Hacker News new | past | comments | ask | show | jobs | submit login
Bernie Madoff’s unwitting accomplice: The AS/400 (2009) (archive.org)
60 points by richardfey 57 days ago | hide | past | favorite | 49 comments

The real story is that Harry Markopolos sent a 21-page memo to the SEC regulators, entitled "The World's Largest Hedge Fund is a Fraud".

In it where 30 red flags that he believed proved Madoff's returns could not be legitimate. But nobody could even understand it. Its was no fault of an AS/400 but of something else who also start of AS

"Markopolos: I gift wrapped and delivered the largest Ponzi scheme in history to the SEC"



The SEC would not be able to organize a Party in a Pub like they say in the UK....

> a Party in a Pub like they say in the UK....

(Brit here) "a piss-up in a brewery" is more common albeit less polite.

There's a great book by Harry Markopolos and his quest to expose Bernie as a fraud for years called No One Would Listen. It's a fascinating read although a tad infuriating: https://www.audible.com/pd/No-One-Would-Listen-Audiobook/146...

Well, to be fair. I'm pretty sure Bitcoin is a sham. And there are PLENTY of people who believe Tesla shouldn't be going up in value.

But both are rocket ships.

I look forward to reading your book about how nobody listened to you back when you called it in 2021!

I presume you are being sarcastic. And you have every right to be - there are plenty of false prophets who can't predict the next recession.

The thing about Bitcoin and Tesla - I can find LOADS of people who believe it should crash. LOADS. But they keep going up. We should buy the book of the people who can explain them going up.

I wasn't being sarcastic. More like tongue in cheek. I agree with you. I think Tesla is completely overleveraged. I'm not sure about bitcoin.

The specific machine type is moot and just clickbait. The way I heard this one, the crux was the machine he used was not network connected. Madoff needed to be able to calculate customer account positions after he already knew the share prices. Due to the lack of network the machine needed the prices input manually, which introduces a delay. So he could select which shares customers had "purchased" after the fact. If he bought modern off the shelf software it wouldn't necessarily have this quirk where you could retrospectively decide which shares the customer owned. He may have found it hard to justify asking someone to write new software for a new machine with this feature without them getting suspicious. So he kept the old machine going.

> If he bought modern off the shelf software it wouldn't necessarily have this quirk where you could retrospectively decide which shares the customer owned. He may have found it hard to justify asking someone to write new software for a new machine with this feature without them getting suspicious. So he kept the old machine going.

As mentioned in the link referenced by this comment[0]:

> Perez and O’Hara were found guilty for their role in the fraud, and were sentenced by U.S. District Judge Laura Taylor Swain to two-and-a-half years in prison, which was the minimum sentence.

So even for the old machine that they continued to use, its programmers were found to be guilty i.e. they knew what they were doing was wrong.

[0]: https://news.ycombinator.com/item?id=29359292#29360041

I see. So they had also added features to it that had enabled the fraud. It wasn't just the older software was accidentally convenient. Either way the AS/400 angle is not really relevant.

It’s worth pointing out that Madoff’s AS/400 ran System/36 RPG II and OCL code in compatibility mode, which made it somewhat more difficult to understand than regular OS/400 code. Nonetheless, a consultant was hired to make sense of the code and he was able to explain its operation to the court, see: https://www.itjungle.com/2016/09/12/tfh091216-story01/

What is this. I was hoping to understand how this computer was deeply involved in the ponzi scheme but I basically learned that he "wrote reports at scale" and no more details.

The whole article reads like a weird, sideways attempt at saying "computers are bad, maybe we should regulate their use."

The original article[1] has a few more details, but to my reading doesn’t blame the AS/400 as helping facilitate the fraud in any special way. It mostly talks about a lack of oversight and culture of secrecy at Madoff’s company.

[1] - https://web.archive.org/web/20100129061850/http://www.iddmag...


However, the "_________ are bad; maybe we should regulate their use" argument is an interesting one. Depending on what you put in the blank, reaction varies wildly. I think most reasonable people don't think AS/400s are inherently bad, but would blame the individual for their misuse. Plug in "guns," "cars," or "drugs," and see what happens. :-)

Toyota pickup trucks are legendary for their use by insurgents; I don't see a lot of hand-wringing over that.

Several years ago, I went looking for a digital caliper. I settled on one from a certain Japanese company. Later I read on Wikipedia that four of their executives were indicted in the 00's for fraudulently exporting measuring devices that were too accurate and indirectly may have ended up in sanctioned countries' nuclear programs.

That seems like a good tagline - "So accurate, it's illegal!"

There's a weird link at the bottom which points to a paper by microsoft about how file systems with user permissions is a bit like having a centrally-planned economy. Doesn't help you, but it added to my confusion.

Exactly. It was an electronic pencil in terms of the importance it had to the fraud.

The key take-away here is that he used a completely separate reporting system from the rest of the company. The implication that it's relatively obscure hardware was a shield to scrutiny is beside the point. Madoff was in charge and if he said this system will be separate that's what it would be no matter what it was running on.

It's probably the architecture he started with in the 1980's/1990's and just kept rolling with it.

Upgrades on the AS/400 are super easy. You basically cart in the new model, and restore from the backup you made from the old machine. It then works for a while updating all the objects & references, and then you're ready to go.

Can confirm, we did this at a previous company I was with. It was actually quite impressive how much of a nonevent it was.

It looks like a columnist attempting to bootstrap the argument that legacy systems foster lack of oversight, or something like that.

And failing.

> The IBM midrange systems have a tremendous feature, backward-compatibility – anything you wrote 20 years ago can be compiled on current systems without any change in source code.

If this is saying OS/400 is backward compatible with old UNIX software, then it's kind of impressive. The team that developed OS/400 apparently had absolutely no background in UNIX.

Reasons for AS/400 seem to mostly be big finance software and municipal software (apparently local governments trying to migrate away from AS/400 to Windows municipal software are still having serious trouble 5 years later). There are other reasons... very stable OS and the rare successful security by obscurity. Migrating AS/400 to Cloud is a thing now, but it is still less expensive to own and run the equipment locally.

He's talking about the binary compatibility of the various IBM system lines.

The binaries of AS/400 systems include an intermediate code binary representation of the program that can be re-translated into a binary for a newer system when one is developed.

If you wrote a POSIX based program in in the past on the AS/400, it would almost certainly run fine on the newer systems. Likewise, AS/400 programs written for AS/400 or iSeries chip based systems will run on the modern Power series OS/400 systems with a recompile.

There are good and bad sides of choosing to build this level of compatibility, but IBM has made doing so a mainstay of their business for a long time.

Calling the iSeries (AS/400) legacy is a bit disingenuous. It is a currently developing system with features that aren't duplicated in the mainstream. At this point, I honestly crave a Unix/Windows alternative to gain some popularity to break the tunnel vision of the industry.

Are there any significant number of iSeries customers that are new? Does IBM have people pitching iSeries solutions?

Like the mainframes, they are a great technology, but represent a business model that doesn’t really exist anymore.

It's only software at this point, though. The AS/400 that the (short, detail-less) article talks about is very much legacy.

Despite the compatibility IBM builds in, sometimes system hardware can't be updated or won't be updated.

IBM kept the defining part of the system and merged it with high performing hardware that requires no separate business division to support.

I think the tunnel vision has been breaking down via the "Cloud OS" that are running language runtimes directly no whatever, basically OS/360 has gone mainstream, but general public still think UNIX/Windows matter on the server room.

Similarly the mobile OSes have more in common with such ideas, than classical desktop stacks.

I don’t think down voters are interpreting this post correctly. I read it as “serverless or function as a service” abstract away the particulars of the host operating system is a similar way that os360 did on the mainframe.

It’s a valid point but not entirely accurate due to the limitations IBM mainframe cics requirement. They say they support other languages, but in reality it’s cobol.

Yes, that was my point.

Naturally I am not speaking about OS/360 in particular, rather the vision that gave us type 1 hypervisors and hardware/OA agnostic runtimes.

I am used to lack of vision, many seem to only understand what is shown running in front of them.

True curiosity - what features does an AS/400 have that aren’t duplicated in the mainstream?

Single level storage, for one - a flat 128 bit address space that covers storage and working memory.

Most computer systems running on an AS/400 use the embedded DB2 database - a well known and understood technology.

Reports would be generated based on the tables, no different from an Oracle based stack.

RPG code is fairly easy to understand as well. Any experienced auditor or consultant would be abe to understand the routines easily. Maybe more easily than a Perl or C stack.

I'm no fan of AS/400 for many reasons, but complexity is not one of them.

I'll dispute that RPG is fairly easy to understand. It wasn't designed as a general-purpose language, it's more like an alternate universe proto-SQL that was twisted into a general-purpose role. With few historical precedents to base it on as of 1959, its designers were flying by the seat of their pants, and it will be expressly alien to any developer who came of age after the early 90s. It's also a product of its time; six-character identifiers, eight-character filenames, and don't get me started on the fixed format (when I describe this to my developer friends, their eyes bug out of their head). Maybe if we're talking exclusively about the modern C-inspired free format, but IME most RPG code was written well before RPG IV, and any company that eager to rewrite their code is going to have rewritten it in e.g. Java instead.

The System/3x family and RPG were designed for customers who were migrating off unit record equipment. Unit record equipment was "programmed" by wiring plug boards, and the unit record machine would filter, transform, collate (etc.) each card in a stack of input cards by applying the rules specified by the wiring of the plug board.

With the fixed formatting and "program cycle", RPG was intended as a sort of skeumorph for technicians who would have been trained to "program" unit record equipment on a wiring diagram. (Contrast the wiring schematic here: http://www.righto.com/2017/04/1950s-tax-preparation-plugboar... with an RPG template here: https://www.richard-banks.org/2014/01/a-little-nostalgia-wit...)

> Maybe if we're talking exclusively about the modern C-inspired free format, but IME most RPG code was written well before RPG IV

That's an excellent point. I meant free format code

Legacy RPG code is usually not easy to understand. Each line of code can be conditioned with a series of Boolean indicators leading to a simple looking but complex spaghetti code. One line of code may run if indicators 13, 23, and 90 are set and the next only if 56 is set followed by a line that runs if 13 and 90 are set. You could have 99 indicators plus reserved indicator per program.

This leads to pearls of wisdom like “An indicator is like an atomic bomb, nice to have but not something you want to use.” And “if you solve the problem with an indicator, then you’ll have two problems.”

The DB2 on the iSeries is not built from the same source code as mainframe DB2, which likewise is not built from the same source code as Linux/Windows DB2.

These may be carefully engineered to be compatible at many levels, but they are not the same thing, as Oracle might be as it is compiled for its supported platforms.

Not quite sure what I just read. Can someone shed some light on this?

Blaming the scam for not having been run on the latest generation of AMD CPU.

That would have been EPYC!

Badum Ts

I have such a curiosity about the AS/400. The extent of my experience with it though was setting up 5250 emulator cards in PCs for customers over 20 years ago.

Tempting to buy an old one on eBay and play around with it.

I’ll avoid starting a Ponzi scheme with it though. :)

If you do, blog about it. One of the challenges in getting an old mainframe (System 360, 3090, etc) running is getting a license for the operating system from IBM. Hopefully acquiring one for the AS/400 is easier.


If you look very hard, you might be able to find a luggable 'laptop' version that was developed in-house for salefolks to cart around for demomstrations

The tech variant of blaming it on the dog.

“After all, technologies don’t scam people, people scam people.”

went looking for original article on here in case old discussion and/or out on the net for copies/maybe repostings

and just noticed this weird side phenomena of spam where top links on HN are being posted on random probably autogenerated blogs as if they're new content but they are just lifted from HN?

weird and annoying and pretty crappy really.



Ha! Any programmer knows you have to simulate a trading system to run "What if" calculations .. RPG II a switch based language based on the input dataset, so this list of trades will have that outcome. A split-strike, you know today as "sectors trading" is still profitable. But in RPG II it can be made to look criminal for programmers - when all we did was run one group of gold mining cards versus gold trading cards where they match we buy where they don't we sell. Placed on top of the S&P 2000 we yield 1% a day - which to those not familiar with sectors - see as criminal. But today it's all legal and cell phone ready. Sorry Bernie - the profit was too grate to not know about and the SEC and FBI were useful tools to get at the source code .. upside we have sectors and markopolos has no clue on how to make money and can't profit from his look at the code. .. lesson study bitcoin and profit

It is not machines that defraud people - people do.

tl:dr; Guns don't kill people, AS/400s rob people... or something.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact