Posted by
ryuzaki0
on from the do-it-yourself-toll-gate dept.
MC68040 writes "The guy at this site managed to build something together that's actually quite neat in the way he built it, all hand-crafted system that uses a linux box to unlock his door. Maybe not the coolest of solutions, but actually a pretty good idea as for security in my humble opinion."
your house as a semi-permeable membrane
by
timothy
·
· Score: 5, Insightful
What's cool about this idea (to me) is that it actually has the great thing about many modern hotel keys (the ones with little holes, or mag strips), which is reprogrammability, but without the major hassles (specialized equipment to punch holes or re-stripe a card).
With a system like this, you can provide time-bounded access -- the petsitter can come by while you're gone part of this week, but her code might not be on the approved list for, say, 1 a.m. next Saturday night. Not that it would stop a real burglar, but all security systems are a series of intentional nuisances to bad guys. This way, there's no "spare" key floating around to be lost and worried about.
Plus you can send someone who needs to come by when you're not there (that petsitter, or the neighbor you've asked to check up on things) to open the door a "key" as a JPG file; they print it out, and it's their open sesame, at least at the times you've set them as welcome.
Since I like to think of houses as cell walls (hey, metaphors are meant to be reversed and amplified!), this lock system really resonates with me.
Honestly, really
by
Anonymous Coward
·
· Score: 4, Insightful
This isn't flamebait or a troll but I think I'm starting to agree with other people: Whats the point of posting a story on a guys personal site if its almost certain to be slashotted?
Humble opinions aside, I can't see describing this as secure, at least compared to an "unpickable" modern lock (i.e., a lock that's tough enough to pick that you'll just go through a window instead).
To get into my house, you need to have my key, or a copy of my key. If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
To get into this guy's house -- and please note that the pictures wouldn't load, so I'm going by the captions -- you need to have his barcode, or a copy of his barcode. If I look at his barcode, I can remember the information I need to copy it, even if I don't have his key when I make the copy!
It's a neat hack, and *maybe* it's more convenient than putting a key in a lock (but it's also more complex -- I picture him standing at the door in the rain during a power failure), but it's not secure. Even a PIN pad would be more secure, becaues you can memorize the PIN -- you *have* to write down the barcode.
Re:Not very secure
by
jjshoe
·
· Score: 4, Insightful
you can remember 12 digits? there was a time when i could remeber the 1st 6 of hp's barcode because i was often looking hp stuff up in our system.. 08689 who knows now.. that was a while ago.. but the point is most people cant look at 12 digits and just remember it...
i use my drivers liscence to switch to root on my box.. its not nesecery, in fact its probly over kill and pointless. however. most importantly it makes me think for a second if im about to do something as root.
plus, its something neet to brag about, which is part of the geek world. because you dont like it doesnt mean that himself and his friends dont like it
-- -- botsex is {grep;touch;strip;unzip;head;mount}/dev/girl -t {wet;fsck;fsck;yes;yes;yes;umount} {/de
Forget key impressions in soap...
by
Ben+Jackson
·
· Score: 3, Insightful
All you need to break into this guy's house is a few seconds with his "keys" and a photocopier. Though I guess if you were really worried about that you could put a small label printer by the door and get a new key every time you left...
Re:$10 and I'm in
by
MORTAR_COMBAT!
·
· Score: 3, Insightful
Well, the difficulty bar is raised a bit from the 'bar code'. It seems reasonably more difficult to both (1) secure an object with a clear figerprint of mine and (2) use said fingerprint to etch a 3D image onto some PCB board than to (1) use a photocopier or camera/printer to copy a bar code.
That insecurity is indeed real. Although those systems which were compromised were single-finger systems, and my system uses 3 as well as hand shape. Being able to get 3 clear fingerprints and mimic hand shape is more difficult than simply picking the lock, anyway, so your efforts would be better served in investing a a few dollars worth of decent lock-picking tools instead of a set of hobbyist PCB boards and etchers.
-- MORTAR COMBAT!
I don't buy it; use a caching proxy if nothing els
by
Fastolfe
·
· Score: 5, Insightful
I don't buy the FAQ's explanation. I think they're deliberately oversimplifying or just saying "it'll be too complicated and annoying for everyone" because they're lazy.
At a very minimum, use a caching HTTP proxy to feed a "mirrors.slashdot.org" site. Links would be set up under their own, unique path on this site (e.g. mirrors.slashdot.org/some.site/path/document or even mirrors.slashdot.org/50449) and this would funnel into a caching HTTP proxy. So long as the other site set up reasonable cache headers, there is no reason why the sites would object to their pages being cached in this fashion. This is built into HTTP, for fuck's sake. Wherever they have advertising being done, they're probably doing that in an iframe with its own caching policy. HTTP would handle all of this perfectly fine. Set an artificially low max-age value (overriding the site's) if you're really worried about things getting stale, but even this is unnecessary.
This is all fairly trivial to do. Slashdot authors/programmers have just gotten lazy in the last few years. They don't innovate or improve, they just watch over the slashcode "open source" project and occasionally toss out a few minor releases.
From your quote of the FAQ:
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Why don't you use some fucking common sense, ask yourself, "Do I think this site will survive linking?" And if the answer is "probably not," then e-mail them or call them, give them a head's up, and only if you fail to get a response in a reasonable amount of time would I ever think it's OK to link to them anyway.
They do have the information posted online, so any link and any amount of traffic is fair, but at least have the goddamn courtesy to mitigate the amount of damage you're knowingly causing. That's all that's being asked for: courtesy. Slashdot authors are lazy, that's all there is to it.
Re:Interesting
by
Fastolfe
·
· Score: 4, Insightful
I think you're looking at it from the wrong angle. A guy puts up some information on a site using meager resources. He hopes that information will be useful and interesting to those that happen upon it. The hardware turns out to be perfectly adequate for his needs. Then someone posts a link on a popular site and the traffic increases by a factor of 10,000. The site goes down.
Frustrated, he pulls the content down in an attempt at restoring at least some semblence of service to the site.
Wouldn't you share his emotions? Sure, he "asked" for it and "deserved" it by posting that data online, but it's still annoying and frustrating that you can't make that information available due to its inflated popularity by being reported on by a site.
Slashdot needs to be a little more cautious with this type of thing. At the very least, use standard HTTP caching mechanisms to set up a form of mirror for those sites that do express a willingness to be cached through HTTP.
Re:Let's be frickin' realistic...
by
Fastolfe
·
· Score: 5, Insightful
Your point of view here is totally absurd (which I guess is why you're posting as an AC).
I completely agree that people posting information to the web should not be surprised if that generates more activity than they would have wanted. In that respect, yes, it is "their own fault" and they "deserve" what they get.
But your comment suggesting that every web server and network be configured to survive a Slashdotting is idiotic. A "properly configured 333Mhz crap machine" most certainly will not survive any but the most mild Slashdotting, even assuming the network does. The fact that you make this statement shows me that you have no idea what you are talking about. Please post some numbers.
Your lack of sympathy for those people just trying to get something interesting/useful posted to the web astounds me. Someone that can afford to put information online for the benefit of all but cannot afford to do so using high-end hardware and high-capacity network links should not be punished for doing so. Not everyone is a professional web provider. Not everyone needs to be one. For most sites, with most content, Slashdot-levels of traffic will never happen. Why spend money building an environment that will handle it? In addition, some environments can handle it, so long as they have sufficient notice. What's wrong with a policy of giving people a few days notice before posting their link on Slashdot when it's clear their site probably won't survive it? Maybe the site owners can take some steps to ensure their site would stay up, or maybe temporarily mirror the content in question somewhere else? There's a lot that can be done here to prepare for a Slashdotting, but nobody has the decency to allow that to happen.
I agree that 'michael' can't be directly blamed for this, but Slashdot's policies on the matter most certainly can. It's just a matter of common sense and not being an ass. You're right: there's nothing requiring Slashdot to do this, and anything with a URL is fair game to be linked (with the traffic that that causes), but come on, there is a human factor here, and Slashdot could be a bit more courteous here.
Re:What A Beautiful Mind
by
vrmlguy
·
· Score: 3, Insightful
I'm 47 years old. A little less than thirty years ago, I built one of Don Lancaster's TV Typewriters, an ancestor of the computer monitor you're sitting in front of right now. Around twenty years ago, I helped write "big iron" code that simulated underground explosions as an earthmoving tool (it tried to predict where the displaced soil and rocks would land), and I got to be on site for some of the tests) Ten years ago, I wrote a document management system that accepted faxed cell-phone contracts from kiosks, so that when someone tried to get out of a contract, we could fax them back their signature. Today, I'm active in Linux, Apache, MySQL, Perl, PHP, C, C++, PalmOS, Windows XP, Unix and SANs.
The point is, whatever you're doing today seems like drudge work, but after a quarter-century, everyone forgets the boring bits and just recalles the sexy parts.
Slashdot Mirror
What happens if the power goes out?
What's cool about this idea (to me) is that it actually has the great thing about many modern hotel keys (the ones with little holes, or mag strips), which is reprogrammability, but without the major hassles (specialized equipment to punch holes or re-stripe a card).
With a system like this, you can provide time-bounded access -- the petsitter can come by while you're gone part of this week, but her code might not be on the approved list for, say, 1 a.m. next Saturday night. Not that it would stop a real burglar, but all security systems are a series of intentional nuisances to bad guys. This way, there's no "spare" key floating around to be lost and worried about.
Plus you can send someone who needs to come by when you're not there (that petsitter, or the neighbor you've asked to check up on things) to open the door a "key" as a JPG file; they print it out, and it's their open sesame, at least at the times you've set them as welcome.
Since I like to think of houses as cell walls (hey, metaphors are meant to be reversed and amplified!), this lock system really resonates with me.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
This isn't flamebait or a troll but I think I'm starting to agree with other people: Whats the point of posting a story on a guys personal site if its almost certain to be slashotted?
Humble opinions aside, I can't see describing this as secure, at least compared to an "unpickable" modern lock (i.e., a lock that's tough enough to pick that you'll just go through a window instead).
To get into my house, you need to have my key, or a copy of my key. If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
To get into this guy's house -- and please note that the pictures wouldn't load, so I'm going by the captions -- you need to have his barcode, or a copy of his barcode. If I look at his barcode, I can remember the information I need to copy it, even if I don't have his key when I make the copy!
It's a neat hack, and *maybe* it's more convenient than putting a key in a lock (but it's also more complex -- I picture him standing at the door in the rain during a power failure), but it's not secure. Even a PIN pad would be more secure, becaues you can memorize the PIN -- you *have* to write down the barcode.
All you need to break into this guy's house is a few seconds with his "keys" and a photocopier. Though I guess if you were really worried about that you could put a small label printer by the door and get a new key every time you left...
Well, the difficulty bar is raised a bit from the 'bar code'. It seems reasonably more difficult to both (1) secure an object with a clear figerprint of mine and (2) use said fingerprint to etch a 3D image onto some PCB board than to (1) use a photocopier or camera/printer to copy a bar code.
That insecurity is indeed real. Although those systems which were compromised were single-finger systems, and my system uses 3 as well as hand shape. Being able to get 3 clear fingerprints and mimic hand shape is more difficult than simply picking the lock, anyway, so your efforts would be better served in investing a a few dollars worth of decent lock-picking tools instead of a set of hobbyist PCB boards and etchers.
MORTAR COMBAT!
I don't buy the FAQ's explanation. I think they're deliberately oversimplifying or just saying "it'll be too complicated and annoying for everyone" because they're lazy.
At a very minimum, use a caching HTTP proxy to feed a "mirrors.slashdot.org" site. Links would be set up under their own, unique path on this site (e.g. mirrors.slashdot.org/some.site/path/document or even mirrors.slashdot.org/50449) and this would funnel into a caching HTTP proxy. So long as the other site set up reasonable cache headers, there is no reason why the sites would object to their pages being cached in this fashion. This is built into HTTP, for fuck's sake. Wherever they have advertising being done, they're probably doing that in an iframe with its own caching policy. HTTP would handle all of this perfectly fine. Set an artificially low max-age value (overriding the site's) if you're really worried about things getting stale, but even this is unnecessary.
This is all fairly trivial to do. Slashdot authors/programmers have just gotten lazy in the last few years. They don't innovate or improve, they just watch over the slashcode "open source" project and occasionally toss out a few minor releases.
From your quote of the FAQ:
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Why don't you use some fucking common sense, ask yourself, "Do I think this site will survive linking?" And if the answer is "probably not," then e-mail them or call them, give them a head's up, and only if you fail to get a response in a reasonable amount of time would I ever think it's OK to link to them anyway.
They do have the information posted online, so any link and any amount of traffic is fair, but at least have the goddamn courtesy to mitigate the amount of damage you're knowingly causing. That's all that's being asked for: courtesy. Slashdot authors are lazy, that's all there is to it.
I think you're looking at it from the wrong angle. A guy puts up some information on a site using meager resources. He hopes that information will be useful and interesting to those that happen upon it. The hardware turns out to be perfectly adequate for his needs. Then someone posts a link on a popular site and the traffic increases by a factor of 10,000. The site goes down.
Frustrated, he pulls the content down in an attempt at restoring at least some semblence of service to the site.
Wouldn't you share his emotions? Sure, he "asked" for it and "deserved" it by posting that data online, but it's still annoying and frustrating that you can't make that information available due to its inflated popularity by being reported on by a site.
Slashdot needs to be a little more cautious with this type of thing. At the very least, use standard HTTP caching mechanisms to set up a form of mirror for those sites that do express a willingness to be cached through HTTP.
Your point of view here is totally absurd (which I guess is why you're posting as an AC).
I completely agree that people posting information to the web should not be surprised if that generates more activity than they would have wanted. In that respect, yes, it is "their own fault" and they "deserve" what they get.
But your comment suggesting that every web server and network be configured to survive a Slashdotting is idiotic. A "properly configured 333Mhz crap machine" most certainly will not survive any but the most mild Slashdotting, even assuming the network does. The fact that you make this statement shows me that you have no idea what you are talking about. Please post some numbers.
Your lack of sympathy for those people just trying to get something interesting/useful posted to the web astounds me. Someone that can afford to put information online for the benefit of all but cannot afford to do so using high-end hardware and high-capacity network links should not be punished for doing so. Not everyone is a professional web provider. Not everyone needs to be one. For most sites, with most content, Slashdot-levels of traffic will never happen. Why spend money building an environment that will handle it? In addition, some environments can handle it, so long as they have sufficient notice. What's wrong with a policy of giving people a few days notice before posting their link on Slashdot when it's clear their site probably won't survive it? Maybe the site owners can take some steps to ensure their site would stay up, or maybe temporarily mirror the content in question somewhere else? There's a lot that can be done here to prepare for a Slashdotting, but nobody has the decency to allow that to happen.
I agree that 'michael' can't be directly blamed for this, but Slashdot's policies on the matter most certainly can. It's just a matter of common sense and not being an ass. You're right: there's nothing requiring Slashdot to do this, and anything with a URL is fair game to be linked (with the traffic that that causes), but come on, there is a human factor here, and Slashdot could be a bit more courteous here.
The point is, whatever you're doing today seems like drudge work, but after a quarter-century, everyone forgets the boring bits and just recalles the sexy parts.
Nothing for 6-digit uids?