Posted by
ryuzaki0
on from the do-it-yourself-toll-gate dept.
MC68040 writes "The guy at this site managed to build something together that's actually quite neat in the way he built it, all hand-crafted system that uses a linux box to unlock his door. Maybe not the coolest of solutions, but actually a pretty good idea as for security in my humble opinion."
Re:Great
by
Anonymous Coward
·
· Score: 4, Interesting
Does he have a back-up way of getting into the house, if the power goes out (and he doesn't have a UPS)? Or, would he resort to climbing into a back-window, which should have red-flagged his security plans earlier?
Just wondering...
Re:Great
by
Anonymous Coward
·
· Score: 0
Oh no... don't slashdot my house... That is where I keep my stuff.
If you looked at the link, you would see that he specifically states, "The door still functions as it did before". He used an electric striker plate, which releases when power is applied to it. So if the power goes out, he just uses a key.
Now he's just going to be a dick about it. His door probably still worked fine, he just couldn't open it from remote. But I don't know that, because I don't know how it works, thank you very much door guy.
Re:Great
by
Anonymous Coward
·
· Score: 0
So to break in, you just cut the power lines and wait for the UPS to run out...
Re:Great
by
Anonymous Coward
·
· Score: 0
That's retarded. How can he look at the link when the whole point of his post was that the link has been slashdotted?
That's not funny. This poor guy comes up with might be a great little hack, and/. kills it. Constantly, we read on/. about how certain big companies should take responsiblity for their actions. Well, I say it's time for/. to stop being a hypocrite and start doing it itself. Ask these site ops if they'll be able to handle a/.ing, if not, offer to mirror the site for a day or two. If/. has no problem with the load, great, then help out those that can't.
-- Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
Re:Great
by
Anonymous Coward
·
· Score: 0
/me thinks people are not reading this in context when the meta moderate.
We used to call it the LOD (Link Of Death). Actually had drives crash and CPU's burn up from massive linking
And to scan the barcodes
by
Anonymous Coward
·
· Score: 2, Funny
He uses a CueCat!
Re:And to scan the barcodes
by
Harald+Paulsen
·
· Score: 4, Funny
CutCats are cool, I got a friend in the USA to send me one. Thought about hooking it up to a computer near my refridgerator to keep track of groceries and expiration dates.
Hmm, imagine using it for access entry. "Sorry, you have to carry a bottle of jolt to gain access here", or "what, a pepsi!? No access for you!"
-- Harald
Re:And to scan the barcodes
by
MattCohn.com
·
· Score: 2, Informative
The scanner has a CCD; I don't have to slide the barcode.
Funny, and I've implemented something similer with a CueCat, but he would have to slide the barcode if it was a CueCat. Also, barcodes for entry arn't very secure. If anyone gets ahold of your card for 10 seconds, they can make a photocopy and have your security level. A magnetic stripe would have been a better choice for REAL security however, because it takes more elaborate equipment to duplicate.
Re:And to scan the barcodes
by
Frater+219
·
· Score: 5, Funny
Hmm, imagine using it for access entry. "Sorry, you have to carry a bottle of jolt to gain access here", or "what, a pepsi!? No access for you!"
] inventory
You are currently holding the following: a set of keys, a brass lantern, a case of Jolt Cola[tm], and no tea.
] look
You are in the Cubicle of the Mountain King, with passages in all directions.
A huge green fierce programmer bars your way!
] n
You can't get by the programmer!
You're in Cubicle of Mt. King.
A huge green fierce programmer bars your way!
] drop jolt
The programmer attacks the Jolt Cola[tm], and in an astounding fury rushes off to enter the International Obfuscated C Code Contest.
] n
You are in a low north/south hallway at a hole in the floor....
Re:And to scan the barcodes
by
DarkZero
·
· Score: 3, Funny
Also, barcodes for entry arn't very secure. If anyone gets ahold of your card for 10 seconds, they can make a photocopy and have your security level.
Personally, I see this as an upgraded form of "security through obscurity": security through weirdness. People know where the average person puts their keys and where the average person puts plastic cards (which most magnetic strips are put on)... but a barcode? W(here)TF does someone keep their BARCODE? A potential invader or an unscrupulous friend will be stunned by it. You can't look for a Hide-A-Key. He's not keeping it on a key rack. He probably can't just throw it down on his desk when he gets home. Hell, for all they know, his spare could be tattooed to his left ass cheek.
It's not obscurity, which is what the Hide-A-Key is. It's just weird, and on an individual basis, that could work for security.
tattoo
by
Anonymous Coward
·
· Score: 3, Interesting
he should tattoo the barcode on his hand... kinda like a "fingerprint"
Re:tattoo
by
rainman31415
·
· Score: 3, Interesting
he should tattoo the barcode on his hand... kinda like a "fingerprint"
yeah, but why does that remind me of soemthing in the Bible? seems kinda apocalyptic if you ask me, and if he personally brought the beginning of the end of the world, i'd kick his ass.....
will eat script kiddies for fun....
rainman
Re:tattoo
by
Anonymous Coward
·
· Score: 0
yea but then if i cut his hand off, i can get in his house and if he needed to change the code? Lots of tatoos?
An alternative to this would be like a passive-active system where you have a chip embedded into your skin. Then when you are in proximity to the active scanner and try to turn the doorknob the thing recognizes you and unlockes the door.
Of course, someone could hack your arm off and get in your place but at that point I'd think you'd have more worrisome things on your mind.
That'd work until someone walked behind you with a camera and took a good photo of your hand. A few minutes with the perspective tool in The GIMP (come on, you know the theif would be a nerd), and some filtering, and you have yourself a key.
It's kinda like using fingerprints for keys. You leave them everywhere you go, and you can't change the locks when somebody gets the 'key'.
There are magnetic locks that exist already that let you walk by the sensor with the magnetic 'key' somewhere in proximity, and it will unlock automatically. Granted, it's not as secure as having something embedded into your body (albeit a little less scary), but it's as secure as having a traditional key-lock system, without the nuisance of having to pull out the key and insert it into the door lock.
Would also make it easier to unlock the front door when you try to find the keyhole in pitch black situations:]
he should tattoo the barcode on his hand... kinda like a "fingerprint"
If this worked, it wouldn't for long.
I've got my SSN tattooed as a barcode on my forearm. It's just for looks, since even if by some miracle the artist was able to make the lines as razor-straight as they need to be, the change in size of your muscles and skin over time would distort it enough to make it non-machine-readable.
The last time I went to the dentist, one of the assistants saw my tattoo and told me a long story about her son who was in the US special forces. Apparently they'd had some kind of plan to use them as replacements for dog tags, but ditched it in favour of implanted microchips like you can get for pets, since there's a lot less hassle involved. Obviously I can't confirm the truth of that though.
-- "...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
Well they have those little chips with the glass capsule around them that they put into fido to let the vet scan him to find out who he belongs to... hmm same idea, get the pellet installed into back of hand/underside of wrist and when you put hand near doorknob... click there ya go
Great... now we've slashdotted Google's cache...:-)
Re:Cache
by
Anonymous Coward
·
· Score: 0
Oh well, at least you get a general idea:) And so far Google hasn't been slashdotted into numbness.
Turn off the image loading and save yourself the bother.
23 years ago...
by
Pig+Hogger
·
· Score: 5, Interesting
23 years ago, I was involved in a project to make a portable computer for data-entry, to replace optically-readed mark-sense sheets.
The final solution was to have no keyboard at all, but rather a computer whose motherboard was embedded in a 3-ring binder, with sheets.
On the sheets, were some barcodes, arranged in roughly the same layout the mark-sense cards were.
(For the geeks, the machine was MC6809-based, and had 56K CMOS RAM. The LCD display was always powered, but the computer shut down after it finished decoding a barcode and processing the "keystroke".)
Simple: Just create a battery powered circuit which states that if no power is going to the computer/scanner then allow for key entry... of course making it would be harder than that.
Electric door strikes open only when power is applied to them , meaning when there is no power you can still open the lock with a key. Not always the case. Depends on if the locks a re fail safe or fail secure. Some Fire Regs in some states require locks that unlock by dropping power to the lock (depending on application). Most locks allow a key override though, as you stated...
you use the revolutionary device that is made out of brass that you stick into the specially designed receptical and turn. If the pattern of the bumps on the brass piece match the lengths of the brass cylenders that are spring loaded in the receptical it will allow you to turn the brass piece and retract the securing mechanisim.
It's really a new device you should see it on the shelves sometime in 2006 called a lock and key.
-- Do not look at laser with remaining good eye.
your house as a semi-permeable membrane
by
timothy
·
· Score: 5, Insightful
What's cool about this idea (to me) is that it actually has the great thing about many modern hotel keys (the ones with little holes, or mag strips), which is reprogrammability, but without the major hassles (specialized equipment to punch holes or re-stripe a card).
With a system like this, you can provide time-bounded access -- the petsitter can come by while you're gone part of this week, but her code might not be on the approved list for, say, 1 a.m. next Saturday night. Not that it would stop a real burglar, but all security systems are a series of intentional nuisances to bad guys. This way, there's no "spare" key floating around to be lost and worried about.
Plus you can send someone who needs to come by when you're not there (that petsitter, or the neighbor you've asked to check up on things) to open the door a "key" as a JPG file; they print it out, and it's their open sesame, at least at the times you've set them as welcome.
Since I like to think of houses as cell walls (hey, metaphors are meant to be reversed and amplified!), this lock system really resonates with me.
Re:your house as a semi-permeable membrane
by
outlier
·
· Score: 1
and, anyone with a free barcode font can create a new key to break into his house!
Sweet!
Re:your house as a semi-permeable membrane
by
delta407
·
· Score: 2, Insightful
a "key" as a JPG file; they print it out, and it's their open sesame
Problem: most barcode readers fail when trying to read fuzzy barcodes, making JPG a very bad choice. Also, unless you have a nice barcode reader, you'll probably have issues with barcodes if they were not produced by a laser printer; inkjets simply do not give the definition you need. (Besides which, laser printing is good for other reasons -- if your key gets wet, you won't have ink smearing all over.)
If you used PNG and could guarantee that the receiver had a laser printer (or thermal, for that matter), then it would work. If you want to use JPG and inkjet, well, good luck.:-)
Re:your house as a semi-permeable membrane
by
MORTAR_COMBAT!
·
· Score: 5, Interesting
Indeed a cool idea. I would add that the holder of a 'key' should definitely keep it in a sleeve, though, lest high-res photography would allow for a duplicate key to be easily created.
The 'sending a JPG' to the baby-sitter starts out as a very neat idea, but what happens when baby-sitter has a popular e-mail virus which sends her e-mail to 100 people in her address book? Instant house party? Naturally they would only have the same access time slice as the baby-sitter, but they could just wait until after he/she is alone in the house and walk on in.
but without the major hassles (specialized equipment to punch holes or re-stripe a card)
It also means any Joe with a printer can make themselves a valid access card. I thought for quite a while about putting a similar setup at my house, but I decided instead to go with an extremely similar method, except instead of bar-codes I use hand prints. A lot of the advantages (time slices for the maid and sitters) without being able to be so easily produced (until advanced cloning techniques allow people to commonly grow copies of my hand).
And w.r.t. the people who keep asking about 'power outages' for (1) ever heard of generators of batteries and (2) naturally a physical key still works in the lock, duh!
-- MORTAR COMBAT!
Re:your house as a semi-permeable membrane
by
bergeron76
·
· Score: 2
Use PDF and the JPG problem is solved. Make sure that the "print scaled" option is selected, and your printed barcode is identical to the original (assuming a decent printer is used).
-- Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
Re:your house as a semi-permeable membrane
by
Anonymous Coward
·
· Score: 0
You still have scaling problems, because there are specifications as to how big is too big.
Re:your house as a semi-permeable membrane
by
jebell
·
· Score: 2, Informative
Rob at Cockeyed.com didn't seem to have problems with his personal bar-code project.
It looks like an inkjet printer, but I could be wrong.
-- This is my sig. There are many like it but this one is mine.
Re:your house as a semi-permeable membrane
by
marshac
·
· Score: 1
I like that idea of sending the bar code!
To improve upon that idea, you could actually send someone a bar code as a picture message to their cell phone. Since most cell phones have a standard LCD display, the CCD reader should be able to scan it without any problem. Lost you key? No problem! I'll send one to your phone!.
Nifty.
Re:your house as a semi-permeable membrane
by
DarkZero
·
· Score: 2
The 'sending a JPG' to the baby-sitter starts out as a very neat idea, but what happens when baby-sitter has a popular e-mail virus which sends her e-mail to 100 people in her address book? Instant house party?
That highlights the real beauty of this system. The only access to your house is wanted access or forced access. If the sitter realizes that she has a virus or just thinks that someone else may have figured out your key, they can just call you on vacation and you can VNC into your Linux box or send an e-mail to it to change the code, then email them a new one or email one to someone else.
For as long as there have been door locks that you can buy in stores, people have been changing their locks because of stolen keys, angry family members or former lovers, and missing keys that may or may not been in someone else's hands. Under the current system, you have to buy new locks for every external door in your house if you want to change the key. Under this system, all you have to do is type up a command on a keyboard.
And yes, I'm aware that having door locks that can be controlled via the internet is insecure, but the point is that you can control it any way that you want. If you think you can set up a really good network that is unlikely to be hacked anyway, you can make it so it can be set through the internet. If you can't set up a really good network, you can just tell your sitter what to do over the phone.
Re:your house as a semi-permeable membrane
by
Yottabyte84
·
· Score: 1
I use an inkjet with my cuecat, and it works fine. I had to play with sizes a little, though.
Re:your house as a semi-permeable membrane
by
adolf
·
· Score: 2
Eh?
Barcoding isn't a very demanding exercise.
Where I work, we've got a few barcodes taped to the counter. Thermal-printed, been there for years: the paper is turning brown, and the black is a somewhat-vague purple.
We scan these fairly frequently on a daily basis, without problem.
The USPS seems to be happy with uneven dot-matrix printed barcodes; look at the lower-right corner of the stuff that drops through your mailslot sometime. And this is for so-fast-it's-blurry mail-sort systems, on particularly-lumpy material.
I've noticed 2-dimensional UPS barcodes (the funky ~1" square you see on some shipping labels, with a circular target in thing in the middle) printed dot-matrix, too.
And I've seen no indication that either system is in any way flawed.
So. We've established that the scanners aren't very particular; let's talk about printers.
Laser printing isn't so hot. Bend it a feww times, and the toner begins flaking off.
Lexmark, and probably others, offer what they claim to be waterproof ink. This is probably at least as durable as laserprint in a typical wallet.
The Alps MD-1000 I have here prints using wax ribbons. It tends not to flake, it tends not to fade, and it's definately waterproof. Oh, and it was cheap.
Most laser printers top out at 1200dpi. 2400dpi inkjets are now commonplace.
UPC barcodes have only two line widths - features which, given the scalability of barcodes, are probably quite easily implemented with a 24-bit printer at reasonable size.
Coca-Cola uses very large, sprayed dot-matrix barcodes on their 24-can cases of 6-packs. They're very rough, and I imagine they work justfine.
Now that we've got printing out of the way, let's talk about the barcodes I carry in my wallet:
I've got an Ohio driver's license, dye-sub printed plus holographic lamination, made 2.5 years ago. The barcode is quite plain and obviously usable, as sharp as I remember it being when it was issued.
I've got a Blockbuster membership card. 24-pin dot-matrix printed, issued at least 5 years ago, and laminated: The barcoode is quite plain, and obviously usable.
I've got a Sam's Club membership, issued a few years ago, printing style unknown (but probably thermal). The barcode is wearing off, but is still quite usable.
Obviously, you don't want to take a crucial water-soluable barcode out in the rain and use it. However, I feel that you need to look around a bit more: There's a plethora of low-res, functional barcodes attached to items in the world around you which you are obviously oblivious to, many of which are expected to be exposed to the elements.
And remember: Anything can be laminated, usually at a shop within walking distance. Why might one expect to be able to print barcoded keys at home, while conventional machined brass keys require a trip downtown? One shouldn't, at this point: Let's take it one step at a time, starting with email delivery.
Oh. And JPEG, as a format, is fine. It can encode sharp lines with ease, as long as the encoder is aware of the requirements and/or the quality settings are set sanely (which is not a problem with standard libjpeg) -- efficiency, in this instance, is rather not relevent. PNG, as a purist ideal, would be somewhat better. But even monochromatic BMP (or XBM or PBM...or PCX for old-school PC users)-format barcodes would be quite sufficient for the task at hand. Not to mention GIF, which will be readable by everything for a really.long.time. You could probably even distribute barcodes as HTML tables with colored backgrounds without problems.
Thus, I find all of your presented points to be misleading, inaccurate FUD.
Re:your house as a semi-permeable membrane
by
NeoSkandranon
·
· Score: 2
The 'sending a JPG' to the baby-sitter starts out as a very neat idea, but what happens when baby-sitter has a popular e-mail virus which sends her e-mail to 100 people in her address book? Instant house party? Naturally they would only have the same access time slice as the baby-sitter, but they could just wait until after he/she is alone in the house and walk on in.
Well, as long as you dont label the JPG "SUPER SECRET KEY TO HOUSE AT $ADDRESS" You oughta be okay...sure people will have the barcode, but, how will they know which house it goes to?
-- If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
Re:your house as a semi-permeable membrane
by
Slashdot+Junky
·
· Score: 1
Dear World,
Give the babysitter a code once and grant and disable access as needed. It could even be handed to her directly.
-Slashdot Junky
-- .
Landfill Mining Co. Managing the (Un)natural Resources of Tomorrow
Re:your house as a semi-permeable membrane
by
Lumpy
·
· Score: 2
I've dont thins for over 2 years WITHOUT a computer and using access equipment that are nearly indestructible...
the ibutton... can take more abuse than ANY smartcard/barcode/whatever.. the reader can take an axe attack and still work.
heck ibutton.com sells a door lock pre-made ready to go and install in your door.
but I use a 16f84 pic and a simple failsafe electric door strike and a 12 volt gell cell battery+charger... power can go out for 7 days and mine still works... I only connect to the pic with the linux server to update allowed codes and time.
and EVERYTHING needed to do this is freely available on the internet. you just have to buy the hardware. and if you own picbasic pro compiler... you dont even have to think to program it.
-- Do not look at laser with remaining good eye.
Re:your house as a semi-permeable membrane
by
plover
·
· Score: 2
The poster had valid points, he just didn't back them up with enough facts.
When you start dealing with the barcode specs (I use MIL-STD-1189A for Code 3 of 9, the UPC Shipping Container Code and Symbol Specification Manual for Interleaved 2 of 5, among many others) you will find that not all codes are created equal.
All barcodes specifications state the allowable tolerances for bar width, spacing, color, reflectance, etc. These tolerances tighten up as the barcode gets smaller, (and loosen as the barcodes get larger.) If you want to print a 50-digit Code 128 in a two-inch-wide space, for example, you've got to be absolutely precise (within.0025 inches not only with the leading edge of the bar, but the interbar spacing has to be within.0015 inches. Plus, each character has to be within.0015 of the right distance to the next character. This is very difficult to achieve on digital equipment with fixed element printing positions for a variety of reasons. Most scanners have a very hard time reading accurately at this small end of the scale.
If you're spraying interleaved 2 of 5 barcodes on the sides of fibre box shipping containers, the tolerances change dramatically. The width tolerances climb to.014 inches per symbol. Of course, the factory-line bar code scanners are dramatically different than the hand held scanners you see at department stores, and are designed
(By the way, UPC has four distinct bar widths and spaces, not two. Code 3 of 9 and Interleaved 2 of five have only two distinct widths. And PostNet has only one width. The PostNet post office barcode is different from other bar codes in that it's not self clocking: the space between the bars means nothing, the short bars exist only as place holders for timing the long bars. It's a rudimentary 2D system.)
Those are the standards. What that means is if bar code producers meet them, and your barcode still doesn't work, then you get to blame the scanner manufacturer for failings.
All that said, reality actually ends up being "whatever works." Scanners are usually more tolerant than specifications demand, simply because people complain when the scanners don't work. Barcodes that are printed on merchandise are usually tighter to spec than required, because the merchants frequently have contractual obligations to provide "100% first scan success rates." (Think how much it would cost a big retail chain like Target if those bottles of Mountain Dew took five seconds to scan each instead of.5 seconds. Every clerk in the chain would be wasting time each day fighting the bottles and scanners.)
To address your examples, the older barcodes may be fading to your eyes, which may or may not be affecting their reflectivity (just because it's fading in the visible spectrum doesn't necessarily meaning it's fading in the spectrum the scanner uses.) The dot-matrix Blockbuster barcode was most likely produced on a Blockbuster corporate tested dot-matrix printer and tested with the Blockbuster corporate store scanner. Your older barcodes probably aren't stretching non-linearly, either.
Printing barcodes on random people's computers is risky. You don't know what kind of equipment they're going to have. They may have a cruddy old dot-matrix printer, or the latest Canon BubbleJet. And no matter what kind of gear they have, they're likely to be proud of it, so if you can't read their barcodes, they'll take it personallly.
Anyway, you're right. Barcoding is not an overly demanding science, but it does have limitations. JPEG isn't great because while it can print sharp lines, its compression scheme can change WHERE each of those lines are printed, which is just as important as sharpness.
-- John
Re:your house as a semi-permeable membrane
by
asherh
·
· Score: 1
It depends on the barcode format used. Back in the early 90's at uni we had a project to write a barcode reader (on some random 68k based system). My software was able to read hand-drawn barcodes: it knew how many bars there were supposed to be and massaged the data from a barcode acquisition (removing small transitions, etc.) until it had the correct number of bars.
As long as the widths of thin and thick lines are sufficiently different barcodes can be very tolerant of dodgy printing.
It seems like a keypad would almost be a better solution. You don't have to carry something around, only remember the combination. I don't know how reliable this is; from what I've seen in stores, these don't read fairly often, and he's going through glass.
Of course, you'd have to make the password sufficiently strong.
Haven't you seen Star Wars? All you have to do to get past that is either shoot the keypad with a lazer gun, or tear it off the wall and short out the wires in the back.
Good idea. Or maybe use some sort of mechanical device that won't open normally, but will when you insert some sort of identification device - you could make it out of metal for strength and encode the identity in notches down the side. Sure, you have to carry something, but it's small and portable, and could easily fit into a pocket.
Hey, I might see if I can patent that one...
-- ++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
To bad a lot of the cheap home security keypads that all you do need to do. Code is in the keypad and GPI is wired out the back. Granted all security is for it to keep out the honest. Crooks have cordless saws all's to go through the wall of a wooden structure in under 5 minutes. And last time I checked it was pitifully easy to break through a door. It all boils down to nothing makes your house secure when nobody is in it at least nothing thats legal (booby traps are illegal in most of the US at least firemen and all that) it's funny though a bear trap past the door would seem to be significantly more effective at catching the criminals. And they say it's wrong to want a computer controled 50 cal in a cupula on the roof I call it a pigeon defense mechinism / anti terrorist device others think it's a bit strange.
"Crooks have cordless saws all's to go through the wall of a wooden structure in under 5 minutes. And last time I checked it was pitifully easy to break through a door."
While this deserves the +3, funny, there are significant advantages to having a lock that doesn't require you to carry around a physical object, as I have discovered numerous times when I have returned to my house (usually after school) and realized I had forgotten my key. (My favorite time was when I was using a keyed lock for my locker and put both my house key and the key to said padlock *inside* my locker before shutting and locking it. While incredibly annoying at the time, I have had many laughs about it since.)
Re:Keypad
by
Anonymous Coward
·
· Score: 0
The barcode system he imploys is "what you have". A keypad system is "what you know". It just a question of which you consider more secure - having information you hide, or having an object you hide from theft/duplication. Both methods are ultimately insecure (everything is - someone always needs access, which necessitates a "flaw" in the plan, which can then be exploited).
Re:Keypad
by
Anonymous Coward
·
· Score: 0
Picking locks, sledgehammers, saws, building movers... it depends upon how silent or subtle one cares to be.
Re:Keypad
by
Anonymous Coward
·
· Score: 0
Of course you're not required to make a crook's job easy. That cheap keypad might be recognized by a crook, but he won't know about the switches which sound an alarm when the normal screws are removed from the mounting (or if one of the sides is opened).
And he won't know that after typing the proper code, you have to touch two of the screws, and then the panel with the keypad pops open to show the keypad which really controls the door. And starting to type that first code (remember, this keypad is only used instead of the usual barcode) turned on the hidden film camera...
Had a friend who could pick a lock in 30 seconds. He picked my dead-bolt once in less than 60 seconds.
Goddamned annoying to come home late at night from work and find him parked in my favorite chair, watching TV and drinking my brews.
But after I almost shot him once when I thought he was an intruder he decided to go bother other folks and drink *their* brew. Ah, the gun! Better discouragement than any lock.
Max
-- My god carries a hammer. Your god died nailed to a tree. Any questions?
Your story reminds me of the "Safecracker Meets Safecracker" chapter in "Surely You're Joking Mr. Feynman". Lots of fun stories of him breaking into most of the safes that lay around Los Alamos while he worked on the Manhatten Project. If you haven't read it, you may want to go pick it up.
[quote]Both methods are ultimately insecure...[/quote]
This goes back to one of the basic security principles: there are three basic forms of authentication - what you have, what you know, and who you are. You need _at least_ two of the three to be truly secure.
Of course in this situation, it's alot easier for the potential thief to break the cheap glass on the front windows, reach up and grab the latch, raise window... Sometimes you feel like you might as well leave the door unlocked (with the security system still on of course). At least then you don't have to pay to fix the window.
Honestly, really
by
Anonymous Coward
·
· Score: 4, Insightful
This isn't flamebait or a troll but I think I'm starting to agree with other people: Whats the point of posting a story on a guys personal site if its almost certain to be slashotted?
Re:Honestly, really
by
sbaker
·
· Score: 5, Interesting
I agree.
Slashdot really, truly, utterly needs to have a local cache of the pages it references. It's getting to where Slashdotting is as bad as a denial of service attack - and that's a terrible thing to inflict on *anyone*.
Probably 50% of web sites referenced from main news items are down within an hour of Slashdot mentioning them - and they stay down until a couple of days have passed. That sucks.
They could easily implement some kind of opt-in thing where you put a META tag in your web page telling Slashdot that you grant them explicit permission to mirror the site for (say) a week after mentioning it - so Slashdot would have no legal/copyright come-backs. At the end of the week the Slashdot mirror could revert to become a redirect to the real site so you don't have problems with people bookmarking the Slashdot cache instead of the real site.
The whole process could be automated.
People who do cool things like this door lock would surely be aware that they could get Slashdotted and prepare for the event in advance by inserting the tag - and private individuals are the people who are most likely to have their server die.
Companies that want to profit from their slashdotting by advertising from their page or taking orders off of it could just leave off the META tag and handle the traffic as now.
An opt-in cache mechanism is a win-win-win solution. Slashdot wins because more people will use the service if it doesn't continually refer to dead sites. Readers will win because less sites will be dead-on-arrival - and web site operators will win (if they want to) by not having their site die from Slashdotting.
They should only link to personal sites if the owner of the site submitted it.
This is why no-link lists exist (/. was bitching about them yesterday).
They do it because they can, but it's ignorant. It's like writing someones phone number on the mens room wall.
--
I don't need no instructions to know how to rock!!!!
Re:Honestly, really
by
KalvinB
·
· Score: 2, Offtopic
My site is running on a 256K DSL connection and survived the beating. Sure it was running at 600bytes per second but I could still access it. People just need to make their pages more bandwidth friendly. From acceptance to front page my story took about a day to be posted. That's plenty of time to rework a page if it's too bulky.
However, if weren't possible to make it bandwidth friendly, Slashdot needs to take advantage of resources out there like their own server or SourceForge and work a deal to use temporary space upon request of the owner of the linked site. The owner could easily package up the relavent portion of the site and e-mail it over to be put up at the temporary location.
If nothing else it would at least eliminate all the stupid "hey look it's slashdotted" posts.
Currently, Slashdot is just a link site with commentary. If it's keeps killing all it's stories it's going to be a pretty irrelevent link site at that.
I very much agree with this. The thought of having my site slashdotted is to much to handle. Not being able to get online for a week would drive me (and many other geeks) nuts.
We all know/. has the power to host most of the personal sites it links to. Why not use it?
You can convert the images to greyscale to save space if needbe.
I don't understand why you even have to worry about copyright issues with mirroring the site. Nobody sues google for the "Cache" they keep of your webpage which is on their servers. Why would someone sue slashdot for indexing somebody's website prior to linking to them?
They could easily implement some kind of opt-in thing where you put a META tag in your web page telling Slashdot that you grant them explicit permission to mirror the site for (say) a week after mentioning it - so Slashdot would have no legal/copyright come-backs.
That shouldn't even be necessary. Google doesn't require explicit permission to cache a page, and I'm sure anyone being slashdotted would appreciate/. mirroring the page. If they don't, they can contact slashdot and some admin can uncheck "[x] cache site" on the edit story button- simple as that.
Why this hasn't been implemented is beyond me, and the/. folks should be ashamed, not proud, each time they singlehandedly bring down some poor guy's server. It's likely a cable or DSL connection, but we can't expect them to even verify that.
wow this guy said the exact same thing I did at the exact same time less his critique of the/. administration which I happen to agree with anyways.
The slashdot people are morons for not setting up an automated recursive wget on the given links in the story which is done prior to the story going up. They definetly have the bandwidth and the manpower to accomplish this.
"People who do cool things like this door lock would surely be aware that
they could get Slashdotted and prepare for the event in advance by
inserting the tag - and private individuals are the people who are
most likely to have their server die."
Yeah, exept, not all people read slashdot, and even less think they'll get featured there. The only way to do it imo is to send the webmaster a heads up email and offering to host a mirror. If there's no reply the link should _not_ be posted on slashdot. We know the servers are going to go down, it looked cool the first couple of times, but now it's annoying for everybody.
Re:Honestly, really
by
arkhan_jg
·
· Score: 0, Offtopic
I've finally come to a decision. I'm going to use.htaccess to block links to my site from fark and slashdot - because my site will probably survive the slashdot, but my wallet won't.
I've run my personal website for the last 8 years. It's hosted on a good webhost, with fairly standard TOS, i.e. I have to pay penalty fees when my bandwidth exceeds my monthly allowance. I have no ads on my site, I don't sell anything, so it all comes out of my own pocket, and frankly, I can live without the several hundred pounds worth of penalty I'll have to cough up..
Here's my answers to some possible comments:
'it's on the web, you should expect to be linked'. Fine. I get 200 odd regular visitors, I know of several dozen links to my site. That's fair enough, in fact I like it. But there is a difference between a link that drives a little traffic to your site, and a LOT of traffic.
To draw a parallel, I invite my friends round to park outside my house when visiting, which is fine. It doesn't work if they bring 10,000 mates unexpectedly, and to whine about 'freedom of the internet' doesn't mitigate the damage that is knowingly done to smalltime hosters.
'just buy more bandwidth'.
Err. I use about 1/5 to a 1/4 of my available monthly bandwidth. I've never gone over 1/2. Why should I pay substantially higher hosting changes all the time, just for that one time someone decides my site has something funny/interesting/controverial on it enough to be worth sharing with 10,000 people at once? My site is a labour of love, not a paid-for commercial or public service.
'host it on your own link, then you won't have penalty charges'
Broadband only hit my area a few months ago. But frankly, I'm not going to switch to hosting my own because of the hassle of having a box up 24/7/365 plus the fire risk of running a server unattended at home, is too great - even though I've certainly got the skills to do so. (Linux admin is part of my job). Remote hosting is cheap, after all. Again, why should I have to go to the effort of having a hardened server setup up just in case it gets slashdotted?
Far as I'm concerned, it would be a matter of courtesy to cache ANY non major site, ESPECIALLY those without advertising. Google manages it, web proxy servers manage it without legal problems.
I honestly cannot see that cacheing a site that doesn't want to be cached is any greater of a legal risk than the risk that slashdot will get sued for DOS'ing a website.
Plus, slashdot would be a far better site if half the links posted weren't netdead before the 5th comment is posted!
But until slashdot, and it's kin, take action to mitigate the damage they do, they will not be welcome to link to my site.
-- Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
Re:Honestly, really
by
sbaker
·
· Score: 1, Offtopic
I emailed Cmdr Taco to suggest that he re-visit the idea of a META tag that says "Slashdot: Please Mirror Me" (and yes - I've now read the FAQ which contains a response to my META suggestion).
Rob Malda said:
> There are already tags in place to do exactly what you want. Research > http authentication. There are many ways to prevent people you don't > know from reading your site.
So his solution is that I should shut everyone I don't know out of my web site?!?
Well, *THAT* helps a lot!!
Sheesh!
The FAQ basically claims that the META solution won't work because not enough people use it.
1) If the story submission entry page explained the META mechanism
then people who submitted stories about their own sites could
defend themselves in advance.
2) If the editors were sensitive to the issue they could use their
good judgement to delay posting the story until the owner of the
site has had a chance to defend themselves with the META tag.
They'd only have to do that when the story is not hot breaking
news - and when it's a link to a small company or individual.
No need to mirror CNN, BBC, etc.
3) Making a big deal of the new META feature on Slashdot would get
the news out to a large percentage of the people who build
digital door knobs, beowulf clusters of TRS-80's and backyard
rollercoasters.
It's time for Slashdot to step up to the plate and not inflict DDOS attacks on the very people who provide the content that they report on.
-- www.sjbaker.org
Re:Honestly, really
by
Anonymous Coward
·
· Score: 0
This isn't flamebait or a troll, but niggers deserve to be shot, and roast jew is delicious -- let's finish the job Hitler started!
Yes, and why not removing the links from the article when it is painfully clear that you are doing a lot of damage to the site?
You could always put them back later
I mean this IS their own code. You could even make a "link bar" with the links so they were easy to remove and re-insert by flipping a bit.
And since there seem to be little/no serving of static pages here, one could easy check for people posting links to the site in a comment also.
I like Slashdot, but I think they should put a little more effort into removing links from sites that clearly can't take the load. Maybe even a simple traceroute on the domains on the articles posted could prevent a lot of this as many ISP's domains often shows when the site are on a fx. DSL line.
Some could argue that if you can't handle the load, you shouldn't be on the internet. But isn't the great thing we all like about the internet, that it's not just for big companies? We see many sites on small private lines, and I think they might be one of the few places left where you can find really interesting stuff that's not just branding of a company name.
1) People will have to know they're about to be slashdoted.
2) If they do sign-up for an AOL type account, and it is possible to set their site up their (it may be dynamic, or contain large files etc), and they do have time to do it and can be bothered, it will generally suffer the same fate because they AOL type hosting and free hosts generally have limits.
Otherwise, it would be a good idea (and infact perfect in some cases). Given the range of sites that/. links to, I think it's going to be very hard to come up with a solution that works nicely for the majority.
Maybe this will be considered a troll but here is my RANT for the day!!! I think the fact that servers often buckle under the load of the/. effect displays the inadequacy of most web servers. I was slashdotted a few months ago http://slashdot.org/articles/02/10/01/0220213.shtm l?tid=167 (the comment about the 24 hard drives in one PC) My DSL line and Windows 95 P-120 server took the load with out any problem at all. Here take a whack at taking it down again if you want, I logged a record of the activity from the last slashdotting http://fileserver.coleskingdom.com. Almost 100,000 hits on a heavily pictured page in 12 hours and no problem other than some one winnuked me a couple of times before I installed the patches. If you put an interesting site up you should realize it may be slashdotted someday and you should be ready to deal with it whether it is on you home site or on a commercially hosted site. In addition I would never host any mission critical site of mine on a commercial hosting service that has a record of buckling under the/. effect.
Video store barcode
by
zaffir
·
· Score: 2, Insightful
A video store gave me a little keychain barcode which I'm using here.
So i just have to work at his video store (or have a friend who works there), make myself a copy of his barcode, and i get free reign of his house? Sweet.
-- "Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
Re:Video store barcode
by
LFS.Morpheus
·
· Score: 1
I believe the idea of the barcodes are they are unique, so when they read your card at the store they know who you are without asking your name and asking a 'secret' question (which is the common, "I dont have my card" solution).
The card has your name and account number on it, maybe something else. It's printed from your account info, which is stored in the computer.
See where i'm going with this?
-- "Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
Re:Video store barcode
by
RadioTV
·
· Score: 2, Informative
Actually, a barcode normally doesn't hold that much information. When I worked as a programmer doing manufacturing support, we had trouble scanning anything that had more than 10-12 characters. You have to get pretty creative to be able to cover all the possible things that you might scan. As an example we used the first character to identify what the bar code was for (work order number, sales order number, purchase order number, part number, etc.). Then we could look things up in the appropriate database.
The exception to this is the "two D" barcode (like on a UPS package). If I remember correctly, they can hold ~256 characters (I haven't used them).
-- I have great faith in fools - self confidence my friends call it. - Edgar Allan Poe
Google's dead :(
by
EdMack
·
· Score: 0, Flamebait
You sick, sick people. Google wont even serve me the images.
Humble opinions aside, I can't see describing this as secure, at least compared to an "unpickable" modern lock (i.e., a lock that's tough enough to pick that you'll just go through a window instead).
To get into my house, you need to have my key, or a copy of my key. If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
To get into this guy's house -- and please note that the pictures wouldn't load, so I'm going by the captions -- you need to have his barcode, or a copy of his barcode. If I look at his barcode, I can remember the information I need to copy it, even if I don't have his key when I make the copy!
It's a neat hack, and *maybe* it's more convenient than putting a key in a lock (but it's also more complex -- I picture him standing at the door in the rain during a power failure), but it's not secure. Even a PIN pad would be more secure, becaues you can memorize the PIN -- you *have* to write down the barcode.
Re:Not very secure
by
LFS.Morpheus
·
· Score: 2, Insightful
You contradict yourself in your post, saying you have to write down the barcode, but you can remember the data if you were to look at his barcode...
Contradiction aside, most people, and especially common thieves, would have no idea how to make a barcode. I personally know you can do it with some software, but I'm not familiar with any of it and have never done it. I do know there are several types of bar codes so that throws another hardball at you; you have to get the right type.
In this case, also, if this person lost his bar code, it's his video rental card. It doesnt exactly scream "this is the key to my house." *No one* is going to think its the key to his house. That. Is. Cool. Of course, if he doesnt have a copy or cant get another copy of from the video store, he's also screwed, etc etc.
On the other hand, if a thief were to somehow get your pin, I bet he would be able to remember the pin long enough to write it down, and entering it into your numpad is trivial.
I think its at least more secure then you give it credit.
He did not contradict himself: if you have 5 brain cells, you will never tell your pin code to anyone you don't trust. If for some reason somebody is able to look at you barcode for a minute, he might be able to memorize the numbers under it, and with them that someone could reproduce the barcode. If the person is smart enough to lose those numbers from the barcode (the machine does not need them), then it's another story.
Note: Bar codes still work without the human-readable numbers below them. I imagine what is most commonly used for the entry are those free plastic keyfob discount club barcodes, and the ones I have don't have a number readily visible on them (and judging by the length of the barcode it would be a difficult to remember number anyway). You can implement a mostly secure system this way if you keep your keys on your person (which is a good idea regardless of if they're notched metal or numbers).
-- Error: PANTS NOT FOUND. Press <F1> to continue.
That is correct - if it has the numbers printed under it. In this case he is using a video rental card, so I assume it does. The thing is, you also have to know what symbologies his barcode reader decodes to create new card.
-- I have great faith in fools - self confidence my friends call it. - Edgar Allan Poe
Re:Not very secure
by
Anonymous Coward
·
· Score: 0
It's no different than the pin. Someone can watch him type the pin, too-- actually, that's even harder to protect from than exposing the bar code. As for the numbers under the bar code, cover it with masking tape or something.
Re:Not very secure
by
Anonymous Coward
·
· Score: 0
Finally someone mentions security! With a good barcode reader (the kind used in factory warehouses), you can scan a 2D barcode from quite a distance (several yards at least). I think it would be very easy to scan a copy of this guy's barcode without him even knowing it. At least with magnetic strip cards you have to be in close contact with the card to read it.
Re:Not very secure
by
jjshoe
·
· Score: 4, Insightful
you can remember 12 digits? there was a time when i could remeber the 1st 6 of hp's barcode because i was often looking hp stuff up in our system.. 08689 who knows now.. that was a while ago.. but the point is most people cant look at 12 digits and just remember it...
i use my drivers liscence to switch to root on my box.. its not nesecery, in fact its probly over kill and pointless. however. most importantly it makes me think for a second if im about to do something as root.
plus, its something neet to brag about, which is part of the geek world. because you dont like it doesnt mean that himself and his friends dont like it
-- -- botsex is {grep;touch;strip;unzip;head;mount}/dev/girl -t {wet;fsck;fsck;yes;yes;yes;umount} {/de
Re:Not very secure
by
pongo000
·
· Score: 3, Interesting
If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
Don't go betting all your wordly possessions on this. An experienced locksmith (or someone who knows what they are looking for) can come up with a reasonable facsimile of your key based on the key cuts and the type of lock (probably imprinted on your key as well) if given a chance to look at your key. Keys can be traced and/or photocopied as well. A good reason why you should never leave your house key on the key ring when you hand over your car keys to someone you don't know or trust (valet, mechanic, etc.)
To get into my house, you need to have my key, or a copy of my key. If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
I think if I wanted to get into your house I would probably use a hammer. You do have windows right?
There probably less secure than the bar code.
Re:Not very secure
by
Anonymous Coward
·
· Score: 0
fucking nerds. And if I punch him in the face, I have his key!! How secure is THAT??
thank god for the address book in my cellphone. im living with my current gf. we have gone out for almost a year now, and i couldnt tell you her cell phone number.
-- -- botsex is {grep;touch;strip;unzip;head;mount}/dev/girl -t {wet;fsck;fsck;yes;yes;yes;umount} {/de
You can't remember her cell phone number because it's programmed into your cellphone...
-- Yours Sincerely, Michael.
Re:Not very secure
by
Anonymous Coward
·
· Score: 0
If I look at his barcode, I can remember the information I need to copy it, even if I don't have his key when I make the copy!
There's no reason to print the numbers on there at all. You just see a piece of paper with a bunch of lines on it. The computer doesn't care if there are numbers on the thing at all, it can't read them. But it can easily read the barcode, where a human can not.
people can and *do* remember long strings of numbers all the time, 12 digits is less than two phone numbers. I know of a few poeple that can actually read barcodes from a few metres away, because they had a system in their school that granted access and marked attendance based on barcodes. I personally wouldn't trust this sort of security more than a physical key, though perhaps it would be ok if coupled with a standard key for access.
Remembering 12 digits isn't that hard if you do it visually. I remember all my numbers (CC, PINS, licenses, telephones etc.9..) by imagining a phone pad, then remembering the pattern the numbers make. It's just a mnemonic device - there's others too (spell words?).
It depends on what type of security you're talking about. Most people who break into houses don't know the owner's of the houses they break into, and thus, would never get a chance to look at the bar code. The locks on most houses these days can be picked in under 30 seconds by someone with only a little practice.
A barcode scanner would be unfamiliar to most burgulars, and they'd problably turn around and walk away, choosing a more familiar target.
For the last time, if you read the article you'll see that this electronic lock works just like any other electronic lock - i.e. the key is still functional.
-- Martin
web / security server?
by
olrs
·
· Score: 4, Funny
I hope his security system isn't on the same box as his webserver or we may have just locked him out of his house... hope its not raining.
Re:Slashdot record?
by
DarthWiggle
·
· Score: 5, Funny
Maybe/. could start offering a prepackaged "Port 80 Flood Kit - Get the pride of being slashdotted without having to work for it." Say $1000 a pop. It's better than spending the money on advertising.
Geek 1: Hey, guys, I got slashdotted! Geek 2: Woah! No way! Geek 1: Yep. *smug* Chick: He's so dreamy...
It's cool because it's linux
by
Anonymous Coward
·
· Score: 0
I like this because it's linux. winix couldn't possibly do anything of this sort, not in this millenium anyway.
Forget key impressions in soap...
by
Ben+Jackson
·
· Score: 3, Insightful
All you need to break into this guy's house is a few seconds with his "keys" and a photocopier. Though I guess if you were really worried about that you could put a small label printer by the door and get a new key every time you left...
Re:Forget key impressions in soap...
by
Anonymous Coward
·
· Score: 0
Screw barcodes & what not. Get yourself an ibutton lock. They're almost impossible to duplicate...and even if you hook up a machine to the ibutton sensor that pretends to be an ibutton, with a 64-bit serial number its gonna take a long while to try all combinations.
If you wanna get really fancy, you get a system that uses the ibuttons that have a built-in java VM and can do challege/response authentication.
Re:Forget key impressions in soap...
by
Anonymous Coward
·
· Score: 0
I can make fake i buttons. You read out the data and then you program a pic to send out the same data. The problem is your going to have to find a power source and its real hard to make something the same size but that won't matter in most cases will it?
Re:Forget key impressions in soap...
by
Anonymous Coward
·
· Score: 0
Did you read the part about challenge/response authentication?? Good luck on your 'pic' programming, buddy. By the time the guy notices his iButton is missing, you'll still be trying to figure stuff out, and he'll have had time to get ready.
not neccessarily: cant copy key by looking
by
Anonymous Coward
·
· Score: 0
uhm yes you could theoretically make a copy of your key by looking at it. i mean say its a 5 pin lock and somehow you memorize how far away each pins is from the base, then you could pick said lock fairly easily. not that anyone would do this but say you have a lil camera and take a picture, hey you could even prolly make a key from a picture, even at an angle. you's just need access to a key grinder. yes i'm being somewhat of a troll its just you never know with ppl these days maybe someone has already broken into a house like this or sumthin. but that aside, i agree with you that its much less secure than a key/lock.
Re:not neccessarily: cant copy key by looking
by
alienw
·
· Score: 2
Dude. It's easier to pick the lock than to memorize the key. Read the lockpicking faq or something. Takes about 30 seconds to pick a 5-pin lock.
Why doesn't the./ staff just mirror all small sites? This would eliminate this kind of problem.
Though it would be *polite* to get permission from the author of the site first.
I was honestly interested in that site, and now it's gone.
I'm sure the site owner would prefer someone getting stuff off his site, and caching it elsewhere than having thousands of hits in minutes, costing lots of bandwidth money (y' know) and crashing his server(s)
How about an optional cache of the site supplied as an option along side all links posted on a news article? The cache would be made by slashdot, but even a google cache would work.
A dedicated cache has been talked about many times. It's just too messy, it takes up time for the editors, it screws up pages with ads on them (yeah, boohoo, but if you were getting money for the page you'd care), and the rest. It would be good, though, if the editors were to put up at least the Google cache of this kind of site. OK, back to bed. Night night now.
-- [FUCK BETA]
Re:Slashdot effect
by
Osty
·
· Score: 2, Insightful
It's just too messy, it takes up time for the editors
Are these the same editors that have time to post duplicate stories?
screws up pages with ads on them (yeah, boohoo, but if you were getting money for the page you'd care)
The sites that tend to be most quickly slashdotted are also the sites that are most likely not to be ad-supported. More, they're also the same sites that are most likely going to end up costing the owner an arm and a leg when their bandwidth allotment is completely smashed by a Slashdotting. In otherwords, they're not gaining any money by being linked to Slashdot, and are highly prone to actually losing money. Let's see what you'll do if you're faced with a $1000 bandwidth bill because your lego collection made it onto Slashdot.
and the rest
What "rest"? Legal issues? The editors obviously should contact site owners (at the very least to warn them that Slashdot is about to launch a massive DDoS on their website). I'd much rather wait a day or two to see an interesting site than not be able to see it at all. If someone doesn't want Slashdot to cache their site, then they should at least be given the opportunity to not have the site posted to Slashdot.
It would be good, though, if the editors were to put up at least the Google cache of this kind of site.
For this kind of site? Not likely. I looked at the Google cache. The site has a lot of pictures of the guy's setup, and google doesn't cache images. Thus, the Google cache is nearly useless.
I run some sites and I have no doubt they would probably go under if posted on slashdot evan though I have a dedicated server, I already get alot of traffic to my sites and as soon as something is posted on slashdot you are going to get just way to many requests a second, sites can do very little about this, its not as if you will have this burst of traffic every day (or usally never), I woudl prefer to be slashdotted than have anything mirroed, if any one is generally intrested in the site it will be back up soon enough, alot of peopel complain about bandwidth problems, well that just should not happen in this world unless the user signed up for an idiot company, the only way to stop a few thousand peopel trying to access you site in a few minutes is to get better hardware, and its just not going to happen cause there is no point.
Re:Slashdot effect
by
Anonymous Coward
·
· Score: 0
"... but it's a complicated issue that would need to be thought through in great detail before being implemented."
Ok, so Mr. Taco said this, what, a year and a half ago (6/14/00). Have you actually given it a "great detail" of thought, is this just something you have your lackeys point to whenever someone asks why you felt it necessary to bring some poor guy's web server to its knees?
I woudl prefer to be slashdotted than have anything mirroed, if any one is generally intrested in the site it will be back up soon enough
Chicken and the egg problem. How can you know if you're interested enough in a site to return to it if you can't get to the site in the first place? As for checking back in a couple of days after the Slashdot effect has worn off, you've got two problems -- 1) just when the admin thinks he's in the clear, finally, the Slashdot effect gets a second wind and his server's down again; and 2) do you really go back through Slashdot stories from 3-4 days ago, looking for interesting stories you didn't get a chance to read thanks to the Slashdot effect? I don't, and I'd bet most people don't. For example, this UPC thing is pretty cool, and I wouldn't mind looking at what the guy did and how he did it, but come Monday or Tuesday I'll have forgotten all about it.
Re:Slashdot effect
by
Anonymous Coward
·
· Score: 0
This guys has probably his sites up for 6 months so the slashdot crowd could wait 6 hours.
Anyway now everybody has to wait for... 6 month maybe ???
Re:Slashdot record?
by
microsost
·
· Score: 2, Funny
Hell I hope it never happens to me.. The traffic would cost me an arm and a leg (well maybe even 2 of them..).. Just about tempted to put the address here but worried it'll cost lots:D
Coming in 2004 from Microsoft, the leader in enterprise security, Microsoft Home Security.NET version 1.0!
Not only can you now keep track of your MSN (tm) Instant Messenger Buddies on your computer, they can instantly know when you get home too! And don't forget about exciting new features like Internet Explorer In The Bathroom (version 8.0!) and a free Tablet PC with every purchase! Now you can feel secure about your home knowing that Microsoft's Award Winning Security Task Force is on your side! Sign up today and get 10% off the already 100% marked-up price!
And coming soon, look for Microsoft's answer to Parking Lot security, Security Guard Who Looks Like A Drunk Bum Lying Near The Booth version 2.0! Hackers will never figure that one out!
"And also, with the assistance Lockheed Martin, Internet Explorer now gives you the power to order your very own airstrikes."
Re:The MS Response
by
Anonymous Coward
·
· Score: 0
And coming in late 2003
MS IIS Server 6.0 which automatically denies connections from people reading slashdot.
Re:The MS Response
by
Anonymous Coward
·
· Score: 0
Then, in 15 years, we'll see how the linux camp fires back.
Smart burglars
by
Anonymous Coward
·
· Score: 1, Insightful
I could just imagine someone coding a little program for Palm OS/PocketPC that would spurt out on the screen all the possible barcode combinations for his video club manufacturer ID. In a matter of a few minutes, someone could gain access to his house.
You must have a lot smarter burglars in you town than we do, here they just jimmy a window open. I guess the job market for IT people is even tougher than I thought!
-- ...wearing a skin-tight topless leather jumpsuit, with cutaway buttocks and transparent crotch panel.
If he's really worried about that, it shouldn't be too hard for him to modify the program so that if there are 5 denied entry attempts in a row, it'll do a total lock-out for 10-20 minutes. imho, timed lockouts are the best way to defend against brute-force hacking.
Re:Smart burglars
by
Anonymous Coward
·
· Score: 0
there's probably enough combinations that the lockout should be more like ten seconds, not 20 minutes... don't want him to be DOS'sed by someone and have to stand out in the rain for 15 minutes...
Re:Smart burglars
by
Anonymous Coward
·
· Score: 0
Thats assuming that the barcode can read the palm screen properly. Most barcodes operate at 2400 to 9600 bps, then you have to figure out how many digits he is using, and which format of barcode he is using so it would take a few minutes at least. IMHO it would be quicker to just pick the manual lock.
But taking this idea a little further, he could use a time based locking system, whereby the barcode required to open the door is different each minute, or each 5 minutes.
Something similar to a RSA SecurID token would be good (and yes RSA get around time syncronisation problems with their Palm SoftID software token).
Come to think of it, you could just plan use a SecurID system for this lock, using a Software Token that displays the code as a barcode, then have the lock computer consult an ACE/Server. The ACE/Server software will be too expensive, but it would be good if RSA would be willing to release a limited version (say max 10 users, with only software tokens). Pipe dream, but hopefully this gives ideas to others.
(I'm not an RSA employee, but I have attended their training courses).
From the few pictures I saw...
by
mstyne
·
· Score: 4, Funny
I think this guy needs to invest in some sandpaper and some paint. Having a neat-o super keen way to get into your house is great, but if it your house looks like shit to begin with...
That's mainly why I try to avoid "pimping out" my car. What's the point of a nice paint job and a fart pipe if the brakes are failing and the engine's falling apart?
PAINT YOUR HOUSE
-- mstyne: real name, no gimmicks
Re:From the few pictures I saw...
by
Anonymous Coward
·
· Score: 0
Yeah I always judge people by the appearance of their house. I hate bill gates, but i love him for his house.
Re:From the few pictures I saw...
by
Zebbers
·
· Score: 1
youre analogy makes no sense. He added functionality while not caring about looks. But you are complaining. Yet you say....you dont go for looks with your car when it needs more functionality.
I think this guy needs to invest in some sandpaper and some paint. Having a neat-o super keen way to get into your house is great, but if it your house looks like shit to begin with...
...? What? What has the condition of the paint on the house got to do with securtity?
That's mainly why I try to avoid "pimping out" my car. What's the point of a nice paint job and a fart pipe if the brakes are failing and the engine's falling apart?
Your post makes the perfect example of contradiction;)
Re:From the few pictures I saw...
by
Anonymous Coward
·
· Score: 0
Re:From the few pictures I saw...
by
/dev/trash
·
· Score: 2
Why does anyone care what my house looks like? Really? Unless I'm selling it, you can keep your opinions to yourself.
Re:From the few pictures I saw...
by
neuroticia
·
· Score: 1
Err.
Paint isn't just about "pretty". It's about "Makes the wood not rot like crazy".
As a kid I had a really nice wooden swingset for exactly 2 years. My dad never re-painted it and it quickly rotted to the point where we had to toss it out.
-Sara
Re:From the few pictures I saw...
by
Anonymous Coward
·
· Score: 0
You ever consider some people don't work on the exterior of their house to prevent people from thinking there is anything worthwhile in there?
My old house has a very sound exterior. But I let it look like crap because I don't want my house to be a target.
People do this all the time with bicycle's. They make them look shitty with goopy stuff or tape to make them less likely to be stolen or easier to identify later. Similar concept with the house. It's the same deal with millionaires driving Fords or something; if you drive a Mercedes, most likely you don't have much else and just bought the image, because if you were really savvy with your money, you wouldn't have wasted it on an expensive car (not saying that people that are rich don't buy Mercedes, but that's it's not a strong correlation alone).
Look, it's slashdotted!
by
CaptainSuperBoy
·
· Score: 0, Flamebait
The site is inaccessible.. his web server must be running Linux too!
What else does this guy need?
by
Gortbusters.org
·
· Score: 1
How about bar with linux. Why, when he opens the door he could have it pour him a nice cold drink.
not putting a barcode scanner on the chastity belt of your virgin daughter(s)? Pretty please?
-- There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
Slashdot in the wee hours
by
Anonymous Coward
·
· Score: 0
Should we worry about ourselves that it was slashdotted on a Saturday night?
Re:Slashdot effect (the good, bad, and the FAQ)
by
HD+Webdev
·
· Score: 1
You're modded +4 insightful (but oddly enough, your question is mentioned in the Slashdot FAQ, RTFM)
It's a very complicated problem. For instance, I have a few 'small' sites for customers, but they share a pool of 100GB bandwidth a month, of which usually only 20BG usually used. There isn't any way to know ahead of time what will happen when the Slashdot hits the fan.
As for the staff, Slashdot people could email web site admins and ask about their bandwidth/web server. But what if the site owner doesn't read email on the weekends? (that isn't uncommon) What is to be done in that case? Go ahead and cache the site or wait until every other news site has published the link? What if they have banners they rely on for $$$? What if their site is based on php and some of the important information is pulled from a database? How will a web site admin know if his server can handle X amount of requests per second? What if blah blah blah
If you add to those situations dozens of other scenarios, you can see that there isn't a simple solution to the slashdot effect.
-- This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
$10 and I'm in
by
missing000
·
· Score: 2, Interesting
All I really need is available at my local radioshack, as discussed here
Re:$10 and I'm in
by
MORTAR_COMBAT!
·
· Score: 3, Insightful
Well, the difficulty bar is raised a bit from the 'bar code'. It seems reasonably more difficult to both (1) secure an object with a clear figerprint of mine and (2) use said fingerprint to etch a 3D image onto some PCB board than to (1) use a photocopier or camera/printer to copy a bar code.
That insecurity is indeed real. Although those systems which were compromised were single-finger systems, and my system uses 3 as well as hand shape. Being able to get 3 clear fingerprints and mimic hand shape is more difficult than simply picking the lock, anyway, so your efforts would be better served in investing a a few dollars worth of decent lock-picking tools instead of a set of hobbyist PCB boards and etchers.
Why bother? An 8 pound sledge hammer is only $20 at home depot, is 100% effective, reuseable, and you don't have to bother with making silly gelatine molds.
If somebody wants to get into your house, they're going to. If you build a better door lock, they can still remove the door entirely. Locks aren't about making your house entry-proof, they're about making it inconvenient to break in. If I want to get past your front door, a cordless drill and a sawz-all will bypass any locking device.
Re:Slashdot effect (the good, bad, and the FAQ)
by
Hrunting
·
· Score: 2, Offtopic
As for the staff, Slashdot people could email web site admins and ask about their bandwidth/web server. But what if the site owner doesn't read email on the weekends? (that isn't uncommon) What is to be done in that case?
Uh, they wait until they get a response? It's not as if Slashdot is going to get scooped on one of these. Heaven forbid that the editors, with all their journalistic rabidity, actually had to wait to post a story that was probably submitted a week ago.
I agree with the FAQ. Slashdot shouldn't have to mirror the sites, but for all their emphasis on being a community-oriented site, they sure aren't kind to small site owners. CNN, BBCi, C|Net, etc should all be able to handle the traffic. Some rinky-dink virtual site will never be able to handle it, and if the editors can't realize that, maybe they need to turn over their "community-oriented site" to someone more knowledgeable about the community.
re: ferrari
by
Anonymous Coward
·
· Score: 0
yeah, huhhuh,.. Guy wuz late for an appointment the other day, "musta been drivin wona thoz slow ferrari". wanker
Why not -1, Redundant?
by
Adam9
·
· Score: 1, Offtopic
This is mentioned in the comments of every article posted for the past few weeks. Either,
a.) RTFF b.) Come up with a legally sound solution and tell the editors about it (no, don't post it then whine about the -1 OT score that would be quickly dished out) c.) Accept the/. effect as Something That Could Happen To You(tm) on the net.
If people have sites on servers that can't withstand a beating, (I'm sure mine would be hit hard but possibly survive) or involve high bandwidth and/or cpu load, then do something smart. Setting a password, or installing mod_throttle and setting it up right would be a start. Otherwise, the idea is that it's open to everyone. Slashdot is usually a metanews site. It doesn't mean it's a mirroring metanews site, it provides links to other sites. Now, if someone sets up a script to grab the links off of frontpage articles, cache them with images for 2 hours then dump it, and throw a banner ad or two on it, then karma whore and FP with the cached link, I have no problem with that. I would in fact welcome it.
Sorry for the rant, but complaining has been going on for weeks. Comments can be categorized by funny, interesting, etc. but they should be unique, not the same crap I see on every article.
Re:Why not -1, Redundant?
by
Planesdragon
·
· Score: 2, Offtopic
Come up with a legally sound solution and tell the editors about it (no, don't post it then whine about the -1 OT score that would be quickly dished out)
"Opt out/. ing"
Anyone with a/.ID can "opt out" of their/. ing. When a file on their TLD gets listed for a good/. ing, the editor gets flagged with a "site will crash" message, which would then pop up the/.er's perferred/. response: either a link to a TLD, up to a twelve hour warning, or a smallish temporary mirror.
Re:Why not -1, Redundant?
by
Fastolfe
·
· Score: 2
Setting a password, or installing mod_throttle and setting it up right would be a start.
Most sites are small. By small I mean someone has decided they want to set up a quick-and-easy web site, throws it up on some personal web server software, and lets people at it.
Do they "deserve" the flood of traffic Slashdot might generate to it? Perhaps. Is it "their own fault" that their network connection and/or server is brought to its knees by the visits generated by Slashdot? Perhaps.
That doesn't mean they can't be annoyed, frustrated and a little bitter at Slashdot. Wouldn't you be?
For your challenge that someone come up with a "legally sound" solution to the problem, keep in mind the responses in the FAQ are an utter joke. Slashdot programmers are lazy.
All someone needs to do is set up a mirroring front-end that just hooks into an HTTP caching back-end. An image is a static resource. Most web servers will specify a 'max-age' for that resource, or at the very least they express a Last-Modified header that a proxy can use to compute an acceptable expiration date before trying to revalidate it. This simple HTTP caching behavior could very simply drive a mirroring site.
Sites that have certain areas or iframes or images or whatever that they want to be requested for every visit or every request can express (and should already be expressing) these requirements through proper use of Expires or Cache-Control headers.
Caching HTTP proxies have been around for years. All they'd need to do is put a different face on one and this problem is solved.
Re:Why not -1, Redundant?
by
Anonymous Coward
·
· Score: 0
All someone needs to do is...
Ah, that old chestnut rallying cry of the linux user.
Re:Why not -1, Redundant?
by
Anonymous Coward
·
· Score: 0
apache's caching proxy stuff could do all of this with a few lines of configuration
Re:Slashdot effect (the good, bad, and the FAQ)
by
HD+Webdev
·
· Score: 1
It's not as if Slashdot is going to get scooped on one of these.
I don't disagree, and that wasn't the point in any case. Those were examples to show that there are a lot of things to consider about taking all control away from a web site owner.
Some examples may be silly to me and you, but they might be serious to some site owners. And, it's not always easy to tell a 'rinky-dink virutal site' from a good one...even most admins when asked will say that their web server is good if they haven't had any problems in the past.
-- This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
Re:matt likes anal
by
Anonymous Coward
·
· Score: 0
This is getting rediculous--most small, independent websites like this can't take a slashdotting, and it's making it almost pointless to link it.
It seems to me Slashdot could offer to mirror the content for a price, so that the linkee gets ad money, while slashdot carries the bandwidth burden.
Is there no way to:
1) Contact the website owner 2) Alert him of the amount of bandwidth he's going to need 3) Offer to mirror his pages such that ad referals still go to him 4) Everybody profits?
I agree, that page and all the images took about 5 minutes to load on my computer, and I have cable modem. A simple, somewhat reliable solution for the present is to take advantage of google's page cache. Go to http://www.google.com and do a search for "cache:url_to_page" (without the quotes). True, it only gives you text, and not every page is cached in google, but google's servers are fast, and it can be of great help if the original page isn't loading at all.
I'm sorry, but I've always found it rediculous that people host websites on their ADSL connections. Sure it has a coolness factor, but when dirt cheap domain hosting is available from companies with TONS of bandwidth to spare, why host your page on something that most likely has a 128k-256k upstream available.
In my opinion, if you host ANY site on your low bandwidth connection, you are quite simply asking for it. If you don't expect people to look at your site, don't post it. If you DO expect people to look at your site, make sure they will be able to regardless if it's from Joe Bloe's link page or from Slashdot.
I'm not complaining about the images not loading fast enough, I was just using that as an example of what a link from slashdot can do to a web server. Calm down....
Re:Proposal
by
Anonymous Coward
·
· Score: 0
Depends on the intended audience - why pay extra for something you don't necessarily want the world and his dog to see???
Hmm, your right that most small websites can't take it, maybe they could just ask the webmaster if they could cache it on/.'s server and link it to themselves. Still i wouldnt be made if i got/.'d id be really happy:)
of course, I would have liked some details on how he managed to keep the door openable in case the system fails. The article says so, but without the pics I don't understand the idea. Might be nice for younger people to keep room closed from nosy parents/siblings
Not. Half of/. doesn't understand how TiVo is diffrent than a VCR. And/. is suppose to be a geek crowd. Worse than that, X10 has been around since the 70's, and maybe a quarter of/. knows what X10 is.... Most of the people here probably think it's a windowing system for Linux (and to make it clear, you SHOULD know, it's NOT a windowing system for Linux, that would be X11, and that is a windowing system for UNIX, not Linux, and X10 has absolutely NOTHING to do with that...)
PS: History and naming may show more meanings for X10 and X11, however, it's the common usage that I am refering to.
Re:I see this as Important.
by
amracks
·
· Score: 1
I wasn't alive in the 70's and had no idea wtf X10 was so I went on everything2.com and typed X10.
Guess what I got!
X10 is the version of the X Window System or X preceding X11. X10, like X11, was an advanced protocol for graphical display and manipulation. It lacked many of the features and much of the power of X11.
Damn, I know thats not what I was looking for since you basically implied that I was stupid if I thougt X10 was a windowing system.
everything2 also had some stuff on X-10, which is different than X10:
A modular system used to provide inexpensive home automation. Individual modules are plugged into an electrical outlet, a device such as a lava lamp or a toaster is plugged into the module, an identifying code is set and you now have complete, remote control (well, you can turn it on and off) of the device. The system is especially cool when connected to your computer. See www.x10.com for more information.
Can I be a geek now?
Re:I see this as Important.
by
BadlandZ
·
· Score: 2
Can I be a geek now?
Self fulfilling prophecy?
Re:I see this as Important.
by
LinuxOnHal
·
· Score: 1
Oh, and you have to love those x10 cameras with the nice popup ads too...I bet a lot of slashdot knows what those are, whether they'd like to or not.
Sure makes Mozilla nice...."Open unrequested windows....unchecked!"
Checking on your kids while you're at work my ass...we all know what they're for:-)
-- Trying is the First Step to Failing --Homer Simpson
Re:I see this as Important.
by
Anonymous Coward
·
· Score: 0
Can I be a geek now?
No
Re:I see this as Important.
by
/dev/trash
·
· Score: 2
And how is a TIVO different from a VCR? Oh yeah it has that Guide but it still just records.
Re:I see this as Important.
by
Anonymous Coward
·
· Score: 0
X10 has a lot to do with X11 the windowing system...
In fact, my first graphical Unix experience was on an old Decstation running X10 and DEC Unix back in 1986. I had only used text-based Unix before and boy was X10 cool.
I remember the day that we upgraded from X10 to X11 and the pain of having to adjust code and recompile to make it all work.
The later 'R' upgrades from X11R3 to R4 to R5 etc., were much less painful...
Clarification pointing to relevance
by
BadlandZ
·
· Score: 2
For those that lost the relevance to bar-coding.... My point was, how in the world can you expect something like bar-coding as a house key be important, significant, even remotely accepted as something that will ever happen in the future? The general population still is 1 step ahead of the 1800's "skeleton key" and not to tech savy. Even/. Readers are not so savy to make this happen in a moderate scale. How is this guys project even remotely significant?
Granted, being slashdotted is no fun, I believe that if it is within/.'s ability that they should mirror sites like this. However, can the owner of this site really blame slashdot? He put his site on the internet, and he obviously didn't do it for his purposes. If he didn't want traffic, he should have never put the site up in the first place.
can he? yes. he obviously didn't put it up to be hammered by/., therefore isn't it/.'s fault for linking to sites they know they are going to destroy in a matter of minutes without asking? kinda lame to post on a site you can't even go visit because you took it down.
but hey, most of what michael posts is lame, so it's not really a surprise.
Re:Interesting
by
Fastolfe
·
· Score: 4, Insightful
I think you're looking at it from the wrong angle. A guy puts up some information on a site using meager resources. He hopes that information will be useful and interesting to those that happen upon it. The hardware turns out to be perfectly adequate for his needs. Then someone posts a link on a popular site and the traffic increases by a factor of 10,000. The site goes down.
Frustrated, he pulls the content down in an attempt at restoring at least some semblence of service to the site.
Wouldn't you share his emotions? Sure, he "asked" for it and "deserved" it by posting that data online, but it's still annoying and frustrating that you can't make that information available due to its inflated popularity by being reported on by a site.
Slashdot needs to be a little more cautious with this type of thing. At the very least, use standard HTTP caching mechanisms to set up a form of mirror for those sites that do express a willingness to be cached through HTTP.
Re:Interesting
by
Anonymous Coward
·
· Score: 0
Can He blame/.... probably not
Can YOU blame HIM... SURELY not
Slashdot has a very interresting habit...linking dead links (ie slashdotted sites)
Do you understand that caching websites without the author's permission is illegal? There is no standard HTTP mechanism for caching, and copying the page and giving it off as yours would surely spark many lawsuits.
I have no sympathy for someone who does not set up his webserver to prevent this type of DOS. At the very least, this is lazy. If you don't lock your front door, you shouldn't complain about burglars. If I had a site that got slashdotted, I would be glad for the extra publicity, not bitchy about the traffic.
If, on the other hand, Slashdot mirrored my site without asking permission, I would be somewhat pissed. I would not only have no chance to update it, but people would also not know the URL of that site, and I might not get my ad revenue.
Do you understand that caching websites without the author's permission is illegal?
I apparently know a little more about HTTP than you seem to, my friend. If it were illegal to cache HTTP resources, then most HTTP proxies are illegal as well.
copying the page and giving it off as yours would surely spark many lawsuits.
If a site is expressing a future date in an HTTP "Expires" header, or a max-age Cache-Control header, they're saying something very specific about how that data can be used by browsers and HTTP proxies alike. Read the document above to what it is.
At the very least, this is lazy
What?? Just because I choose to post some data online does not mean that I must automatically spend the money to create an environment and supply a network connection capable of withstanding a post on Slashdot. This reasoning is flawed. Most people with smaller web sites (e.g. academic) do not have the funds to do this. You seem to be under the flawed impression that any server with any form of network connection should be capable, with proper administration, of handling the traffic that a post on Slashdot generates.
This is like saying that people who are victims of distributed denial-of-service attacks get what they deserve for not having a fast enough network connection or a router that can do a better job of filtering packets. This is a totally unreasonable expectation. Sure, they "deserved" network traffic by placing their servers and networks on the Internet, but they're not lazy just because they choose not to spend the money for an enterprise-quality network when it's horribly out of scale for their requirements.
If you don't lock your front door, you shouldn't complain about burglars.
I can't even begin to touch this analogy.
I would be glad for the extra publicity, not bitchy about the traffic.
I'm sure that somewhere, deep down under his annoyance, he is.
Are you going to sit there and honestly say that if a web site you operated were brought to its knees and made totally unavailable due to a post on Slashdot, it would not have irritated you? "Aww shucks, I should have planned ahead better and gone with that Sun E5500 instead of this P133 after all! How stupid of me for not spending a half a million on infrastructure for my personal home page instead of this extra PC." Get real.
I do concede, though (as I have in previous posts), that he should not have been surprised this would have happened one day. And maybe he was aware that it could happen one day, and maybe he even planned ahead in the sense that there might have been some people willing and able to mirror his site's content at his request. If only he had some advance notice.
If, on the other hand, Slashdot mirrored my site without asking permission, I would be somewhat pissed.
If you are expressing the cacheability of resources on your web site incorrectly, then you are to blame here. Set up your cache control headers in your web server to more accurately describe how each resource could be cached. If you seem to think that every request should go back to the server and get re-retrieved, and that HTTP 304 responses are the devil, then by all means, just configure your web server so that it won't allow it. The point is, the site owner can make this decision (and should already be making it).
Please don't assume that everything you read on Slashdot is factual. Concede the possibility that the stuff in the FAQ is written by human beings who are fallible.
First, the RFC specifies proxying mechanisms. Proxying != mirroring. Yes, a proxy can cache. It's a grey area of the copyright law -- automatically-generated headers do not necessarily constitute the permission of the content owner, especially since the content owner can't always control the headers generated by his server (i.e. in a shared environment).
However, what people are proposing is to set up a mirror. A mirror is NOT an RFC proxy. It does not require intervention from the client (setting the web browser) and is not covered by any RFC I know of. It would be a completely non-standard solution.
A proxy would be completely inappropriate in this situation. Proxies are set up by ISPs and network operators, not people who merely provide links (like slashdot). If you want to use a proxy cache, use the one provided by your ISP. A slashdot-operated proxy would also require everyone to set up his/her web browser to use the proxy, and the proxy would have to relay the content for every web site accessed by the web browser, whether or not it is linked to by Slashdot. Otherwise, it would not be an RFC-compliant solution, and my comment about lack of standard caching/mirroring mechanisms would still stand.
About the website "brought to its knees" -- this is the problem and the responsibility of the site operator. If it's a P133, you cannot reasonably expect it to have 100% availability under any reasonable load. If you want that, get a Sun E5500 or an IBM mainframe or something. However, there is no reason to need a personal website to be 100% available, so a P133 may suffice. If you want to ensure that the amount of traffic to the website is limited, configure the web server to limit it. Hell, protect it with a password or restrict it to a certain subnet.
The main complain that people have are unexpected bandwidth bills. This is 100% their fault. A webserver can easily be configured to reject requests after the bandwidth limit has been exhausted. This can be configured per-hour, so as to not make a site unavailable for an entire month. One can easily configure a traffic shaper or throttling. The point is: if you have a limited amount of network resources available, it is your responsibility to avoid their exhaustion. This does not involve fancy network hardware -- any decent OS and web server has these features built-in or easily installable.
My point is: it is your responsibility to make sure that your web server does not misbehave. If you have a quota, it's your responsibility not to exceed it -- not Slashdot's or anyone else's.
The RFC (actually the HTTP/1.1 specification) discusses "HTTP caching". It's quite explicit. Caching at the user-agent and proxy level are discussed, but not to the exclusion of all other uses.
However, what people are proposing is to set up a mirror.
You're picking nits. An HTTP proxy can take a variety of forms. Here is the definition quoted in the HTTP/1.1 specification (emphasis mine):
An intermediary program which acts as both a server and a client for the purpose of making requests on behalf of other clients. Requests are serviced internally or by passing them on, with possible translation, to other servers. A proxy MUST implement both the client and server requirements of this specification. A "transparent proxy" is a proxy that does not modify the request or response beyond what is required for proxy authentication and identification. A "non-transparent proxy" is a proxy that modifies the request or response in order to
provide some added service to the user agent, such as group annotation services, media type transformation, protocol reduction, or anonymity filtering. Except where either transparent or non-transparent behavior is explicitly stated, the HTTP proxy requirements apply to both types of proxies.
It does not say how this proxy should be built or implemented, it just describes some device that acts as a server from the user's perspective and a client from the origin server's perspective.
What I'm describing is just another form--albeit an unusual one--of a standard caching HTTP proxy. You're arguing technical definitions here that aren't really relevant.
Have you never visited a page using Google's cache?
It's a grey area of the copyright law -- automatically-generated headers do not necessarily constitute the permission of the content owner, especially since the content owner can't always control the headers generated by his server (i.e. in a shared environment).
Huh? It's absolutely not a gray area. In the case of the Google cache, it might be, because Google is indeed preserving the contents of the pages it spiders well beyond the norm for any HTTP cache.
But in the case of a "content owner" and the cache control functions of HTTP, there is no "gray area" whatsoever:
By default, most HTTP servers only send a Last-Modified header along with the content. If this were the extent of the "HTTP caching universe", it alone would be more than sufficient, since a caching proxy would just have to go back to the server and make a conditional GET request, where the origin server would respond with a "304" if nothing changed. This alone would significantly reduce the amount of load/traffic on a site without the possibility of the proxy delivering stale information to the user. Content owners don't need to know or care about any of this, and they certainly couldn't put up a legal case saying that their web servers were delivering a "304 Not Modified" response and that response facilitated copyright infringement. That is completely absurd.
So right up front, with extreme HTTP basics, we have enough to build our HTTP caching proxy (which appears to the user as a mirror, even though it isn't really one, since we never cache/duplicate content that is dynamic, changing for each request, or where the origin server has specified HTTP headers disallowing caching).
If we wanted to go a step further, this requires additional help from the origin server. In other words, to make proper use of the more advanced HTTP caching techniques discussed in the standard, the origin server has to explicitly be modified to give us additional cache-control headers, or the content needs to provide additional cache-control headers (perhaps in the <meta> tags, or configured through a.htaccess file).
So at this point, if a page is delivering an Expires or Cache-Control header that is explicitly offering information that allows us to cache the resulting document for a certain period of time (seconds? hours? weeks?), someone had to make the very conscious and explicit decision to do that, which means any form of caching or proxying that we wish to do on that is fair game.
Keep in mind also that it is highly unusual for sites to have "volatile" content with cache-control information suggesting it can be cached for any extended period. Even having this information cached for just a few minutes, or an hour, would be completely sufficient to mitigate the effects of a Slashdot posting, since it would mean the caching proxy would only have to make a single request once every few minutes, or every hour, for the entire Slashdot community.
The bottom line is that if there is a web site out there that is lying as part of its HTTP implementation, you cannot remotely fault the users, user agents or proxies for acting in good faith on that information. Again, by default, servers do not provide any information on how long a resource may be cached (if at all), though it does allow validation through the use of conditional GETs, which can significantly reduce the volume involved in the responses, even if it won't reduce the number of hits. If a server expresses more advanced cache-control headers, it's doing so as part of an explicit request. If whoever performed that configuration was not authorized to do so, the content authors need to take that up with the owner of the server (much as an author would need to take up distribution issues over a physical book up with their publisher).
Keep in mind that at no time does this "mirror" or caching proxy ever keep a copy of this data that is truly independent from the data on the origin server. It only keeps this data around as long as the origin server said it could (as expressed through the Expires header or Cache-Control parameters). The proxy is still required to validate against the origin server as needed (by default, unless the web server was explicitly configured otherwise, this means it has to validate each and every request using a conditional or complete GET request). If the origin server disappears or removes the content, as soon as their cache-control values expire, the content disappears from the proxy as well. Yes, this appears to the user as a mirror, but functions more like a proxy.
If you have a quota, it's your responsibility not to exceed it -- not Slashdot's or anyone else's.
I completely agree. Nothing I have ever said in this thread has once indicated that Slashdot is in any way obligated to configure a mirroring service. I have repeatedly stated, however, that Slashdot is effectively being one giant asshole towards those smaller sites it does link to without giving them a head's up when it knows the site probably won't handle it. In most parts of the world, it's perfectly legal to be an asshole, and in many places, one's right to be an asshole is even protected. But that doesn't make the person any less of an asshole.
We've all been paying attention to part two, making it hard to get into, but part one, which you noticed immediatetly, is that he's made his house look like there's nothing worth stealing in there in the first place.
What A Beautiful Mind
by
BadlandZ
·
· Score: 1, Troll
I'm sorry, but can you explain just a little more?
I'm sorry, but can you explain just a little more?
25 years ago (1978) you made a computer that used a LCD display (invented 1971, on a MC6809 (that the first reference I can find to is a Motorola Inc., MC6809 Preliminary Programming Manual, Austin, 1979), and then you went and said " hose motherboard was embedded in a 3-ring binder, with sheets."
Now, I'm assuming you had to be at a bear minimum 16 years old when you did this back in 1978, making you 44 now at a minimum. And as a 44+ year old that use to do cool shit like this (if it's true) you still have the time/interest to post to/.?
I don't completely mean to question your honesty, but, more so, if what your saying is true, I would be VERY impressed, and would love to meet you someday.
Re:What A Beautiful Mind
by
VisorGuy
·
· Score: 2, Funny
First of all he said 23 years ago, which would be 1980 or more likely 1979 (since today is only the 11th day of the year).
Second, he's friends with gandalf_grey (93942), who is also a fan of his; so this Pig Hogger dude has got to be fairly up in years. ;-P
-- This user account is inactive account replaced by the PDA
Re:What A Beautiful Mind
by
tacocat
·
· Score: 2, Offtopic
I'll be forty in two months
Are you expecting me to stop posting to/. in two months? Am I allowed to do cool shit anymore?
His age is of no inport - On my irc server/channel I know someone who is 72 and happily talks to us about Seti@Home (he runs many computers for this purpose) plays gangwars and is generally a super-geek
44 is nothing
Re:What A Beautiful Mind
by
vrmlguy
·
· Score: 3, Insightful
I'm 47 years old. A little less than thirty years ago, I built one of Don Lancaster's TV Typewriters, an ancestor of the computer monitor you're sitting in front of right now. Around twenty years ago, I helped write "big iron" code that simulated underground explosions as an earthmoving tool (it tried to predict where the displaced soil and rocks would land), and I got to be on site for some of the tests) Ten years ago, I wrote a document management system that accepted faxed cell-phone contracts from kiosks, so that when someone tried to get out of a contract, we could fax them back their signature. Today, I'm active in Linux, Apache, MySQL, Perl, PHP, C, C++, PalmOS, Windows XP, Unix and SANs.
The point is, whatever you're doing today seems like drudge work, but after a quarter-century, everyone forgets the boring bits and just recalles the sexy parts.
Re:What A Beautiful Mind
by
Anonymous Coward
·
· Score: 0
Well, somebody is forgetting that computers existed before they personally experienced them.
You think that the hordes of us who created, programmed, and used all those microcomputers in 1980 merely vanished? When you're thinking in the long run remember you're part of a long flow.
Re:What A Beautiful Mind
by
Pig+Hogger
·
· Score: 3, Interesting
(Note: some details have been altered to protect the innocent and cover-up the guilty)
Read properly. I said 23 years ago, so that's 1980. I was only 18 at the time, but I had experience in computer graphics programming plotters (I volunteered for a computer graphics art group - this was waaaaay before Postscript) so it was only natural that I'd be the one they turn to to generate the barcode sheets.
They were done on a HP-9847 graphics terminal (a company oddball that was lying in a corner 'cause no one had any use for it. I learned years later that it was a demo unit THAT HP FORGOT THERE!!!!) onto which you could load a (surprisingly good - compared to the usual Microsoft crap - yes, Microsoft used to do crap then) BASIC interpreter, all this driving a IEEE-488 plotter. But eventually, I found the setup so disgusting (can't stand BASIC) that I wrote a device driver for the mainframe and I reprogrammed the barcode sheet programs. All in PL-1. Needless to say, that pretty well annoyed the dinosaur tenders of the time that I'd be using THEIR big iron to make graphics... Not to mention asking them all sorts of technical information in order to hack this...
In that project, I eventually also programmed the database on the mainframe that received the data, as well as the mainframe-side communication program, after my bosses saw that I managed to write a plotter driver for the dinosaur...
Anyway, the project was eventually canned because there was to much high-management interference (this was for a Fortune-500 ** CANDY ** company!!!) which brought the progress to a crawl. Only 10 prototypes of the computer were built, and I believe some still exist to this day.
* * *
Nowadays, I manage the computer department for a design company which designs museums (we're currently doing a museum for the Smithsonian, amongst other things), and I have a tax-credit consulting sideline.
For fun, I troll on Slashdot and NANAE, and have plenty of sex.
Now, for those who imply that there is no life beyond 30 years, I say you're fucking bunch of peepsqueaks whippersnappers; first of all, my sex drive went waaaay up when I hit 32 (went from 5 screws/week to 3/day), and I don't have any problems to pick-up; heck, a few months ago, a 19 year old jumped on me, and whas subsequently duly fully fucked by myself (and this happenned in a city park).
The front of the house. The windows on the left are to my room.
In my window sits a cheap barcode reader. It's powered by a computer power supply I ripped from an old computer.
Anyone who wants to get into the house can scan a barcode that they carry. A video store gave me a little keychain barcode which I'm using here. The scanner has a CCD; I don't have to slide the barcode. The scanner actually has a beeper that I can control from the computer. You can hear it beep from outside the window.
Here's the driver circuit I slapped together for the barcode reader. It's just a MAX232 chip that converts CMOS/TTL levels to the RS232 spec. The output connects to the serial port of one of my Linux boxes. That box runs a trivial python program to read a packet from the serial port and send it via TCP/IP to another computer in the house.
The receiving computer is connected to this K8000 experimenter board. I2C chips on this board . If your barcode was on the list of allowed keys, I raise output 7 on this board for 6 seconds. Input 6 (the right-hand illuminated LED) shows that the door was closed when I took this picture. See below for how I sense if the door is opened or not.
Some successful reads.
When the K8000 board raises the right output signal, this driver circuit sends 24VDC to the door strike, shown below.
In this electric strike is a solenoid that relaxes the part of the strike that was holding the door closed. The door still functions as it did before, but now I have an additional way to allow the door to open.
This is the top of the door frame, where I have wedged a reed switch into the wood. There's a magnet on top of the door that closes the switch when the door is closed (hence the turned-on LED in the picture above).
Slashdot really, truly, utterly needs to have a local cache of the pages it references. It's getting to where Slashdotting is as bad as a denial of service attack - and that's a terrible thing to inflict on *anyone*.
Slashdot should cache pages to prevent the Slashdot Effect!
Sure, it's a great idea, but it has a lot of implications. For example, commercial sites rely on their banner ads to generate revenue. If I cache one of their pages, this will mess with their statistics, and mess with their banner ads. In other words, this will piss them off.
Of course, most of the time, the commercial sites that actually have income from banner ads easily withstand the Slashdot Effect. So perhaps we could draw the line at sites that don't have ads. They are, after all, much more likely to buckle under the pressure of all those unexpected hits. But what happens if I cache the site, and they update themselves? Once again, I'm transmitting data that I shouldn't be, only this time my cache is out of date!
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
So the quick answer is: "Sure, caching would be neat." It would make things a lot easier when servers go down, but it's a complicated issue that would need to be thought through in great detail before being implemented.
They could easily implement some kind of opt-in thing where you put a META tag in your web page telling Slashdot that you grant them explicit permission to mirror the site for (say) a week after mentioning it - so Slashdot would have no legal/copyright come-backs.
You're a genius! Oh...wait...no... You just haven't read the FAQ:
Is it possible to have META tags that Slashdot looks for in a story link before allowing it to be submitted/posted? Many times a server can't handle the load of a Slashdotting. So can the site have tags to prevent it from being added to a Slashdot story?
Not inconceivable, but I don't really think it's worth the work. Most of the sites that are Slashdotted are prepared for it, and the sites that get smashed usually are caught completely off guard; they wouldn't know of this mysterious opt-out meta tag. (See also Caching Slashdot Stories).
It's not rocket science to configure Apache to handle a Slashdotting. I've been hit three times in the past five years. Every time, my little 333MHz eMachine has done just fine. I just followed the instructions in the Apache guide. This guy took another fine route -- he took his pages off-line for the time being. Either route works.
People who put up websites should recognize that people are going to look at it. Sometimes, a lot of people might look at it, as a result of a link from Slashdot or any of hundreds of other sites. People who bitch and moan about being linked to from Slashdot remind me of the companies who whine when people link to "confidential" webpages -- guess what, if it's on the web, it's not confidential.
-Waldo Jaquith
Re:No, Actually
by
Anonymous Coward
·
· Score: 0
Lets get realistic here. A site that makes a substantial amount of cash of banner ads should have at least half decent hosting.
Also, doesnt slashdotting a site out of existance negate any profits they could be getting from banners?
the whole point is that slashdot should mirror personal sites that can't handle high traffic. Putting something up on the web implies that you want people to see it, so there really shouldn't be an issue with cacheing the page for a week or two while it's on the front page.
Of course, most of the time, the commercial sites that actually have income from banner ads easily withstand the Slashdot Effect. So perhaps we could draw the line at sites that don't have ads. They are, after all, much more likely to buckle under the pressure of all those unexpected hits. But what happens if I cache the site, and they update themselves? Once again, I'm transmitting data that I shouldn't be, only this time my cache is out of date!
Who cares? For them to get noticed on Slashdot, the interesting bits will still appear in the cache. Also, having the content cached doesn't mean that a link to the original site couldn't still be provided.
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Bullshit. If I want "breaking news", I go to CNN. I can't remember the last time I read a Slashdot article where the content of the article was time sensitive. It's just casual information to entertain and maybe educate the bored geek. Six hours is nothing. By the time Slashdot gets the news, it's already out in the open. It's not like they're going to get scooped.
Not inconceivable, but I don't really think it's worth the work. Most of the sites that are Slashdotted are prepared for it, and the sites that get smashed usually are caught completely off guard; they wouldn't know of this mysterious opt-out meta tag. (See also Caching Slashdot Stories).
So if the site doesn't have the magical opt-out tag or extra instruction tag, then fire up your e-mail client and get permission. Or just cache it and be done with it.
People who put up websites should recognize that people are going to look at it. Sometimes, a lot of people might look at it, as a result of a link from Slashdot or any of hundreds of other sites. People who bitch and moan about being linked to from Slashdot remind me of the companies who whine when people link to "confidential" webpages -- guess what, if it's on the web, it's not confidential.
The point is that it would be a decent thing for Slashdot to provide some mechanism to minimize the inconvenience caused by having a site or page linked on the front page. The points listed in the FAQ are weak. The bottom line is that some sort of cacheing would benefit both the owners of the content being linked (it wouldn't nuke their site) and the readers of Slashdot (no more seeing a cool story on Slashdot only to have to wait to read it because the Slashdot effective is already underway).
Truth be told, there is already an informal Slashdot cache -- you often see kind users copying the meat of the page into a comment which always gets modded up to +5. Further proof that an official Slashdot cache would be well received.
The only real argument against a cache would be the load that it would place on the Slashdot servers. They are tuned to handle their current content, but I wonder if they would be able to handle the load of serving up all that extra content in addition to the stuff that they already do.
Is it possible to have META tags that Slashdot looks for in a story link before allowing it to be submitted/posted? Many times a server can't handle the load of a Slashdotting. So can the site have tags to prevent it from being added to a Slashdot story?
Not inconceivable, but I don't really think it's worth the work. Most of the sites that are Slashdotted are prepared for it, and the sites that get smashed usually are caught completely off guard; they wouldn't know of this mysterious opt-out meta tag. (See also Caching Slashdot Stories).
I also don't by this part there are all ready a option for this: "Pragma: nocache" that are used by many sites. If it is used the the should be a direct link to the site and if not use apaches proxy-function (mirror.slashodt.org/bla/bla/bla) mention erlier. This is what google use (afaik).
To say that you can setup and read apache documentation aren't the same as all people can do it. An nice prallell are driving a car, just because you can drice a car...
Would I be willing to wait 6 hours on a 'cool breaking story'?
In a word: YES!
Most news on Slashdot is NOT BREAKING. If I didn't hear about barcode keys until tomorrow, or Wednesday, or next bloody MONTH for that matter, my life is not going to be significantly impacted.
When was the last time you saw a Slashdot story that you just absolutely had to read RIGHT THEN? There have been a few over the years (and I've been reading since close to the beginning; my number is so high because I didn't bother getting an account for six months or so after they started registrations.) There are occasional bits of 'breaking news' that make it here, but they're not nearly as common as the editors seem to think.
Slashdot, I think you are ignoring/abusing a responsbility here. You have the net equivalent of an Uzi; almost any small site you point to is going to die. Yes, the solution to the problem is tricky and would require some real thought and effort to implement. But you have had YEARS to think about this; I don't think 'it's hard!' is an adequate excuse anymore. Your other FAQ reasons are, in my opinion, fluff. The REAL reason is because it's hard, and I don't think that washes anymore.
If you actually DO have a breaking story, you always have the option of linking it directly. But if I have to wait an extra day before hearing about barcoded house keys, well.... I imagine I'll cope. Somehow.
Enough is enough. It's time to get started on some kind of caching system. If you're really lost, call Google. They're geeks. Many of them probably read this site, and I'll bet most would at least talk to you about the problem free of charge. If you want to start a discussion list on the project, I'll be happy to join and help as much as I can.
This is a problem that really needs to be solved, and I'm sure that many of us are ready and willing to help solve it.
This door has all the vulnerabilities of the physical key PLUS all the vulnerabilities of the new barcode system.
It's like putting a pair of firewalls in parallel. An intruder only needs to know how to bypass one of them to be into your soft and chewy insides.
-- Bah!
Current Page Text
by
Kaz+Riprock
·
· Score: 2, Offtopic
This used to be an interesting page about the barcode scanner door entry system I built with Python and Linux. I posted this page because I'd like to share my project with others. I've answered emails giving people circuit diagrams, and I've had various online discussions about my design decisions. Now MC68040 and michael@slashdot.org decide that it's time for me to go down. They didn't ask me if they could link; they didn't ask if I'd like to put up a mirror somewhere else. At least michael-the-slashdot-editor knew that I'd be down in minutes if he made a link.
I'd love to put this page back up, and maybe in several days I'll remember to do so. If you're interested in interfacing Linux with serial devices or electric door strikes, drop me an email at drewp@bigasterisk.com.
Bitter?
-- Mordor...a magical, mythical land where women are more rare than dragons--but where every man would rather find a dragon
Re:Current Page Text
by
Winterblink
·
· Score: 1, Offtopic
Wouldn't you be?
-- "I'm a leaf on the wind. Watch how I soar."
-Hoban Washburn
that he was forced to shut his site down? gosh, i can't imagine why he might be a little upset. i wonder how many sites you've contributed to the net that would even be considered for/. destruction.
In my experience people with very little resources make some of the most astounding innovations.
Is this site about innovations ? or about the ability to withstand the/. effect ?
Seems to me the answer to that question in this case is the difference between bitter and frustration.
-dps
Re:Current Page Text
by
Anonymous Coward
·
· Score: 0
Maybe he should add himself to the do-no-link websites...
But why is he bitter? I mean, chances are more people have seen his page in the last few hours than have ever before. Sure, no one can get there at thim moment, but didn't all those other views (way) more than make up for it? It's not like it's a site that has to be up or anything. I wouldn't be bitter if my site got slashdotted. I would think of the benefits.
I wonder if his mailbox don't get full instead of having a broken webpage...
Re:now we just need to make a company called Skyne
by
SEWilco
·
· Score: 1
...some terrorist is smart enough to detonate a ESP device...
The terrorist knew you were going to say that.
He also knows what you're going to do next.
good job asshole
by
Anonymous Coward
·
· Score: 0
another great site brought down by the thoughtless editors of slashdot
Re:good job asshole
by
Anonymous Coward
·
· Score: 0
another butt plug who though he was an opinion but realized everybody has one of those...
Great, now you can open someone's door...
by
Anonymous Coward
·
· Score: 0
With a can of baked beans!:)
Door Self-Destruct Initiated, T-Minus .001 Seconds
by
DarkZero
·
· Score: 2
He fails to mention that the scanner scans more than just barcodes. When it scans the correct barcode, it makes the door unlock. When it scans a boot or shoulder, it makes the door self-destructed
He misses the point of the Web
by
Shocker1
·
· Score: 1
While it's a shame to see that another site has been slashdotted into oblivion, Drew, the guy at the bigasterisk.com site mentioned in the story, seems to be missing a fundamental ideal of the web.
He states that MC68040 and michael have "decided that it's time for [him] to go down" -- ouch -- and that they did not ask if they could link to him.
While I understand that maybe his web server puked a few times under the load and he's annoyed at that, he seems to have forgotten that one of the original ideas of the WWW was to have people link back and forth to each other, to share interesting and noteworthy sites with friends and anonymous surfers. I saw his site before it went down; nowhere on that page did it specify that he should not be linked to unless asked first. If he didn't want it accessible to the public from links on other pages, he shouldn't have put it up.
Maybe leaving out a condition for linking was a small oversight, maybe not; but it's unfair for him to blame michael-the-slashdot-editor for it.
Re:He misses the point of the Web
by
Anonymous Coward
·
· Score: 0
There are servers and then there are servers... The guy didn't plan for this, if he had a little notice, maybe he could have.
Re:He misses the point of the Web
by
Fastolfe
·
· Score: 2
he seems to have forgotten that one of the original ideas of the WWW was to have people link back and forth to each other
I think you're reading too much into things.
He's annoyed and frustrated that his server was brought down due to the traffic created by this article. Wouldn't you be?
Most servers cannot handle the traffic Slashdot generates. This is an unfortunate fact, but it needs to be a fact that Slashdot admits to and tries to mitigate. They don't. The FAQ gives a few excuses that don't hold any water and that's the end of the discussion as far as they're concerned.
Re:He misses the point of the Web
by
Lazaru5
·
· Score: 2
Slashdot _does_ need to be more responsible when linking, HOWEVER...
The problem is that more geeks are hosting their personal sites on their broadband connections, and they simply don't have enough upstream bandwidth to handle a slashdotting. When Drew said that they didn't ask if/. could link to his page, he didn't mean in a legal sense, (which the parent poster seems to be thinking) he meant in a "hey, will your connection and server be ok if we do this?" sense.
There was no reason to even think that they should ask. They didn't make a conscious "decision" to DDoS Drew, they simply saw a site worth linking to. Drew took it as a personal attack and he needs to realize that they had no idea that bigasterisk.com was hosted on a home DSL connection.
It's also more likely that his connection was unusable before his server ever "puked" (if it did.) He could have killed Apache and _still_ had no use of his DSL. How would you feel? Granted, it's no excuse for his irrational assumption of malicious intent, but you'd be unable to even do anything about it. You couldn't put up a mirror because your connection is hosed. You couldn't reach/. to post a URL to the mirror even if you had one.
And I'm speaking from experience, as the admin of a web server at an ISP that was/.ed 4 years ago. (Mosfet's KDE page.)
--
--
My comments and opinions completely reflect those of anyone and anything I am remotely associated with.
Re:He misses the point of the Web
by
Shocker1
·
· Score: 1
Agreed, mostly. Slashdot could be more responsible when linking, but likely it would take far too much time to get anything done if every story needs to wait for an admin's approval...if the admin even approves in the end. As far as I'm concerned, if it's posted on the web and it's not protected by passwords or some other scheme, it's public domain and you should expect hits, even to the point that you can no longer handle it -- doesn't mean you have to like it when it happens, but not be surprised if it does. Otherwise, don't put it up.
There could have been a much better solution to this rather than the childish diatribe he posted blaming MC and michael. His web server is still up, so obviously he still has a connection. It's serving a small text file, which granted can handle a/.ing much better than a page with twenty large images...but in light of the fact that his web server is handling the text file just fine, I personally think that once Slashdot got wind of it and he started getting heavy traffic, he could have done one of two things:
Post a text-only version of the page, promising that those that were truly interested in it enough to come back in a week and check it out again would see the pictures put back up -- which would have been very quick and easy to do.
Post a text-only version of the page, and instead of having pictures, simply go into more detail about what he did in text rather than relying on images to show his accomplishment.
As you said, there was no reason for him to think they should ask about the capabilities of his web server, and certainly no reason for him to take personal insult at the matter.
Making something with his own hands that is cool enough that the Slashdot editors think it worthy to link to should be taken as an honor, not an insult. I can most definitely understand his frustration, but I think his anger misplaced.
Re:He misses the point of the Web
by
epine
·
· Score: 2
% host bigasterisk.com
bigasterisk.com has address 64.139.32.113
% host 64.139.32.113
113.32.139.64.in-addr.arpa
domain name pointer ip-64-139-32-113.dsl.sjc.megapath.net.
The reason Drew perceived this as careless and malicious is that he's not as clueless about how easy it is to determine that a site is hosted on a cable modem. Even a/. editor can correctly spell the 'host' command.
Re:He misses the point of the Web
by
Lazaru5
·
· Score: 1
They can yes, but there's nothing to suggest that they should have. Now if it had been something like bigasterisk.dyndns.org or something more suggestive, then there'd be some carlessness involved.
--
--
My comments and opinions completely reflect those of anyone and anything I am remotely associated with.
Hmm.. -2 years +1 friend = credibility?
by
BadlandZ
·
· Score: 2
Ok, you've dug up something! That' put's Pig Hogger at 40+ (no crime being old! hehehehe... sorry, I'm 33 now, I have to be able to call SOMEONE old, seems like EVERYONE is 16-20 now days!).
I'd still like to know 2 things. I'm not sure how to make this sound "polite" because it will probably end up sounding more like a challenge, but that is NOT my intention.
I'd love to read a bit more about this project Pig Hogger did back in early 80's (when I was happy enough being able to figure out how to overlay credits onto a home video tape with a Tandy)...
And I'd love to hear what Pig Hogger is doing now days.
he comes off as an ass...
by
Anonymous Coward
·
· Score: 0
bitter doesn't start to cover it...
does he know what www is for
he is pissed because we "dare" com look at his page?
maybe his machine went down??? set it up right next time.
f*cking putz
Re:he comes off as an ass...
by
fisher182
·
· Score: 1
ah yes, but you don't come off as an ass right? i'm not sure everyone has the resources to plan for a/. assault and not everyone has their own machine to set up right. people do host websites on other folks machines y'know, i believe it's called web hosting.
he's also not hiding behind the anon coward nick, so who is the ass again?
Re:he comes off as an ass...
by
Anonymous Coward
·
· Score: 0
Regardless of how *I* come off, *he* is still an ass.
His explanation now posted still makes him an ass
I have read the FAQ.....
by
Anonymous Coward
·
· Score: 0
... and it answered my question about mirroring or caching. "We don't want to wait, so we just go ahead and link anyway."
I want the next person on Slashdot who complains about spam because it "hogs our bandwidth without our permission and thus costs us" to read the FAQ too, and then just suck it up. I'm sorry, but this really is just as irresponsible
This is really just pin type security
by
esobofh
·
· Score: 1
Pin or security code access really, only instead of remembering the number in his head, he has it written on something in the form of a barcode. Imagine if everyone walked around with their security system codes written down... sorta defeats the purpose. I wonder if, as a backup, he has a normal pin pad to key in the digits manually.
--
----------------------------
Esobofh - Currently drinking fresh mango juice.
X10 is not X10.com, sorry. X10 is a protocol that has past it's copywrite/patent. And, X10.com has taken advantage of that, and now "ownes" the X10.com domain. But, X10.com, and it's owners ARE NOT X10.
The technology of X10 is very cool. It's a low speed protocol transmitted via standard home wireing, in duplicate to prevent errors, sent during the zero phase of the standard AC power curve. Quite cool, quite simple, quite elegent.
The ability to program you home lighting, broadcast home theater, lighting, temperature, security, and countless other bits of information over standard home wiring is defined by X10. It's there, unrestricted, and one could even argure it's BETTER than GPL, it's an EXPIRED patent, meaning there are NO rules on how to use it because it's an idea that can no longer be owned because it's past it's time limit for ownership.
What was your complaint again?
Re:Sorry, your confused...
by
LinuxOnHal
·
· Score: 1
Yeah, uh, it was a joke. I'm not a dumbass, AND I have a sense of humor.
-- Trying is the First Step to Failing --Homer Simpson
I don't buy it; use a caching proxy if nothing els
by
Fastolfe
·
· Score: 5, Insightful
I don't buy the FAQ's explanation. I think they're deliberately oversimplifying or just saying "it'll be too complicated and annoying for everyone" because they're lazy.
At a very minimum, use a caching HTTP proxy to feed a "mirrors.slashdot.org" site. Links would be set up under their own, unique path on this site (e.g. mirrors.slashdot.org/some.site/path/document or even mirrors.slashdot.org/50449) and this would funnel into a caching HTTP proxy. So long as the other site set up reasonable cache headers, there is no reason why the sites would object to their pages being cached in this fashion. This is built into HTTP, for fuck's sake. Wherever they have advertising being done, they're probably doing that in an iframe with its own caching policy. HTTP would handle all of this perfectly fine. Set an artificially low max-age value (overriding the site's) if you're really worried about things getting stale, but even this is unnecessary.
This is all fairly trivial to do. Slashdot authors/programmers have just gotten lazy in the last few years. They don't innovate or improve, they just watch over the slashcode "open source" project and occasionally toss out a few minor releases.
From your quote of the FAQ:
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Why don't you use some fucking common sense, ask yourself, "Do I think this site will survive linking?" And if the answer is "probably not," then e-mail them or call them, give them a head's up, and only if you fail to get a response in a reasonable amount of time would I ever think it's OK to link to them anyway.
They do have the information posted online, so any link and any amount of traffic is fair, but at least have the goddamn courtesy to mitigate the amount of damage you're knowingly causing. That's all that's being asked for: courtesy. Slashdot authors are lazy, that's all there is to it.
Re:Slashdot effect (the good, bad, and the FAQ)
by
Fastolfe
·
· Score: 1, Offtopic
What if they have banners they rely on for $$$? What if their site is based on php and some of the important information is pulled from a database?
Standard HTTP headers reflect the "cachability" of every HTTP resource available on the web. Static pages that never change and don't carry personalized information do not have to be served up by the same server for every request. An HTTP proxy detects this based on HTTP headers that come with the page and will cache these pages for the benefit of those downstream.
Further, 'iframe's or dynamic content should be expressing appropriate cache control headers to prevent only those resources from being cached, or for those pieces of dynamic content that may only change every few minutes, that those resources be cached until the next update is scheduled.
A mirror still isn't out of the question here, despite the excuses in the FAQ. Take an HTTP caching proxy, put a "mirrors.slashdot.org" face on it, and this problem is solved.
Let's be frickin' realistic...
by
Anonymous Coward
·
· Score: 0
Most servers cannot handle the traffic Slashdot generates. This is an unfortunate fact, but it needs to be a fact that Slashdot admits to and tries to mitigate. They don't. The FAQ gives a few excuses that don't hold any water and that's the end of the discussion as far as they're concerned.
If the server can't handle it, then they need to either fix the server (not difficult, I've had to do it before myself), or not put content up for public access.
And having seen the page with nothing on it that says "I can't handle a slashdotting, so please don't link to me" or anything similar, then I'm forced to conclude hey, it's his own damn fault. You put something up available to the public, then don't take any measures to fix your server for high load traffic or even ask that people not link to you, well, you deserve what you get, don't you?
Everyone is responsible for their own shit. Slashdot has no responsibility to fix the people that get linked to's server problems.
If you don't want it to be seen by everyone in the whole fscking world, then don't make it available to the whole fscking world. And when you do make it available, don't complain that other people took out your shitty server when they had nothing to do with it (like micheal had nothing to do with it).
A properly configured 333Mhz crap machine running Apache can handle the worst slashdotting you can throw at it. If you know WTF you're doing. And frankly, if you're running a webserver and you don't know what you're doing, then I have no sympathy for you.
Re:Let's be frickin' realistic...
by
Fastolfe
·
· Score: 5, Insightful
Your point of view here is totally absurd (which I guess is why you're posting as an AC).
I completely agree that people posting information to the web should not be surprised if that generates more activity than they would have wanted. In that respect, yes, it is "their own fault" and they "deserve" what they get.
But your comment suggesting that every web server and network be configured to survive a Slashdotting is idiotic. A "properly configured 333Mhz crap machine" most certainly will not survive any but the most mild Slashdotting, even assuming the network does. The fact that you make this statement shows me that you have no idea what you are talking about. Please post some numbers.
Your lack of sympathy for those people just trying to get something interesting/useful posted to the web astounds me. Someone that can afford to put information online for the benefit of all but cannot afford to do so using high-end hardware and high-capacity network links should not be punished for doing so. Not everyone is a professional web provider. Not everyone needs to be one. For most sites, with most content, Slashdot-levels of traffic will never happen. Why spend money building an environment that will handle it? In addition, some environments can handle it, so long as they have sufficient notice. What's wrong with a policy of giving people a few days notice before posting their link on Slashdot when it's clear their site probably won't survive it? Maybe the site owners can take some steps to ensure their site would stay up, or maybe temporarily mirror the content in question somewhere else? There's a lot that can be done here to prepare for a Slashdotting, but nobody has the decency to allow that to happen.
I agree that 'michael' can't be directly blamed for this, but Slashdot's policies on the matter most certainly can. It's just a matter of common sense and not being an ass. You're right: there's nothing requiring Slashdot to do this, and anything with a URL is fair game to be linked (with the traffic that that causes), but come on, there is a human factor here, and Slashdot could be a bit more courteous here.
Re:Let's be frickin' realistic...
by
cybermace5
·
· Score: 1, Offtopic
Right.
Someday I may be slashdotted, and my provider is probably not going to withstand it (I have shell access, and can see that my site is hosted on a Cobalt with about 150 other sites).
The slashdot FAQ's excuse "well, do you want to wait six hours for a cool breaking story while we ask permission?" is just ludicrous. This guy's site was obviously going to be there for a long time, it wasn't a breaking-news item by any stretch of the imagination. In fact, most sites that end up Slashdotted are just this type. The major breaking news stories are all hosted on servers that should be able to take a Slashdotting. The "look what I did in my garage" stories are not time-sensitive and just aren't set up for crushing traffic.
I've noticed an overall sense of degeneration on slashdot for quite a while. No one's complaints are ever taken into consideration: there is a problem with repeat posts. Most of us recognize a repost within seconds of reading it. Either the editors have sub-average memory retention, or they don't read slashdot. And what's with Cliff? Nothing happens on Ask for a week, then suddenly there are 20 stories, all of them complete crap.
I seriously have been surfing slashdot less. I find that I get more interesting news and articles on Google. The only thing that keeps me around slashdot is the community. And if enough of us get tired of having complaints and obvious solutions go unanswered, there won't be a community either.
-- ...
Re:Slashdot effect (the good, bad, and the FAQ)
by
Fastolfe
·
· Score: 2, Offtopic
I agree with the fact that Slashdot shouldn't have to mirror sites. I think most of their excuses as to why they don't are fairly absurd, though. This problem can be solved in a site-friendly, banner-ad-friendly and legal-friendly way through the use of run-of-the-mill HTTP proxies.
But however that goes, Slashdot really does need to be a little friendlier towards site operators when it's fairly clear up front that their site probably won't handle the traffic.
For the record, I've had news sites (e.g. MSNBC) do a story that involved some piece of content on my site, and generally, they ask my permission first, checking that I'm OK with it and that my servers can handle it. If they can take a few moments to do this, surely Slashdot can as well.
Copying a barcode is a bit easier than copying a key, but he's got it on his keychain anyway (it's a little video store tag thing). So either way, they've got to get his keychain off of him somehow. Not really any more or less secure.
Admittedly, if you knew something about the system, you could bring along a book of preprinted barcodes to get in, but then you could also bring a lockpick set too. And the lockpick is probably faster to do.
Then again, I prefer the hard and fast brute force method.. A swift kick to the door to break the frame. Works most every time.:p
-- - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
The banter back and forth about the slashdot effect is interesting -- but here is a more interesting point:
Slashdot is going to get sued for this.
At some point they are going to slashdot a commercial site which will, as usual, lose a lot of revenue.
In the petition to the court, the plaintiffs will note, correctly, that slashdot has been negligent in not contacting the site.
Slashdot's only defense will be "but we didn't want to wait six hours to contact them" as per their FAQ.
The plaintiffs will then point out that this has been a repeated, flagrent and eggregarious behaviour to multiple sites, that slashdot's members had pointed this out to them repeatedly, that posts had quoted entire sites to avoid this, that they had received previous complaints, and that slashdot's defense was just that they didn't want to bother waiting to contact the site.
One time would have been unfortunate, but the plaintiffs will be able to prove a pattern of conduct.
Slashdot will lose a large, large sum of money in the near future.
You don't have to be Kreskin to predict this one dead on. Note this, and check back to this post in a couple of years.
EDITORS: PLEASE FORWARD TO LEGAL.
--
The baby's fine -- please stop sending business cards.
This used to be an interesting page about the barcode scanner door entry system I built with Python and Linux. I posted this page because I'd like to share my project with others. I've answered emails giving people circuit diagrams, and I've had various online discussions about my design decisions.
Now MC68040 and michael@slashdot.org decide that it's time for me to go down. They didn't ask me if they could link; they didn't ask if I'd like to put up a mirror somewhere else. Of the two of them, at least michael-the-slashdot-editor should have seen that I'd be down in minutes if he made a link.
I'd love to put this page back up, and maybe in several days I'll remember to do so. If you're interested in interfacing Linux with serial devices or electric door strikes, drop me an email at drewp@bigasterisk.com.
"I posted this page because I'd like to share my project with others."
"They didn't ask me if they could link; they didn't ask if I'd like to put up a mirror somewhere else."
Now, I've got a lot of respect for people who come up with new ideas and actually make them happen. I appreciate it when they tell the world how to do it. I think it kicks ass when Linux is their tool of choice. But what the hell is this guy thinking? "Stop looking at the information I want you to see!" It's pathetic when some stupid company wants to restrict linking, but it's inexplicable when a hacker does it.
-- I spent a year in Iraq looking for WMD and all I found was this lousy sig.
Re:Not very clear minded.
by
Anonymous Coward
·
· Score: 0
Well not totally true. If I was to put up a site about barcode doorlocks etc, I wouldn't expect world + dog to be interested in it. I would see it as being a minor backwater thing, accessible if someone searched for relevant material on Google or whatever. Hence the result is a site on a server that's pretty much able to handle the expected load.
But Slashdot focuses an interested community on the article - it drags the site to the front of the queue and places the link in front of a huge groups of interested people. From our point of view this is great, becasue we see it on the personal level of "Wow, that's pretty cool. I wouldn't have found that if it wasn't on/."
From their PoV it's a case of "oh hell, my server's going to melt/my bandwidth prices are going to go through the roof" - quite major issues if you're running your own box or not budgeting for the bandwidth. It's easy to see why he's annoyed.
In the long term,/. is at the front of what will happen with the internet. As search engines and news boards get more effective, a lot of material is going to be placed in front of interested people and we're going to see this happen more and more. Slashdot is probably way ahead of the pack because the web was initially tech-centric, but as more and more people with varying interests get online and find communities that support them, it's only a matter of time until Cross Stitch Weekly trashes your grandma's blog.
First of all, as you see on this guy's site now, he's taken it offline due to the load. I've sent him an email explaining that there woulden't be a slashdot effect if nothing was posted on slashdot but that I'm sorry anyway. Second of all, as for security. I was not considering this as a high-level mumbo-jumbo super-secure system but I'm just of the opinion that it was pretty neat (atleast more neat that just sliding your magnetic stripe card throught a reader) and a easy way to provide users with time-limited access not for it to be a failsafe system =) It's just cool.
This is just my opinion, I don't expect to change the world with it, but who knows. (Also note, I'm a really bad typist!)
As a regular/. reader who is NOT a programmer, IT professional, or computational fluid dynamics engineer, I see the slash as an icon of everything "geek", open source, science, and opinion. (I'm sure just about everyone here sees and respects this site in the sam way.) All of it in a positive way! I'm just an artist (yes, I come from the shallow end of the gene-pool) who really enjoys this stuff.
But the/. effect is starting to go too far, and to me, it's a matter of respect. For the most part, those who crash from/. are us little guys. I feel that/. represents all the movements I mentioned above, and now I'm starting to loose that respect for it. Not everyone in the world thinks the same way, and to respect how other people do things is the first step in getting, and keeping, respect for the same things you represent. If posting a page on your site about science, opensource, tech, whatever, is going to cause a server-frenzy, migraine headaches, and unlcers, people are just going to stop, and maybe even start revolting. (I know, harsh word!) Image is everything, and my image of open source/science/tech is starting to get ugly because of the/. effect.
Though, I know my websites could withstand a good/.ing, (bring it on!) this is also a matter of cost. We small guys PAY for bandwidth out of our own pockets. (Thos of us who refuse to use advertiser-laden freebies!) We know that, in general, we're not going to get a million hits. We're not after a million hits. Gee, wouldn't it be funny if/. was held financially responsible for the EXTREMELY excessive badwidth it is known for? (I'm sure we could all find a lawyer that would take that case, it's your historic actions, readers and paying members that cause the expense!)
In a perfect world, everyone would be on unix/apache, have unlimited bandwidth, and not a care in the world. But it's time that/. starts to respect those that don't think like they do, otherwise, how do you expect to get the respect you deserve for the things you respresent. ("Gee, if I use linux, will i crash my friend's computer if I try communicating with them because they use windows..."Joe Computeruser) The world doesn't have the intelligence/expertice that the average viewer here has. But we far outnumber you.
So,/., rethink, reflect, RESPECT.
(soap box destroyed)
Blocking access better than Slashdot style
by
linux11
·
· Score: 0, Offtopic
A while back, CmdrTaco recommended a URL for AvantGo users to use to read Slashdot with. So, I add it to my AvantGo list. Look below to see what I get as my Slashdot channel in AvantGo now.
Similar to the barcode door situation website, Slashdot has choosen to ban access. Unlike the barcode door situation website, Slashdot was aware of interest by AvantGo users to "link" to Slashdot and even RECOMMENDED it to AvantGo users.
Most of the claims below do not apply to AvantGo. The AvantGo servers put a 200K cap download per channel which limits the usefulness to try to use AvantGo to perform DDoS attacks. Anyone that has used AvantGo knows it's unlikely that someone would try to use it's limited interface to post at all including attempting to formulate a post to break brower rendering. And while AvantGo is a proxy server, anyone that has used it also knows that it doesn't act like a "normal human" because it is used for offline reading. So, CmdrTaco recommended AvantGo use for reading Slashdot knowing it is an offline reader proxy and then puts up a bunch of unrelated excuses why he is blocking it. And, btw, the "proxy administrator" (anotherwords, AvantGo) could care less if Slashdot blocks it. The contact the proxy administrator to get access back to something that CmdrTaco recommended using is pure bull-dung.
I think Drew is handling the barcode door website issue much better. At least the ban explaination page is to the point why the ban was needed instead of the CmdrTaco core dump of unrelated excuses for blocking AvantGo.
Anyways, the Slashdot channel via AvantGo is as follows:
Either your network or ip address has been banned from this site
due to script flooding that originated from your network or ip address -- or this IP might have been used to post comments designed to break web browser rendering. If you feel that this is unwarranted, feel free to include your IP address (64.157.224.70) in the subject of an email, and we will examine why there is a ban. If you fail to include the IP address (again, in the Subject!), then your message will be deleted and ignored. I mean come on, we're good, we're not psychic.
Since you can't read the FAQ because you're banned, here's the relevant portion:
Why is my IP banned?
- Perhaps you are running some sort of program that loaded thousands of Slashdot Pages. We have limited resources here and are fairly protective of them. We need to make sure that everyone shares. If your IP loads thousands of pages in a day, you will likely be banned. Please note that many proxy servers load large quanitites of pages, but we can usually distinguish between proxy servers being used by humans, and IPs running software that is hammering our servers.
- Your IP might have been used to perform some sort of denial of service attack against Slashdot. These range from simple programs that just load a lot of pages, to programs that attempt to coordinate an avalanche of posts in the forums (often through misconfigurated "Open Relay" proxy servers).
- You might be using a proxy server that is also being used by another person who did something from the above list. You should have your proxy server administrator contact us.
- Your IP might have been used to post comments designed to break web browser rendering.
Answered by: CmdrTaco Last Modified: 7/02/02
How do I get an IP Unbanned?
Email banned@slashdot.org. Make sure to include the IP in question, and any other pertinent information. If you are connecting through a proxy server, you might need to have your proxy server's admin contact us instead of you.
Answered by: CmdrTaco Last Modified: 3/26/02
What happens on the reboot?
by
rasteri
·
· Score: 1
"fsck:/mnt/door1 was not cleanly unlocked, check forced.":)
Just get a copy machine and your security scheme is blown up!
Re:Slashdot effect (the good, bad, and the FAQ)
by
pi_rules
·
· Score: 1, Offtopic
For the record, I've had news sites (e.g. MSNBC) do a story that involved some piece of content on my site, and generally, they ask my permission first, checking that I'm OK with it and that my servers can handle it. If they can take a few moments to do this, surely Slashdot can as well.
MSNBC has some semblence of journalistic integrity too... I'd imagine they actually do a -bit- of research before posting their stories. We all know Slashdot doesn't. Why would Slashdot take a courtesy clue from them?
Editors: 'Cmon, you're from West Michigan, not NYC! Have a little bit of courtsey and start using some common sense here. Yes, I've read the FAQ many times. No, it doesn't make s single bit of friggen sense, especially now that Google does exactly what you're saying is bad.
Crikey.
Any lock can be broken, this is just a cool idea
by
Anonymous Coward
·
· Score: 0
Leave it at that. The guy used a bar code key system, which isn't new. Its been done for 15 years. And without using a seperate pc or contrived systems.
You can buy standalone locks that work off barcodes that use two 9v batteries. One battery is the backup.
No home is secure. Unless you intend to bar all the windows, plate steel the doors and weld them all shut.
Your better to invest in several dogs. Most burglars do not mess with people and there dogs.
If you have something someone wants, they will get it. I could shoot the dogs, chainsaw your door, etc. The good old key lock is still the best deterrent. Considering most doors on homes now are so weak a sledge hammer can take them out in one or two hits. Best to start there.
Re:well, i think it's fucking dumb
by
401k
·
· Score: 1
I think you're dumb. You're jealous because you lack the engineering skill to create something like this. So do I, and something tells me this guy is single, but there's no need to post like a little bully boy in grade school because you lack the ability to express yourself any more clearly.
Less is more
by
riqnevala
·
· Score: 2, Insightful
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
No, I'd rather see that nice hobbyist page stormed down, THEN wait 6 hours for the site to recover.. Oh, if it only were just 6 hours..
Is it possible to de-concentrate the traffic by any means? Show the story for 5 minutes, then show it again after a quarter or so.. Daily readers would get it eventually..
You/. guys are holding too much influence compared to your careless morality.
-- love slashdot. populate it. use it. abuse it. hate it. kill it. miss it. stop following links, they only kill servers.
What about my bike. Can that be protected?
by
CemeteryWall
·
· Score: 1
Something occurred to me when I read the blurb (as the article is dead).
Me too.
Recently I have had my bicycle stolen - replacement cost £700 (over $1000). As
it was not locked, I probably won't get the insurance - even if I can be bothered
to fill the form in!
I am a lazy and impatient person but I live in a bike-friendly town where bikes
often have precedence over cars. I could ride it in most places
and push it to most of the others. I could stop right outside any shop in the pedestrian
streets, pull it pack onto its stand, walk into the shop and come out and throw
all my purchases into the very large basket. (For those of you in the UK, it was
just like the bike in the Hovis advert.)
My bike kept me sane and it also kept me fit - I gave rides in the basket to
anyone under 14 stones (about 200 pounds) who was brave enough.
Before I buy another bicycle like my lost love (a Pashley Delibike. See it
here),
I want
a locking system that is very easy to use (I hate getting everything
out of my pockets to find the keys)
an alarm that will tell me when its being moved (eg ring me on my mobile?)
some way of tracking it (eg. a GPS that will text me on my mobile)
On second thoughts, I will order it tomorrow in case they are slashdotted and
run out of stock
Stop including the URLs as clickable links. If it actually takes a bit of effort to follow up on a story, readers are only going to follow stories that actually interest them. I've seen it work against leechers, who's to say/. is any different.
This is Drew Perttula, creator of the barcode door entry system. Many of you have emailed me asking for where I moved the site. In my bulk answer (which about 200 people have received by now), I included the following text:
I give everyone on this Bcc list permission to mirror the page with these conditions: you have to put my name and email on it as the author, and you have to indicate on the page that you're mirroring is http://bigasterisk.com/automation/door (not [the address of the moved page], obviously).
What do I get? digital_gods (to whom I did not give any special additional permissions) mirrors my page, alters it with a comment that readers will not see that includes the secret address of the moved page! He didn't add my name to the page either. This doesn't make me mad; I'm just stunned at the way someone copied my work without attribution and without following my easy instructions about the URLs.
digital_gods, I hope you'll edit your mirror the way I asked. Everyone else, go look at digital_gods' page I guess, since all you want is to see my photos. I want to go to bed, so I'm not going to mess around with links and servers any more tonight. I hope I am still able to receive all your emails, as I've been receiving lots of interesting stories over the weekend.
Slashdot Mirror
We Slashdotted the guy's door. So much for security. :)
Vincent J. Murphy
Spandex Justice
He uses a CueCat!
he should tattoo the barcode on his hand... kinda like a "fingerprint"
Here
The final solution was to have no keyboard at all, but rather a computer whose motherboard was embedded in a 3-ring binder, with sheets.
On the sheets, were some barcodes, arranged in roughly the same layout the mark-sense cards were.
(For the geeks, the machine was MC6809-based, and had 56K CMOS RAM. The LCD display was always powered, but the computer shut down after it finished decoding a barcode and processing the "keystroke".)
Does he have to scan a can of Spam to check his e-mail? Note: Don't blame me, only one post and it's already /.ed, how am I supposed to read it?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
duh..
Woah! /.ed Already :(
Meh - I wonder if this means he is locked out of his house now....
Yeah, everybody knows if your site can't handle being /.'ed, you have no business putting it up in the first place.
What happens if the power goes out?
What's cool about this idea (to me) is that it actually has the great thing about many modern hotel keys (the ones with little holes, or mag strips), which is reprogrammability, but without the major hassles (specialized equipment to punch holes or re-stripe a card).
With a system like this, you can provide time-bounded access -- the petsitter can come by while you're gone part of this week, but her code might not be on the approved list for, say, 1 a.m. next Saturday night. Not that it would stop a real burglar, but all security systems are a series of intentional nuisances to bad guys. This way, there's no "spare" key floating around to be lost and worried about.
Plus you can send someone who needs to come by when you're not there (that petsitter, or the neighbor you've asked to check up on things) to open the door a "key" as a JPG file; they print it out, and it's their open sesame, at least at the times you've set them as welcome.
Since I like to think of houses as cell walls (hey, metaphors are meant to be reversed and amplified!), this lock system really resonates with me.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
It seems like a keypad would almost be a better solution. You don't have to carry something around, only remember the combination. I don't know how reliable this is; from what I've seen in stores, these don't read fairly often, and he's going through glass.
Of course, you'd have to make the password sufficiently strong.
I was just reading about barcodes the other day...
Check out This if you are interested.
Can you play games like Donkey Kong on it?:P
Join the TWIT army now!
This isn't flamebait or a troll but I think I'm starting to agree with other people: Whats the point of posting a story on a guys personal site if its almost certain to be slashotted?
A video store gave me a little keychain barcode which I'm using here.
So i just have to work at his video store (or have a friend who works there), make myself a copy of his barcode, and i get free reign of his house? Sweet.
"Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
You sick, sick people. Google wont even serve me the images.
puts ("Python r0cks\n");
Humble opinions aside, I can't see describing this as secure, at least compared to an "unpickable" modern lock (i.e., a lock that's tough enough to pick that you'll just go through a window instead).
To get into my house, you need to have my key, or a copy of my key. If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
To get into this guy's house -- and please note that the pictures wouldn't load, so I'm going by the captions -- you need to have his barcode, or a copy of his barcode. If I look at his barcode, I can remember the information I need to copy it, even if I don't have his key when I make the copy!
It's a neat hack, and *maybe* it's more convenient than putting a key in a lock (but it's also more complex -- I picture him standing at the door in the rain during a power failure), but it's not secure. Even a PIN pad would be more secure, becaues you can memorize the PIN -- you *have* to write down the barcode.
What's about power outages ? Let's say, are you going to be alone, signing in the rain along with lightnings?
I hope his security system isn't on the same box as his webserver or we may have just locked him out of his house... hope its not raining.
Maybe /. could start offering a prepackaged "Port 80 Flood Kit - Get the pride of being slashdotted without having to work for it." Say $1000 a pop. It's better than spending the money on advertising.
Geek 1: Hey, guys, I got slashdotted!
Geek 2: Woah! No way!
Geek 1: Yep. *smug*
Chick: He's so dreamy...
I like this because it's linux. winix couldn't possibly do anything of this sort, not in this millenium anyway.
All you need to break into this guy's house is a few seconds with his "keys" and a photocopier. Though I guess if you were really worried about that you could put a small label printer by the door and get a new key every time you left...
uhm yes you could theoretically make a copy of your key by looking at it. i mean say its a 5 pin lock and somehow you memorize how far away each pins is from the base, then you could pick said lock fairly easily. not that anyone would do this but say you have a lil camera and take a picture, hey you could even prolly make a key from a picture, even at an angle. you's just need access to a key grinder. yes i'm being somewhat of a troll its just you never know with ppl these days maybe someone has already broken into a house like this or sumthin. but that aside, i agree with you that its much less secure than a key/lock.
a UPS should solve that. Don't need a monitor and you don't need a powerful PC either, so even a cheap $50 UPS should keep it running for a good hour.
Want longer? Spend a little more money and I bet you could get 24 hours or longer.
Why doesn't the ./ staff just mirror all small sites? This would eliminate this kind of problem.
Though it would be *polite* to get permission from the author of the site first.
I was honestly interested in that site, and now it's gone.
Hell I hope it never happens to me.. The traffic would cost me an arm and a leg (well maybe even 2 of them..).. Just about tempted to put the address here but worried it'll cost lots :D
I can see it now...
.NET version 1.0!
<press release>
Coming in 2004 from Microsoft, the leader in enterprise security, Microsoft Home Security
Not only can you now keep track of your MSN (tm) Instant Messenger Buddies on your computer, they can instantly know when you get home too! And don't forget about exciting new features like Internet Explorer In The Bathroom (version 8.0!) and a free Tablet PC with every purchase! Now you can feel secure about your home knowing that Microsoft's Award Winning Security Task Force is on your side! Sign up today and get 10% off the already 100% marked-up price!
And coming soon, look for Microsoft's answer to Parking Lot security, Security Guard Who Looks Like A Drunk Bum Lying Near The Booth version 2.0! Hackers will never figure that one out!
</press release>
I could just imagine someone coding a little program for Palm OS/PocketPC that would spurt out on the screen all the possible barcode combinations for his video club manufacturer ID. In a matter of a few minutes, someone could gain access to his house.
I think this guy needs to invest in some sandpaper and some paint. Having a neat-o super keen way to get into your house is great, but if it your house looks like shit to begin with...
That's mainly why I try to avoid "pimping out" my car. What's the point of a nice paint job and a fart pipe if the brakes are failing and the engine's falling apart?
PAINT YOUR HOUSE
mstyne: real name, no gimmicks
The site is inaccessible.. his web server must be running Linux too!
How about bar with linux. Why, when he opens the door he could have it pour him a nice cold drink.
--------
Free your mind.
Little wristband with my id on it, as I enter a room, get scanned, it sets the lighting, mood music I want...
----- LoboSoft specializes in Digital Language Lab
Access for everyone! (While not /.ed of course.)
You can't judge a book by the way it wears its hair.
Then, when the computer restarts when the power comes on (because he's using a linux box) he can say "I CANT OPEN THE FSCKING DOOR!!!!!!"
I'm the Devil the Windows users warned you about.
not putting a barcode scanner on the chastity belt of your virgin daughter(s)? Pretty please?
There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
Should we worry about ourselves that it was slashdotted on a Saturday night?
You're modded +4 insightful (but oddly enough, your question is mentioned in the Slashdot FAQ, RTFM)
It's a very complicated problem. For instance, I have a few 'small' sites for customers, but they share a pool of 100GB bandwidth a month, of which usually only 20BG usually used. There isn't any way to know ahead of time what will happen when the Slashdot hits the fan. As for the staff, Slashdot people could email web site admins and ask about their bandwidth/web server. But what if the site owner doesn't read email on the weekends? (that isn't uncommon) What is to be done in that case? Go ahead and cache the site or wait until every other news site has published the link? What if they have banners they rely on for $$$? What if their site is based on php and some of the important information is pulled from a database? How will a web site admin know if his server can handle X amount of requests per second? What if blah blah blah
If you add to those situations dozens of other scenarios, you can see that there isn't a simple solution to the slashdot effect.
This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
All I really need is available at my local radioshack, as discussed here
As for the staff, Slashdot people could email web site admins and ask about their bandwidth/web server. But what if the site owner doesn't read email on the weekends? (that isn't uncommon) What is to be done in that case?
Uh, they wait until they get a response? It's not as if Slashdot is going to get scooped on one of these. Heaven forbid that the editors, with all their journalistic rabidity, actually had to wait to post a story that was probably submitted a week ago.
I agree with the FAQ. Slashdot shouldn't have to mirror the sites, but for all their emphasis on being a community-oriented site, they sure aren't kind to small site owners. CNN, BBCi, C|Net, etc should all be able to handle the traffic. Some rinky-dink virtual site will never be able to handle it, and if the editors can't realize that, maybe they need to turn over their "community-oriented site" to someone more knowledgeable about the community.
yeah, huhhuh,..
Guy wuz late for an appointment the other day,
"musta been drivin wona thoz slow ferrari". wanker
This is mentioned in the comments of every article posted for the past few weeks. Either,
/. effect as Something That Could Happen To You(tm) on the net.
a.) RTFF
b.) Come up with a legally sound solution and tell the editors about it (no, don't post it then whine about the -1 OT score that would be quickly dished out)
c.) Accept the
If people have sites on servers that can't withstand a beating, (I'm sure mine would be hit hard but possibly survive) or involve high bandwidth and/or cpu load, then do something smart. Setting a password, or installing mod_throttle and setting it up right would be a start. Otherwise, the idea is that it's open to everyone. Slashdot is usually a metanews site. It doesn't mean it's a mirroring metanews site, it provides links to other sites. Now, if someone sets up a script to grab the links off of frontpage articles, cache them with images for 2 hours then dump it, and throw a banner ad or two on it, then karma whore and FP with the cached link, I have no problem with that. I would in fact welcome it.
Sorry for the rant, but complaining has been going on for weeks. Comments can be categorized by funny, interesting, etc. but they should be unique, not the same crap I see on every article.
It's not as if Slashdot is going to get scooped on one of these.
I don't disagree, and that wasn't the point in any case. Those were examples to show that there are a lot of things to consider about taking all control away from a web site owner.
Some examples may be silly to me and you, but they might be serious to some site owners. And, it's not always easy to tell a 'rinky-dink virutal site' from a good one...even most admins when asked will say that their web server is good if they haven't had any problems in the past.
This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
uh ok
moo
So he uses Linux to open his door...what OS does he use to open his "windows"?
...he could buy a cheap thumbprint scanner and forgo the tatoo. Increased security and geek factor.
Someday I'll register for an ID. -AC
This is getting rediculous--most small, independent websites like this can't take a slashdotting, and it's making it almost pointless to link it.
It seems to me Slashdot could offer to mirror the content for a price, so that the linkee gets ad money, while slashdot carries the bandwidth burden.
Is there no way to:
1) Contact the website owner
2) Alert him of the amount of bandwidth he's going to need
3) Offer to mirror his pages such that ad referals still go to him
4) Everybody profits?
Dave Bowman: Open the pod bay doors, HAL.
HAL: I'm sorry Dave, I'm afraid I can't do that.
Why was my post marked as "troll"? =|
i'll count my foodstamps elsewhere.
We are counting down to the end of human civilization as we know it when some terrorist is smart enough to detonate a ESP device in a large city.
Root exploit
Chick2: HE can slashdot MY server any day. Teehee
PS: History and naming may show more meanings for X10 and X11, however, it's the common usage that I am refering to.
For those that lost the relevance to bar-coding.... My point was, how in the world can you expect something like bar-coding as a house key be important, significant, even remotely accepted as something that will ever happen in the future? The general population still is 1 step ahead of the 1800's "skeleton key" and not to tech savy. Even /. Readers are not so savy to make this happen in a moderate scale. How is this guys project even remotely significant?
Granted, being slashdotted is no fun, I believe that if it is within /.'s ability that they should mirror sites like this. However, can the owner of this site really blame slashdot? He put his site on the internet, and he obviously didn't do it for his purposes. If he didn't want traffic, he should have never put the site up in the first place.
We've all been paying attention to part two, making it hard to get into, but part one, which you noticed immediatetly, is that he's made his house look like there's nothing worth stealing in there in the first place.
I'm sorry, but can you explain just a little more?
25 years ago (1978) you made a computer that used a LCD display (invented 1971, on a MC6809 (that the first reference I can find to is a Motorola Inc., MC6809 Preliminary Programming Manual, Austin, 1979), and then you went and said " hose motherboard was embedded in a 3-ring binder, with sheets."
Now, I'm assuming you had to be at a bear minimum 16 years old when you did this back in 1978, making you 44 now at a minimum. And as a 44+ year old that use to do cool shit like this (if it's true) you still have the time/interest to post to /.?
I don't completely mean to question your honesty, but, more so, if what your saying is true, I would be VERY impressed, and would love to meet you someday.
Google Cached Site text with photos removed:
The front of the house. The windows on the left are to my room.
In my window sits a cheap barcode reader. It's powered by a computer power supply I ripped from an old computer.
Anyone who wants to get into the house can scan a barcode that they carry. A video store gave me a little keychain barcode which I'm using here. The scanner has a CCD; I don't have to slide the barcode. The scanner actually has a beeper that I can control from the computer. You can hear it beep from outside the window.
Here's the driver circuit I slapped together for the barcode reader. It's just a MAX232 chip that converts CMOS/TTL levels to the RS232 spec. The output connects to the serial port of one of my Linux boxes. That box runs a trivial python program to read a packet from the serial port and send it via TCP/IP to another computer in the house.
The receiving computer is connected to this K8000 experimenter board. I2C chips on this board . If your barcode was on the list of allowed keys, I raise output 7 on this board for 6 seconds. Input 6 (the right-hand illuminated LED) shows that the door was closed when I took this picture. See below for how I sense if the door is opened or not.
Some successful reads.
When the K8000 board raises the right output signal, this driver circuit sends 24VDC to the door strike, shown below.
In this electric strike is a solenoid that relaxes the part of the strike that was holding the door closed. The door still functions as it did before, but now I have an additional way to allow the door to open.
This is the top of the door frame, where I have wedged a reed switch into the wood. There's a magnet on top of the door that closes the switch when the door is closed (hence the turned-on LED in the picture above).
Closeup of the reed switch in the wood.
###
-Mac Refugee, Paper MCSE, Linux Wanna-be
Read the FAQ: They could easily implement some kind of opt-in thing where you put a META tag
in your web page telling Slashdot that you grant them explicit permission to mirror the site for (say) a week after mentioning it - so Slashdot would have no legal/copyright come-backs.
You're a genius! Oh...wait...no... You just haven't read the FAQ
People who put up websites should recognize that people are going to look at it. Sometimes, a lot of people might look at it, as a result of a link from Slashdot or any of hundreds of other sites. People who bitch and moan about being linked to from Slashdot remind me of the companies who whine when people link to "confidential" webpages -- guess what, if it's on the web, it's not confidential.
-Waldo Jaquith
This door has all the vulnerabilities of the physical key PLUS all the vulnerabilities of the new barcode system.
It's like putting a pair of firewalls in parallel. An intruder only needs to know how to bypass one of them to be into your soft and chewy insides.
Bah!
This used to be an interesting page about the barcode scanner door entry system I built with Python and Linux. I posted this page because I'd like to share my project with others. I've answered emails giving people circuit diagrams, and I've had various online discussions about my design decisions.
Now MC68040 and michael@slashdot.org decide that it's time for me to go down. They didn't ask me if they could link; they didn't ask if I'd like to put up a mirror somewhere else. At least michael-the-slashdot-editor knew that I'd be down in minutes if he made a link.
I'd love to put this page back up, and maybe in several days I'll remember to do so. If you're interested in interfacing Linux with serial devices or electric door strikes, drop me an email at drewp@bigasterisk.com.
Bitter?
Mordor...a magical, mythical land where women are more rare than dragons--but where every man would rather find a dragon
The terrorist knew you were going to say that.
He also knows what you're going to do next.
another great site brought down by the thoughtless editors of slashdot
With a can of baked beans! :)
He fails to mention that the scanner scans more than just barcodes. When it scans the correct barcode, it makes the door unlock. When it scans a boot or shoulder, it makes the door self-destructed
He states that MC68040 and michael have "decided that it's time for [him] to go down" -- ouch -- and that they did not ask if they could link to him.
While I understand that maybe his web server puked a few times under the load and he's annoyed at that, he seems to have forgotten that one of the original ideas of the WWW was to have people link back and forth to each other, to share interesting and noteworthy sites with friends and anonymous surfers. I saw his site before it went down; nowhere on that page did it specify that he should not be linked to unless asked first. If he didn't want it accessible to the public from links on other pages, he shouldn't have put it up.
Maybe leaving out a condition for linking was a small oversight, maybe not; but it's unfair for him to blame michael-the-slashdot-editor for it.
I'd still like to know 2 things. I'm not sure how to make this sound "polite" because it will probably end up sounding more like a challenge, but that is NOT my intention.
I'd love to read a bit more about this project Pig Hogger did back in early 80's (when I was happy enough being able to figure out how to overlay credits onto a home video tape with a Tandy)...
And I'd love to hear what Pig Hogger is doing now days.
bitter doesn't start to cover it...
does he know what www is for
he is pissed because we "dare" com look at his page?
maybe his machine went down??? set it up right next time.
f*cking putz
... and it answered my question about mirroring or caching. "We don't want to wait, so we just go ahead and link anyway."
I want the next person on Slashdot who complains about spam because it "hogs our bandwidth without our permission and thus costs us" to read the FAQ too, and then just suck it up. I'm sorry, but this really is just as irresponsible
Pin or security code access really, only instead of remembering the number in his head, he has it written on something in the form of a barcode. Imagine if everyone walked around with their security system codes written down... sorta defeats the purpose. I wonder if, as a backup, he has a normal pin pad to key in the digits manually.
----------------------------
Esobofh - Currently drinking fresh mango juice.
The technology of X10 is very cool. It's a low speed protocol transmitted via standard home wireing, in duplicate to prevent errors, sent during the zero phase of the standard AC power curve. Quite cool, quite simple, quite elegent.
The ability to program you home lighting, broadcast home theater, lighting, temperature, security, and countless other bits of information over standard home wiring is defined by X10. It's there, unrestricted, and one could even argure it's BETTER than GPL, it's an EXPIRED patent, meaning there are NO rules on how to use it because it's an idea that can no longer be owned because it's past it's time limit for ownership.
What was your complaint again?
I don't buy the FAQ's explanation. I think they're deliberately oversimplifying or just saying "it'll be too complicated and annoying for everyone" because they're lazy.
At a very minimum, use a caching HTTP proxy to feed a "mirrors.slashdot.org" site. Links would be set up under their own, unique path on this site (e.g. mirrors.slashdot.org/some.site/path/document or even mirrors.slashdot.org/50449) and this would funnel into a caching HTTP proxy. So long as the other site set up reasonable cache headers, there is no reason why the sites would object to their pages being cached in this fashion. This is built into HTTP, for fuck's sake. Wherever they have advertising being done, they're probably doing that in an iframe with its own caching policy. HTTP would handle all of this perfectly fine. Set an artificially low max-age value (overriding the site's) if you're really worried about things getting stale, but even this is unnecessary.
This is all fairly trivial to do. Slashdot authors/programmers have just gotten lazy in the last few years. They don't innovate or improve, they just watch over the slashcode "open source" project and occasionally toss out a few minor releases.
From your quote of the FAQ:
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Why don't you use some fucking common sense, ask yourself, "Do I think this site will survive linking?" And if the answer is "probably not," then e-mail them or call them, give them a head's up, and only if you fail to get a response in a reasonable amount of time would I ever think it's OK to link to them anyway.
They do have the information posted online, so any link and any amount of traffic is fair, but at least have the goddamn courtesy to mitigate the amount of damage you're knowingly causing. That's all that's being asked for: courtesy. Slashdot authors are lazy, that's all there is to it.
What if they have banners they rely on for $$$? What if their site is based on php and some of the important information is pulled from a database?
Standard HTTP headers reflect the "cachability" of every HTTP resource available on the web. Static pages that never change and don't carry personalized information do not have to be served up by the same server for every request. An HTTP proxy detects this based on HTTP headers that come with the page and will cache these pages for the benefit of those downstream.
Further, 'iframe's or dynamic content should be expressing appropriate cache control headers to prevent only those resources from being cached, or for those pieces of dynamic content that may only change every few minutes, that those resources be cached until the next update is scheduled.
A mirror still isn't out of the question here, despite the excuses in the FAQ. Take an HTTP caching proxy, put a "mirrors.slashdot.org" face on it, and this problem is solved.
Most servers cannot handle the traffic Slashdot generates. This is an unfortunate fact, but it needs to be a fact that Slashdot admits to and tries to mitigate. They don't. The FAQ gives a few excuses that don't hold any water and that's the end of the discussion as far as they're concerned.
If the server can't handle it, then they need to either fix the server (not difficult, I've had to do it before myself), or not put content up for public access.
And having seen the page with nothing on it that says "I can't handle a slashdotting, so please don't link to me" or anything similar, then I'm forced to conclude hey, it's his own damn fault. You put something up available to the public, then don't take any measures to fix your server for high load traffic or even ask that people not link to you, well, you deserve what you get, don't you?
Everyone is responsible for their own shit. Slashdot has no responsibility to fix the people that get linked to's server problems.
If you don't want it to be seen by everyone in the whole fscking world, then don't make it available to the whole fscking world. And when you do make it available, don't complain that other people took out your shitty server when they had nothing to do with it (like micheal had nothing to do with it).
A properly configured 333Mhz crap machine running Apache can handle the worst slashdotting you can throw at it. If you know WTF you're doing. And frankly, if you're running a webserver and you don't know what you're doing, then I have no sympathy for you.
I agree with the fact that Slashdot shouldn't have to mirror sites. I think most of their excuses as to why they don't are fairly absurd, though. This problem can be solved in a site-friendly, banner-ad-friendly and legal-friendly way through the use of run-of-the-mill HTTP proxies.
But however that goes, Slashdot really does need to be a little friendlier towards site operators when it's fairly clear up front that their site probably won't handle the traffic.
For the record, I've had news sites (e.g. MSNBC) do a story that involved some piece of content on my site, and generally, they ask my permission first, checking that I'm OK with it and that my servers can handle it. If they can take a few moments to do this, surely Slashdot can as well.
Copying a barcode is a bit easier than copying a key, but he's got it on his keychain anyway (it's a little video store tag thing). So either way, they've got to get his keychain off of him somehow. Not really any more or less secure.
:p
Admittedly, if you knew something about the system, you could bring along a book of preprinted barcodes to get in, but then you could also bring a lockpick set too. And the lockpick is probably faster to do.
Then again, I prefer the hard and fast brute force method.. A swift kick to the door to break the frame. Works most every time.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
The banter back and forth about the slashdot effect is interesting -- but here is a more interesting point:
Slashdot is going to get sued for this.
At some point they are going to slashdot a commercial site which will, as usual, lose a lot of revenue.
In the petition to the court, the plaintiffs will note, correctly, that slashdot has been negligent in not contacting the site.
Slashdot's only defense will be "but we didn't want to wait six hours to contact them" as per their FAQ.
The plaintiffs will then point out that this has been a repeated, flagrent and eggregarious behaviour to multiple sites, that slashdot's members had pointed this out to them repeatedly, that posts had quoted entire sites to avoid this, that they had received previous complaints, and that slashdot's defense was just that they didn't want to bother waiting to contact the site.
One time would have been unfortunate, but the plaintiffs will be able to prove a pattern of conduct.
Slashdot will lose a large, large sum of money in the near future.
You don't have to be Kreskin to predict this one dead on. Note this, and check back to this post in a couple of years.
EDITORS: PLEASE FORWARD TO LEGAL.
The baby's fine -- please stop sending business cards.
Journaled File Syetem
Now MC68040 and michael@slashdot.org decide that it's time for me to go down. They didn't ask me if they could link; they didn't ask if I'd like to put up a mirror somewhere else. Of the two of them, at least michael-the-slashdot-editor should have seen that I'd be down in minutes if he made a link.
I'd love to put this page back up, and maybe in several days I'll remember to do so. If you're interested in interfacing Linux with serial devices or electric door strikes, drop me an email at drewp@bigasterisk.com.
"I posted this page because I'd like to share my project with others."
"They didn't ask me if they could link; they didn't ask if I'd like to put up a mirror somewhere else."
Now, I've got a lot of respect for people who come up with new ideas and actually make them happen. I appreciate it when they tell the world how to do it. I think it kicks ass when Linux is their tool of choice. But what the hell is this guy thinking? "Stop looking at the information I want you to see!" It's pathetic when some stupid company wants to restrict linking, but it's inexplicable when a hacker does it.
I spent a year in Iraq looking for WMD and all I found was this lousy sig.
First of all, as you see on this guy's site now, he's taken it offline due to the load. I've sent him an email explaining that there woulden't be a slashdot effect if nothing was posted on slashdot but that I'm sorry anyway.
Second of all, as for security.
I was not considering this as a high-level mumbo-jumbo super-secure system but I'm just of the opinion that it was pretty neat (atleast more neat that just sliding your magnetic stripe card throught a reader) and a easy way to provide users with time-limited access not for it to be a failsafe system =) It's just cool.
My 0,5 cents.
This is just my opinion, I don't expect to change the world with it, but who knows. (Also note, I'm a really bad typist!)
/. reader who is NOT a programmer, IT professional, or computational fluid dynamics engineer, I see the slash as an icon of everything "geek", open source, science, and opinion. (I'm sure just about everyone here sees and respects this site in the sam way.) All of it in a positive way! I'm just an artist (yes, I come from the shallow end of the gene-pool) who really enjoys this stuff.
/. effect is starting to go too far, and to me, it's a matter of respect. For the most part, those who crash from /. are us little guys. I feel that /. represents all the movements I mentioned above, and now I'm starting to loose that respect for it. Not everyone in the world thinks the same way, and to respect how other people do things is the first step in getting, and keeping, respect for the same things you represent. If posting a page on your site about science, opensource, tech, whatever, is going to cause a server-frenzy, migraine headaches, and unlcers, people are just going to stop, and maybe even start revolting. (I know, harsh word!) Image is everything, and my image of open source/science/tech is starting to get ugly because of the /. effect.
/.ing, (bring it on!) this is also a matter of cost. We small guys PAY for bandwidth out of our own pockets. (Thos of us who refuse to use advertiser-laden freebies!) We know that, in general, we're not going to get a million hits. We're not after a million hits. Gee, wouldn't it be funny if /. was held financially responsible for the EXTREMELY excessive badwidth it is known for? (I'm sure we could all find a lawyer that would take that case, it's your historic actions, readers and paying members that cause the expense!)
/. starts to respect those that don't think like they do, otherwise, how do you expect to get the respect you deserve for the things you respresent. ("Gee, if I use linux, will i crash my friend's computer if I try communicating with them because they use windows..."Joe Computeruser) The world doesn't have the intelligence/expertice that the average viewer here has. But we far outnumber you.
/., rethink, reflect, RESPECT.
As a regular
But the
Though, I know my websites could withstand a good
In a perfect world, everyone would be on unix/apache, have unlimited bandwidth, and not a care in the world. But it's time that
So,
(soap box destroyed)
Similar to the barcode door situation website, Slashdot has choosen to ban access. Unlike the barcode door situation website, Slashdot was aware of interest by AvantGo users to "link" to Slashdot and even RECOMMENDED it to AvantGo users.
Most of the claims below do not apply to AvantGo. The AvantGo servers put a 200K cap download per channel which limits the usefulness to try to use AvantGo to perform DDoS attacks. Anyone that has used AvantGo knows it's unlikely that someone would try to use it's limited interface to post at all including attempting to formulate a post to break brower rendering. And while AvantGo is a proxy server, anyone that has used it also knows that it doesn't act like a "normal human" because it is used for offline reading. So, CmdrTaco recommended AvantGo use for reading Slashdot knowing it is an offline reader proxy and then puts up a bunch of unrelated excuses why he is blocking it. And, btw, the "proxy administrator" (anotherwords, AvantGo) could care less if Slashdot blocks it. The contact the proxy administrator to get access back to something that CmdrTaco recommended using is pure bull-dung.
I think Drew is handling the barcode door website issue much better. At least the ban explaination page is to the point why the ban was needed instead of the CmdrTaco core dump of unrelated excuses for blocking AvantGo.
Anyways, the Slashdot channel via AvantGo is as follows:
"fsck: /mnt/door1 was not cleanly unlocked, check forced." :)
Just get a copy machine and your security scheme is blown up!
For the record, I've had news sites (e.g. MSNBC) do a story that involved some piece of content on my site, and generally, they ask my permission first, checking that I'm OK with it and that my servers can handle it. If they can take a few moments to do this, surely Slashdot can as well.
MSNBC has some semblence of journalistic integrity too... I'd imagine they actually do a -bit- of research before posting their stories. We all know Slashdot doesn't. Why would Slashdot take a courtesy clue from them?
Editors: 'Cmon, you're from West Michigan, not NYC! Have a little bit of courtsey and start using some common sense here. Yes, I've read the FAQ many times. No, it doesn't make s single bit of friggen sense, especially now that Google does exactly what you're saying is bad.
Crikey.
Leave it at that.
The guy used a bar code key system, which isn't new. Its been done for 15 years. And without using a seperate pc or contrived systems.
You can buy standalone locks that work off barcodes that use two 9v batteries. One battery is the backup.
No home is secure. Unless you intend to bar all the windows, plate steel the doors and weld them all shut.
Your better to invest in several dogs. Most burglars do not mess with people and there dogs.
If you have something someone wants, they will get it. I could shoot the dogs, chainsaw your door, etc. The good old key lock is still the best deterrent. Considering most doors on homes now are so weak a sledge hammer can take them out in one or two hits. Best to start there.
I think you're dumb. You're jealous because you lack the engineering skill to create something like this. So do I, and something tells me this guy is single, but there's no need to post like a little bully boy in grade school because you lack the ability to express yourself any more clearly.
No, I'd rather see that nice hobbyist page stormed down, THEN wait 6 hours for the site to recover.. Oh, if it only were just 6 hours..
Is it possible to de-concentrate the traffic by any means? Show the story for 5 minutes, then show it again after a quarter or so.. Daily readers would get it eventually..
You /. guys are holding too much influence compared to your careless morality.
love slashdot. populate it. use it. abuse it. hate it. kill it. miss it. stop following links, they only kill servers.
Something occurred to me when I read the blurb (as the article is dead).
Me too.
Recently I have had my bicycle stolen - replacement cost £700 (over $1000). As it was not locked, I probably won't get the insurance - even if I can be bothered to fill the form in!
I am a lazy and impatient person but I live in a bike-friendly town where bikes often have precedence over cars. I could ride it in most places and push it to most of the others. I could stop right outside any shop in the pedestrian streets, pull it pack onto its stand, walk into the shop and come out and throw all my purchases into the very large basket. (For those of you in the UK, it was just like the bike in the Hovis advert.)
My bike kept me sane and it also kept me fit - I gave rides in the basket to anyone under 14 stones (about 200 pounds) who was brave enough.
Before I buy another bicycle like my lost love (a Pashley Delibike. See it here), I want
On second thoughts, I will order it tomorrow in case they are slashdotted and run out of stock
Stop including the URLs as clickable links. If it actually takes a bit of effort to follow up on a story, readers are only going to follow stories that actually interest them. I've seen it work against leechers, who's to say /. is any different.
only in a community like /. would that ever be funny. my hat is off, darth wiggle
rainman
I contacted the owern and got the site mirror on my server. Here is the URL http://www.projecteve.org/door/index.html
There is another article about this at NY Times.
On the replacement "oh-no-I've-been-slashdotted" page, he states the URL will be given to those who ask. Someone who has this should mirror that page.
Use RFID tags instead of barcodes and you might actually have a useful system.
Imagine a key that you don't need to take out of your pocket.
Of course, I guess you might have to move the 'key rack/holder' away from the door area lest it stay open 24/7 ?
10 MD