Hacker News new | past | comments | ask | show | jobs | submit login
Deutsche Bank makes source code publicly available for the first time (db.com)
482 points by Khaine on Oct 8, 2017 | hide | past | favorite | 201 comments

This is mostly a PR move. I currently work at DB, I can say that they make it look nice from the outside, but when you get here what you find is a large mess. It's a big difference between a bank and a company that actually ships software. Most of the work here is done in interfacing systems together, and moving data from one place to another. There is no focus on quality, just patching things together and making them work. This is no surprise when a lot of work is done by contractors hired for 6-12 months. Software and tools are old , but I guess this is a know fact. There is a lot of duplication, there are usually 3-4 systems that can do the same thing, when a high level executive decides that then need to create a new one from scratch. Sure there are exceptions, there are people who work on trading algorithms, but these are rare occasions.

These are some of my impressions after some time spent at DB, sorry if it sounds too negativistic.

This is not only a DB specific, a whole banking industry works like that. Systems that have <10 years are considered new ones. To keep things working, just produce 5x more services created solely to move data from one place to another. No focus on programming discipline or sense of purpose and constant fear to change anything, because that could break things and we have not enough tests or monitoring infrastructure to even detect that. But in finances, IT is not on a focus. After all, we're just a "cost center" ;)

I can underwrite this. I am currently working for a(nother) bank. And I want to add that a lot of the legacy systems, procedures and thought processes stem from the misinterpretation of regulations.

When a bank gets a new regulation on their table, they tend to create a department that compartmentalizes the subject within the organisation. That's how we get the exact opposite of what the Agile mindset is. And that's also how we get organisations where nobody wants to work in, except if the pay or day rates are high enough to excuse any suffering. And that's how bad, bloated software is created.

This is my exact experience while integrating with ERP systems in at least four global firms. Except I'd change the phrase "not enough tests or monitoring" to "no tests or monitoring except the ones I wrote".

This is not banking specific, the whole SW industry works like that. I have worked over 20 years in a couple of companies, where SW was an essential part of our products. Yet the quality has never been good, it's a bloat of solving similar problems again and again. Architecture is a mess, even if there are n architects who can present nice diagrams. (I have seen n=1 and n>30, but the fundamental problem is the same)

To extend my thoughts a bit.

Yes, I believe that some sectors might be worse than others. There are metrics and tools provided by the Software Engineering discipline to measure quality of architecture or code. However, they have remained mostly academic. There is no standard metric, which is widely accepted to be useful. And even if some rare(?) company might systematically measure their code base, they don't put the results in the their home page and not even in the contract with their customer.

As long as that does not change, it's just more or less educated feeling where the situation might be better or worse than elsewhere.

I heard some banks still did crazy things like calculating mortgage payments with spreadsheets.

Spreadsheets are heavily used in all financial sectors. Personally I've connected many trader developed pricing spreadsheets to etrading systems at investments banks. Last year I was contracting for a large UK mortgage lender who used spreadsheets for all their product dev & spec. Spreadsheets enable bankers to move quicker than bespoke or vendor supplied solutions, hence their enduring popularity.

I once did some consulting for a very prominent bond fund manager. His main tool was an excel spreadsheet which was the most godawful mess you can imagine. Dozens of separate pages with tens to hundreds of thousands of cells each. I ended up writing some VB code to dump all the formulas into a text file where I could parse them and do some automated analysis (using Common Lisp). It turned out that the spreadsheet was in fact as much of a train wreck as it appeared to be. Most of it turned out to be dead code, i.e. >50% (I don't remember the exact number) of the cells did not figure into the final result.

But the worst part was that there turned out to be a single input that completely dominated the final result, and that input was a "gut feel" that the fund manager had about which way the market was going to move. So after all that calculation, the upshot was that the fund investment decisions were being made based on this individual's intuitions, and the entire spreadsheet was just window dressing. Ironically, the audience for the window dressing was the fund manager and his team because the spread sheet was considered proprietary, a closely guarded secret. That's the reason I'm not revealing the name of the manager. I'm probably still bound by the terms of the NDA.

That was the moment that I realized that much, if not most, of Wall Street is a colossal scam.

Not so much a scam per se, but a colossal example of correlation does not equal causation. At least for the old world traders. Newer hedge funds are definitely churning out returns that indicate something proprietary is going on. But anyone bragging about a gain of +2% over the market is kidding them selves.

Any complicated spreadsheet might be a bug ridden mess, but at least it's one the finance guys understand and can augment themselves.

Alternatively they could wait for in-house IT to take a few years and millions of pounds (add going running over schedule and budget, too) to produce a bug ridden mess that misses.

Programmers tend to look at shitty programs and imagine better ways that it could have been done... In practice the competitor to a shitty program is not a better program, but no program at all. Even shitty software can still make the world a better place, and the preponderance of half-assed bug-ridden brain-dead garbage software should be seen as a good thing.

thank you. I have the feeling that many participants in this overall chauvinistic discussion here see themselves as artists that always produce perfect outcomes, ignoring the history and productivity of the software actually in place.

And on this positive note, you might want to have a look at efforts to make spreadsheets better: https://www.microsoft.com/en-us/research/publication/improvi...

Hell, we even look at good programs and imagine we could have done them better.

>but at least it's one the finance guys understand and can augment themselves.

And more importantly it enables the "money people" and the "1s and 0s people" to work together throughout the software life-cycle. When the people who input the data understand what's going in and the people who read the output know what should come out the black box in the middle is a lot easier to create and maintain.

Trading desks and other tech savy groups overuse spreadsheets so that can minimize their interactions with a bank's underwhelming IT department.

Of course, the above is a generalization, but I stand by the assertion most tech savy bank workers try to interface with Bank IT as little as possible.

It's a fact that you can't ever have enough tests, because, for one, the tests are not tested.

Of course the tests are tested – by the code they're covering, which is also covered by other tests.

That's funny in practice. But does not have to be a problem in principle.

There are ways to test your tests (in a way that does not lead to an infinite regress), and alternatively you can also prove your tests correct; or just use plain old code review.

Working for multiple banks in a another country, i can confirm that this might as well have been written by someone here. It's the same everywhere.

I heard Goldman Sachs is a bit more on the ball.

Day to day traditional banking operations will be slow to innovate. Partially due to the regulatory burden as you describe. But also the perception there is little financial upside for the investment.

Outside of that however change is happening. And you will see new products coming out of "Innovations" groups operating entrepreneurially. My colleagues at WF and JPMC are busy experimenting with distributed ledger tech, mobile payments, global micro credit, and other "fintech." And the rollout of Zelle, instant peer-to-peer cash transfers, happened in weeks not months. Literally I was invited to participate in a beta program around the beginning of summer and a few days later billboards advertising the service started popping up around town ;)

It's worth stressing your point on perceived limitations of financial upside. I work for what is effectively a fintech business within a large financial firm and this is a constant hindrance to innovation because investment tends toward short term gains. I think it really comes down to how low the bar is set for software used by financial institutions with respect to originality and pushing boundaries. There's simply not much pressure to do extraordinary things because clients are accustomed to such laborious, outdated systems and processes. I hear a lot of fluffy talk about leveraging modern technologies and being pioneers but when it comes to building out teams and buying into exciting projects, leadership can't seem to find their wallets unless a client has specifically asked for something.

You mentioned that your colleagues are working on things that break this mold - I won't try to speak for their companies, but in my experience those sorts of experimental projects (e.g. distributed ledger tech) tend to be wildly underfunded and consequently don't deliver much beyond an overblown, hype-building press release.

It's probably worth noting that Zelle was mostly a rebranding of an existing service: clearXchange. Or, rather, a branding, as prior to the Zelle name, no one advertised the underlying clearXchange network.

I strongly agree with your general point. Just like any extremely large business, there's small sects pushing forward in various ways, while the vast majority toils away on SSDD stuff.

Sounds just like the investment banks I worked for. The software is just accretion of patches and fixes.

Betas and hacks that make it into production because no-one is allowed to re-engineer things correctly.

Imagine in 2017 still having to run IE6 because there's a web-ui written in a COBOL system back in early 2000 that everyone is afraid to touch. And supporting Solaris 2.6 for similar reasons. You don't have to imagine.

i appreciate the thoughtfulness of this thread very much... obviously, defintely hit a nerve.

and I agree with everything that's been said. i've been talking with a couple different banks (across the US) and they all are sharing the same concerns, whether their systems are VB6 or newer.

i'm with a group of machine learning and software maintenance folks who are trying to build tools to make refactoring/ migration/ speedups easier. if anyone is curious, we'd love to get feedback on the tools, see if they might help in similar situations, or could be improved.

>but when you get here what you find is a large mess.

Had a friend that worked at BBVA Compass. Same deal: huge mess, overworked employees, and awful experience setting up and getting into a workflow.

Somebody told me that at Lloyds Bank, the core standing order system is still written in pounds, shillings and pence. There's just a translation routine sitting on top of it.

It seems more like a move to get people to standardise on the DB code as a means to send trading instructions via Symphony,

OT: Imagine you hire somebody and this person publicly posts that some of your company's work "is a large mess" after you worked months to improve the situation. Even if DB hasn't deserved any credits for this "PR move", is this fair?

Why is a PR move worse than an employee who publicly badmouths his employer while being on the payroll? And why is this tolerated (upvoted) when it's a large corporation?

Edit: thanks for downvotes (this was expected)

It's perfectly fair to point out how things actually look in practice. It's upvoted because it presents another (probably more realistic) picture instead of the marketing spiel that DB wants you to believe.

Why do you not think that employees should be allowed to discuss how their workplace looks in reality?

Get ready for a data dump of 40 year old COBOL code /s

But in all seriousness, this is a great step forward in institutional software. Open up software to further progress towards standardizing an industry's software interface.

I would love for a few banks to dump all their old COBOL code on to GitHub. Not because it would necessarily be useful for anything, but simply because it would be fascinating to read... There is actually very little open source COBOL code available, of the massive quantities of COBOL code written over the decades the vast, vast majority of it remains closed source.

Sadly I think a lot of it is just going to be lost to history... at an old employer of mine, I remember we had a store room full of old 9 track mainframe backup tapes – the mainframe had been retired and we no longer had a 9 track tape drive to read them with – I wonder if they are still there now – ideally they'd be sent to some sort of archive – they couldn't be released now without vetting because they would have contained confidential information (e.g. employee payroll information, customer data), but a century from now when all of us are dead who cares if our confidential info gets released to the public then?

> a century from now when all of us are dead who cares if our confidential info gets released to the public then?

I'm reminded of Vernor Vinge's far-future scifi "A Deepness in the Sky," where "programmer-archaeologist" is one of the occupations. (along with "programmer-at-arms")

As I keep saying. Some people chuckle about Warhammer 40k Techno Priests. The only people in the warhammer universe with some chance to understand the centuries old compuer systems and machines. Other people work with legacy systems.

It's pretty genius how they've turned ancient maintenance routines into prayers and rituals in order to preserve the knowledge and scale out the work force

We do it too. I hold my breath every time I kick over an old server that it comes back again. They just formalized it.

The oldest occurence of this idea that I know of is in Asimov's Foundation series, where a class of priests preserves knowledge about nuclear technology and robots.

it might lead to cargo culting though, already hoards of programmers are chanting refrains of "_ considered harmful" and "_ is the root of all evil" ... ;)

It's deliberately _worse_ than cargo culting in Warhammer 40k. That universe is deliberately set up to be as bleak and cynical as possible. Partly just for fun, partly to serve the game a justification why any faction would get into a skirmish with any other faction (including itself).

knowledge is a priesthood

The Tau might be able to reverse engineer?

I’ve just been listening to that. It’s remarkable how much AI can already do, compared to the limits assumed in the story.

And how technology starts hijacking people' minds. From HN, one year ago and a few days ago:



those are more to 'reading' source codes to find the functionality you want, but I do get what you mean

> "but a century from now when all of us are dead who cares if our confidential info gets released to the public then?"

Your descendants probably. Especially if grandpa earned a lot of dough which by heritage would be theirs now. Or just for the sake of privacy. Would you care if your private social network data was dumped after your death?

To me, when I sign up for confidential that means now and always. Not until death do us part.

> Your descendants probably.

Go back three or four generations, and most people can't even remember any of their ancestors names. Why should I care about the privacy of people who died long before I was born, and whose names I can't even remember?

> To me, when I sign up for confidential that means now and always. Not until death do us part.

I guess it is a matter of personal preference. But why should I care about what happens to my personal info long after I am dead? Once I am dead, and my children are dead, and their children too, and nobody alive can even remember who I was–what difference does it make to me then? (Maybe 100 years is too short, since a century from now I might still have living grandchildren – but I think the principle is sound whatever the exact timeframe should be.)

Although I agree with you in general, to play the devil's advocate, it's also possible that the current state of affairs is a side effect of the state of record keeping over the past couple hundred years.

Given modern data storage paradigms, with perfect[0] recording of a wide range of data, it's entirely possible that people might care in the future. For example, if you have an ancestor who was near-sighted, you are automatically disqualified from any colonization missions (regardless of your own eyesight) due to the presence of potentially-flawed genes.

It would be similar in concept, if not degree, to the Nuremburg Laws[1], which were only made possible by the meticulous record-keeping of the pre-WW2 German bureaucracy. Whether or not those records are used for malicious, distasteful, or nefarious purposes at some indeterminate future is not something we can control or predict effectively today.

[0]: Reduced human error

[1]: https://en.wikipedia.org/wiki/Nuremberg_Laws#Classifications...

> For example, if you have an ancestor who was near-sighted, you are automatically disqualified from any colonization missions (regardless of your own eyesight) due to the presence of potentially-flawed genes.

I don't find the future you describe very plausible. Keep in mind that you only inherit (on average) half of each parent's genes, a quarter of each grandparent's, an eighth of each great grandparent – so even if your great grandpa had some nasty health problems, odds are you didn't inherit whatever genes might have been responsible for them. Also, don't you think by then, our knowledge of human genetics will likely have advanced to the point that we don't need to assume you might have bad genes because your ancestors had health issues, we actually have a complete sequence of your individual genome, along with a much better understanding than we have today of what all those individual genes do?

Not the person you responded to, but I think that the point of the analogy was to illustrate that information can be used in unanticipated ways. Shifts in politics have frequently resulted in the persecution of formerly innocuous people and groups (see McCarthyism). Greater and greater data processing and storage will inevitably be turned against various targets. While we can’t prevent that entirely, we can at least have a forward view when making decisions at present.

Exactly. Money obtained through heritage being one thing. Cancer in the family raising health insurance another (if all open information shows cancer they can assume next generations will as well). Near sighted raising car insurance. Grandpa being a bank robber making kids have a hard time in preschool (or probably be a hero nowadays). Grandpa being a kid high school shooter being disclosed. Sex offenders. Well, you get the point. Confidentiality is not something to let forgo easily. Once lost it can never be obtained again.

So while you may be comfortably dead your descendants may pay the penalty in unexpected ways. A suitable time frame would probably be beyond centuries but rather like today finding Neanderthals (prehistoric men).

This is all apart from the breach of contract in a social sense.

>Would you care if your private social network data was dumped after your death?


For a probably extreme but real example, I think I would prefer my Grandfather's specific duties with the Atomic Energy Commission in the 1940s not be released. I don't even like talking about what kind of scientist he was in some crowds.

> I think I would prefer my Grandfather's specific duties with the Atomic Energy Commission in the 1940s not be released

Is your preference that they never be released, or not released in your lifetime? How would you feel about them being released a thousand years from now?

I think 1000 years would be fine.

EDIT: I felt unethical saying this and have since changed my mind. I plan on no children but my cousins have children and I can't be sure what they would want.

You are not responsible for the acts of your grandfather.

I'm sure the inventor of the time-travel machine will be very happy with such a treassure :-)

I would actually appreciate that. I recently dealt with a DDF file that was 780 columns of tabular data.

Looking at the code I cannot find any finance related code (searching for the terms bond, swap, future). So it must be a communication protocol only but doesn't cover the products. Why not using a simple REST API then?

There are a big likelihood that they used german terms since it's a german bank. Sourcecode written in other languages are not funny to read.

I very much doubt so. Most of the IB, even at Deutsche Bank, doesn't speak German. And from what I can tell it seems to be in English.

I tend to find source code comments written in German quite often.

More like a lot of Java code based on knowing someone whose worked for DB at least at City of London anyway. I think most banks are doing JVM nowadays if I'm not mistaken.

I would much prefer a bank using that over, say, Python

I bet it's Java.

Great move. I really believe in the "free software, free society" idea of the FSF. After this batch, I'm sure there will still be a lot left to open source, but it's definitely a big step! If we're fortunate, others will follow suit.

Germany is a great country for stuff like this. They have a relatively high share of Linux users, OpenStreetMap usage, etc. I feel like they're very critical towards their own country and don't take things for granted (not the "we're so proud of our country" idea). As a Dutchman, I like Germany.

As a related note, the FSF has a sister organization here in Europe, the FSFE: https://fsfe.org/

And to underline your point - its main office is in Germany :)

> Germany is a great country for stuff like this. They have a relatively high share of Linux users, OpenStreetMap usage, etc. I feel like they're very critical towards their own country and don't take things for granted (not the "we're so proud of our country" idea).

This is especially also the case, because of the post-WWII history of East Germany. The Stasi managed to subdue the entire population, mainly with surveillance methods.

And this was before the internet. When they still had to actually go out and infiltrate people's homes in order to place down bugs (microphones).

The worst part about this for me, is that this is not just an unfortunate fate that Germans in particular have to be worrisome about. The only reason other nations are less worried, is because they're collectively less aware of this having happened, of it being entirely possible for this to happen, again.

And this is why Germany is the only country where, due to privacy reasons, people still use Firefox as the most used desktop browser.

But considering that Firefox now also spies on your entire browsing history with CliqZ, not even they are trustworthy anymore. StaSiFox, ffs.

tbh i think that germany is lagging in digital, its a shift that if they dont take right now could cost them long term. something that event merkel commented recently.

mobile internet is very expensive, 20 eur for 5gb, there is almost no street view, blocking content on youtube. high percentage of german startups are just copying ( famous rocket internet ). that are just some examples, that are not so great starting point to become leader in digital.

I have to agree. Add a lot of stock listed large companies which have not invested in IT and infrastructure for the past two decades apart from compliance enforced maintenance and Germany is basically 3rd world... startups also are lacking value. Looking at Berlin you kind of say „oh this is a copy of ...“ most of the time.

> When they still had to actually go out and infiltrate people's homes in order to place down bugs (microphones).

Actually it was far easier than that: 1 in every 6 Eastern Germans was knowingly or not, voluntarily or not, a Stasi informant.

I don't understand what exactly this code is about but I have problems imagining the Deutsche Bank as a company that acts "for the greater good".

As a german I envy you for your drug laws.

It seems to be about standardising communication between desktop applications using an RPC broker server (Plexus Interop). It’s aimed at traders, who often use multiple desktop applications (for trading, news, comms) in various runtimes (Java, C#, Python, etc). This tool is some at creating a standard platform enabling those other tools to communicate with each other. I guess like a sort of cross-runtime service bus with service discovery.

(I don’t work in FS, this is just what I can gather from reading the docs).

DB just like every bank in EU actually is legally forced to make some compliance changes for interoperability.

Thus releasing this and possibly pushing workload and costs onto other banks from business side makes sense.

This seems to tie into bolstering the Symphony platform.

AFAIK it's also the only first-world country where Firefox has the (slight) majority market share over Chrome on desktop.

That's going to change in the next days, when the media's gonna publish the news that Firefox now partnered with Burda Media Group to track your browsing history in Germany.

See the HN thread from friday, where Mozilla employees even defend it as a good thing that Firefox by default now sends everything you type into the URL bar to CliqZ.

Not involved with Mozilla... But.. Was this not the case with Google for years? Also that's always been configurable. It's not a hidden config setting either. Mozilla can do whatever defaults they want they'll just get overriden when I login to my Sync account unlike Chrome though my data is encrypted and mine not theirs.

> It's not a hidden config setting either.

Yes it is now

> they'll just get overriden when I login to my Sync account

They explicitly won’t, the new feature overrides all your synced settings and explicitly defaults to sending all your URLs to the ad and tracking company Burda Media Group.

According to this map (2017) Chrome is the majority practically everywhere, besides some Central African countries. https://upload.wikimedia.org/wikipedia/commons/e/e1/StatCoun...

That map probably includes all platforms. If you restrict it to desktop(as I mentioned in my comment) Firefox comes out ahead: http://gs.statcounter.com/browser-market-share/desktop/germa....

Germans also are very conscious of online privacy, which is very important in this post-Snowden world we live in.

Do you also believe that the Banks really believe in the "free software, free society" idea of the FSF?

I believe not.

I went to a Deutsche Bank Hackathon last year in Berlin where they announced opening up their apis. https://developer.db.com/

They touted it as being innovative and open but in the end all Banks are required to open up when PSD2 comes into effect next year. Seeing this release, maybe they have honest intentions for being more open, but it being Deutsche i still have my doubts.

I used to walk around other countries bragging about German online banking, given that we have a standard that has been iterated upon (HBCI/FinTS) over decades and you can pretty use any online banking software with any bank.

A few years have passed since then and most germans banks are still the same. Meanwhile you get instant wire transfers in a few countries.

When I think Deutsche Bank and innovation, I think of my phone calls with Deutsche Bank about disappearing money and them telling me that I shouldn't be surprised if the online banking doesn't actually reflect my real balance and 3 day same country wire transfers. A friend of mine has a consulting company that claims that theyre trying to change their internal structures though.

I think of shitty support and paper faxes because of "security". The latter might actually be a prevalent problem in german society though.

I work in Gvt. Healthcare. They've been spending 1 year trying to define an API for activating the new healthcare smartcards. It has 3 API calls, it's not done yet, and it's SOAP only. And then the leadership has been trying to get government support to mandate by law the forced usage of their crappy APIs.

Germany is a digital dinosaur, no matter how much these old tycoons come to the bay area with their newly appointed chief of innovations for a week they won't get it, because they never had to compete on anything to get it.

User experience is a completely foreign concept to them.

And yet, dealing with retail banking in Britain makes me yearn nostalgically for the days of yore when I was banking in Germany. I liked DKB the best, but even Deutsche Bank was miles ahead of eg HSBC in terms of online banking.

(A few challenger banks like Monzo are trying to give Britain decent retail banking. I wish them luck.)

Having just moved to Germany the obsession with physical paperwork for various reasons is somewhat astounding.

As a Dutch person living and working in Berlin for some years now I can confirm the astounding gap between the state of digital banking between two wealthy neighbouring countries. The Dutch are practically light years ahead of the Germans on this one. This I say as a consumer and having worked in Dutch banking IT for 10 years.

This exactly what I'm experiencing too. Just moved to Berlin, and have lived in Canada && Sweden previously.

Germany requires a lot of high-touch interaction to get anything official done, but in Hungary I have to sign seven (seven!) pages in order to send a DHL letter. So it can be much worse. :-)

When receiving packages from outside of the EU, you'll have the pleasure of going to the Zollamt in Germany.

At the Zollamt you'll get to enjoy standing in at least 3 separate and consecutive lines. Only to pay import taxes. Something that could have been done faster, cheaper and more conveniently by sending an invoice.

> Something that could have been done faster, cheaper and more conveniently by sending an invoice.

This is how it works if the seller fills out CN22 properly and the customs officials believe the declared contents/value.

I have several times received packages with duties that I paid on delivery. No need to travel to the Zollamt.

I have also been to the Zollamt when they suspect the package contains something else than what is on the shipping manifest. They're always quite giddy to catch you doing something not allowed and always end up terribly disappointed and grumpy when it's exactly as described and then you just pay VAT.

That's awesome. Love the process.

A lot of this has to with legal definitions from a pre-digital time. Fax is considered a "secure transmission", so it's hold actual weight in the German law system. Emails? Not so much. Especiallly when working in healthcare this can be an immense logistical issue, shuffling paper prescriptions around between 3-5 parties ain't no fun and leads to prescriptions being lost in the process and a lot of beurocratic overhead.

It's a combination of both. Disclaimer IANAL I just tend to talk to them.

Digital signatures by themselves only provide non repudiation of the sender non the receiver. When in court, you as a sender will have to prove that the receiver actually received the data. § 371 ZPO [1]

When sending a Mail per Einschreiben, the receiver instead has to prove that he didnt in fact get the message. Why that also applies to FAX blows my mind though.

AS4 and AS2 respectively solve this in a way, because the receipt is part of the protocol and successful transmission. From what I understand(I might be wrong) its traditionally used for EDI in supply chain systems [2]. Drummond certifies that your product supports the standard correctly some people make a lot of money and you're good to go(it's XML and SOAP though). Apparently the EU is looking at using it.

Here's where the german bureaucracy ruins everything though. The law stated above mandates from what I understand(again IANAL) that you use DE-Mail for communication to flip the procedure stated above. DE-Mail requires the use of a trust center, a third party that receives the message and forwards it. The only other way to flip the evidence case is by using your own contract, which german lawyers avoid, because they might be liable in case something goes wrong.

[1] https://dejure.org/gesetze/ZPO/371.html

[2] https://www.rssbus.com/mft/img/AS2-Diagram.png

> When sending a Mail per Einschreiben, the receiver instead has to prove that he didnt in fact get the message. Why that also applies to FAX blows my mind though.

Fax has a built-in transmission protocol and the receiver confirms that the transmission succeeded.

When I moved here I was quite surprised with the stone age ATMs compared with what we had in Portugal almost two decades ago, where all kinds of services were available (train tickets, concert tickets, charging mobile phones, internet payments, ...) and best of all, at no additional charge regardless of the bankcard origin.

Actually, in November, SEPA ICS comes into force.

All bank transfers have to happen in 10 seconds or less.

I hadn't heard of this before! Here is more info: https://www.europeanpaymentscouncil.eu/news-insights/insight...

SOAP in 2017? Yikes. Design by committee?

SOAP is bleeding edge in banks. Many still pull and push files to/from (S)FTP

I've done integrations with the SAP systems of a few companies. They all had problems with calling SOAP and preferred integrating through SFTP. Apparently SAP programmers have a problem using SOAP or any other sane endpoint.

Yes, but surely it's possible to jump straight to REST or beyond.

Of course it's possible.

I mean, arbitrarily picking whatever happens to be a popular comms protocol, with no regard to its functional validity, was how they got to SOAP in the first place.

Probably the only thing stopping them will be the byzantine budgetary processes that quasi civil services have.

If you're willing to invest a gazillion dollars:

- re-implementing all the processes at the receiving bank

- re-implementing all the processes at the sending bank

Isn't PSD2 for retail banking / deposit accounts? This API I believe is an Investment Banking product.

I don't know C#. Should I assume this is the way to write comments? That's just terrible.

  /// <summary>
  /// Log a message with the specified <paramref name="logLevel"/>.
  /// </summary>
  /// <param name="logLevel">The level of log entry.</param>
  /// <param name="exception">The exception to log.</param>
  /// <param name="message">The format of the message object to log.<see cref="string.Format(string,object[])"/> </param>
  /// <param name="arg1">The first argument for message formatting.</param>
  void Log<T1>(LogLevel logLevel, [CanBeNull] Exception exception, string message, T1 arg1);

That's not comment, that's the description of the function and of its arguments. That feeds automatically into intellisense, and ships with the binaries as meta data, and can be used to auto-generate the documentation of your library

> I don't know C#. Should I assume this is the way to write comments? That's just terrible.

It's not an essential part of the language. It's something that is used by the IDE and doc-generation tools. Comments inside the method that follows will not be so verbose (one hopes).

Yeah, that's the standard way to write comments. It looks terrible but it's not bad to write because Visual Studio auto-generates the comment skeleton for you.

It’s not the standard way. It’s the standard way for documentation so Intellisense can provide information about the function. The standard way still uses C/C++ style double slash ( // ) and multiline style ( // )

Muliline style /

I meant the slash-asterisk comment asterisk-slash, but apparetly HN saw the two asterisks as markup...

Embedding XML inside a C-comment (as a standard) is just fucked up. Do you have correct syntax highlighting with that? (I don't. But even if emacs would understand this, it's still wrong)

C++ with Doxygen and Java with Javadoc are much saner formats for this purpose.

What's even worse is that Visual Studio 2015 just vomits out that the XML is malformed when I have C++ headers with Doxygen style comments in them. It detects the three slashes and tries to apply C# XML docs parsing to them and that of course fails. Meanwhile NetBeans can handle them no problem and display parsed docs in pop ups.

Yeah, it's a mess. F# got it right, use triple slash to provide a summary. C# should have at least gotten that, instead of forcing so much XML all the time.

Interesting, I would have expected Java or C++ but it turns out to be C# and Javascript.

There are a bunch of Eclipse xtend files (=Java) around there as well.

Says public domain in the post but all the code says Apache, weird~

Article author probably doesn't realize there's a distinction between "publicly available" and "public domain"

Article author is probably a lawyer (or at least proof-read by a lawyer), so that sounds strange.

German law doesn't have a public domain, so Apache license is as close as you can get.

Why wouldn't MIT or BSD License be closer?

Apache2 has an explicit patent license.

On a side note, I find the design of their website to functional but tasteful.

Their promoted research-paper is also more engaging (and less bloviating) than I was expecting:


>Ironically, the political compulsions imposed by the aging population are one reason for this. For starters, 56 per cent of Germany’s voting population is above 50 years of age. The members of the major political parties are on average 60 years old. This has led to an implicit consensus between the government and the people, to maintain the cosy status quo for as long as possible, hoping the day of reckoning might only affect following generations. A literal endorsement of Keynes’ maxim, “in the long run we are all dead"

I'll have to read through all of it before I can tease out its agenda.

What a misleading title, instead ...

DB is releasing a small program for interop into the public domain to encourage others to use it too.

One of their competitors, Dresdner Bank, did something similar in 2001 when the open sourced their messaging middleware code as Openadapter. https://github.com/openadaptor/openadaptor It's pretty good and I actually used it at a commodity trader, but this kind of integration is pretty niche and while Openadapter is still around it never caught on in a big way. I expect that this will be similar - hardly anybody else will have the same mix of systems to connect to and it's unlikely to have a very big impact.

Flashback! I worked for Commerzbank back in the day (which ended up absorbing Dresdner). Anyway, I had to work on plugging various CB systems into the Dresdner openadaptor. I met the guys behind it (they were on the floor below me) Really nice chaps. If memory serves they ended up leaving essentially due to the merger but they were really helpful in the time before they left.

Even the largest banks are hurting maintaining proprietary software across the compete range of businesses - there is a multiplier effect as one proprietary piece demands another close to it, and eventually devs get sick of seeing the OSS world acclerate Away.

"Computer code of Deutsche Bank" sounds so German and so cool :)

The bank has the distinction of being mentioned in Kraftwerk’s 1983 song Computer World:

”Interpol, Deutsche Bank, FBI, Scotland Yard, Flensburg und das BKA, haben unsere Daten da.”

Or Rammstein's "Achtung, computer code of Deutsche Bank!"

That is very prescient of them! I now hold them in even higher regard.

Prescient? It was already true back then.

Maybe the not exactly right word. They had, back then too.

Maybe it's just that we are soooo deep down shit creek with no paddle now, that it's easy to forget that you could already tell clear signs of "big data vs the citizen" back in the 1970s if you just looked around you.

The rest I understand but why Flensburg?

The Federal Kraftfahrt Amt is in Flensburg. This is where the records are kept for drivers who get points.


I left Deutsche a decade ago, but if I remember correctly that code was written mostly by their employees in Moscow, with specifications being driven mostly by the business users in London and New York.

I’ve never worked at Deutsche but I know several people who have and some who still do – the dev team seems fairly distributed as it usually is with the top tier banks. They definitely have devs in London, but a lot of the lower level positions are indeed outsourced if I recall correctly.

"I'm the operator with my pocket calculator"

"...code from its award-winning electronic platform Autobahn"


Enterprise OO Garbage is alive and well.

How would we prevent this? Asking for a friend.

Just refuse to play the insane Java/C# Enterprise OO game. Kotlin would be a good alternative but my preference would be Clojure where brevity and simplicity are valued.

Or just don't be redundant in any language. Unless there are multiple types of a "SerializationProvider", the name could be shortened to "ProtobufSerializationProvider"

And if there are multiple types of "SerializationProvider" (ie. there's an unrelated "CachingSerializationProvider ") then the name is unfortunately long, but accurate

I think the main problem is not in the name of that class, the name is just a side effect of a bigger deeper problem.

What problem? DI is really useful if you're pragmatic about it, misuse is not really a property of a particular language

It looks like they may have convention to put name of the base class/interface in the type name.

personally I find Java EE nauseating

Don't prevent them, encourage them.

The next guy who work on your code will be happy to have variable and class names longer than 3 characters. Short names are evil.

It's unfair to label this as "Enterprise OO Garbage".

It's simply a verbose name.

It is OO garbage. The giveaway is "Provider". The ball of mud that is OO inevitably necessitates enlisting an army of services, proxies, factories, builders and managers simply to work around the complexities of OO. Even if you have a simple problem OO tends to make it complex.

So how else do you implement that functionality, allowing you to choose the serialization protocol at runtime?

You need some data structure to combine the functionality for serializing and deserializing, and you then need some function that can, depending on context, choose the correct such data structure.

And now you've got your transportprotocolserializer, transportprotocolserializerprovider, and transportprotocolserializerproviderfactory

Even in Haskell or Scheme you'd end up with the same data structures and functions, one that does TransportProtocolEnum -> TransportProtocol, one TransportProtocol -> Data -> SerializedData, and one TransportProtocol -> SerializedData -> Data.

If you want to allow at runtime configuration of the transport protocol of each service, you still need the same structures and functions.

Or how else would you implement it?

Have an interface for Serializer, with N (> 1) implementations. Write the code to decide which to implementation to use in whatever place is appropriate for the desired functionality. For code that don't get to decide, pass the Serializer instance in.

You can interweave everything into one long function full of ifs and switches. E.g. procesurally. Not saying it is better.

> You can interweave everything into one long function full of ifs and switches. E.g. procesurally. Not saying it is better.

No, you cannot, since you want to dispatch to components that you don't even know of (pulled in via class path or extension DLLs). Components that have not yet been written and will be provided by another team or 3rd party and never compiled in, but just added to the extension directory of the application.

It's getting a bit tiring hearing cargo cult JS developers talk the talk, but walking backwards in their blissful stench of second level ignorance.

Verbose languages encourage a culture of verbosity which in turn produces verbose architecture.

What's wrong about it?

Are you sure this is not a German thing? /s

protokollprellbockverkehrprotokollserialisierunganbieter would be a lot catchier and roll off the tongue with ease.

let's see

what's wrong with pbtpsp anyway?

Pretty much everything? I hope you was just joking.

That made my day...

That doesn't seem like Enterprise OO bloat, just overly verbose naming.

They could've called it ProtobufSerializer or ProtobufProvider.

They tend to cluster together in my experience. That one was picked at random in the first file I looked at which implies there are much worse offenders in the rest of the codebase.

Can someone please give a few specific examples of what this software does?

Autobahn is a realtime platform to buy and sell currencies.

Thank you, but I did read that summary in their press release.

For example, what features does it have that would let me buy and sell securities?

Looks like Plexus Interop is yet another middleware abstraction layer. Dresdner did something similar 15 years ago when they open sourced Open Adaptor. There's no special source here - no interesting pricing, risk management, quoting, order management or hedging functionality. The source code to Autobahn should be more interesting if it ever gets released since it's DB's single dealer platform across all asset classes. It should include some interesting trading logic.

I can tell you that this is probably in response to the massive law suits banks are dealing with because of how they have cheated using their software.


Well, I was trying to submit an issue, but got this:


We're writing to let you know that the group you tried to contact (plexus-interop) may not exist, or you may not have permission to post messages to the group. A few more details on why you weren't able to post:

* You might have spelled or formatted the group name incorrectly. * The owner of the group may have removed this group. * You may need to join the group before receiving permission to post. * This group may not be open to posting.

If you have questions related to this or any other Google Group, visit the Help Center at https://support.google.com/a/symphony.foundation/bin/topic.p....


symphony.foundation admins



Thanks for raising the issue - we have fixed the mailing list (google groups) so now posting is allowed even for users that haven't yet joined the list.

For completeness:

- This is the mailing list archive https://groups.google.com/a/symphony.foundation/forum/#!foru... (fairly new, but we can't wait to see your traffic) - To subscribe to the list just email plexus-interop+unsubscribe@symphony.foundation

We will follow up with a much more comprehensive set of technical information, but in the meanwhile all docs are hosted at https://symphonyoss.github.io/plexus-interop/.

Worth noting this part:

> The bank will put over 150,000 lines of code from its award-winning electronic platform Autobahn into the public domain

If this is indeed correct, there's no licensing BS, no control of what you can do with it like most free software. This is pure and simple public domain.

Not exactly. Public Domain doesn't exist under German Law, so they did the next best thing: Apache2.

No licensing shenanigans - as per our bylaws https://symphonyoss.atlassian.net/wiki/spaces/FM/pages/11797... we currently only accept contributions under the Apache license v2.

As someone who works in what I believe is one of the more progressive software development teams here at DB, there's definitely a desire to open source more of the work that happens here. The issues are inherent to any company employing ~100k people, however: bureaucracy, regulation, and general internal conflict.

There some higher-ups that seem to understand the benefits of a more progressive approach, so I do think you will see more of this sort of activity, however, it'll take time before this becomes widespread within the company.

It's a massive challenge but one that finally the industry is waking up to. It's not easy but having a massive support from the industry (http://symphony.foundation/#members) definitely tells me we are on the right path.

Said that, we need all the help we can get, so we'd love to see such passion consolidate in the Community we are trying to build.

We'd love to hear from you in any of our lists https://groups.google.com/a/symphony.foundation/forum/#!over... and even better we'd love to see your issues / patches / comments at github.com/symphonyoss.

Heh. https://imgur.com/TlyTwXG

I love bank "security".

Now we can seen how to implement a atomic transaction which is bank-safe

Sorry, if I don't share the general enthusiasm... Making it opensource mostly helps DB and malevolent people. DB can get bug fixes for free, and malevolent people can now make fake versions of Autobahn that MITM every orders that the traders make. There is no benefit whatsoever for clients...

I completely disagree, but that's you would expect as the Executive Director of the Foundation (http://symphony.foundation) that is trying to drive these banks in embracing open source and open collaboration as a better way to build technology.

I do believe that end users will benefit by these firms not reinventing the wheel and building innovative, more interoperable and ultimately better technology.

I, my team and I know I speak on behalf of our Community are committed to this level of transparency.

Finally the beauty of open source is that you don't have to trust a PR article, just go look at the code at https://github.com/symphonyoss/plexus-interop and decide for yourself.

And if unsure reach out to the plexus-interop@symphony.foundation mailing list, it's all in the open!

Does anyone know what license they plan to use? That could make a big difference.

This is their foreign exchange trading platform. It is very high volume.

I did bother to read the 7 paragraphs.

My question is basically that - OSS existed for decades; why only now in big finance?

That their clients wanted such a trading platform... is that the reason you are saying was plainly stated?

Where is the code?

I wonder if the openness of cryptocurrency and blockchain tech prompted this in any way.

edit: can someone explain why I'm getting downvoted?

That + bloomberg hate + symphony's ridiculously good reception in the markets. Symphony's starting look like it could be finance's heroku/slack.

Bloomberg hate is really only the management level. At the user level, it's mostly love. Of course, by and large, the user does not directly foot the $20K/year bill.

truth (and Stockholm syndrome).

Because the reason is plainly stated in the article if you bothered to read it. Also, OSS existed for decades before the blockchain came along so to question any correlation between this and that would be absurd.

I did bother to read the 7 paragraphs.

My question is basically that - OSS existed for decades; why only now in big finance?

That their clients wanted such a trading platform... is that the reason you are saying was plainly stated?

Aren't banks allready shifting over in larger scale to quntum computing? Would also explain the openess from a bank. Though national banks and nation state backed banks are imo often quite a few steps better than the rest - then again at times even though publically supported fks up like Nordea.

I have not seen any evidence that banks are shifting over to quantum computing. As far as I can see, quantum computing itsself is far from useable in any production setting -- it is mostly in early R&D stage.

It's not exactly "computing", but you can buy some quantum crypto systems for doing key distribution: https://en.wikipedia.org/wiki/Quantum_key_distribution#Comme...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact