Can Your ATM Play Beethoven? 657
bpiltz writes "A funk band in Harrisonburg, VA, called Midnight Spaghetti, has posted a story with photos about a newly installed Diebold Opteva 520 ATM at Carnegie Mellon University that crashed, then rebooted. The Windows XP operating system initialized without the actual ATM software. The result was a public desktop computer, with only a touch screen interface, left wide open for the amusement of the students at the most wired university in the U.S. Interestingly, Diebold is one of the leading manufacturers of e-voting machines."
Dupe.... (Score:4, Informative)
Here's the link. [slashdot.org]
It's good to look at comments, and submit stories. It gets you karma. Also, it's good to look around that comment, and then post comments in this story. That would gain karma too
Posting a comment about the comment on which the current
Video of the ATM in action (Score:4, Informative)
Video with audio of ATM in action
Re:ATM OS diversity (Score:5, Informative)
Funny side note though, on all our ATMs, the terminal driver (computer) has its own display on the backside of the unit along with a mouse and keyboard. Of course, we arent using the graphics capabilities because our terminal processor is hmm...slightly older than time.
So useful facts to be noted from experience:
1) Diebold techs do not know their rectums from a serial card. (Ive had to carefully hold their hands through IP setup and assigning the correct host:port combo to attach to the terminal processor)
2) Ive never seen an OS2 atm crash, nor have I ever seen it fail to boot the TCS (Terminal control software).
3) Windows driven ATMs have to the stupidist idea ive ever heard of, but cant really use linux...(see point one about said sub-sentient techs.)
4) I fear a world with diebold designed and serviced windows based voting devices. the havoc...the horror....
Re:Win XP ? (Score:4, Informative)
Their have however been attempts to introduce legislation pertaining to ATM safety in general, both on the federal [theorator.com] and on the state level (the only example that I'm personally familiar with being NY (see here [state.ny.us] and here [state.ny.us]) .
WRONG! (Score:3, Informative)
If you read the article you would find out that they managed to input text - but with charmap instead of a keyboard.. So having no keyboard is no insurance that noone will be able to input character data.
Imagine a Beo... (Score:5, Informative)
Imagine if that CDR drive was usable to load programs onto it. Furthermore, I'm really hoping these things don't have bluetooth in them.
520 Spec PDF [diebold.com]
-Steve
Can my Atm play Beethoven? (Score:3, Informative)
but I hear it can play metallica and pong.
Re:Buffer overflow code on swipe card .. (Score:5, Informative)
Re:"Progress"? (Score:5, Informative)
Indeed. In the 1980s, Clydesdale Bank (in Scotland) actually used to feature the speed of their cash dispensers (a.k.a. ATMs) in their advertising, claiming that you could get money out of theirs faster than their competitors' machines. I don't recall any bank making claims like that for a long time.
Also, it's not just cash dispensers that are slow: railway ticket machines and car park payment machines are just two of the types of kit that I bemoan the speed of every time I use them. You can tell that they've been programmed in a very serial fashion, with no attempt to optimise the speed of the transaction for the user. Most machines could be programmed to pre-load blanks into printers, or pre-print static header information on receipts, or otherwise get started on time-consuming tasks, but they never seem to. You can practially follow the progress of the transaction through the machine's guts as it plods away at it.
And the receipt printers on point-of-sale equipment always seem to have the slowest possible mechanisms, making shop assistants who care feel that they have to apologise for keeping the customer waiting. (I bet if the banks could have used the old ZX80 scorched-black-on-silver-paper printer mechanism and saved a buck, they would have.)
Re:Buffer overflow code on swipe card .. (Score:2, Informative)
The biggest hurdle seems to be acquiring a magnetic card reader which can interface with a home PC and bit-nibble the data on a valid card and a magnetic card writer. I certainly wouldn't know where to get either of these.
One could sign up for business VISA/MC access and maybe engineer some kind of hack on the cc reader that will bit-nibble the data and send it to a PC but I imagine there are hardware encryption chips that would have to be identified and removed along with circuit board traces rewired.
It'd be an interesting project...
Re:"Progress"? (Score:3, Informative)
Even though your card most likely has instructions to return it to the issuer if found.
I state something to the extent of Ulster bank being poorly organized. The little turd on the other end of the line proceeds to tell me: "I'm sorry, but we took the network down for a few minutes. You must have inserted the card just at that moment."
In which case the machine is broken. Since what it should have done is to return the card and put up an out of service message.
Re:"Progress"? (Score:2, Informative)
My father used to work there. The "everything's OK" output was COCO, which I now think is some sort of hexidecimal.
Re:Not that unusual (Score:3, Informative)
The reason they lowered the limit was card theft.
RE: Mr. Naive (Score:5, Informative)
Uses telco circuits, not Internet. (Score:2, Informative)
Not really. You're not going to see ATMs directly connected to the public Internet. The typical connections are using frame relay or, very popular for ATMs, but now deprecated, SMDS (Switched Multimegabit Data Service) circuits from a telco LEC.
I've been told by a Vz test center old timer that the banks particularly like SMDS for the reason that it's trivial to switch the whole network over to an alternate head end/data center in an emergency or for maint. SMDS circuits have a cloud topology, similar to frame relay. Verizon was pushing SMDS for a few years as a less expensive alternative to PtP T1s (also was avail in other capacities from 56k up to 45mb). From what I understand, smds is no longer being provisioned due to the telco gear makers dropping it from their products; supposedly telcos now have to canibalize parts when something fails. The other downside of smds these days is in the event of a failure, you'll have to get lucky to find a Verizon tech who is familiar enough with it to get your trouble resolved anytime soon (tell 'em they need to reload the group addresses, that'll fix it usually, unless it's a catastrophic hardware failure at the CO).
Re:Slashdotted... Google Cache URL (Score:5, Informative)
Mignight Spaghetti [216.239.39.104]
Re:"Progress"? (Score:4, Informative)
Actually, you would be surprised to know you aren't that far off. I worked IT for a Credit Union a couple of years ago, and the new "wave" was to automatically compare your credit score with what you already had, etc, so we could target things. Basically, you could log onto the home banking, and be presented with a screen that says that you have already been approved for a 10k car loan, simply click to accept it.
Now with most people using Check Cards or Credit Cards from the same instituition it wouldn't shock me in the least to think about them aggregating and categorizing your expenses to target deals to you.
Re:Some thoughts (Score:4, Informative)
http://www.computerworld.com/securitytopics/sec
http://www.theregister.co.uk/content/55/34175.h
Wells Fargo ATMs (Score:2, Informative)
Re:"Progress"? (Score:5, Informative)
being swallowed isn't nearly as bad as the money just not coming out!
i was using a ATM at the FORUM mall in Helsinki, Finland. I told it i wanted 60 euros. upon entering my request, the screen displayed the error, "UNABLE TO COMPLETE TRANSACTION" and gave me my card back and a receipt with the same error message.
no big deal, right? a few days later, i see that 60 euros was removed from my account from that exact cash machine on the exact date i was there! i contact my bank in California and they tell me that i need to contact the bank that owns the machine.
i then walk into the responsible bank in Helsinki, and they swear up and down they never removed the 60 euros, regardless of showing them the receipt and everything. further, they then tell me that MY bank was in error and that i should speak with them.
after several hours of going bank and forth, i finally say to hell with it, it's not worth the time and frustration.
this is the only time it has ever happened to me, but i am interested in hearing other similar stories from folks around the world.
what countries have you had problems in?
Re:Windows XP Embedded (Score:3, Informative)
No, that's the wrong answer. In a well-designed ATM, there should not be any message boxes that users shouldn't see. If any unexpected error happens, the ATM code should immediately say "Sorry, I could not complete your transaction, please try later" and return the card. Having an error orccur and be hidden from the user is very much the wrong answer.
Re:ACTUALLY THIS HAPPENED!!!! HERE IS LINK (Score:2, Informative)
Re:"Progress"? (Score:4, Informative)
I find that the best thing to do is only go to your bank's ATM -- and not the mini portable ATMs, but the ones embedded in the wall of the bank where you have to insert your card (not swipe, which could be intercepted by an intermediary swiper). Then when you get your cash, be sure to count it in front of the camera. I've had less money come out once but because I counted it in front of the camera, it was all right and I got my money.
Re:Election Day... (Score:3, Informative)
I'm ok with electronic voting IF and only if it's done right, which it isn't being done now. I'm not really even opposed to closed-source voting software if it's good and doesn't screw up. What I want however is a means to audit the results with a simple paper trail. When you vote electronically you should be given a simple carbon paper receipt. The yellow copy is your's. The white copy gets handed to the attendant when you leave the both or better yet it gets placed in a ballot box in front of the attendant as you exit the both. That way you can be sure he didn't pocket it. The receipt should clearly spell out the person's name, your voter number (vote since the opening of the polls at that polling station), time and date, and anything else that's useful. Some sort of hash that identifies your vote should also be on there to prevent forgeries. That right there is your proof that you voted. That paper copy in the box is the only valid paper method of auditing the system. This is such a simple feature I have to ask why the hell isn't Diebold not implementing it. You can not tell me that this cheesey little feature will add thousands to the overall per unit cost. That's bullshit. What was that we read a few weeks ago of another case of more votes being recorded that the number of voters in that district? We need an auditing implementation and we need it now.
Re:"Progress"? (Score:1, Informative)
If it has been withdrawn you go to your own bank to start a procedure to get your money back. You have to have the Date, time, location, amount and the machines also have an internal receipt roll.
Ofcourse the owner of the machine should be able to check the money inside the machine and the records to see if there is too much money left.
Re:"Progress"? (Score:3, Informative)
Re:"Progress"? (Score:3, Informative)
Long story short, I ended up swallowing $300 in fees to that bank.
There are some that can! (Score:5, Informative)
It didn't ever seem to be filled up, but at least one ATM has been designed that could dispense change! I used to withdraw $19, just because I could put the 4 $1 and the $5 into the change machine for the washer and dryers.
The machine also could accept deposited checks WITHOUT AN ENVELOPE. It would scan the front of the check, show you an image and ask you if the scan was valid. If you deposited a check this way, it got into your account a full day faster than if it was in an envelope. I think it must have OCRed the text, as well as read the magnetic information from the bottom. Plus I imagine the workflow for the ATM operator was speedier. Of course, this all ran under OS/2 1.3, as I confirmed later.
Ahh, Pittsburgh, land of the oddball ATMs.
Re:"Progress"? (Score:1, Informative)
. you go to the next ATM and your new balance is zero.
Re:Criminal Negligence (Score:1, Informative)
One more, still running Windows NT (Score:3, Informative)
Re:Stupid Student's or maybe.. (Score:5, Informative)
The reason why I'm sure we didn't empty the machine of all its cash (asside from that whole breaking the law thing), is that there was no way to access the money-dispensing mechanism from the controls we had access to (read: only from the touchscreen)
The numberpad was totally useless, as windows didn't recognize it, and the character map is pretty slow for trying to actually do anything useful..
But we had a ton of fun with it anyway.
Re:"Progress"? (Score:4, Informative)
I'll agree the modern ATM will have all these things... but just because you have devices doesn't mean you need drivers in a the modular sense. There was a time when we hardcoded applications to specific devices, like printers and scanners for example.
1. finger scanners
This is true, but it's not like the ATM it self actually stores the database of account numbers vs fingerscanner... I would imagine that this is stored in your bank records. Get scan, send data to bank... if scan = record permit transation
2. printer thingy that gives your receipt
I believe that your typical cash machine printer only prints in one font, on terminal paper. There are others who use impact, but this isn't a complex operation
3. there's the monitor
I'm rather old school in my attitde tward display, I still think a bank terminal display being a glorified typewriter
4. check scanner for inputting money
I believe you are talking about OCR... Magnetic ink bank account numbers are easy enough to read.. human print is slightly harder. I'll have to do some research and see what sorta system the post office does to peform OCR on hand printed postal codes. But again... this logic doesn't even have to happen at the cach machine. Scanner that gets triggered and send a bitmap to the bank in question, relays back to the bank the amount it read.
5. dispenser for giving cash
Again, not a complex operation. communicate to the dispencer which bill to spit out of the machine
---
All but biometrics and check scanners were operations the vintage cash machine peformed, without a standardized platform. Keep in mind that the actual verification process will still be peformed by the bank it self. I will continue to think of cash machines as glorified terminals. They gather data and communicate it to a remote location, remote location sends back information, and it displays, prints, and sometimes spews or accepts money.
Re:"Progress"? (Score:1, Informative)
You can topup up your mobile from an ATM in some countries, you need new software for that.
Re:"Progress"? (Score:2, Informative)
Nope. Touchpads, IIRC, work by detecting the changes in the electrical properties (resistance?) of the pad as it makes contact with your skin.
Fingerprint scanners OTOH utilise several different methods, at least one of which will most likely not work with a severed finger. This method picks up the temperature difference between the ridges of your fingerprint and the comparatively cooler air that's trapped between them (air is a pretty good heat insulator). It sounds crazy but it must be true! I've read it on the Internet ;-P