Open Source Banking 79
Cynical Yorkshireman writes "I sold my soul to investment banking a long time ago ... It's nice to know that some of the Wall Street money machines are actually quite forward thinking about IT! Dresdner Kleinwort Wasserstein will announce today that (with Collab.net's help) that they are open-sourcing their internal systems integration toolkit.
The official launch is today. Until recently I actually worked at DrKW, and have used this stuff a heck of a lot over the years. Basically, this is a toolkit that allows disparate systems to be connected (Sybase->RV->JMS->IIOP->ETX->MQ->UDB is a snap) in a very, very easy way. Without doubt one of the best pieces of software I have ever seen, and far and away the most useful!
Go get it (when the site opens), and never worry about system interfacing again ..." There's also a Reuters story with more information. Note that openadaptor.org is still password-protected as I write this.
Re:How will this fit with XML? (Score:1)
Oh. Thanks. Where did you get the username and password? Random guess?
Kent
Leap of Faith (Score:3)
Basically, do you believe (or whatever) in Open Source enough to bet your bank account on it?
Would you download the source code and inspect it first? or who would you look to, to validate and verify that the code was clean?
after all, it is only your money.
Europe leads the way! (Score:1)
Makes a nice change from all the Amerocentric stuff...
Hacker: A criminal who breaks into computer systems
Re:Don?t be a blinded visionary (Score:2)
Now that being said I would imagine that much of what runs inside a bank is big iron from IBM with a big 4 database on it. But IBM has embraced Linux and free software. And a lot of it is custom I would guess.
Hate the banks. (Score:1)
Q1 : Would you trust your money to an open-source bank ?
Hell, I hate banks : they always display the most astounding financial results, while complaining about the economy and laying off as much people as they can.
Do you really think that they will open-source their inner systems : unlikely. Firstly because they largely prefer security by obscurity, and secondly because I doubt the open source community will manage to do something usefull with their base of mainframe-based COBOL code. Sure, their web infrastructure will be all unix/win as it can be, but the account will reside on some real safe system.
But as for their integration software, as they pointed into the article, that will be profitable for them and their clients to have that part of the code improved by the global community : that's just another way of drawing on the global ressources.
Re:Don?t be a blinded visionary (Score:2)
No argument there. My experience in the banking industry (well, the bond trading part of it) as well as (a small) credit card processing company was that they tended to lean toward ``trailing edge'' technology since it was tried and true.
What OSS ``evangelists'' are screaming that it's shareware? Never heard any myself. Shareware has a certain meaning that most OSS advocates that I know don't find particularly applicable to most OSS.
And regarding ``Open Source project management practices being as bad as they are...'': my experience was that project management in the banking industry was no better (and IMHO, actually worse) than other industries and from what I gather the OSS development process. It seemed to be more politically driven than I'd ever seen before... or since. I spent a lot of late nights fixing problems that these development processes produced. Amazing how many vice presidents were calling me at 11:30 P.M. asking for help getting their crappy software kludges to work or backing it out since it was never going to work that night. I worked on projects with more sophisticated development processes on Govt. contracts at a University.
Granted `Open source zealots' might be saying that DCMA `sucks' but a far larger number of people, like consumer rights advocates, are saying the same thing. (Though they don't use the word `suck'.)
--
Re:Leap of Faith (Score:1)
What? If you have a bank account with this bank, you will still be putting your "faith" in the same software. The only difference is now you can look at the source code. I don't see how this tests anyone's faith in Open Source at all. Could you elaborate?
Re:Don’t be a blinded visionary (Score:2)
guest/guest no longer works. (Score:1)
Regards,
-scott
Re:Bollocks (Score:1)
Do you know what code your bank uses? I've no idea what mine uses. It never even entered my mind to use it as one of the criteria for choosing it. Why the should I care?
guest/guest no longer works (Score:1)
Not redundant any more. (Score:1)
Regards,
-scott
Re:Leap of Faith (Score:2)
IBM, for example has the whole series of commercials about the value of IBM services and security.
The average joe gets easily paranoid about his money, and even imagined threats to it. The average Joe is very vulnerable to FUD.
Granted that an investment bank is not your local savings and loan. And this is just a developer toolkit.
but I look at the fud that goes on in other markets, and wonder if this could be exploited in this market.
and thus the question.
Re:Bollocks (Score:2)
Re:Open Bank Source Code = Bad. (Score:2)
The question is: Will it be found by someone willing to tell you about it, or someone who wants to exploit it.
If you don't allow the public to scrutinize your system, the likelyhood is that the only people looking at it will be your overworked little development team, and a horde of crackers that don't care that they aren't allowed to "test" your system.
Whether it's safe or not to use open source software for critical stuff depends a lot more on how you do it.
First of all, you shouldn't release a banking system and run on the same version of the code until you've let a lot of people look at it.
Second, firewalls are good. Knowledgable sys.admins that actually keep an eye both on the system, and the buzz in the hacker community, a huge plus.
Conclusion? If your security is crappy anyway, you certainly run added risks with open source, but if you manage your security well (actually bother to protect the perimiter to your system, and don't run untested software for critical tasks), you'll gain from having good guys looking at your code too, not just bad guys hammering on your system until they accidentally find something (and they will).
Re:OT: common passwords (Score:1)
Re:Don’t be a blinded visionary (Score:2)
This may come in handy (Score:2)
What openadaptor is and is not (Score:5)
To clarify what the openadaptor software is and is not: As the original poster noted, the openadaptor software provides easy ways to set up connections between different types of applications; it is basically an integration toolkit. However the openadaptor software is not in and of itself a banking application. Thus, for example, openadaptor was used to help implement a global equities derivative trading system at Dresdner Kleinwort Wasserstein, but the openadaptor code itself does not perform the financial calculations involved in derivatives trading.
I should also note that the potential usefulness of openadaptor extends well beyond banking and financial services; any company with large complex IT systems might be interested in it, especially companies that have to integrate systems across divisional or corporate boundaries, for example as a result of a merger or acquisition. (This includes Dresdner Kleinwort Wasserstein itself -- it was known as Dresdner Kleinwort Benson until it recently merged with Wasserstein Perella.)
Re:Don?t be a blinded visionary (Score:2)
Among other things (securities, underwriting, etc), an investment bank often has a brokerage department, a trading department, and a research department. All of these generate money and are ideal applications for a web interface.
You can feel free to tell Salomon Smith Barney [salomonsmithbarney.com] that there web page doesn't generate any revenue, but I somehow imagine that they feel differently.
Looking for open source derivative pricing code? (Score:1)
Have a look at:
they both contain real derivative pricing code.
--
Laurent Guerby <guerby@acm.org>
Just like Superman III (Score:1)
Re:Don?t be a blinded visionary (Score:1)
It is not the case that all changes to a custom Linux kernel must be made public.
--
Re:Don’t be a blinded visionary (Score:1)
--
guest/guest no longer seems to work (Score:2)
Amber Yuan 2k A.D
Re:Don?t be a blinded visionary (Score:2)
Re:Use guest/guest to access openadaptor.org (Score:1)
Bollocks (Score:1)
Financial Organisations will do anything they can get away with to make money, if that means free software they will go for it.
OT: common passwords (Score:1)
(the latter has failed to work recently -- does anyone know whether it has been killfiled?)
Even more importantly... (Score:1)
Re:Bollocks (Score:2)
Not necessarily true. Financial Organizations will do anything they can get away with to make money in the long haul. Stability and strength make bank customers feel warm and fuzzy. Would you trust your finances to a bank that managed them with Open Source code? I wouldn't. And please don't flame, I'm very much a supporter of Open Source and most ideology behind it. I'm merely stating that banks won't because it's perceived as insecure.
openadaptor BOF at LinuxWorld in New York (Score:2)
Idiot. (Score:2)
Bottom Line: Open Source is safer than Proprietary (Score:1)
Help me understand...! (Score:2)
Re:TLA's (Score:1)
RV = TIBCO Rendezvous
JMS = Java Message Service
IIOP = Internet Inter-ORB Protocol (or var. Internet InterOperability Protocol)
ETX = Ethernet I presume? Or something else?
MQ = IBM MQ Series (messaging middleware)
UDB = DB2 UDB
What's it like working for an I-bank? (Score:1)
Thanks!
willis
Middleware for middleware? (Score:1)
The only benefit would be that you can replace your middleware system easier, but how often do you do that? An open-source middleware would be better.
I work as a consultant in banking and finance and I often see these huge webs of interconnected systems with custom programmed interfaces between them. Middlewares help, but they are not the solution to all problems. You still have to interface to the middleware system. Introducing openadaptor would require you to interface to openadaptor, as well as interfacing openadaptor to your middleware (in case your middleware is not of the systems supported directly by openadaptor). How can this make things easier? Or am I missing the point?
Anyway, more complex systems means more work for me, so I guess this is a good thing after all! :)
Re:Yeah, and given the bugs in Excel (Score:1)
Even if the Excel has nothing to do with banking, the notion that certian practices, software and hardware could be certified for use is worth looking at.
For example, that Excel can have these bugs and the Pentium chip can have these bugs, should alert us to that these or other bugs can exist in other tools.
Security works on secret keys. Safety works on open processes and modular construction. Only an open process can prevent bugs being hidden. Only a modular proces allows the replacement of defective parts in a cost effective way.
A process can be both safe and secure, because while the process of the key is understood, the exact value of it is not. Banks went for many years with bits of paper and keys. The technology of these were understood. The exact form of the key is revealled only to those who have a valid need for a copy of it.
Heed excel bugs, not as defects in one program, but defects in our trust in software.
Re:Don?t be a blinded visionary (Score:2)
--
Re:TLA's (Score:1)
How will this fit with XML? (Score:2)
Kent
Cut it out! (Score:2)
Yeah, and given the bugs in Excel (Score:2)
It is about time some rigour is introduced in these systems. Banking relies heavily on Excel, and the bugs in Excel are so deep, an article in Journal of Computational Statistics and Data Analysis concluded that
Now, it turns out Excel doesn't do computer arithmetics [woodleyside.co.uk] very well. It's very, very bad, actually...
Re:How will this fit with XML? (Score:1)
Re:Use guest/guest to access openadaptor.org (Score:2)
Welcome to openadaptor.org
openadaptor is a 100% Java/XML-based software platform which allows for rapid business system integration with little or no custom programming.
openadaptor can be loosely classified as EAI (Enterprise Application Integration) software. It is highly extensible and provides many ready-built interface financial components like Oracle, Sybase, TIBCO, as well as data exchange formats such as XML, Fix, Swift, and HTML.
good for them (Score:1)
well cheers collab seem to be going in the right directions
banking is one of the BIG boys and getting accepted in that market counts
hope that linux does as well for them as it
Re:Use guest/guest to access openadaptor.org (Score:1)
Re:Don’t be a blinded visionary (Score:2)
Agreed. Let me give you an example. There are web servers that run within kernel space, and are hence very fast. They're open source and available to whoever wants them.
Now let's say an investment bank codes their bond pricing engine into kernel space (the faster you can price bonds, the better). Are they going to be happy that their rivals on the opposite side of The Street can download this technology from RedHat.com? Of course not.
Face it, bankers are old fashioned and play things in a very old school manor.
Lots of banks like perl, of course, but not because it's open source, but because it allows them to write very bad code, very quickly that nevertheless gets the job done. But that's how it works in the Front Office, where short development cycles are everything. On the back office, you'll be seeing the big iron, and I can't see that changing.
P.S. The whole BIND thing won't have made The Street any more trusting of Open Source. Many eyes only make bugs shallow if they're all a) qualified and b) looking, and the Open Source community as a whole has a long way to go on both of those.
Re:Don’t be a blinded visionary (Score:3)
I do not work in the banking industry myself.. I do work as a software developer for a large corporation.
I think taking an extremely cautious approach towards any banking system warrants merit. No bank wants to risk exposing themselves to massive lawsuits over inadequate security over a person's account. I feel certain banks do not enjoy risk beyond working the stock market.
However, bankers do occasionally embrace new technologies. Witness the ATM machines, which didn't exist as readily today as twenty years ago. Also witness the growing trend in online-banking. As a new technology, open source development holds promise, but hasn't matured yet. But this doesn't rule it out as a viable technology.
Consequently, I think it's too early to say that the banking industry will never embrace open source. I suspect they simply need to wait for it to prove itself further before they may enjoy its benefits.
I will gently side-step the DMCA issue to point out that many banks provide their own developers towards projects in-house. Consequently, I doubt the DMCA issue needs to be drawn in here; banks would simply have their developers close whatever security issue arose. And, if the banks' developers worked with open source development, they would probably find themselves controlling much of the software... to include project management (possibly).
Open source offers a greater chance towards better security than the rather scary practices they currently hold. I've recently read about the transaction protocols used by the banking industry; if they truly use a 56-bit key to encrypt a password without using public-key encryption, in a relatively short period of time, cracking such transactions should become trivial. This is not the sort of freedom open source developers want to see in their information, and neither should bankers. I do not happen to have the URL for this information readily in hand, or I would merrily direct you to it.
While I'm sure some open source project management might be poorly executed, it doesn't mean all projects are poorly managed. I would point towards the linux kernel itself as a relatively good example of project management in the open source model.
If there truly is 'no confidence communicated that any application developed in the open source model would not be secure...' this would indicate a failing of open source evangelism, and not of the technology. I would challenge 348 to provide credible evidence of a well-known, popularly used open source project relying upon security that proved to be less secure than its close-source counterpart.. and further, upon doing so, I would challenge 348 to note how long it would take for the project to repair said security issues.
As for open source zealotry, screams of 'information wants to be free' and whatnot, I suspect these statements show a lack of understanding of open source values, and a misunderstanding of our culture. I would refer you to esr's Homesteading The Noosphere (sic?) for a better understanding of this culture. Of course, as with any group of people, you have your bad elements... but these do not necessarily represent the collective view. It would be like suggesting that all Americans were money-grubbing opportunists.
Jeezuzzz - It's middleware. (Score:1)
Re:Don?t be a blinded visionary (Score:3)
That's so because given enough eyes, all bugs are shallow. That's why the most trusted cryptographic systems are the ones whose details have been open for decades, and which still have no known weaknesses. not the proprietary encryption that some company has made, claims unbreakable and pushes as a binary-only product.
There is no conflict between openness and security. Security trough obscurity does not work. But hi, don't take my word for it, go visit some of the more well-respected security-analysts around and see what they think. Have a look at Bruce Schneiers site for starters.
How do you get the XML from one app to another? (Score:1)
Cool. Middleware's very handy. (Score:1)
For those who don't know, middleware is like STDIN/STDOUT/STDERR. The bits that join the pipe together.
It's also usually very expensive, I rolled my own for home use (http://www.yelm.freeserve.co.uk/appsnet/) using suck/rpost and INN but I suspect this openadaptor stuff will be right on the ball.
Re:TLA's (Score:1)
Re:Don?t be a blinded visionary (Score:3)
Idiot. (Score:2)
Re:Help me understand...! (Score:2)
Re:Don?t be a blinded visionary (Score:2)
Re:What's it like working for an I-bank? (Score:1)
Thanks again --
willis
Re:Don?t be a blinded visionary (Score:2)
Excuse me? Banks don't make money with online banking?
Re:Use guest/guest to access openadaptor.org (Score:1)
Fuckwit (Score:1)
It's in the context of banking applications. DUH.
Re:karma whore alert ! (Score:1)
Re:Bollocks (Score:2)
Ahh, I see we have an old timer here.. Very good eye, LOL. Go Dale!!
Re:Middleware for middleware? (Score:1)
It does more than your average middleware; standard components allow you to map and transform the data being transported, plus there's the exception handling systems for bad data.
Doesn't this add to the overall complexity of the system?
Not necessarily
The only benefit would be that you can replace your middleware system easier, but how often do you do that? An open-source middleware would be better.
Coding to the openadaptor API does mean you are not tied to any given middleware. Most large organisations have many more than one middleware system in use. Say you have an application exporting data over a guaranteed delivery middleware package, and you decide you need to publish the same data over a reliable (not guaranteed) middleware system. Normally you would have to write new code, but if you code to the openadaptor API all you need to do is alter a line or two in a configuration file and you are publishing over a different middleware system.
I work as a consultant in banking and finance and I often see these huge webs of interconnected systems with custom programmed interfaces between them. Middlewares help, but they are not the solution to all problems.You still have to interface to the middleware system.
True, but with openadaptor, you only have one interface to code to.
Introducing openadaptor would require you to interface to openadaptor, as well as interfacing openadaptor to your middleware (in case your middleware is not of the systems supported directly by openadaptor). How can this make things easier?
Well it won't (if we ignore all of the openadaptor features like data transformation, filtering, field mapping etc.) if you have to write your middleware adaptor.
However, given a strong open source community who see benefits in using openadaptor, there will be a good chance that someone has already written an interface to your middleware of choice, or if not, they are doing. Or you can, and get the credit and warm fuzzy feeling when someone else uses your component.
Anyway, more complex systems means more work for me, so I guess this is a good thing after all!
Smiley acknowledged, but openadaptor was written to remove the tedium of writing similar interface code over and over again, a job it does very well indeed!
Use guest/guest to access openadaptor.org (Score:4)
Jeezuzzz - You are an Idiot. (Score:2)
Re:Bollocks (Score:1)
Additionally, many of the "Old Money" folks in this country are also NOT cutting edge with computers, and stil place great value on the "old fashioned" way of doing anything. Including doing business on a handshake with another actual human.
And to 348, "I'm not tailgating, I'm drafting".
Re:Help me understand...! (Score:2)
Re:Even more importantly... (Score:1)
Re:Hate the banks. (Score:2)
In short: it's the worst piece of shit I've seen in a long time. Would I prefer an open source version? Yes, provided it was tested properly by somebody else than its developers. I would like to see banks stop developing their shitty propietary packages and start using the same software (propietary or open-source).
Your argument about propietary software is not valid since we're talking about client software. What they do on the server side is the bank's business. All they have to do is provide some standard, secure way of communication.
Re:Leap of Faith (Score:2)
Which do you think would be harder to discover: an open source program that skimmed pennies, or a closed source one?
Re:Help me understand...! (Score:2)
Re:Help me out (Score:2)
Re:Cut it out! (Score:1)
Re:Use guest/guest to access openadaptor.org (Score:1)
Re:How will this fit with XML? (Score:2)
Script Kiddie's control online banking (Score:1)
I know, this software doesn't actually run the servers, it just interconnects them. Still, too much knowledge in the hands of those with too little intelligence can be a dangerous thing.
Still, it's great to see major corporations not only using open source, but opening their internal tools to open source. One more point for the good guys.