How would I cash out?

My view point is an American professional system administrator with 13 years experience. Since my ability to comment on how embedded systems (specifically ATMs) should work has come into question, I am going to go into my professional background on the subject. To I assure you, the reader, that I am very qualified to deliver my technical opinion I will give you some of my professional background. For the record I am ble, Beth Lynn Eicher.

Cash machines are embedded systems

Wikipedia defines an embedded system as “a computer system designed to perform one or a few dedicated functions [1][2], often with real-time computing constraints.”

Automatic Teller Machines (ATMs) are embedded systems. Smart-phones are embedded systems. Embedded systems are often ubiquitous and discrete in all sorts of places to the airplanes, robotics, voting machines, and all sorts of consumer electronic devices. Microsoft attempts to compete with Windows CE and Windows Mobile yet Microsoft did not even have embedded market share back in 2005. Within this space, Microsoft is running scared as Saul Hansell of the New York Times asks “Can Microsoft Make Windows for a Small World?”

First my career

I first got into embedded systems in 1998 when I worked for a small company who developed software for the Sharp Mobilon with Windows CE. These devices were the predecessors of the smart-phones that consumers use today. They also came with QWERTY keyboards so they were netbook predecessors too. With the 33.6 baud modem, the user to connect to the internet via their dial up internet service provider and use the included email client and a lightweight Internet Explorer. It also had a pc-card slot too so if you really wanted to, you could connect to an Ethernet LAN or a wireless 802.11b networking if you could find Windows CE drivers. Other bleeding edge applications existed such as a built-in microphone so it could do voice recordings. You could even get an integrated digital camera as an optional add-on. I do not have the figures since it was about 12 years ago, but I strongly suspect that Microsoft had majority market share in high-end personal-digital-devices such as the the Sharp Mobilon. Today, not so much.

The application that I supported in 1998 was a custom database for field sales representatives. It was my job to install the application, service the Mobilons, train the sales representatives how to use the Mobilons, configure the Mobilons for internet connectivity, and import database files into the master database. The users of the Mobilons were quite intimidated by the hardware. Why? For one thing, they were expensive. These units retailed for $500 which was a quarter of my monthly salary at the time before taxes. Secondly, many of these users were not familiar with the start-menu-Windows-95-style interface yet therefore they did not leave the custom database application willingly. Thirdly, the whole system depended on the battery levels remaining in good condition because all user-inputted data and non-OEM software was in volatile memory. It was extremely frustrating the the sale representative Mobilon users to put in their data each day to risk theft of the device, work with a device that had more applications than it actually needed, and worry about if the batteries were well charged. Even with all of this said, I enjoyed working with the Mobilons and Windows CE but after a few months I decided to go back to school.

After completing my education in 2000, I started working for Carnegie Mellon School of Computer Science, part of the Robotics Institute. There on a daily basis I would meet interesting people and robots big and small while making office calls. I noticed that, by and large, the operating system choice for a robot was Linux. Why? You can support a wider variety of small hardware that requires limited or no cooling with Linux. Also, you can craft a device very affordable without having to contact a company to license it. What you do with your hardware is your own business when you use the Linux kernel and free software.

During my career at Carnegie Mellon, I moonlighted at a start-up in 2005 working with embedded systems. Since I am still under an Non-Disclosure Agreement, I won’t tell you who they were or what their product does. What I will tell you though, their product used OpenBSD and not Microsoft in their product. The choice on OpenBSD gave them the security of the operating system level firewall (pf filter), a very small software footprint that did not require a bloated graphical user interface, and the freedom to use a good variety of hardware without having to buy development licenses from Microsoft. When a company is in start up mode, they do want to tell as little people as possible what they are doing, especially large companies like Microsoft.

Carnegie Mellon students are very clever and sometimes mischievous. There were a few occasions of crashed ATMs which default to the WindowsXP start menu on campus. I would walk right by those ATMs that were setup to play solitaire instead of dispensing cash. My money was with a bank and credit union who use a good old fashioned text-based-only ATMs to this day. One time one of the Diebold ATMs was turned into a Windows Media Player. There were a bunch of blog posts about this but here is the student paper report of the media player incident.

A blogger for Security Story put it best at the time…
“Sooner or later someone will mess with your machine. When that happens what do you want your product to do?

a. Fail gracefully
b. Blow up a la mission impossible
c. Let college students play music

Apparently it’s not bad enough that Diebold’s voting machines have been dragged through the press lately. Next stop Diebold ATM machines. Should a purpose build machine really be running an general purpose operating system??”

In further disclosure, after Carnegie Mellon I worked at TimeSys Corporation in 2006-2007, a Linux embedded support company. There, a developer who wants to use Linux on many a choice of different brands of embedded boards and microprocessors can buy the expertise on how to make a custom Linux system go. I no longer receive money from that company. Nor do I hold any stock. I do wish them well.

My day to day job has not involved embedded systems since June of 2007. Although, I have volunteered as a poll worker for 3 years in a county that selected iVotronic brand of voting machines which do not run Microsoft software.

Now my opinion

Companies such as Diebold who partner with Microsoft to produce embedded systems instead of using free software or rolling their own share the blame with Microsoft when things go wrong.

Diebold has products that have come into controversy ever since 2004 due to and in spite of their high their high dependence on Microsoft technologies. This is when the Diebold branded electronic voting machines make national headlines. With the stakes being so high with the 2000 Presidential process voting fiasco fresh on American voter’s memories, Diebold should have been known what I learned from experience in 1998, any operating system with volatile memory is risky business.In fact, Californians mistrusted Diebold voting machines and declined to use them in the 2004 Presidential Election. Before the reader thinks I am leaning left, here is a a FOX News “Fair and Balanced” report from 2004 about how easy Windows-based voting machines can be exploited in 2004. In 2005, somehow Californian voters decided to use the Diebold machines after-all. Controversial continued when Diebold Windows CE based voting machines failed: the voting machine software and the votes themselves got wiped out due to loss of electricity and battery strength. I was disappointed in Diebold. How could they not know what I knew from my experience six years previous: deploying mission critical systems on volatile memory is risky business.

Let me drive home some points….

Choosing to be limited by only the hardware and software that Microsoft offers is putting a heck of a lot of trust in Microsoft. This sort of trust leads to situations that entail believing that all of your security and stability issues are fully mitigated to Microsoft. Diebold continues to choose and trust Microsoft; together they¬† will continue to share the blame in the consumer’s eyes when something goes wrong.

If I was designing an embedded system such as an ATM, would much rather keep it simple with single purposed minimalistic embedded systems built with free software. Free operating systems leave nothing to hide from the developer who is responsible for engineering a high quality product. Free software allows a software engineer to intimately understand the code of the final product to avoid any extraneous, faulty, insecure, or harmful code remaining in the final product. With a properly engineered free software based product, patching and upgrading will be seldom required because only the software that is absolutely necessary to the application will be installed. The lifespan of the product will be fully determined by the ability of the party who bought the hardware to pay for free software support to the vendor of their choice.

I’ve picked on Diebold quite a bit but they are certainly not the only ATM manufacturer which uses Microsoft software. Here is a website with 18 Microsoft-based ATMs in a crashed state. The fact of the matter is that no Microsoft-based ATM is trustworthy even if it is operating properly. Unfortunately, Windows-based ATMs have been exploited in order to execute identity theft.

Consider this: Any bank who still uses a Microsoft-based ATM, needs to

  • subscribe to Microsoft patch Tuesday
  • upgrade/replace all of their systems when Microsoft decides that they are not going to support that operating system anymore
  • pay all licensing costs to keep the software legal
  • hope that their attempt to mitigate the software risks to Microsoft does not leave them in a financial fiasco

As for me, I will continue to avoid all graphical ATMs at the chance that they may be Microsoft-based. Human tellers continue to work just fine for my purposes.

Microsoft will lack majority market share: June 30, 2011.

Be the first to like.

This entry was posted in Linux, this blog, Windows. Bookmark the permalink.

2 Responses to How would I cash out?

  1. Pingback: Links 15/11/2009: CrunchPad Coming, Negroponte Speaks About OLPC | Boycott Novell

  2. Pingback: Roy Schestowitz (schestowitz) 's status on Monday, 16-Nov-09 01:26:19 UTC -

Leave a Reply

Your email address will not be published. Required fields are marked *