• Christophe (unregistered) in reply to The General
    The General:
    "Potřebete více času?" means "Do you need more time?". Offhand I don't know the Czech for "Tough luck, buster!"

    No, I think it's "File Not Found"

  • (cs) in reply to death
    death:
    I really DO NOT understand why of all things Windows, the classic black hole in security and reliability, is used for this. I dread the day somebody gets a genius idea to stick a Vista in one of those. Yuck. Wouldn't it be much safer to use a properly locked down, read only media fire-walled FOSS software for the base system and top that off with a nice encrypted ATM control software?
    No. Because ATMs are NOT connected to the internet - they operate over (encrypted) dedicated lines. Their security concerns are completely different from those encountered by internet applications and mostly situated in the hardware realm - criminalls installing snooping devices on top of the ATM that capture customers' card data and PIN code is a serious and common problem; sometimes entire ATMs get carried away so that the thieves can take their time to crack them physically. Software attacks are really a non-issue, and so is therefore Windows' lack of security.

    What IS an issue is lack of stability - which is why ATMs generally ran OS/2 until Windows got good enough in that regard with 2000. "Good enough" means: the hardware and drivers fail far more often than the OS does.

  • v.dog (unregistered)

    I don't know what's worse; that there's meant to be an invisible window, that it's not invisible, or that the author didn't know how to write invisible.

  • Anony Moose (unregistered) in reply to death
    death:
    I haven't been completely at ease with ATM-s ever since. I really DO NOT understand why of all things Windows, the classic black hole in security and reliability, is used for this.
    Let me explain it to you, then:

    A) It's so that they can play videos on the screen while waiting for someone to walk up, so that the first thing anyone sees when they use an ATM is an advertisment.

    B) You might suggest Linux, or even a custom embedded OS with an AVI player, but let's face it: banks are big companies and big companies buy from big companies, therefore they buy Windows.

    What does worry me is that even with Windows, they could separate out the UI module and the communication module, wrap them in some automatic error recovery code that blanks the screen and logs all crashes before automatically restarting the system. Even if they wern't using Windows, they're clearly not writing decent crash handling code, which is not a good sign.

  • Skippy (unregistered) in reply to Redundancy

    I entered my PIN number into an ATM machine that used an LCD display.

  • (cs)

    Windows on an ATM is horrible and stupid.

  • (cs) in reply to operagost
    operagost:
    death:
    Its a pretty freaking common temperature error there. Seen it before. Sensors do go kaput occasionally.

    Now that Windows error on ATM machine that's a classic. An ATM machine once ate my card, blue-screened and then rebooted XP without returning the card before my eyes. I haven't been completely at ease with ATM-s ever since. I really DO NOT understand why of all things Windows, the classic black hole in security and reliability, is used for this. I dread the day somebody gets a genius idea to stick a Vista in one of those. Yuck. Wouldn't it be much safer to use a properly locked down, read only media fire-walled FOSS software for the base system and top that off with a nice encrypted ATM control software?

    They used to use OS/2. That being said, you seem to be assuming that Windows cannot be firewalled or use encrypted communications.

    By the way, the "m" in ATM stands for "machine."

    Do tell what the A and T stand for. And OS/2 was obviously a choice from technology, not from marketing, wasn't it? A distinction which I believe death was trying to make.

    That being said, you seem to be assuming that death is claiming that Windows cannot be firewalled and cannot use encrypted communications. I would tentatively suggest that his/her main thrust is that Windows programmers/designers/architects cannot be trusted to build systems with reliable firewalls and cannot be trusted to use encrypted communications. My Uncle Eddie claims he banged Marilyn Monroe once or twice -- obviously, she was dead at the time -- but I don't trust him. Even though it's quite plausible.

    Bottom line: avoid hackers; avoid stupid GUI problems; go for a lock-down, either with OSS that you "control" or with a bunch of Canadian freaks who spend their life doing this sort of thing. Relying on any flavour of Windows to work flawlessly, across a huge number of systems, is just silly.

    Except when you're paid big bucks to do it, and don't have to face the consequences. Which brings us back to today's OP.

  • (cs)

    Windows shouldn't be used for ATM's and such for the simple fact that it's designed for idiots. Statistically, the developers who choose to use Windows for embedded systems are also idiots (who can only work Windows anyway, thus the reason for choosing it).

    If you want a reliable system, you use a *nix based system. Added bonus is that the common modern Unix and Unix-like OSes are also free.

  • smilr (unregistered) in reply to anon
    anon:
    FredSaw:
    anon:
    I am very thankful my task bar is not that cluttered.
    Eugene seems to be heavily into weather. He's got two taskbar icons showing the temp(and disagreeing on it), and two umbrellas.

    Not to mention running three anti-virus suites simultaneously...

    The two umbrellas I think are for two different antivirus suites, and the two numers 28 and 29, as well as our outrageous temp value are all probably different system temperature sensors, rather than weather info.

    Still freaking overkill.

  • Zygo (unregistered) in reply to Maurits
    Maurits:
    bdew:
    TRWTF is that not only the ATM runs windows and something crashed, but the ATM has some kind of a debugger installed on it and registered for JustInTime debuging. Otherwise the [Debug] button wouldn't show up.

    How is that a WTF? It seems to me to be a pretty good way to deal with crashes on ATM software... once the developer gets notified that the ATM is down, they can TS in and hit the Debug button, and they get a continuable debug session.

    There are so many reasons why this should never, ever happen, be allowed to happen, or be possible to happen...

  • UnFleshedOne (unregistered)

    Neat, my screen is posted :).

    One umbrella is a resident antivirus (antivir), another one is a spam filter (spampal). There is clam antivirus, but all it does is updating its defintions database. Temperatures are for my 3 harddrives.

    And my taskbar isn't cluttered :). At that time I think only browser is open :).

  • Zygo (unregistered) in reply to brazzy

    Bank machines started to be built on W2K not because W2K crossed some quality threshold, but because OS/2 died. The death of OS/2 was planned years in advance, so everyone who wanted to stay in business started building ATMs on the then-current Microsoft platform.

    An ATM application has fairly modest OS requirements, and the OS doesn't have to run anything else. Once it has been more or less debugged (or at least had all the necessary workarounds applied) it could run on any OS with reliability sufficient for an ATM.

    Note that ATMs are not required to be particularly reliable--the most (tangible) damage a crashing ATM could do is lose business for the day or dispense all of its cash, which are rare enough events that most banks will simply live with the risk and absorb the cost. The hardware design makes dispensing all of the cash rather difficult to do by accident, and the bank's database servers in the data center limit transaction amounts to manageable levels. An ATM can be several orders of magnitude less reliable than a nuclear weapons launch controller or even a satellite control system, for example.

  • Zygo (unregistered) in reply to MBV
    MBV:
    Did anybody notice the 'debug'-button on the ATM? AFAIK that does only appear when someone installs Visual Studio or the like. Why on earth would you need that on an ATM?

    Because it keeps crashing in the middle of banking transactions.

  • (cs) in reply to real_aardvark
    real_aardvark:
    operagost:
    death:
    Its a pretty freaking common temperature error there. Seen it before. Sensors do go kaput occasionally.

    Now that Windows error on ATM machine that's a classic. An ATM machine once ate my card, blue-screened and then rebooted XP without returning the card before my eyes. I haven't been completely at ease with ATM-s ever since. I really DO NOT understand why of all things Windows, the classic black hole in security and reliability, is used for this. I dread the day somebody gets a genius idea to stick a Vista in one of those. Yuck. Wouldn't it be much safer to use a properly locked down, read only media fire-walled FOSS software for the base system and top that off with a nice encrypted ATM control software?

    They used to use OS/2. That being said, you seem to be assuming that Windows cannot be firewalled or use encrypted communications.

    By the way, the "m" in ATM stands for "machine."

    Do tell what the A and T stand for.

    Automated and Teller.

  • (cs) in reply to real_aardvark
    real_aardvark:
    That being said, you seem to be assuming that death is claiming that Windows cannot be firewalled and cannot use encrypted communications. I would tentatively suggest that his/her main thrust is that Windows programmers/designers/architects cannot be trusted to build systems with reliable firewalls and cannot be trusted to use encrypted communications. My Uncle Eddie claims he banged Marilyn Monroe once or twice -- obviously, she was dead at the time -- but I don't trust him. Even though it's quite plausible.
    Thank you, that was exactly my point. Windows does a multitude of things that are completely useless to the ATM. It is a risk to your data that does pass through Windows to get to the application. I do not trust it to handle my banking transactions or my access to my resources, my card. Around here you can do money transfers with ATM-s, not just get cash. If one is compromised all that is needed to steal nice lump of your hoard is using it once. And all it needs is a tiny thing added by a crooked techie that adds a card no + keylogger. I expected it to be a secured system where the system parts are on read only media, the app itself needs to be signed to be run and all playable content is stored on a separate plugin card from what nothing ever gets executed. It made me rather uneasy to see the good old familiar XP booting up.
    real_aardvark:
    Relying on any flavour of Windows to work flawlessly, across a huge number of systems, is just silly.
    Extra complexity is only extra vulnerability. Windows is a black box. If it is not updated it has known huge holes.If it updated it has an access line to the rest of the world to exploit. So one is screwed either way.
  • 28% Genius (unregistered)

    Account No. 5.4346E+15?

    Somebody did a mailmerge with an Excel file, and the column for the account number was to narrow. TRWTF is that Excel changes the format of numbers based on the column width. (And that the bank didn't proofread.)

  • (cs) in reply to Christophe
    Christophe:
    The General:
    "Potřebete více času?" means "Do you need more time?". Offhand I don't know the Czech for "Tough luck, buster!"

    No, I think it's "File Not Found"

    LOL! "Kde soubor můj?"

  • (cs) in reply to Zygo
    Zygo:
    An ATM application has fairly modest OS requirements, and the OS doesn't have to run anything else. Once it has been more or less debugged (or at least had all the necessary workarounds applied) it could run on any OS with reliability sufficient for an ATM.
    Hmm, I'd love to see a FreeDOS-based ATM then. It could reboot in the blink of an eye if it had to.

    Banrisul, a large Brazilian bank, actually has Linux ATMs displaying Tux.

    brazzy:
    No. Because ATMs are NOT connected to the internet - they operate over (encrypted) dedicated lines. Their security concerns are completely different from those encountered by internet applications and mostly situated in the hardware realm.
    If you want to find out what that kind of thinking leads to, google "Bank of America" and Slammer. If that worm could reach machines connected to the ATMs, it could possibly have also infected the ATMs had it been coded to do so. (Oh, the RWTF is that I didn't decry Blazzy's post as TRWTF.)
  • Kevin Kofler (unregistered)

    The ST3120022A temperature screwup is a hardware issue, I have 2 disks of that series and this also happens occasionally here, and I'm using lm_sensors and KSensors on a Fedora GNU/Linux system. Usually it's just one reading which is bad, the next one makes sense again.

  • (cs) in reply to death
    death:
    Around here you can do money transfers with ATM-s, not just get cash. If one is compromised all that is needed to steal nice lump of your hoard is using it once. And all it needs is a tiny thing added by a crooked techie that adds a card no + keylogger.
    You don't even need an insider for that - hardware snooping devices simply added on top of the ATM's keyboard and card reader are a widespread serious problem at the moment. As long as you can't prevent that, worrying about software security is somewhat pointless.
  • pizza pie (unregistered) in reply to Crash Magnet
    Crash Magnet:
    The language of the OS is not the same language as the application.

    This reminds me of a Pascal compiler written in Franch we used in engineering school. The compiler always printed error messages in English; except every once in a while an error message would be in French. The program was like a rude Frenchman; the program would respond in English, but then make a very rude commen in French then hide behind a smile.

    Some say "rude Frenchman" is a tautology.

  • Thomas Turner (unregistered)

    The best part about the ATM on is that there should be a report definition name in there as well...

  • (cs) in reply to s.
    s.:
    Crash Magnet:
    The language of the OS is not the same language as the application.

    The similar WTF is translating of language keywords to native language. Say, Excel, polish version.

    Instead of 'IF()' you type 'JEZELI()' and so on. Now the trick is to interface it to Visual Basic, which still uses english counterparts, so you get a total mess and you have to guess how is given english keyword called in polish...

    People should be able to use software in their native language. Would you be best pleased if you had to use a program where all the commands were in Czech, for example? VB should have supported the Polish commands too.

  • (cs) in reply to brazzy
    brazzy:
    death:
    Around here you can do money transfers with ATM-s, not just get cash. If one is compromised all that is needed to steal nice lump of your hoard is using it once. And all it needs is a tiny thing added by a crooked techie that adds a card no + keylogger.
    You don't even need an insider for that - hardware snooping devices simply added on top of the ATM's keyboard and card reader are a widespread serious problem at the moment. As long as you can't prevent that, worrying about software security is somewhat pointless.
    You can, if careful detect hardware bugging devices. There is no way to detect software ones. And security is not just the aspect of not being able to access things you have no right to. There is more to security than that.
  • (cs)
    death:
    Now that Windows error on ATM machine that's a classic. An ATM machine once ate my card, blue-screened and then rebooted XP without returning the card before my eyes. I haven't been completely at ease with ATM-s ever since.
    Happened to me too - I was in such disbelief that such an important device would run Windows!
  • Jasmine (unregistered)

    I would totally be clicking "Debug" on that ATM... it would be worth a try :)

Leave a comment on “Is it just me, or is it hot in here?”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article