- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
So basically if you wanted to rob the place, you just had to show up in the middle of the night and wait for a click.
Admin
I'm guessing that queuing was not a design decision. One processwould be appending the latest data from the card reader into the log file, and a second process is looking for new events that will release the locks. This approach would be one way to asynchronously manage the comms between the reader and the lock, while offering a log file at the same time.
I've seen a few 'front desk' access applications that have a scrolling display of entry and exit events. They usually sit on the reception desk until the novelty wears off or the furniture needs moving and then get consigned to the floor or somewhere out of the way, living out their simple DOS/Win3.11/WinNT lifestyle in the dust. As long as the doors keep opening, nobody cares, and the security concerns that first justified the system are long forgotten.
It probably ran like a rocket when it was first installed. I don't think the original developer would have thought what might happen with many years of log files (or what might happen if the logrotate process failed), nor that multiple swipes would be significant in the operation of the system.
Admin
Or, just maybe, the application crashes next time because it can't open the log file to append to. And then, as soon as our clown walks out the door, there's no way of getting back in (other than through the walls, roof or floor.
He took action when he didn't understand the consequences - that's foolish.
Admin
Magstripe is stone-age stuff, and that system takes the cake!
I'm a developer working for a large company that makes Access Control systems. Perhaps your company would be interested in upgrading to the latest in contactless Mifare technology?
We try our best not to give burgulars a helping hand!
Admin
Admin
Dude, shut up... this was a system that effectively did not work, anyone could come and wait for a backlogged access. I'm sure writing that gave you much more of a virtual wank than to this guy.
Admin
Nice targeted advertising for "biometric fingerprint door locks"...
Admin
Amazing the number of people who criticize this guy for not going through all eight layers of management to fix this problem. Not only was it a serious security issue, but it impeded work, too.
"Oh, but what if X happened ..."
We're not talking about prison door access or medical equipment here.
How about what if one of the outsourced janitors noticed that the doors opened easily all night every night for them? How much equipment could they walk away with?
The guy showed some initiative and a bunch of you want to squelch it. Lame.
Admin
Admin
The last company I worked for was very hot on timekeeping - no flexibility was allowed - and hence people generally arrived at 8:58 and left at 5:32. Unfortunately, it was discovered that the swipe card system only had limited resolution on the time, and the time was used as primary key in the database. Swipe in too soon after someone, and you wouldn't be logged, and hence you'd receive an email from HR.
Once that was discovered, a new company policy was instituted - wait five seconds after the last person. Hence at five to nine there would be a nice queue of coders, any one of whom could have fixed the real issue, counting "one elephant...two elephant...five...swipe" under their breath.
Admin
So you would let the doors unlock themselves all night? GREAT security!!!!
Admin
Let me guess. You work in upper level management? Maybe even the PHB himself?
Grow a sense of humor.
Admin
This is really too complex for you?
It didn't respond to his swipe at all, but to a swipe made the day before that was the next item in the queue.
I see you're "Guest". Perhaps this site is too advanced for you, and you should try somewhere else.
Admin
No, because at night when no one is swiping to get in, the system only has to deal with unlocking the door. During the day, it has to both unlock the door and deal with adding new swipes to the end of the queue.
Obviously, if the system is as poorly written as it is, it isn't good enough to combine the two operations, and is opening and closing the entire file each time, plus doing the positioning to EOF to append the new swipe to the queue.
Admin
No, he just hadn't yet talked to anybody about the issue.
I think you'd have to vastly improve yourself to even be considered simple. You're a moron, and lack the ability to think.
Wait! I know! You're an upper level manager in the government, right?
Admin
You're new here, aren't you?
Unless you're in the very rare position of working permanantly on the head of a cvs tree, or even a branch, you'll be in The Real World, which is all about fixing a symptom ahead of getting the buy-in and sign-off required to fix the problem.
Would your boss, sorry, professor decide your uni should spend £5000 developing a new system, interfacing to the old (or new!) database to do the door swipes, when they have a perfectly good working one (provided the logs are cleared down every now and again)?
They didn't even want to invest in fixing the quirky old one!
The world just doesn't work the way you want it to dude. One day you'll learn that, then you'll be less stressed. Picture you're down to your last fiver. You have a new girlfriend coming round for dinner, no food in the house and a broken loo seat. What do you spend your fiver on? Now translate that to a company with, like, responsibilities towards paying their employees and stuff...
Admin
Can nobody here think?
It's not hard to believe, given the obvious quality of this system, that the following could happen:
Someone swipes their card several times, because they're impatient. All are queued; each time, the log file is opened, a seek is done to EOF, the new scan is added, and the log is closed.
Since the software is so crappy, it takes 10 or 15 seconds to get to the next item in the queue (the first original swipe). The log is opened, the first line is read, and the entire file from the second line to the end is rewritten. The log is closed.
As soon as it closes the log, someone else swipes their card. The system opens the log, seeks EOF, and appends the new swipe. It then closes the log.
Now it hits the loop to open the door. It opens the log, reads the first item (the second of the original swipes), writes the entire log from item 2 to EOF, and closes the log. Etc, etc.
On a slow older machine, with a slow OS, processor, and hard disk, this sequence could easily start to back up. Intensify that by crappy software that doesn't reject duplicate key numbers in rapid sequence, and I could easily see this happening.
And, from the number of people here who can't seem to figure this out, I'd bet that software's author is here somewhere. Maybe the whole team.
Admin
Really nice story, very entertaining;), thank you for this one.
Martin
Admin
I have an idea for the both of you.
Start your own Irish girl site. You could link to photos and everything, and make your juvenile, obviously virgin nerd comments there instead of in every single post here. You could attract more virgin nerds, and all talk to each other online. Wouldn't that be more fun?
Admin
LMAO! Get 'em KenW, you're on a roll!
I think we both need a vacation, Ken.
/sigh
Admin
What - articles on this site?
Admin
But in that context it wouldn't be queued, would it? Just logged; no need for adding to the queue.
Admin
Sometimes there's an argument for that, yes. Othertimes it's obviously wrong and you need a good argument for leaving things the way they are, given that they're so obviously broken.
Admin
Notepad works fine with a 300MB file on my machine, running XP SP2 with 2GB RAM.
Theoretically (I haven't tried it), Notepad should open a file up to 2GM in size (albeit slowly).
Admin
See als http://www.wtop.com/index.php?nid=108&sid=1363664
Admin
Right. I work in a fairly large office with 50 other people. There are people going in and out the security doors all day (the bathrooms are outside the secured area so guests can get to them), phones are ringing, people are talking, printers are grinding out pages, copiers are scanning documents and producing copies, keyboards are clattering, file cabinets are being opened and closed, the microwave is beeping, sodas and snacks are dropping from the vending machines, water is running in the sink in the kitchen area, desk drawers are opening and closing... Yeah, I notice every time the security locks click when someone enters their numeric code. Right.
Do you even bother to think before posting nonsense? Somehow I doubt it.
Admin
Let's not trouble ourselves over the real WTF here, which is a security system that is accessible to a random employee.
Admin
I hope neither of those guys are writing any programs for consumer use. In fact, I hope they're not writing programs, and use their computers for browsing the web exclusively.
Admin
2 GigaMegs? That's a pretty big file...
Admin
Wouldn't the problem still exist?
'The problem was that cards had been swiped faster than the system could handle, so new swipes were being queued'
Jeremy shouldn't get too big a head.
Knowing that the system isn't adequate and security is at stake should be reason enough to get a new one.
The hero worship can begin when Jeremy talks management into getting a new card reader.
Admin
Jeremy: Mr OzPeter, Mr OzPeter! The building is on fire! Quick, we've got to evacuate! Call the fire department! Where's the fire extinguisher?!
OzPeter: Now now, those actions would just address a symptom of the problem, not the root cause. We have to determine what caused the fire, and then prepare a full report, taking into account all relevant company policies, before we take any action. You begin work on the report and I'll schedule a meeting for next Thursday to discuss the appropriate response. In the meantime, I don't want to hear any more of this "fire extinguisher" nonsense. I expect you and all the other employees to remain at your desks working as usual until management can formulate suitable policies to deal with the situation.
Seems to me the only part OzPeter left out of his original post was the need to consult with the company lawyers to make sure that Jeremy's actions could not be construed as sexism or creating a hostile work environment for the handicapped.
Admin
After several years (?), the log file would probably get quite large.
Admin
This is actually the most correct analysis, IMHO.
Admin
Jeez, it was slow because the log was long. That constant delay was probably O(log file size). Small log = small delay.
Admin
Many card swipe systems are used to track people, not just unlock doors. The system should have had two processes: one for appending the swipe in the access log, and another to send an open command to the door (real time, no queue). The access log should be rotated.
I half-expected the dust on the relic machine to somehow be responsible.
Admin
Ha-ha! I just love the solution of unix hackers to write log files to infinity with absolutely no concerns about where it can lead in a long run. If they would plan so far ahead, this incredible story would never had happened. Must give them credit for that. :)
Admin
I propose The Curious Incident of the Door in the Night as a better title.
Admin
One of my first thoughts was that there was no security at all. Since they knew their system didn't work they just unlock doors randomly or for example every two minutes, so noone has to wait for too long. :-)
Admin
I agree with DOA. The only way the system would be usable would be if the logging and the unlocking subroutines were separate. The delays could be explained by the significant CPU load created by the logging subroutine trying to manage a 300MB file. However, this theory doesn't hold water either because the doors were unlocking long after the people had used them. Certainly such a scenerio would cause some rarely used rooms to be completely inaccessible and a service call would have certainly been made long before a work-a-holic found the issue.
Admin
No. The WTF is that the computer that controls the doors was unlocked and outside of the secure area. If he was able to modify the log file, he could have done anything to that machine. And, by hacking the door machine someone could gain access to any part of the facility.
Admin
I think everybody is working themselves up here, maybe the "processing requests from yesterday 8 a.m is a bit of an embellishment", perhaps the system dropped a request if it noticed a previous one for the same door, or the problem wasn't with the log file itself but more the contention for the piece of code writing to the file... maybe some sort of timeout, or it cleared all requests for a particular card once an entry for it was processed. maybe it felt random because in the morning it was instant and during the course of the day it got progressively slower because the log was flushed on a set time or a maximum size.
What I object to though is everybody saying it felt random because the system responded to a previous request sent a day or two ago, that's complete rubbish.
Admin
ken, maybe u should let ur brain catch up with ur mouth.
Admin
Best WTF I've read in a while, though the stargate one comes in a close second.
Admin
Why would he have access to the log?...
Admin
I heard some of the brand new OSs have a really cool feature where you can open a file, and then write only the new stuff to it, and it will keep all the old stuff there AND not make you take forever and a day to write the old stuff back out.
I think it's called "append mode". Definitely a WTF.
Admin
The general consensus seems to be that this doomed program opens, searches, appends (and preferably closes) the txt file each time a card is swiped. Why? Well, search me. Appalling design would seem to be the culprit. I'd assume that the thing reads in the entire file in one go (as per Perl <>, Notepad, or even Emacs for that matter) and then goes back one line (or more than one, if security is important). Even opening a file and going to the end using, eg, fseek, may be an expensive effort. Going backwards from there would require the programmer to understand that a txt file can be treated as a non-structured byte sequence, and I doubt that this was the case.
Brand new OSs (ie anything since 1970) are not the issue. Designer and programmer stupidity are the issue.
Admin
Well, actually, why would that make the time required to open the door random? As far as I could tell, it hadn't time shifted, it was just very slow. One could think that it would always take about the same time to process one swipe - causing the door to open with a fixed interval, not random interval (if it had queued swipes).
Ah, perhaps the "random" part came from the fact that if the door opened once a minute and they came there just before that it'd open fast and if they swiped right after the door had previously opened the door if would seem slow...
Admin
Admin
who gives a crap...can't believe I wasted time reading this drivel, and even worse writing a comment....
Admin
The ad below the article was for a biometric door unlocker.