The method of final delivery (guys walking around with a staff, bell and mailbag in the middle of nowhere) reminds me of the book by David Brin, and the movie The Postman.
They're using XP as the OS at least in part because their cash dispenser maker provides them with a windows driver for it, so no low-level interface code required, just use the provided API.
As for programming languages, XP comes with a few different scripting languages that will interface with APIs as part of it's most basic install.
The biggest barrier here would be that you'd need someone with either general windows programming/device driver operation or someone with less knowledge, but access to the maker's manual. Of course, if they install the device's manual/readme as part of the windows driver (common practice) you wouldn't need all that much knowledge.
Also, windows programs (like the ATM software in question) tend to like to keep important values in the windows registry, or failing that, local.ini files. Presumably, some of those values being changed would seriously affect how the ATM software operates when the machine is restored to operation.
But I'd think the simplest answer would be to write a visual basic program to send a notification to the cash drawer driver to dispense money, then throw that program into an endless loop and wait for all the cash to come out.
Oh yeah, and if that's not enough, from a windows dos prompt, you can communicate codes using the lowly "echo" command directly to a serial or parallel interface, so again, if you can discover the proper codes to send....
We are now once again sort of out over our skis...
on
Everything and More
·
· Score: 1
"We are now once again sort of out over our skis, chronologically speaking..."
I think we're getting a bit dangerously ahead of ourselves, here....
"After recounting more than 13,000 absentee paper ballots, Northern California's Napa County reported Thursday that an electronic voting machine used in the March 2 primary election missed more than 6,000 votes."
Now that voting problems have actually had a big enough affect on an election to probably change the outcome, maybe some more attention will be paid in the press and the courts to ensuring that the voting methods used actually create easily auditable results.
The past problems have tended to be of the "well, it really didn't affect any final outcomes, so no big deal" type, which makes it all seem like a minor issue.
Yeah, it's like many RPG games, you can only have two gloves, two bracers, 10 rings, one headgear, etc... because that's all that will fit on your appendage.
I'll leave the reader to apply that logic to the parent post.
The problem isn't that the teams are all substandard, the problem is that (as documented in earlier Slashdot articles) the original qualification standards were set unrealistically high. Remember when everyone was complaining about all the extra hoops the teams have to jump through in order to qualify, making it seem like only a large company or university sponsored team could qualify? Well, all those hoops produced this result and they finally rethought it.
I don't agree with making the challenge significantly easier than originally planned, but there is more good than bad to be had by allowing more teams to at least try it!
The biggest problem (probably not mentioned in the book) with Amazon's web services is that they can't seem to be consistent about keeping it up and running reliably. Some days 80% of queries to amazon's xslt and soap services don't work.
BGP is a little less fragile than that, but not by much.
A well setup core router will protect your network from most bad announcements from your downstream clients, but if one of your upstream providers gives you the right bad info because their router has been screwed with, you're out of luck until a real person figures it out and takes the link down.
Then of course, all the outgoing traffic for that link cascades over to your others.... and now that many people are blocking snmp due to Cisco vulnerabilities it gets a little harder to figure problems out.
And of course, much of the incoming traffic probably still sees the downed link as a valid ASN path, and since that's beyond your control... yeah, you can get screwed pretty easily by one router on an upstream provider's network that misbehaves in just the right ways.
Truthfully, most major ISPs' NOCs are pretty fast to respond to BGP screwups, but problems caused by a mistake vs. problems caused on purpose with a little forethought and topology knowledge are two different beasties...
Exactly. Someone with knowledge of multiple "0day" vulnerabilities doesn't fit into what I'd call a script kiddie. They could be a kiddie, but "0day" and "script" in this sense are usually mutually exclusive.
I thought the script kiddies were the ones that didn't do any more cracking than search/download/copy-and-paste?
The people who actually know what they're doing are much more dangerous, generally on the grey to white side of the law and don't bother with DDOS on somebody's little website, since if they really wanted to, they'd just take entire nations' Internet access down.
I mean, I could think of a 1/2 dozen ways to wipe out a whole country's internet access completely for a day or two (no, I'm not going into details here, but if use BGP in your work life, you can probably think of a few also), but most people who've spent the time to learn at that level also are mature enough to realize that there isn't much of a point to wanton destruction.
Re:Correlation between memory and intelligence?
on
The Memory Masters
·
· Score: 1
Yeah, true intelligence isn't exhibited by someone memorizing a really long string of ones and zeros.
True intelligence is recognizing instantly upon hearing of the competition that if instead of memorizing it as a long string, you convert the binary to a decimal number, it's going to be a heck of a lot easier to remember. You just convert it back to recite it.
Why would someone memorize 101010 when they can just remember 42 instead? If hex is intuitive to you already, that's even better for long binary numbers.
Did the questioner do even a basic look around or search?
Re:Credit cards are free, why pay $200?
on
The Universal Card
·
· Score: 1
Yeah, my credit card companies charge the merchant for the priviledge of me shopping at their store, then they give me a kickback of 1% for using their cards.
Your credit card company should pay you money, unless you overspend and can't pay your balance every month, or have made commitments that you didn't keep, resulting in poor credit.
A better sample than you might think, since I simplified my comment a lot for brevity's sake.
Just about all the pages on my various personal sites check via javascript for spyware/parasite stuff the first time someone hits one of them (after that it sets a cookie) and gives them a little pop-up notification of what they have if it detects anything. That represents a check of ~20K new IE users/day.
I'd consider that a decent sample of the internet surfing windows using population, slightly skewed by my user demographics, which is about 20% more office surfers and less teens and home users than for most sites.
The actual stuff installed is skewed by the fact that not everything is locatable by a fast windows registry key search, so the actual percentage is likely to be a bit higher if you accounted for stuff that doesn't integrate with windows in that way, although I suspect in practice most people who have something that doesn't use the windows registry probably also have something that does.
I think it would be reasonable to place the actual percentage from 10% to 20%, since the biases seem to be in ways that would tend to reduce the number detected.
Naw, he probably doesn't do any admin stuff himself, so he decided to pay the local ISP (say, USI?) for "managed services" to take care of the Ping-power-pipe, OS and network stuff on a web server for him... that can run an idiot manager well over 25K/month for a three year contract for one Sun E-420R.
Of course, it's not like I'm speaking from experience about former (thank goodness) management at my company or anything....
Does anyone believe that if this was any organization besides the local Sheriff he wanted cash from to keep hosting their site, that the Sheriff's department would have arrested him for extortion with the exact same set of facts?
I think that's called selective prosecution, among other things....
Slashdot Mirror
The method of final delivery (guys walking around with a staff, bell and mailbag in the middle of nowhere) reminds me of the book by David Brin, and the movie The Postman.
How?
.ini files. Presumably, some of those values being changed would seriously affect how the ATM software operates when the machine is restored to operation.
They're using XP as the OS at least in part because their cash dispenser maker provides them with a windows driver for it, so no low-level interface code required, just use the provided API.
As for programming languages, XP comes with a few different scripting languages that will interface with APIs as part of it's most basic install.
The biggest barrier here would be that you'd need someone with either general windows programming/device driver operation or someone with less knowledge, but access to the maker's manual. Of course, if they install the device's manual/readme as part of the windows driver (common practice) you wouldn't need all that much knowledge.
Also, windows programs (like the ATM software in question) tend to like to keep important values in the windows registry, or failing that, local
But I'd think the simplest answer would be to write a visual basic program to send a notification to the cash drawer driver to dispense money, then throw that program into an endless loop and wait for all the cash to come out.
Oh yeah, and if that's not enough, from a windows dos prompt, you can communicate codes using the lowly "echo" command directly to a serial or parallel interface, so again, if you can discover the proper codes to send....
"We are now once again sort of out over our skis, chronologically speaking..."
I think we're getting a bit dangerously ahead of ourselves, here....
The first part of the story is about e-voting:
First paragraph:
"After recounting more than 13,000 absentee paper ballots, Northern California's Napa County reported Thursday that an electronic voting machine used in the March 2 primary election missed more than 6,000 votes."
Now that voting problems have actually had a big enough affect on an election to probably change the outcome, maybe some more attention will be paid in the press and the courts to ensuring that the voting methods used actually create easily auditable results.
The past problems have tended to be of the "well, it really didn't affect any final outcomes, so no big deal" type, which makes it all seem like a minor issue.
Usually the weaker the evidence, the more someone tries to insist they ar right.
If they actually have and present the evidence, there is no need to spell it out for you.
Yeah, it's like many RPG games, you can only have two gloves, two bracers, 10 rings, one headgear, etc... because that's all that will fit on your appendage.
I'll leave the reader to apply that logic to the parent post.
The Chinese government will probably solve any internal spam problem pretty quickly.
I mean, if you start by shooting all convicted spammers, the profession tends to stop attracting replacement members.
The problem isn't that the teams are all substandard, the problem is that (as documented in earlier Slashdot articles) the original qualification standards were set unrealistically high. Remember when everyone was complaining about all the extra hoops the teams have to jump through in order to qualify, making it seem like only a large company or university sponsored team could qualify? Well, all those hoops produced this result and they finally rethought it.
I don't agree with making the challenge significantly easier than originally planned, but there is more good than bad to be had by allowing more teams to at least try it!
The biggest problem (probably not mentioned in the book) with Amazon's web services is that they can't seem to be consistent about keeping it up and running reliably. Some days 80% of queries to amazon's xslt and soap services don't work.
Yeah, it's those evil corporations again, suing hardworking spammers and driving more jobs offshore...
Can't resist...
In Soviet France, musicians play You!...
I am now. :)
Of course, the good news is that my oldest younger brother now works for me as an Oracle DBA, so the strategy didn't just benefit my parents and me.
How to deal with tech support requests from parents?
That's what my two younger brothers are for! I just had to teach them enough so that I could send my parents to them.
BGP is a little less fragile than that, but not by much.
A well setup core router will protect your network from most bad announcements from your downstream clients, but if one of your upstream providers gives you the right bad info because their router has been screwed with, you're out of luck until a real person figures it out and takes the link down.
Then of course, all the outgoing traffic for that link cascades over to your others.... and now that many people are blocking snmp due to Cisco vulnerabilities it gets a little harder to figure problems out.
And of course, much of the incoming traffic probably still sees the downed link as a valid ASN path, and since that's beyond your control... yeah, you can get screwed pretty easily by one router on an upstream provider's network that misbehaves in just the right ways.
Truthfully, most major ISPs' NOCs are pretty fast to respond to BGP screwups, but problems caused by a mistake vs. problems caused on purpose with a little forethought and topology knowledge are two different beasties...
Exactly. Someone with knowledge of multiple "0day" vulnerabilities doesn't fit into what I'd call a script kiddie. They could be a kiddie, but "0day" and "script" in this sense are usually mutually exclusive.
I thought the script kiddies were the ones that didn't do any more cracking than search/download/copy-and-paste?
The people who actually know what they're doing are much more dangerous, generally on the grey to white side of the law and don't bother with DDOS on somebody's little website, since if they really wanted to, they'd just take entire nations' Internet access down.
I mean, I could think of a 1/2 dozen ways to wipe out a whole country's internet access completely for a day or two (no, I'm not going into details here, but if use BGP in your work life, you can probably think of a few also), but most people who've spent the time to learn at that level also are mature enough to realize that there isn't much of a point to wanton destruction.
Yeah, true intelligence isn't exhibited by someone memorizing a really long string of ones and zeros.
True intelligence is recognizing instantly upon hearing of the competition that if instead of memorizing it as a long string, you convert the binary to a decimal number, it's going to be a heck of a lot easier to remember. You just convert it back to recite it.
Why would someone memorize 101010 when they can just remember 42 instead? If hex is intuitive to you already, that's even better for long binary numbers.
As well as the obvious cookbook.com.
Did the questioner do even a basic look around or search?
Yeah, my credit card companies charge the merchant for the priviledge of me shopping at their store, then they give me a kickback of 1% for using their cards.
Your credit card company should pay you money, unless you overspend and can't pay your balance every month, or have made commitments that you didn't keep, resulting in poor credit.
A better sample than you might think, since I simplified my comment a lot for brevity's sake.
Just about all the pages on my various personal sites check via javascript for spyware/parasite stuff the first time someone hits one of them (after that it sets a cookie) and gives them a little pop-up notification of what they have if it detects anything. That represents a check of ~20K new IE users/day.
I'd consider that a decent sample of the internet surfing windows using population, slightly skewed by my user demographics, which is about 20% more office surfers and less teens and home users than for most sites.
The actual stuff installed is skewed by the fact that not everything is locatable by a fast windows registry key search, so the actual percentage is likely to be a bit higher if you accounted for stuff that doesn't integrate with windows in that way, although I suspect in practice most people who have something that doesn't use the windows registry probably also have something that does.
I think it would be reasonable to place the actual percentage from 10% to 20%, since the biases seem to be in ways that would tend to reduce the number detected.
Next they'll be wanting a special search index at Google like BSD users have...
... oh, that's right, there is one for Linux.
Naw, he probably doesn't do any admin stuff himself, so he decided to pay the local ISP (say, USI?) for "managed services" to take care of the Ping-power-pipe, OS and network stuff on a web server for him... that can run an idiot manager well over 25K/month for a three year contract for one Sun E-420R.
Of course, it's not like I'm speaking from experience about former (thank goodness) management at my company or anything....
Does anyone believe that if this was any organization besides the local Sheriff he wanted cash from to keep hosting their site, that the Sheriff's department would have arrested him for extortion with the exact same set of facts?
I think that's called selective prosecution, among other things....
I think the general rule of news organizations is now "If it bleeds, it leads!"
Slashdot isn't the exception to that rule.
"Man tries to charge Sheriff's office too much for bandwidth and gets arrested for it" isn't quite as exciting, is it?