Use Windows and POS in the same sentence... Yes, that's right: Point of Sale. What were you thinking? The column that will not die returns with a bork guaranteed to send shivers down even the most hardened IT pro's spine – not only a sad-looking Windows, but a dread sticky note stuck to the screen. Spotted by a Register reader in the halls of a well-known US department store (near the sunglasses section if you're in the market …
which is why we liberally applied the magic of Microsoft Paint.
Liberally applied only says something about the user's intent and nothing about the achieved success. So, considering that they have been using a Microsoft product, one is never sure how much actually was applied, regardless of the amount of liberal quantity. Therefore, the sticky note could very well have been blank, indicating the secure password was either <blank> or maybe the phrase "stickynote".
We'll never know for sure without an operating (system) update.
Can't remember them all? Do what a team I worked with did. Get the secretary to type up all the passwords on to sheet, in a large easy to read font. Then laminate it it and sellotape to a convenient printer in the middle of the team.
When I pointed out that this included several passwords to trading systems and data systems, and that it was easily readable from the lift lobby, which was public access, there was a collective gulp.
Their solution? No, your wrong. Taking it down would be to easy. They had a new blank bit of card put over the list of passwords, hinged at the top, so they could lift it up and read the password out (normally, shouted across the desk in a large open plan office.
Any suggestion of a shared password manager was treated with derision.
I once consulted with a business that provided customer use computers on its trade floor. The sales reps also used them to take payments by firing up a POS application. OK, so only registered customers and sales reps could log in, but card payments were regularly taken on computers that customers used for arbitrary web browsing.
Only yesterday I was standing waiting while the queue built up behind me and my local Post Office's POS system rebooted Windows, apparently for the umpteenth time over the last week or so. I commented wryly to the exasperated postmistress that Redmond's finest was probably the worst choice of OS in the world for a POS. She looked a little askance at this opinionated geek but did not disagree. No wonder Royal Mail and Parcel Force are so [expletive deleted] expensive these days.
Hermes self service parcel drop off points use Android on the customer facing terminals and on the hand held scanners which the staff use, which is equally a bad choice of OS. I have been tempted to try and get into the setting to see what version they are running and what you are able to do with them. But as I send several Hermes parcels a week using them I don't want to run the risk of it borking. The owner of the newsagent where it is located told me they have had the machines replaced 3 times already because they failed.
I cover my own back by paying for my parcels up front at home on my PC and just drop the parcels off in the shop as I don't trust inputting my payment details on their machines.
"The last POS OS that wasn't a POS was OS/2."
You mean is OS/2 ... OS/2 is alive and well and still doing good and useful work, world-wide. You can purchase a brand new, shiny license to run OS/2, complete with support for (some) modern hardware. And telephone support. I've used two different versions in various places over the last couple years ... Serenity Systems has sold eComStation since 2001, and Arca Noae LLC has sold ArcaOS since 2017. Both with IBM's blessings. Wiki for more (and links). Recommended.
Apart from the fact it was not the prettiest due to a custom Java GUI designed by people who clearly had questionable design taste, and the fact it would go slow when the store got hot due to the system units being in poorly ventilated cupboards under the desks (as mangement's solution to the problem of "the entire store has bad air conditioning" was apparently "fix the air conditioning in the managers offices, do nothing for air conditioning on the floor"), we never had any problems with it.
They're still using it now ten years after I've left (and started using a few years before I started, so at least 15 years), albeit with newer Toshiba hardware and what looks like some oh so slight tweaks to the GUI.
Back in the day I worked in a branch of a now defunct chain of off licenses. The actual till was made by someone like Nixdorf. The best bit was when i did my first stock order. The central system would "suggest" a load of stuff and you would modify it to what you actually wanted. What I didn't realise was that to be useful you would have to zero out everything and go back to order what you actually wanted.
The delivery was vast and included a case of Nuits St Georges at £31 a bottle (early nineties for reference).
I wish we had an old cash register. I dread to think what it is like nowadays.
The nearest I've come to this is this:
I work in a large University. We are part of the Eduroam network, so, when our users log in, they need to use individual passwords. One day, while just walking around the building, I found some Wifi Access details on a sheet pinned to a notice board, including an account id and password that I didn't recognise (we have a defined format for user IDs, this id did not follow that format). My concern was the ID had no domain listed. Eduroam IDs are normally in the form <userid>@<domain>, where domain is the University's email domain.
So, being a little concerned that someone might have obtained a custom user account (whether through legal or illegal means) and was happily broadcasting it in the open areas of the building , I reported it to the head of IT security. He investigated it. Found no evidence of that account on our systems, or of any breach (which was my main concern), so he said he'd monitor the situation, and advised me to destroy the notice, which I did.
No one ever asked what had happened to that notice (my team are the people they'd be most likely to ask), so I never found out who was responsible..
Up until a few years ago, AAA (the American Automobile Association) issued ID cards to their members that had raised letters like a credit card. One of the benefits of AAA membership is free towing in the event of a breakdown. The tow drivers used a pen/pencil to rub over the form+carbon paper in lieu of one of the imprinters. Only took a few seconds to get the user's details onto the form.
Then some brilliant manager decided they could save money by just having the user's name & ID number printed on the member cards. No more raised letters, thus saving a little bit of money per card.
A couple minor problems immediately ensued ... In the first batch of cards, the member name and ID number would wear off (cheap ink and cheaper printing process), causing no end of hold-ups as the tow drivers attempted to verify the person needing help was indeed a AAA member. (This has been fixed.) The second was that the drivers now had to manually enter in the name and ID number of the member ... on a clipboard, standing sometimes inches from heavy freeway traffic. Inevitably, errors occurred. Often. And in fact, they still do. But The Powers That Be have decreed that the flat cards are staying, because they save money. I guess knowing how to reimburse towing companies isn't all that important ...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
