Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Using Bots, Scripts To Lock Down Restaurant Reservations

Posted by Unknown on from the flaws-in-the-system dept.

Nerval's Lobster writes "Forget about hacking an app or database: for a small cadre of hackers in San Francisco, it's all about writing code that can score them a great table at a hot restaurant. According to the BBC, these developers and programmers have designed bots that scan restaurant Websites for open tables and reserve them. Diogo Mónica, a security engineer with e-commerce firm Square, is one of those programmers. A self-described foodie, he decided to get around his inability to score a table at the ultra-popular State Bird Provisions by writing a script that sent out an email every time the restaurant's reservation page changed. 'Once a reservation got canceled I would get an email and could quickly get it for myself,' he wrote in a blog posting. But soon he noticed something peculiar: 'As soon as reservations became available on the website (at 4am), all the good times were immediately taken and were gone by 4:01am.' He suspected it was automated 'reservation bots at work,' built by other programmers with a hankering for fine cuisine. 'After a while even cancellations started being taken immediately from under me,' he wrote. 'It started being common receiving an email alerting of a change, seeing an available time, and it being gone by the time the website loaded.' His solution was to build his own reservation bot, using Ruby, and post the code in the wild."

48 of 214 comments (clear)

  1. Or... by nitehawk214 · · Score: 5, Insightful

    Go to a casual local place and have a backup plan if it is busy. Restaurants with mile-long reservation lists and >$100 plates are almost universally overrated.

    --
    I'm a good cook. I'm a fantastic eater. - Steven Brust
    1. Re:Or... by war4peace · · Score: 4, Insightful

      It's the "Ode to my Stomach" syndrome.
      Personally, I found home made food much more rewarding. At least I know for sure what do I put in my mouth. No funny business.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    2. Re:Or... by PPH · · Score: 5, Funny

      That place is so popular, nobody goes there anymore.

      - Yogi

      --
      Have gnu, will travel.
    3. Re:Or... by Anonymous Coward · · Score: 3, Insightful

      The State Bird place mentioned does not have particularly high prices. The current menu only has two items in the $20 range ($20 and $22). With prices like those -- and assuming good food -- who wouldn't want to eat there?

      dom

    4. Re:Or... by ackthpt · · Score: 3, Interesting

      Go to a casual local place and have a backup plan if it is busy. Restaurants with mile-long reservation lists and >$100 plates are almost universally overrated.

      Unfortunately I live in a resort-y area and we're overrun during the summer months. I just learn to be a better cook. I'm becoming very good at cooking these days. So much so I hate going out to eat because I can do everything so much better.

      now it's time for another episode of Samurai Short-order Chef

      --

      A feeling of having made the same mistake before: Deja Foobar
    5. Re:Or... by Em+Adespoton · · Score: 3, Interesting

      Another option: have dining in parties with your friends. Have each person take a rotation, try out new recipes/variants, and in general, have a good time without the bad music/bad lighting/bad seating. Non-paying guests can stay and wash the dishes ;)

    6. Re:Or... by TechyImmigrant · · Score: 4, Interesting

      The most I ever paid for a meal was $700 per head for a 16 course tasting menu at a 3 star restaurant. I booked 6 weeks ahead. It was money well spent.

      My priorities may differ from yours.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    7. Re:Or... by ackthpt · · Score: 3, Insightful

      Another option: have dining in parties with your friends. Have each person take a rotation, try out new recipes/variants, and in general, have a good time without the bad music/bad lighting/bad seating. Non-paying guests can stay and wash the dishes ;)

      I remember seeing something about these in my parents magazines from the 1950s. People had some place in the house call a Dining Room and it was much larger than their computer den. Shocking!

      --

      A feeling of having made the same mistake before: Deja Foobar
    8. Re:Or... by drkim · · Score: 2

      People had some place in the house call a Dining Room and it was much larger than their computer den. Shocking!

      A room just for eating in? Weird.

      How could you operate your computer from there..?

    9. Re:Or... by TechyImmigrant · · Score: 2

      I don't live near one either. I had to travel to Vegas. I don't expect super dupa dining to be on the vacation plans of a high proportion of people, but then you won't find me on a rock climbing expedition.
      It's worth working on your food phobias first, or you may be wasting money.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    10. Re:Or... by ackthpt · · Score: 2

      Most people have absolutely no idea what a 3 star restaurant is like. Most people don't live near one and wouldn't pay that much to have dinner even if they did.

      I was stuck in a Financial District, may years ago, where the only restaurants were 3 star or better. I found I could eat just enough to not be hungry for about an hour, on my travel budget. When I got more adventurous I got out of there at night to a pizza place where I could stuff myself.

      Still, I'm not impressed with very many restaurants these days -- a lot of it is presentation and atmosphere.

      --

      A feeling of having made the same mistake before: Deja Foobar
    11. Re:Or... by TechyImmigrant · · Score: 2

      It was Joel Robuchon. How much to people pay to go to Disney?

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    12. Re:Or... by Em+Adespoton · · Score: 2

      Thank you, Mr. Anonymous Coward, for this insightful riposte.

      Most of these issues seem to me like something that will be an issue the first time around -- and because you're all friends, can be easily overcome (otherwise, you're not really friends, are you? Just acquaintances of convenience).

      As for the vegetarian/lactose intolerant... well, someone who's lactose intolerant can eat anything a vegetarian can eat (at least a strict vegetarian). Speaking as a casual vegan (I have meat/animal products, but as the exception, not the rule), there's lots of stuff to prepare in this wide world that everyone can enjoy, and it's usually less expensive than the prepackaged stuff that'll give you an early death.

      As for those who are terrified of doing the "dining in" thing -- first off, why are they joining in this in the first place? If it's more a "want to spend time with friends, they'd be with us if we dined out" thing, then give them some training wheels -- have them come over early and help out at someone else's place. Same goes for the guy who has a hot plate and microwave that he has to move out of the way to fold his bed down at night.

      Trust me, you'll have a LOT more fun eating with friends than going out to a restaurant. It's a bit more work on the cleanup side, but if you're doing this every Friday, for example, and you do it in a 4 house rotation (more friends is fine, just have them come over early/provide some of the cooking ingredients/ stay late to help clean up/ whatever works with your group of friends), you've got one cleanup per month for the benefit of having something fun and different to do with friends each Friday evening.

      Hey... if Reality TV can do it with people who are perfect strangers (some of whom become good friends after the experience), you should be able to pull it off with friends. Or are you really afraid to get to know your friends better, for fear that they aren't really people you like?

      Hey... one other idea: for the people who feel threatened by this: take a cooking class. Unless you live out in the boondocks where you're not going to find good restaurants anyway, you've got cooking classes available, and they can be fun to do with friends. If you have a large enough group, you can even get custom classes tailored to what your group wants to do.

      And as for cooking... once you get over the initial fear and depenency on cookbooks, it's really a fun pastime. You learn what foods go well together, and can usually whip something up with the ingredients on hand without too much difficulty (as long as you're not having to do it 3x a day). Use recipes as inspiration instead of a manual, and things will go much better (even if some of the stuff you make flops).

      Just like in the world of technology -- feel free to experiment, think outside the box, and do your own thing. Cooking isn't really all that different from programming after all.

  2. There must be something better to do with that by stewsters · · Score: 3, Insightful

    God damn hipsters.

    1. Re:There must be something better to do with that by Natales · · Score: 4, Insightful

      Come on dude! It's so easy to be dismissive when you don't have a clue what are you talking about. Let me break your bubble: there are geeks that are hipsters, foodies and that just love the hedonistic pleasures of life. We all converge in this site at some point and share things that matter to all of us, but this is by no means all we are in life.

      I've had to learn to appreciate our differences with fellow geeks and nerds that have completely opposite political views for example without demonizing them, and in the process I've learned a thing or two. Don't fall in the "us" and "them" rhetoric and learn to respect people that care about different things.

  3. Cold Pizza by ebno-10db · · Score: 4, Funny

    Kids today. In my day programmers ate cold pizza and they liked it! Bonus points for pepperoni or sausage - there's nothing like cold congealed grease.

  4. What's next? by Anonymous Coward · · Score: 3, Funny

    A DDoS to ensure no one gets reservations?

  5. On the other hand by xevioso · · Score: 5, Informative

    The reservation company specifically denies that this is happening or is possible.

    TFA:
    http://insidescoopsf.sfgate.com/blog/2013/07/25/are-automated-bots-are-making-hot-online-reservations-impossible/

    1. Re:On the other hand by xevioso · · Score: 4, Informative

      The important part, which I failed to quote:

      Update, 1:20pm: Urbanspoon has released a statement that reaffirms its earlier denial, and also refutes duplicate reservations and reservation fraud (though neither of those issues are technically in dispute):
      "Urbanspoon’s data on State Bird Provisions’ reservations do not support the findings reported in Diogo Mónica’s post. While we will not disclose data about specific customers, we currently have processes in place to prevent duplicate reservations and combat reservation fraud. Urbanspoon’s goal is to give real diners the opportunity to make reservations. We’ve noticed that many diners will stop at nothing to get a table at the hottest restaurants in town, like State Bird Provisions , so we are constantly working on improving the overall reservations process to give all diners an opportunity to secure a table."

    2. Re:On the other hand by pipatron · · Score: 3, Informative

      And of course, everyone here knows that the answer is plain marketing bullshit.

      --
      c++; /* this makes c bigger but returns the old value */
    3. Re:On the other hand by gl4ss · · Score: 4, Insightful

      all bunch of blabla bla.

      you know what would work out? if the tables are really all reserved all the fucking time, make a reservation cost.
      then increase cost until you hit a spot. the restaurant should just charge more, if people want to pay a months rent to eat there then so be it.

      btw how the fuck could they make sure they don't get duplicate reservations? checking id's of people coming in to match the reservation? they can't really rely on cookies, ip addresses or anything like that for it. not even fb profile linking would do it, easy enough to have fake profiles...

      what urbanspoon cares about is that the tables are full, nothing else.

      --
      world was created 5 seconds before this post as it is.
    4. Re:On the other hand by BaronAaron · · Score: 2

      I call BS on this. Sounds like Urbanspoon is just covering their ass.

      Bottom line is their reservation system doesn't have any form of CAPTCHA which makes the use of reservation bots completely plausible.

    5. Re:On the other hand by ArcadeMan · · Score: 5, Funny

      Please, we're talking about fancy restaurants here. It's not just plain marketing bullshit. It's Lobster Thermidor aux crevettes with a Mornay sauce, garnished with truffle pâté, brandy and a fried egg on top and bullshit.

      --
      Get free satoshi (Bitcoin) and Dogecoins
    6. Re:On the other hand by hawguy · · Score: 3, Interesting

      The important part, which I failed to quote:

      Update, 1:20pm: Urbanspoon has released a statement that reaffirms its earlier denial, and also refutes duplicate reservations and reservation fraud (though neither of those issues are technically in dispute):
      "Urbanspoon’s data on State Bird Provisions’ reservations do not support the findings reported in Diogo Mónica’s post. While we will not disclose data about specific customers, we currently have processes in place to prevent duplicate reservations and combat reservation fraud. Urbanspoon’s goal is to give real diners the opportunity to make reservations. We’ve noticed that many diners will stop at nothing to get a table at the hottest restaurants in town, like State Bird Provisions , so we are constantly working on improving the overall reservations process to give all diners an opportunity to secure a table."

      And since these bot'ed reservations aren't appearing for sale on Craigslist, nor do these popular restaurants appear to be suffering from excessive no-shows, what exactly is happening to these reservations that are supposedly stolen by bots?

    7. Re:On the other hand by blueg3 · · Score: 4, Interesting

      you know what would work out? if the tables are really all reserved all the fucking time, make a reservation cost.
      then increase cost until you hit a spot. the restaurant should just charge more, if people want to pay a months rent to eat there then so be it.

      It's easier to auction off reservations rather than continually adjust the price until you find a level that works. And this was suggested by many people on Twitter early this morning already.

    8. Re:On the other hand by Anonymous Coward · · Score: 4, Insightful

      you know what would work out? if the tables are really all reserved all the fucking time, make a reservation cost.
      then increase cost until you hit a spot. the restaurant should just charge more, if people want to pay a months rent to eat there then so be it.

      That works if you're just in it to make a profit, and don't care about who is able to come to the restaurant.

      Planet Money had a podcast about this in regard to concert tickets. They had Kid Rock talking about it, and pointed out that it would be super simple to keep jacking up the price until supply & demand balances out and it's no longer worth scalping tickets.

      However, selling tickets to the highest bidder greatly changes the tone of the audience you get. You no longer get people who are there because they want to enjoy the experience, you instead you get people there just to show off their affluence. (Kid Rock mentioned the bored-looking old guys in the front row who are obviously just there to impress half-their-age girlfriends.) You'd see that with increasing the price to restaurant reservations. You'll no longer get people going to the restaurant because they want to enjoy the food, you'd get people there because a table at State Bird Provisions is rare, and it will impress a girlfriend/business associate. As a chef, cooking for people who want to enjoy your food and cooking for people who are just there to show off are greatly different things, and you may be willing to reduce your profit if you can ensure the former.

  6. I guess they never heard of CAPTCHA by Dorianny · · Score: 3, Insightful

    These days you can't even post on a forum without going through some form of CAPTCH,A never mind trying to buy tickets or book reservations.

    1. Re:I guess they never heard of CAPTCHA by 0123456 · · Score: 5, Insightful

      Yeah, but modern CAPTCHAs are so convoluted that computers can solve them more easily than I can.

    2. Re:I guess they never heard of CAPTCHA by al0ha · · Score: 3, Informative

      Wrong. OCR still can't defeat reCAPTCHA - however depending on the prize there's a multitude of other ways to do it which do not involve OCR including low paid workers in third world countries being served the captcha and solving it for the automated algorithm, or in the case of Ticketmaster, where the prizes were monetarily substantial, a group of miscreants going to the trouble of databasing just about every Captcha solution they could find. One group also was able to p0wn the audio version of reCAPTCHA for a while until it was upgraded. Another group has claimed they use OCR to defeat reCAPTCHA, but have never proven that to be the case and if they can, why not prove it?

      Citations:
      http://en.wikipedia.org/wiki/ReCAPTCHA
      http://www.wired.com/threatlevel/2010/11/wiseguys-plead-guilty/

      --
      Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
    3. Re:I guess they never heard of CAPTCHA by canadiannomad · · Score: 2

      Another group has claimed they use OCR to defeat reCAPTCHA, but have never proven that to be the case and if they can, why not prove it?

      Why would they? It would be in their best interests to let the algorithm work for as long as possible, no point rocking the boat, and showing the reCaptcha developers how to block it more.

      --
      Hmm, the humour and sarcasm seem to have been be lost on you.
  7. Reservation fees? by bradley13 · · Score: 2

    I would think that a lot of bot reservations would go unused, at least, as soon as the newness of this wears off. How long until restaurants start charging a nonrefundable reservation fee?

    --
    Enjoy life! This is not a dress rehearsal.
    1. Re:Reservation fees? by bfandreas · · Score: 2

      There will always be preferred customers and I suppose a lot of these reservations are made in person, face to face and way in advance.

      Also this is why we can't have good things. Brainless botter suspects brainless botters to be faster than him. Honestly, his behaviour is highly anti-social, egocentric and overly obnoxious. If I where running a successful restaurant I would go to great pains to avoid people like him. the likelyhood of him annoying other patrons is just too much. Do you need another jackass who photographs his food, posts it to Tubeface, starts a loud Skype conversation discussing his food and then complaining that it is not quite as warm as he'd have hoped.

      Remember: it is NOT against the law to filter out jerks. That is neither racism nor censorship. It is in fact good business sense. If you want to meet other people with a similarly bad behaviour go to McDonalds.


      Goddamn hipster.

      --
      20 minutes into the future
    2. Re:Reservation fees? by whoever57 · · Score: 4, Insightful

      some place in NYC that cost $600 for dinner for two people after taxes, tip and whatever. i tried making reservations, but the place was booked solid for months in advance

      Face facts. The problem wasn't that the restaurant was booked, the problem was that you are not famous.

      --
      The real "Libtards" are the Libertarians!
  8. This isn't hacking by hypergreatthing · · Score: 5, Insightful

    This is just a html scraper. People have had the same thing going on ebay for years. Suddenly it's hacking? Give me a break.

    1. Re:This isn't hacking by SeaFox · · Score: 2

      Suddenly it's hacking? Give me a break.

      Haven't you heard? Nowadays using a computer to access/use something in any way the original creator doesn't like is "hacking".

    2. Re:This isn't hacking by harvestsun · · Score: 3, Interesting

      But your forget that the U.S. legal system has decided that accessing publicly accessible URLs constitutes hacking. I guess the new definition of hacking is "using something in a way you weren't intended to".

    3. Re:This isn't hacking by serviscope_minor · · Score: 3, Insightful

      Nowadays using a computer

      Using an HTML scraper and an almost certainly unholy bunch of scripts to make sure you get first dibs on a restaurant reservation is certainly hacking in the old sense of the word: it's a hack.

      --
      SJW n. One who posts facts.
  9. Abusing the system by Torodung · · Score: 5, Insightful

    This is abuse of the reservation system, plain and simple. It simply is not robust enough (too informal) to handle bots. I suspect it soon will become commonplace to require tortuous captchas for reservations. Great job, lazy hacktivists! You've ruined e-life for everyone.

    As for posting code for it in the wild so any script kiddy can do it. Good for you. That's called leveling the playing field. It's the proliferation of bots just to be shits to each other that rankles my ire, not the fact that everyone can now do it.

    1. Re:Abusing the system by Thud457 · · Score: 2

      It's just Wall street quants doing to restaurants what they've done to the financial markets.

      OH FUCK, WE'RE ALL GONNA STARVE!!!

      --

      the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  10. self-described foodie by Gothmolly · · Score: 4, Funny

    Are there foodies who are NOT self-described?

    --
    I want to delete my account but Slashdot doesn't allow it.
  11. This is why we can't have nice things by Overzeetop · · Score: 3, Interesting

    Heaven forbid we should have the convenience of making a reservation online. No, it's takes a bunch of assholes to game the system and screw it up. Not that it's anything new, as online ticketing for popular events has been gamed for fun and profit by scalpers for years.

    If all of my family were to suddenly die in a freak accident and I was left alone with nothing to live for, I would hunt every bot maker down and shoot them for amusement. (Oh, and happy Friday everybody!)

    --
    Is it just my observation, or are there way too many stupid people in the world?
    1. Re:This is why we can't have nice things by nuckfuts · · Score: 3, Informative

      Way to keep your response on par with your nick.

    2. Re:This is why we can't have nice things by Bucc5062 · · Score: 2

      Now that is a the foundation for a good movie plot. I'd go see that one. Somehow, even though you're killing off people, you still remain the protagonist with the evils one being the other bot developers. At the end you die (of course, a tragic hero's path), but save the world...for now.

      --
      Life is a great ride, the vehicle doesn't matter
    3. Re:This is why we can't have nice things by MightyYar · · Score: 3, Insightful

      Meh, life is like that. I have to lock my bike up, my house has an alarm, that old lady got into the 12 items or less line with double that, some fuckers knocked down some buildings with airplanes, and people STILL don't wash their hands after using the bathroom.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  12. Ruby?? by happyhamster · · Score: 5, Funny

    Pfff, my soon-to-be-released Assembly program will put his slow ruby ass to shame, thus starting HFR (high frequency reservation) era and trading in reservation futures.

  13. Robot exclusion by tepples · · Score: 2

    Well Google/Yahoo/Bing bots are always doing the exact samething unless you tell them no to do so...

    There's an accepted protocol to tell those and other well-behaved bots not to do so in a /robots.txt file. I doubt that reservation bots obey /robots.txt.

  14. Revenge of the Nerds by Alsee · · Score: 4, Funny

    One of the perks of dating a geek is that we are now the only ones who are ever going to take you to the hottest restaurant in town.
    Jocks need not apply.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  15. Attention Non-Programmers by Bob9113 · · Score: 2

    Attention Non-Programmers: This is what the future looks like. If you don't learn to make your computers obey you, if you don't take control of your information flows, you will be marginalized by the people, corporations, and governments that do.

    I'm not saying it is right. I'm saying it is. As philosopher-poet Ash once observed; "Good. Bad. I'm the guy with the gun."

    --
    Stop-Prism.org: Opt Out of Surveillance