I think that there should be an immediate moratorium on inter-facility P6 (and P4 if necessary) wagers until the tote systems can get the bandwidth to handle the wager details when placed. Anyone agree?

I don't understand why the transmitting of the specific combinations should cause "computer gridlock". How much information is needed to be transferred for each combination? Let's say it is 100 bytes (1 byte = 1 character), which seems to be to be a high estimate, but I really have no idea (I guess I could actually look it up in the manual from the link rrbauer provided!). This pool, which is about as big as they come, was 4.5 something million. So figure there were roughly 2.3 million combinations x 100 bytes each = approx 219 MB of data. And that is the total coming in from all outlets (including the host) for the biggest pool of the year. Most pick 6 pools are 1/10th of the size or less.

That really doesn't seem like that much data to transfer over a broadband system, since each outlet would only have a fraction of the total. Surely if you did need to "skip legs" of the pick 6, you wouldn't need to skip more than one, would you? Or maybe there really is a vast amount of data to transfer with every single combination?

Probably the SW isn't configurable and needs a re-write. Major problem if the system is a few years old and the original work was done by a contractor that may or may not still be around. A lame excuse is cheaper and will be believed by most. :rolleyes:

Bill

As you know I have been a holdout regarding whether, or not, the BC Pick 6 was ripped off. Now that the officials of Autotote and Catskill OTB are changing their tunes, my confidence in the Past Post scan process being secure has evaporated. Here is a copy of an email that I sent ten minutes ago to the CHRB and copied about 40 horseplayers.

To the CHRB:
I believe there needs to be an immediate suspension of all Pick bets at California tracks that are subject to the Past Post "scan" procedure currently in place to move Pick bet data from betting outlets and betting hubs to the host track until such time that California Racing regulators are 100% confident that the system in place to handle the betting data is secure; and, that appropriate controls are in place to provide indisputable audit trails and logs of all transactions and of all system access by any person at any location. Based upon information now being
provided via the media from Autotote it's clear that the system is not secure and has not been secure for who knows how long. It's further clear that the system security has been breached to the detriment of who knows how many horseplayers for who knows how long.

I believe that failure to either suspend the acceptance of Past Post "scan" data; or, initiation of the requirement that all betting data be transmitted by betting outlets and hubs to the host track immediately upon closure of the race that begins leg 1 of the Pick bets, places the integrity of the betting process and the money of racing's customers at risk beyond the risk that should normally be associated with such transactions.

Further, I believe that if California racing officials do not act
immediately to effect this emergency measure then they are derelict in their fiduciary responsibility to the citizenry of California and should either resign, or be removed from their positions.

I intend to press this issue as hard and as far as I personally can;
which, if you know me, you recognize that it will be very hard and very far.

Sincerely,
Richard Bauer
Irvine, California

Game Theory wrote:
That really doesn't seem like that much data to transfer over a broadband system, since each outlet would only have a fraction of the total. Surely if you did need to "skip legs" of the pick 6, you wouldn't need to skip more than one, would you? Or maybe there really is a vast amount of data to transfer with every single combination?

Every bet transaction has a lot of control data that accompanies it. Also, I believe that some locations probably are running a pretty slow pipe, so that network congestion could be an issue--but, frankly at this stage of the game we need to stop accepting the excuses and lame pronouncements from the Tote and OTB fat cats and start jamming until they get it right (and, a few heads roll!)

The past-post scan could be effective and made more secure if it was run after each leg and each scan created a new file consisting of only the remaing "live" tickets. That process along with solid audit trails, record counts, etc. would prevent anyone from adding a record along the way without a lot of bells and alarms going off; and, it would prevent someone from placing a "template" bet in the system for the purpose of subsequent revision, because the bogus bet would fall out with the first losing leg.

I know I am begining to sound like a broken record but all of this can be fixed if every simucasting site is required to provide adequate computing processors at their site and large enough pipes to process all the data in real time...PERIOD. no short cuts, and especially no security shortcuts. If you do not meet the standards and pass audits to prove you have meet the standards then you are not permitted to send or recieve simucast signals or take simulcast wagers.

If this was required it would come down to comply with the standards of go out of buiness. Then see how fast things get fixed.

rrbauer,

I believe your proposal for multiple scans would improve security, but it would not guarantee security. It would still be possible to submit a template with handicapped selections and adjust the template after each losing leg before submitting it, much like is already being done. This would make it more difficult to past post, but not impossible.

There is no need for any past posting. Send all the data when the bet is made, no need to accept these money saving shortcuts at the expense of security. Beef up the computers and networks to handle the load.

Mike, ranchwest, et al

Sending all of the data to the host site would reduce the window of vulnerability to what could occur at host sites. It wouldn't eliminate it.

As to monkeying with a file, it can be set to read-only and locked for update. Before the scan or after the scan. It's locked.

Setting to read only isn't much of a solution because someone else can easily restore the write priviledge. The thing to do is to have a multi-tier situation, where you need network clearance to get to the server. Once the system writes the data in, nobody can write access it.

ranchwest

We're not talking about a file attribute on a PC system here.

We're talking about something that is done at the operating system level that requires password access and system admin privs to change; and, if it is changed, it gets recognized in a system alarm log, at master console terminals and emails start announcing the security breach. Yes, someone with the right access info and privs can change it, but when they do, it's like dialing 911.

Rick B.
Thanks for writing that letter to the CHRB.
You speak for many of us in Calif.
I too, was very defensive of the system right up until this hit us.
My tote watching friends kept saying it was being done, and most of us laughed at them. "Toteboard Voodoo", we called it.
I think many pick six players here feel as if they have been violated, sort of like a person would feel coming home to a house that had been robbed.
:mad: :mad: :mad:

RB I still stand by my original comment. Send all the data when the bet is made, build the networks big enough to handle the lode. If the if a particular OTB can't or won't do this, close them down or deny the signal and wagering privileges.

You letter is great, but even if the CHRB does everything you mention they do not control anyone outside of CA borders. Any podunk OTB with lax security and employees with knowledge and a willingness to steal can do so, from any track in the country running P6's. I would not be surprised if some of the big P6's in CA have not already been comprimised in this fashion.

We need a national network with fixed security standards and everyone complies or gets out of the business. It's time to quit pussy footing with wager security.