Slashdot Mirror
Pizza From the Command Line
Punk Walrus writes "Pizza Party is a free, text based CLI for ordering Domino's pizza via Quikorder, or for throwing pizza parties. It is distributed under the GNU General Public License, runs under most *nix shells, and can order pizza with only a few keystrokes. Includes video of actual ordering."
You know all those one-time specials? The ones y ou only get as a new subscriber? You can get them infinitely.
Just make a new Hotmail account for each order.
The database is flawed in that it doesn't cross-verify addresses/credit cards with previous orders or e-mail addresses.
Great for Pizza Hut - I used to get Big New Yorkers any way I liked for ten bucks plus tip back in the day.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
already a GUI.
How did you think the command line program ordered it? Magic?
Incase of /.'ing, here's a mirror of the ordering pizza video pizza_party.mpg.
I stopped ordering from Domino's because the founder (Thomas Monaghan) is an extremely anti-gay right winger. He uses the millions he has earned to fund a lot of organizations that support his beliefs. He has every right to his opinion, but why should I give him money and indirectly support causes that would see people like me repressed?
_ story06.htm
http://www.searchlightmagazine.com/stories/032003
Papa John's pizza actually varies widely from store to store. The pizza from the store near where I work is loads better than the greasy, nasty stuff from the store near my house.
I agree about the breadsticks, though. They serve mainly as a vehicle for the garlic sauce (or, in my wife's case, the ranch sauce). I swear they must put crack in their sauce, it's so addictive that I now have a stockpile of it to eat with homemade breadsticks, too...
End of lesson. You may press the button.
Multiple vulnerabilities in 'pizza_party'
I totally forgot about the url. I was actaully pretty suprised that I got in, because I'm so used to not getting to the websites on time. MIT's pipe must be HUGE.
You know, I wonder how many people didn't bother clicking on the link, knowing it was video. It's sorta like killing a dead rat, only this rat wasn't dead. Sure suprised me.
Dominos also contributes to pro-life organizations. How you feel about this is up to you, but being fully informed is a good thing IMHO.
And their pizza sucks (from what I've heard).
Support your locally owned pizzaria.
The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
check out www.campusfood.com not a bad site, useful late at night when you're leaving the lab and on your way back to your dorm, schedule a delivery and it'll be there when you get there.
T Money
World Domination with a plastic spoon since 1984
While in grad school at the MIT AI Lab in early 1992, Michael Frank (now faculty at UFL) and I wrote "pizza" and "xpizza", command line and GUI programs (respectively) to order pizza from a nearby delivery joint. It worked by sending a fax to the pizza place. Even had code to determine whether the pizza would arrive before or after they locked the doors to each floor of our building, to provide different delivery instructions in each case. I'd be interested to learn if anyone can cite an earlier example of online pizza ordering.
but all their web pages are .dll files!
.dll is just a type of CGI script, for win32. It still serves you HTML (well, really, whatever you want).
I think you're getting confused.
Pizza Party, how go get your password stolen by other geeks... Full-Disclosure
From the article itself ...
Thomas Monaghan is an American billionaire who made a fortune from the Domino's Pizza chain. By the time he sold it, he had used the profits to finance and raise an ultra-right politico-religious imperium.
Sunny Dubey
http://www.snopes.com/business/alliance/domino.asp
Stuart Eichert
This came to me at 3:17pm CST ...
r sion: pizza_party 0.1.beta and earlier
/ downl oad/pizza_party -0.1.b.tar.gz
/dev/tty rather than accept them as params
Product: pizza_party
URL: http://www.beigerecords.com/cory/pizza_party/
Ve
Risk: Multiple vulnerabilities (high)
Description:
pizza_party is a Perl based command line tool that provides a non-Web interface to
Dominos Pizza's QuikOrder(TM) website pizza ordering service by using HTTP over
the Internet.
It is third-party open-soruce software, developed by an individual and unsupported by
Dominos Pizza.
Available at:
http://www.beigerecords.com/cory/pizza_party
I believe it may now be in use internally at a large number of corporate organizations
(primarily by hard-core coder types who are too focused on the task at hand to get up
and go out to get a pizza -- or even to lift up the phone to order one), and installations
can also be found on the public Internet.
The Problem:
pizza_party is very bad about protecting the username and password for
the Dominos Pizza QuikOrder website. This may lead to a multitude of
vulnerabilities, the most dangerous being that 'ps' can be used to observe
the command line input parameters on the stack passed via the shell.
Also the non-SSL (unencrypted) web interface (http://www.dominos.quikorder.com)
is used over the Internet, so anyone who can capture (sniff) the traffic could easily
obtain the Dominos QuikOrder username and password from the standard base64-
encoded POST to the website.
Either would allow for individuals other than the owner of the Dominos Pizza
account to order arbitrary pizzas (with random toppings even) via the Dominos
QuikOrder web server and have them delivered -- resulting in chaos, anarchy
and confusion.
Additionally, there may be other issues resulting from the misuse of this package.
It is impossible to tell what other uses might be made of the username/password
pair stolen (it might be used by the use for all of their accounts on the Web f'instance).
Also note that as the order is sent unencrypted it may be possible for a MITM attack
to tamper with the order (potentially adding anchovies, onions or other undesirables).
The Fixes:
1. pizza_party should use HTTP over SSL to order the pizza's from Dominos
'secure' QuikOrder website: https://www.dominos.quikorder.com/
Unfortunately there are some problems with the Web certificate for this site.
2. pizza_party should prompt the command line user for the username and
password and read them from
on the command line.
3. pizza_party should also overwrite the store of the username and password
(or encrypt them) when they are in memory or an attacker could steal them
from RAM, or a swapfile on disk.
- H. Morrow Long, CISSP, CISM
University Information Security Officer
Director -- Information Security Office
Yale University, ITS
A GUI-based pizza ordering tool? It's old news, I hate to tell ya.
An engineer at Sun did this almost 10 years ago at Sun Microsystems. It was called pizzatool. Here's a screenshot. Notice how it even renders the proposed pizza for you before ordering. Also notice that it works by sending a fax; this was back before there were any companies accepting pizza orders over the web! As proof of its age, notice that the GUI is actually is actually built with the OpenLook toolkit.
Also note that it doesn't order any Domino's Pizza or any crap like that. It orders Tony and Alba's . Now that's some good pizza.
>Or maybe use HTML so its plaftorm neutral. Now that would be neat.
um.... why would you write an html wrapper around a cli wrapper of a web site? why not just go to the web site? or did you not follow the link...
Sitting Walrus Blog
True, but why go to the bother of compiling a CGI script as a DLL?
.exe be better?
.dll files run in-process with the web server. An .exe would spawn a new process every time. The .dll way lets you handle hundreds of requests per second.
Speed!
Most of them are written in interpreted languages anyway
Yes but they are compiled into machine code -- it doesn't re-interpret it every time it's called.
wouldn't
No. The ISAPI (Netscape used to call it 'NSAPI' in the days of FastTrack Server)
The Internet Server Application Programming Interface (ISAPI) model was developed as a faster alternative to the Common Gateway Interface (CGI). ISAPI provides a number of advantages over CGI, including lower overhead, faster loading, and better scalability. The chief difference between the CGI and ISAPI programming models is how processing is handled.
With CGI, the system creates a unique process for every request. Each time an HTTP server receives a request, it initiates a new process. Because the operating system must maintain all these processes, CGI requires many of resources. This inherent limitation makes it difficult to develop responsive Internet applications with CGI.
With ISAPI, requests do not require a separate process. Threads are used to isolate and synchronize work items, resulting in a more efficient use of system resources. For more information, see ISAPI and Web Application Architecture.
You can read more here.
Most of them are written in interpreted languages anyway
.dll CGIs you see are written in C++. They are usually running on IIS -- although I think Zeus supports this on Unix as well.
Maybe I should clarify this -- most of the
That program was great, if anyone is interested, you can still find it here. I imagine you can run it using DosBox on Windows, Linux, Mac, etc.
It is real money. Quid is a common slang term for 1 pound sterling (GBP). Currently for 2 quid you'd get 3.57 US dollars.