• (disco)

    ITAPPMONROBOT was funnier, but this was a great story nonetheless!

  • (disco)

    Next step: add OCR to read the tokens and send keystrokes to autocomplete the form...

  • (disco)

    Working solution for a non-trivial problem, how is that a WTF?

  • (disco)

    That last pun was truly upstanding!

  • (disco) in reply to VinDuv
    VinDuv:
    add OCR to read the tokens

    That's where I thought this was going.

    I just hope that doughnut box was standing on a wooden table

  • (disco) in reply to VinDuv
    VinDuv:
    OCR

    That's where I was expecting the story to be heading!

  • (disco) in reply to Jaloopa

    It was a shoebox, actually!

    <!-- Editor's Note: Okay, I admit, we made up the part about the donuts. As anyone can see from this picture, it was actually a shoebox. -->
    
  • (disco)

    One of our guys wanted to monitor energy use in the building. He did something similar - set up a webcam aimed at the power meter (one of those new "smart" ones with the LCD readout). Fed the images into OCR software and read the meter...

  • (disco)

    This was a real fun read. Although I also expected some OCR automation but then.

  • (disco)

    And every time he entered the room where the Robots sat working on their di-polar computers, Roland could hear the steady beat beat beat of some not-so-distant slo-trans engine.

  • (disco)

    That was a brilliant solution - insecure and prone to disaster, but then, the CEO had it coming. There are too many MoneyWorxs around.

  • (disco)

    9/10 -- not quite as secure as the ITAPPMONROBOT.

    TRWTF is MoneyJerks -- why would you require 2FA codes during the middle of a workflow?

  • (disco)

    I have the webcam software for my C920. It ain't a cheap webcam. But there is a cgi script to get a screen capture, so it should be relatively trivial to hook that upto OCR and automate it.

    If I had a spare webcam I'd even give it a try as I hate typing in those numbers.

  • (disco)

    Now this makes wonder why there's no web/mobile app for RSA tokens? Instead of a dongle you have to carry around, make it an app. Right? Am I missing some security concern here?

  • (disco) in reply to Eldelshell
    Eldelshell:
    Now this makes wonder why there's no web/mobile app for RSA tokens? Instead of a dongle you have to carry around, make it an app. Right? Am I missing some security concern here?
    We use such mobile app at our company, to connect to our VPN (remote workers and Linux freaks who have trouble connecting to our regular network).
  • (disco) in reply to Eldelshell

    Google Authenticator is a good example of just such an app.

  • (disco) in reply to ka1axy

    I did the same with a laser through the disc on an analog meter. There were two holes in it, by timing the pulses on a light sensor I could determine energy usage stupidly accurately.

    Edit: by stupidly accurately, I mean within 3.25W per half turn per minute, and the remainder would carry over. A single CFL shows up.

  • (disco) in reply to Eldelshell

    I was hoping for pulling the tokens apart, and running the LCD pins into an arduino, which was reprocessed and sent to a server.

  • (disco) in reply to Jahmaican

    The choice of a product that required using physical tokens rather than trusted host certificates is TRWTF.

  • (disco) in reply to Eldelshell

    The main security concern is smartphones are about 50000% more prone to having their data stolen than a small sealed circuit.

    They're connected to the internet practically 24/7. Find a vulnerability in one and you can remotely steal any codes. Can't do that? Steal one for a minute and you can extract the private keys, or even install spyware so you can keep access to it forever.

    Edit: of course if you're going to put the tokens in front of a public webcam, you're probably not too bothered about security...

  • (disco) in reply to anonymous234
    anonymous234:
    The main security concern is smartphones are about 50000% more prone to having their data stolen than a small sealed circuit.

    underestimation much? i'd put the percentage at Number.MAX_SAFE_INTEGER%

  • (disco)

    The finest story for months. I had to explain to people why I was guffawing.

  • (disco)

    TRWTF is not using a genuine wooden table but instead duct taping the box to the server rack.

  • (disco) in reply to redwizard
    redwizard:
    TRWTF is not using a genuine wooden table but instead duct taping the box to the server rack.

    TDWTF needs to send mass flyers out to all companies informing them on the proper procedures for being TRWTF.

  • (disco) in reply to redwizard
    redwizard:
    TRWTF is not using a genuine wooden table but instead duct taping the box to the server rack.

    But if they used a wooden table, they'd need to re-engineer their entire framework for horizontal-compatibility. What are they, made of money?

  • (disco)

    Could have gone a step further and used CV to automatically input the codes.

  • (disco) in reply to hungrier

    Nonsense, you can stand a table on its end.

  • (disco)

    Glad that this wasn't truly one of the over-dramatized stories where co-workers are "mysterious" and "rarely seen", but instead, they were just trolling.

    Another WTF is that this guy gets rewarded for a successful project with more work. I'd go Office Space on that. "I'd do that project, but after completing your last one, I wasn't rewarded. Now where's the incentive in that?"

  • (disco) in reply to CarrieVS
    CarrieVS:
    Nonsense, you can stand a table on its end.

    This is an unsupported hack and results are not guaranteed to be vertical.

  • (disco) in reply to anonymous234

    You might want to say that to HSBC, who distribute software for installing on Android and iPhone which calculates 2F codes for logging into it's internet banking service...

  • (disco) in reply to hungrier

    It is if you use a spirit level. And if you wedge a chair in behind it it'll be supported.

  • (disco) in reply to anonymous234
    anonymous234:
    The main security concern is smartphones are about 50000% more prone to having their data stolen than a small sealed circuit.

    They're connected to the internet practically 24/7. Find a vulnerability in one and you can remotely steal any codes. Can't do that? Steal one for a minute and you can extract the private keys, or even install spyware so you can keep access to it forever.

    I am sorry you do not use a Windows Phone. Sandbox has yet to be broken.

  • (disco) in reply to The_Bytemaster
  • (disco) in reply to aliceif

    So? Artistic license...the story goes much better if it was a doughnut box: Offering and solution, all in one. It's like...religion or something.

  • (disco) in reply to operagost

    MWrx replies: "But, but, but...what about the fact that trusted certificates can be copied? They'd steal our product. I'm sure the inconvenience is minimal, in view of the value of being our partner."

  • (disco) in reply to accalia

    ...or market share. Once they have enough, they'll draw attention.

  • (disco) in reply to chubertdev
    chubertdev:
    Another WTF is that this guy gets rewarded for a successful project with more work. I'd go Office Space on that. "I'd do that project, but after completing your last one, I wasn't rewarded. Now where's the incentive in that?"

    Wait? What? So...you finish a project...and just...stay on the payroll for forever doing...nothing?

  • (disco) in reply to Polygeekery
    Intercourse:
    Wait? What? So...you finish a project...and just...stay on the payroll for forever doing...nothing?

    Do an ok job => same salary => new project Do a great job (what seems to have happened here) => higher salary and/or bonus => new project Do a great job => no financial incentives => fire up Word

  • (disco) in reply to accalia

    2015 New Year's Resolution: use a different "Keep Calm" image for each month of the year.

  • (disco) in reply to Eldelshell
    Eldelshell:
    Now this makes wonder why there's no web/mobile app for RSA tokens? Instead of a dongle you have to carry around, make it an app. Right? Am I missing some security concern here?

    Even Blizzard has one of those for WoW.

  • (disco) in reply to antiquarian

    And then in 2016 you can release them as a Keep Calm Calendar

  • (disco) in reply to accalia
    accalia:
    underestimation much? i'd put the percentage at `Number.MAX_SAFE_INTEGER`%

    Well if it's a safe number, then what's the problem? I'm safe!

  • (disco) in reply to chubertdev
    chubertdev:
    Do an ok job => same salary => new project Do a great job (what seems to have happened here) => higher salary and/or bonus => new project Do a great job => no financial incentives => fire up Word

    Man, if I was given a small raise or bonus every time I hit one out of the park, I'd be a multimillionaire right now. The reason they don't is that they already pay me to keep taking on tough projects day after day and keep hitting them out of the park. So I get an attaboy and a small raise or bonus now and then, and a consistently fat check every two weeks.

  • (disco) in reply to antiquarian
    antiquarian:
    2015 New Year's Resolution: use a different "Keep Calm" image for each month of the year.

    "New Year's Resolution" always reminds me of my favorite Mark Twain quote:

    New Year's Day--Now is the accepted time to make your regular annual good resolutions. Next week you can begin paving hell with them as usual. Yesterday, everybody smoked his last cigar, took his last drink, and swore his last oath. Today, we are a pious and exemplary community. Thirty days from now, we shall have cast our reformation to the winds and gone to cutting our ancient shortcomings considerably shorter than ever. We shall also reflect pleasantly upon how we did the same old thing last year about this time. However, go in, community. New Year's is a harmless annual institution, of no particular use to anybody save as a scapegoat for promiscuous drunks, and friendly calls, and humbug resolutions, and we wish you to enjoy it with a looseness suited to the greatness of the occasion.

    Or, if you just want the short version:

    Now is the accepted time to make your regular annual good resolutions. Next week you can begin paving hell with them as usual.

  • (disco) in reply to foxyshadis
    foxyshadis:
    Man, if I was given a small raise or bonus every time I hit one out of the park, I'd be a multimillionaire right now. The reason they don't is that they already pay me to keep taking on tough projects day after day and keep hitting them out of the park. So I get an attaboy and a small raise or bonus now and then, and a consistently fat check every two weeks.

    That was one I was going to just let go, but that is how I look at it also. I hire rock stars and pay them well. If they don't swing for the fences every time I put a hard task in front of them, they can go work somewhere else.

    But I also set up compensation so that if they perform, they get paid well for it.

  • (disco)

    This will all work wonderfully until someone pans the camera around 180 degrees, and then looks at the pin-up on the wall. Then things become interesting.

  • (disco)

    Software RSA SecurID tokens do exist. They're just a pain to use. And, heck, SecurID is a bit of a bear to integrate with an application.

    Source: we went down that road a ways. We are now using OATH (same thing that Google Authenticator uses).

  • (disco) in reply to iansltx

    OATH? "Yes Google, I promise I won't misuse this data - honest!"

  • (disco)

    How about those RSA keys that require you to press a button on them. The the Robot Guys could have lived up to their name - with a few actuators to press the buttons on the keys!

  • (disco)

    Best article read in a while! Just enough ridiculousness to remain credible yet funny.

Leave a comment on “The Robot Guys”

Log In or post as a guest

Replying to comment #:

« Return to Article