Some rather unpleasant comments coming off of you lot.
The poor chap sounds like he'd had a bad decade, and this just topped it off.
When your business collapses overnight (which is what happened here), you're facing god knows how many lawsuits (which is what would have happened here) and the people you'd turn to for support are dead... Well, I'd imagine what follows are some rather sobering thoughts.
My heart goes out to his remaining family, and those of you modded "Funny" should go gargle some engine coolant.
By the way I agree entirely with you on the subject of voting machines, and on probably 99.9999% of other devices, but I understand the fraud "community" better than many others here, and while it would be nice to have openness, we're talking about motivated people who know what they're doing.
They don't give a shit about your idealism, they see weakness, they exploit it.
There are very few known ATM scams out there apart from skimming, that didn't require fairly intimate knowledge of the systems involved.
And as an idealist, I'm there with you. But as a pragmatist, this was a total fuckup.
Looking at it from a malicious perspective, if i knew a certain ATM brand ran Windows, I'd have a field day.
Why? Look online, anybody can learn to code for an XP machine, all the nooks and crannies where you can hide malware are easy to research, methods for bypassing anti-virus software are all public domain.
The ways INTO a windows machine are well known (we can assume this is running on standard hardware), be it via USB, CD, over the network (and remember, ps tools). All the tools for extracting/cracking windows password hashes are freely available, and was it up to date? Plenty of public exploits out there in the wild.
So Windows is out, because it's too well known. You can plan in advance how you'll attack the box, you can set up your own test bay (after all everybody can get their hands on a copy of windows), you can write the malware in your own time, and then, quickly infect the ATM when the time is right.
Are you telling me a different, fully open sourced and freely available, OS, would mitigate all these issues?
I will not get into the obscurity or security debate. Suffice to say this particular issue is not about transparency, this is about keeping the bad guys out, and by giving them the blueprints to your system, you make their lives infinatly easier.
...are probably one of the few devices that most Slashdotters would agree should definitely be running proprietary, private software.
I had no idea there were ATMs out there running Windows. Given access to the software/a machine running it, I can't see how this would have been difficult to pull off. This is a serious WTF? moment.
This is the price you pay for "push" e-mail on most mobile devices.
Instead of having the phone constantly connected, polling and costing money in data bills, the network does it at their end, and can then notify the phone using some GSM jiggerypokery.
I'm actually a Last.fm subscriber, and am more than happy to pay the meagre 3 euros, but being forced into it? Personally I don't use the paid features much at all, it's as much wanting to support the (excellent) service as it is trying to get value for money.
I wonder if they'll lose that sort of support when they move their business toward a more corporate stance.
This is one of the challenges I face with my Poker Robot.
Surprisingly the hardest part of programming a poker bot, is making one that's not just hard to detect but difficult to figure out. In higher limit rooms the good players will very quickly clock your strategy, and if they realize its a bot, and therefore rigid, they'll take you to the cleaners.
Currently I use a ratchet effect, alternating between several algorithms, some of which are designed specifically to lose, but to lose in creative, sensible ways.
"Run a simple web spider" A spider that is somehow able to crawl the entire internet, primarily the bits that people have tried very hard hide from spiders, all with only a "few hundred megs" to play with.
"checks availability but never actually pulls content" And how pray does one do that? Guess work? Intuition? Magic?
"Run the same spider in any non-censoring country." Of course taking into account the myriad of factors that would generate false positives, like differences in latency and the fact by the time you've got to scan number two, the first set of results are now weeks out of date (conservative estmiate, you're crawling THE INTERNET)
It's very easy to use your own style for eveything and reimplement every existing toolset because "you know best". You can heavily over-engineer every library you write. You could do something outlandish like creating a custom scriping language for you business logic. Academically clever it may be, but it's totally wasted in any production environment.
What's hard is writing good, clean, concise (yet not obfuscated) code. It must well structured and sensibly designed. Not just so that you can maintain it, but that everybody can. The kind of code that'll convince subsequent devs follow YOUR example, rather than come up with their very own individual "clever" style and fuck it up for the next generation.
"Genius" code isn't that clever. Genius devs write code that that even the least talented there can comprehend.
"To you maybe, but you are forgetting that most people don't get the concept of strings, let alone know how to analyze such a thing."
Did you forget where you are? This is Slashdot! I fully expect each and every one of you to have at some point written your own disassembler, and currently own at least one t-shirt that detects Wifi APs!
Slashdot Mirror
Mod parent up + 1 Funny.
Just for the record: Fuck Aptitude.
apt-cache search *expr* | grep *exp* #if needed
apt-get install *package*
How is that not much easier?
Some rather unpleasant comments coming off of you lot.
The poor chap sounds like he'd had a bad decade, and this just topped it off.
When your business collapses overnight (which is what happened here), you're facing god knows how many lawsuits (which is what would have happened here) and the people you'd turn to for support are dead... Well, I'd imagine what follows are some rather sobering thoughts.
My heart goes out to his remaining family, and those of you modded "Funny" should go gargle some engine coolant.
By the way I agree entirely with you on the subject of voting machines, and on probably 99.9999% of other devices, but I understand the fraud "community" better than many others here, and while it would be nice to have openness, we're talking about motivated people who know what they're doing.
They don't give a shit about your idealism, they see weakness, they exploit it.
There are very few known ATM scams out there apart from skimming, that didn't require fairly intimate knowledge of the systems involved.
And as an idealist, I'm there with you. But as a pragmatist, this was a total fuckup.
Looking at it from a malicious perspective, if i knew a certain ATM brand ran Windows, I'd have a field day.
Why? Look online, anybody can learn to code for an XP machine, all the nooks and crannies where you can hide malware are easy to research, methods for bypassing anti-virus software are all public domain.
The ways INTO a windows machine are well known (we can assume this is running on standard hardware), be it via USB, CD, over the network (and remember, ps tools). All the tools for extracting/cracking windows password hashes are freely available, and was it up to date? Plenty of public exploits out there in the wild.
So Windows is out, because it's too well known. You can plan in advance how you'll attack the box, you can set up your own test bay (after all everybody can get their hands on a copy of windows), you can write the malware in your own time, and then, quickly infect the ATM when the time is right.
Are you telling me a different, fully open sourced and freely available, OS, would mitigate all these issues?
I will not get into the obscurity or security debate. Suffice to say this particular issue is not about transparency, this is about keeping the bad guys out, and by giving them the blueprints to your system, you make their lives infinatly easier.
...are probably one of the few devices that most Slashdotters would agree should definitely be running proprietary, private software.
I had no idea there were ATMs out there running Windows. Given access to the software/a machine running it, I can't see how this would have been difficult to pull off. This is a serious WTF? moment.
While I'm not myself, a good number of my friends are activly producing music.
This actually looks brilliant, I will definintly recommending.
what happened to my fucking mod points...
DAMN YOU SLASHDOT 2.0
Insightful?
So as to keep hardware costs down, make the systems easily scalable, and speed up development and upgrade timescales?
...is this really needed at a time when we should be making real an effort to cut spending.
I love the idea, but we need to prioritize a little, could this 250m be better spent elsewhere? Or not at all?
This is the price you pay for "push" e-mail on most mobile devices.
Instead of having the phone constantly connected, polling and costing money in data bills, the network does it at their end, and can then notify the phone using some GSM jiggerypokery.
FUD.
...a butterfly flapping its wings MAY trigger a tornado on the other side of the world.
We don't know that it does though...
Stand back! It's alright, I'm a webmaster...
...now when they come for us, we'll be ready.
"We want their guys to die."
I think his primary objection is that "their guys" often turn out to be women and children.
I used to be the same, but VLC now supports Last.fm, and Media Player Classic is written in MFC which hurts my eyes when I have to code with it.
"Both sides are being petty children."
Such a departure from the US and Russia of old...
1. Conficker updates
2. Security researchers scrabble to understand latest Conficker code.
3. Success!
4. Researchers release the info, in detail.
5. Researchers warm themselves in the radiant heat of their own brilliance. Community applauds.
5. Conficker authors read this publically available infomation, learn from their mistakes and fix the problems.
6. Go to 1.
And this circlejerk of will continue until the researchers involved learn put their egos aside and actually do something useful with the information.
I'm actually a Last.fm subscriber, and am more than happy to pay the meagre 3 euros, but being forced into it? Personally I don't use the paid features much at all, it's as much wanting to support the (excellent) service as it is trying to get value for money.
I wonder if they'll lose that sort of support when they move their business toward a more corporate stance.
Good, David wins again.
This is one of the challenges I face with my Poker Robot.
Surprisingly the hardest part of programming a poker bot, is making one that's not just hard to detect but difficult to figure out. In higher limit rooms the good players will very quickly clock your strategy, and if they realize its a bot, and therefore rigid, they'll take you to the cleaners.
Currently I use a ratchet effect, alternating between several algorithms, some of which are designed specifically to lose, but to lose in creative, sensible ways.
"Run a simple web spider"
A spider that is somehow able to crawl the entire internet, primarily the bits that people have tried very hard hide from spiders, all with only a "few hundred megs" to play with.
"checks availability but never actually pulls content"
And how pray does one do that? Guess work? Intuition? Magic?
"Run the same spider in any non-censoring country."
Of course taking into account the myriad of factors that would generate false positives, like differences in latency and the fact by the time you've got to scan number two, the first set of results are now weeks out of date (conservative estmiate, you're crawling THE INTERNET)
No. Just, no.
...genius code is not that hard.
It's very easy to use your own style for eveything and reimplement every existing toolset because "you know best". You can heavily over-engineer every library you write. You could do something outlandish like creating a custom scriping language for you business logic. Academically clever it may be, but it's totally wasted in any production environment.
What's hard is writing good, clean, concise (yet not obfuscated) code. It must well structured and sensibly designed. Not just so that you can maintain it, but that everybody can. The kind of code that'll convince subsequent devs follow YOUR example, rather than come up with their very own individual "clever" style and fuck it up for the next generation.
"Genius" code isn't that clever. Genius devs write code that that even the least talented there can comprehend.
mod parent up. all true.
"To you maybe, but you are forgetting that most people don't get the concept of strings, let alone know how to analyze such a thing."
Did you forget where you are? This is Slashdot! I fully expect each and every one of you to have at some point written your own disassembler, and currently own at least one t-shirt that detects Wifi APs!