive and well on Wall Street. Because you have to be really, really high to field a whopper like that.
Re: (Score:3, Interesting)
Can i claim the same defense and escape the noose?
NO!!
The FBI will prosecute me for Mail Fraud and 37 other charges even though it was the banks' fault in forcing me to withdraw money from someone's account.
Moody's explanation is like a child giving an explanation for spilt orange juice on the carpet: The bottle was heavy.
Moody's execs should be prosecuted for m
Not the whole story (Score:5, Interesting)
This guy didn't sound especially convinced, and no one's mentioned any kind of due diligence requirement on the rating agency to actually make sure that their ratings are correct. Apparently whatever gets spit out of the formula is accepted as official, and in this case, they had a lot of incentive to fail to get around to any due dilligence.
I call BS. (Score:5, Insightful)
Actually, that's not a bad idea.
To put it in a language slashdotters will understand.
1. Invent model.
2. Lie about model's accuracy.
3. (Sell model)???
4. Profit.
Billions of... (Score:5, Insightful)
Confusing summary aside, this is the biggest load of crap I've read in a long time. The financial world made a really bad guess on just how much "money" was really in the US economy and now they are paying for it. They can't actually be held accountable because then people might catch a glimpse of the fact that the financial wizards who run our lives are really full of shit. So instead of taking responsibility for their mistakes they are blaming it on a computer bug. How effin convienent for them.
"Hey everybody, we aren't fucking idiots. You see, it was the computer! I just told you what it told me on my screen. Hold on... my third trophy wife is on the phone... she's telling me that her and the Lamborghini are stuck in traffic somewhere between my multi-multi million dollar home and the club house where I spend multiple tens of thousands of dollars a year. I'll get back to you right after I blow a few more rails of coke!"
How the hell did these people get to be in charge of society?
Re:Billions of... (Score:5, Interesting)
Everyone in the US (and a few other places such as France and the UK) wanted to believe that they could buy expensive houses and flip them in a month or three, that the price of housing outside of big towns will continue to grow indefinitely (which is idiotic, in a world where there is a finite amount of oil), that everyone will keep paying their loans...
All this, because the alternative is believing in a resource-limited world which gets poorer in real terms (available energy, available raw materials, arable land) by the minute - a world not conducive to peace of mind.
Re: (Score:3, Interesting)
I completely agree with this. People don't want to be bothered with the reality of things. They don't want to take responsibility for themselves. They want to follow the herd and believe that everything will be okay because they are going along with what everyone else is doing.
I almost caved in. I almost bought some property at the peak but I realized that things were screwed up. I realized that rea
Another me-too post (please don't mod down) (Score:3, Insightful)
Re: (Score:3, Interesting)
They have changed their story. Their first story was a lot better. The fact that they are now changing their story makes me and I am sure the SEC call their bluff.
Anyway, their first explanation (revealed in a multi-page NYTimes article) was that the data supplied by the mortgage lenders was wrong. And this makes some sense- For years the model worked like this: Loan officers went and made loans, verified income, assets, their credit rating,