Can Your ATM Play Beethoven?

bpiltz writes "A funk band in Harrisonburg, VA, called Midnight Spaghetti, has posted a story with photos about a newly installed Diebold Opteva 520 ATM at Carnegie Mellon University that crashed, then rebooted. The Windows XP operating system initialized without the actual ATM software. The result was a public desktop computer, with only a touch screen interface, left wide open for the amusement of the students at the most wired university in the U.S. Interestingly, Diebold is one of the leading manufacturers of e-voting machines."

"Progress"?

[FyRE666]

You know, I've been thinking for a few years now that ATMs (in the UK at least)
seem to be getting slower and slower to use. 10 years back, you'd insert your
card, be able to key in your pin number straight away and be straight into the
menu. Now, you insert the card, stand about while it thinks about checking it,
then you eventually enter a pin and wait around a bit more before using the
sluggish interface. Now I know that these machines have media player, web browser and
all sorts of other redundant crap installed on a full version of XP, I understand the
reason the queues are growing!

I don't need 24 million colours, animations and other crap just to take money out
of my account, dammit! It's staggering to think that the software has become so
bloated and slow that machines produced 10 years ago, with only a fraction of the
computing power of today were actually far more responsive to use.

I remember seeing an ATM reboot a few years back (brief power outage). It briefly
showed the OS2 logo before resuming normal operation ;-)

Re:"Progress"?

[Rogerborg]

If you're tripping, we ate the same mushroom. I'm also having flashbacks to a printer that sounded like an AK-47 on full auto. And now we've got ATMs that feed you advertising for a bunch of crap that you really don't need while they make you wait for your money. Progress, eh?

Re:"Progress"?

[tormentae+agent]

I remember the same, when I actually trusted ATMs and banks...

After a brief five-year stint in North-Dakota, where time stood still in happy-land, I ended up in Dublin. I read an article about how Windows had made its way into the ATM-business, thinking "uh-oh-mf-cs-sob"...given my past experiences with this OS-king-of-userfriendliness.

Yesterday, I put my Norwegian super-VISA-bank-card into an Ulster Bank ATM and it stole it! It just swallowed the card, proceeding to say something like: "System down, please use another cashpoint."

So, I call Norway, to ensure there isn't a problem with the actual card. It takes me quite a bit of time before I actually managed to call Ulster bank's customer service line. When I get through, I explain the situation (I had to rephrase 'the ATM stole my card' into 'swallowed it' before I could be assisted).

So the customer service rep states that he can't help me. I ask if there's anyone with any authority that can help me get the card back (it takes me a while to get a new one from Norway). He says: "Sorry, Sir. The ATM in question not being directly attached physically to a bank, a contractor does that job for us. Your card will be destroyed when the ATM is serviced."

I state something to the extent of Ulster bank being poorly organized. The little turd on the other end of the line proceeds to tell me: "I'm sorry, but we took the network down for a few minutes. You must have inserted the card just at that moment."

If I find out this particular ATM is Windows-operated, I will hunt down Mr. Gates, roll him in tar and feathers and chase him out of town with a stick. In the meantime I will file a complaint with Ulster Bank for taking away my sole source of cash until next pay-day.

Re:"Progress"?

[CGP314]

A conversation I had with a friend:

``Alright, lets go to the bar.''

``Sure, but first I need to go to the bank on high street.''

``Why? That one is two block in the opposite direction, there's a bank the way we are going that's on the same system so it won't charge you any fees.''

``I know, but that one has one of those old black-and-green displays. You can't trust something like that. The other bank has an ATM with color and animation.''

It really upsets me to know that things like that actually matter to people.


-Colin

Re:"Progress"?

[fcw]

You know, I've been thinking for a few years now that ATMs (in the UK at least) seem to be getting slower and slower to use.

Indeed. In the 1980s, Clydesdale Bank (in Scotland) actually used to feature the speed of their cash dispensers (a.k.a. ATMs) in their advertising, claiming that you could get money out of theirs faster than their competitors' machines. I don't recall any bank making claims like that for a long time.

Also, it's not just cash dispensers that are slow: railway ticket machines and car park payment machines are just two of the types of kit that I bemoan the speed of every time I use them. You can tell that they've been programmed in a very serial fashion, with no attempt to optimise the speed of the transaction for the user. Most machines could be programmed to pre-load blanks into printers, or pre-print static header information on receipts, or otherwise get started on time-consuming tasks, but they never seem to. You can practially follow the progress of the transaction through the machine's guts as it plods away at it.

And the receipt printers on point-of-sale equipment always seem to have the slowest possible mechanisms, making shop assistants who care feel that they have to apologise for keeping the customer waiting. (I bet if the banks could have used the old ZX80 scorched-black-on-silver-paper printer mechanism and saved a buck, they would have.)

Re:"Progress"?

[zakezuke]

So the customer service rep states that he can't help me. I ask if there's anyone with any authority that can help me get the card back (it takes me a while to get a new one from Norway). He says: "Sorry, Sir. The ATM in question not being directly attached physically to a bank, a contractor does that job for us. Your card will be destroyed when the ATM is serviced."

The hardest thing in the world is returning an ATM / Credit card. I found one next to a machine from an Alaskian credit union, and I being in washington. I thought to my self, "Hey, I will do the honest thing and try to get this card back to the owner".

Well, the 800 number on the back was unwilling to co-operate... they told me to cut up the card. This was on a saturday and may have not been offical bank help. So I tracked down the bank in Alaska, or near as I could find too it, and tried to talk to them about the issue basicly, "I have this card, i'd like to return it to the owner".

They refused to do the following
1. Provide me with any contact information as to where to send the card too (totally understand)
2. Take down my contact information so in the event the owner called to get a new one, they could say just use the old one, this guy will give it to you.
3. To actually take back the fucking card so they could return it to the owner in a timely fasion.

In the end, after getting frustrated trying to do the right thing, I used it to apply puddy to my automobile, and it probally is still encased in a lump of pudddy.

The point is, banks will assume the worst when it comes to you no longer physicaly having your card. They are not equiped to handle an honest person who actually didn't charge up anything on the card dispite the fact they could verify this fact who's trying to return the card. They will try to convience you they are doing you a favor when in reality they would rather let someone else do the paperwork, which always falls on the person giving you a new damn card.

Re:"Progress"?

[zakezuke]

Bottom line is that some one needs to make a new ATM solution that works, propably on an open source platform (is that secure enough, you tell me), and most impotrant is ...IT WORKS....

Platform? One of the nice things about vintage cash machines was the fact that the software was written in assembly. Let's face it, all a bank machine is is just a glorified terminal. It has no need to store information, no need to access disks, mount devices, nor access a network outside of it's banking protocal. There is no need for it to accept new software other then perhaps firmware update from time to time, nor the ability to run background processes. Doesn't need to do cron events or anything above and beyond take card, peform action on account, say thank you.

Re:"Progress"?

[dattaway]

The sad thing is, you can't make a better ATM and sell it in the market. Patents and regulations force competition out. That is the classic sign of poor quality dominating our market.

Re:"Progress"?

I've done some work for the Royal Bank of Scotland (hence the AC) and I know for a fact that Windows is not allowed anywhere near mission critical systems. Home banking and internal user systems are Java/WebSphere/Solaris/Oracle, back-end to everything is a mainframe (can't remember the OS) that interfaces via CICS to the rest of the system. ATMs are custom coded and run a custom OS and communicate directly to the mainframe via CICS. Some of the code in the mainframe is rumoured to have been written in the 60s and even if you want to change one line of code it can take over a month to go through the testing. The whole system is locked down really tightly. No-one has access to all of the systems at the same time, no matter how high up in the company you are.

The only place Windows is allowed is on the desktop, and that is still NT4 hidden behind a Solaris based proxy and firewalled to the hilt. You cannot even go OUT on a port other than 80 or 443, nevermind the other way.

I work as a contractor and run my own company, so am not affiliated with RBS in any way...

Re:"Progress"?

[SmackCrackandPot]

The same happened to me in central England.

I just received my new card and had memorised the PIN number, and went to withdraw money. Three times I tried to enter my PIN and the amount of money I want to withdraw. Each time the machine refused to accept the transaction. After the third time, the machine swallowed my card, telling me to contact the bank. So I call them up, and am told "our machine automatically shreds any card after three unsuccessful attempts and sends an electronic notification to your bank", we can't do anything. So I call up my bank, and they tell me I can't get a new card until they written notification from the machine owners. Neither would talk to the other. In the end, I had to pretend that I had lost my card in order to get a replacement.

It seems to me to be more of dodgy protocol implementations rather than anything else.

Re:"Progress"?

[golgotha007]

(my card has been SWALLOWED by the machine on more than one occasion)

being swallowed isn't nearly as bad as the money just not coming out!

i was using a ATM at the FORUM mall in Helsinki, Finland. I told it i wanted 60 euros. upon entering my request, the screen displayed the error, "UNABLE TO COMPLETE TRANSACTION" and gave me my card back and a receipt with the same error message.

no big deal, right? a few days later, i see that 60 euros was removed from my account from that exact cash machine on the exact date i was there! i contact my bank in California and they tell me that i need to contact the bank that owns the machine.

i then walk into the responsible bank in Helsinki, and they swear up and down they never removed the 60 euros, regardless of showing them the receipt and everything. further, they then tell me that MY bank was in error and that i should speak with them.

after several hours of going bank and forth, i finally say to hell with it, it's not worth the time and frustration.

this is the only time it has ever happened to me, but i am interested in hearing other similar stories from folks around the world.
what countries have you had problems in?

Re:"Progress"?

[ruiner13]

"It has no need to store information, no need to access disks, mount devices, nor access a network outside of it's banking protocal."

True, except that modern ATMs will have biometrics (finger scanners and whatnot), plus that printer thingy that gives your receipt, then there's the monitor, maybe some sort of check scanner for inputting money, a dispenser for giving cash, and viola, you have attached devices which need drivers.

Re:"Progress"?

[macdaddy]

A friend of mine asked for $20 once and got $40. The bills stuck together. Cheap bastard wouldn't even buy supper that night. ;-)

Re:"Progress"?

[mgoodman]

Something similar happened to me with my bank (SunTrust), but the money was never taken out of my account.

I find that the best thing to do is only go to your bank's ATM -- and not the mini portable ATMs, but the ones embedded in the wall of the bank where you have to insert your card (not swipe, which could be intercepted by an intermediary swiper). Then when you get your cash, be sure to count it in front of the camera. I've had less money come out once but because I counted it in front of the camera, it was all right and I got my money.

Re:"Progress"?

[afidel]

Um, there are at most 3 printers, one monitor standard, two input device types, and three network modules used by any bank. Drivers for those limited selections could easily be in firmware and selected from at setup. It really doesn't make any sense to have a general purpose OS running the thing other than to reduce cost for Diebold to develop the things. Then again it does provide a nice amount of business for us IBM field techs =)

Re:"Progress"?

[number11]

let's say you doused the [credit] card in some poison that is absorbed through touch, and will stick to the card long enough. What kind of liability does the bank accepting and transferring this object open them up to?

Even better, let's say you doused a $20 bill in poison and deposited it in the bank. You know, they don't burn all the cash that's deposited, they reuse it and hand it back out, without even cleaning it first (due to short-sighted laws against laundering money). Shocking, isn't it?

And I daresay paper currency will absorb your poison better than plastic credit card, too. Where it will mix with the cocaine residue, the gasoline contamination from people who've just filled their car, and the bacteria from people who didn't wash their hands after scratching that hemorrhoid itch, forming a lethal brew.

Your best bet for survival is to only accept coins, and to carry a blowtorch to sterilize them with before handling them.

Re:"Progress"?

[jorgen]

no big deal, right? a few days later, i see that 60 euros was removed from my account from that exact cash machine on the exact date i was there! i contact my bank in California and they tell me that i need to contact the bank that owns the machine.

You sure you didn't get your money back automatically after like 3-5 days? Because these things happen every now and then, ie the ATM fails because some local problem (software or mechanical), you don't get the money, and later you see that the amout has disappeared from your account.

But in (almost) every case, the money is not actually withdrawn, only "reserved" (that's what the banks call it) for a number of days, after which they are "unreserved" and show up on your account again.

I had a similar experience with an ATM in Romania once, the ATM software completed the transaction and then crashed before it handed out the money. Later that evening I connected to my bank account from an internet cafe, and of course - that money had disappeared from the account. I called my bank in sweden to report it, but they just told me that the money was not withdrawn, only reserved, and that it would be back on my account in a few days - which it was, to my relief.

Generally, banking systems (including ATMs and card payment terminals) have good failsafe machanisms that aborts the transaction if it encounters a problem in any little detail along the way.

Clippy!

[Black+Parrot]

I see you're trying to extract free cash from a bolloxored ATM cum jukebox. May I help you?

minesweeper...

[Polybius]

So who got the fastest ATM minesweeper times?

Obligatory play on words

[Stopmotioncleaverman]

Start --> Programs --> ATM --> Configure --> Flush Cash (sic)

Election Day...

[myownkidney]

The geek Jim goes to the election booth. Jim touches the opening screen. Jim watches while the screen BSoDs. Computer reboots. Jim is presented with the XP interface. Jim, finds the voting system back end. Jim "adjusts" the result:
Bush 15%
Kerry 15%
Nader 70%
Jim set's all Bush and Kerry votes to go to Nader.
Jim runs the voting system front end. Sets it to full screen.
Jim leaves.
Nader wins

Re:Election Day...

[s20451]

Here's the problem with any argument that electronic voting can lead to truly massive voter fraud, of the kind that you suggest. All the news organizations take exit polls, and in fact they usually have a good idea as to the winner even before the polls close. If the exit polls massively disagreed with the result, there would be no question that fraud had occurred, especially if there was no paper trail to back up the votes.

Fraud can still occur. It's just that those conducting the fraud have to be extremely careful to avoid detection: only chaning a few dozen votes in areas where the vote is close to begin with, and so on. They always have to stay within statistical margins of error.

I just don't know whether to laugh or cry!

[oiron]

COME ON!!!!!!!!!! Why in the world would someone waste a computer that's capable of running Windows XP (which probably means at least a Pentium with 64 MB RAM?) on an ATM? I mean, the thing is supposed to check your card, pin and then give you a load of cash... Last time I checked, that's a job for something less than an 8080, which could do the job faster, more securely, and cheaper. The right tool for the right job, people! /me rolls eyes

Re:I just don't know whether to laugh or cry!

[eggstasy]

Thing is, its easier to code up a quick ATM script in Flash or something, than it is to design a whole "lean and mean" super customized secure embedded system from scratch, then code up some basic OS and development tools for it, and THEN do the interface in some obscure language with crappy libs.
People are lazy, and costs have to be kept down. What's usually important in a company, is to make their business process "lean and mean", not their software or PCs.

Re:I just don't know whether to laugh or cry!

Why would anyone need to re-implement an ATM?
The old ones work.

Re:I just don't know whether to laugh or cry!

[eraserewind]

So they can show you pretty advertisements for mortgages and loans.

Re:I just don't know whether to laugh or cry!

[LinuxHam]

Because business drives technology more than anything else. Just like all things tech, ATMs replaced humans because they can do a human's job 24x7x365 without taking coffee breaks or sick days. And if coded correctly, they can do it without errors. In the old days when you would sit down with a bank representative, they would ask you, "is there anything else I may help you with? Would you like to hear about our low mortgage rates? a new low-rate credit card?"

Once you replace the person with a machine, you lose the revenue stream generated by the "cold selling" tactics. So, as technology advances and the machines can handle more tasks, why not? If a company is paying to own or lease IT 24 hours a day, that IT should be earning you money 24 hours a day. Just spitting out greenbacks without advertising more products is just not taking full advantage of the technology. Business doesn't care that that's all YOU want out of the machine.

ATM OS diversity

[igrp]

Around here, quite a few ATMs are still running OS/2 For some weird reason, they - just like the ATM the article talks about - have a tendency to crash, reboot and not load the ATM interfacing software.

I got a chance to talk to one of my bank's IT people about this a few months ago, and basically, they don't know what's causing the crashes because analyzing the log files would just be too much trouble. So their SOP is to have some guy with a key come out, literally pull the plug on the machine and wait till it reboots.

He also told me that they were slowly migrating over to a "custom XP version", whatever that's supposed to mean. I probably should have told him that Windows machines can be prone to virus infections (cough cought).

Re:ATM OS diversity

[zeitgeist77]

I work at a credit union, and we use OS/2 ATMs. They tried to foist a windows ATM on us, but couldnt get it to work because the tech was too dumb to tell the difference between a D911 (BiSync) and a D912 (LAN). Quite humorous, I played dumb till after he decided to install the OS2 version and then i pointed out to him it was a D912.

Funny side note though, on all our ATMs, the terminal driver (computer) has its own display on the backside of the unit along with a mouse and keyboard. Of course, we arent using the graphics capabilities because our terminal processor is hmm...slightly older than time.

So useful facts to be noted from experience:

1) Diebold techs do not know their rectums from a serial card. (Ive had to carefully hold their hands through IP setup and assigning the correct host:port combo to attach to the terminal processor)

2) Ive never seen an OS2 atm crash, nor have I ever seen it fail to boot the TCS (Terminal control software).

3) Windows driven ATMs have to the stupidist idea ive ever heard of, but cant really use linux...(see point one about said sub-sentient techs.)

4) I fear a world with diebold designed and serviced windows based voting devices. the havoc...the horror....

Re:ATM OS diversity

[cowwie]

I would disagree. I work for a small community bank with two branches and a third under construction. We recently moved our ATM off of Star to another processor, and in the process switched from straight Frame Relay to a LAN hookup.... thus going from 911 to 912 software in the process.

The Diebold tech came out, I let him into the ATM room, gave him the IP, gateway, and the host IP and port... and he had the system converted in no time flat. Unfortunately, the problem was NOT with Diebold.

Once he had the system up and online, we had to get the software with the screens the public sees downloaded to the ATM. We spent about 5 hours on the phone off and on with a programmer from our processor and with a programmer from Diebold. They argued back and forth about whose fault it was, and finally the guy from Diebold convined them to email him the load they were sending us and the load from a working bank so he could compare. The next day I come in to work, the Diebold tech shows up about 20 minutes later (10 minutes earlier than he had told me he would)... and he immediately starts telling me what's going on. Apparently our processor is sending us an imcomplete load for some reason, less than half the size it should be. All that arguing yesterday, and they never actually took the time to check that they were sending us the right thing.

So we have to sit and wait for them to get into THEIR offices and send the correct and working load to our ATM. When they finally do, the Diebold guy finishes up the install by loading the admin card onto the HD, showing the CSR that will handle it how to balance both from the front of the ATM and from the rear screen, and he was done.

I lay absolutely NONE of the blame on Diebold for the incident. He even said that he wouldn't bill us for the hours that he sat around waiting on someone at the processor to fix the problem. Other than a few frame relay outages (not Diebold's fault) and this little conversion incident (again not Diebold's fault)... this ATM has been rock solid. Unfortunately, we can't get one like that anymore, so the ATM going into our new branch is going to be an Opteva running Windows TCS+.

Long story short, Diebold is a large company that sells everything; the cabinets, the actual vault and vault door, our security system and cameras, the ATM, and even the modular frame for the teller line. To dismiss the whole company because of issues that they have with e-voting is unfair and unfortunate. Yeah, I'm the IT guy.... but I've also helped oversee every aspect of both of our new branches, and have yet to find a complaint about Diebold.

Buffer overflow code on swipe card ..

Would it be possible to load data on
a swipe card so that the software reading the card
suffered some kind of buffer overrun ? (Depending
of course on how carefuly the software checked for
them).

Re:Buffer overflow code on swipe card ..

[Spy+Hunter]

It would be hard; the amount of data that can be stored in a card's magnetic strip is very small. Format of magnetic strip data

Not that unusual

[Saint+Stephen]

I see "ordinary" ATMs stuck at a Phoenix BIOS boot prompt all the time. While I've never gotten to the Windows part of an ATM, it happens at information kiosks a lot.

They should have used the "On-Screen Keyboard" under Accessibility. It is a little scary that this was connected to cash.

If you want a good read for the database schemas an ATM uses, read "Principles of Transaction Processing." One interesting bit of knowledge is that the entire table of valid account names and their card hashes is replicated to each ATM! (Obviously for your bank only.) It sends out a ping that records "Joe took $50" to the main bank but it's only sort of a summary, the "full details" is kept at the ATM and sync'd at night.

One crazy thing that happened to me was I tried to withdraw $1100 from Bank A at Bank B's ATM. I got into a "Distributed Transaction Rollback" -- it got all the way through, printed out out my receipt that said I got the money, and -- never gave me my money. When I checked at a Bank A ATM, it showed the "hit" on my account. In about 15 minutes the Transaction Processor rolled back the transaction.

Insecurity and Paranoia

[heironymouscoward]

It's not immediately evident how Windows XP opens a security risk on an ATM, nor how this means that Diebold voting machines are somehow hackable.

ATMs not connected to the Internet and without keyboard are pretty much unhackable unless you can pry open the case and attach a keyboard and/or wireless connection. And if you could do that, I suspect pretty much any ATM would be hackable. There is a reason why ATMs are built from heavy steel and anchored in concrete.

Diebold systems raise paranoiac hackles for another reason: control and oversight. You don't need to invoke security flaws and Windows XP to realize that ballot boxes represent power and money. Whoever controls the counting process controls billions, trillions of $, and this is a temptation that few, if any, people can resist.

The argument against paperless touch-screen voting systems comes from the fact that such systems open the way to serious internal fraud, rather than hacking through any hardware or software weakness. Election fraud is done by incumbent politicians, not by hackers exploiting BSoDs.

The nightmare scenario for future US elections is where after a largely electronic and unverifiable poll, the governing party gets 55% of the vote despite exit polls showing that it got 45%. What would happen after such an event is anyone's guess, but it would not be pleasant.

Re:Insecurity and Paranoia

No you fool! You pry the thing open, push the rectangular boxes of money aside and plug a USB keyboard into it and get hacking!

Video of the ATM in action

http://yogi.pdl.cmu.edu/~cgeisser/photos/

Video with audio of ATM in action

Pictures of something similar

[Caligari]

I took pictures of Diebold ATM machines doing something similar in Paris.

Take a look here

Imagine a Beo...

[frenchs]

Here is the Diebold specificaion PDF for the 520. It says the thing has a P4 in it, and I would assume this is because they designed some sort of software framework for the Optiva to be expandable in the future to do things like sell concert tickets.

Imagine if that CDR drive was usable to load programs onto it. Furthermore, I'm really hoping these things don't have bluetooth in them.

520 Spec PDF

-Steve

For once...

[Kjella]

If I find out this particular ATM is Windows-operated, I will hunt down Mr. Gates, roll him in tar and feathers and chase him out of town with a stick. In the meantime I will file a complaint with Ulster Bank for taking away my sole source of cash until next pay-day.

I'd rather find the execs of the bank, and roll them in tar and feathers and chase them out of town with a stick. Any one can make an offer... I can offer to run their ATM network on Linux 2.6.4-alpha1-test4-pre2 too. If they're willing to buy it, that's their stupidity, not mine.

Kjella

The Rhyme Of The ATM User

[pandrijeczko]

Windows, Windows, every where,
Why's getting out money so hard?
Windows, Windows, every where,
It's eaten up my card.

The spirit deep within: O Gates!
That ever this should be!
Yea, buggy things did crawl with legs
Within Windows XP.

About, about, it must reboot
My card's still held within!
No beer to quench my thirst tonight,
Blue screen, and wallet thin.

And some in dreams assured were
Of the spirit that plagued me so:
The demon Gates had followed me
From Redmond's deepest flows.

And my poor tongue, through beerish drought,
Was withered at the root;
I could not speak, no more unless
This teller would reboot.

Ah! well a-day! what evil looks
Had I from old and young!
Instead of the cross, this penguin fine
About my neck was hung.

Economics, that's why

[tkrotchko]

This machine is indeed massive overkill, but the economics are that a desktop PC is about the cheapest computer out there.

An 8080 computer set up in a config with USB ports, serial, parallel, video, etc etc will probably run you something close to $3,000 US, and spares will be difficult as they'll have to be single supplier.

Also, the drivers for things like printers and card readers are only going to be available for Windows (and increasingly Linux), so if you have an embedded device, the integration costs are going to be high.

On the other hand, you can get a robust PC from a major manufacturer for something under $1,000 US and it can be replaced by any manufacturer. There are drivers for everything, and software development will be cheaper because windows programmers are more available than embedded programmers.

Stupid Student's or maybe..

[sh0rtie]

too honest

they had a machine that would give them money and all they did was use media player ? Diebold got off lightly!.

they [evil student] could of written a keylogger/pin reader/card cloner/data capture using the on-board vbscript/wscript language, (full access to filesystem and shell), build in a network check so as soon as the machine detects a network connection (as the students said it wasnt connected to anything presume at some point it will be connected to a network by an engineer or repairman) it trys to post the captured data to some.random.location.com, install it as a system service so it runs automatically in the background , even schedule it to run at specific times and you have one totally compromised machine

would of taken an hour max of programming time, maybe 15min if all you had to do was type it in and not compose it.

scary that not only is the software Windows but it has its own built in programming enviroment with access to every program on that machine including network access, and the only tool you need is notepad.

Re:Stupid Student's or maybe..

[degauss]

Actually.. I am one of the students that was messing with this machine..

The reason why I'm sure we didn't empty the machine of all its cash (asside from that whole breaking the law thing), is that there was no way to access the money-dispensing mechanism from the controls we had access to (read: only from the touchscreen)

The numberpad was totally useless, as windows didn't recognize it, and the character map is pretty slow for trying to actually do anything useful..

But we had a ton of fun with it anyway.

Windows XP Embedded

[XNormal]

If they insist on using a Microsoft OS at least the could use Windows XP Embedded.

It's a componentized version of Windows XP with a set of tools to customize it, remove any unnecessary components and prepare system images. It also has tricks like running from read-only media and intercepting message boxes that end users should not see.

It's even cheaper (for a moderate number of licenses).

similar story: in-flight entertainment system

[linoleo]

Reminds me of a couple of years back when by wiggling their god-awful pointer device too fast I managed to crash the in-flight seat-back entertainment system. BSOD, reboot, turns out it's a 90MHz Pentium running Win NT 4.0 Server Edition - no wonder the response was so sluggish (on the order of seconds).

I got to the desktop for about 5 seconds before their entertainment app autostarted again. I then spent a fun hour or two re-crashing the blasted thing and trying to defeat the autostart. Never managed it though - that's the only time I recall that I wished I knew more about Windows. :-)

Eventually I had to stop because it turned out that poor old Pentium wasn't my in-seat client but actually the server for the entire cabin, and a lynch mob was starting to form... 8-O

Re:similar story: in-flight entertainment system

[linoleo]

Well this was before 9/11, and I sincerely hope they weren't *flying the plane* off the same overburdened Pentium... I can just see it, next time they dig up the cockpit voice recorder from a crashed airliner:

Pilot: "The flight control app is not responding! Quick, try to kill it!"
Copilot: "The mouse is frozen... must... use... three-fingered salute..."
Pilot: "Still no response... okay, I'm gonna power-cycle the bastard."
Plane: (plummets 20'000 ft while they wait out the boot sequence)
Computer: All Your Boot Are Belong To Us.
Pilots: "Somebody has sent us up the virus! Aiiieeeee!"
Plane: *crash*

RE: Mr. Naive

[Organized+Konfusion]

They refused to do the following 1. Provide me with any contact information as to where to send the card too (totally understand) 2. Take down my contact information so in the event the owner called to get a new one, they could say just use the old one, this guy will give it to you. 3. To actually take back the fucking card so they could return it to the owner in a timely fasion.

1. With his contact info and where to send his card you could have gone on an internet spending spree.
2. You could have cloned the card, if he continues using it you could at sometime in the future go on a fraudulent spending spree.
3. You could have cloned it in this situation too.

Re:Slashdotted... Google Cache URL

[herrlich_98]

Once more with the right tags...
Mignight Spaghetti

What's that? You want movies?

[pridkett]

As a grad student who has their office in this building, I got more than a little kick when I saw the tech fumbling aimlessly to try and fix the thing later. He was there literally all day long and each time I walked by he was on the phone trying to get more info. Where is a good ole OS/2 ATM when you need one?

Anyway, some people on misc.market also posted some movies that you might find interesting.

I go to CMU...

[RainbowSix]

About a month ago, all of the National City ATMs in Pittsburgh (where CMU is) got switched from ancient working machines to snazzy new Diebold touch screens. Aside from the one playing Beethoven, there has been at least another one that BSOD'd.

The one on this article was funny and everything until that night when I remembered that I have my life savings in National City.

I stopped at some competing banks in the area on Thursday to get some pamphlets and I will be switching banks on Monday.

probably a dumb question about atm and cents

[jd142]

But does any one know why atm's here in the states have a decimal in the amount? So if I want to take out an amount (say $15) that isn't listed, I have to type:

1-5-0-0

to let the machine know I want 15 dollars instead of 15 cents. No atm that I've seen (granted, limited experience) will dispense change. I don't think I've seen any that even dispense dollar bills, so getting $17 is impossible. So why the decimals?

As they should!

[Chemisor]

> The point is, banks will assume the worst when it
> comes to you no longer physicaly having your card.

As they should. Really, it is much simpler for the bank to just issue a replacement card than to bother returning the old one. Think about it: should they print a piece of embossed plastic that costs a few cents, or have the kindhearted finder send the old card in (37 cents) and remail it to the owner (another 37 cents + 15 minutes of somebody's time [or more, if Windows crashes]) all the while ensuring that no fraudulent transactions take place in the meantime (priceless)?

Re:As they should!

[EmagGeek]

I dont necessarily agree... One night I went to the local K-Mart to buy an air conditioner... while loading it into my car, I placed my wallet on the roof since my soccer shorts didn't have a pocket (this was a midnight trip made because it was SO FSKCING HOT that night)... anyway, my wallet had flown off the roof right in front of a bar on the way home. The next morning, I got a call from my credit card company saying that the local police department had my wallet. When I went to retrieve it, all of my cards, AND MY CASH, were still in my wallet. No charges were made and everything was fine. The police said that a bar patron turned the wallet in to an officer he saw stopped at the red light in front of the bar.

I treated the guy and his family to a steak dinner at a local steakhouse to show my gratitude. I've rambled on forever, but the moral of the story is that honesty should be encouraged and rewarded.

There are some that can!

[Wohali]

Actually, in Pittsburgh, my old PNCBank branch (just across the busway from Shadyside, I can't remember the street address) had both a single-dollar dispenser, as well as a change cup. It was fed in the same way that I believe those automated change dispensers you sometimes see in banks and at ticket booths get fed - a single slide down which coins fall. I think the manufacturer was NCR, but I'm not sure.

It didn't ever seem to be filled up, but at least one ATM has been designed that could dispense change! I used to withdraw $19, just because I could put the 4 $1 and the $5 into the change machine for the washer and dryers.

The machine also could accept deposited checks WITHOUT AN ENVELOPE. It would scan the front of the check, show you an image and ask you if the scan was valid. If you deposited a check this way, it got into your account a full day faster than if it was in an envelope. I think it must have OCRed the text, as well as read the magnetic information from the bottom. Plus I imagine the workflow for the ATM operator was speedier. Of course, this all ran under OS/2 1.3, as I confirmed later.
Ahh, Pittsburgh, land of the oddball ATMs.