<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link=blue vlink="#954F72"><div class=WordSection1><p class=MsoNormal>I have heard of others doing this. I spent 4 years working for a client that was a startup creating a food delivery (restaurant and grocery) platform. I was the chief architect and primary developer of the core back-end and API used by the website and mobile apps for customers, proprietors and drivers. I had not designed such a thing before, and also had never built such an elaborate and complex back end service before. But in the end I was pretty impressed with what we came up with.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’m sure the platform service providers aren’t going to want people gaming it, so it won’t take much for them to shut hackers down. They will make their API’s only work with an API key, that they could then revoke. The platform I wrote didn’t use API keys, but it did have a “secret” token client had to pass than could also be revoked in case any bad actors arose. That decision was based on the perceived threat level at the time, which was low(what is the worst thing someone could do, put in their credit card and address and order food? They couldn’t even do that without also hacking the credit card processors gateway APIs.). Switching over to using an API key would have been trivial in the implementation. They could also make certain API’s not callable without a login token either. Then they could look for use patterns tied to that account that look like attempts to game the system and deactivate that account. Everything we did was to make it really difficult to reverse engineer the system, but nothing is impossible. A lot of our data was also hashed in a way that would have made reverse engineering it really tough. I wrote a tool that examined the back end code and generated wrapper code for client-side use of the server’s API. That also let us have more complex REST interactions that would have been really painful to have to code by hand, since all the handshaking the server wanted was handled automatically by the wrapper code. </p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='border:none;padding:0in'><b>From: </b><a href="mailto:triembed@triembed.org">Alan Wiggs PE via TriEmbed</a><br><b>Sent: </b>Tuesday, April 14, 2020 11:30 AM<br><b>To: </b><a href="mailto:TriEmbed@triembed.org">Triangle Embedded Computing Discussion</a><br><b>Subject: </b>[TriEmbed] Living in a tech world, in California</p></div><p class=MsoNormal><o:p> </o:p></p></div></body></html><html><head><meta http-equiv="Content-Type" content="text/html; "></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" class="">To all my tech geek friends,</div><div dir="auto" class=""><br class=""></div><div dir="auto" class=""> I got this from a lawyer buddy, his nephew is in a tech area.</div><div dir="auto" class=""><br class=""></div><div dir="auto" class="">A few years ago I looked at a Adafruit feather Huzzah project to do something like this.</div><div dir="auto" class=""><br class=""></div><div dir="auto" class=""><br class=""></div><div dir="auto" class=""><blockquote type="cite" class=""><div style="margin: 0px;" class=""><span style="font-family: -webkit-system-font, "Helvetica Neue", Helvetica, sans-serif; color: rgb(0, 0, 0);" class=""><b class="">From: </b></span><span style="font-family: -webkit-system-font, "Helvetica Neue", Helvetica, sans-serif;" class="">J<br class=""></span></div><div style="margin: 0px;" class=""><span style="font-family: -webkit-system-font, "Helvetica Neue", Helvetica, sans-serif; color: rgb(0, 0, 0);" class=""><b class="">Subject: </b></span><span style="font-family: -webkit-system-font, "Helvetica Neue", Helvetica, sans-serif;" class=""><b class="">From my non-engineer nephew in Palo Alto</b><br class=""></span></div><div style="margin: 0px;" class=""><span style="font-family: -webkit-system-font, "Helvetica Neue", Helvetica, sans-serif; color: rgb(0, 0, 0);" class=""><b class="">Date: </b></span><span style="font-family: -webkit-system-font, "Helvetica Neue", Helvetica, sans-serif;" class="">April 12, 2020 at 4:26:25 PM EDT<br class=""></span></div><div style="margin: 0px;" class=""><span style="font-family: -webkit-system-font, "Helvetica Neue", Helvetica, sans-serif; color: rgb(0, 0, 0);" class=""><b class="">To: </b></span><span style="font-family: -webkit-system-font, "Helvetica Neue", Helvetica, sans-serif;" class=""><br class=""></span></div><br class=""><div class=""><span class="" style="caret-color: rgb(0, 0, 0); float: none; display: inline !important;">Subject: He who cannot code, cannot eat</span><br class="" style="caret-color: rgb(0, 0, 0);"><br class="" style="caret-color: rgb(0, 0, 0);"><br class="" style="caret-color: rgb(0, 0, 0);"><span class="" style="caret-color: rgb(0, 0, 0); float: none; display: inline !important;">It's become apparent that it's virtually impossible to get a curbside pickup time slot at any of the local grocery stores. When one becomes available, it is literally snapped up within seconds. So quickly, in fact, that I came to the conclusion people must be using automation. This is just one more reason why it often sucks to live in the same vicinity as 100,000 other software engineers.</span><br class="" style="caret-color: rgb(0, 0, 0);"><br class="" style="caret-color: rgb(0, 0, 0);"><span class="" style="caret-color: rgb(0, 0, 0); float: none; display: inline !important;">So, I joined the arms race, analyzed the underlying API of the store's website, and wrote a program that checks for available time slots every 15 seconds, and if any are found, reserves the first one instantly. Then it turns on a light in the bedroom to alert me that I have a reservation, and after that I have one hour to complete the checkout. I was walking around in circles in the yard last night when I saw the light come on, so I came in and discovered I have a time on Wednesday evening.</span><br class="" style="caret-color: rgb(0, 0, 0);"><br class="" style="caret-color: rgb(0, 0, 0);"><span class="" style="caret-color: rgb(0, 0, 0); float: none; display: inline !important;">Pity those poor suckers in Silicon Valley who don't know how to code. Kind of darkly funny that it has finally come to this: if you can't program a computer, you can take your chances with COVID, or starve, I guess.</span></div></blockquote><div class=""><div class=""><span class="" style="caret-color: rgb(0, 0, 0); float: none; display: inline !important;"><br class=""></span></div></div><div class=""><span class="" style="caret-color: rgb(0, 0, 0); float: none; display: inline !important;">Be safe,</span></div><div class=""><span class="" style="caret-color: rgb(0, 0, 0); float: none; display: inline !important;"><br class=""></span></div><div class=""><span class="" style="caret-color: rgb(0, 0, 0); float: none; display: inline !important;">Alan Wiggs</span></div></div>
</body></html>