Just a note, the machines are not broken, they have shut themselves down for sanitary reasons. Ice cream, as a food that is very close to neutral in pH and without much in the way of preservatives, is a common source of listeria bacteria. To prevent serious health issues, the machine must be sanitized regularly. As I understand it, the process is involved, and any given McDonalds may not have a person with the time and skills to complete it. So the machine shuts itself down rather than produce an unsafe product. This is translated to "broken" when you order ice cream.
Here's some detail, as someone that has worked with those machines before (internally and externally).
In the good old days the soft serve and shake machines were taken apart every night and every piece was washed and bleach-sanitized by hand. Then it was reassembled in the morning. This would leave a lot of room for error and possible contamination in the process. And the sight of a shake machine hitting full pressure with a misaligned O-ring in the barrel is a lovely one indeed.
So the newer machines take a different route: they self-pasturize. The machine goes out of service and slowly heats everything up to a bacteria-killing temperature (including the dairy mix inside), then cools everything back down to freezing temperature to serve.
This process takes about four to five hours. But if you set the clock wrong, the machine will go into its cycle at some super-inconvenient time. There are other triggers that can force a self-clean but in general it's not "broken", it's just doing this process at a bad time for you.
I'm curious how this data is being sourced. The last I checked there was an effort to put cloud-based telemetry into every unit and have them report home constantly (both to the equipment maker and to McD), but that was never intended to be public data.
EDIT: Ah, I didn't RTFT. He's using the public ordering site to scrape it (and now the title has changed). But that does mean there's some working connection from the equipment to the McCloud now. That's cool. Or maybe a manager is doing it by hand.
I actually froze my hand inside an ice cream machine like this when I was a teenager working fast food.
I hit a standby button instead of the off switch. (I was too tall to see the off switch and was never trained.)
I spent two weeks in a burn unit while they healed my hand with magic synthetic sin grafts.
Today you can’t even tell which hand got frozen in there.
Back in the day I worked in a dairy company as an IT guy. When the RFID antennas would need a reboot I had to go to the deep freeze storage (-40 Celsius), walk in with a ladder, climb the ladder, switch off and then on (IT crowd style), wait to see the green light bleeping, and then climb down and leave as fast as I could.
The whole thing would take 40-50 seconds (I was counting EVERY time). I couldn't wear gloves, because ladder/switch. I was wearing all other gear though. Touching anything (aluminum ladders get cold very fast at -40)(so are walls, switches, everything).
I did this process a couple of times wearing just jeans and tshirt. In that "less than a minute" my clothes would freeze solid, the wool was hardning and it felt like wearing a plank. Same with jeans.
In other cold related story, I was in a "cold country", out in the open, -25 Celsius, my phone rang, my gloves didn't have the electro-thingie so I couldn't "slide to answer" so I too my glove off, answered, talked for 60 seconds. Then I went to a warm pub, and after 10mins I could bend my fingers again.
I used to walk to school in sometimes very cold weather (-35 Celsius). Once, in order to try preventing the inside of my nose to freeze, I put my scarf over it. The scarf froze very quickly and I ended up with ice around my neck...
Now that I’m thinking about it, I wonder how people will manage masks this year with COVID in cold countries.
TL;DR: don’t put a scarf over your nose in very cold temperatures.
I'm Canadian and we get -35 temperatures for at least a few days every winter. This doesn't make sense to me. Of course you should put a scarf over your nose. At those temperatures , exposed skin freezes very quickly so you need to cover all your skin or you'll get frostbite.
I've never had a problem with a scarf freezing stiff like you describe. They build up ice crystals of course, but they don't interfere with air flow and are easily broken.
The biggest problem I expect from wearing a mask in the winter is that they'll get damp quickly because the cold temperatures, and perhaps having a scarf over top, will prevent moisture from evaporating.
I usually ride my motorcycle through winters in the upper midwest. No, it's not Canada, but at highway speeds in freezing weather it gets cold very quickly. I can't cover my whole face with cloth, or my breath will fog up and freeze over my glasses and visor. I apply vaseline over all of my exposed skin before riding. It does a great job of protecting my skin. I also do this when bicycling through extremely cold weather.
Heh.. many people commented on that. Perhaps you had a "single layer" that made it hard since the droplets/water from your exhale got stuck in the fabric, and together with the atmosphere's humidity created this effect.
In such cold climates I wear an ultra long scarf (2m-2.5m), I wrap my neck/jaw/ears 3-4-5 times (depending how tight) and I tuck it in my jacket. The outside of the scarf freezes, the inside remains warm. I also try to breathe by my nose, less humid.
It's a virus not a bacteria so the proteins don't disintegrate. The probability of transmission outside is small as sensibly people limit the time outside, but the flipside is they stay indoors, in confined spaces together, which is perfect breeding ground for the virus.
>TL;DR: don’t put a scarf over your nose in very cold temperatures.
Weird, as a Canadian who has been through many -35 days, I absolutely use a face covering, whether that's a scarf, neck gaiter, mask...Never had any problem like that.
A manager is doing it by hand. Their POS system has the ability to lock out individual items, and this information is available in real time to the server backing the mobile app (GMA).
The machines that I've seen don't have real-time telemetry, and are not networked.
There was an old effort a long time ago where the machines were on a powerline-networking system (LONWorks) but that is dead and buried. The next-gen effort was ramping up a few years ago and I don't really know where it is now. The predictive analytics company they bought was a big part of it.
Their tech stack is far more bleeding edge than I would have envisioned. I wish they gave an idea of why they chose to use k8s at the edge. I can see how containers are useful for deployment, and the fail-over built into Kubernetes is really nice, but I'm shocked that's the simplest/best way to do it at the edge.
I would have expected some VMWare product, just because it's "enterprisey". Shame on me for judging.
Deployments and monitoring are probably another draw. Same tools server and edge side.
Another project to keep an eye on is AWS's Greengrass which has a bunch of capability overlap, but a bunch of new ideas for edge and fog IoT also. I had a mixed experience with it but at least some ideas bear borrowing.
Not sure if this is the same thing, but I recall reading a case study in 2006 on McD's cloudifying their kitchen equipment. The project was apparently a huge failure and was eventually stopped due to runaway costs.
- You have a system whereby every instance has a 75%-79% uptime.
- Each instance's 21%-25% daily scheduled maintenance window can (generally) be arbitrarily-scheduled by the ops team.
How do you near guarantee that there's always one instance available?
If you said:
"manage a redundant cluster of at least 2 instances with non-overlapping maintenance windows"
Then you were correct!
BONUS QUESTIONS:
Q: What's the max number of ice cream machines found in a McDonald's location?
Q: What's the cluster size of the McDonald's ice cream monitoring system?
Q: How much money does McDonald's have?
Q: Why the fuck?
If you said: "1", "at least 3", "metric fuck-tons", and "I don't know", respectively, then you were correct!
The answer to #4 is probably that the goal isn't to always have ice cream. The goal is to run a profitable business.
Doubling the cost of the ice cream infrastructure to avoid a 25% downtime may not be a profitable venture -- especially if the downtime is scheduled to occur while the store is closed.
Also, you can use data to schedule the maintenance when the probability of someone ordering ice cream is low. That 21-25% downtime results in significantly fewer people wanting ice cream not being able to get it.
In the good old days the soft serve and shake machines were taken apart every night and every piece was washed and bleach-sanitized by hand.
I was a McD manager in my youth.
Not only were the internals fully disassembled and sanitized, they were left to soak in the solution overnight. All that was left behind was the cylindrical plastic chamber, sanitized and left to air dry overnight.
The messiest part was lubricating the O-rings with a petroleum jelly. Failure to remove all that when cleaning seemed like a good vector for microbes.
Heh! I did both of those jobs as well. I still remember the large plastic tray you had to use to organize all the little parts and O-rings.
Did you ever have a clever employee that thought they could use the 5-gallon plastic buckets as a quicker way to dispose of the old fryer shortening? I watched that happen one Sunday morning. That was amazing.
I worked there in the old days when I was in high school (late 90's), and one of the most disgusting stories I have about a job is when I went to refill the orange juice dispenser machine, and a giant swarm of flies were all over and in the top of the machine. In the orange juice, all along the sides of the inside, and flying around like a small swarm when I opened it.
I yelped and stepped back. A manager rushed over to me, slammed the lid shut, and told me to not tell anyone.
The machines still get taken apart and washed by hand, along with some maintenance, every 14 days. So every machine will additionally be off for an afternoon every two weeks.
Are perpetual stews sanitary? I'm probably misjudging, but the idea of anything being out in the open for that long makes me uneasy. I guess it's kept at a simmer, so bacteria can't grow?
A standalone GPS NTP server is $750 retail. Commercial soft serve ice cream machines are at least $4000. Just building the machines with an autonomous GPS clock that doesn't need to be set, would double the revenue but only increase the upfront cost by 18%.
Since they need internet connectivity to phone home status to McCloud, I don't know why they wouldn't just run an NTP client to keep their time synchronized and accurate?
Moreover the $750 you reference must be a commercial product since you can do GPS on a Raspberry Pi for < $50 easily? Which product are you thinking works for this scenario? Think I've seen everything from $300 to $13000 solutions for this over the years.
I doubt these machines are internet-connected. Most likely is that the store manager notices the machine has gone into its cleaning cycle and manually marks the item on the menu as unavailable.
If it was being integrated, the cost would be more like 5 dollars, since the ntp unit could just be an esp8266 chip that connects to the store wifi to sync the time.
If they can't manage to set the time what makes you think they'll connect the Wifi?
(...although in fairness some of the other comments here suggest the things might already have some kind of int[er/ra]net connectivity in which case no extra hardware required)
That sounds like an awful lot of work to not send NTP requests over WiFi. Then again, I'm sure someone will inevitably find a way to make these things spray ice cream everywhere over WiFi if they do. Or worse, mess with the internal temperature or cleaning settings to make them not safe to consume.
It's actually probably best they never touch the public wifi. I don't know why no one has mentioned ethernet yet, though. These machines are static, they just sit there. There's already tons of wiring going everywhere, so I would assume that it should be relatively easy to get a cable drop to the ice cream machine. Then you don't have to worry about any of this wifi security. You could do port level security, but that's probably overkill for an edge network.
I have actually been wondering lately why there isn't more of a market for some of these things that it seems like you could hack together. There has to be something I'm missing. You'll never be a unicorn, because most of these kinds of sensors have a limited scale, but it seems like a good return on investment for a small team.
I don‘t know about 3G, but I just checked for LTE [1] and the timing is broadcasted in SIB16, which is not encrypted, so theoretically anything could pick it up.
WWV/WWVH might not be a great idea, as I've read that there are rumblings about phasing it out.
You used to be able to pick up a time signal almost anywhere in CONUS with an FM receiver. It was encoded in the transmissions of PBS television stations.
This was back in NTSC days. Now that everything is digital, I don't know if it's still true.
The specification was called XDS and was developed by Sony to automatically set the clocks on their VCRs. PBS was a major participant but some other networks included XDS timecodes as well. Unfortunately late in the systems life reliability became poor (the encoder was not integrated with any of the other station equipment and was not being modernized) and I assume they all died out with the digital transition.
A better source today would be the time codes sent out by some FM radio stations with RDS encoders, to allow car radios to set their clocks. Unfortunately not that many radio stations do this and, once again, the time is not always all that reliable since the RDS encoder may not have any synchronization source itself.
The cellular network used to be an excellent source, CDMA cells required GPS time sync for TDMA reasons (well, CDMA reasons, technically speaking...) and broadcast a time code that is directly off of their GPS time source. Unfortunately, while GSM cells (and LTE) do broadcast the time, there is no guarantee made of precise synchronization as they don't broadcast a time code directly from their GPS source (not an expert in this field but I think the GSM/LTE time information comes from the possibly remote controller rather than the local radio hardware). Still, it would probably be good enough for this application.
GPS time sync is actually quite cheap to implement these days but tends not to work in these scenarios since a clear sky view is needed. WWVB is possibly on the way out. SNTP is probably ruled out less by the BOM cost of WiFi hardware and more by the deployment pain of having to get kitchen equipment configured for the corporate WiFi network.
Here's a fun idea: McDonalds presumably centrally controls the in-restaurant audio. Could they encode timestamps into the background music in a way that machines can cheaply recover? You wouldn't need high reliability, just enough for it to work once in a while. The old-ish Nielsen Peoplemeter system would be a model.
When you order a VPS they would’ve asked you then: “Do you want to supersize your order? For $1 extra you can have a whole bucket of RAM instead of a small cup of RAM”
Imagine if Barnes and Noble had done it, and you could drive to one of their stores to quietly sip a drink and peruse the new machines they had provisioned recently.
Since you and the OP are here, I have a random question: were the blizzards ever made with liquid plastic ingredients?
It probably sounds insane, but someone from a plastics company spoke at my high school and said this was the case since it was easier to ship and needed no refrigeration. Now, decades later, I'm wondering if this was just complete nonsense or had an element of truth to it. I've been able to find nothing online.
Not my field, but edible gums (guar gum, or xanthan gum for example) is "plastic" (adj.). Gums are used more and more, AFAICT as a consumer; presumably to allow products to be bulked out with air.
Basically take anything homogeneous, add gum, add air, create a foam. Basically like an Aero bar but with way smaller bubbles.
You just cut a quarter (I'm guessing on this figure) off your ice-cream ingredients by weight and you can now advertise "scoops from the freezer"!
It's genius but just a more complex version of putting all the pizza toppings in the little window, or having the coleslaw tub be much wider at the top, or putting everything in a wide plastic skirt so the box is 20% bigger than it needs to be, ... packaged food sellers are scumbags.
This 'bulking up with air' is most evident if you go to the yogurt or cream cheese section and look for the Yoplait Whips or Philadelphia Whipped containers. It's the same product, just as a foam, and seems to be marketed as a healthier alternative where users choose a satisfactory portion by volume, not by calories or weight.
And while I think the whipped foods are stupid, I don't think that packaged food sellers are necessarily scumbags. They're merely people responding to incentives, just like everyone else. The food market has razor-thin margins and consumers are ill-informed. Neither consumers (who are hard to inform) nor regulators (who are captive to the multinational conglomerates) have been able to push back more strongly than the profit incentive, so the so dark patterns like those you describe are inevitable.
Plenty of dieters do this themselves with protein fluff/"ice cream" (protein shakes with ice and xanthum gum). Overweight people almost by definition eat by volume not by calories (ie they eat more than their body needs for caloric maintenance).
It's not entirely true that regulators haven't plushed back: in the USA, there's a minimum amount of cream required before the vendor can call the product "ice cream".
The products in that category that have been puffed up with air (and don't meet this minimum) get sold as "dairy desserts".
(I don't work on the food industry, so I won't be shocked if I got details wrong.)
Which is exactly why McDonalds menus list "cones" and "sundaes". Not "ice cream cones". It's a frozen dairy dessert that is not legally ice cream. To be fair, McDonald's version is superior to any other fast food frozen dairy desserts that I've had.
The bulking aspect doesn't bother me so much, what does bother me is that it's not as good and the only major ice cream brands left that aren't like this are Haagen-Dazs and Talenti.
> "having the coleslaw tub be much wider at the top, or putting everything in a wide plastic skirt so the box is 20% bigger than it needs to be"
These days the trend seems to be to reduce the packaging, at least here in the UK. "Same size - less packaging!". So it seems like reduced packaging and distribution costs, and perhaps fitting more onto store shelves, outweighs any extra sales from customers who are fooled into thinking the product is bigger than it really is?
I think there are two things, one is a preference with some consumers towards less packaging (given two products about the same cost and one looks like less packaging I'll tend to pick that) and the other is there's been a lot of talk about taxing single use plastics so I've wondered if they've been trying to alter the supply chains before that point.
I'm not a chemist but I've recently come to realize that the meaning of the term in the popular psyche has probably changed over the decades, taking on largely negative connotations, because of its association with a small subset of materials (albeit large by volume), most of which are either toxic, a pollution problem, or both.
AFAIU, in industry "plastics" is just a blanket term for moldable organic materials that chemists are constantly inventing. They're not necessarily sourced from petroleum, nor necessarily toxic. It's a ridiculously huge category of material, and plastics really were and probably always will figure prominently in our future. And I would assume that some traditional, even edible materials have been subsumed into the plastics category given the general scope of the term and the industry itself.
Former chemist, yeah this always bugs me. Laypeople use "plastic" to refer to mostly inexpensive injection molded parts, but it really includes everything from LDPE bags to glass fibre reinforced nylon powertools to Rayon fibers to thermoplastic elastomers.
Maybe you mean McFlurry (Blizzards were Dairy Queen). Basically the same thing, but not sure if whoever said that was specifically talking about Blizzards.
Yeah! Whatever you do, never eat pretzels! They dip them in oven cleaner before baking, then they sprinkle them with those crystals they use for removing ice from roads!
And dihydrogen-monixide figures heavily in their production. Nearly everyone that's ever died had consumed DHMO in the 24 hours leading up to their death!
A solution of about 4% NaOH is generally recommended. Submerge the pretzels for a few seconds just before baking. It does something to the outside layer of dough that results in the brown crust of the pretzel. In addition to the pleasant color, it also affects the flavor. Also, it makes it easier for the coarse salt to stick to the outside of the pretzels.
NaOH immediately causes stains on clothes and wooden cutting boards and countertops. Obviously it's also bad for your skin and especially the eyes, so be careful.
Bagels are usually dipped in lye as well, it's how they get their bagel-y texture on the outside crust.
Sodium carbonate is sometimes used as an alternative to lye for those who don't want to deal with the safety aspect of handling lye, as lye is very caustic. Of course, lye still provides the best results.
Speaking about BK, the liquid they used to make the soft-serve was most certainly refrigerated.
Logically though, refrigeration based transport is not a concern for any fast food company. They use ingredients that absolutely must be transported cold, thus the cost of adding another menu item that must be shipped cold to that list is immaterial (even at scale).
That's actually incorrect, they list two plastics there. It's just that "plastic" isn't something that is actually necessarily toxic, and the media misuse the terminology all the time.
Someone should save the data over time and figure what is wrong with every machine. If this is made public and enough tech people tell the store every day to change example from 2pm to 2am, this will likely result in a better product for everyone.
At first I was gonna ask why does this not run on off hours, but then you mention bad clock, so the next question is, why is the % of bad clock so high, and why isn't the clock also cloud based or set in a way that can go wrong.
Next up, what about redundancy, do stores only have one machine?
McD is conservative when it comes to kitchen technology. With certain exceptions, franchisees determine when they buy new equipment and not the corporation. Most of it is designed for a 7-year capex cycle.
But to answer the question: no, the machines aren't net enabled and do not NNTP their clocks. But that's changing.
But I still wouldn't design my architecture to let a central server decide when a machine should go out of service. Think about what else you can fuck up that way.
Why are they off? Good question. Sometimes it's as simple as a store owner setting the heat cycle for 2pm instead of 2am.
Why are they not redundant? They're expensive, take up a lot of valuable space and a lot more valuable energy, they need to be filled with 2x the product, and the customer demand isn't that high at any given moment to warrant the expense in most stores.
> Next up, what about redundancy, do stores only have one machine?
From my (old) experience working at one, yes. The annoyance of having to maintain a second machine (especially when cleaning and maintenance involved a physical person cleaning things) was not worth keeping extra 9's of uptime.
Don't you mean NTP? We've had this technology for years! If it's connected to the internet, it's a pretty fundamental piece of pretty much any networked OS. You can ensure correct time this way.
If you have a datacenter full of computers, obviously you don't want to run a separate GPS antenna for every system. NTP allows systems to synchronize to GPS over a network.
I've not heard that term used, and its bad. You shouldn't dehumanize people for being "cheap labor". Honestly, that guy flipping burgers is doing more real good for people than any number of highly paid software devs working on VC funded projects that will mostly end up in the trash.
Did you work in Oakbrook? I was on a team that was trying to make a few smart restaurants. We got to about 50 before the project was canned but we were trying to put everything from fryer oil life to what the platens were cooking and HVAC all on a touch screen. It was a lot of fun.
I’ve worked for a few commercial equipment makers. Talked to Oakbrook and Romeoville but never been inside.
Every time McDs changes CEOs I feel bad because that means almost every current project is going to be shitcanned as the new person tries to make their mark. Are you still there now?
I suppose ice cream isn't high on the list of services they feel they need up and running all the time, but if the machine is determining this I would think there would be some level of predictability that would allow them to schedule sanitizing and etc.
It's funny that the machine tells them there's no ice cream. I visited my local library for a tour. They have an automated system that collects returned books, sorts them, scans and processes them, then puts them in boxes to be shipped to other libraries if they need to go there. Or puts them in carts and labels them with instructions about the efficient path to travel to return books...
The humans just take orders from the machine when there is a cart ready with books to be put on the shelf or boxes to be sent to other libraries.
It's about ten years since I've worked with an ice-cream machine, but in my experience no matter the model they never forced you to try not to serve ice-cream.
They would enter their self-pasteurisation cycle, and the display at the front would tell you that is what it was doing, but it wouldn't prevent you from pulling the handle, if you so wished.
The problem, though, was that the barrel of the machine where the mixture was normally frozen was now at some 60 degrees C, it would be much much higher pressure than usual, and since the entire staff of a McDonald's tends to consist of teens who don't exactly take pride in the precision in which they carry out their jobs, at least once a night you'd have some poor kid blast a fine mist of hot sugary milk over themselves and the surroundings. Sometimes twice.
> I suppose ice cream isn't high on the list of services they feel they need up and running all the time
Depends on the country, here it is hot 9 months of the year. People queue up for ice cream every day. McDonald's has mini stores only selling ice cream.
Maybe it's the same in hotter parts of the US (which the article is about), for example Florida.
I recently saw a video that actually showed the machine (allegedly) was sterilizing itself. The video showed all the ice cream in the hopper melted and soupy, presumably heated to kill bacteria in it. The video creator claimed it took some hours to complete, thus the common claim that the machine is "broken"
I can tell you from working at mcd's in the late 90's, nobody wanted to clean the machines or take care of them, so we would turn the machines off. The manager generally didn't care unless someone complained to corporate or the franchise owner.
Because the teenage wage slave at the register doesn't give a shit about your fine distinctions.
When I worked that McDonalds the machine was almost always down simply because the night crew didn't give a shit and it was too much effort to clean. I worked mornings with the old folks because I was too uncool for the night shift.
hey now, most of the people I see working at McDonalds are fully grown wage slaves. Chick Fil A and In and Out seem to be the main purveyors of adolescent labor these days.
"Good sir, it appears that our ice cream machine is down for scheduled maintenance, can I interested you in a piping hot apple pie perchance?" - teenage wage slave ;)
If you tell the customer "It's down" or "Down for maintenance" you will absolutely get some who tell you "Just turn it on for me and give me my ice cream". If you tell them "It's broken" then you don't get that.
Even though it's a valid distinction, I'm not sure it's one that's valuable to the interaction being described.
It's a simple way of shutting down the customer. Broken: non-negotiable. "Understandable, have a nice day"
As these kinds of places attract the pettiest and most annoying customers anything else would make the customers try to bargain with you, even for stupid crap like that.
It's unfortunately the way the interactions between individuals and organizations seem to be trending towards.
The flip side is that when you have a non-standard request to a business (like a bank) or a government agency, it used to be that a low-level clerk would have some workarounds, or you could escalate to a manager. Now, they all have a convenient excuse: "the system doesn't let me do that". And it's true, because it's all SaaS software with inflexible business rules, controlled by some central team that neither you nor the clerk will ever be able to reach.
Yep, which is why I get pissed off at manual processes in which people are strict and exactly comply with the rules and forms. One thing wrong, nope, cannot accept this document. Well then in that case those people are no better than a computer and I welcome the day they get replaced with one.
“Down” used in that sense is computer jargon. “Broken” is universally better understood, at the small cost of some accuracy which doesn’t matter to the customer.
People have said "the phone lines are down" for years, meaning landline phone service was temporarily unavailable (often when no actual physical cables were knocked down off of poles, etc, though that might be where the use of the term originated in that case).
I'm sure there are plenty of other examples of using 'down' to mean the same kind of thing (all of which predated computer use being common in a regular person's life).
The French existentialist Jean-Paul Sartre was sitting in a cafe when a waitress approached him: "Can I get you something to drink, Monsieur Sartre?" Sartre replied, "Yes, I'd like a cup of coffee with sugar, but no cream". Nodding agreement, the waitress walked off to fill the order and Sartre returned to working. A few minutes later, however, the waitress returned and said, "I'm sorry, Monsieur Sartre, we are all out of cream -- how about with no milk?"
Sartre believed that it was impossible to abdicate the responsibility of making choices, because to choose to do nothing is still a choice -- in other words, "nothing" is a kind of something. So one might humorously imagine that Sartre would also think that "no cream" is a kind of something that could be different from "no milk."
Excellent! I once went to a local burger place - they have a menu full of the various types of burgers, all loaded with everything. My kids are super picky, so I asked for a burger, with nothing except the burger and the bun.
Server looked confused - but which burger did I want? It became apparent that while I could ask for a preset item and ask for removals, I could not actually go fully off menu. So I had to ask for "the cheese burger, without the cheese" (as somehow distinct to say, the bacon burger, without the bacon). I laughed at the ludicrousness of that, but now I see they were channeling Sartre! In retrospect it would have been a truly beautiful absurdity if see had come back and said "sorry, we have no cheese, do you want no bacon?"
Like the scene from Five Easy Pieces with Jack Nicholson. He asked the waitress for an omelet with a side of toast. She says they don't have a side of toast, so he asks for a chicken salad sandwich, on toasted wheat bread, and hold the mayonnaise, the lettuce and the chicken salad.
I get the feeling that it's also easier for the cashier to put it into the point of sale / ordering system. There are buttons for specific menu items, and then buttons to remove things from them, but no buttons to build a burger from scratch.
I remember working at the drive thru for Wendy’s. I learned all about some clever orders that saved you $0.50-2.00 by ordering things a certain way. I can’t remember anything specific, but I remember one time asking, “so you want an X?” And they came back with “no, put it in exactly how I told you.”
One implies neglect or incompetence, the other implies a limitation of a system.
Some people would look down on a franchise or a restaurant or a business that had super high failure rates. Like if the comedy section of Netflix went down every 3 times you tried to visit that section. As opposed to Netflix having some system level limitation requiring them to perform some magical dance and perform some spell every few days to keep the server room from exploding.
You would perhaps give Netflix more leeway and not feel as much disdain and switch to a competitor if you knew that the comedy section being down every once in a while was some legitimate limit the engineers had found and not just a shoddy organization. But if you just got some nginx 500 error page randomly you would be like 'wow this site is hot garbage'.
Given the "entitled customer" incidents I've experienced, seen, and heard about, "scheduled maintenance" sounds intentional and like something "you shouldn't be doing when I want my ice cream", where "broken" sounds like something the guy behind the counter can't help.
I'd be willing to bet that "broken" is just less likely to start a fight with an enraged customer whose day was very slightly inconvenienced by their inability to consume extra junk food.
> Ice cream, as a food that is very close to neutral in pH and without much in the way of preservatives, is a common source of listeria bacteria.
Former Blue Bell Creamery CEO was recently charged with seven counts of conspiracy and fraud for not taking proper actions in regards to ice cream based listeria in 2015.
> Ice cream, as a food that is very close to neutral in pH and without much in the way of preservatives, is a common source of listeria bacteria.
I know very little about food science so apologies in advance but curious as why they don’t add preservatives themselves to the Ice cream and why other pH neutral foods McDonalds do don’t require as much care as the ice cream?
Well, not always on the forefront, but they're the best at scaling it up reliably once they get it working. They test the living hell out everything they ship.
I would have imagined someone in technology (or at least enough to read HN) would understand the hidden complexities of things they're not intimately familiar with
Pasteurization via heating the entire machine to a high temp and holding for some time is likely the simplest you can get. No need for cleaning solutions, flushing, etc. Simply heat the thing up for a few hours.
As for duration, that's a function of temperature and desired safety margin. The higher temp you go to sanitize, the faster you can sanitize, but if they're heating the ice cream mix as well, there's likely a limit to how high they can get without damaging/altering the mix. So the other variable is time, and that's probably what leads to the multi-hour sanitize cycle.
That effect kicks in at higher sugar concentrations, e.g. a 2:1 sugar:water simple syrup, which can have some shelf stability. I don’t think soft-serve mix would be even close.
You need for there to be little enough water in the solution that cells with permeable membranes will be desiccated through osmosis. This can be seen in a common household science experiment, where you remove the outer shell of an egg by leaving it in vinegar for a while, then submerge it in corn syrup to watch its further transformation.
Sugar itself is food. It's the fact that sugar draws water out of the medium that it retards some kinds of bacterial growth (not botulinum for example).
Original author here: the phrasing placing an order was probably wrong - mcdonald's lists the products they're currently out in their api. I'm just querying for those.
My guess is that there is every possible combination of items that is added to the cart, and then the API response returns what items are unavailable/out of stock.
Honestly, I'm not in love with this post for HN. It seems like something done and communicated for twitter clout and is devoid of interesting details.
Because it's a meaningless number. If he is actually placing an order for that amount every minute, it would be a useful number (and he would be an asshole for making so many fake orders and filling their system with garbage metrics). If he placed ice-creams in the cart for 8000 stores, then he should give that number. The dollar value is a completely pointless number in this case, and was done purely for clickbait.
Not original commenter but I think jackric already alluded to the increased cynicism that develops from clickbait. Personally, when I see so many ppl giving up honest and nuanced statements/opinions for hyperbole in order to gain views/likes, it's disappointing.
Raises the noise in the signal-to-noise ratio of a browsing experience. I may pass over reading a useful truthful article because I'm trained to dismiss its title as misleading.
I appreciate the amusement and humor, but you might want to be careful with phrasing on something like this.
I think researchers and people who implement interoperation on the Web don't want to run afoul of federal law, nor accidentally give misleading guidance to people new to their kind of work, nor invite new rules that could be overly restrictive.
Not sure where this data is coming from but for months now I've been ordering ice cream through the McDonalds app only to find out when I get there that the machine is broken and that they can't cancel or refund the order, which ultimately results in a stressful cash refund. It's happened multiple times at various locations around Manhattan. Eventually I'll just use this method to get 30-day cash loans on my credit card.
Take it from someone who has spent a few summers troubleshooting, fixing, flushing and cleaning soft serve ice cream machine. If they are not working one day do not go back there and buy ice cream.
There are few employees who are trained to maintain and clean those thing at McDonald's.
If they get gross they usually just turn them off which cuts the cooling and then it gets very very nasty.
Getting a bellyache is the bear to hope for.
Disclaimer. I didn't work for McDonald's and it was two decades ago.
It still puke a little if I even see people eating it
3 hours I'm a closed kiosk at 31C cleaning out machines is a nightmare. The smell is horrible. But they didn't allow opening the flaps and letting air conditioning since it would be optically and stinkwise off putting for customers
It's not free. That cash refund isn't refunding the merchant their processing costs for the credit card. And that's what's paying your 5% cash back. The store is losing a pennies each time that happens and some of them are flowing to you.
Well, yes, but it's also them not refunding via the original payment processor and them letting the order go through despite being unable to fulfil it. I don't want to make a point that this is the moral thing to do, but the error is with McD here.
I'm not making any moral judgement. I'm just explaining where that money is coming from, and that it's not "free". Also, issuing a refund would still likely incur fees with the processor. They may dodge fees if they are within the window to void the transaction instead. Depends on their processor and contract.
Sure. But there is no actual thing as "free" money, in the sense that it all comes from somewhere. And honestly, probably nothing is truly free. Even sunlight is the result of spent nuclear potential of the Sun. Unearned is maybe a more precise adjective to use in these scenarios.
But again, the point behind my comment was to explain where the money was actually coming from. I feel like these responses keep trying to apply a moral-judgement reading to my comment where none was intended. If one didn't know the details behind merchant credit processing, they didn't know where that cash back was coming from. And the answer is that the merchant still lost money in that transaction.
Yeah I get that. I feel like my reply might not have properly explained itself.
Nobody is applying a moral judgement to your comment (that I've seen at least), we're pointing out that yes, we know there is no such thing as free money in a grand sense. For most people on this board merchant fees aren't some unknown thing. We know this, and obviously McDonalds takes a tiny hit for the fees every time they refund a card transaction with cash.
It's free money to the person it happens to is what the commenters were saying. McDonalds refunds my card payment with cash, I get the credit card points and my money back. It's free money. To me. McDonalds taking a hit is irrelevant to me as I did not lose anything, I only gained. Hence free money. The context is important.
If this is true you're also earning points for your purchase. I don't know why they wouldn't be able to refund an app-based order though beyond ignorance, considering I've had it done before.
Starbucks is really bad at this as well. I used to sit at a counter next to the pickup shelf, and probably 40 times a month just during times I was there, a mobile order would come through for unavailable items.
McDonald's mobile ordering has multiple contradictory and nonfunctional answers on how to get a refund, and I'm not sure any of them actually work. I'm going to try a chargeback soon.
From creator[1]: “I reverse engineered mcdonald's internal api and I'm currently placing an order worth $18,752 every minute at every mcdonald's in the US to figure out which locations have a broken ice cream machine”
It seems the first explanation given wasn’t entirely accurate (or is at least misleading), as they continued roughly 50 minutes later:
> to clarify how this works: mcdonald's keeps track which locations have a broken machine, I'm merely querying for those - no order gets executed, no ice cream is actually wasted
Maybe in reality, the order is created, but not actually “placed” in order to query the above info? Or maybe the first tweet was simply clickbait...
What I’m understanding is that the order is placed, meaning it’s in checkout. But he’s not actually fulfilling it, meaning he didn’t ordered/paid for ice creams for real.
Someone on Twitter also mentioned ice cream orders don't actually get filled until you arrive at the restaurant (which does make sense), providing an extra fail-safe for this.
I’m not sure if it’s a regular request, or so regular that it’s automatic, but in France, if you order an eat-in meal with ice cream, they don’t make the ice cream until you come back to the counter with your receipt and request it.
It's funny that this is possible. An altruist could create an order for "give a cheeseburger to that one guy who hangs around outside every McDonald's".
For reverse engineering, I highly recommend learning burp suite. (This is a bit like saying "Just learn vim!" in terms of learning curve, since the curve is basically a wall, but it's well worth it.)
E.g. I was curious how TPUs actually work -- the low-level protocol, built on protobufs. But burp suite is only good for analyzing HTTP. No worries, a couple plugins later and I was good to go: https://twitter.com/theshawwn/status/1315638127772405761
You'd be shocked the amount of information you get when you merely look at the traffic. Chrome devtools is nice, of course, but it's not an intercepting proxy; you can't (easily) capture every request, modify it, replay it, see how the webserver responds to malformed input, etc. Burp repeater makes all of that super easy.
Unfortunately the power is hidden behind a rather unfriendly UI, with some unfriendly defaults (the very first thing everyone wonders is, "why did burp cause my website to freeze?" answer: it starts up in intercept mode, so that's actually a sign that things are working; but you have to turn off intercept mode to actually get it to do useful things / see a bunch of requests).
There are some (VC backed) start ups that are open about doing it. Teller API is an example. [2]
[1] “Reverse engineering generally doesn't violate trade secret law because it is a fair and independent means of learning information, not a misappropriation. Once the information is discovered in a fair and honest way, it also can be reported without violating trade secret law.“ https://www.eff.org/issues/coders/reverse-engineering-faq
[2] “We reverse engineer these apps to discover their secret API contracts and then implement clients for them.” https://teller.io/
No, but unauthorized access to a remote server can be. Just because something is unsecured doesn't give one the right to access it. Anyway I would not take that gamble personally and risking indicted federally for computer fraud.
What in the world is Teller? Are they an actual company with an actual product? The authentication demo on their website is the exact same as Plaid Link, down to the wording. There isn't even a sign up link or pricing page, but they've somehow raised 4 million dollars [1].
The biggest problem, presumably just like Plaid, is that its institutionalized phishing tricking users into giving their online banking details to some 3rd party.
I've known about Teller for some time now but I have always thought that they seem shady... I don't have an issue with them reverse engineering bank APIs, I just don't get why, how and to whom they would want to sell that.
Any small change in any of these APIs completely ruins it for all of their clients. Not even sure if they have a product or service either but again, also not sure who would want that.
Placing bogus orders using a reverse-engineered API, however, is likely illegal. Especially at the speed and scale at which he is purportedly doing it.
It doesn't matter whether or not it is illegal. What really matters is whether some prosecutor somewhere thinks it is illegal, and dislikes you sufficiently to prosecute you–or sees enough political benefit from it to make it worth their while. "Hacker indicted for sending McDonald's $18,752 of fake orders every minute". It might be misleading (or even just plain false) but it makes a great headline. Even if they end up losing the case, they can still make your life hell for months on end with their criminal charges.
As the saying goes, "You might beat the rap, but you can't beat the ride"
And this headline is spectacularly un-useful. It's a map of which McDonalds have a working ice cream machine, obtained by attempting to place an ice cream order at every single store through the API.
(The order doesn't actually complete if you don't pay for it, so no ice cream is wasted.)
> to clarify how this works: mcdonald's keeps track which locations have a broken machine, I'm merely querying for those - no order gets executed, no ice cream is actually wasted
I think there is some confusion as to what he means by 'placing an order'. First of all, he's not ordering anything. At best he is loading these items into a shopping cart, who knows, maybe that's not even necessary depending on how the API is setup.
Second, it's not $18K worth of product are every location. He is almost certainly adding one value menu ice cream cone (or maybe chocolate sundae) from, one from each location. These cost between $1-$1.50 depending on location. A quick search says there are probably just shy of 14K location in the USA, and based on these assumptions, the ~$18K 'order' works based on these assumptions.
So, in essence he is filling the 'basket' with one ice cream cone, one at every location, and checking the results of which locations are willing to fulfill the order. I don't think this is malicious like some have imagined. It's silly, and fun, and I was happy to come across it today!
Quip worth thinking about[1] from the twitter thread[2]:
> it's incredible to me that a $5 digital ocean box can serve traffic for 200k unique visitors and yet there's startups out there who deploy their landing pages with kubectl
A commenter asks: "How are you funding the $18k per minute this requires?"
He replies: "I'm actually not paying for it! just placing an order."
I'm not sure how he's placing an order without payment information, or if he is providing payment information, how he's managing to not get charged for successful orders (when the ice cream machine is not broken). Perhaps the payment doesn't go through until he arrives to pick up the order?
McD app does not post txn until you arrive at location and tap check in (GPS "enforced"; if you don't send a reasonable location to the backend it will tell you to just show your phone to a cashier and fail it)
that being said - this is probably irrelevant, because you don't actually need to place an order. mcflurries will show up as not available / disabled if the restaurant is not accepting ice cream orders (to disallow you from adding to cart on the official app).
you just poll for snack/side items available at location, nearly a single call. you do not need to place an order, and you do not need to draft an order, or preauth. it's just viewing the menu
The app remembers your previous orders. If you order the same thing each time, you just press the previous order to order it again. Done in like 5 seconds.
I ran the McBroken data through the Spatial Equity Data tool. It found McDonalds are slightly overrepresented in white areas while locations with broken ice cream machines skew Black and low-income.
The machines also perform better in areas with: low English proficiency, limited household internet access, low-income residents, uninsured residents, cost-burdened renters, residents with less than a high-school diploma, and unemployed residents, according to this tool.
I wonder why you chose just that one specific stat to highlight.
You are mixing "over represented" and "under represented" information which could be tricky; they were only looking at over represented.
The data does seem to suggest that in an area annotated as "white" you are more likely to have location and it is less likely to have broken machines, whereas in an are annotated as "black" the opposite is true.
Those are the only two categories showing up as extremal on both tests.
Without digging into the methodology it's hard to get much more out of it. It's also not clear hwy "Low-income" doesn't show up as blue/over-represented on that chart.
Considering that all of these machines come up/down cyclically and automatically for sanitizing (pasteurizing) purposes, as described higher ITT, you're a great example of how data can be massaged to drive whatever narrative you want.
It's possible that there's a disproportionate number of machines in minority areas misconfigured.
It's possible that there's a disproportionate number of machines in minority areas that are old-style manual-clean.
It's possible that there's a disproportionate number of machines in minority areas disabled for some other reason (ingredient supply disruption? Demand not worth the cost of keeping the machine on all the time?).
It is, indeed, possible that there is correlation without causation.
But the real answer is "We don't know why, and huh, isn't that interesting."
If they're automatically reporting via API to the online store, so the author can check the status in his script, they're all the same model with auto-sanitize. The old manual clean models always report online, then the customer gets rejected and refunded when they actually go pick up their order, as mentioned elsewhere in the thread about some NYC locations. Nice try, but you know, burden of proof on the accuser and whatnot.
That adds doubt on one possibility (though I don't know if those devices are reporting their up/down status via a voltage checker for manual cleaning units), but there are other possibilities.
If you're implying that McDonald's is somehow racist for failing to maintain ice cream machines in black areas, recall that it's mostly local staff who are responsible for that.
It can’t restore color perception (you’ll still have reduced color bandwidth versus someone who isn’t), but it can rewrite the visual spectrum being fed to the display onto narrower bands that sidestep the colorblindness gaps. Especially valuable when paired with the Magnifier mode that lets you look through the rear camera on the screen.
Windows 10 can do it too. It's called "Color filters". Both "Red-green (green weak, deuteranopia)" and "Red-green (red weak, protanopia)" work to allow me to use the site. The second one is more visible, but also much more distorting. Also I've now enabled the hotkey (win+ctrl+c).
He wouldn't have tweeted it if it was malicious -- he could have even kept it secret. What is it with HN? little pranks, reverse engineering, vulnerabilities, free ice-cream. I do not condone crime but let's be honest, he could have made money with his findings online...the person is just letting his curiosity go wild. If Yelp wants to fire him I'd take him in my company any day.
I agree there's tons of threads above us that have cobbled together assumptions to make it feel totally cool and no problem at all for the stores and backend.
I don't agree they know the impact, and it's just plain dumb to announce you're abusing a private API for fun under your real name and employer, it's equivalent to yelling "I abused my unauthorized access to a billionaire's computers!" in front of the billionaire and DoJ lawyers.
Everything will probably be fine but this was _not_ very smart.
You probably have a different definition of malicious than most of us.
What you're thinking is, "Did he do this to break things at McDonald's or actively hurt them in some way?"
But if he's hitting an internal API and creating a bunch of fake orders for the purpose of gathering data, that's malicious, whether or not it breaks anything on McDonald's side.
When will this guy realize that the only acceptable pastime for hackers, post-2020, is having long discussions that involve the word "policy" many times?
It is all hipsters now; hackers having fun not for profit r long gone in another era. Lets see how fast this kid gets himself behind bars for trying to outwit a corporation. I agree that he overdid it but he might only see his wrongdoing in hindsight. I'm glad my comment picked up some steam; we are too locked in chains behind rules nowadays, kids can't have a little fun anymore. He can be a valuable asset to any company than falling in the hands of real criminals behind bars
This site is so clean. If the creator sees this, or if anyone else has the knowledge or pointers, I would like to know how to create a basic one page site with a map interface just like this one. I have zero programming experience for reference.
The most basic version of this would be an Google Maps embed, but you'll quickly run into styling and interaction limitations.
Not the author, but McBroken looks to be built with Mapbox's Javascript library, so you'll need to break out a text editor. They have some good starter docs here:
You can learn a lot by signing up for an API key from Mapbox and tweaking their example code. They even provide online editors so you don't even need to work with an HTML file locally (though I'd still recommend that for permanence). No React, no Webpack needed!
As rkv said, that's a list built in React. The elements (store locations) in the list are filtered by what's in the map's viewport. There are also mouse event handlers on the list and on the map which trigger interactions between the two.
This site receives all its data via vector tiles [0]. So as you pan around, you fetch basic visual map information (what the geography looks like) and McDonald's data at the same time.
The map in the Twitter thread doesn’t seem to support this, but from the cities listed on the page it seems like the colder cities have more broken ice cream machines.
It's working: it's just slow, presumably because we've hugged it nearly to McDeath.
Also a shame the only country it supports at the moment is the US because I could really do with checking whether the ice cream machine at the McDonalds up the road is working or not.
McDonalds declined to retain me as a consultant when I reported issues with their Mary AM Johnson API holes. I probably should have marketed myself in a more formal fashion.
They must do something differently here in Poland, because I don't think that, over many years of semi-regularly buying ice cream (mostly McFlurry) in McDonalds, I've been told even once that they can't make it because the machine is broken/under maintenance.
I guess he used the API from the app, add a large order and try to go to checkout.
If McDonald want to avoid angry customers they alert that the item is out of stock, before finalizing the purchase.
He then automatically do this for every store to check if the machine is working or not.
A friend of mine who managed multiple McDoanlds 20 some years ago says he would never eat ice cream at mcdonalds ... unless he'd just cleaned the machine himself.
Apparently they get gross pretty fast and a lot of the staff is not especially good at cleaning them.
As other commenters have noted, this is old information. The machines now sanitize themselves, which is apparently why so many are down at any given time.
The McDonald’s app for iOS does aggressive jailbreak detection, probably for the exact reason we’re seeing here: their API has terrible security. I wonder what’s the worst one could do with it, like order things for the price of $0.00?
There’s also a Knight Rider Lab in the Atlantic Ocean. Michael Knight is so cool his secret base has a McDonald’s. I wonder how KITT gets there though.
Semi related to this McDonalds has surprisingly high quality standards for the software of their ice cream machines, for one company I talked to I think they required 100% branch coverage
Further down the thread he mentions that no order gets executed, he's just querying. I guess still making trouble for anyone using that data, but at least nothing's going to waste.
That just leaves me with more questions. What does he mean by "executing" an order? He used the word "placing" before. Is he placing the order and then immediately cancelling? Or is he just putting items in his cart? Why such the high dollar total on the order? Is it a single order at every store every minute? Does it really need to be that frequent?
Regardless, it annoys me when I see developers abuse semi-public APIs as it just ends up being a motivating factor to close things off more. There is most likely some developers working for McDonalds who have been scrambling as a response to what this guy is doing. It isn't nice to create unnecessary work for others just so you can have a little fun.
Like any other e-commerce store, you can add stuff to your cart, and then choose not to check out.
And it is typically during the cart-adding process that you find out if a product is actually available for purchase or not, as opposed to at checkout time.
I would assume that's what is happening here, which means it's not actually affecting any in-store operations, just (as the author says) probably messing with their analytics a bit.
Hopefully he's doing it in a way that lets the analysts easily mass-filter his activity (perhaps by IP, or by adding some filter for his very atypical "one McFlurry from each store" order configuration).
Seems reasonably harmless in my mind, if he's not making use of any non-public endpoints or keys.
He has said multiple times that orders are "placed". He also said they aren't "executed". Based on what other people are saying here about McDonald's workflow, it sounds like a placed order wouldn't actually be executed unless he shows up to the store. That is probably what is happening here. It may be "reasonably harmless" but it is still not a nice thing to do just for fun and 15 minutes of internet fame.
EDIT: I'm not sure why, but moderators have detached this line of comments from where I was originally replying. I really don't think questioning the ethics of something like this is out of line on HN, but I can understand the phrase "kind of an asshole move" might have upset some people. Since this is the only comment I can still edit, I will just throw in the clarification of context that detaching this comment might have removed. The "asshole move" I was referring to is the practice of brute forcing this information through an internal McDonald's API by sending $18k worth of orders every minute.
For what it's worth the author joined the discussion and confirmed he is not actually placing orders, but rather using the API to check availability of a product.
He doesn't say how that works, but again if I had to guess I would bet it's checking the response to "add to cart" or something similar.
If you've never used the McDonald's app, then you can place an order, but the store doesn't receive it and do anything until you arrive at the store and it detects that you're there. During this period, you can cancel the order. My guess is that's what he's doing.
Based off the information at the site and the tweets, the most sensible explanation is that it's a single order that gets attempted, but the cart gets cleared. Rather, it's the sheer number of locations that McDonalds has licensed it's name to that cause the dollar value.
Given the cost of $1 for a cone, he's checking 18,752 locations per minute, or about 1.28x the number of branded restaurants in the US + Canada.
With that logic, any company that serves meat should be exploited and ridiculed on Twitter for their broken ice cream machines (that might not even be broken, apparently). Why?
are you equating buying beef to the holocaust? And since I buy beef, are you equating me buying beef with the halocaust. And because I buy beef, should I also get thrown in prison?
Would it be more reasonable if everyone who bought beef be thrown in prison?
WTF is wrong with ice cream machines? It isn't just mcdonalds where they are almost always broken. I don't remember that being the case when I was a kid.
This question comes up frequently on reddit, and the oft repeated reasoning is: 1. the machines need to be cleaned every n hours 2. there's no failover 3. you're likely to visit the mcdonalds at the same time (eg. getting home from work) so if you're unlucky with timing, the machine would appear to be always broken from your perspective.
I don't know how old you are, but growing up in the 90s, my dad (a food scientist) was mostly fine with me eating crappy fast food once in a while. The only hard rule he had was "never eat soft serve ice cream". Before technology was all there, the machines back then were apparently nightmares in terms of safety.
Federal and state [1] (depending). Computer Fraud and Abuse Act of 1984. Easy to prosecute, jury wont understand anything. The penalties are horrific Related, Terminator (1984) was also released during this year.
Well, I suppose it it's not a public API he may have had to o some work to analyze and piece together conventions, parameters, etc. Personally I just refer to this basic stuff as "analysis".
Yeah, I think my comment is not so great, as you could totally call this reverse engineering. Kind of an off-the-cuff reaction on my part that wasn't very considered.
LOL! It's so ridiculous that this is a problem so often. I was in McDs once when the service guy was there. I overheard him say it would be $9,000 to fix just the shake side of the machine. I thought to myself, "That's a lot of milkshakes! There's a grocery store in the same parking lot... gallon of ice cream, some milk, and a blender. Problem solved."
I mean, the OP is literally right - ice cream + milk in a blender results in a better milkshake. Try it sometime. That's how milkshakes are made at a lot of the other restaurants.
Don't be dense. What I described is the _official_ and _correct_ way to make milkshakes that you will find in any decent cookbook. You've responded with false equivalence.
For the customer that's an option yes, but for the restaurant not so much. If you have a look at the fineprint of the blender it will say something in the line of "For private use only". This is not just because they want to extract more money from restaurants, it's because the engine is so poorly cooled and low quality components that it will melt if you run it longer than 10 minutes without letting it rest.
So yes, the customer can go home and make their own milkshake (unless they are on a trip and can't go home to make milkshake). But the store owner can't depend on a consumer grade blender to make 50 milkshakes in an hour.
In my view, the costs of equipment, service, and goods really drive franchisee profit down. Don't know why you'd want to be a franchisee, you need a whole stable of stores to make it work and profitable.
It seems that Twitter doesn't always work on Firefox. The Tweet says:
> I reverse engineered mcdonald's internal api and I'm currently placing an order worth $18,752 every minute at every mcdonald's in the US to figure out which locations have a broken ice cream machine
What law is he breaking (relative to both the US and Germany)?
In US criminal law, there is the Computer Fraud and Abuse Act, which has very specific narrow provisions, including the test of "has to intentionally cause damages to a computer system part of interstate or foreign commerce."
Which does not apply here.
McD's would have to pursue, instead, a civil case, based around a EULA or ToS, tantamount to breach of contract, and to recover damages.
I would assume that Ronald McDonald Esq would just issue a form Cease and Desist, and call it a day.
> [DMCA] section 1201 creates a potential legal obstacle for a researcher or coder if a software vendor employs mechanisms that control the way copyrighted software or other materials can be accessed or used. Many people think of section 1201 as prohibiting cracking digital rights management schemes (DRM). However, the language of section 1201 prohibits more than breaking traditional “copy-protection” mechanisms applied to DVDs and digital video downloads. It also prohibits breaking “access controls”. Software vendors have argued, or are likely to argue, that techniques such as authentication handshakes, code signing, code obfuscation, and protocol encryption all qualify as “technical protection measures” protected by the DMCA.
Under the Computer Misuse Act in the UK, unauthorised access is enough, especially if it impedes other uses from legitimate access. (IANAL either mind)
If he's just triggering "Add to Cart" and the system responds with "Ice Cream Machine Broken" then it's relatively less harmful. As he says, it probably messes with their data. Unlikely that he's spending $18000 per minute.
Not on an internal API I wouldn't think - he's just spoofing that volume of orders from registers, as if customers had walked into all stores and all ordered the same ice cream simultaneously.
It's more like they ordered from mobile, but didn't checkin/pickup so they're not wasting food or $$.
> to clarify how this works: mcdonald's keeps track which locations have a broken machine, I'm merely querying for those - no order gets executed, no ice cream is actually wasted
The McDonalds app lets you place an order, but you have to check-in (via the app) when you arrive to pick it up. They don't start preparing anything until you do that; you can cancel, change stores, adjust order, etc. up until the "I'm here" button is hit.
Or... they could just modify the API a little and keep the guy who has learned something that didn't really cost them anything, and that a new hire is unlikely to know.
But you are right, corporations do usually prefer to behave in a psychopathic manner.
