The Pentagon's Seven Million Lines of Cobol

MrMetlHed writes "A portion of this Reuters article about the Pentagon's inability to manage paying soldiers properly mentions that their payroll program has 'seven million lines of Cobol code that hasn't been updated.' It goes on to mention that the documentation has been lost, and no one really knows how to update it well. In trying to replace the program, the Pentagon spent a billion dollars and wasn't successful."

Cobol is self-documenting

[mveloso]

But - but - cobol is supposed to be self-documenting!

Re:Cobol is self-documenting

But - but - cobol is supposed to be self-documenting!

TL;DR

Re:Cobol is self-documenting

[Avidiax]

The claim that the documentation "vanished" seems bogus. Far more likely in my opinion that it never existed in the first place, or that at some point they fired everyone, and thus broke the chain of custody.

Re:COBOL is self-documenting

[ebno-10db]

Yes, but every line is documented the same way, "don't touch this because I don't know what it does but sometimes it works".

Re:Cobol is self-documenting

Seven million lines of COBOL might only be a short sorting routine.

How did the military pay during WW2?

[Spy+Handler]

They had way more soldiers back then today, and payroll did not seem to be a problem. Maybe the Pentagon should go back to using whatever system they had back then.

Can't read the article

I tried to read the article, but it was written in English - a decades-old language.

4.8 LOC per person

The code base is so large that its ~4.8 lines per active duty US military person. The code would be shorter if it was nothing but one line per person that prints how much to pay. You might argue that this would have maintenance issues, but automated porting of it would be trivial, and for the $billion they spent try to replace it, you could pay almost $1000 per print statement to keep it updated.

Re:Typical government efficiency...

[Em+Adespoton]

Added to this, people often have the misconception that just because something is "old" it is less complex than the current requirements. In reality, all that COBOL was written to perform the same function on severely limited hardware that they now want to accomplish on a simple server system -- and I bet the data and processing requirements both then and now are astronomical. The end result is that whoever is doing the new system is likely pitting themselves against whatever the brightest minds of yesteryear were able to produce, and it won't be simple. That old system had time to be fine tuned, and the protocol built up over the years is designed around the precise quirks created by the system. Thus, the entire architecture and ALL related protocol has to be re-examined prior to architecting a replacement system -- and I doubt the winning bidder was even asked to bid on that, especially in a military organization.

Re:Typical government efficiency...

[AndrewLarge]

This is less of a "government efficiency" issue than it is a "contracting" issue.

Imagine you have a gigantic system like this that you need to replace. So you want to hire someone to build the replacement. You can't just go give $1B to company X and say "I'll see you in five years when you've built me a new pay system" - the taxpayers (and their representatives) would never go for that. Instead, you first go build a set of requirements that such a system must meet and then you award the contract to build the system to the company that convinces you that (a) they'll build the system that best meets those requirements and (b) they'll do so in a cost-competitive way (if not cheapest, then close to cheapest).

Therein lies the crux of the problem - building large complex software systems over multiple years "to spec". In short, it can't really be done:

• 1. You won't get the requirements right. At best, if you spend a ton of money, you'll get a decent set of requirements, for some narrow segment of your user base, that is appropriate for the state of the world at contract award. But they'll be woefully out of date by the time the system is actually built. More often, you won't pay enough money and you'll get an RFP that is 50%+ "cut and paste" from previous RFPs, and has only a passing resemblance to what is really needed.
• 2. Managing a multi-year software development project is tough enough when you're the one building it. It is many times more difficult to try and look over a contractor's shoulder and make sure that they are (a) meeting requirements, (b) meeting schedule, and (c) not wasting (or stealing) money. This is even more difficult when you have thousands of crappy nonsensical or ambiguous requirements (the norm for such large systems).
• 3. Even if you get decent requirements and decent/lucky contract management, you still have huge product and engineering hurdles that don't often show themselves until you get the software in the hands of real users. And (more often as not) find out that it doesn't work for them.

I've only ever seen one model work successfully (in my time in the USAF and as a contractor):

• 1. Put organic (e.g., military or civil service, not contractor) resources in charge of the system development.
• 2. Don't try to spec and build the system as a whole unit. Instead, start with something small and easily defined and then work *directly* with end users to evolve and enhance the system over multiple years. At some point in the evolution of the system (neither the beginning nor the end), you make the call that the system is functional and stable enough to deploy.
• 3. Use contractors as labor, project-managed by your organic resources. This tends to mean fairly integrated teams (organic and contractor) and a different sort of contract vehicle. It also means that swapping contractors out is actually feasible and doesn't cause the failure of the entire project.

The above system works beautifully. And Congress, contractors, and contracting agencies within the military hate it. Which is probably why it isn't done more often.

Re:Not to shocked

[Areyoukiddingme]

You are correct. And wrong. According to the Reuters article, there were more than 15,000 requirements changes during the lifetime of the project. So you had precisely the right idea. You just underestimated the ability of a bureaucracy to fight back. By an order of magnitude.

And that's what it was, too. Make no mistake, the project failed because a successful software system would reduce the headcount of the DFAS dramatically. That couldn't be allowed to happen, so it was sabotaged by eternal feature creep.

And of course, they started with PeopleSoft, and there's no organization better at absorbing all available money for no return besides the DOD itself. Talk about a match made in hell...

Re:Cobol really is self-documenting

[Capsaicin]

Yes, there was and there is. It's called "source code."

While it's true that COBOL is meant to be self documenting, there is, in a 7 million line project, a difference between understanding any particular section of code and being able to comprehend the entire structure of the project. If that structure is undocumented, you will have a lot of reading before you grasp the program globally. Apparently the "failures" that were being experienced were not leading the maintainers to the appropriate sections of code and such a global understanding had become necessary.

I know it breaks one of the cardinal rules of software development, but if you have a cool billion to throw at the problem and the existing mess cannot be fathomed, perhaps starting afresh is an idea ...