|
This whole thread was terribly boaring.
|
|
|
|
|
That's what we get for trying to ham it up.
/ravi
|
|
|
|
|
at their roots, yes.
«In art as in science there is no delight without the detail ... Let me repeat that unless these are thoroughly understood and remembered, all “general ideas” (so easily acquired, so profitably resold) must necessarily remain but worn passports allowing their bearers short cuts from one area of ignorance to another.» Vladimir Nabokov, commentary on translation of “Eugene Onegin.”
|
|
|
|
|
Dunno. I've heard it both ways. But then my sources are more brawn than brains. Anyway, must be off! I have to take a saddleback.
I am not a number. I am a ... no, wait!
|
|
|
|
|
That will make a few people squeal.
|
|
|
|
|
Another sloppy job. There's no way snout of the problem, swine-ing about it will not help.
I'm sow sorry for making such weak puns - don't squeal on me to the other CP'ians.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "As far as we know, our computer has never had an undetected error." - Weisert | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
|
...say, writing an ATM application (Automatic Teller Machine), client and back-end, one that dispenses cash, processes card #'s, interfacing to an encrypting pinpad, talks the payment processor for authorization, etc.
Of course, one could ask the same question with regards to commercial software, but let's go for the open source question. Where would you draw the line?
- The operating system (would you use Linux?)
- The back-end framework (would you use, say, Django?)
- Useful utilities (would you use, say, NewtonsoftJson?)
- Only very small code snippets (not really considered open source except that you found them on SO)
And, as bonus question, would you recommend to your manager that you have an independent review of the code to make sure some back-door didn't creep in that magically empties out all the cash???
Thoughts?
Marc
|
|
|
|
|
Marc Clifton wrote: would you recommend to your manager that you have an independent review of the code to make sure some back-door didn't creep in that magically empties out all the cash???
I'd hope that sort of thing would be required, whether or not you were using OSS.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
This depends on the support of the open source system, which it better that commercial software, with a bunch of crappy UI and library which I don't want to mentioned it here. If there is enough support and community well I would say I'll recommend it.
I never used the first two options(Exception Linux Kanotix with bootable CD). However I used(still using) NewtonsoftJson. No issue so far.
modified 26-Feb-16 9:16am.
|
|
|
|
|
Marc Clifton wrote: say, writing an ATM application (Automatic Teller Machine), client and back-end
Is that for for a school homework assignment ?
I'd rather be phishing!
|
|
|
|
|
No, this homework assignment:
Marc Clifton wrote: that magically empties out all the cash
|
|
|
|
|
Marc Clifton wrote: And, as bonus question, would you recommend to your manager that you have an independent review of the code to make sure some back-door didn't creep in that magically empties out all the cash???
That depends if you're absolutely sure you never want to use that door or not.
Some men are born mediocre, some men achieve mediocrity, and some men have mediocrity thrust upon them.
|
|
|
|
|
Quote: How far would you trust open source
I think you always have to keep in mind where the source came from (legitimate sources like RedHat or Canonical) but it's also really important for your developers to understand the code, not just copy it and call it a day. Probably the biggest mistake I've seen people make over the span of my career (as to security) is copy and paste without understanding what that code does.
Quote: The operating system (would you use Linux?)
Of course... Linux is already one of the most widely used operating systems for embedded systems. The government uses it quite extensively as well.
|
|
|
|
|
I NEVER use any open source unless I can review the code myself.
If it's not broken, fix it until it is
|
|
|
|
|
The line would be drawn at any non-validated code, and it would take quite some time to validate a small linux distro.
..but without it, one could hardly give any guarantees on what the software actually does.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
If you didn't write it yourself you would need to test the heck out of it to;
1) Make sure it does what's needed
2) Security, Security, Security...
3) Is it stable
And working up the list...yes I would definitely use Unix, Linux or a derivative!
New version: WinHeist Version 2.2.2 Beta tomorrow (noun): a mystical land where 99% of all human productivity, motivation and achievement is stored.
|
|
|
|
|
I would trust these standard software components, if there have a sound source and are professionally maintained. I would consider making some maintainance support with the originators.
An indepedent code review is absolut necessary for all code above these standard components.
I separate between the foundation software (OS, database, tools) and the specialized software (which runs the transactions and encryption). The software which has confidential data is at risk. Take care about the encryption ie the keys.
Press F1 for help or google it.
Greetings from Germany
|
|
|
|
|
Is this the machine or processing server? Most ATM's are/were running on Windows and only have point-to-point connection with the server and it is the server, that communicates with the other banks, that can be a possible vulnerability. From memory the PIG defines the parameters within which the ATM should be working. All nodes on the network have an encryption key and unless the server can recognise that device there is little room to fake your way in. I haven't worked on retail for a few years but if you've got any questions ping me and I'll do what I can to clarify.
veni bibi saltavi
|
|
|
|
|
One of my most traumatic memories was created when I walked up to an indoor ATM for my bank, and it was in a continuous reboot cycle. I recognized what was going on; the ATM software ran under OS/2. Whoever wrote the application filled OS/2's CONFIG.SYS file with entries for every possible device driver, most of which failed. One of the failures was causing a hardware reset, which triggered the continual reboot.
Awe-inspiring, to say the least.
Software Zen: delete this;
|
|
|
|
|
Stockport Council, apparently[^]!
I am not a number. I am a ... no, wait!
|
|
|
|
|
Terry Pratchett, apparently[^]!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
The correct spelling is Pterry, or Sir Terry Pratchett BM*
* Blackboard Monitor
veni bibi saltavi
|
|
|
|
|
What are you doing being able to type at this time on a Friday night?
Gordon's delivery tanker broke down?
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Mrs Wife is out and I'm working a wee bit late...
veni bibi saltavi
|
|
|
|