ION - Waterloo Region's Light Rail Transit

[ZEBuilder]

The region will have workers checking every ION fare machine to make sure it's working properly after many reports from riders of problems with the system.

[...]

If the fare machines aren't working, Zinck suggested riders could have also have an alternate method of payment, such as cash if the debit or credit card machine doesn't work. He also noted people can load fare cards online, although there is a bit of lag time between doing that and the money showing up on the card.

Would it have been that hard to have the fare inspectors - as they sit at the station waiting for the next train - to get into the habit of taping some sort of testing card to determine whether a station was having issues?

the other day somebody was trying to pay for a ticket with there credit card and the machine refused to accept it and they then went onto rant to customer service about it using some vulgar language from what he said he was telling them he didn't have cash or coins because technology is so much better. in my opinion yes it is better in many ways but how do people not carry 10 or 20 bucks on them just in case of a emergency. what would happen if a big credit card company like visa or master cards computer system were to crash how would you do anything.

the fare inspectors sit at the same station for at least two trains after they get off the train being rude and obnoxious to people. it would make sense for the region to add something like this to the fare inspectors job but i would think they would have to write something like this into there contract because by my experiences with them they don't seem to be the nicest of people or the kind of people who would take initiative. the region at least could have a person test each one everyday during the first and last trains just to check stuff like this( maintenance staff).

[danbrotherston]

I had noticed an error code and it did look like they're running some sort of Windows OS. I could be wrong. But one should never, ever run Windows in anything critical, it's too unreliable. Normally you'd use Unix or, Linux (Unix like) system. These systems are less prone to errors and tend to be more hardy.

It's actually Windows IoT (Formerly Windows Embedded) which is different beast than Windows 10. It is designed for lightweight applications such as POS terminals, ATMs, and Card Readers where the full version of Windows is not needed. It does not have a lot of stuff that home or enterprise Windows versions have because they are not needed or useful for these types of applications. There are lots of machines out there running it that you may not even realize are running it.

As for that message that pops up on the pedestals, even though it is showing, you can still tap your card and it still works (I've done it many times). For the misread ones, usually I just tap it a second time and it works. (I have the same problem sometimes on the tap to pay interac machines in stores).

Yes, many if not most embedded systems run windows, ATMs are the funny ones, many of which were running a variant of XP up until a few years ago--it's one of the main reason support for XP was extended the last few times.  Shocking I know.

[jeffster]

It's actually Windows IoT (Formerly Windows Embedded) which is different beast than Windows 10. It is designed for lightweight applications such as POS terminals, ATMs, and Card Readers where the full version of Windows is not needed. It does not have a lot of stuff that home or enterprise Windows versions have because they are not needed or useful for these types of applications. There are lots of machines out there running it that you may not even realize are running it.

As for that message that pops up on the pedestals, even though it is showing, you can still tap your card and it still works (I've done it many times). For the misread ones, usually I just tap it a second time and it works. (I have the same problem sometimes on the tap to pay interac machines in stores).

Yes, many if not most embedded systems run windows, ATMs are the funny ones, many of which were running a variant of XP up until a few years ago--it's one of the main reason support for XP was extended the last few times.  Shocking I know.

MEH! I say, MEH! I figured it was a variant of Windows. I am just surprised that this system is used at all. Not reliable. Too easily hacked. One of the issues with Windows is that drivers use DLL (dynamic linked libraries) whereas Unix uses binaries. DLL can become corrupted, and updates sometimes break them. Binaries don't suffer from the same issue, and Unix doesn't used shared files the same way as Windows. I also believe Unix binaries the drivers before user screen, while Windows is still doing it's loading of drivers even when user screen appears.

Either way, poor choice using Windows. We had this issue at a bank I worked at, and it was an old version of Windows, and Revenue Canada suffered from the same problems (Windows).

Almost all doctors and dentists revert to Apple for most applications. Just more reliable and not as hackable.

[taylortbb]

Yes, many if not most embedded systems run windows, ATMs are the funny ones, many of which were running a variant of XP up until a few years ago--it's one of the main reason support for XP was extended the last few times.  Shocking I know.

MEH! I say, MEH! I figured it was a variant of Windows. I am just surprised that this system is used at all. Not reliable. Too easily hacked. One of the issues with Windows is that drivers use DLL (dynamic linked libraries) whereas Unix uses binaries. DLL can become corrupted, and updates sometimes break them. Binaries don't suffer from the same issue, and Unix doesn't used shared files the same way as Windows.  I also believe Unix binaries the drivers before user screen, while Windows is still doing it's loading of drivers even when user screen appears.

Either way, poor choice using Windows.  We had this issue at a bank I worked at, and it was an old version of Windows, and Revenue Canada suffered from the same problems (Windows).

Almost all doctors and dentists revert to Apple for most applications. Just more reliable and not as hackable.

DLLs are a form of binaries. The Linux equivalent is shared object files, same tech different name, also widely used and subject to all the same issues as DLLs. Windows also isn't fundamentally easier to hack in am embedded context. Questions of loading screens are all fully customizable in an embedded system.

I don't want to be an ass here, but to be blunt that post was a mix of misused technical terms and incorrect understandings, and not at all correct. 

My job is Linux embedded systems development. There's plenty of reasons I prefer to work with Linux over Windows for systems not dissimilar from the fare payment terminals. But my personal preferences aside, both Linux and Windows embedded are totally capable platforms for applications such as our fare system. Windows is not the reason it has problems.

[ijmorlan]

the fare inspectors sit at the same station for at least two trains after they get off the train being rude and obnoxious to people.

What do they do? The ones I encountered were helpful and polite, but that doesn’t mean they all are. What are your observations and experiences?

[ZEBuilder]

the fare inspectors sit at the same station for at least two trains after they get off the train being rude and obnoxious to people.

What do they do? The ones I encountered were helpful and polite, but that doesn’t mean they all are. What are your observations and experiences?

the ones i've observed are rude and obnoxious to people of different ethnicity or are younger than them. one i observed yesterday a father asked if his young kid could ride free and also how to use the machine. the fare inspector just said i have to get on this next train, then he didn't and they father asked again and the same thing happened. meanwhile the fare inspectors were just standing together talking. what i said wasn't pointed at all the fare inspectors most of them are nice but my recent encounters with some of them haven't.

[ac3r]

It's actually Windows IoT (Formerly Windows Embedded) which is different beast than Windows 10. It is designed for lightweight applications such as POS terminals, ATMs, and Card Readers where the full version of Windows is not needed. It does not have a lot of stuff that home or enterprise Windows versions have because they are not needed or useful for these types of applications. There are lots of machines out there running it that you may not even realize are running it.

As for that message that pops up on the pedestals, even though it is showing, you can still tap your card and it still works (I've done it many times). For the misread ones, usually I just tap it a second time and it works. (I have the same problem sometimes on the tap to pay interac machines in stores).

Yes, many if not most embedded systems run windows, ATMs are the funny ones, many of which were running a variant of XP up until a few years ago--it's one of the main reason support for XP was extended the last few times.  Shocking I know.

Amazingly, there are still a lot of ATM machines out there running IBM's OS/2, which originally launched 32 years ago.

[tomh009]

Yes, many if not most embedded systems run windows, ATMs are the funny ones, many of which were running a variant of XP up until a few years ago--it's one of the main reason support for XP was extended the last few times.  Shocking I know.

Amazingly, there are still a lot of ATM machines out there running IBM's OS/2, which originally launched 32 years ago.

Embedded systems don't change OS on a whim, they will tend to stay on an old but stable version, so lots of old ones out there. Our company is still shipping (hundreds of thousands of) devices that are based on NetBSD 1.0 (vintage 1994 or so).

[danbrotherston]

Amazingly, there are still a lot of ATM machines out there running IBM's OS/2, which originally launched 32 years ago.

Embedded systems don't change OS on a whim, they will tend to stay on an old but stable version, so lots of old ones out there. Our company is still shipping (hundreds of thousands of) devices that are based on NetBSD 1.0 (vintage 1994 or so).

"Old but stable" = unpatched security flaws.

Yes, it depends on what you mean by "version"...presumably (hopefully) security patches are being done.

The point is clear however, the core OS doesn't matter nearly as much as the utter incompetence of the application developers in the case of our payment system.

But forget that, I'd be happy if there was evidence that anyone involved with this project (from trains, to stations, to payment systems, to fare inspection) had ever even been in the same room as a UX designer in their life....

[jeffster]

Interesting article in The Record. Paywall obviously, but you're good if you haven't read too many articles.

https://www.therecord.com/opinion-story/...tm_content=

For those who are happy that we got the LRT, it's a good explanation why Hamilton doesn't and won't have one.

Be thankful that we're a forward thinking community. It is what makes this region so special.

[ijmorlan]

Embedded systems don't change OS on a whim, they will tend to stay on an old but stable version, so lots of old ones out there. Our company is still shipping (hundreds of thousands of) devices that are based on NetBSD 1.0 (vintage 1994 or so).

"Old but stable" = unpatched security flaws.

Yes, it depends on what you mean by "version"...presumably (hopefully) security patches are being done.

Whether that matters depends on the system design. In a typical embedded system, most vectors for malware don’t exist. The network connection can be directly to a master controller; there can be no USB ports or accessible removable media storage devices; and so on.

Of course, if somebody designs the system on the assumption it will be on a completely private network and then just puts it on the Internet, all bets are off.

[danbrotherston]

"Old but stable" = unpatched security flaws.

Yes, it depends on what you mean by "version"...presumably (hopefully) security patches are being done.

Whether that matters depends on the system design. In a typical embedded system, most vectors for malware don’t exist. The network connection can be directly to a master controller; there can be no USB ports or accessible removable media storage devices; and so on.

Of course, if somebody designs the system on the assumption it will be on a completely private network and then just puts it on the Internet, all bets are off.

I bet you 50 bucks there is a usb port on our payment terminals, that is no more inaccessible than an easily picked lock away.

[ijmorlan]

Whether that matters depends on the system design. In a typical embedded system, most vectors for malware don’t exist. The network connection can be directly to a master controller; there can be no USB ports or accessible removable media storage devices; and so on.

Of course, if somebody designs the system on the assumption it will be on a completely private network and then just puts it on the Internet, all bets are off.

I bet you 50 bucks there is a usb port on our payment terminals, that is no more inaccessible than an easily picked lock away.

Touché. I’m implicitly assuming good physical security, which is probably a pretty bad assumption.

It depends a lot on the threat model. Desktop computer systems now really need to be secure against arbitrary JavaScript running in a website; servers (and some desktops) need to be secure against arbitrary network packets arriving on the network interface. Otherwise they will become part of a botnet. By contrast, putting malware on a ticket vending machine by picking a lock and plugging in a USB device is a lot of work. Unless of course it is part of a fraud scheme to subvert the payment system. But in that case maybe they can just get the person with the key to install the malware.

[tomh009]

"Old but stable" = unpatched security flaws.

Yes, it depends on what you mean by "version"...presumably (hopefully) security patches are being done.

Whether that matters depends on the system design. In a typical embedded system, most vectors for malware don’t exist. The network connection can be directly to a master controller; there can be no USB ports or accessible removable media storage devices; and so on.

A big factor is that things like USB drives, file sharing and web servers are not integral to the system. The access they get, and the versions of drivers and servers can be tightly managed. Plugging a USB drive into a USB port does not necessarily trigger any action, and certainly not run code that is present on the USB drive, for example.

[bgb_ca]

I just saw an unverified and unconfirmed rumour that there are two more vehicles coming February in the Waterloo rapid transit Facebook group. Anyone know anything about this?