- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
I liked this story. Good read for the morning.
Admin
[qupte]Jeremy took a deep breath and renamed accesslog.txt to accesslog2.txt. Immediately, a startling clatter of doors locking shut echoed throughout the floor. Justin bit his lip and walked over to the nearest card reader.[/quote]So within the time of writing one sentence he changed his name? ;)
Fixed! -ed.
Admin
I'm actually pleasantly surprised. Normally I read these with bated breath, but this one was quite good. I could have done with a little less embellishment though (no need to turn it into a horror tale).
Less embellishment, more good WTFs, please!
Admin
Heh, swipecard systems. Our uses some awful program made for Windows 3.1 that refuses to run on anything NT-based. The Windows 98 machine it's currently running shows an uptime of 46 days, 14 hours currently, and as far as I know, the time has rolled over once already. Who said Win9x wasn't stable? :)
Admin
Log rotation, how we love thee!
Admin
And the WTF was? That a system went unchecked and unmaintained for a long time? Wow, another revelation.
Admin
so why was it slow? How can processing a card swipe take that long? I assume it was something to do with the size of the log file or something?
Admin
Admin
For changing a critical piece of security infrastructure with out any authorization or approval? I don't see him as a hero but as more of a vigilante.
A hero would have done an investigation without changing anything and then made a clear and precise report the next day as to what was causing the heartache. At which point a considered response could be made which took the overall situation into account. After all he was new there, so there is no way that he would have been able to take the entire companies position into consideration.
In fact he did not actually change anything, all he did was fix a symptom. I would guess that as the current log file filled up the system would start to behave in the same way again. So all he achieved was to give himself a virtual wank and a smug look when his coworkers next discussed the improved performance.
Admin
Something doesn't add up here. How is it possible that an entire night of locking and unlocking isn't enough to clear the backlog?
Admin
Admin
I must be missing something. If the system was still processing swipes from yesterday, how come people were still able to use the doors. Wouldn't they have to wait a day for their swipe to open the door? Or did the system pick random swipes and process them? In which case wtf kind of queueing system is this?
Admin
The end would've been better if the doors wouldn't open at all when he changed the file.
Admin
It would have been funnier (for everyone but him) if he inadvertently disabled the system locking him inside (and everyone else outside).
Admin
I'm curious how it's possible that the swipes would process at different rates. If the swiping process and the door unlocking process are as disconnected as they seem to be here, wouldn't the door always be unlocking at the rate heard late at night?
Admin
It sounds like employees were getting access via others' swipes. Everyone was leeching off one another.
I guess that would make the actual wait time more than 24 hours. That'd really cause people to get mad.
Admin
Admin
Take the entire companies' position into consideration? So somebody actually wanted doors to unlock with a delay of hours? Some security that is. If they cared, wouldn't management have already noticed all the obvious grumbling and done something?
Admin
Great story, I thoroughly enjoyed this one :)
For those confused about the delays, create a text file filled with 300Mb of random text, then open it in notepad. Type one character and hit save. Now multiply those delays by an outdated OS, poorly written code, and ancient hardware. Then you'll understand the long delays.
Admin
Admin
From what I gather, the system could only process one swipe (from all doors) every X seconds, which means that each individual door would have a random delay between each unlock/lock. Swiping a card on a door would just be added to the end of the massive queue - the door opening would rather be the effect of the system processing some old swipe for it. So you could effectively just stand by a door and wait for it to randomly unlock for you... lol
Admin
No, it just is that the opening doors were not related to their swipes, but someone else's from a few hours ago.
Well, the system obviously is buggy: it won't keep the file open at the last insertion point, nor rotate it's logs. So, if I was him, I'd have filed a report along with the two possible solutions (have the vendor fix it / use a log-rotating software).
The reason for the system closing the file everytime is pretty obvious, though: Someone thought "I am using a buffered write, so if the system dies, I'll loose everything I have not written. I better close the file every time." Haha. HAHA!
Captcha: (unreadable)
Admin
Wow! i really like this wtf. Its very interesting
Admin
The question is : How is it possible he could pass doors that where locked, and only responded to key-card swipes made hours before ?
<quote>He examined the card reader and swiped his card. With a typical delay of 15 seconds, it unlocked.</quote> <quote>new swipes were being queued. So many were queued up that it was still processing swipes from 8:00 AM the previous morning,</quote> So it responded to his swipe (allmost) directly, but he machine was still processing swipes of the previous morning ?
Something stinks here, and it aint my socks ...
Admin
That was a good story. Ignore the grumpy commenters, they are just sore that they have sucky jobs and sucky home lives.
Admin
I assume with an office buzzing and full of people, nobody noticed the door clicking unless they were standing next to it. The real WTF is that the cleaners, who would have been in the office when it was quiet, didn't report the door clicking to somebody.
The other real WTF is that nobody has mentioned Irish Girl yet.
Admin
It was ghost of Irish Girl :)
Admin
If the delay was only about 1.5 days, then what happened on the weekends? If no one swiped their card on Saturday or Sunday, then the door would not open when swiped on Monday morning until mid-day Tuesday, right?
Admin
A vigilante!? Seriously? Geez, man, a little extreme. But then you go on to say that he fixed it. What's the problem?
"So all he achieved was to give himself a virtual wank and a smug look". No. He fixed it.
Btw, "virtual wank" sounds funny and dirty. I like it.
Admin
The punk got lucky. How about this is a possible scenario if the security system barfed because of the file rername:
[punks manager] Last night the security doors system was taken down and has been down since. It really has screwed up with our work today.
[company owner] So what happened?
[punks manager] Well Jeremy said he was trying to fix it, but I don't know .. he seems like a good kid, but not asking permission for something like puts a question mark over him.
[company owner] He's that new hire isn't he? Is he a security risk?
[Punks manager] Could be, could be not. Its too early to really tell.
[Company owner] well lets be safe and just fire him.
Admin
No, he didn't "fix" it. Several suggestions have already been posted on how he could have fixed it (log rotation, etc).
Admin
he didn't fix it .. he fixed the symptom. All he did was clear out the log file. In X number of days time the new log file will have filled up and you would have exactly the same problem
Admin
Umm, are you serious?
The application was processing them as fast as possible -- one about every 15 seconds or so. The 24 hour delay was caused by the backlog of a few thousand unprocessed swipes.
It would be unlocking the door constantly every 15 or so seconds until it cleared the backlog, at which point it would take 15 or so seconds to process a new swipe (but since the person would swipe the card 10 times in that 15 seconds, that would take 150 seconds to finish, etc...)
Admin
Wait, am I correct in reading that the computer controlling the door locking system is on the PUBLIC side of the door? Near the receptionist's desk?
Interestingly, I'm noticing a slight delay in the response time of our ID scanners too. Not long, from 1/2 to 1 second... hmm.
Admin
No, the delay was about a minute or so, but several days worth of swipes (at the 1-per-minute rate) had been queued up. After a long weekend, the doors would have reverted to minute-long delays, but once several people swiped in a row, it'd start taking random periods of time (where one user would swipe, wait a bit, then have the system process an earlier queued swipe and unlock the door).
Admin
Nonsense. The queue would either be gone, resulting in a pretty quick result, or it would still be busy, opening and closing. The delay isn't 1.5 days, the queue could very well be.
And renaming a logfile without an investigation what else could be using that file is not only just fixing a symptom rather then the problem, it possibly breaks things.
Admin
What are you, simple or something?
Admin
from the story:
"The following morning the buzz around the water cooler among those that noticed the improvement was that some anonymous hero had fixed the doors. Others couldn't put their finger on what it was exactly, but they knew something was right with the world that morning."
So it looks like he did not tell anyone about his heroics. So his "fix" (which could have broken any number of other things - thats what investigations are for) seems like it was never rolled into policy.
He just shot from the hip and got lucky
Admin
Wow this made my day. In addition to normal IT stuff, I have to manage the key card and door access system at my office. What a pain! The computer that interfaces with the control system (via LONG serial connection from one floor to another) is a Win2k workstation with a poorly laid out UI and way too many ways to screw things up. Thankfully, the computer itself could catch fire and die for all I care, as the building control boxes are separate and super fast.
Admin
The following was the ad that appeared for this article.
[image]Spooky!!!! The Daily WTF is haunted!!! Aaaaagh!
Admin
I wonder how people reacted when they were about to swipe their card, and the door unlocked in front of them...
Admin
It did not respond to his swipe, but to a swipe made hours ago. Standing by the door you can't tell the difference. The door would have opened at the same time even if he hadn't swiped his card.
Admin
This was a very entertaining and well-written piece. Thanks for the great Tell-Tale Heart reference, that made me chuckle.
Admin
Man, this guy is lucky. It's just this kind of well-meaning hacking that's landed lots of people in trouble. I'm thinking of Randal Schwartz (http://www.lightlink.com/spacenka/fors/) for example.
Admin
Funny swipe card system story.
I used to go to a really high tech university. In fact the name of the school ended in "Institute of Technology". Yeah, that one.
They had this fancy key card system on all the buildings, so that only students with cards were allowed to enter the buildings.
They also had a really comprehensive disability policy, which stated that all buildings must be wheelchair-accessible. So every building had a handicap button outside every door, which, when pressed, would immediately open up the doors.
Yes, completely bypassing the keycard check.
Yes, everyone knew about it.
As far as I know, it's still there. It still worked when I visited the campus 4 years after I left.
Admin
On a different note I like how human nature immediately took hold. People developed little rituals to open the doors. If you could let them use the system for a few generations eventually a whole religion would spring out of this. You would have to fast for an hour, say a prayer and depending on how good you were that day the door would open faster...
Admin
If new requests to unlock doors were added at the end of the log file, the append operation could be very quick. But suppose when a door is unlocked, the file is rewritten with all but the first entry. If enough people log in at once (say a hundred employees starting at 08:00, swiping their cards multiple times), the log file could get fall behind. And the more requests in the queue, the longer it takes to recover from each unlock...
Admin
The Real WTF is that nobody has yet commented on the complete and utter stupidity of queuing card swipes. Doors are meant to be instantly accessible. That means, while a card swipe is being processed it makes absolutely no sense to queue up more. Somebody really screwed up this one.
Admin
Perhaps the system handled, or was able to handle, multiple doors. Then a queue can be useful. Queuing a request to open a door that already has a request in the queue is however a bad idea.
Admin
Jeremy: "Hi, Brigid. Why didn't you swipe your card"? Brigid: "Hello yourself, Jeremy. Just you wait. It will open on its own." Jeremy: "Irsih I were drunk too." Door, interrupting before things get interesting: "Click."