Hackers Using Bots, Scripts To Lock Down Restaurant Reservations 214
Nerval's Lobster writes "Forget about hacking an app or database: for a small cadre of hackers in San Francisco, it's all about writing code that can score them a great table at a hot restaurant. According to the BBC, these developers and programmers have designed bots that scan restaurant Websites for open tables and reserve them. Diogo Mónica, a security engineer with e-commerce firm Square, is one of those programmers. A self-described foodie, he decided to get around his inability to score a table at the ultra-popular State Bird Provisions by writing a script that sent out an email every time the restaurant's reservation page changed. 'Once a reservation got canceled I would get an email and could quickly get it for myself,' he wrote in a blog posting. But soon he noticed something peculiar: 'As soon as reservations became available on the website (at 4am), all the good times were immediately taken and were gone by 4:01am.' He suspected it was automated 'reservation bots at work,' built by other programmers with a hankering for fine cuisine. 'After a while even cancellations started being taken immediately from under me,' he wrote. 'It started being common receiving an email alerting of a change, seeing an available time, and it being gone by the time the website loaded.' His solution was to build his own reservation bot, using Ruby, and post the code in the wild."
Or... (Score:5, Insightful)
Go to a casual local place and have a backup plan if it is busy. Restaurants with mile-long reservation lists and >$100 plates are almost universally overrated.
Re:Or... (Score:5, Insightful)
It's the "Ode to my Stomach" syndrome.
Personally, I found home made food much more rewarding. At least I know for sure what do I put in my mouth. No funny business.
Re:Or... (Score:5, Funny)
That place is so popular, nobody goes there anymore.
- Yogi
Re: (Score:3, Insightful)
The State Bird place mentioned does not have particularly high prices. The current menu only has two items in the $20 range ($20 and $22). With prices like those -- and assuming good food -- who wouldn't want to eat there?
dom
Re:Or... (Score:4, Interesting)
Go to a casual local place and have a backup plan if it is busy. Restaurants with mile-long reservation lists and >$100 plates are almost universally overrated.
Unfortunately I live in a resort-y area and we're overrun during the summer months. I just learn to be a better cook. I'm becoming very good at cooking these days. So much so I hate going out to eat because I can do everything so much better.
now it's time for another episode of Samurai Short-order Chef
Re: (Score:3, Interesting)
Another option: have dining in parties with your friends. Have each person take a rotation, try out new recipes/variants, and in general, have a good time without the bad music/bad lighting/bad seating. Non-paying guests can stay and wash the dishes ;)
Re:Or... (Score:4, Insightful)
Another option: have dining in parties with your friends. Have each person take a rotation, try out new recipes/variants, and in general, have a good time without the bad music/bad lighting/bad seating. Non-paying guests can stay and wash the dishes ;)
I remember seeing something about these in my parents magazines from the 1950s. People had some place in the house call a Dining Room and it was much larger than their computer den. Shocking!
Re: (Score:3)
People had some place in the house call a Dining Room and it was much larger than their computer den. Shocking!
A room just for eating in? Weird.
How could you operate your computer from there..?
Re: (Score:2)
Re: (Score:2)
People do not eat out because it tastes to great, they go out because there is no meal to prepare or dishes to clean.
And when I do that I generally regret not preparing something, even a can of beans. Dishes are rarely the chore some people draw them up to be.
Re: (Score:2)
Re:Or... (Score:5, Interesting)
The most I ever paid for a meal was $700 per head for a 16 course tasting menu at a 3 star restaurant. I booked 6 weeks ahead. It was money well spent.
My priorities may differ from yours.
Re: (Score:3)
I don't live near one either. I had to travel to Vegas. I don't expect super dupa dining to be on the vacation plans of a high proportion of people, but then you won't find me on a rock climbing expedition.
It's worth working on your food phobias first, or you may be wasting money.
Re: (Score:2)
If I want to spend €150+ per head I can eat at a two Michelin star restaurant*. The difference between that and a 'three star' restaurant depends mostly on interpretation of the 'stars' and demand/availability in that location.
* http://www.viamichelin.com/web/Restaurant/Chamonix_Mont_Blanc-74400-Albert_1er-10611-41102 [viamichelin.com]
Re: (Score:3)
Most people have absolutely no idea what a 3 star restaurant is like. Most people don't live near one and wouldn't pay that much to have dinner even if they did.
I was stuck in a Financial District, may years ago, where the only restaurants were 3 star or better. I found I could eat just enough to not be hungry for about an hour, on my travel budget. When I got more adventurous I got out of there at night to a pizza place where I could stuff myself.
Still, I'm not impressed with very many restaurants these days -- a lot of it is presentation and atmosphere.
Re: (Score:3)
It was Joel Robuchon. How much to people pay to go to Disney?
Re: (Score:2)
They're so cool they don't even need to make sure the fonts on their website are legible.
Re: (Score:2)
To be fair, you can really only say that if you've never been to SBP in SF or, say, RBK in Berkeley...
SBP isn't as overpriced like a lot of more pretentious places but it isn't all that. I was totally unimpressed at Revival Bar+Kitchen. It was ok but the service was mediocre.
Re: (Score:2)
No need to be so harsh on yourself, good sir.
You could come to a reasonably priced restaurant in SF, like, say, State Bird Provisions, (which accepts walk-ins) and relax a bit from your douchebaggery.
Re: (Score:2)
I live in the city and haven't eaten there yet, but it looks reasonably priced.
I do not that on the font of the website are the words, prominently displayed, "Walk-ins Welcome", so why even bother getting a reservation?
Re: (Score:2)
Because the walk-in line is a mile long so unless you want to wait hours to eat, it's not an option.
The other options are take out, or eating at a less busy time - I don't know what the "good times" are, but perhaps eating earlier would be better.
There must be something better to do with that (Score:3, Insightful)
Re:There must be something better to do with that (Score:5, Insightful)
I've had to learn to appreciate our differences with fellow geeks and nerds that have completely opposite political views for example without demonizing them, and in the process I've learned a thing or two. Don't fall in the "us" and "them" rhetoric and learn to respect people that care about different things.
Re: (Score:2)
Re: (Score:2)
I've heard it's cool and trendy to hate on hipsters.
I guess that makes you a hipster.
NO A2M! (Score:2)
Cold Pizza (Score:5, Funny)
Kids today. In my day programmers ate cold pizza and they liked it! Bonus points for pepperoni or sausage - there's nothing like cold congealed grease.
Re: (Score:2, Informative)
Re: (Score:2)
Ever try a Domino's Thin Crust with Double Bacon?
This is where my regional snobbery kicks in. In NY you never order pizza from a chain. Even a randomly chosen neighborhood place is practically guaranteed to be better, let alone your choice neighborhood places.
Re: (Score:2)
Ever try a Domino's Thin Crust with Double Bacon?
This is where my regional snobbery kicks in. In NY you never order pizza from a chain. Even a randomly chosen neighborhood place is practically guaranteed to be better, let alone your choice neighborhood places.
In New York, you also got a cracker with cheese on it.
New York makes wafers, Chicago makes pizza.
Chicago pizza is for human consumption? I thought it was how the 'hog butcher to the world' fattened livestock.
Re: (Score:2)
...The next day, he found the grease soaked through the pizza, its own box, the lid of the box under it, and the bottom of the box under it, sticking it solidly to the table.
"...that crap's gonna eat through the hull..."
Re: (Score:2)
Yes, every single person who eats that pizza throws up.
No, but it looks like it to some people. I've had people who grew up in places without pizza say that to me. That was a while ago, so maybe there's no place left without pizza, but I'd be interested in more recent stories.
One guy I knew came here from the Lesser Antilles when he was 14. His new friend in America took him to a pizza place, but he thought it was a practical joke. Only after his friend started eating it did he try it.
Re: (Score:2)
Re: (Score:2)
I'm a sort of pizza snob. I want at least four different color toppings on my pizza. The sauce and cheese don't count.
In fact I prefer to have bell peppers as one of the toppings, even though I don't actually like bell peppers. But without them, the pizza doesn't taste nearly as good.
What's next? (Score:3, Funny)
A DDoS to ensure no one gets reservations?
On the other hand (Score:5, Informative)
The reservation company specifically denies that this is happening or is possible.
TFA:
http://insidescoopsf.sfgate.com/blog/2013/07/25/are-automated-bots-are-making-hot-online-reservations-impossible/ [sfgate.com]
Re:On the other hand (Score:5, Informative)
The important part, which I failed to quote:
Update, 1:20pm: Urbanspoon has released a statement that reaffirms its earlier denial, and also refutes duplicate reservations and reservation fraud (though neither of those issues are technically in dispute):
"Urbanspoon’s data on State Bird Provisions’ reservations do not support the findings reported in Diogo Mónica’s post. While we will not disclose data about specific customers, we currently have processes in place to prevent duplicate reservations and combat reservation fraud. Urbanspoon’s goal is to give real diners the opportunity to make reservations. We’ve noticed that many diners will stop at nothing to get a table at the hottest restaurants in town, like State Bird Provisions , so we are constantly working on improving the overall reservations process to give all diners an opportunity to secure a table."
Re:On the other hand (Score:4, Informative)
Re:On the other hand (Score:5, Funny)
Please, we're talking about fancy restaurants here. It's not just plain marketing bullshit. It's Lobster Thermidor aux crevettes with a Mornay sauce, garnished with truffle pâté, brandy and a fried egg on top and bullshit.
Re: (Score:2)
That sounds delicious.
Re: (Score:2)
I did, I could do without the bullshit, but the first part sounds tasty.
Re:On the other hand (Score:5, Insightful)
all bunch of blabla bla.
you know what would work out? if the tables are really all reserved all the fucking time, make a reservation cost.
then increase cost until you hit a spot. the restaurant should just charge more, if people want to pay a months rent to eat there then so be it.
btw how the fuck could they make sure they don't get duplicate reservations? checking id's of people coming in to match the reservation? they can't really rely on cookies, ip addresses or anything like that for it. not even fb profile linking would do it, easy enough to have fake profiles...
what urbanspoon cares about is that the tables are full, nothing else.
Re:On the other hand (Score:5, Interesting)
you know what would work out? if the tables are really all reserved all the fucking time, make a reservation cost.
then increase cost until you hit a spot. the restaurant should just charge more, if people want to pay a months rent to eat there then so be it.
It's easier to auction off reservations rather than continually adjust the price until you find a level that works. And this was suggested by many people on Twitter early this morning already.
Re:On the other hand (Score:4, Insightful)
you know what would work out? if the tables are really all reserved all the fucking time, make a reservation cost.
then increase cost until you hit a spot. the restaurant should just charge more, if people want to pay a months rent to eat there then so be it.
That works if you're just in it to make a profit, and don't care about who is able to come to the restaurant.
Planet Money had a podcast [npr.org] about this in regard to concert tickets. They had Kid Rock talking about it, and pointed out that it would be super simple to keep jacking up the price until supply & demand balances out and it's no longer worth scalping tickets.
However, selling tickets to the highest bidder greatly changes the tone of the audience you get. You no longer get people who are there because they want to enjoy the experience, you instead you get people there just to show off their affluence. (Kid Rock mentioned the bored-looking old guys in the front row who are obviously just there to impress half-their-age girlfriends.) You'd see that with increasing the price to restaurant reservations. You'll no longer get people going to the restaurant because they want to enjoy the food, you'd get people there because a table at State Bird Provisions is rare, and it will impress a girlfriend/business associate. As a chef, cooking for people who want to enjoy your food and cooking for people who are just there to show off are greatly different things, and you may be willing to reduce your profit if you can ensure the former.
Re: (Score:2)
This.
That's how I scored a table at Joel Robuchon. Opentable said it was booked. I called and it wasn't a problem.
Re: (Score:3)
I call BS on this. Sounds like Urbanspoon is just covering their ass.
Bottom line is their reservation system doesn't have any form of CAPTCHA which makes the use of reservation bots completely plausible.
Re: (Score:2)
Re: (Score:2)
we currently have processes in place to prevent duplicate reservations and combat reservation fraud.
While they may indeed have a system in place to prevent duplicate reservations, their answer is meaningless. If a person can make a reservation on-line then a bot can do the same, except faster and in the middle of the night while you're sleeping.
Re: (Score:2)
But this isn't duplicate reservations. Nor does it appear to be reservation fraud; nobody's said anything about third-party sale of the reservations. It's just people automating the process of getting a reservation.
Re:On the other hand (Score:4, Interesting)
The important part, which I failed to quote:
Update, 1:20pm: Urbanspoon has released a statement that reaffirms its earlier denial, and also refutes duplicate reservations and reservation fraud (though neither of those issues are technically in dispute):
"Urbanspoon’s data on State Bird Provisions’ reservations do not support the findings reported in Diogo Mónica’s post. While we will not disclose data about specific customers, we currently have processes in place to prevent duplicate reservations and combat reservation fraud. Urbanspoon’s goal is to give real diners the opportunity to make reservations. We’ve noticed that many diners will stop at nothing to get a table at the hottest restaurants in town, like State Bird Provisions , so we are constantly working on improving the overall reservations process to give all diners an opportunity to secure a table."
And since these bot'ed reservations aren't appearing for sale on Craigslist, nor do these popular restaurants appear to be suffering from excessive no-shows, what exactly is happening to these reservations that are supposedly stolen by bots?
Re: (Score:2)
I guess they never heard of CAPTCHA (Score:4, Insightful)
Re:I guess they never heard of CAPTCHA (Score:5, Insightful)
Yeah, but modern CAPTCHAs are so convoluted that computers can solve them more easily than I can.
Re: (Score:2)
Re: (Score:2)
Yeh. OCR has gotten so good that CAPTCHA developers have no choice but to make their images so distorted that even human pattern recognition can't easily make them out anymore.
That's why some captchas now have knowledge-based answers in the rotation, like showing an image of a brand name and asking what it's known for. Or assembling a small puzzle.
Re:I guess they never heard of CAPTCHA (Score:4, Informative)
Citations:
http://en.wikipedia.org/wiki/ReCAPTCHA [wikipedia.org]
http://www.wired.com/threatlevel/2010/11/wiseguys-plead-guilty/ [wired.com]
Re: (Score:3)
Another group has claimed they use OCR to defeat reCAPTCHA, but have never proven that to be the case and if they can, why not prove it?
Why would they? It would be in their best interests to let the algorithm work for as long as possible, no point rocking the boat, and showing the reCaptcha developers how to block it more.
Re: (Score:2)
Yeah, but modern CAPTCHAs are so convoluted that computers can solve them more easily than I can.
No kidding, I wish something like kitten Captcha was more prevalent but it never seemed to catch on.
Reservation fees? (Score:3)
I would think that a lot of bot reservations would go unused, at least, as soon as the newness of this wears off. How long until restaurants start charging a nonrefundable reservation fee?
Re: (Score:2)
I would think that a lot of bot reservations would go unused, at least, as soon as the newness of this wears off. How long until restaurants start charging a nonrefundable reservation fee?
And/or a simple wait list that gives preference for preferred customers? I.e. The restaurants should see this as an unmet need, and provide their customers a solution.
Re: (Score:2)
what unmet need? they are fully booked.
one time years ago my wife wanted to go eat at some place in NYC that cost $600 for dinner for two people after taxes, tip and whatever. i tried making reservations, but the place was booked solid for months in advance and we forgot about it after a while
Re: (Score:2)
Re:Reservation fees? (Score:5, Insightful)
Face facts. The problem wasn't that the restaurant was booked, the problem was that you are not famous.
Re: (Score:3)
Also this is why we can't have good things. Brainless botter suspects brainless botters to be faster than him. Honestly, his behaviour is highly anti-social, egocentric and overly obnoxious. If I where running a successful restaurant I would go to great pains to avoid people like him. the likelyhood of him annoying other patrons is just too much. Do you need another jackas
Re: (Score:2)
>There will always be preferred customers and I suppose a lot of these reservations are made in person, face to face and way in advance.
To be a preferred customer, come back a second time. All the starred restaurants have known when I've come back a second time and made a show of appearing to care about it.
FWIW, I recommend La Toque in Napa. 1 star, deserves 2.
Re: (Score:2)
I would think that a lot of bot reservations would go unused, at least, as soon as the newness of this wears off. How long until restaurants start charging a nonrefundable reservation fee?
I would imagine, if anything, they would charge maybe $5 that would then be included as part of the payment on your bill should you end up keeping the reservation; ie. on a $50 check you would only have to pay $45. Or people can just call in and make reservations like you used to have to do.
Re: (Score:2)
Make the reservation transferrable, and suddenly it would create a market, eliminating the shortage of reservation slots. To get a reservation, just go to eBay. Of course, if you can find it on eBay and the restaurant isn't the seller, it's a sign that the restaurant charged too little (below the market clearing rate) for the reservation in the first place.
This isn't hacking (Score:5, Insightful)
This is just a html scraper. People have had the same thing going on ebay for years. Suddenly it's hacking? Give me a break.
CFAA (Score:2)
Robot exclusion (Score:3)
Well Google/Yahoo/Bing bots are always doing the exact samething unless you tell them no to do so...
There's an accepted protocol to tell those and other well-behaved bots not to do so in a /robots.txt file. I doubt that reservation bots obey /robots.txt.
Re: (Score:3)
Suddenly it's hacking? Give me a break.
Haven't you heard? Nowadays using a computer to access/use something in any way the original creator doesn't like is "hacking".
Re:This isn't hacking (Score:4, Insightful)
Nowadays using a computer
Using an HTML scraper and an almost certainly unholy bunch of scripts to make sure you get first dibs on a restaurant reservation is certainly hacking in the old sense of the word: it's a hack.
Re: (Score:2)
If you can manage to physically do that yourself, 24 hours a day for a week, I'll give you a check for a million dollars.*
Note: Of course the check will never clear, but you'll have a great thing to grumble about in the asylum where you would end up. Sleep deprivation is a bitch.
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
Suddenly it's hacking? Give me a break.
It would be totally awesome if language stopped changing in the 1980s. Radical, dude.
Re: (Score:2)
Abusing the system (Score:5, Insightful)
This is abuse of the reservation system, plain and simple. It simply is not robust enough (too informal) to handle bots. I suspect it soon will become commonplace to require tortuous captchas for reservations. Great job, lazy hacktivists! You've ruined e-life for everyone.
As for posting code for it in the wild so any script kiddy can do it. Good for you. That's called leveling the playing field. It's the proliferation of bots just to be shits to each other that rankles my ire, not the fact that everyone can now do it.
Re: (Score:3)
OH FUCK, WE'RE ALL GONNA STARVE!!!
Re: (Score:2)
It's just Wall street quants doing to restaurants what they've done to the financial markets.
Heard on the floor of the NYSE in the near future:
"Sell! SELL! SELL! Oh, great, I can never get these.... what the hell is that? Uh... UB3Q6Y? No?.... well, fuck..." (jumps out nearest window)
Re: (Score:2)
Re: (Score:2)
In my experience, the people who appreciate the best restaurants are usually pretty good cooks themselves.
It's a foody thing.
Re: (Score:2)
self-described foodie (Score:5, Funny)
Are there foodies who are NOT self-described?
Re: (Score:2)
You're a foodie.
There, now there's a foodie that's not self-described. You're welcome.
This is why we can't have nice things (Score:4, Interesting)
Heaven forbid we should have the convenience of making a reservation online. No, it's takes a bunch of assholes to game the system and screw it up. Not that it's anything new, as online ticketing for popular events has been gamed for fun and profit by scalpers for years.
If all of my family were to suddenly die in a freak accident and I was left alone with nothing to live for, I would hunt every bot maker down and shoot them for amusement. (Oh, and happy Friday everybody!)
Re:This is why we can't have nice things (Score:4, Informative)
Re:This is why we can't have nice things (Score:4, Insightful)
Meh, life is like that. I have to lock my bike up, my house has an alarm, that old lady got into the 12 items or less line with double that, some fuckers knocked down some buildings with airplanes, and people STILL don't wash their hands after using the bathroom.
Re: (Score:3)
Now that is a the foundation for a good movie plot. I'd go see that one. Somehow, even though you're killing off people, you still remain the protagonist with the evils one being the other bot developers. At the end you die (of course, a tragic hero's path), but save the world...for now.
Memories (Score:2)
I did this back when the Wii was initially released to get one for retail when they were going for twice that on eBay. Scraped the major retailers product pages on a cron and told me when there was stock (which usually lasted a couple of minutes). Worked pretty well.
Ruby?? (Score:5, Funny)
Pfff, my soon-to-be-released Assembly program will put his slow ruby ass to shame, thus starting HFR (high frequency reservation) era and trading in reservation futures.
Re: (Score:2)
He already talked about moving his sytems closer to reduce network latency.
Revenge of the Nerds (Score:5, Funny)
One of the perks of dating a geek is that we are now the only ones who are ever going to take you to the hottest restaurant in town.
Jocks need not apply.
-
Attention Non-Programmers (Score:3)
Attention Non-Programmers: This is what the future looks like. If you don't learn to make your computers obey you, if you don't take control of your information flows, you will be marginalized by the people, corporations, and governments that do.
I'm not saying it is right. I'm saying it is. As philosopher-poet Ash once observed; "Good. Bad. I'm the guy with the gun."
HFT (Score:2)
High Frequency Tables.
Getting a direct fiber-optic link to the restaurant's web server could improve on this.
Smells like an advertisement. (Score:2)
Something about this story (Score:2)
just doesn't taste right to me....
Re: (Score:2)
Re: (Score:2)
Stopped by the grocery store last night to pick something up. Was delighted to find tri-tip not only available in Denver, but on sale for $4/lb (this cut of beef is usually only found in California, though, it's becoming more common elsewhere).
Simple rub, a five minute sear on each side on the grill, and 35 minutes over indirect heat on the grill. This is not rocket surgery. With a some roasted potatoes and fresh greens and tomatoes from the garden, this was easily an $18 plate at one of the trendy little
Re: (Score:2)