95% of ATMs Worldwide Are Still Using Windows XP

BUL2294 writes "95% of the world's ATM machines are still running Windows XP and banks are already purchasing extended support agreements from Microsoft. (some of the affected ATMs are running XP Embedded, which has a support lifecycle until January, 2016). 'Microsoft is selling custom tech support agreements that extend the life of Windows XP, although the cost can soar quickly—multiplying by a factor of five in the second year, says Korala. JPMorgan is buying a one-year extension and will start converting its machines to Windows 7 in July; about 3,000 of its 19,000 ATMs need enhancements before the process can begin...'"

Relevant XKCD

[iYk6]

https://xkcd.com/801/

Re:Relevant XKCD

[Art+Challenor]

I was thinking this one: http://xkcd.com/463/

Re:Relevant XKCD

[ILongForDarkness]

Except that the hardware drivers were probably written for windows by developers with windows desktops. That is often the case. So "porting the JVM" probably never came into it. Put a full PC in the box and your drivers don't need to be rewritten (or you have to hire developers that know something different) is probably more like it.

Re:Relevant XKCD

Diebold actually got into the "voting" machine business because of their existing ATM experience. They started out as a safe company. It can be fun to see how a company's line of work evolves over time.

Price?

[mriswith]

The cost of the support agreements, would still be less than the replacement of several thousand ATMs and internal systems. There is a reason why people do this, and it's not just lazyniess..

Re:Price?

[icebike]

There is a reason why people do this, and it's not just lazyniess..

Still, you would have thought they would have learned a few lessons by now.

JPMorgan is buying a one-year extension and will start converting its machines to Windows 7 in July;

Anything that can run Windows 7 could run linux.
Anything that can run embedded Windows 7 would have no problem running linux.
Or OpenBSD.
You can replace the entire motherboard and processor with something 10 times as expensive as a Raspberry Pi for $350, and still save money over paying Microsoft extensions for every terminal.

There will be several companies dragged before congress. There have been multi-billion dollar losses. How many times do you have to let hackers make you their bitches before you cry uncle and at least look at a Linux solution?

Re: Price?

[VTBlue]

Why would a risk averse organization that makes billions of dollars a quarter expose itself to potential lawsuits for an operating system that provides no indemnity from patents?

Re:Price?

[turbidostato]

"The cost of the support agreements, would still be less than the replacement of several thousand ATMs and internal systems."

It won't. Is this extended support going to avoid XP from being replaced? I bet not. Therefore paying for the extended support *plus* replacing is certainly going to cost more than just replacing.

"There is a reason why people do this, and it's not just lazyniess.."

It *is* lazyness.

The very day they started deploying XP they knew that would come to an end for the very reason they were using a closed-source license-based operating system.

Paying through the nose now for something they knew it was coming but didn't nothing in time is the very definition of lazyness.

Re: Price?

[icebike]

Why not?
Nobody has successfully proven a patent infringements in Linux.
Even Microsoft has given up, and is now a major Linux contributor.

Re: Price?

[fredprado]

Because the multibillion dollar organization, averse as it may be to risk, is very hard to bully especially when you are trying to patent troll them.

Re: Price?

[icebike]

Your spewing FUD.

Google, Amazon, IBM, and even Microsoft themselves are all HUGE Linux users.
Big business isn't afraid of Linux.

Re:Price?

[viperidaenz]

.... then add the cost of redeveloping and retesting the code that runs the entire ATM network.

Re: Price?

[MightyMartian]

What a load of shit. Some of the biggest corporations in the world use Linux.

IBM demonstrated quite nicely what happens when some patent troll tries to shut down Linux.

Re:Price?

[viperidaenz]

'license-based' has nothing to do with it.
They don't have to stop using the software, they just won't get free security updates.

closed-source also has nothing to do with it.
It it were open source, they'd need to hire staff to do the maintenance.

Re:Price?

[tftp]

Is this extended support going to avoid XP from being replaced? I bet not. Therefore paying for the extended support *plus* replacing is certainly going to cost more than just replacing.

That's not the case. XP-based ATMs probably run on a horribly slow SBC that has 512 MB of RAM (why to pay for more if the application does not need it?) The goal of this extension is simply to wait until existing machines reach their scheduled replacement dates. Then they will be scrapped. The new machines will be based on something else... which, you can bet, will be also obsolete in 10 years.

Re: Price?

[dbIII]

Face it kid, linux is so mainstream these days that even Haliburton not only use it but sell software to run on it.
If you are object to being called "kid" then I suggest not acting like one.

Re:Price?

[icebike]

Why would the network side have to be replaced?
Data is data.

Re:Price?

[anubi]

This whole affair of what platforms to use puzzles me greatly. I am of the opinion that the selection process has everything to do with politics and little to do with substance.

I feel a lot of it has to do with a corporate mentality of holding everything blameless with contracts which have to be signed off on before the business will do anything. "Hold Harmless" seems the byword of the day.

I have tried to use Micrium's uC/OS products, based mostly on their certifications for mission critical affairs such as aircraft and life support . For me, this thing is like a "Super Arduino" for embedded applications.

Business will pay for people to play down everything the "leadership" type does not understand, and personal experience tells me that if I do not recommend Microsoft, I will not get the job. Regardless of my belief and experiences to the contrary. Its been my observation that once one gets high enough in corporate hierarchy, one is forced to play CYA, and the only way to play is find someone else to pin the blame on if things go sour - better yet be able to blame someone big - so the guy who hired them does not take the fall for it.

There seems to be a trivial amount of effort expended to mitigate the probability of a breach in the first place.

I am not trying to shill for Micrium - I just like their product and their philosophies of supporting an OS. It is all quite well documented ( link to the book I use all the time ).

NetBurners run this code. This had been the most robust system I have ever studied, yet I find few people who are willing to let me implement it - and for now it runs on a machine I have for my own edification.

My own feeling if anyone wants to hack a bank ATM, go for it. No one's responsible, its just another ledger entry to the bank. If the thing gets too out of hand, the government will make it up to them.

Re: Price?

[Immerman]

You are suggesting that Microsoft will indemnify you against patent infringements? Really? Since when?

I must have missed that announcement.

Re: Price?

he was planning on running debian.
if he ran bsd he would be better off. no one bothers hacking 1000 machines.

Re:Price?

[afidel]

Plus the XP part of the ATM has nothing to do with the network, that's all handled by IBM black box crypto modules (or at least it was when I worked as a field tech for Global Services, we could do maintenance work on the PC running the GUI but there was a special group for handling the crypto boxes).

Re:Price?

[viperidaenz]

Because data may be data but proprietary protocols are proprietary protocols. If you replace one side with new software, who's going to support the other side?

Even if there is supposed to be some kind of standard... Like IBM saying the Banking Transformation Toolkit is only supported on an IBM JVM, even though its plain old Java and will run on an Sun/Oracle JVM, they will refuse to support it.

Re: Price?

[VTBlue]

FUD? Hardly. These are matters of reporting, public record, and common sense. And I guarantee you that each and everyone of the firms you have listed has paid some patent holder licensing fees for patents that are implemented in Linux. Even small commercial Linux shops have had to deal with patent suits. The point is for a bank as large as JP Morgan, using Linux for ATMs makes zero sense, technologically, legally, and financially. Due to the high volume of infringements in a national ATM network, the damages could easily be many multiples more than the cost of a windows embedded license with tier one support. Now using Linux for internal servers or a HPC cluster is a different story completely, here JP would not be as easily exposed from a discovery perspective, plus there is a rational use case for financial/scientific computing to utilize Linux.

Re:Price?

[icebike]

Because data may be data but proprietary protocols are proprietary protocols. If you replace one side with new software, who's going to support the other side?

Who ever is supporting it now.
The existing protocols can remain in place. The existing backends can remain in place. Data is Data whether sent by Windows or Linux.

Were you somehow under the impression that the entire internet was rebuilt specially for you
each time you got a new computer or switched from Windows to Linux, to Mac?

Re: Price?

[icebike]

Your an idiot.
There is no patented code in linux.

Re:Price?

I'm sure re-writing their software (which has to be very carefully reviewed for security reasons) would cost far more than the savings from switching away from Windows.

Re:Price?

[sjames]

If buying the expensive support contracts actually avoided the upgrade, it might make sense. But as a mere deferral it's expensive. Delaying doesn't make Windows7 last longer nor does it allow them to skip a generation.

What they're paying for is a reprieve because they wasted time not facing the reality that the upgrade had to happen.

Given the number of machines they have deployed and how little of the OS actually makes any sense for an embedded application, I'm amazed they haven't switched to Linux or *BSD.

Re:Price?

[SacredNaCl]

At least 95% of ATM's are not running OS/2 (which used to be the case not very long ago). Most of the ATM's using XP at least have an upgrade path to Windows 7. That said, it would not surprise me that 6 months months down the line
if 30-50% of ATM's are still running Windows XP. Many of them will buy extended support from someone if it is offered, but I am s, but I am also certain many will just roll the dice until an exploit comes along that actually effects their systems/netorks.

I think the bigger problem is all of the point of sale systems that run XP. Many of those will not get upgraded until they are no longer functional!

Re:Price?

[icebike]

Its actually not that hard to move software from Windows to Linux these days.
The investment in that code is easily preserved with a recompile.
There are even packages that will convert the bulk of your windows API calls for you.

The point is they are being taken for Billions by hackers, they are going to be taken for millions and millions by Microsoft, and they are going to have to replace equipment in every one of those ATMs anyway as the country moves to smart chip cards.

Surely you can't be suggesting continuing to run on XP forever?

Re:Price?

[Bite+The+Pillow]

How much of the certified and approved software runs on linux? Hosting Windows in a VM with exactly the same network access gives you the same problem, so that isn't a solution.

If you want to reply at all, you should find out which ones will run on Linux and let some people know about it. I couldn't find one.

And, if you're using a Diebold or NCR machine, you're using the OS they push you towards - Windows. Sure it's possible to resist, but you have to educate ATM purchasing when the vendors are saying the opposite. I'll start.

http://www.pcworld.com/article/113997/article.html

Your turn. Replacing the OS is not trivial, unless you think you can walk up to the people who make that decision and just somehow convince them.

Again I repeat - if something is obvious, chances are there are people who have already considered it. It's all there in that article.

Oh wait that's from 2003, so far outdated by now. Okay.

http://www.diebold.com/products-services/managed-services/atm-channel-management/Pages/software-distribution.aspx

Linux does not appear, Windows does.

Your search - "linux" site:diebold.com - did not match any documents.

Your search - "unix" site:diebold.com - did not match any documents.

I tried linux and unix at ncr.com but all of the unix stuff seems to be non-ATM and the linux stuff is POS. So where ya gonna get the software?

Re: Price?

[VTBlue]

Yes, Microsoft has ALWAYS indemnified it's customers from patent infringement suits filed against its customers. Google "Microsoft indemnity". I'm a little out of date about commercial Linux vendors but as of a few years ago, no commercial Linux distributor offered indemnity because they couldn't. Thinks might of change by now though. Irrespective of this JP Morgan would still never use community Linux distros. They would use commercially support distros that have stringent SLAs and pricey support contracts. So if push came to shove, an ATM terminal network using Linux would likely cost much more when factoring both support, dev, testing, security, patching, and upgrade costs. No Linux provider comes close to Microsoft's support lifecycle either.

I'm not saying Linux is bad, sucks, or is never right choice, I'm just saying that in this case for this customer, Linux for ATM is probably more expensive to support than Windows Embedded. The cost of Windows Embedded licensing and support is a rounding error for a firm like JPM

Re:Price?

[sjames]

Given the deployed volume, hiring someone to maintain the few parts of the OS they actually need would compare favorably to licence fees, especially given that they would be able to set their own schedule for upgrades in return.

Re:Price?

[icebike]

Banco do Brasil moved to linux ATMs in 2008. IBM backends, Linux ATMs. As has Banrisul, largest southern region bank in Brazil.

Third biggest ATM country in the world, and you haven't heard of it?

Re: Price?

[icebike]

Nice try:

ORDER granting 829 Stipulation of Dismissal filed by Bedrock Computer Technologies, LLC, Google Inc. The verdict rendered in this matter is VACATED and all claims for relief asserted by Bedrock against Google are DISMISSED with prejudice.

http://docs.justia.com/cases/federal/district-courts/texas/txedce/6:2009cv00269/116887/830/

Bedrock also lost to Yahoo and Amazon, over the same patent and they have thrown in the towel.

Re: Price?

[Culture20]

no one bothers hacking 1000 machines

They do if
# eject /dev/cash
spits out ten $20 bills at a time.

Re:Price?

[Barlo_Mung_42]

The OS doesn't matter. The hardware doesn't matter. The expense is all about the software. The software that's running on XP will also run on Win7. So the easiest thing for them to do is just upgrade the OS underneath it all and keep going.

Re: Price?

And the entire Android industry demonstrates quite nicely what happens when a company decides to give Microsoft their cut.

Re:Price?

[hairyfeet]

And who EXACTLY would they call when things go wrong? With Windows if anything goes wrong you have exactly ONE vendor to call, Microsoft. Quick...who is in charge of the networking stack? who do we call if we have a problem with a widget? Whose phone do we ring if there is a problem with the sound?

Sorry icebike but saying "Here is the code, fix it yourself" might be fine for your hobbyist program but NOT when you can literally lose millions with a single mistake.

Re:Price?

[Bert64]

Exactly, updating the machines to run windows 7 is just pushing the problem out, for the same thing to reoccur a few years down the line.
Replacing them with a minimal linux or bsd appliance is a far better plan, especially when it comes to maintenance since you can remove absolutely any unnecessary code from the system leaving a much smaller footprint that requires maintenance.
These systems running windows will have a huge amount of unnecessary code present, like a web browser, libraries to support games, backwards compatibility libs, drivers for non present hardware etc. All of this increases the potential for attacking the device, while also increasing the overhead of patching it.

Re:Price?

[Bert64]

Closed source means not only will they no longer get free security updates, but eventually they won't be able to get security updates at all for any money.
Running an ATM on something that cannot be maintained is likely to get them in trouble with financial regulators in most countries.

Chances are they already have maintenance staff, the code running on top of the os is probably already their own code and an organisation that size will already be using linux in other areas of their business anyway.

Re: Price?

Microsoft has yet to tell what those supposed infridged patents are. The phone manufacturers pay up, because they are wusses and are afraid. Still nothing proven against linux.

From what i know, it's more like FAT licensing, features on the phones, not linux, but since windows phones already have those features licensed, making windows phones won't cost you more than what the one license already does. It's the same thing that SD card manufaturers/camera manufacturers have to pay for the FAT bullshit.

Re:Price?

[icebike]

So you think there is no support for Linux?
I bet you have never heard of that little company called Red Hat, or Suse, or IBM, or Canonical?
And I bet you've never actually got a Microsoft engineer on the phone either.

Re: Price?

Yeah that's exactly how it works. And just think of all the wasted time hooking up a DVD reader and going through the long windows installation GUI and then waiting for the updates to apply and then having to uninstall all the symantec crap. On every single ATM!

Re:Price?

[wonkey_monkey]

Because data may be data but proprietary protocols are proprietary protocols.

Say that again ten times fast.

Re:Price?

[wonkey_monkey]

The hardware doesn't matter.

It does if there are no Windows 7 drivers or other reasons it may not run Windows 7 (at all, or well enough).

The software that's running on XP will also run on Win7.

How do you know for sure? Do you work with ATM software?

Re:Price?

[Joce640k]

The cost of the support agreements, would still be less than the replacement of several thousand ATMs and internal systems.

Is that short-term or long-term costs?

Re:Price?

[turbidostato]

"'license-based' has nothing to do with it."

License-based has all to do with it. Were there contract a support one, instead of a license one (well, their case is even worse: a license one plus a support one) they wouldn't have this decoupling problem: the vendor wouldn't be able to change one contract's conditions based on the other contract.

"closed-source also has nothing to do with it."

It has, again, all to do with it. Being closed-source means there's no alternatives for the support. Isn't there something about the abuse potential that comes with a monopoly position in Economics 101?

"It it were open source, they'd need to hire staff to do the maintenance."

No. It means they would be able to go to an open market to get a best priced support.

Re:Price?

[AmiMoJo]

They can't just port things like binary drivers from the manufacturer's of ATM network adapters or custom video cards that drive the industrial LCD panels they use. It's really not that simple I'm afraid.

Re:Price?

[viperidaenz]

I'm under the impression if you dont use a supported configuration for a vendor, they won't support it for free.

Hence my mention of IBM. That's something that actually happened to a project I worked on. They refused to investigate any defects found in their framework unless they were reproduced while running it on an IBM JVM.

Re:Price?

[turbidostato]

"The goal of this extension is simply to wait until existing machines reach their scheduled replacement dates."

So the OS life is not paired to the hardware life? Is it that the OS vendor is breaking their contract or is it that the bank didn't proceed with their due dilligence to be sure about that from the begining? Tell me again how that's not lazyness.

Re:Price?

Did it cross your mind that these people, all who employ Linux company wide, are not idiots and that Linux doesn't fit their current ATM infrastructure (both HW and SW). The cost of the OS is *peanuts* compared to the general support and infrastructure.

Re:Price?

You sound like an you have zero idea about the costs. Lucky you had a crystal ball back when eh? You obviously have NO idea about the cost of migrating these systems.

Maybe you should go and head up the IT departments in these companies and start on your "open source" diatribe. You wouldn't last long.

Re:Price?

[icebike]

Yeah it is that simple.

You don't even need to port them. Just encapsulate them and run them as binary blobs, just exactly the way nic drivers and video drivers were originally moved to Linux.

The manufacturers will fall all over themselves trying to help. The want out from under Microsoft's thumb too.

Re: Price?

[Hal_Porter]

Meanwhile less big companies like TomTom get sued for infringement.

http://en.wikipedia.org/wiki/Microsoft_Corp._v._TomTom_Inc.

And HTC pay Microsoft a $5 license for every Android device

http://arstechnica.com/information-technology/2011/10/microsoft-collects-license-fees-on-50-of-android-devices-tells-google-to-wake-up/

Actually I'm surprised that Google doesn't have a formal license fee for Android. They could charge for a license that they'd guarantee would cover all patents. Some would go on the patents they know the rest would go to fighting patent lawsuits in the future.

E.g. suppose Google knows that most licensees for Android pay $5 in license fees. They set up Android Licensing Inc which offers a patent indemnity license for say $10 per device. If you pay the license Android Licensing Inc will fight patent violation lawsuits for you. They could build in a patent pooling clause too.

You'd also be free to take your chances. Of course it's debatable how many Android OEMS would actually go for this. The big ones - Samsung, HTC, Sony etc have already negotiated their own arrangements and would presumably not want to patent pool. The small ones probably take their chances and negotiate licenses as they need to.

Probably they missed their chance to do this back when Android was announced. If they set it up as an industry consortium with patent pooling and a board of directors that governed the standard they could have done this. Android doesn't actually work like that - Google license the base OS for free but Google Apps are licensed.

http://source.android.com/faqs.html#how-can-i-get-access-to-the-google-apps-for-android-such-as-maps

Someone discussed this here

http://pando.com/2012/01/28/how-google-can-save-android-close-it-license-it-swim-in-the-profits/

By licensing Android, Google could begin to extract even more money from smartphones--which, I thought, was the whole point of being in business.

Won't licensing Android turn phone makers away from Google's OS? That may have been a worry a few years ago, before manufacturers had committed to the OS. But now Google and major handset makers are stuck on the Android train. They've built their entire businesses around the OS, and many of their customers love it. And, anyway, phone makers know that Android isn't really free in the first place--not to Google and not to handset makers. In addition to the cost of developing the OS, Google has lately been spending billions on patents to protect it. Nearly every handset maker, meanwhile, has signed licensing agreements with Microsoft to settle patent suits. Estimates suggest that each copy of Android costs phone makers $10 to $15 in licensing fees to Microsoft. That's still a bargain--Windows Phone 7 costs $20 to $30 per copy.

So here's Google's opportunity: It could charge phone makers $10 per Android license, raising the total per-copy cost of Android to between $20 and $25. Sure, Samsung, HTC and others may balk, but what are they going to do about the added cost? Going to Windows would be more expensive and confusing to their businesses. As an inducement, Google could also begin settlement negotiations with Microsoft and other patent litigants to reduce Android's licensing costs. Given all this, phone manufacturers would stick with Android--and Google would make a killing.

The reason I think they won't do this is that Samsung sell most Android phones. There have always been hints that Samsung would fork Android for its own ends and I think if Google tried to make them

Re: Price?

Okay, so why would they bother porting their entire system to another OS if they'll still have to pay support fees? Isn't the argument for Linux that it would be cheaper?

Re:Price?

[AmiMoJo]

Stop and think what using Linux would mean for them for a moment. They would have to pay hardware manufacturers to provide Linux drivers, or write their own. Those ATM NICs are proprietary and use certified encryption, so it's not even just a case of hacking some code together, it needs expensive certification as well.

They would also have to employ some experts to do OS level support for them. They are not paying Microsoft for security patches, this is an embedded system. They are paying for technical support when they have issues. That cost would probably be close to what they would have to pay some Linux experts, and they wouldn't have any other company to blame when things went wrong.

I'm not saying Windows is definitely a better solution, but Linux isn't as wonderful as you think either. No matter which one they picked they would have issues, but it an ancient Linux kernel that needs support or an ancient Windows kernel that needs support.

Re: Price?

And I guarantee you that each and everyone of the firms you have listed has paid some patent holder licensing fees for patents that are implemented in Linux.

And I guarantee you that all those companies have paid each other and many, many other companies licensing fees for patents that are implemented in their own products. So? That's the way industry works.

I may be a Mac jerk, but at least I don't try to undermine Linux with my blind faith in a company that has made its goal to be a monopolistic tyrant and oppress progress, usability & over all quality in order to squeeze every last penny out of anyone who stands near a computer. You and your ilk cannot and will not stop Linux, not even with your tainted tails of FUD.

Re: Price?

[VTBlue]

You must be an idiot. Vacated doesn't mean that that no violation existed. It means that the court no longer needs to decide. It's a freaking settlement with undisclosed terms with paying its owns attorney fees on top of that. All if which basically supports what I have been saying. The biggest Commercial users of Linux can be targeted by patent holders and successfully extract damages either through litigation or settlements.

Re: Price?

[VTBlue]

And "Dismissed with prejudice" is simply a legal procedure, not what you think it means. It just means that the plantiff cannot bring this matter against the defendant before the courts again.

Re: Price?

[alex67500]

I'm not sure what is funniest. The comment itself, or the fact that it's modded insightful... :-D

Re: Price?

this is indeed the case. hardware is custom built, software is super integrated. while the OS itself is a very basic XP installation, the actual code driving the ATM functionality is very platform specific and would not port nicely to linux without requiring a complete revamp of their hardware and accessories. while there is no guarantees at what brand new ATM models will use for hardware, but all existing Windows ATMs out there will just get the newer OS and move on, only causing the oldest few of remaining hardware to maybe be depricated. once they get Win 7, they dont even do update patches, so as long as it is tested to work will all currently in use models, then they are set for another decade or more.

Re:Price?

[SumDog]

Extended support might be cheaper than Win7 and make M$ more money (althought they will have more technical debt)

I came here looking for the OS/2 comment. I rmember when those were in ATMs and when IBM cut support for it.

Re:Price?

Tell that to any embedded software on the ATM that uses OLEDB to access the SQL server back end...

hint: DOES NOT WORK WITH WINDOWS 7.

Re: Price?

[Grishnakh]

From what i know, it's more like FAT licensing, features on the phones, not linux,

According to the arstechnica article here, one of the supposed patents had to do with storing or organizing contacts. That doesn't have anything to do with Linux per se, that's just a feature unique to phones. FAT licensing does affect the kernel level, but it only applies because Android phones have to be able to access FAT filesystems on SD cards since that's the de-facto standard for those, all because of the Windows desktop monopoly. Apple probably has to license that same patent for their Macs if they want to be able to read SD cards with FAT filesystems.

Re:Price?

[jbolden]

Unix isn't more secure than an embedded Windows system they are roughly on par. If your goal is security why use a Unix at all and not a capability system? You can get secure operating systems which support the Linux tool chain (for cheap development). I can't see why you would switch from a moderately secure system to another moderately secure system if the focus is on security.

Re: Price?

[jbolden]

Nobody has successfully proven a patent infringements in Linux.

Microsoft reported $2b last year in Android related patent claims. I'd love to know what patents Linux is violating but I'd say that to a great extent they have been proven at least enough for large companies to write some large checks.

Re:Price?

[dfghjk]

"Anything that can run Windows 7 could run linux.
Anything that can run embedded Windows 7 would have no problem running linux.
Or OpenBSD."

And what support contracts do those come with?

Windows XP continues to run after the support contract ends. By switching to any of the ones you mention, they would simply be spending time, money and effort to move the support end date up to now.

Re: Price?

[jbolden]

IBM demonstrated quite nicely what happens when some patent troll tries to shut down Linux.

That was a copyright claim and then later a contract violation claim. Not a patent claim.

Re:Price?

[dfghjk]

"It won't. Is this extended support going to avoid XP from being replaced? I bet not. Therefore paying for the extended support *plus* replacing is certainly going to cost more than just replacing."

Which is why you should buy a new car tomorrow, even if you bought one just last week.

Re: Price?

[jedidiah]

> And I guarantee you that each and everyone of the firms you have listed has paid some patent holder licensing fees

No you can't.

Even if you could. That only supports the use of Linux by such companies. It means THAT IT'S ALREADY PAID FOR.

In your rush to make up stupid shit, you failed to think things through.

Re: Price?

[jbolden]

. I'm a little out of date about commercial Linux vendors but as of a few years ago, no commercial Linux distributor offered indemnity because they couldn't.

Novell (Suse) offers this since 2004
Oracle since 2006
Redhat since late 2006

That being said I don't see the problem with Linux.

Re:Price?

[jbolden]

I think the bigger problem is all of the point of sale systems that run XP. Many of those will not get upgraded until they are no longer functional!

Most POS vendors advise their customers to be on a 3-4 year upgrade cycle. Those XP based systems should have been trashed already. This isn't complex like the XP case this is just the customers not following vendor instructions.

Re:Price?

[ILongForDarkness]

So you want a new ATM in 2005 you are "half way" through the current generation but the next gen one isn't available yet. MS (or hardware makers) aren't all going to sync on each others schedule. Can you imagine if they did? It is hard enough to get 10 people at work to go out at 12pm exactly and know where they are going without a big long debate. There would always be someone saying "oh don't do it now we have a 100M deal we are trying to close".

That is the pro of FOSS you can pick the latest and greatest distro with the newest shinniest bits at any time you want. The problem is stability in the sense that getting support for an old distro might be hard to find because the ecosystems mentality is "its free, just update to the latest". You might need more people in house managing what goes into your stuff after it ships since it might just not be a simple update manager but hunting down a particular build of a particular component (say OpenSSH) vs (admittedly also a bad idea) blindly trusting windows update to give you what you want.

Re:Price?

[rescendent]

And I bet you've never actually got a Microsoft engineer on the phone either.

As a small company you can get a Microsoft engineer on the phone in under 2 hours; their support is excellent. I imagine a big bank would have an even better arrangement.

Re:Price?

lazyniess

lazyness

GAH! MY EYES!

Laziness

Get it right! Those red squigglies are your friend!

Re:Price?

[hairyfeet]

Uhhh you DO realize that every one of those companies have MUCH higher support fees than MSFT does for Windows, yes? It is THIS that bites guys like you right in the ass, because you either pay for supporting your own fork with your own dev team (NOT CHEAP) or you pay several hundred per unit to get support from Red hat.

I'm sorry icebike but like with most little niche "solutions" once you dig below the surface and start plugging numbers? the math just isn't on your side. Oh and just FYI but when i was working IT at a medium sized company? I heard from MSFT engineers a couple of times when we had issues, one even sent a custom patch to mitigate a problem we were having with a service pack not playing nice with a mission critical piece of software. How many times have you actually gotten a Red hat engineer on the phone?

Re:Price?

[fritsd]

Thank you for your informative post. I suspect (no proof) that if corporate leadership is so attached to established expensive technology like Microsoft XP ATMs, then higher-level economical effects will come into play:

On the scale of entire banks, those banks that have more secure ATMs (i.e. NOT running Microsoft Windows XP) will have fewer attacks, southeast european skimmers will have a tougher job of attacking the ATMs, the reputation of the banks in the high street will be ranked according to the scale "does the ATM work or does it show some cryptic Microsoft error message all of the time and an "out of order" sign".
I know I don't like Microsoft, so there's a subjective factor involved, but when I saw the ATM of the bank where we have OUR money, with some Microsoft error message screen (I made a photo of it if you don't believe me), I seriously thought: "I am SO going to switch to a bank which takes my money a bit more seriously than giving it to Bulgarian scammers" (apologies for the stereotypic slur--I love Bulgarian wine and music).

Because in my personal biased opinion, that's what using Microsoft for serious tasks (such as ATMs) means.

Disclaimer: I've worked a bit with money transfer protocols and a bit for banks, but I'm not really a security or banking professional. I know that the secure systems are all mainframes, Unix and Linux.
I seriously could not believe that a bank would use Microsoft for ATMs, until I saw it with my own eyes.

Re:Price?

Stop and think what using Linux would mean for them for a moment. They would have to pay hardware manufacturers to provide Linux drivers, or write their own.

And this you have to do only once, then you deploy on all the machines. No per-machine cost. None at all.

Re:Price?

How long does RedHat support RHEL, and at what price?

I doubt the MS support is much more than keeping an XP era Linux system up to date.

Re:Price?

That's what I was thinking. Isn't this kind of thing EXACTLY what Debian Stable is for? The kinds of systems that need to be rock solid so they can sit for the next 15-20 years w/o changing things up?

Re: Price?

[VTBlue]

Fair enough. I never said there was a problem. All I was responding to was Icebike's comment where he made it sound like JPM were idiots for not choosing Linux and that somehow by choosing Linux, it's automatically more secure that an embedded Windows OS.

Re: Price?

[mcgrew]

Ever heard of a supercomputer? You know, those computers that cost millions of dollars and are the fastest computers in the world? Well, the fastest ten all run Linux. Guess who can afford a computer like that?

Guess what OS routers are running. Yep, Linux. Guess what Pixar and the other CGI houses use? Linux. Do you think the automakers are using Windows to run simulations??

The only Windows computers are the little ones sitting on office drones' desks. The big iron mostly runs Linux these days, where it used to be UNIX.

Re: Price?

[icebike]

It would be cheaper, but that is not the argument.

Wake up and read a newspaper.

Credit card companies are sustaining billion multi dollar losses every month. They are being hauled before congress.
All of this so that the credit card companies and banks can continue to use insecure card and hopelessly out of date operating systems from the company with the worst security record in the industry.

Re: Price?

[icebike]

The patent is being challenged, and because it has been reduced to simple math it is unpalatable.
There is no cash settlement. Bedrock is running for the hills, and can't afford to face an appeal, because they know they will lose again, so they settle and get out of not having to pay Google any lawyer fees.

You sir, are an idiot.

Shall we look into how many suits are pending against Microsoft??? Shall we?

Re: Price?

[icebike]

Exactly. They waived any right to appeal, because their patent is going to be invalidated.

Re: Price?

[icebike]

No one is violating patents, they (andorid) choose to use FAT32. So they license Fat32. No part of the android kernel or linux violates patents.

Microsoft isn't collecting "patent claims" (what ever the hell that means), they are collecting license fees, as are a lot of other companies who's chips and radios are used in android.

Unlike a radio chip, or a sound processing chip, Fat32 can be replaced in seconds any time the Android consortium wants to. It exists mostly as a convenience to the end-user.

Re:Price?

[icebike]

Any support contract you want.
Get it from IBM, SUSE, Red Hat, Canonical, and 50 other companies.

Contrary to your risk-avoidance mentality, the banks don't run ti Microsoft every time they have a problem with an ATM machine.
The OS manufacturer is not on call for you, either on your desktop machine or you server, or your ATM.

Re: Price?

[jbolden]

$2b for FAT32? We don't know the details but I don't know the basis for your assertion that everything is patent free. Certainly FAT32 can be replaced easily which so using it ain't worth $2b.

Re:Price?

[im_thatoneguy]

This was my thought exactly. Even if you went with Linux... it's not like Linux kernels are necessarily supported indefinitely for free either. In fact, how long a Linux release is supported can't even be codified without going to a third party. If you go to Microsoft and say "we need support for 20 years" you can count on receiving that support that you've signed into a contract. If you get Open Source software the way that many posters here seem to be alluding to, aka, free. Then you have no idea how long exactly maintenance will last and how long people will continue to back-port patches or answer your forum questions.

If you go with Microsoft you'll pay Microsoft. If you go with Red Hat you'll pay Red Hat probably about the same. Either way you need someone willing to assure you that they'll have a team of knowledgeable engineers maintaining and supporting your project for a specific contract duration. Even if you had access to the code you would be wasting your time changing it instead of hopefully an expert in that specific sub-system able to do it in 1/4 the time.

Re: Price?

[icebike]

The $2B is composed of a few cents for each android (and IOS) device sold, from every DEVICE maker, (including Apple, which is largely BSD based). It is not because they use Android, it is because the MicroSD cards use Fat32, exFat, and the usb protocol increasingly uses Media Transfer Protocol (MTP), which is also patented by Microsoft.

Android itself does not include exFat/Fat32/MTP (Although the reference distribution of Android has hooks for these to be installed if the manufacturer wants, as does every Linux distribution.)

Google doesn't pay for this at all, because it is the device manufacturers that pay a secret amount to include these features. People want a easy way to move a mountain of music onto and off of their phones, and most of them only understand getting out a cable and plugging into a USB port.

Of course they could release the phones with ext3 or just about any other free file system, but then they would have to release drivers for all versions of windows. Microsoft has consistently refused to support ext(n) in any version of windows. (ext2/3 support is available from third parties, but Microsoft forces you to turn off driver signing in order to use it, and they refuse to allow third party ext drivers to be signed. )

One of these days Google will buy incorporate it into Android, and disabuse people that you need to plug your Android into any PC just to move media.

Re: Price?

[hairyfeet]

Flag on the field, 15 yard penalty for "magical thinking".

Would you too like to know how to write a Linux virus in 5 easy steps icebike? Its trivial and uses the exact. same. methods. that the Windows viruses use, in fact it would be quite trivial to make them cross platform! Oh but "that wouldn't work IRL" you say? Might want to tell that to the owners of all these infected Android systems. BTW please note the date of the second article, last figures I saw now had the number of infected over the million and a half mark but since I couldn't find a reliable source for those figures and didn't want anyone saying I'm picking facts I went with the older article.

Go ahead and try the first article for yourself icebike, you ARE running Linux, correct? It has step by step instructions and works just like the "KDE Look" bug that spread through the KDE community did a couple years ago. When you do and see that they infect the system just fine maybe then you'll accept that Linux security is security by obscurity and realize these companies buy windows FOR A REASON and its because you have one company to call that is in charge of the whole stack. Oh and don't bring up servers, those are stripped to the bone, have nothing running that is not absolutely required AND locked way the hell down. I can do the exact same with Windows embedded and NOT have to rewrite a couple hundred grand to a couple million in code to work on an OS that is unsupported unless I write big checks per unit to Red Hat.

Sorry icebike but no matter how you slice it? Your math don't work. if it did these banks would be happy to switch, think they have ANY loyalty to anybody but their own bottom lines? But just as al the retailers large and small refuse to carry your brand in house because they have found it wanting so too has the financial sector tried your OS and with the exception of a few server roles its been passed on.

Re:Price?

I think you need to get your head checked. You obviously have no idea how ATMs work. ATM's use standard motherboards with daughter boards for the ATM Hardware. The "ATM NICs" are everyday NICs. The only thing that is encrypted is at the customer keypad and the data sent over the network. HAHAHA You are dumb... You lose.

Re:Price?

[Dan541]

Because corporations want something that works. Not something they need to build themselves.

Re:Price?

[icebike]

So clearly you know nothing about Linux either.....

Re:Price?

Those ATM NICs are proprietary and use certified encryption, so it's not even just a case of hacking some code together, it needs expensive certification as well.

Nope, I have an ATM right here in my lab. It uses two Realtek 8169 NICs. It does have proprietary hardware for the cash safe and receipt printer, which is kind of irrelevant, because the safe can be instructed to dispense bills without any signed authorisation from an external system (an idea I have been trying to convince vendors to implement to increase security). Both connect via USB (along with the keypad/pinpad, which is just an HID keyboard), and the mainboard is just a standard industrial formfactor x86 machine.

Any "certified encryption", if it is certified, is just software running on Windows as a DLL. Certified encryption usually just means that the crypto is implemented according to spec, and erases keys and intermediates from memory after operations. It doesn't provide any assurance that the crypto is free from side-channels, DPA, or can't be invoked by an attacker because of poor implementation outside the crypto module (which is also true for hardware crypto devices).

Given their track records, I wouldn't count on the security of either Linux or Windows, particularly Linux as delivered by major commercial distros (I won't name names, because it wouldn't be fair if I omitted one, they all have lousy track records).

The problem is just the same, for both, why are they putting full desktop/server operating systems in such a simple purpose device. Even considering the multimedia/promotional features modern ATMs have, and the network implementation, the feature set is extremely limited and really doesn't warrant the non-negotiable complexity and unused functionality that comes bundled with desktop operating systems.

To Quote Bell:

The cheapest, fastest, and most reliable components are those which aren't there.

Unfortunately a principle that has fell out of favor.

Re:Price?

[Dan541]

Why use Linux when you can use Windows? There are good reasons business pick Windows over Linux namly that it's a complete solution that does everything they require, the same cannot be said of Linux distros.

Re:Price?

[anubi]

I was surprised upon finding out banks actually would use something with the hacking history of Microsoft in a critical application. Microsoft has done a good job being everything for everybody - however one faction often buys benefit at the expense of another faction.

Often its the customer that takes the hit for things some special interest wants put into the OS, like "secure" backdoors for remote product monitoring and control. Problem is these backdoors, put in for one special interest, are often used in other nefarious ways. Note the Micrium code is wide open. It is not open source code - they still want me to license each copy. I have absolutely no problem with that. Companies like NetBurner will even pre-install the Micrium code and handle the licensing of the code as part of the price of the hardware package. Makes for a beautiful user experience as the modules perform predictably - for me like a very powerful Arduino. ( Yes, I love Arduinos too - but they are like comparing a toy scooter to a Mack truck when it comes to anything heavy - however they both share many common control protocols... and I do love C++ ).

Maybe I am just being a snit, but there are a few things that I can get real snitty on. I guess its because I usually assume responsibility *personally* for the stuff I design, and I take it quite hard to to think of using substandard components on a critical design. I would have thought banks would be using some very specialized software they wrote themselves or had some highly responsible organization ( Tandem? ) to code it. In my own opinion, Micrium and Wind River OS products are the tool to use for something like an ATM. Its what I would use for industrial controllers if I still had a go at it.

Re:Price?

[turbidostato]

"Even if you went with Linux... it's not like Linux kernels are necessarily supported indefinitely for free either."

But of course not. That's not the point.

The point is that they are now going to pay for support AT A PREMIUM RATE because, being closed source, there is A SINGLE PROVIDER, which has decided to take advantage of its monopoly position to abuse their customers.

Re: Price?

[Kalriath]

Microsoft has consistently refused to support ext(n) in any version of windows. (ext2/3 support is available from third parties, but Microsoft forces you to turn off driver signing in order to use it, and they refuse to allow third party ext drivers to be signed. )

Bullshit. In fact, the very link that you provided states in the feature list: "Includes drivers with a digital signature for Windows Vista x64"

Wait, wait.. so according to you Microsoft refuses to allow ext* drivers to be signed, and as evidence you link to a signed ext* driver?

That's ... um ... some serious denial of reality.

Re:Price?

[Kalriath]

No, they don't, they actually don't give a shit. You know why? Because XP Embedded (and Windows Embedded) is practically free, and easy to work with.

Face it, not everyone is so desperate to move to Linux that they will abandon decades of development and rewrite everything just because you think Microsoft is evil.

Re: Price?

[Kalriath]

Don't bother. This guy's got such a case of head in the sand that if he ever took it out, he'd be coughing up dirt for months. Unless you're extolling the virtues of The Almighty Linux he's just going to tell you you're wrong.

Re:Price?

[Kalriath]

Except for the disgustingly massive per-processor support charge from Red Hat or Canonical or whoever of course (seriously, if you have access to Volume Licensing, Windows is literally cheaper than Red Hat. I've seen the pricing).

Re: Price?

[cheesybagel]

In the case of Apple they probably do patent cross-licensing with Microsoft so in the end it doesn't cost them a dime.

Re: Price?

[cheesybagel]

Lots of which are being replaced by laptops and mobile devices. Most of the mobile devices run either Linux or some other UNIX like OS.

Re:Price?

[cheesybagel]

Use e-mail. It works for me. I've talked with RedHat engineers on IRC and by e-mail and they fixed my issues. Plus I did not pay a dime.

Re:Price?

[cheesybagel]

Of course I had an automated procedure to replicate the issue which is something a lot of people don't bother doing.

Re:Price?

[bbsalem]

Anything that can run Windows 7 could run linux. Anything that can run embedded Windows 7 would have no problem running linux. Or OpenBSD.

I ran Knoppix 7.2 on a system with 256MB ot ram and Linux Swap areas in a vintage 1999 Celeron processor, no problem. This was tried about two months ago. So may Linuxes will run on systems that are too small for Win 7, even. We aren't even talking about how trim you could make the GUI for a single application. It wasn't too may years ago that you ran SunOS 4.1 on a Sun 3 with only 1 MB of ram, so running Linux on a system the size of your thumbnail isn't that far-fetched.

Re: Price?

Nope, they are afraid of customer facing Linux.

Even using Linux on POS systems is somewhat frowned upon. It's no surprise that MS software runs ATM systems because in the event of an issue, MS will send an engineer by helicopter to the site of the issue the same day.

It's not about the OS or it's security, it's about the speed of response vs the number of people you need to have on payroll. With Linux, there's literally not a single installation you can run without needing on-site tech support of your own hiring. Sure it scales great when all the servers are under one roof, but with MS and a decent contract, you can have systems all over the country and rest assured that once the initial price is paid, any issues will be MSFT's responsibility and they will deal with it quickly and effectively and cover thier own costs to do so. This is why MSFT is such a big business player. They provide you with 'failure insurance' of the highest degree with a very quick turnaround.

Re:Price?

[cheesybagel]

License costs, lack of complete control over the source code, you name it.

Re:Price?

[cheesybagel]

Now you're oversimplifying things.

Re: Price?

[icebike]

Another ignorant idiot.

Virtually everybody these days has linux running on site with no tech support at all.
Tell me, when was the last time you saw a tech support person show up to fix your wifi writer?
Guess what it runs. Linux.

Re:Price?

[swalve]

I'm not a MS hater, but it does seem silly to use an OS that everyone knows will have a limited lifetime. It seems like something like an ATM would be the EXACT place where one of the UNIXes or Linux would be perfect. Support as long as you want it and in the case of linux, support as long as you want to solve your own problems.

My other question would be, what support do they still need for XP? Haven't all the problems been solved?

Re:Price?

[swalve]

Chances are the software is old Windows 3.11 or OS/2 shit that they hacked to get working on 95, and then further hacked to get working on XP. They probably are legitimately at the end of the line.

Re:Price?

[swalve]

I can only speak to my tiny little microcosm of the world, but if I plug my Win 7 machine into my Comcast router, and IPv6 works just fine. Not so for Fedora.

Re:Price?

[jbolden]

Those are reasons for Linux but they the reasons of someone primarily focused on security.

Re:Price?

Linux is too big for this kind of application anyway. They'd be better off with something more auditable like OpenBSD or even L4 with a minimal complexity userland and GUI.

The Market?

If there is that big of a market why is nobody selling/buying a replacement OS already? Particularly one cheaper than windows.

Re:The Market?

Because Microsoft can be sued if they need to? Those defect insurance policies can run into the tens of millions. Not that it matters, since the banks that back the policy would be the ones suing, but this stuff is important if your industry regularly has to be feeding people as sacrifices to appease panicky investors.

Re:The Market?

[icebike]

Because Microsoft can be sued if they need to?

Ah, no. Not going to happen.
Your hardware, you installed the software,
You managed it for the last 10 years,
You probably didn't apply patches...

No way that ever gets a dime out of Microsoft in court.

Re:The Market?

[camperdave]

Banks wouldn't sue in a case like this. Banks would go to the government for a bailout.

Re:The Market?

Please, what JP Morgan wants, JP Morgan gets. The only ones the banks might lose too is the military. If they really want that money, they could have their partners use the voting rights on the stocks and get a new board, one that will pay out while smiling.

Re:The Market?

[sjames]

Nobody has ever managed to get money out of MS for bugs in spite of many billions in economic damage due to security problems.

Re:The Market?

[1s44c]

Nobody has ever managed to get money out of MS for bugs in spite of many billions in economic damage due to security problems.

Security, stability, reliability, and performance problems. Security isn't the only thing MS suck at.

Re:The Market?

Except that Microsoft clearly states in their EULA that you are not allowed to use Microsoft Windows in a mission critical applications. ATMs for a bank is a mission critical application.

If the banks sue Microsoft because their defective product causes all the ATMs in the world to spew out all the money. Microsoft just points out that the bank has voided the EULA by using Microsoft Windows on an ATM.

Re:The Market?

[jones_supa]

Actually all those things have seen massive improvements in Windows 6.x.

Re:The Market?

[Tha_Zanthrax]

It's Business Software. Companies in that business tend to aim for 'good enough' instead of 'good'.

JPMorgan == stupid?

Sure, let's just update our ATMs to another product that is going to go out of support soon. (Soon being January of 2020 - so they get maybe 5.5 years out of it depending on how fast they deploy). Heck, Windows 7 goes out of mainstream support and into extended in a couple of days less than a year...

Re:JPMorgan == stupid?

[Merk42]

Every OS has an EOL.

What about OS/2?

It seems every article that mentions OS/2 makes mention of how entrenched it is in ATMs...

Re:What about OS/2?

[suso]

It seems every article that mentions OS/2 makes mention of how entrenched it is in ATMs...

There is also a restaurant up the street from me that has the best burgers in town.

Re:What about OS/2?

I use a small bank with just a handful of branches. All their ATMs use OS/2.

Re:What about OS/2?

OS/2 was entrenched. The ADA a couple of years ago declared that all ATMs must have blind support. That meant adding sound. The OS/2 machines could in the main not support that service and as such were retired. It was a field day for NCR, Hyosung and Diebold with hundreds of thousands of new ATMs being purchased. These new ADA compliant ATMs were replaced mostly by Windows XP driven ATMs, with the promise that the ATMs could be upgraded to Windows 7 when it became necessary.

I have only been working with Diebold, but they are refusing to hire sufficient (or maybe any idk) additional hands to deal with the necessary surge in maintenance to upgrade to Windows 7.

All that being said, the XP ATMs are perfectly safe. They are behind some rather crazy firewalls. It would be rather difficult to get into them to take advantage of any potential problem. (The issue for the bank / ATM driver / card processor not being the loss of the cash, but rather the loss of the customer information.)

Hmmm. Better post this anonymously.

Re:What about OS/2?

[spazzmo]

Really, I used to play cricket once...

Re:What about OS/2?

I kinda got angry myself and I said, hahaha, gotta lot of guns hahaha, I like salad, I just ate a nice salad, baked potato, with some cream cheese and chives, you know I like just, I like to eat a salad

Re:What about OS/2?

[paugq]

No, sound support is not reason enough. OS/2 ATMs in Spain have blind support, including sound.

Re:What about OS/2?

[SumDog]

IBM dropped OS/2 support. No more patches or security updates. The OS/2 machines were very stable, but were also a dead end sadly.

If the Win95/OS2Warp war had gone differently, we might not have Steam for PC and Mac, but instead Win/Mac/OS7/Linux

Re:What about OS/2?

[paugq]

Bad reason, too. Serenity Systems is now the official (blessed by IBM) provider for patches, security updates, new drivers, etc under the brand "OS/2 eCommStation".

should have gone with a browser...

[johnjones]

I never understand why ATM's dont use HTML/SVG and then the OS is replaceable as a browser is the interface and a HTTP server security is well understood and network security would be part of a core competency

thoughts ?

john jones

Re:should have gone with a browser...

At some point you still need to interface with non-keyboard, non-mouse hardware -- a browser isn't going to solve that problem.

Re:should have gone with a browser...

[Dan+East]

Maybe they do now, but the ATMs in question are so old they are running a 12 year old OS. Do you happen to remember the state of HTML and web browsers 12 years ago? I'll give you a hint. They certainly didn't support SVG then.

Re:should have gone with a browser...

[DaHat]

HTML/SVG tend to be sandboxed to some extent... ditto for JavaScript... how do you propose your HTML based ATM interact with the card reader, cash dispenser, receipt printer or deposit slot?

ATMs are more than just a touch screen with a UI.

Re:should have gone with a browser...

[dantotheman]

Maybe they do now, but the ATMs in question are so old they are running a 12 year old OS. Do you happen to remember the state of HTML and web browsers 12 years ago? I'll give you a hint. They certainly didn't support SVG then.

HTML/SVG tend to be sandboxed to some extent... ditto for JavaScript... how do you propose your HTML based ATM interact with the card reader, cash dispenser, receipt printer or deposit slot?

ATMs are more than just a touch screen with a UI.

ActiveX controls running in IE 7

shiver...

Re:should have gone with a browser...

[ixidor]

right but thats the point, if the core app is html based any os should work. stick some linux or bsd on there to talk to the network card.

Re:should have gone with a browser...

[icebike]

I'd wager there is nothing in the typical ATM that a Rasbperry Pi couldn't handle.

Re:should have gone with a browser...

[johnjones]

HTTP server is local... browser is local !

Re:should have gone with a browser...

[deKernel]

Make a suggestion, get to know all of the crazy pieces of unique hardware that an ATM MUST support. Here I will give you a hint on just one: you know that clunky old 16 key keypad you see...well that does FAR more that just send key presses.

Re:should have gone with a browser...

[deKernel]

Then I would say you have wagered wrong. As I stated above responding some another persons uninformed opinion, the volume of crazy unique hardware in an ATM that you have to support might surprise you.

Re:should have gone with a browser...

Nevermind a Pi will reboot if you even think about static electricity.

Re:should have gone with a browser...

[ndykman]

My eye is twitching from some strange reason.

Re:should have gone with a browser...

Really? What else does it do?

Re:should have gone with a browser...

[sjames]

I'll bet the Windows7 install disk doesn't come with drivers for that crazy hardware either. If you're going to have to write the drivers anyway, the crazy hardware doesn't affect your OS choice.

Re:should have gone with a browser...

[Artifakt]

On some designs, a 16 key pad has extra pinouts which were originally intended to drive the circuits for Dual Tone Multi Frequency signalling built in (think of AT&T). These don't drive tone generators in ATMS, but they may reliably put out a square wave 1/2 second long pulse while the main pinouts are outputting a pulse of the length the finger stays on the key.
        On other designs, it has sensors to disable signaling when temperatures get above a certain value (think of the anti-fire security common on elevator keypads - this gets used on some 16 key designs because they also get used in door security systems, rather than them commonly being used in elevators, or people really worrying that an ATM on fire may start spewing money).
        Some designs used to incorporate the very same additional chipset used in soda machines so the owner could put those into maintenance modes (see "hacking coke machines"), and they let the ATM service tech run diagnostics by entering a reserved pin number or longer sequence, but I'm not sure if any of those last are still in use.
        There are rumors of radio frequency signalling built in, and sometimes actually used to get the pad signal to the servos it controls when the physical mounting for the ATM is in a sufficiently awkward location. I don't think those rumors are likely, but I wouldn't just assume they are completely bogus either. Alternately, I suspect the parent poster may be referring to various claims that the pads can be used to scan fingerprints and even to tell a live finger from a severed one, but these last are certainly urban legends.

Re:should have gone with a browser...

Who said they had to rewrite the drivers? Post this stupid basement-dweller shit AC rather than under your 4-digit ID.

Re:should have gone with a browser...

[sjames]

I'm presuming they had to write a driver at some point given that the hardware is crazy unique.

Now, I know you're REALLY self satisfied and it's hard for you to help it, but quit posting when you're woozy on your own farts.

Re:should have gone with a browser...

[wonkey_monkey]

So all you've done is split your software into two parts - the generic front end running in a browser, and a server which still has to support all of that mysterious hardware.

Re:should have gone with a browser...

[Lennie]

Ahh, but I assume the driver is easier to port from Windows XP to Windows 7.

Re:should have gone with a browser...

[HnT]

Because from the point of view of a bank these are not technical challenges and the decisions are not made by people who really understand all the technical details nor do these technical details matter that much. No, really. In banking you have some "standards" and ways how things "always worked" and many of those hark back to the "good ol' days" and the reason nobody changes any of that is because the whole recertification, documentation and roll-out processes involved in doing that could easily cost more than the actual technical project for doing it. So if there is no painful reason to do it, they will happily pay a bit to keep what they have instead of doing a full-blown replacement of everything.

There are a ton of regulations you have to be compliant to and all these old, crappy machines running old software were once modern when they got certified and ever since then everybody still sticks with them because of that and I don't think there are many competitor offering more technologically "sexy" solutions anyway since there does not seem to be a market for it. Just look at how many banking systems are still running on mainframes and were written in COBOL by the retiring breed of mainframe-gurus.

Re:should have gone with a browser...

PHP?

Re:should have gone with a browser...

Crazy unique hardware that Windows XP can easily handle?

Re:should have gone with a browser...

Umm because it actually needs to FUNCTION. HTML crashes constantly and runs incredibly slow. I don't want an atm that generates 50 watts of waste heat and need a reboot ever 15 minutes.

Re:should have gone with a browser...

[jbolden]

Just look at how many banking systems are still running on mainframes and were written in COBOL by the retiring breed of mainframe-gurus.

I haven't worked on ATMs but when it comes to COBOL banking systems I have. Those COBOL systems involve incredibly complex and arcane business rules that would need to be refactored. I've worked on national systems that have special rules for each country in California because the different counties want different information in their reports. The midwestern states have very aggressive bank regulators who want special information and compliances. This isn't a "because it is the way things are always done" but rather a boatload of exception handling.

Re:should have gone with a browser...

[deKernel]

Ah but when company A purchases that piece of hardware from company B, it is company B that is providing the device driver to company A. Now remember that company B is also selling that piece of hardware to other companies for many times different applications so company B just provides drivers for the broadest environment and guess what that is. At this point company A has a choice, do they devote resources to develop their own driver for their own special sauce OS (and please remember they will have to maintain that for the life of the product) or do you just go with the OS that the overall majority of your devices support natively. The numbers make it pretty darn easy sometimes.

Re:should have gone with a browser...

Let's see, from my own experience and observations, I'd say the hardware found in ATMs consists of varying models of some or all of the following: .- Pinpad, dedicated function buttons and/or touch screen .- Cash dispenser .- Barcode reader .- Slot for envelopes (or loose bills) deposits .- Card reader (both magnetic stripe and chip based) .- I dare say some might have modems, but it's safe to assume other dedicated network interface card would be available. .- speaker (i've seen some with headphone jacks) .- vault...maybe? .- security camera

never seen one with a Braille reader, but I won't discard it.

I'm not an expert on ATMs but there can't be all that much "crazy unique" hardware in them. Not the newer models, and not 12 years ago. Maybe 20 years ago, but that would have changed as productions volumes needed to grow.

And you can't tell me, seriously, that anything that can have a device driver developed for Windows XP or XPe, can't have a driver developed for Linux. It can't be too difficult for any of these companies that are top ATM manufacturers worldwide to put together a team of smart people with enough knowledge to create (develop, evolve and maintain) drivers, utilities and UI for ATMs around a linux kernel... because you just wouldn't take a standard linux distro and build your ATM software thing on top of it, or would you?

Re:should have gone with a browser...

[sjames]

ATMs are a bit of a rarefied field. There's not a lot of vendors and there' not a lot of customers, but the customers that are there are large volume. If JPMorgan et. al. say Linux drivers or else, they get Linux drivers.

Re:should have gone with a browser...

[sjames]

That's not necessarily a good assumption, the Linux kernel i very friendly to driver writers.

Re:should have gone with a browser...

[samwichse]

Easy, just add some ActiveX controls! That should make it safer!

Re:should have gone with a browser...

I have an ATM in my lab.

All that hardware attaches to the mainboard via USB.

You could indeed use a Raspberry Pi, if the ATM kiosk software ran on Linux.

I also have a Raspberry Pi in my lab, given the general flakiness of the RPi hardware, I wouldn't build an ATM around it.

Obvious choice I think

[Mateo_LeFou]

Windows XP is the only operating system stable & secure enough to handle sensitive transactions such as cash dispensing.

Re:Obvious choice I think

[abirdman]

Brilliant!

Re:Obvious choice I think

[wvmarle]

Well, in a way you may be right. WinXP is so old and so well understood now, that pretty much all possible attack vectors are known and can be defended against. Knowing your enemy is important.

Can't say that much of other OSes, like Linux or Win7. They are not as well known by ATM builders. And that's just the OS, not the software running on it and doing the actual work (interfacing with the user, with the bank, dispensing the money, etc), which would have to be rewritten from scratch (all of it, including the UI the drivers) if moving to Linux or BSD, and would need at least thorough testing if deployed on a newer version of Windows, with the drivers possibly needing a rewrite.

Re:Obvious choice I think

[wvmarle]

Not really, as it lacks a GUI, which is pretty mandatory for modern ATMs. You'd still have to develop a GUI on top of the MS-DOS system.

OS/2 had a GUI, which made it suitable for ATM use. Win XP as well. When OS/2 had to be replaced (which according to other comments had to be done because of lack of a sound system, which sounds odd to me as OS/2 would play sound just fine), Win XP was a reasonable choice. Linux, BSD and other open source systems might now be an alternative, back then they certainly were not.

However there are no technical advantages for an ATM of using Win7 over Win XP. Win XP is good enough, well understood, and the only reason to change is because Microsoft wants to stop support for commercial reasons.

Re:Obvious choice I think

[war4peace]

WRONG!
Not earlier than 6 months ago, I stumbled upon an ATM which was frozen in the process of booting up.
It had Windows 98 SE installed.
Now THAT'S what I call "secure".

Re:Obvious choice I think

[ninlilizi]

Not only ATM's.

Where I am even the robotills and vegetable weighing devices in the supermarkets are all running XP.

It's trivial to break out of the application and turn them all into dedicated solitaire terminals with the staff just looking on like scared rabbits which then pretend the machine no longer exist then trying to figure out how to handle the situation.

Re:Obvious choice I think

[ArcadeMan]

You say that as if MS-DOS wasn't able to output graphics at all. It's not like ATMs need complex GUI widgets, they only show text. All graphics could be stored bitmaps, the same way some games work and the result could be better than regular OS widgets too.

You could run an ATM with a freakin' Raspberry Pi, it would cost less than the license for Windows alone. Once you account for the hardware needed for Windows, it's just insane to go with Microsoft.

But I suppose banks don't care about losing money, the government will always back them up. Even if it's the banks who are screwing everybody including the government.

Re:Obvious choice I think

[wvmarle]

You can't run an ATM from just a Pi, you'll still need software for it. And that's for sure where the big cost is: everything must be really well designed and tested.

Windows..

[nurb432]

Is a bad choice anyway. Not just a Microsoft bash, but aside from all the security issues, windows is XP is a desktop platform, not a OS to be putting on dedicated devices ( even the so-called embedded version really isn't any more appropriate for this, don't let the marketing folks fool you )

An ATM should be running off a custom embedded OS targeted for this purpose, not a commodity OS.

Re:Windows..

[Em+Adespoton]

An ATM should be running off a custom embedded OS targeted for this purpose, not a commodity OS.

It is... it's called XP Embedded, as outlined in the summary. And yes, bank machines were a major target during XP Embedded's design phase.

Of course, it would make MORE sense to use an embedded OS where the banks/ATM manufacturers have full access to the source.

Re:Windows..

Is a bad choice anyway. Not just a Microsoft bash, but aside from all the security issues, windows is XP is a desktop platform, not a OS to be putting on dedicated devices

Thank you Mr. Fucking Obvious.

Re:Windows..

Of course, it would make MORE sense to use an embedded OS where the banks/ATM manufacturers have full access to the source.

why would that make more sense? what bank/ATM manufacturer wants to deal with operating system development and maintenance?

Re:Windows..

[alen]

from what i read bank machines are a major target for a lot of software products being used today

Re:Windows..

[erice]

Is a bad choice anyway. Not just a Microsoft bash, but aside from all the security issues, windows is XP is a desktop platform, not a OS to be putting on dedicated devices ( even the so-called embedded version really isn't any more appropriate for this, don't let the marketing folks fool you )

An ATM should be running off a custom embedded OS targeted for this purpose, not a commodity OS.

Who is going to write, maintain, and keep secure this custom OS?

The trouble with custom embedded OS's is that, in spite of the best intentions to limit their scope, they almost always need more features than can be written from scratch by a small team and be obviously secure. So they port code from more commodity OS's. Due to limited resources, the code in the embedded OS tends to fall behind. The porting effort can introduce bugs too that are non-obvious to the guy doing the port because he doesn't fully understand what he is porting.

Re:Windows..

[Kjella]

Of course, it would make MORE sense to use an embedded OS where the banks/ATM manufacturers have full access to the source.

OS/2 had its heyday in the early 90s, ATMs used it way into the 2000s.
XPe had its heyday in the early 00s, ATMs are using it way into the 2010s.
Embedded Linux has its heyday now in the early 10s, draw your own conclusions.

ATM vendors are extremely conservative, they tend to use platforms others already think are obsolete. They'll come along eventually, it's not like the cell phone market where you can flip the market upside down in 2-3 years.

Re:Windows..

Development and maintenance, perhaps not so much. Auditing, on the other hand...

Even if you don't intend to even look at the source, you can still run source-level automated tools for finding exploits and bugs and you can still check the binaries you get from the vendor to ensure they match the source you were provided.

Re:Windows..

[afidel]

What makes you think the banks don't have full access to the source of XPe? Major companies, governments, and many academic institutions have access to the Windows source code. Trust me, anyone forking over the millions for an extended support agreement with MS can get access to the source if they need to.

Re:Windows..

All of them ought to. They should be able to know that the software actually does what the vendor claims and nothing more. Without access to the source, you must have blind faith that the vendor isn't malicious at all: I hope your American vendor isn't colluding with the NSA or CIA doesn't have backdoors in the software.

Re:Windows..

[Your.Master]

The employee they hire to review the code might be compromised by the NSA or CIA. You have to stop somewhere, and if your core competency isn't software development, then you can't stop with yourself.

Re:Windows..

In the banking industry, code reviews aren't done by an employee -- they're done by a number of independent* parties with an internal review board of multiple accountable people set up to review *their* work and ensure that all the reports line up.

*they're still insiders, they're just not stakeholders in the program they're reviewing.

So you've got quite a number of people who have to be compromised here -- and this kind of review process also means that your code has to be solid -- because there's going to be a number of people wandering around who know exactly how it works.

This is, in fact, how ATM fraud in the EU got started, when some prior reviewers realized that their old jobs paid little for the long term, when they could easily make much more over the long term by selling out to organized crime.

Re:Windows..

[MightyYar]

We live in a society where account transfers are done by writing your name on a piece of paper which contains only non-secret information. If the banks can deal with that, then I think they can deal with an OS that might have some security vulnerability running on a machine that only contains a few thousand dollars.

Re:Windows..

[cavebison]

Of course, it would make MORE sense to use an embedded OS where the banks/ATM manufacturers have full access to the source.

Because a bank is much less prone to being hacked or otherwise leaking sensitive information than a major technology company.

Re:Windows..

[Em+Adespoton]

I presume this is supposed to be sarcasm or irony, but I don't get it.

The reason for full access is so that the people running the system have an understanding of what its doing and can do a thorough review. If they're hacked or leak sensitive information, that's their problem. But if they depend on a black box from a major tech company, they have no idea whether it has been hacked or not, until it's too late.

Isn't this headline kinda weird

95% of ATMs run Windows XP
%P of ATMs run Windows 95

Re:Isn't this headline kinda weird

[egcagrac0]

I see more ATMs running Windows 2000 than Windows 95.

I think Windows 98 and OS/2 still have a comparable market share, however.

Re:Isn't this headline kinda weird

I work with banks on their ATM testing (test automation software) and I only see WinXP. Where do you live that you see 2000, 98 and OS/2?

Re:Isn't this headline kinda weird

[egcagrac0]

Out and around.

Small numbers, of course - but there does seem to be the occasional old privately owned terminal in a convenience store...

yes, but...

"95% of the world's ATM machines are still running Windows XP

Yes, but what about the *automatic* ATM machines? Those are the ones I most am concerned about.

Re:yes, but...

[CannonballHead]

I'm actually more concerned with the those ATM teller machines outside of my bank.

Re:yes, but...

[Trogre]

Remember, kids, that acronyms are never to be expanded inline. Acronyms exist as an aid to memory and as a shorthand NAME for something.

Dwelling on perceived tautologies in using acronyms along with words contained within only seem to make OCD people feel smug and superior.

Re:yes, but...

Did you mean the OCD disorder people?

Re:yes, but...

Even worse then complaining about people being smug is someone complaining about those complaining and being smug. Who has the OCD disorder?

I found the right place to use the word ironic?

Re:yes, but...

I'm not entirely sure what you're trying to say, because you do not write clearly, but whatever it is I'm pretty sure it's wrong. I'm also pretty sure that your stating your own totally arbitrary opinion as some sort of natural law as if you're the acronym king.

Re:yes, but...

[CBravo]

Those with LCD displays or with those old CRT tubes?

Re:yes, but...

Are you sure it's not an automated ATM teller machine ?

Re:yes, but...

[egcagrac0]

CDO.

It's quite similar, but with the letters in the correct order.

Re:yes, but...

I makes people with Redundant RAS Syndrome really uncomfortable too.

Re:yes, but...

[David_W]

Either one... pretty much anything you have to enter your PIN number on.

Re:yes, but...

I'm sure the guys in the porn industry don't appreciate being called machines. I know they do the same robotic sequence girl after girl, day after day but they do have a life outside of work.

Go to 8

[cosm]

To hell with 7. Please put Windows 8 on the ATMs instead! I already love how ATMs do a wonderful job of selecting the wrong option for me after finally getting the card to take, only to then take me into the Spanish menu, spitting out a receipt, and then not accepting my card again while the line forms behind me! Metro can only enhance this lovely experience! Hell, add a kinect to it so when I flip it a golden salute it recognizes my input and doubles the ATM fee! Gotta keep up with the bank's great customer service these days!

Re:Go to 8

[CannonballHead]

Actually, how would Metro be a bad thing? This is pretty much exactly what Metro is meant for - one application, completely full screen, used with a touch screen ...

Re:Go to 8

[toygeek]

I don't know if I should be amused or terrified. This is strikingly similar to my own Windows 8 experiences.

Re:Go to 8

That, sir, was brilliant.

Re:Go to 8

yeah, that's funny...
but the tragedy is that it hits far too close to the mark...

signed,
disgruntled win 8.1 user

Re:Go to 8

[unixisc]

I know that you are being funny, but I too wondered - why not 8? It is more ideally suited to a touchscreen interface, which is what a lot of newer ATMs now use. So if they take that, they can run that probably for the next 20 years. Unless Microsoft gives 8 the same sort of support that they did Vista.

7 is an outdated OS as far as ATMs go.

Re:Go to 8

[RockDoctor]

it recognizes my input and doubles the ATM fee!

What is this "ATM fee" that you allow yourself to be ripped off by?

We had that argument back in the late 1990s ; people stopped using banks that charged ATM fees, the banks lost money and changed their behaviours, and voila, the problem was gone.

Well, almost gone ; there are ATMs run by non-banking organisations that still charge fees - 2-3% of the maximum transaction, and more for smaller transactions. I sometimes use one out of spite, running the software up to the point at which I am asked if I agree to the fee, then aborting the transaction. But that's done with malice aforethought, in the intention of driving the companies into bankruptcy. I hope there are many other people who do the same.

Let's go one better...

[djbckr]

Is the dispensing software is written in Java? Half kidding, and wondering at the same time.

Re:Let's go one better...

I worked for an ATM software development shop called Phoenix Interactive. The software we wrote was mostly C++, with some C mixed in to deal with updating the main software. The main ATM manufacturers (Diebold, Wincor, NCR) all only create Windows drivers (or did, 10 years ago when I worked there). The OS is locked down hard, while you may see the occasional blue screen, even if you had a keyboard plugged in you would not be able to stop the software from running or move it to the background without triggering a restart and a tamper alert back to the bank. Windows can be locked down just as well as Linux, it's just a royal pain in the ass to do so.

Re:Let's go one better...

The chip on the smart card runs java.

Re:Let's go one better...

[guytoronto]

It's all locked down hard until someone finds the key: http://www.bbc.co.uk/news/technology-25550512

Re:Let's go one better...

Well, apparently people managed to work around that:

http://www.extremetech.com/extreme/173701-atms-running-windows-xp-robbed-with-infected-usb-sticks-yes-most-atms-still-run-windows

Re:Let's go one better...

[Kalriath]

By booting off the USB. The OS is irrelevant if you have physical access and can run your own arbitrary code in place of it.

Wow.

I had no idea Microsoft had such a large share of the ATM market.

At least they have that to fall back on when this whole "mobile" thing doesn't work out for them.

Re:Wow.

[roc97007]

Yeah, there must be, oh, thousands of ATMs out there.

Re:Wow.

[camperdave]

Wouldn't surprise me if there were more ATMS than Windows mobiles.

Re:Wow.

[roc97007]

I'm a little surprised they're not trying to push one code base on PCs, tablets, phones, ATMs and Warships.

Re: Wow.

[VTBlue]

Most people who comment on Microsoft stories here are clueless about the company's product portfolio, customer base, policies, and competitive status. Not saying that you're one of them though >:)>

Re: Wow.

Most people who comment on Microsoft stories here ...

... will tell you Microsoft is the worst at every market for which they produce a product, that's why for the most part this site isn't taken particularly seriously in terms of honest technical discussion, its more about overly flamey/trolling of "the other camp", which is to say a competitor to the product/company the person uses. It is mostly (not totally) full of religious-types that associate themselves with a technology company and/or against a technology company and even specific devices.

It used to be about geeks discussing technology but these days the most popular stories are those that end up as flamewars:
iFans v Fandroids
Microsoft haters v Microsoft hater trolls
Every programming language is rubbish
NSA herp derp circle jerk
Republicans v Democrats

Re: Wow.

[ButchDeLoria]

What do you expect? Computing is dead.

Re: Wow.

[UnknownSoldier]

> Every programming language is rubbish

After you have some experience you realize

* Every programming language sucks
* Every editor sucks.

Some just suck less. The more experienced know better then to whine about it; dumb kids flame everybody who doesn't agree to their myopic view.

I throw this out there often

[TheRealMindChild]

As someone who has worked with Diebold, they have never have more than 3 programmers and they only use and have ever used Visual Basic. This is why their ATMs (and voting machines) are required to run Windows.

Re:I throw this out there often

[unitron]

What did they do before Microsoft came along?

ATMs were around in the early '70s when Gates was running something called Traf-o-data, what did they run on then?

Re:I throw this out there often

From what I can tell the first Diebold ATM was used in September 1978.

It probably used QBasic. I'm not really sure, I was using a VIC-20 around that time, IBM clones were too expensive.

Re:I throw this out there often

QBasic in 1978, eh?

Re: I throw this out there often

[ColdWetDog]

Midgets. Lots of midgets.

JPMorgan = helpdesk in Philippines & IT subcon

[Joe_Dragon]

JPMorgan = helpdesk in Philippines & parts of IT subcontract out (at least the field part is) and likely parts office IT as well.

Global Financial Collapse

Seriously? Windows on ATMs? Are they trying to have that acronym thought of as "Ass To Mouth"?

Re:Global Financial Collapse

[roc97007]

Actually, that doesn't worry me nearly as much as Windows for Warships.

Re:Global Financial Collapse

Actually, that doesn't worry me nearly as much as Windows for Warships.

You jest but the US Navy was (is?) using Windows as the OS for drive-by-wire hovercrafts. One bluescreened and ran out of control in San Franscisco.

~Demonoid Penguin (moderating)

Re:Global Financial Collapse

[YrWrstNtmr]

Ahhh....that meme is so tired. You do realize that wasn't a 'Windows' issue, but rather a crappily created application issue. IIRC, an input that allowed a zero (or null) value when it shouldn't have.
Or are you trying to assert that crappy applications can only be written for the Windows platform?

Re:Global Financial Collapse

[0123456]

Or are you trying to assert that crappy applications can only be written for the Windows platform?

The kind of people who pick a crappy operating system to run their applications also tend to write crappy applications.

Re:Global Financial Collapse

LOL did anyone else read that as "...Windows for Starships" ?? lol

Re:Global Financial Collapse

[westlake]

Actually, that doesn't worry me nearly as much as Windows for Warships.

The USS Yorktown (CG-48) was decommissioned in 2004.

Life goes on.

Re: Global Financial Collapse

[tleaf100]

hah,you wait til you come across the "special" version of 8Â1. windows for pentagon. or oval office office©

RELEVANT SIMPSONS

[Jeremiah+Cornelius]

https://xkcd.com/801/

http://www.nelson-haha.com/

Re:RELEVANT SIMPSONS

[ackthpt]

Ah, a good old Nelsoning is hard to top.

In other news...

Microsoft is still struggling to push it's shitty new operating system on customers and only new PCs and chumps have bothered. Many have skipped the 8(.1) bullshit and wait for the next release...

Seriously Microsoft. Get your shit together.

OS/2 Warp

[transporter_ii]

[O]verall, OS/2 failed to catch on in the mass market and is little used outside certain niches where IBM traditionally had a stronghold. For example, many bank installations, especially Automated Teller Machines, run OS/2 with a customized user interface.

http://en.wikipedia.org/wiki/OS/2

Re:OS/2 Warp

[exomondo]

OS/2 Warp was around in the 70s?

Re:OS/2 Warp

[nu1x]

You forgot the crucial "banks destroy peoples wealth".

no way

[Wormsign]

you never go ATM! ;)

Done timely/properly/affordably

[FuzzNugget]

They chose the wrong two.

Why XP?

[ukoda]

Yes, I am a Windows hating Linux user but the question is serious, not flame bait, why would they chose XP in the first place and why have they not moved to something else in the last decade?

With real cash at stake I would have probably started with a minimal BSD OS and just added the minimal graphics, comms and I/O libraries needed to support the main application. I'm sure others here have their own ideas of the best OS, most excluding Windows?

Re:Why XP?

[BlueToast]

Actually I would look at it from the other end of the spectrum. Real cash at stake? :D Sounds like "$$$ profit!" for some companies to me ;) By design? I don't know *tinfoilhat*

Yes, I am a Windows hating Linux user but the question is serious, not flame bait, why would they chose XP in the first place and why have they not moved to something else in the last decade?

With real cash at stake I would have probably started with a minimal BSD OS and just added the minimal graphics, comms and I/O libraries needed to support the main application. I'm sure others here have their own ideas of the best OS, most excluding Windows?

Re:Why XP?

Because that's what supported their existing stock portfolio, their backend systems and it's all the local community college interns knew how to deal with, at the time.

Re:Why XP?

[Billly+Gates]

Easy.

Visual Basic 6 support for those all so awesome apps that can down an economy hired by Indians from Craigslist

Re:Why XP?

[tftp]

why would they chose XP in the first place

XP was a very good choice compared to Linux as it was 12 years old. Cost of Windows ($50 per copy?) was entirely immaterial. The important things were maturity, support, features, and toolchain. Linux in the year 2000 was light on those. Where in Linux's Event Viewer is the Security Log? How many objects can be audited in Linux? In NT - a lot, and it all was available immediately. In the toolchain department even today autotools give you a horrifying experience compared to MSVC.

Developers of ATM took the most complete foundation for their work (the OS) and then added what was custom. If they started with Linux, or BSD, or DOS, they'd have to add far more - and the more you write yourself the more you have to maintain. If they started with Linux that would be kernel 2.0.x - and today we are on 3.x, with gigabytes of patches applied to libc and other essential components of the system. It would be extremely difficult to upgrade and maintain.

and why have they not moved to something else in the last decade?

Who is going to pay money for fixing what isn't broken? It's not broken even today, that's why they want to keep the machines running. It's pretty expensive to send engineers to tens of thousands of ATMs to upgrade them, since doing it remotely might be too scary. The hardware also probably went through ten revisions, so each ATM runs its own set of drivers that were customized to the hardware that is installed. Your upgrade task would require you to support all that old hardware - and that is a dead end job. Better to just keep the thing running until it falls apart, and then replace it.

Re:Why XP?

[GauteL]

XP was a very good choice compared to Linux as it was 12 years old. Cost of Windows ($50 per copy?) was entirely immaterial. The important things were maturity, support, features, and toolchain. Linux in the year 2000 was light on those.

So was Windows XP, given that it wasn't released until the autumn of 2001. Linux was already really quite mature in 2001 and pushed by some of the world's largest companies. You could get paid support from IBM for instance. The rest of your post is a buzzword-laden mess with handwaving and conclusions you completely lack the knowledge to make ... apart from the "not fixing what isn't broken"-part... that part is fair.

Re:Why XP?

[91degrees]

XP was just a consumer version of Windows 2000 though, and was quite happy working with the tools for NT4. Plus, I very much doubt they used XP from its release date.

The main reason companies use Windows is because it work. Sure, Linux probably does as well, possibly better, but it only needs to be good enough. A recognisable brand name is comforting to the execs who make this decision.

It's that whole "nobody ever got fired for buying Microsoft" thing again. And the machines do seem to have been pretty robust and generally secure for a good decade or so.

Windows is a bad idea

Various CS students around here target some nearby ATMs to try new hacks/exploits - some even get serious cash out of them...

At least go with something mildly secure that poses a challenge.

Software runs fine now

Didn't businesses keep Windows 3.1 running for years and years?

I saw one running on a PDP-11/05.

I recall seeing the insides of one ATM in that era. It ran on a PDP-11/05.

Re:JPMorgan == To Big to Fail

[plopez]

Meaning they do not have to be smart, efficient, or customer oriented. No matter how badly they screw up Congress will be there to rescue them.

JP Morgan

[Nethead]

About two years ago I was a field tech and would get service calls to JPMS. Most of the time it was just to move fax machines around or to make a jack live. Sometimes it was to try to get a PC to boot. There is SO much legacy cruft in the boot image of a JPMS desktop that it can take three boots just to get the damn thing stable. Some of the boot code even flashes by "DOS TCP/IP 1.0" as it goes by. They have decades of cruft to dig through to get those things anywhere modern. I have pity for the admins trying to roll this out, I really do.

On the other hand that damn image is used by hotshot investment brokers to transact multi-million dollar trades everyday. That image is a lot of their "secret sauce" that they use to make a shit load of cash. It's a tool that has made them trillions. I can see why they don't want to fuck with it. They would gladly have me hang around for a day at a few hundred dollars an hour (not that I was seeing 20% of that) just to make sure the hotshot could do his job. The hotshot's downtime cost them thousands of dollars an hour. Imagine having to roll out an image to 1000 hotshot desktops and have it fail for even a day.

That's a lot of incentive to keep the boat from rocking, whatever the cost.

Remember that a lot of that legacy code is interfacing with mainframes that are running code before the advent of PCs.

Re:JP Morgan

Remember that a lot of that legacy code is interfacing with mainframes that are running code before the advent of PCs.

[CITATION PLEASE]

I know there is loads of legacy code running about. Not many people debate that. However, I'd like citation on WHO, is exactly running mainframe, circa pre-80s to 90's, that is making billions a year in the investment trading market? I just can't see it! Legacy code, sure. Legacy mainframes, still in the loop? They wouldn't be able to handle HFT, and communicate with the NYSE. Sorry, but I just don't see it, so, cite that please!

Semi-cool side-bit: ISP I worked at a decade ago, bought a boat load of 10/100 24 and 48 port switches that were removed from the NYSE in the late 90's after upgrades. I have one sitting in my room, even as I type this!

Re:JP Morgan

[KingOfBLASH]

Not as if badly designed software which is just "secret sauce" couldn't ever result in a massive, multi-million dollar trading error

http://en.wikipedia.org/wiki/Knight_Capital_Group

Re: JP Morgan

[tleaf100]

er.according to a bbc radio program just aired very recently in the uk,at least one of our major uk banks is still mostly run on cobol,with some kit dating from the 1960's. trying to rack my memory and google for more info,will put link up later if i find it. am alomost certain it was a daily radio 4 consumer program called you and yours,but it may have been a science/tech program. this tablet im using is not very good though.so will get one with search. its a scary thought knowing what we rely on everyday.

Re:JP Morgan

[knarf]

Apart from lowering the expletive count in your prose I'd suggest those 'hot shots' would have been much better off paying someone 'a few hundred dollars an hour' to cobble together a new boot image minus all the cruft which had accumulated in all those years. They could have run this boot image in parallel in a simulated environment for a few weeks to months to iron out any glitches, then run it live on a number of 'hot shot' seats, then roll it out to the floor. It would have cost money but it would have been money well spent. It is possible to interface to older systems without needing to run 'DOS TCP/IP 1.0', especially since those older systems are much more likely to talk some SNA-related dialect than that new-fangled 'internet protocol'.

Re:JP Morgan

[Kalriath]

Actually, they would be able to handle HFT because if there's one thing COBOL does well, it's lightning quick handling of financial data.

Re:Galactic Financial Collapse

How about Windows for Rocketships?

I think we can all agree that space tourism will be stressful enough without wondering whether the right drivers are installed.

Let me laugh even harder...

All that being said, the XP ATMs are perfectly safe. They are behind some rather crazy firewalls.

Nope.

http://www.extremetech.com/extreme/173701-atms-running-windows-xp-robbed-with-infected-usb-sticks-yes-most-atms-still-run-windows

And another successful attack vector using Plotus http://www.atmmarketplace.com/article/221087/Mexican-ATMs-fall-prey-to-new-cyberattack

Successful malware attacks (both gaining access to the local cash and screen scraping and keystroke recording of customer information) through ATMs have been going on since 2008 and Diebold would most certainly be well aware of this, even if they are choosing not to bring it to your attention.

Re:Let me laugh even harder...

[KingOfBLASH]

Mod parent up!

Re:Let me laugh even harder...

They booted those systems off USB in order to rob them.

If you give somebody physical access to hardware that will boot off arbitrary media, it doesn't really matter what the underlying OS is. It's not because they were running XP, it's because they had USB.

Re:Let me laugh even harder...

If you are able to create a full ATM system to run from a USB stick, then you can do it at home.

The ATM OS should've been protected from USB attacks aswell as network and other physical attacks, but they were not. The ATM OS was infected, it was infected because there was a security fault, not because it had USB. You can of course make any OS to be vulnerable to USB or any other attack, but XP is vulnerable from the box and they didn't fix that.

Re:Let me laugh even harder...

[Kalriath]

Uh, what the actual fuck. If they were running Linux and configured to allow booting off USB the exact same thing would happen. The operating system on the machine is irrelevant if you can boot an arbitrary one off removable media.

2.2 million.

[westlake]

Yeah, there must be, oh, thousands of ATMs out there.

2.2 million.

Average amount of time a new ATM machine is installed --- 5 minutes ATM Machine Statistics [2012]

Automated teller machines (ATMs) (per 100,000 adults) [2009]

US 173
Canada 205

And in 3 years time to start over!!

[Billly+Gates]

Windows 7 EOL will start LOL.

That's what you get for waiting until the last minute. Many corps won't see it as a 8 year old OS but a 3 year and will throw hissy fits like the XP ones are now

Re:And in 3 years time to start over!!

[afidel]

Windows 7 embedded is supported through July 27, 2025, that's one reason these kind of applications have flocked to MS, they offer longer support than even IBM for a given OS release.

Comment removed

[account_deleted]

Comment removed based on user account deletion

MSMQ

[aviators99]

I believe MSMQ is used in banking a lot, and I wouldn't be surprised if it is used in ATMs, due to its robustness. AFAIK, there is no *NIX port for it.

Bit of a stretch to call it an embedded OS

[dbIII]

Even WinCE is a slow as a wet dog thing that drives up the cost of hardware required if you need any sort of performance. These things are big and slow on limited hardware.
Short term convenience and a perceived possibility of a reduced time to market won over utility with these things.

Well son I remember when they were all OS/2

[ToasterTester]

Blame IBM for killing off OS/2. I worked for one of the major banks and years after OS/2 died they were still running it because the main teller software ran on OS/2 and the company that created it rufused to port it to anything else.

The govenment monitors the banking banks and if someone came up with Linix ATM software that could pass govenment regulations and a ease migration path you'd probably see a mass move from XP to Linux. Because the banks what one does most the other do.

Living under a rock JP Morgan?

[fahrbot-bot]

JPMorgan is buying a one-year extension and will start converting its machines to Windows 7 in July; about 3,000 of its 19,000 ATMs need enhancements before the process can begin...

Um... Start converting 4 months after XP goes EOL? Did they *just* find out about the deadline? And why can't they start upgrading the other 16,000 systems? I'm pretty sure XP and 7 systems can be operated together...got one of each in my office - for testing.

Re:Living under a rock JP Morgan?

[afidel]

XPe is supported through January 30, 2017, heck even NT4 embedded is supported through August 31, 2014 =)

Not just ATMs....

[ub3r+n3u7r4l1st]

Went to a hospital a week ago that was newly opened late last year. All workstations are the Lenovo all-in-ones with the Windows 8 sticker on it. Guess what operating system they are running on now .... Windows XP Professional (at least that's what the screen saver said.)

I saw an IV infusion pump being rebooted by a nurse. I hear the famous chine of Windows XP shutting down.

Re:Not just ATMs....

IV infusion pumps? I was vaguely worried by the initial story but now I am scared!

Re:Not just ATMs....

[Kalriath]

I actually work in a hospital, and I can tell you with certainty that things going wrong with that sort of hardware is vanishingly rare, and the medical professionals are trained to react quickly to protect life if the computer system does fail (and in reality, chances are greater that the power grid will fail and the operation have to pause for uninterrupted power to kick in than the computer randomly crashing). Even the MRIs and Linear Accelerator monitors are running on Windows XP these days (bar the OBIs which actually drive the accelerators - those are not commodity hardware).

And it crashes...

That got me into an unpleasant situation when I was traveling in Almaty, Kazakhstan last year. The ATM I was using ate my card for no apparent reason (I was quite sure I entered the correct PIN), rebooted with the usual XP start-up screens and got stuck at some point. I went into the bank, asked the manager for help but he seemed reluctant and asked to check my passport. Come back tomorrow, he suggested. When I pressed on for my ATM card, he, with the help of another hot lady staff of his choosing, tried to persuade me into buying "gifts" of commemorative coins that cost at least 100 USD each, even asking about how much $$ I had in my bank account.

After what seemed like an eternity listening to all that spiel about exorbitant coins, I insisted to have my ATM card back and that I needed money to buy my train ticket out of that city. I must have spent at least half an hour in that bank. He finally relented, unlocked the machine, and retrieved my ATM card in a matter of seconds. He handed me my card and shook my hand.

In parting, feeling rather distraught from the pressure tactics, I think I said, "Your ATM runs Windows, and it hangs. You should change it to something else." I'm not sure if he understood me.

windows?

I thought ATMs ran custom software made in C, C++, or COBOL built into their ROM/firmware. I learned something new.

xp embeded

[tleaf100]

ahh,thats handy to learn that xp e is good until 2016,so is there anyway to transfer security updates from an xp embedded install to an xp install ? as by chance/luck,i have two licenced xp e usb drives in my odds and ends bunker,handy,but been in bunker,unused,for last 3 years due to lack of funds and lethargy for a project i have/had. bound to be several goodvreasons why it cannot be done with security updates,but can anyone work out how it could be done.all my installs areclegal/licenced so its only slightly iffy.

Why is this a problem?

[Spy+Handler]

On a physically secure machine (ATMs with heavy gauge steel armor on all sides) that's not connected to the internet.... who cares if it's running an old OS? They could run DOS and Win 3.11 for that matter without a problem.

Re:Why is this a problem?

[1s44c]

On a physically secure machine (ATMs with heavy gauge steel armor on all sides) that's not connected to the internet.... who cares if it's running an old OS? They could run DOS and Win 3.11 for that matter without a problem.

Well there was that story about criminal gangs sawing though that steel and cracking the machines with USB keys. They made many millions.

Re:Why is this a problem?

[tgv]

Someone actually managed to make an ATM run sofware from a USB stick and dispense money. That's one of the many things that's wrong with it.

Re:Galactic Financial Collapse

[ButchDeLoria]

Didn't Windows For Rocketships cause the Challenger explosion?

In other news, 95% of the morons in the world

Insist on calling them ATM Machines.

The real question is: Is an Automatic Teller Machine Machine a machine that dispenses Automatic Teller Machines?

If so, can I borrow one?

A decade

You've known this has been coming for more than a decade. Why was the plan to upgrade several months after the deadline?

M$ should charge a lot for those who wants XP.

[antdude]

Since some people don't want to leave XP and still want support, M$ should just charge very high prices to those users. Banks and other companies are rich. They can afford it. M$ would have another way/source to be rich! ;)

Windows 7?

[mtthwbrnd]

The fact that they are upgrading to 7 just goes to show what a complete piece of crap Windows 8 is.

Also the problems are different

[Sycraft-fu]

ATMs don't have to worry about viruses n' such generally because users can't get at them. You can only use their custom interface, you can't surf the web with them. There also isn't USB access (or rather shouldn't be, I'm not saying there has never been a stupidly designed one). So a lot of the threats you'd face on a normal desktop don't apply.

Plus there's the unequal relationship with the bank, in that an ATM trusts it completely. They don't actually process your account, they just send data back to the bank, via special purpose built encryption cards. It hands off what you want to do to the bank, which then tells it what it can do. It doesn't deal with data security in a normal sense.

So what the OS on an ATM does is present a user interface to the users, and communicate to the hardware (the encryption device, the cash dispenser, that kind of thing). Hence their concern is something that is easy to develop a UI for, and supports the devices in the system. Not something that is hardened against security issues since that really isn't a problem in the way it is used.

Re:Also the problems are different

ATMs don't have to worry about viruses n' such generally because users can't get at them. You can only use their custom interface, you can't surf the web with them. There also isn't USB access (or rather shouldn't be, I'm not saying there has never been a stupidly designed one). So a lot of the threats you'd face on a normal desktop don't apply.

...except for the ATMs with a "hidden USB interface" that's been used to inject malware recently. I wonder if those machines were made by Diebold....

Why does it matter?

[Urkki]

Why does this matter? Surely the ATM machines are not in the public internet, or the regular internal network of the bank? Surely they are firewalled from each others too, so compromising one can't compromise the others?

They're embedded systems, in isolated environment. Once they work, why do they need OS support (other than updates to software when protocols and company logos change)? And if they do need OS support now, it'd be better to just change the network infrastructure so that they no longer need it.

Re:Why does it matter?

[unixisc]

But don't they need internet access to confirm whether the accounts that people are withdrawing money from actually have sufficient funds? Not public internet, but they have to be able to establish, say, a VPN w/ the bank whose ATM card has been scanned? And their transactions have to be reflected in the banks records, which could presumably involve accessing the bank's network.

I think issue here is that if an ATM stops working, the banks don't want to have to then find out that XP ain't supported. Therefore, it makes sense to either extend the support, or look at migration options.

I just threw up a little

[BringsApples]

How has no one taken this, what would appear to be a nitch market (writing an OS for ATM machines), and done something with it? I mean hell, my oldest cell phone had more operations than an ATM. How did it do that without windows?

I think any OS is good

[m.alessandrini]

I guess an ATM machine has not a browser, or a WWW connection, or useless services listening on some ports, neither a real keyboard to inteact with it, so a designer should be a super-moron to be able to catch a malware on such a machine.

Re:I think any OS is good

[m.alessandrini]

And by "catch" I mean "be caught by" (sorry for my english)

Why?

The interesting question here is why ATMs are running Windows at all?

I think I understand now

[dbIII]

From one of your earlier posts:

coal fly ash, which is more radioactive than nuclear waste

Thus utterly stupid lies to seek attention.

I don't know what's wrong with you but please leave us out of it.

Re: I think I understand now

[VTBlue]

That was paraphrasing for Secretary of Energy Dr. Chu. Though I should correct the record and say that i mistakenly said nuclear waste instead of nuclear power plants. All in all fly ash is still horrible and a serious health hazard.

http://www.treehugger.com/corporate-responsibility/whoatms-who-on-obamaatms-green-team-stephen-chu-secretary-of-energy.html

Re: I think I understand now

[dbIII]

Nice backtrack.
Care to backtrack your FUD about non Microsoft operating systems?

All in all fly ash is still horrible and a serious health hazard.

Actually no, but don't let the fact that the person you are replying to actually having seen a lot of the stuff when it's very clear that you don't even know what it is get in the way of your childishness.

Re: I think I understand now

[VTBlue]

No because it's not FUD. Large scale Commerical Linux users do open themselves up to lawsuits and legal fees in patent lawsuits. It's plain and simple. I'm not saying it's right, or Linux sucks, or arguing the technical merits. For customers like JPM, using Linux is appropriate for somethings but using it for a ATM network is not an automatic slam dunk as Icebike seems to imply. Anyone who supports Linux commercially knows this. Customers such as banks do assess risks on non-technical factors when examining technology choices.

Re: I think I understand now

[VTBlue]

I'll take the word of a respected physicist over some commenter on slashdot when it comes to coal fly ash. Hell, for you, I'll even take the word of Wikipedia over yours as a sign of how little I respect your contribution in this discussion thread. You're an asshole.

Re: I think I understand now

[dbIII]

You misquoted him and it's also not his field anyway. I encourage you to go to wikipedia and you may get some idea of what I've written about.
As for the divide by zero error about emissions - what sort of idiots do you take us for?

Re: I think I understand now

[dbIII]

Your ticking me as "foe" when I pointed out what you are up to really shows what a petty little game you are playing.

Re: I think I understand now

[VTBlue]

As far as I can see all you've written are comments calling me a liar and negating every factual argument I've made in this thread with essentially, "you don't know what you're talking about" type response that borderlines flamebait. You think I'm spreading FUD. Any rational reading of record will show I'm right. I'm personally against software patents but that doesn't mean that today commercial Linux users arent at risk for legal claims.

Linux can be free as in beer for some users, but for many commercials users, Linux is not free, and at best is free as in puppies.

Re: I think I understand now

[VTBlue]

Btw it's not really a major backtrack, that comment was made ages ago and was corrected after the fact. See page two. Bottom line Nuclear > Coal.

http://www.scientificamerican.com/article.cfm?id=coal-ash-is-more-radioactive-than-nuclear-waste&page=2

Re: I think I understand now

[dbIII]

Come on now. I don't need to read any Alex Gabbard derived propaganda (Oak Ridge administrator who wrote the "terrorists can build nukes out of fly ash" bullshit that kicked it all off) and neither do you. You can look at a reliable source of where coal came from to see how stupid the suggestion is. You can then look up the composition of the most radioactive coal on the planet and calculate how many hundreds of thousands of tonnes you would need to extract enough material to get the famous "banana dose". You can then consider the average, and see that it's actually less than average background radiation due to being made of mostly very old organic material with isotopes of half lives that mean very little remains after millions of years. The impurities after that are really just sand, so obviously you end up with something containing small amounts of sand so significantly less radioactive than sand.
The very funny thing is that you and I are far more radioactive than fly ash. You have either been conned or are lying to push an agenda and taking advantage of the younger readers here that cannot see your various piles of bullshit for what they are.
I don't see why we should let such misleading rubbish go unchallenged. It's supposed to be a technical discussion site after all. We are not supposed to mislead the kiddies for some sort of political end.

Re: I think I understand now

[jedidiah]

> No because it's not FUD. Large scale Commerical Linux users do open themselves up to lawsuits and legal fees in patent lawsuits. It's plain and simple.

You repeating it over and over again like a toddler doesn't make it any more true then when you said it before.

Clearly, the use of XP here doesn't demonstrate that JPM is afraid of patents. What they are afraid of is ANY CHANGE. They are a large risk averse company and they haven't been successfully sold on making ANY change to their ATMs.

Patents have squat to do with it. Even "brand loyalty" doesn't have anything to do with it. Otherwise they would be running a newer version of Windows.

Re: I think I understand now

[VTBlue]

I never said that my reason was THE reason JPM chose to extend XP Embedded. I simply one possible viewpoint to consider. I posed the question and people are going off on the thread as if I'm loading the question, I'm not. I agree with you that JPM's decision to extend is more about any change rather than upgrade cycles.

As far as the FUD viewpoint I'll quote This post that sums up what I'm getting at: http://www.linuxuser.co.uk/features/the-litigation-business-the-free-software-column

"In many cases, the cost of contesting a patent, searching for prior art and the recruitment of lawyers, is prohibitive and a distraction, so a settlement is made without recourse to the law and the validity of the patent is never contested.

Owning your own patents as a bargaining chip is no defence against a troll. Far from encouraging openness and the spread of ideas, the cumulative effect of the patent industry is to stifle innovation â" and to limit technological exploration to those who can afford a roomful of lawyers."

Ironically...

[Viol8]

... an ATM would be one of the few places where Windows 8 would probably be a good choice. Just have a touch screen that lets you flick through a few limited options represented by large square icons (or whatever they're called) instead of pressing buttons.

Re:Ironically...

[unixisc]

Precisely! And an ATM interface - just have keypad as well as the options - deposit, withdrawal, statement,... - needs such a few things that 8 can easily handle it. Just need to ensure that there are no other apps running in the background. In fact, Windows RT could be perfect for this use - and ATMs could start using ARM based boxes.

Re:Ironically...

[mtthwbrnd]

You still see the "blue screen of death" on ATM's occasionally. I would swear that some of them are running Windows 95.

SteamOS

[PsyMan]

Convert them to SteamOS, I can buy hats while I am waiting for a balance update.

Linux in ATMs

The biggest brazillian bank uses linux in all its ATMs. The machines are very user friendly and have touch screen.

Time to bring back OS/2 eCom Station

[gelfling]

A great niche application for the venerable old girl.

Of course you are - and not just once

[dbIII]

comments calling me a liar

Yes and add namedropper putting false words into the mouth of an authority you are appealing to if you want some precision.
Meanwhile I gave you your example of a very large risk averse company to counter your utter rubbish and got nothing back but insults. Certainly no "factual argument" - just pretend ones from made up misquotes. Don't bother to try to claim credit for what others wrote in something you linked to either. Why should I bother to read it after you were trying to pull the divide by zero trick?

I'm personally against software patents but that doesn't mean that today commercial Linux users arent at risk for legal claims.

Not being born yesterday I can see damning with faint praise for the weasel trick it is.

So no reply about Haliburton's last decade with linux? How about I raise you IBM?
Care to backtrack now that you have been caught out again or are you just going to ignore it again?

What?

[nightsky30]

FTFA...

Basically, since the year 2000, they’ve gotten pretty good at these kind of planned crises

Apparently not. If they had, the crisis would have been avoided all together. They would have upgraded by now.

If they ran OS X...

Would Apple get 30% of all withdrawls?

Give Linux some time.

[LubosD]

I work for one of the major ATM vendors in the world and replacing Windows with Linux has become one of the top priorities across the whole portfolio (which is now a lot of other things than just ATMs). The reason are obviously the costs associated with Windows licenses. And why are the ATMs and other hardware still running Windows? Old and *very* messy codebase that is hard to port to Linux. But it's getting there.

Re:Give Linux some time.

[hduff]

I work for one of the major ATM vendors in the world and replacing Windows with Linux has become one of the top priorities across the whole portfolio (which is now a lot of other things than just ATMs).

Good to hear as long as you don't leave unnecessary services, libraries, applications and backdoors in the Linux system to make it vulnerable.

And I'm surprised QNX never made any inroads in to this use.

Re:Give Linux some time.

[Kalriath]

Considering he's probably referring to Diebold, it will be a disaster beyond reckoning.

And the other 5% is still

Running Windows NT 4.0

Yes, mainframes are in the loop

[tekrat]

I work in the financial industry and I can assure you that mainframes are still in the loop, processing trades and generating reports, particularly commission reports for the brokers, but also breaks, and other reports that reference and affect millions of dollars in transactions, possibly billions of dollars.

Not only are mainframes part of the process, but the COBOL code does indeed go back into the 80's (I've seen comments in source that go back to at least 1983 -- and that's when they performed the first change to the code) -- some programs and jobs go even further back than that.

Mainframes are still being used because they get the job done and there's a huge investment in home-grown software that would require a significant expenditure to replace.

yeah....

from XP upgrade to win7. Gz.

aix

aix

Not just atm's

[bobjr94]

Most medical equipment Ive seen, even this year, still looks to be running XP. Everything from the front office computers, in room terminals to testing equipment like xray machine and imaging devices. Many retail stores still use XP on all their POS hardware, some smaller devices run xp embedded. Last time I bought tabs for my car, their system was running XP as well.

Not impressed.

[speckman]

For all the usefulness and commonsense my ATM experience exhibits, they could be running it on a retarded monkey with low blood sugar.

if it isn't broke

if it ain't broke don't fix.... oh... nevermind..

what does physical access to the inside of the atm

that dude

xp

what does physical access to the inside of the atm have todo with xp?

Banks Withdrawn on Outdated ATM Operating Systems

Banks Withdrawn on Outdated ATM Operating Systems
http://flatlinegov.wordpress.com/2014/01/19/banks-withdrawn-on-outdated-atm-operating-systems/