- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Our (NAPCO) system is that way too. The control boards can operate without a working serial link, but having the link & database up enable you to change the rules as well as operate doors from a workstation. Lets me sleep that much easier.
Admin
The swipecard system ran on Win9x (and might have been designed for Win3.x). The filesystem was FAT. FAT filesystems get slow when a file gets large or even when there are a lot of small files and a directory gets large and fragmented. If the keycard app was written to append a line to the logfile and close it for each swipe, the OS would have to chase the chain of FAT entries to find the end of file each time. There are settings configurable in config.sys to tune the in-memory buffer size and the number of files open at once, but probably nobody did that. Add to this the growth-without-cleanup of the keycard database as cards get replaced and employees join and leave the company, throw in a dash of swapfile growth and fragmentation, and stir. You can easily end up with molasses.
Admin
I agree that the real wtf is that he was able to open up the door security cabinet. That being said.. it does seem that something happened that night led to the locking and unlocking. I have a feeling that the code didn't process the queue til empty, and only processed the next one. That way if you swiped a bunch, it would queue a bunch, but only process one. Depending on what was involved in the processing made the time variable. Something had to happen to make them start pulling the rest of the items from the queue. Maybe some dysfunctional logic that was supposed to filter out excessive swipes, but in reality just caused the situations described in this article.
Admin
It's possible no one noticed. After all, the office is a noisy place and until it becomes deadly silent would people start to notice the clicks. Plus, if there's any significant number of people getting in and out, clicking would be expected all the time, and it gets tuned out.
If the delay is say, 60 seconds, then the first person will swipe and wait a minute. But let's say you get impatient and swipe again - you just queued up a request again a minute later. Next guy comes in, swipes his card, and gets in with your swipe. If he's unlucky, he might swipe a few times while waiting for your second swipe to take effect. Add in multiple doors tied to the same system, and it's quite likely a number of swipes got queued up. (Remember, one of the tricks was to swipe it multiple times).
I suppose eventually, the backlog got so bad that it took days for it to clear. In which case it would click continually throughout the day, with everyone's multiple swipes letting people in through the night and weekends.
It just took someone to work late to actually notice...
Admin
This would still be incredibly dumb, but at least the only casualty is the log; not some poor dumb bastard with a worthless piece of plastic freezing their ass off in the cryogenically-cooled server room waiting to get through the door to a really really important meeting with the assistant deputy sous-chef of HR.
BTW You forgot "Close log:" that all-important step that both ensures that you don't run out of Windows handles, and also can't remember exactly what it was that you were doing this time last Tuesday.
Still really worried about the log? Start another process, or open another thread.
Admin
Never assume it's safe to take a drink while reading TDWTF. I'm just lucky that the spew missed my keyboard.
Admin
Not necessarily. At my previous job the door swipe records were also used to compare against our reported hours. They were also used to record who was coming and going.
As such it was official policy that we must swipe our cards coming and going, even if there was already someone in front of us who had the door opened. "Tailgating", as it was called, was expressly forbidden.
In that context it makes sense to process and record each and every swipe, even if the door may already be unlocked at the time of certain swipes.
Admin
This whole story doesn't seem very likely, unless it's in some strange office where all doors are opened regularly more than once a minute. If a particular door were opened only once or twice a day, then it would only unlock hours after the swipe. There must be at least one door that is used infrequently, and there would be no way to get through it.
Admin
Do people really actually spew drink contents when reading a funny post, or is it one of those things like ROFLMAO? If you do not in fact actually spew your drink, I recommend using some acronym. IJSMFD?
Also, the Irish girl is like RIGHT NEXT to this textarea...
Admin
Is that the same software that will be used to tally the US elections in November?
Admin
Finally, at last! Science fiction becomes reality! Maybe they should call it the "self-indulgent door".
Admin
N o, over the weekend, the backlog of swipes would get processed, and the first person in on Monday would swipe, wait for his OWN processing time, and then enter. As the day would progress, the queue would get filled again, and each night a portion would get purged.
Admin
"He traced a line from the card reader to the reception area just on the other side of the door, and upon further investigation discovered that it ran into a floor-level cabinet which was obscured by a trashcan and some stacks of paper and folders."
I re-read this a few times looking for a REAL-REAL-WTF, that is, tracing the cord to the reception area outside of the locked door.
Admin
This is a very nice WTF. Element of mystery, the forgotten doorkeeper, and a technical (rather than personality) issue.
CAPTCHA wisi "Who tha F**K are you calling a WISI!"
Admin
fantastic location. open wiring, unlocked cabinet, in the open, obvious function. yep, that'll keep Osama Yo'Momma out, all right ;)
Admin
Now open it in append mode and see what happens. By the way, notepad can't deal with 300M files.
Admin
Great - unlogged access.
Oh, now the whole file can be corrupted - have you thought this through?Admin
So I'm going to wager that it was storing the entire log in memory as text, and serializing/writing to disk each time it unlocked the door?
Or perhaps reading the log file that was being spat out, then re-parsing the text to find out when to unlock again?
Admin
Just speculating, but I'm guessing they wrote swipes to a log file, not with the goal of queueing door-open requests, but rather in order to record every time someone went through the door. So if, say, valuable equipment disappears, someone can look at the log and say, "Hey, the only one in the building at that time was Bob!" Probably the delay in processing was an unintended side-effect. I'm sure when they were testing this, nobody thought to swipe a card a few thousand times to see what happened. The classic IWOMM ("It works on my machine") phenomenon.
Admin
Aah OK, so the moment the hard drive thrashes to death (and it WILL at this rate) the doors stop opening? Wonderful.
Admin
I replace crap like this on a regular basis (example code in Delphi):
theLog := TStringList.Create; theLog.LoadFromFile(LogFileName); theLog.Add(NewLogEntry); theLog.SaveToFile(LogFileName); theLog.Free;
(simplified for lack of a pre or code tag...)
As far as the original story goes, I'm not so lucky. I'm sure if I had done that, the app would have crashed with a "can't find accesslog.txt" error, the machine would lock up, fail to reboot, and lock me in until maintenance could take the door off the hinges... on Monday. :-/
Admin
Admin
Years ago I worked at a military base where we had swipe cards to get into sensitive areas of the building. It so happened that the restrooms were in a hallway where the doors on each end opened on to such sensitive areas, so you needed a swipe card to get out of the restroom. Okay fine, no big deal, we all had swipe cards.
Then one day the base commander decided that most employees shouldn't be able to get into sensitive areas after hours. So, without actually bothering to, say, tell anyone, he had the system changed so that most employees' swipe cards didn't work before 5:30 pm and 7:30 am. I'm sure you can see where this is going: Some poor woman worked a little late, then went to the lady's room just before going home the day the change was made ... and couldn't get out. Fortunately I heard her banging on the door and let her out. We played with the system a little and found that neither of our cards worked anywhere. The next day we called security to report that something was wrong with the system and then they told us about the new policy.
I don't mind being told that I'm not allowed to work late for no extra money, but personally, I prefer not to be locked in a restroom all night.
Admin
/Thinking of just the right situation to use this on co-workers...
Admin
Would be pertty funny if the log files were used for something.
"So Jenkins, you didn't actually start work this week until sometime late Tuesday morning, so we're docking you a days pay...but you will be getting time-and-a-half for your work on Saturday, and double time for Sunday. Well done."
Admin
I had something similar happen. Where I work, I go in and out through a back entrance to the building. You open the outside door, which is generally not locked, and that brings you to an alcove where you swipe your card to get into the building.
Now, they restrict entry/exit after 7:00pm, at which point the swipe readers no longer unlock the inner door, and the outer doors are locked for the night.
So one day I work late, head toward the exit, walk out the inner door, try to open the outer door, see that it's locked, remember that it's past 7:00pm, and turn around just in time to... click See the inner door lock. Now I'm trapped between the two doors. The inner door is not accepting swipes to get in, and the outer door is locked -- from the inside, yes, but alarmed. I sat and deliberated for a few minutes, tried to think of who I could call, looked for intercoms or cameras, and finding none I went for it -- I unlocked the door, opened it -- which set off the building alarm -- and ran for it.
I talked to the security guard the next day, and he waved it off -- apparently this happens all the time.
Admin
Yeah. It shouldn't be queued up, if a second swipe comes in while the computer's busy it should email off and order a second card swipe computer to handle the second swipe. Duh.
Admin
wish we had a video tape of this :) You would look like a robber running away.
Admin
Admin
[quote user=" Also, the Irish girl is like RIGHT NEXT to this textarea...[/quote]
Well, she won't be with us much longer.... <sniff>
Admin
But wouldn't that be awfull co"incedentical? I mean, it could be if the computer was slacking exactly 24 hours behind, but else... My guess is that the logic is about this: Lock signals key => info to computer => computer checks access rights then:
That would explain the not that long delays, but not the randomness. (maybe a longer wait if more people used the locks?)
Admin
WTF. didn't anyone notice that it's clicking all the time during the day?
Admin
They felt like "The Fonz".
Admin
Good story, i too enjoyed this story very much.
Admin
well... i'm glad i dont work with you
Admin
this could go either way. Either he is a hero for fixing this. Or someone will put together the file creation date with his 'test' swipe and fire him for messing with a 'secure' system. Either way, access to the box is a problem. Ask yourself how long that machine will be working and ask yourself if you want to be the rat in a cage when it stops working....
Admin
this site will give you all the links to surveys. that will pay you money just for a filling out a quick form! these surveys pay you any where from $10-$50 for only like 10min. its so awesome i can make some money on the side for doing almost nothing. well check it out!!!!
http://adamin.paidetc.hop.clickbank.net/
Admin
Admin
The other other other real WTF is that I saw a guy in a Full Sail shirt the other day, in Prague. But the logo was a yacht... (not the American kind, the English-speaking world kind). Guess it wasn't the same Full Sail?
Admin
Reading everybody else's perfectly reasonable explanations might make your eyes bleed. That would be dangerous.
Admin
Oh ... wait ...
Admin
I estimate the total amortised cost of this two-threaded solution to be roughly 20ms per swipe on a Commodore PC. But what the hell do I know? I just work with every single fucking credit card transaction in the entire world. Being a glorified doorman is not my bag, mate.
Admin
I hope neither of you guys are writing multithreaded programs for consumer use. :P
People are getting through the doors on swipes made by other people earlier in the day. They can't tell: It just unlocks.
The first person of the day would get the door unlocked relatively quickly from THEIR swipe. As the backlog builds up (from excess swipes, impatience, overall load on the system on multiple doors), people would start getting through the door on other people's previous swipes, and their swipes would in turn affect other people in the future.
Admin
P.S.: A better clarification.
The logfile is big. But (and this is the important part) it's so big that it's practically a constant delay, on the scale of a day. Each additional swipe barely changes it's relative size.
total_delay = log_size_delay * queued_items
So suppose it's a constant 5 seconds per authentication to load and save the file. It does this once per each swipe and unlock.
Assume ten items in a queue, and we start working.
It takes 5s for the first item to clear, 10s for the second, 15s for the third, etc.
On Monday, with no backlog, the door'll be back to 5s delay for the first guy at the first door. By the end of Friday it might be a 1 hour delay, but due to the fact that the door just opens for anyone standing there (regardless of what card they hold) nobody notices.
By clearing the logfile, the base delay per swipe could go down to .001 second, in which case it's too small compared to traffic for the backlog to ever build up.
Admin
[quote][qupte]Jeremy took a deep breath and renamed accesslog.txt to accesslog2.txt. Immediately, a startling clatter of doors locking shut echoed throughout the floor. Justin bit his lip and walked over to the nearest card reader.[/quote]So within the time of writing one sentence he changed his name? ;)[/quote]
I thought it was a metaphor for the changing filename of the log file.
Ok, not really.
Admin
Want to back that up with a reason? Or are we just sticking with ad hominen attacks?
It seems that you have never heard of risk analysis or worked in an industry where your actions have consequences that cannot be undone if you screw up.
Jeremy dicked with a system that he had no knowledge of, thus any action he took had an unknown risk of failure and an unknown risk of side effects with other systems. A professional would have applied due diligence and assessed the consequences of his actions rather than making the assumption that just being l33t was enough to get by - and then not even be man enough to admit that he had dicked with the system.
Admin
Will the real troll please stand up
Admin
But does it run on Linux?
Admin
Admin
Yeah, but how many doors does this place have? How likely is it that someone has tried to swipe the door you are swiping - x hours ago? I can easily picture someone waiting half an hour for door to open!