Posted by
ryuzaki0
on from the do-it-yourself-toll-gate dept.
MC68040 writes "The guy at this site managed to build something together that's actually quite neat in the way he built it, all hand-crafted system that uses a linux box to unlock his door. Maybe not the coolest of solutions, but actually a pretty good idea as for security in my humble opinion."
Re:Great
by
Anonymous Coward
·
· Score: 4, Interesting
Does he have a back-up way of getting into the house, if the power goes out (and he doesn't have a UPS)? Or, would he resort to climbing into a back-window, which should have red-flagged his security plans earlier?
If you looked at the link, you would see that he specifically states, "The door still functions as it did before". He used an electric striker plate, which releases when power is applied to it. So if the power goes out, he just uses a key.
That's not funny. This poor guy comes up with might be a great little hack, and/. kills it. Constantly, we read on/. about how certain big companies should take responsiblity for their actions. Well, I say it's time for/. to stop being a hypocrite and start doing it itself. Ask these site ops if they'll be able to handle a/.ing, if not, offer to mirror the site for a day or two. If/. has no problem with the load, great, then help out those that can't.
-- Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
And to scan the barcodes
by
Anonymous Coward
·
· Score: 2, Funny
He uses a CueCat!
Re:And to scan the barcodes
by
Harald+Paulsen
·
· Score: 4, Funny
CutCats are cool, I got a friend in the USA to send me one. Thought about hooking it up to a computer near my refridgerator to keep track of groceries and expiration dates.
Hmm, imagine using it for access entry. "Sorry, you have to carry a bottle of jolt to gain access here", or "what, a pepsi!? No access for you!"
-- Harald
Re:And to scan the barcodes
by
MattCohn.com
·
· Score: 2, Informative
The scanner has a CCD; I don't have to slide the barcode.
Funny, and I've implemented something similer with a CueCat, but he would have to slide the barcode if it was a CueCat. Also, barcodes for entry arn't very secure. If anyone gets ahold of your card for 10 seconds, they can make a photocopy and have your security level. A magnetic stripe would have been a better choice for REAL security however, because it takes more elaborate equipment to duplicate.
Re:And to scan the barcodes
by
Frater+219
·
· Score: 5, Funny
Hmm, imagine using it for access entry. "Sorry, you have to carry a bottle of jolt to gain access here", or "what, a pepsi!? No access for you!"
] inventory
You are currently holding the following: a set of keys, a brass lantern, a case of Jolt Cola[tm], and no tea.
] look
You are in the Cubicle of the Mountain King, with passages in all directions.
A huge green fierce programmer bars your way!
] n
You can't get by the programmer!
You're in Cubicle of Mt. King.
A huge green fierce programmer bars your way!
] drop jolt
The programmer attacks the Jolt Cola[tm], and in an astounding fury rushes off to enter the International Obfuscated C Code Contest.
] n
You are in a low north/south hallway at a hole in the floor....
Re:And to scan the barcodes
by
DarkZero
·
· Score: 3, Funny
Also, barcodes for entry arn't very secure. If anyone gets ahold of your card for 10 seconds, they can make a photocopy and have your security level.
Personally, I see this as an upgraded form of "security through obscurity": security through weirdness. People know where the average person puts their keys and where the average person puts plastic cards (which most magnetic strips are put on)... but a barcode? W(here)TF does someone keep their BARCODE? A potential invader or an unscrupulous friend will be stunned by it. You can't look for a Hide-A-Key. He's not keeping it on a key rack. He probably can't just throw it down on his desk when he gets home. Hell, for all they know, his spare could be tattooed to his left ass cheek.
It's not obscurity, which is what the Hide-A-Key is. It's just weird, and on an individual basis, that could work for security.
tattoo
by
Anonymous Coward
·
· Score: 3, Interesting
he should tattoo the barcode on his hand... kinda like a "fingerprint"
Re:tattoo
by
rainman31415
·
· Score: 3, Interesting
he should tattoo the barcode on his hand... kinda like a "fingerprint"
yeah, but why does that remind me of soemthing in the Bible? seems kinda apocalyptic if you ask me, and if he personally brought the beginning of the end of the world, i'd kick his ass.....
An alternative to this would be like a passive-active system where you have a chip embedded into your skin. Then when you are in proximity to the active scanner and try to turn the doorknob the thing recognizes you and unlockes the door.
Of course, someone could hack your arm off and get in your place but at that point I'd think you'd have more worrisome things on your mind.
That'd work until someone walked behind you with a camera and took a good photo of your hand. A few minutes with the perspective tool in The GIMP (come on, you know the theif would be a nerd), and some filtering, and you have yourself a key.
It's kinda like using fingerprints for keys. You leave them everywhere you go, and you can't change the locks when somebody gets the 'key'.
he should tattoo the barcode on his hand... kinda like a "fingerprint"
If this worked, it wouldn't for long.
I've got my SSN tattooed as a barcode on my forearm. It's just for looks, since even if by some miracle the artist was able to make the lines as razor-straight as they need to be, the change in size of your muscles and skin over time would distort it enough to make it non-machine-readable.
The last time I went to the dentist, one of the assistants saw my tattoo and told me a long story about her son who was in the US special forces. Apparently they'd had some kind of plan to use them as replacements for dog tags, but ditched it in favour of implanted microchips like you can get for pets, since there's a lot less hassle involved. Obviously I can't confirm the truth of that though.
-- "...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
"Then when you are in proximity to the active scanner and try to turn the doorknob the thing recognizes you and unlockes the door."
Unless you are Steven Wright, in which case your house starts up and you drive it around awhile.
23 years ago...
by
Pig+Hogger
·
· Score: 5, Interesting
23 years ago, I was involved in a project to make a portable computer for data-entry, to replace optically-readed mark-sense sheets.
The final solution was to have no keyboard at all, but rather a computer whose motherboard was embedded in a 3-ring binder, with sheets.
On the sheets, were some barcodes, arranged in roughly the same layout the mark-sense cards were.
(For the geeks, the machine was MC6809-based, and had 56K CMOS RAM. The LCD display was always powered, but the computer shut down after it finished decoding a barcode and processing the "keystroke".)
Simple: Just create a battery powered circuit which states that if no power is going to the computer/scanner then allow for key entry... of course making it would be harder than that.
Electric door strikes open only when power is applied to them , meaning when there is no power you can still open the lock with a key. Not always the case. Depends on if the locks a re fail safe or fail secure. Some Fire Regs in some states require locks that unlock by dropping power to the lock (depending on application). Most locks allow a key override though, as you stated...
you use the revolutionary device that is made out of brass that you stick into the specially designed receptical and turn. If the pattern of the bumps on the brass piece match the lengths of the brass cylenders that are spring loaded in the receptical it will allow you to turn the brass piece and retract the securing mechanisim.
It's really a new device you should see it on the shelves sometime in 2006 called a lock and key.
-- Do not look at laser with remaining good eye.
your house as a semi-permeable membrane
by
timothy
·
· Score: 5, Insightful
What's cool about this idea (to me) is that it actually has the great thing about many modern hotel keys (the ones with little holes, or mag strips), which is reprogrammability, but without the major hassles (specialized equipment to punch holes or re-stripe a card).
With a system like this, you can provide time-bounded access -- the petsitter can come by while you're gone part of this week, but her code might not be on the approved list for, say, 1 a.m. next Saturday night. Not that it would stop a real burglar, but all security systems are a series of intentional nuisances to bad guys. This way, there's no "spare" key floating around to be lost and worried about.
Plus you can send someone who needs to come by when you're not there (that petsitter, or the neighbor you've asked to check up on things) to open the door a "key" as a JPG file; they print it out, and it's their open sesame, at least at the times you've set them as welcome.
Since I like to think of houses as cell walls (hey, metaphors are meant to be reversed and amplified!), this lock system really resonates with me.
Re:your house as a semi-permeable membrane
by
delta407
·
· Score: 2, Insightful
a "key" as a JPG file; they print it out, and it's their open sesame
Problem: most barcode readers fail when trying to read fuzzy barcodes, making JPG a very bad choice. Also, unless you have a nice barcode reader, you'll probably have issues with barcodes if they were not produced by a laser printer; inkjets simply do not give the definition you need. (Besides which, laser printing is good for other reasons -- if your key gets wet, you won't have ink smearing all over.)
If you used PNG and could guarantee that the receiver had a laser printer (or thermal, for that matter), then it would work. If you want to use JPG and inkjet, well, good luck.:-)
Re:your house as a semi-permeable membrane
by
MORTAR_COMBAT!
·
· Score: 5, Interesting
Indeed a cool idea. I would add that the holder of a 'key' should definitely keep it in a sleeve, though, lest high-res photography would allow for a duplicate key to be easily created.
The 'sending a JPG' to the baby-sitter starts out as a very neat idea, but what happens when baby-sitter has a popular e-mail virus which sends her e-mail to 100 people in her address book? Instant house party? Naturally they would only have the same access time slice as the baby-sitter, but they could just wait until after he/she is alone in the house and walk on in.
but without the major hassles (specialized equipment to punch holes or re-stripe a card)
It also means any Joe with a printer can make themselves a valid access card. I thought for quite a while about putting a similar setup at my house, but I decided instead to go with an extremely similar method, except instead of bar-codes I use hand prints. A lot of the advantages (time slices for the maid and sitters) without being able to be so easily produced (until advanced cloning techniques allow people to commonly grow copies of my hand).
And w.r.t. the people who keep asking about 'power outages' for (1) ever heard of generators of batteries and (2) naturally a physical key still works in the lock, duh!
-- MORTAR COMBAT!
Re:your house as a semi-permeable membrane
by
bergeron76
·
· Score: 2
Use PDF and the JPG problem is solved. Make sure that the "print scaled" option is selected, and your printed barcode is identical to the original (assuming a decent printer is used).
-- Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
Re:your house as a semi-permeable membrane
by
jebell
·
· Score: 2, Informative
Rob at Cockeyed.com didn't seem to have problems with his personal bar-code project.
It looks like an inkjet printer, but I could be wrong.
-- This is my sig. There are many like it but this one is mine.
Re:your house as a semi-permeable membrane
by
DarkZero
·
· Score: 2
The 'sending a JPG' to the baby-sitter starts out as a very neat idea, but what happens when baby-sitter has a popular e-mail virus which sends her e-mail to 100 people in her address book? Instant house party?
That highlights the real beauty of this system. The only access to your house is wanted access or forced access. If the sitter realizes that she has a virus or just thinks that someone else may have figured out your key, they can just call you on vacation and you can VNC into your Linux box or send an e-mail to it to change the code, then email them a new one or email one to someone else.
For as long as there have been door locks that you can buy in stores, people have been changing their locks because of stolen keys, angry family members or former lovers, and missing keys that may or may not been in someone else's hands. Under the current system, you have to buy new locks for every external door in your house if you want to change the key. Under this system, all you have to do is type up a command on a keyboard.
And yes, I'm aware that having door locks that can be controlled via the internet is insecure, but the point is that you can control it any way that you want. If you think you can set up a really good network that is unlikely to be hacked anyway, you can make it so it can be set through the internet. If you can't set up a really good network, you can just tell your sitter what to do over the phone.
Re:your house as a semi-permeable membrane
by
adolf
·
· Score: 2
Eh?
Barcoding isn't a very demanding exercise.
Where I work, we've got a few barcodes taped to the counter. Thermal-printed, been there for years: the paper is turning brown, and the black is a somewhat-vague purple.
We scan these fairly frequently on a daily basis, without problem.
The USPS seems to be happy with uneven dot-matrix printed barcodes; look at the lower-right corner of the stuff that drops through your mailslot sometime. And this is for so-fast-it's-blurry mail-sort systems, on particularly-lumpy material.
I've noticed 2-dimensional UPS barcodes (the funky ~1" square you see on some shipping labels, with a circular target in thing in the middle) printed dot-matrix, too.
And I've seen no indication that either system is in any way flawed.
So. We've established that the scanners aren't very particular; let's talk about printers.
Laser printing isn't so hot. Bend it a feww times, and the toner begins flaking off.
Lexmark, and probably others, offer what they claim to be waterproof ink. This is probably at least as durable as laserprint in a typical wallet.
The Alps MD-1000 I have here prints using wax ribbons. It tends not to flake, it tends not to fade, and it's definately waterproof. Oh, and it was cheap.
Most laser printers top out at 1200dpi. 2400dpi inkjets are now commonplace.
UPC barcodes have only two line widths - features which, given the scalability of barcodes, are probably quite easily implemented with a 24-bit printer at reasonable size.
Coca-Cola uses very large, sprayed dot-matrix barcodes on their 24-can cases of 6-packs. They're very rough, and I imagine they work justfine.
Now that we've got printing out of the way, let's talk about the barcodes I carry in my wallet:
I've got an Ohio driver's license, dye-sub printed plus holographic lamination, made 2.5 years ago. The barcode is quite plain and obviously usable, as sharp as I remember it being when it was issued.
I've got a Blockbuster membership card. 24-pin dot-matrix printed, issued at least 5 years ago, and laminated: The barcoode is quite plain, and obviously usable.
I've got a Sam's Club membership, issued a few years ago, printing style unknown (but probably thermal). The barcode is wearing off, but is still quite usable.
Obviously, you don't want to take a crucial water-soluable barcode out in the rain and use it. However, I feel that you need to look around a bit more: There's a plethora of low-res, functional barcodes attached to items in the world around you which you are obviously oblivious to, many of which are expected to be exposed to the elements.
And remember: Anything can be laminated, usually at a shop within walking distance. Why might one expect to be able to print barcoded keys at home, while conventional machined brass keys require a trip downtown? One shouldn't, at this point: Let's take it one step at a time, starting with email delivery.
Oh. And JPEG, as a format, is fine. It can encode sharp lines with ease, as long as the encoder is aware of the requirements and/or the quality settings are set sanely (which is not a problem with standard libjpeg) -- efficiency, in this instance, is rather not relevent. PNG, as a purist ideal, would be somewhat better. But even monochromatic BMP (or XBM or PBM...or PCX for old-school PC users)-format barcodes would be quite sufficient for the task at hand. Not to mention GIF, which will be readable by everything for a really.long.time. You could probably even distribute barcodes as HTML tables with colored backgrounds without problems.
Thus, I find all of your presented points to be misleading, inaccurate FUD.
Re:your house as a semi-permeable membrane
by
NeoSkandranon
·
· Score: 2
The 'sending a JPG' to the baby-sitter starts out as a very neat idea, but what happens when baby-sitter has a popular e-mail virus which sends her e-mail to 100 people in her address book? Instant house party? Naturally they would only have the same access time slice as the baby-sitter, but they could just wait until after he/she is alone in the house and walk on in.
Well, as long as you dont label the JPG "SUPER SECRET KEY TO HOUSE AT $ADDRESS" You oughta be okay...sure people will have the barcode, but, how will they know which house it goes to?
-- If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
Re:your house as a semi-permeable membrane
by
Lumpy
·
· Score: 2
I've dont thins for over 2 years WITHOUT a computer and using access equipment that are nearly indestructible...
the ibutton... can take more abuse than ANY smartcard/barcode/whatever.. the reader can take an axe attack and still work.
heck ibutton.com sells a door lock pre-made ready to go and install in your door.
but I use a 16f84 pic and a simple failsafe electric door strike and a 12 volt gell cell battery+charger... power can go out for 7 days and mine still works... I only connect to the pic with the linux server to update allowed codes and time.
and EVERYTHING needed to do this is freely available on the internet. you just have to buy the hardware. and if you own picbasic pro compiler... you dont even have to think to program it.
-- Do not look at laser with remaining good eye.
Re:your house as a semi-permeable membrane
by
plover
·
· Score: 2
The poster had valid points, he just didn't back them up with enough facts.
When you start dealing with the barcode specs (I use MIL-STD-1189A for Code 3 of 9, the UPC Shipping Container Code and Symbol Specification Manual for Interleaved 2 of 5, among many others) you will find that not all codes are created equal.
All barcodes specifications state the allowable tolerances for bar width, spacing, color, reflectance, etc. These tolerances tighten up as the barcode gets smaller, (and loosen as the barcodes get larger.) If you want to print a 50-digit Code 128 in a two-inch-wide space, for example, you've got to be absolutely precise (within.0025 inches not only with the leading edge of the bar, but the interbar spacing has to be within.0015 inches. Plus, each character has to be within.0015 of the right distance to the next character. This is very difficult to achieve on digital equipment with fixed element printing positions for a variety of reasons. Most scanners have a very hard time reading accurately at this small end of the scale.
If you're spraying interleaved 2 of 5 barcodes on the sides of fibre box shipping containers, the tolerances change dramatically. The width tolerances climb to.014 inches per symbol. Of course, the factory-line bar code scanners are dramatically different than the hand held scanners you see at department stores, and are designed
(By the way, UPC has four distinct bar widths and spaces, not two. Code 3 of 9 and Interleaved 2 of five have only two distinct widths. And PostNet has only one width. The PostNet post office barcode is different from other bar codes in that it's not self clocking: the space between the bars means nothing, the short bars exist only as place holders for timing the long bars. It's a rudimentary 2D system.)
Those are the standards. What that means is if bar code producers meet them, and your barcode still doesn't work, then you get to blame the scanner manufacturer for failings.
All that said, reality actually ends up being "whatever works." Scanners are usually more tolerant than specifications demand, simply because people complain when the scanners don't work. Barcodes that are printed on merchandise are usually tighter to spec than required, because the merchants frequently have contractual obligations to provide "100% first scan success rates." (Think how much it would cost a big retail chain like Target if those bottles of Mountain Dew took five seconds to scan each instead of.5 seconds. Every clerk in the chain would be wasting time each day fighting the bottles and scanners.)
To address your examples, the older barcodes may be fading to your eyes, which may or may not be affecting their reflectivity (just because it's fading in the visible spectrum doesn't necessarily meaning it's fading in the spectrum the scanner uses.) The dot-matrix Blockbuster barcode was most likely produced on a Blockbuster corporate tested dot-matrix printer and tested with the Blockbuster corporate store scanner. Your older barcodes probably aren't stretching non-linearly, either.
Printing barcodes on random people's computers is risky. You don't know what kind of equipment they're going to have. They may have a cruddy old dot-matrix printer, or the latest Canon BubbleJet. And no matter what kind of gear they have, they're likely to be proud of it, so if you can't read their barcodes, they'll take it personallly.
Anyway, you're right. Barcoding is not an overly demanding science, but it does have limitations. JPEG isn't great because while it can print sharp lines, its compression scheme can change WHERE each of those lines are printed, which is just as important as sharpness.
It seems like a keypad would almost be a better solution. You don't have to carry something around, only remember the combination. I don't know how reliable this is; from what I've seen in stores, these don't read fairly often, and he's going through glass.
Of course, you'd have to make the password sufficiently strong.
Haven't you seen Star Wars? All you have to do to get past that is either shoot the keypad with a lazer gun, or tear it off the wall and short out the wires in the back.
Good idea. Or maybe use some sort of mechanical device that won't open normally, but will when you insert some sort of identification device - you could make it out of metal for strength and encode the identity in notches down the side. Sure, you have to carry something, but it's small and portable, and could easily fit into a pocket.
Hey, I might see if I can patent that one...
-- ++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
"Crooks have cordless saws all's to go through the wall of a wooden structure in under 5 minutes. And last time I checked it was pitifully easy to break through a door."
While this deserves the +3, funny, there are significant advantages to having a lock that doesn't require you to carry around a physical object, as I have discovered numerous times when I have returned to my house (usually after school) and realized I had forgotten my key. (My favorite time was when I was using a keyed lock for my locker and put both my house key and the key to said padlock *inside* my locker before shutting and locking it. While incredibly annoying at the time, I have had many laughs about it since.)
Had a friend who could pick a lock in 30 seconds. He picked my dead-bolt once in less than 60 seconds.
Goddamned annoying to come home late at night from work and find him parked in my favorite chair, watching TV and drinking my brews.
But after I almost shot him once when I thought he was an intruder he decided to go bother other folks and drink *their* brew. Ah, the gun! Better discouragement than any lock.
Max
-- My god carries a hammer. Your god died nailed to a tree. Any questions?
Your story reminds me of the "Safecracker Meets Safecracker" chapter in "Surely You're Joking Mr. Feynman". Lots of fun stories of him breaking into most of the safes that lay around Los Alamos while he worked on the Manhatten Project. If you haven't read it, you may want to go pick it up.
I was just reading about barcodes the other day... Check out This if you are interested.
Honestly, really
by
Anonymous Coward
·
· Score: 4, Insightful
This isn't flamebait or a troll but I think I'm starting to agree with other people: Whats the point of posting a story on a guys personal site if its almost certain to be slashotted?
Re:Honestly, really
by
sbaker
·
· Score: 5, Interesting
I agree.
Slashdot really, truly, utterly needs to have a local cache of the pages it references. It's getting to where Slashdotting is as bad as a denial of service attack - and that's a terrible thing to inflict on *anyone*.
Probably 50% of web sites referenced from main news items are down within an hour of Slashdot mentioning them - and they stay down until a couple of days have passed. That sucks.
They could easily implement some kind of opt-in thing where you put a META tag in your web page telling Slashdot that you grant them explicit permission to mirror the site for (say) a week after mentioning it - so Slashdot would have no legal/copyright come-backs. At the end of the week the Slashdot mirror could revert to become a redirect to the real site so you don't have problems with people bookmarking the Slashdot cache instead of the real site.
The whole process could be automated.
People who do cool things like this door lock would surely be aware that they could get Slashdotted and prepare for the event in advance by inserting the tag - and private individuals are the people who are most likely to have their server die.
Companies that want to profit from their slashdotting by advertising from their page or taking orders off of it could just leave off the META tag and handle the traffic as now.
An opt-in cache mechanism is a win-win-win solution. Slashdot wins because more people will use the service if it doesn't continually refer to dead sites. Readers will win because less sites will be dead-on-arrival - and web site operators will win (if they want to) by not having their site die from Slashdotting.
-- www.sjbaker.org
Re:Honestly, really
by
KalvinB
·
· Score: 2, Offtopic
My site is running on a 256K DSL connection and survived the beating. Sure it was running at 600bytes per second but I could still access it. People just need to make their pages more bandwidth friendly. From acceptance to front page my story took about a day to be posted. That's plenty of time to rework a page if it's too bulky.
However, if weren't possible to make it bandwidth friendly, Slashdot needs to take advantage of resources out there like their own server or SourceForge and work a deal to use temporary space upon request of the owner of the linked site. The owner could easily package up the relavent portion of the site and e-mail it over to be put up at the temporary location.
If nothing else it would at least eliminate all the stupid "hey look it's slashdotted" posts.
Currently, Slashdot is just a link site with commentary. If it's keeps killing all it's stories it's going to be a pretty irrelevent link site at that.
Yes, and why not removing the links from the article when it is painfully clear that you are doing a lot of damage to the site?
You could always put them back later
I mean this IS their own code. You could even make a "link bar" with the links so they were easy to remove and re-insert by flipping a bit.
And since there seem to be little/no serving of static pages here, one could easy check for people posting links to the site in a comment also.
I like Slashdot, but I think they should put a little more effort into removing links from sites that clearly can't take the load. Maybe even a simple traceroute on the domains on the articles posted could prevent a lot of this as many ISP's domains often shows when the site are on a fx. DSL line.
Some could argue that if you can't handle the load, you shouldn't be on the internet. But isn't the great thing we all like about the internet, that it's not just for big companies? We see many sites on small private lines, and I think they might be one of the few places left where you can find really interesting stuff that's not just branding of a company name.
1) People will have to know they're about to be slashdoted.
2) If they do sign-up for an AOL type account, and it is possible to set their site up their (it may be dynamic, or contain large files etc), and they do have time to do it and can be bothered, it will generally suffer the same fate because they AOL type hosting and free hosts generally have limits.
Otherwise, it would be a good idea (and infact perfect in some cases). Given the range of sites that/. links to, I think it's going to be very hard to come up with a solution that works nicely for the majority.
Video store barcode
by
zaffir
·
· Score: 2, Insightful
A video store gave me a little keychain barcode which I'm using here.
So i just have to work at his video store (or have a friend who works there), make myself a copy of his barcode, and i get free reign of his house? Sweet.
-- "Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
Re:Video store barcode
by
RadioTV
·
· Score: 2, Informative
Actually, a barcode normally doesn't hold that much information. When I worked as a programmer doing manufacturing support, we had trouble scanning anything that had more than 10-12 characters. You have to get pretty creative to be able to cover all the possible things that you might scan. As an example we used the first character to identify what the bar code was for (work order number, sales order number, purchase order number, part number, etc.). Then we could look things up in the appropriate database.
The exception to this is the "two D" barcode (like on a UPS package). If I remember correctly, they can hold ~256 characters (I haven't used them).
-- I have great faith in fools - self confidence my friends call it. - Edgar Allan Poe
Humble opinions aside, I can't see describing this as secure, at least compared to an "unpickable" modern lock (i.e., a lock that's tough enough to pick that you'll just go through a window instead).
To get into my house, you need to have my key, or a copy of my key. If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
To get into this guy's house -- and please note that the pictures wouldn't load, so I'm going by the captions -- you need to have his barcode, or a copy of his barcode. If I look at his barcode, I can remember the information I need to copy it, even if I don't have his key when I make the copy!
It's a neat hack, and *maybe* it's more convenient than putting a key in a lock (but it's also more complex -- I picture him standing at the door in the rain during a power failure), but it's not secure. Even a PIN pad would be more secure, becaues you can memorize the PIN -- you *have* to write down the barcode.
Re:Not very secure
by
LFS.Morpheus
·
· Score: 2, Insightful
You contradict yourself in your post, saying you have to write down the barcode, but you can remember the data if you were to look at his barcode...
Contradiction aside, most people, and especially common thieves, would have no idea how to make a barcode. I personally know you can do it with some software, but I'm not familiar with any of it and have never done it. I do know there are several types of bar codes so that throws another hardball at you; you have to get the right type.
In this case, also, if this person lost his bar code, it's his video rental card. It doesnt exactly scream "this is the key to my house." *No one* is going to think its the key to his house. That. Is. Cool. Of course, if he doesnt have a copy or cant get another copy of from the video store, he's also screwed, etc etc.
On the other hand, if a thief were to somehow get your pin, I bet he would be able to remember the pin long enough to write it down, and entering it into your numpad is trivial.
I think its at least more secure then you give it credit.
-- The space unintentionally left unblank.
Re:Not very secure
by
jjshoe
·
· Score: 4, Insightful
you can remember 12 digits? there was a time when i could remeber the 1st 6 of hp's barcode because i was often looking hp stuff up in our system.. 08689 who knows now.. that was a while ago.. but the point is most people cant look at 12 digits and just remember it...
i use my drivers liscence to switch to root on my box.. its not nesecery, in fact its probly over kill and pointless. however. most importantly it makes me think for a second if im about to do something as root.
plus, its something neet to brag about, which is part of the geek world. because you dont like it doesnt mean that himself and his friends dont like it
-- -- botsex is {grep;touch;strip;unzip;head;mount}/dev/girl -t {wet;fsck;fsck;yes;yes;yes;umount} {/de
Re:Not very secure
by
pongo000
·
· Score: 3, Interesting
If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
Don't go betting all your wordly possessions on this. An experienced locksmith (or someone who knows what they are looking for) can come up with a reasonable facsimile of your key based on the key cuts and the type of lock (probably imprinted on your key as well) if given a chance to look at your key. Keys can be traced and/or photocopied as well. A good reason why you should never leave your house key on the key ring when you hand over your car keys to someone you don't know or trust (valet, mechanic, etc.)
thank god for the address book in my cellphone. im living with my current gf. we have gone out for almost a year now, and i couldnt tell you her cell phone number.
-- -- botsex is {grep;touch;strip;unzip;head;mount}/dev/girl -t {wet;fsck;fsck;yes;yes;yes;umount} {/de
What's about power outages ? Let's say, are you going to be alone, signing in the rain along with lightnings?
web / security server?
by
olrs
·
· Score: 4, Funny
I hope his security system isn't on the same box as his webserver or we may have just locked him out of his house... hope its not raining.
Re:Slashdot record?
by
DarthWiggle
·
· Score: 5, Funny
Maybe/. could start offering a prepackaged "Port 80 Flood Kit - Get the pride of being slashdotted without having to work for it." Say $1000 a pop. It's better than spending the money on advertising.
Geek 1: Hey, guys, I got slashdotted! Geek 2: Woah! No way! Geek 1: Yep. *smug* Chick: He's so dreamy...
Forget key impressions in soap...
by
Ben+Jackson
·
· Score: 3, Insightful
All you need to break into this guy's house is a few seconds with his "keys" and a photocopier. Though I guess if you were really worried about that you could put a small label printer by the door and get a new key every time you left...
Re:Slashdot record?
by
microsost
·
· Score: 2, Funny
Hell I hope it never happens to me.. The traffic would cost me an arm and a leg (well maybe even 2 of them..).. Just about tempted to put the address here but worried it'll cost lots:D
Coming in 2004 from Microsoft, the leader in enterprise security, Microsoft Home Security.NET version 1.0!
Not only can you now keep track of your MSN (tm) Instant Messenger Buddies on your computer, they can instantly know when you get home too! And don't forget about exciting new features like Internet Explorer In The Bathroom (version 8.0!) and a free Tablet PC with every purchase! Now you can feel secure about your home knowing that Microsoft's Award Winning Security Task Force is on your side! Sign up today and get 10% off the already 100% marked-up price!
And coming soon, look for Microsoft's answer to Parking Lot security, Security Guard Who Looks Like A Drunk Bum Lying Near The Booth version 2.0! Hackers will never figure that one out!
</press release>
From the few pictures I saw...
by
mstyne
·
· Score: 4, Funny
I think this guy needs to invest in some sandpaper and some paint. Having a neat-o super keen way to get into your house is great, but if it your house looks like shit to begin with...
That's mainly why I try to avoid "pimping out" my car. What's the point of a nice paint job and a fart pipe if the brakes are failing and the engine's falling apart?
I think this guy needs to invest in some sandpaper and some paint. Having a neat-o super keen way to get into your house is great, but if it your house looks like shit to begin with...
...? What? What has the condition of the paint on the house got to do with securtity?
That's mainly why I try to avoid "pimping out" my car. What's the point of a nice paint job and a fart pipe if the brakes are failing and the engine's falling apart?
Your post makes the perfect example of contradiction;)
Then, when the computer restarts when the power comes on (because he's using a linux box) he can say "I CANT OPEN THE FSCKING DOOR!!!!!!"
-- I'm the Devil the Windows users warned you about.
Re:Slashdot effect
by
Osty
·
· Score: 2, Insightful
It's just too messy, it takes up time for the editors
Are these the same editors that have time to post duplicate stories?
screws up pages with ads on them (yeah, boohoo, but if you were getting money for the page you'd care)
The sites that tend to be most quickly slashdotted are also the sites that are most likely not to be ad-supported. More, they're also the same sites that are most likely going to end up costing the owner an arm and a leg when their bandwidth allotment is completely smashed by a Slashdotting. In otherwords, they're not gaining any money by being linked to Slashdot, and are highly prone to actually losing money. Let's see what you'll do if you're faced with a $1000 bandwidth bill because your lego collection made it onto Slashdot.
and the rest
What "rest"? Legal issues? The editors obviously should contact site owners (at the very least to warn them that Slashdot is about to launch a massive DDoS on their website). I'd much rather wait a day or two to see an interesting site than not be able to see it at all. If someone doesn't want Slashdot to cache their site, then they should at least be given the opportunity to not have the site posted to Slashdot.
It would be good, though, if the editors were to put up at least the Google cache of this kind of site.
For this kind of site? Not likely. I looked at the Google cache. The site has a lot of pictures of the guy's setup, and google doesn't cache images. Thus, the Google cache is nearly useless.
$10 and I'm in
by
missing000
·
· Score: 2, Interesting
All I really need is available at my local radioshack, as discussed here
Re:$10 and I'm in
by
MORTAR_COMBAT!
·
· Score: 3, Insightful
Well, the difficulty bar is raised a bit from the 'bar code'. It seems reasonably more difficult to both (1) secure an object with a clear figerprint of mine and (2) use said fingerprint to etch a 3D image onto some PCB board than to (1) use a photocopier or camera/printer to copy a bar code.
That insecurity is indeed real. Although those systems which were compromised were single-finger systems, and my system uses 3 as well as hand shape. Being able to get 3 clear fingerprints and mimic hand shape is more difficult than simply picking the lock, anyway, so your efforts would be better served in investing a a few dollars worth of decent lock-picking tools instead of a set of hobbyist PCB boards and etchers.
Why bother? An 8 pound sledge hammer is only $20 at home depot, is 100% effective, reuseable, and you don't have to bother with making silly gelatine molds.
If somebody wants to get into your house, they're going to. If you build a better door lock, they can still remove the door entirely. Locks aren't about making your house entry-proof, they're about making it inconvenient to break in. If I want to get past your front door, a cordless drill and a sawz-all will bypass any locking device.
Re:Slashdot effect (the good, bad, and the FAQ)
by
Hrunting
·
· Score: 2, Offtopic
As for the staff, Slashdot people could email web site admins and ask about their bandwidth/web server. But what if the site owner doesn't read email on the weekends? (that isn't uncommon) What is to be done in that case?
Uh, they wait until they get a response? It's not as if Slashdot is going to get scooped on one of these. Heaven forbid that the editors, with all their journalistic rabidity, actually had to wait to post a story that was probably submitted a week ago.
I agree with the FAQ. Slashdot shouldn't have to mirror the sites, but for all their emphasis on being a community-oriented site, they sure aren't kind to small site owners. CNN, BBCi, C|Net, etc should all be able to handle the traffic. Some rinky-dink virtual site will never be able to handle it, and if the editors can't realize that, maybe they need to turn over their "community-oriented site" to someone more knowledgeable about the community.
Re:Why not -1, Redundant?
by
Planesdragon
·
· Score: 2, Offtopic
Come up with a legally sound solution and tell the editors about it (no, don't post it then whine about the -1 OT score that would be quickly dished out)
"Opt out/. ing"
Anyone with a/.ID can "opt out" of their/. ing. When a file on their TLD gets listed for a good/. ing, the editor gets flagged with a "site will crash" message, which would then pop up the/.er's perferred/. response: either a link to a TLD, up to a twelve hour warning, or a smallish temporary mirror.
This is getting rediculous--most small, independent websites like this can't take a slashdotting, and it's making it almost pointless to link it.
It seems to me Slashdot could offer to mirror the content for a price, so that the linkee gets ad money, while slashdot carries the bandwidth burden.
Is there no way to:
1) Contact the website owner 2) Alert him of the amount of bandwidth he's going to need 3) Offer to mirror his pages such that ad referals still go to him 4) Everybody profits?
I agree, that page and all the images took about 5 minutes to load on my computer, and I have cable modem. A simple, somewhat reliable solution for the present is to take advantage of google's page cache. Go to http://www.google.com and do a search for "cache:url_to_page" (without the quotes). True, it only gives you text, and not every page is cached in google, but google's servers are fast, and it can be of great help if the original page isn't loading at all.
Obligatory quote...
by
nautical9
·
· Score: 4, Funny
Dave Bowman: Open the pod bay doors, HAL. HAL: I'm sorry Dave, I'm afraid I can't do that.
Re:not neccessarily: cant copy key by looking
by
alienw
·
· Score: 2
Dude. It's easier to pick the lock than to memorize the key. Read the lockpicking faq or something. Takes about 30 seconds to pick a 5-pin lock.
Not. Half of/. doesn't understand how TiVo is diffrent than a VCR. And/. is suppose to be a geek crowd. Worse than that, X10 has been around since the 70's, and maybe a quarter of/. knows what X10 is.... Most of the people here probably think it's a windowing system for Linux (and to make it clear, you SHOULD know, it's NOT a windowing system for Linux, that would be X11, and that is a windowing system for UNIX, not Linux, and X10 has absolutely NOTHING to do with that...)
PS: History and naming may show more meanings for X10 and X11, however, it's the common usage that I am refering to.
Re:I see this as Important.
by
BadlandZ
·
· Score: 2
Can I be a geek now?
Self fulfilling prophecy?
Re:I see this as Important.
by
/dev/trash
·
· Score: 2
And how is a TIVO different from a VCR? Oh yeah it has that Guide but it still just records.
Clarification pointing to relevance
by
BadlandZ
·
· Score: 2
For those that lost the relevance to bar-coding.... My point was, how in the world can you expect something like bar-coding as a house key be important, significant, even remotely accepted as something that will ever happen in the future? The general population still is 1 step ahead of the 1800's "skeleton key" and not to tech savy. Even/. Readers are not so savy to make this happen in a moderate scale. How is this guys project even remotely significant?
We've all been paying attention to part two, making it hard to get into, but part one, which you noticed immediatetly, is that he's made his house look like there's nothing worth stealing in there in the first place.
The front of the house. The windows on the left are to my room.
In my window sits a cheap barcode reader. It's powered by a computer power supply I ripped from an old computer.
Anyone who wants to get into the house can scan a barcode that they carry. A video store gave me a little keychain barcode which I'm using here. The scanner has a CCD; I don't have to slide the barcode. The scanner actually has a beeper that I can control from the computer. You can hear it beep from outside the window.
Here's the driver circuit I slapped together for the barcode reader. It's just a MAX232 chip that converts CMOS/TTL levels to the RS232 spec. The output connects to the serial port of one of my Linux boxes. That box runs a trivial python program to read a packet from the serial port and send it via TCP/IP to another computer in the house.
The receiving computer is connected to this K8000 experimenter board. I2C chips on this board . If your barcode was on the list of allowed keys, I raise output 7 on this board for 6 seconds. Input 6 (the right-hand illuminated LED) shows that the door was closed when I took this picture. See below for how I sense if the door is opened or not.
Some successful reads.
When the K8000 board raises the right output signal, this driver circuit sends 24VDC to the door strike, shown below.
In this electric strike is a solenoid that relaxes the part of the strike that was holding the door closed. The door still functions as it did before, but now I have an additional way to allow the door to open.
This is the top of the door frame, where I have wedged a reed switch into the wood. There's a magnet on top of the door that closes the switch when the door is closed (hence the turned-on LED in the picture above).
Slashdot really, truly, utterly needs to have a local cache of the pages it references. It's getting to where Slashdotting is as bad as a denial of service attack - and that's a terrible thing to inflict on *anyone*.
Slashdot should cache pages to prevent the Slashdot Effect!
Sure, it's a great idea, but it has a lot of implications. For example, commercial sites rely on their banner ads to generate revenue. If I cache one of their pages, this will mess with their statistics, and mess with their banner ads. In other words, this will piss them off.
Of course, most of the time, the commercial sites that actually have income from banner ads easily withstand the Slashdot Effect. So perhaps we could draw the line at sites that don't have ads. They are, after all, much more likely to buckle under the pressure of all those unexpected hits. But what happens if I cache the site, and they update themselves? Once again, I'm transmitting data that I shouldn't be, only this time my cache is out of date!
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
So the quick answer is: "Sure, caching would be neat." It would make things a lot easier when servers go down, but it's a complicated issue that would need to be thought through in great detail before being implemented.
They could easily implement some kind of opt-in thing where you put a META tag in your web page telling Slashdot that you grant them explicit permission to mirror the site for (say) a week after mentioning it - so Slashdot would have no legal/copyright come-backs.
You're a genius! Oh...wait...no... You just haven't read the FAQ:
Is it possible to have META tags that Slashdot looks for in a story link before allowing it to be submitted/posted? Many times a server can't handle the load of a Slashdotting. So can the site have tags to prevent it from being added to a Slashdot story?
Not inconceivable, but I don't really think it's worth the work. Most of the sites that are Slashdotted are prepared for it, and the sites that get smashed usually are caught completely off guard; they wouldn't know of this mysterious opt-out meta tag. (See also Caching Slashdot Stories).
It's not rocket science to configure Apache to handle a Slashdotting. I've been hit three times in the past five years. Every time, my little 333MHz eMachine has done just fine. I just followed the instructions in the Apache guide. This guy took another fine route -- he took his pages off-line for the time being. Either route works.
People who put up websites should recognize that people are going to look at it. Sometimes, a lot of people might look at it, as a result of a link from Slashdot or any of hundreds of other sites. People who bitch and moan about being linked to from Slashdot remind me of the companies who whine when people link to "confidential" webpages -- guess what, if it's on the web, it's not confidential.
Of course, most of the time, the commercial sites that actually have income from banner ads easily withstand the Slashdot Effect. So perhaps we could draw the line at sites that don't have ads. They are, after all, much more likely to buckle under the pressure of all those unexpected hits. But what happens if I cache the site, and they update themselves? Once again, I'm transmitting data that I shouldn't be, only this time my cache is out of date!
Who cares? For them to get noticed on Slashdot, the interesting bits will still appear in the cache. Also, having the content cached doesn't mean that a link to the original site couldn't still be provided.
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Bullshit. If I want "breaking news", I go to CNN. I can't remember the last time I read a Slashdot article where the content of the article was time sensitive. It's just casual information to entertain and maybe educate the bored geek. Six hours is nothing. By the time Slashdot gets the news, it's already out in the open. It's not like they're going to get scooped.
Not inconceivable, but I don't really think it's worth the work. Most of the sites that are Slashdotted are prepared for it, and the sites that get smashed usually are caught completely off guard; they wouldn't know of this mysterious opt-out meta tag. (See also Caching Slashdot Stories).
So if the site doesn't have the magical opt-out tag or extra instruction tag, then fire up your e-mail client and get permission. Or just cache it and be done with it.
People who put up websites should recognize that people are going to look at it. Sometimes, a lot of people might look at it, as a result of a link from Slashdot or any of hundreds of other sites. People who bitch and moan about being linked to from Slashdot remind me of the companies who whine when people link to "confidential" webpages -- guess what, if it's on the web, it's not confidential.
The point is that it would be a decent thing for Slashdot to provide some mechanism to minimize the inconvenience caused by having a site or page linked on the front page. The points listed in the FAQ are weak. The bottom line is that some sort of cacheing would benefit both the owners of the content being linked (it wouldn't nuke their site) and the readers of Slashdot (no more seeing a cool story on Slashdot only to have to wait to read it because the Slashdot effective is already underway).
Truth be told, there is already an informal Slashdot cache -- you often see kind users copying the meat of the page into a comment which always gets modded up to +5. Further proof that an official Slashdot cache would be well received.
The only real argument against a cache would be the load that it would place on the Slashdot servers. They are tuned to handle their current content, but I wonder if they would be able to handle the load of serving up all that extra content in addition to the stuff that they already do.
Would I be willing to wait 6 hours on a 'cool breaking story'?
In a word: YES!
Most news on Slashdot is NOT BREAKING. If I didn't hear about barcode keys until tomorrow, or Wednesday, or next bloody MONTH for that matter, my life is not going to be significantly impacted.
When was the last time you saw a Slashdot story that you just absolutely had to read RIGHT THEN? There have been a few over the years (and I've been reading since close to the beginning; my number is so high because I didn't bother getting an account for six months or so after they started registrations.) There are occasional bits of 'breaking news' that make it here, but they're not nearly as common as the editors seem to think.
Slashdot, I think you are ignoring/abusing a responsbility here. You have the net equivalent of an Uzi; almost any small site you point to is going to die. Yes, the solution to the problem is tricky and would require some real thought and effort to implement. But you have had YEARS to think about this; I don't think 'it's hard!' is an adequate excuse anymore. Your other FAQ reasons are, in my opinion, fluff. The REAL reason is because it's hard, and I don't think that washes anymore.
If you actually DO have a breaking story, you always have the option of linking it directly. But if I have to wait an extra day before hearing about barcoded house keys, well.... I imagine I'll cope. Somehow.
Enough is enough. It's time to get started on some kind of caching system. If you're really lost, call Google. They're geeks. Many of them probably read this site, and I'll bet most would at least talk to you about the problem free of charge. If you want to start a discussion list on the project, I'll be happy to join and help as much as I can.
This is a problem that really needs to be solved, and I'm sure that many of us are ready and willing to help solve it.
Current Page Text
by
Kaz+Riprock
·
· Score: 2, Offtopic
This used to be an interesting page about the barcode scanner door entry system I built with Python and Linux. I posted this page because I'd like to share my project with others. I've answered emails giving people circuit diagrams, and I've had various online discussions about my design decisions. Now MC68040 and michael@slashdot.org decide that it's time for me to go down. They didn't ask me if they could link; they didn't ask if I'd like to put up a mirror somewhere else. At least michael-the-slashdot-editor knew that I'd be down in minutes if he made a link.
I'd love to put this page back up, and maybe in several days I'll remember to do so. If you're interested in interfacing Linux with serial devices or electric door strikes, drop me an email at drewp@bigasterisk.com.
Bitter?
-- Mordor...a magical, mythical land where women are more rare than dragons--but where every man would rather find a dragon
Door Self-Destruct Initiated, T-Minus .001 Seconds
by
DarkZero
·
· Score: 2
He fails to mention that the scanner scans more than just barcodes. When it scans the correct barcode, it makes the door unlock. When it scans a boot or shoulder, it makes the door self-destructed
Re:What A Beautiful Mind
by
VisorGuy
·
· Score: 2, Funny
First of all he said 23 years ago, which would be 1980 or more likely 1979 (since today is only the 11th day of the year).
Second, he's friends with gandalf_grey (93942), who is also a fan of his; so this Pig Hogger dude has got to be fairly up in years. ;-P
-- This user account is inactive account replaced by the PDA
Hmm.. -2 years +1 friend = credibility?
by
BadlandZ
·
· Score: 2
Ok, you've dug up something! That' put's Pig Hogger at 40+ (no crime being old! hehehehe... sorry, I'm 33 now, I have to be able to call SOMEONE old, seems like EVERYONE is 16-20 now days!).
I'd still like to know 2 things. I'm not sure how to make this sound "polite" because it will probably end up sounding more like a challenge, but that is NOT my intention.
I'd love to read a bit more about this project Pig Hogger did back in early 80's (when I was happy enough being able to figure out how to overlay credits onto a home video tape with a Tandy)...
And I'd love to hear what Pig Hogger is doing now days.
X10 is not X10.com, sorry. X10 is a protocol that has past it's copywrite/patent. And, X10.com has taken advantage of that, and now "ownes" the X10.com domain. But, X10.com, and it's owners ARE NOT X10.
The technology of X10 is very cool. It's a low speed protocol transmitted via standard home wireing, in duplicate to prevent errors, sent during the zero phase of the standard AC power curve. Quite cool, quite simple, quite elegent.
The ability to program you home lighting, broadcast home theater, lighting, temperature, security, and countless other bits of information over standard home wiring is defined by X10. It's there, unrestricted, and one could even argure it's BETTER than GPL, it's an EXPIRED patent, meaning there are NO rules on how to use it because it's an idea that can no longer be owned because it's past it's time limit for ownership.
What was your complaint again?
I don't buy it; use a caching proxy if nothing els
by
Fastolfe
·
· Score: 5, Insightful
I don't buy the FAQ's explanation. I think they're deliberately oversimplifying or just saying "it'll be too complicated and annoying for everyone" because they're lazy.
At a very minimum, use a caching HTTP proxy to feed a "mirrors.slashdot.org" site. Links would be set up under their own, unique path on this site (e.g. mirrors.slashdot.org/some.site/path/document or even mirrors.slashdot.org/50449) and this would funnel into a caching HTTP proxy. So long as the other site set up reasonable cache headers, there is no reason why the sites would object to their pages being cached in this fashion. This is built into HTTP, for fuck's sake. Wherever they have advertising being done, they're probably doing that in an iframe with its own caching policy. HTTP would handle all of this perfectly fine. Set an artificially low max-age value (overriding the site's) if you're really worried about things getting stale, but even this is unnecessary.
This is all fairly trivial to do. Slashdot authors/programmers have just gotten lazy in the last few years. They don't innovate or improve, they just watch over the slashcode "open source" project and occasionally toss out a few minor releases.
From your quote of the FAQ:
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Why don't you use some fucking common sense, ask yourself, "Do I think this site will survive linking?" And if the answer is "probably not," then e-mail them or call them, give them a head's up, and only if you fail to get a response in a reasonable amount of time would I ever think it's OK to link to them anyway.
They do have the information posted online, so any link and any amount of traffic is fair, but at least have the goddamn courtesy to mitigate the amount of damage you're knowingly causing. That's all that's being asked for: courtesy. Slashdot authors are lazy, that's all there is to it.
Re:Interesting
by
Fastolfe
·
· Score: 4, Insightful
I think you're looking at it from the wrong angle. A guy puts up some information on a site using meager resources. He hopes that information will be useful and interesting to those that happen upon it. The hardware turns out to be perfectly adequate for his needs. Then someone posts a link on a popular site and the traffic increases by a factor of 10,000. The site goes down.
Frustrated, he pulls the content down in an attempt at restoring at least some semblence of service to the site.
Wouldn't you share his emotions? Sure, he "asked" for it and "deserved" it by posting that data online, but it's still annoying and frustrating that you can't make that information available due to its inflated popularity by being reported on by a site.
Slashdot needs to be a little more cautious with this type of thing. At the very least, use standard HTTP caching mechanisms to set up a form of mirror for those sites that do express a willingness to be cached through HTTP.
Re:He misses the point of the Web
by
Fastolfe
·
· Score: 2
he seems to have forgotten that one of the original ideas of the WWW was to have people link back and forth to each other
I think you're reading too much into things.
He's annoyed and frustrated that his server was brought down due to the traffic created by this article. Wouldn't you be?
Most servers cannot handle the traffic Slashdot generates. This is an unfortunate fact, but it needs to be a fact that Slashdot admits to and tries to mitigate. They don't. The FAQ gives a few excuses that don't hold any water and that's the end of the discussion as far as they're concerned.
Re:Why not -1, Redundant?
by
Fastolfe
·
· Score: 2
Setting a password, or installing mod_throttle and setting it up right would be a start.
Most sites are small. By small I mean someone has decided they want to set up a quick-and-easy web site, throws it up on some personal web server software, and lets people at it.
Do they "deserve" the flood of traffic Slashdot might generate to it? Perhaps. Is it "their own fault" that their network connection and/or server is brought to its knees by the visits generated by Slashdot? Perhaps.
That doesn't mean they can't be annoyed, frustrated and a little bitter at Slashdot. Wouldn't you be?
For your challenge that someone come up with a "legally sound" solution to the problem, keep in mind the responses in the FAQ are an utter joke. Slashdot programmers are lazy.
All someone needs to do is set up a mirroring front-end that just hooks into an HTTP caching back-end. An image is a static resource. Most web servers will specify a 'max-age' for that resource, or at the very least they express a Last-Modified header that a proxy can use to compute an acceptable expiration date before trying to revalidate it. This simple HTTP caching behavior could very simply drive a mirroring site.
Sites that have certain areas or iframes or images or whatever that they want to be requested for every visit or every request can express (and should already be expressing) these requirements through proper use of Expires or Cache-Control headers.
Caching HTTP proxies have been around for years. All they'd need to do is put a different face on one and this problem is solved.
Re:Slashdot effect (the good, bad, and the FAQ)
by
Fastolfe
·
· Score: 2, Offtopic
I agree with the fact that Slashdot shouldn't have to mirror sites. I think most of their excuses as to why they don't are fairly absurd, though. This problem can be solved in a site-friendly, banner-ad-friendly and legal-friendly way through the use of run-of-the-mill HTTP proxies.
But however that goes, Slashdot really does need to be a little friendlier towards site operators when it's fairly clear up front that their site probably won't handle the traffic.
For the record, I've had news sites (e.g. MSNBC) do a story that involved some piece of content on my site, and generally, they ask my permission first, checking that I'm OK with it and that my servers can handle it. If they can take a few moments to do this, surely Slashdot can as well.
Copying a barcode is a bit easier than copying a key, but he's got it on his keychain anyway (it's a little video store tag thing). So either way, they've got to get his keychain off of him somehow. Not really any more or less secure.
Admittedly, if you knew something about the system, you could bring along a book of preprinted barcodes to get in, but then you could also bring a lockpick set too. And the lockpick is probably faster to do.
Then again, I prefer the hard and fast brute force method.. A swift kick to the door to break the frame. Works most every time.:p
-- - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Re:Let's be frickin' realistic...
by
Fastolfe
·
· Score: 5, Insightful
Your point of view here is totally absurd (which I guess is why you're posting as an AC).
I completely agree that people posting information to the web should not be surprised if that generates more activity than they would have wanted. In that respect, yes, it is "their own fault" and they "deserve" what they get.
But your comment suggesting that every web server and network be configured to survive a Slashdotting is idiotic. A "properly configured 333Mhz crap machine" most certainly will not survive any but the most mild Slashdotting, even assuming the network does. The fact that you make this statement shows me that you have no idea what you are talking about. Please post some numbers.
Your lack of sympathy for those people just trying to get something interesting/useful posted to the web astounds me. Someone that can afford to put information online for the benefit of all but cannot afford to do so using high-end hardware and high-capacity network links should not be punished for doing so. Not everyone is a professional web provider. Not everyone needs to be one. For most sites, with most content, Slashdot-levels of traffic will never happen. Why spend money building an environment that will handle it? In addition, some environments can handle it, so long as they have sufficient notice. What's wrong with a policy of giving people a few days notice before posting their link on Slashdot when it's clear their site probably won't survive it? Maybe the site owners can take some steps to ensure their site would stay up, or maybe temporarily mirror the content in question somewhere else? There's a lot that can be done here to prepare for a Slashdotting, but nobody has the decency to allow that to happen.
I agree that 'michael' can't be directly blamed for this, but Slashdot's policies on the matter most certainly can. It's just a matter of common sense and not being an ass. You're right: there's nothing requiring Slashdot to do this, and anything with a URL is fair game to be linked (with the traffic that that causes), but come on, there is a human factor here, and Slashdot could be a bit more courteous here.
This used to be an interesting page about the barcode scanner door entry system I built with Python and Linux. I posted this page because I'd like to share my project with others. I've answered emails giving people circuit diagrams, and I've had various online discussions about my design decisions.
Now MC68040 and michael@slashdot.org decide that it's time for me to go down. They didn't ask me if they could link; they didn't ask if I'd like to put up a mirror somewhere else. Of the two of them, at least michael-the-slashdot-editor should have seen that I'd be down in minutes if he made a link.
I'd love to put this page back up, and maybe in several days I'll remember to do so. If you're interested in interfacing Linux with serial devices or electric door strikes, drop me an email at drewp@bigasterisk.com.
"I posted this page because I'd like to share my project with others."
"They didn't ask me if they could link; they didn't ask if I'd like to put up a mirror somewhere else."
Now, I've got a lot of respect for people who come up with new ideas and actually make them happen. I appreciate it when they tell the world how to do it. I think it kicks ass when Linux is their tool of choice. But what the hell is this guy thinking? "Stop looking at the information I want you to see!" It's pathetic when some stupid company wants to restrict linking, but it's inexplicable when a hacker does it.
-- I spent a year in Iraq looking for WMD and all I found was this lousy sig.
First of all, as you see on this guy's site now, he's taken it offline due to the load. I've sent him an email explaining that there woulden't be a slashdot effect if nothing was posted on slashdot but that I'm sorry anyway. Second of all, as for security. I was not considering this as a high-level mumbo-jumbo super-secure system but I'm just of the opinion that it was pretty neat (atleast more neat that just sliding your magnetic stripe card throught a reader) and a easy way to provide users with time-limited access not for it to be a failsafe system =) It's just cool.
My 0,5 cents.
Re:What A Beautiful Mind
by
tacocat
·
· Score: 2, Offtopic
I'll be forty in two months
Are you expecting me to stop posting to/. in two months? Am I allowed to do cool shit anymore?
Do you understand that caching websites without the author's permission is illegal? There is no standard HTTP mechanism for caching, and copying the page and giving it off as yours would surely spark many lawsuits.
I have no sympathy for someone who does not set up his webserver to prevent this type of DOS. At the very least, this is lazy. If you don't lock your front door, you shouldn't complain about burglars. If I had a site that got slashdotted, I would be glad for the extra publicity, not bitchy about the traffic.
If, on the other hand, Slashdot mirrored my site without asking permission, I would be somewhat pissed. I would not only have no chance to update it, but people would also not know the URL of that site, and I might not get my ad revenue.
Re:What A Beautiful Mind
by
vrmlguy
·
· Score: 3, Insightful
I'm 47 years old. A little less than thirty years ago, I built one of Don Lancaster's TV Typewriters, an ancestor of the computer monitor you're sitting in front of right now. Around twenty years ago, I helped write "big iron" code that simulated underground explosions as an earthmoving tool (it tried to predict where the displaced soil and rocks would land), and I got to be on site for some of the tests) Ten years ago, I wrote a document management system that accepted faxed cell-phone contracts from kiosks, so that when someone tried to get out of a contract, we could fax them back their signature. Today, I'm active in Linux, Apache, MySQL, Perl, PHP, C, C++, PalmOS, Windows XP, Unix and SANs.
The point is, whatever you're doing today seems like drudge work, but after a quarter-century, everyone forgets the boring bits and just recalles the sexy parts.
Do you understand that caching websites without the author's permission is illegal?
I apparently know a little more about HTTP than you seem to, my friend. If it were illegal to cache HTTP resources, then most HTTP proxies are illegal as well.
copying the page and giving it off as yours would surely spark many lawsuits.
If a site is expressing a future date in an HTTP "Expires" header, or a max-age Cache-Control header, they're saying something very specific about how that data can be used by browsers and HTTP proxies alike. Read the document above to what it is.
At the very least, this is lazy
What?? Just because I choose to post some data online does not mean that I must automatically spend the money to create an environment and supply a network connection capable of withstanding a post on Slashdot. This reasoning is flawed. Most people with smaller web sites (e.g. academic) do not have the funds to do this. You seem to be under the flawed impression that any server with any form of network connection should be capable, with proper administration, of handling the traffic that a post on Slashdot generates.
This is like saying that people who are victims of distributed denial-of-service attacks get what they deserve for not having a fast enough network connection or a router that can do a better job of filtering packets. This is a totally unreasonable expectation. Sure, they "deserved" network traffic by placing their servers and networks on the Internet, but they're not lazy just because they choose not to spend the money for an enterprise-quality network when it's horribly out of scale for their requirements.
If you don't lock your front door, you shouldn't complain about burglars.
I can't even begin to touch this analogy.
I would be glad for the extra publicity, not bitchy about the traffic.
I'm sure that somewhere, deep down under his annoyance, he is.
Are you going to sit there and honestly say that if a web site you operated were brought to its knees and made totally unavailable due to a post on Slashdot, it would not have irritated you? "Aww shucks, I should have planned ahead better and gone with that Sun E5500 instead of this P133 after all! How stupid of me for not spending a half a million on infrastructure for my personal home page instead of this extra PC." Get real.
I do concede, though (as I have in previous posts), that he should not have been surprised this would have happened one day. And maybe he was aware that it could happen one day, and maybe he even planned ahead in the sense that there might have been some people willing and able to mirror his site's content at his request. If only he had some advance notice.
If, on the other hand, Slashdot mirrored my site without asking permission, I would be somewhat pissed.
If you are expressing the cacheability of resources on your web site incorrectly, then you are to blame here. Set up your cache control headers in your web server to more accurately describe how each resource could be cached. If you seem to think that every request should go back to the server and get re-retrieved, and that HTTP 304 responses are the devil, then by all means, just configure your web server so that it won't allow it. The point is, the site owner can make this decision (and should already be making it).
Please don't assume that everything you read on Slashdot is factual. Concede the possibility that the stuff in the FAQ is written by human beings who are fallible.
Less is more
by
riqnevala
·
· Score: 2, Insightful
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
No, I'd rather see that nice hobbyist page stormed down, THEN wait 6 hours for the site to recover.. Oh, if it only were just 6 hours..
Is it possible to de-concentrate the traffic by any means? Show the story for 5 minutes, then show it again after a quarter or so.. Daily readers would get it eventually..
You/. guys are holding too much influence compared to your careless morality.
-- love slashdot. populate it. use it. abuse it. hate it. kill it. miss it. stop following links, they only kill servers.
Re:He misses the point of the Web
by
Lazaru5
·
· Score: 2
Slashdot _does_ need to be more responsible when linking, HOWEVER...
The problem is that more geeks are hosting their personal sites on their broadband connections, and they simply don't have enough upstream bandwidth to handle a slashdotting. When Drew said that they didn't ask if/. could link to his page, he didn't mean in a legal sense, (which the parent poster seems to be thinking) he meant in a "hey, will your connection and server be ok if we do this?" sense.
There was no reason to even think that they should ask. They didn't make a conscious "decision" to DDoS Drew, they simply saw a site worth linking to. Drew took it as a personal attack and he needs to realize that they had no idea that bigasterisk.com was hosted on a home DSL connection.
It's also more likely that his connection was unusable before his server ever "puked" (if it did.) He could have killed Apache and _still_ had no use of his DSL. How would you feel? Granted, it's no excuse for his irrational assumption of malicious intent, but you'd be unable to even do anything about it. You couldn't put up a mirror because your connection is hosed. You couldn't reach/. to post a URL to the mirror even if you had one.
And I'm speaking from experience, as the admin of a web server at an ISP that was/.ed 4 years ago. (Mosfet's KDE page.)
--
--
My comments and opinions completely reflect those of anyone and anything I am remotely associated with.
Re:What A Beautiful Mind
by
Pig+Hogger
·
· Score: 3, Interesting
(Note: some details have been altered to protect the innocent and cover-up the guilty)
Read properly. I said 23 years ago, so that's 1980. I was only 18 at the time, but I had experience in computer graphics programming plotters (I volunteered for a computer graphics art group - this was waaaaay before Postscript) so it was only natural that I'd be the one they turn to to generate the barcode sheets.
They were done on a HP-9847 graphics terminal (a company oddball that was lying in a corner 'cause no one had any use for it. I learned years later that it was a demo unit THAT HP FORGOT THERE!!!!) onto which you could load a (surprisingly good - compared to the usual Microsoft crap - yes, Microsoft used to do crap then) BASIC interpreter, all this driving a IEEE-488 plotter. But eventually, I found the setup so disgusting (can't stand BASIC) that I wrote a device driver for the mainframe and I reprogrammed the barcode sheet programs. All in PL-1. Needless to say, that pretty well annoyed the dinosaur tenders of the time that I'd be using THEIR big iron to make graphics... Not to mention asking them all sorts of technical information in order to hack this...
In that project, I eventually also programmed the database on the mainframe that received the data, as well as the mainframe-side communication program, after my bosses saw that I managed to write a plotter driver for the dinosaur...
Anyway, the project was eventually canned because there was to much high-management interference (this was for a Fortune-500 ** CANDY ** company!!!) which brought the progress to a crawl. Only 10 prototypes of the computer were built, and I believe some still exist to this day.
* * *
Nowadays, I manage the computer department for a design company which designs museums (we're currently doing a museum for the Smithsonian, amongst other things), and I have a tax-credit consulting sideline.
For fun, I troll on Slashdot and NANAE, and have plenty of sex.
Now, for those who imply that there is no life beyond 30 years, I say you're fucking bunch of peepsqueaks whippersnappers; first of all, my sex drive went waaaay up when I hit 32 (went from 5 screws/week to 3/day), and I don't have any problems to pick-up; heck, a few months ago, a 19 year old jumped on me, and whas subsequently duly fully fucked by myself (and this happenned in a city park).
Re:He misses the point of the Web
by
epine
·
· Score: 2
% host bigasterisk.com
bigasterisk.com has address 64.139.32.113
% host 64.139.32.113
113.32.139.64.in-addr.arpa
domain name pointer ip-64-139-32-113.dsl.sjc.megapath.net.
The reason Drew perceived this as careless and malicious is that he's not as clueless about how easy it is to determine that a site is hosted on a cable modem. Even a/. editor can correctly spell the 'host' command.
This is Drew Perttula, creator of the barcode door entry system. Many of you have emailed me asking for where I moved the site. In my bulk answer (which about 200 people have received by now), I included the following text:
I give everyone on this Bcc list permission to mirror the page with these conditions: you have to put my name and email on it as the author, and you have to indicate on the page that you're mirroring is http://bigasterisk.com/automation/door (not [the address of the moved page], obviously).
What do I get? digital_gods (to whom I did not give any special additional permissions) mirrors my page, alters it with a comment that readers will not see that includes the secret address of the moved page! He didn't add my name to the page either. This doesn't make me mad; I'm just stunned at the way someone copied my work without attribution and without following my easy instructions about the URLs.
digital_gods, I hope you'll edit your mirror the way I asked. Everyone else, go look at digital_gods' page I guess, since all you want is to see my photos. I want to go to bed, so I'm not going to mess around with links and servers any more tonight. I hope I am still able to receive all your emails, as I've been receiving lots of interesting stories over the weekend.
First, the RFC specifies proxying mechanisms. Proxying != mirroring. Yes, a proxy can cache. It's a grey area of the copyright law -- automatically-generated headers do not necessarily constitute the permission of the content owner, especially since the content owner can't always control the headers generated by his server (i.e. in a shared environment).
However, what people are proposing is to set up a mirror. A mirror is NOT an RFC proxy. It does not require intervention from the client (setting the web browser) and is not covered by any RFC I know of. It would be a completely non-standard solution.
A proxy would be completely inappropriate in this situation. Proxies are set up by ISPs and network operators, not people who merely provide links (like slashdot). If you want to use a proxy cache, use the one provided by your ISP. A slashdot-operated proxy would also require everyone to set up his/her web browser to use the proxy, and the proxy would have to relay the content for every web site accessed by the web browser, whether or not it is linked to by Slashdot. Otherwise, it would not be an RFC-compliant solution, and my comment about lack of standard caching/mirroring mechanisms would still stand.
About the website "brought to its knees" -- this is the problem and the responsibility of the site operator. If it's a P133, you cannot reasonably expect it to have 100% availability under any reasonable load. If you want that, get a Sun E5500 or an IBM mainframe or something. However, there is no reason to need a personal website to be 100% available, so a P133 may suffice. If you want to ensure that the amount of traffic to the website is limited, configure the web server to limit it. Hell, protect it with a password or restrict it to a certain subnet.
The main complain that people have are unexpected bandwidth bills. This is 100% their fault. A webserver can easily be configured to reject requests after the bandwidth limit has been exhausted. This can be configured per-hour, so as to not make a site unavailable for an entire month. One can easily configure a traffic shaper or throttling. The point is: if you have a limited amount of network resources available, it is your responsibility to avoid their exhaustion. This does not involve fancy network hardware -- any decent OS and web server has these features built-in or easily installable.
My point is: it is your responsibility to make sure that your web server does not misbehave. If you have a quota, it's your responsibility not to exceed it -- not Slashdot's or anyone else's.
The RFC (actually the HTTP/1.1 specification) discusses "HTTP caching". It's quite explicit. Caching at the user-agent and proxy level are discussed, but not to the exclusion of all other uses.
However, what people are proposing is to set up a mirror.
You're picking nits. An HTTP proxy can take a variety of forms. Here is the definition quoted in the HTTP/1.1 specification (emphasis mine):
An intermediary program which acts as both a server and a client for the purpose of making requests on behalf of other clients. Requests are serviced internally or by passing them on, with possible translation, to other servers. A proxy MUST implement both the client and server requirements of this specification. A "transparent proxy" is a proxy that does not modify the request or response beyond what is required for proxy authentication and identification. A "non-transparent proxy" is a proxy that modifies the request or response in order to
provide some added service to the user agent, such as group annotation services, media type transformation, protocol reduction, or anonymity filtering. Except where either transparent or non-transparent behavior is explicitly stated, the HTTP proxy requirements apply to both types of proxies.
It does not say how this proxy should be built or implemented, it just describes some device that acts as a server from the user's perspective and a client from the origin server's perspective.
What I'm describing is just another form--albeit an unusual one--of a standard caching HTTP proxy. You're arguing technical definitions here that aren't really relevant.
Have you never visited a page using Google's cache?
It's a grey area of the copyright law -- automatically-generated headers do not necessarily constitute the permission of the content owner, especially since the content owner can't always control the headers generated by his server (i.e. in a shared environment).
Huh? It's absolutely not a gray area. In the case of the Google cache, it might be, because Google is indeed preserving the contents of the pages it spiders well beyond the norm for any HTTP cache.
But in the case of a "content owner" and the cache control functions of HTTP, there is no "gray area" whatsoever:
By default, most HTTP servers only send a Last-Modified header along with the content. If this were the extent of the "HTTP caching universe", it alone would be more than sufficient, since a caching proxy would just have to go back to the server and make a conditional GET request, where the origin server would respond with a "304" if nothing changed. This alone would significantly reduce the amount of load/traffic on a site without the possibility of the proxy delivering stale information to the user. Content owners don't need to know or care about any of this, and they certainly couldn't put up a legal case saying that their web servers were delivering a "304 Not Modified" response and that response facilitated copyright infringement. That is completely absurd.
So right up front, with extreme HTTP basics, we have enough to build our HTTP caching proxy (which appears to the user as a mirror, even though it isn't really one, since we never cache/duplicate content that is dynamic, changing for each request, or where the origin server has specified HTTP headers disallowing caching).
If we wanted to go a step further, this requires additional help from the origin server. In other words, to make proper use of the more advanced HTTP caching techniques discussed in the standard, the origin server has to explicitly be modified to give us additional cache-control headers, or the content needs to provide additional cache-control headers (perhaps in the <meta> tags, or configured through a.htaccess file).
So at this point, if a page is delivering an Expires or Cache-Control header that is explicitly offering information that allows us to cache the resulting document for a certain period of time (seconds? hours? weeks?), someone had to make the very conscious and explicit decision to do that, which means any form of caching or proxying that we wish to do on that is fair game.
Keep in mind also that it is highly unusual for sites to have "volatile" content with cache-control information suggesting it can be cached for any extended period. Even having this information cached for just a few minutes, or an hour, would be completely sufficient to mitigate the effects of a Slashdot posting, since it would mean the caching proxy would only have to make a single request once every few minutes, or every hour, for the entire Slashdot community.
The bottom line is that if there is a web site out there that is lying as part of its HTTP implementation, you cannot remotely fault the users, user agents or proxies for acting in good faith on that information. Again, by default, servers do not provide any information on how long a resource may be cached (if at all), though it does allow validation through the use of conditional GETs, which can significantly reduce the volume involved in the responses, even if it won't reduce the number of hits. If a server expresses more advanced cache-control headers, it's doing so as part of an explicit request. If whoever performed that configuration was not authorized to do so, the content authors need to take that up with the owner of the server (much as an author would need to take up distribution issues over a physical book up with their publisher).
Keep in mind that at no time does this "mirror" or caching proxy ever keep a copy of this data that is truly independent from the data on the origin server. It only keeps this data around as long as the origin server said it could (as expressed through the Expires header or Cache-Control parameters). The proxy is still required to validate against the origin server as needed (by default, unless the web server was explicitly configured otherwise, this means it has to validate each and every request using a conditional or complete GET request). If the origin server disappears or removes the content, as soon as their cache-control values expire, the content disappears from the proxy as well. Yes, this appears to the user as a mirror, but functions more like a proxy.
If you have a quota, it's your responsibility not to exceed it -- not Slashdot's or anyone else's.
I completely agree. Nothing I have ever said in this thread has once indicated that Slashdot is in any way obligated to configure a mirroring service. I have repeatedly stated, however, that Slashdot is effectively being one giant asshole towards those smaller sites it does link to without giving them a head's up when it knows the site probably won't handle it. In most parts of the world, it's perfectly legal to be an asshole, and in many places, one's right to be an asshole is even protected. But that doesn't make the person any less of an asshole.
Slashdot Mirror
We Slashdotted the guy's door. So much for security. :)
Vincent J. Murphy
Spandex Justice
He uses a CueCat!
he should tattoo the barcode on his hand... kinda like a "fingerprint"
The final solution was to have no keyboard at all, but rather a computer whose motherboard was embedded in a 3-ring binder, with sheets.
On the sheets, were some barcodes, arranged in roughly the same layout the mark-sense cards were.
(For the geeks, the machine was MC6809-based, and had 56K CMOS RAM. The LCD display was always powered, but the computer shut down after it finished decoding a barcode and processing the "keystroke".)
Does he have to scan a can of Spam to check his e-mail? Note: Don't blame me, only one post and it's already /.ed, how am I supposed to read it?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
What happens if the power goes out?
What's cool about this idea (to me) is that it actually has the great thing about many modern hotel keys (the ones with little holes, or mag strips), which is reprogrammability, but without the major hassles (specialized equipment to punch holes or re-stripe a card).
With a system like this, you can provide time-bounded access -- the petsitter can come by while you're gone part of this week, but her code might not be on the approved list for, say, 1 a.m. next Saturday night. Not that it would stop a real burglar, but all security systems are a series of intentional nuisances to bad guys. This way, there's no "spare" key floating around to be lost and worried about.
Plus you can send someone who needs to come by when you're not there (that petsitter, or the neighbor you've asked to check up on things) to open the door a "key" as a JPG file; they print it out, and it's their open sesame, at least at the times you've set them as welcome.
Since I like to think of houses as cell walls (hey, metaphors are meant to be reversed and amplified!), this lock system really resonates with me.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
It seems like a keypad would almost be a better solution. You don't have to carry something around, only remember the combination. I don't know how reliable this is; from what I've seen in stores, these don't read fairly often, and he's going through glass.
Of course, you'd have to make the password sufficiently strong.
I was just reading about barcodes the other day...
Check out This if you are interested.
This isn't flamebait or a troll but I think I'm starting to agree with other people: Whats the point of posting a story on a guys personal site if its almost certain to be slashotted?
A video store gave me a little keychain barcode which I'm using here.
So i just have to work at his video store (or have a friend who works there), make myself a copy of his barcode, and i get free reign of his house? Sweet.
"Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
Humble opinions aside, I can't see describing this as secure, at least compared to an "unpickable" modern lock (i.e., a lock that's tough enough to pick that you'll just go through a window instead).
To get into my house, you need to have my key, or a copy of my key. If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
To get into this guy's house -- and please note that the pictures wouldn't load, so I'm going by the captions -- you need to have his barcode, or a copy of his barcode. If I look at his barcode, I can remember the information I need to copy it, even if I don't have his key when I make the copy!
It's a neat hack, and *maybe* it's more convenient than putting a key in a lock (but it's also more complex -- I picture him standing at the door in the rain during a power failure), but it's not secure. Even a PIN pad would be more secure, becaues you can memorize the PIN -- you *have* to write down the barcode.
What's about power outages ? Let's say, are you going to be alone, signing in the rain along with lightnings?
I hope his security system isn't on the same box as his webserver or we may have just locked him out of his house... hope its not raining.
Maybe /. could start offering a prepackaged "Port 80 Flood Kit - Get the pride of being slashdotted without having to work for it." Say $1000 a pop. It's better than spending the money on advertising.
Geek 1: Hey, guys, I got slashdotted!
Geek 2: Woah! No way!
Geek 1: Yep. *smug*
Chick: He's so dreamy...
All you need to break into this guy's house is a few seconds with his "keys" and a photocopier. Though I guess if you were really worried about that you could put a small label printer by the door and get a new key every time you left...
The cache is useless because it's a page of images which are being loaded from the guys web server.
Prevent email address forgery. Publish SPF records for y
Hell I hope it never happens to me.. The traffic would cost me an arm and a leg (well maybe even 2 of them..).. Just about tempted to put the address here but worried it'll cost lots :D
I can see it now...
.NET version 1.0!
<press release>
Coming in 2004 from Microsoft, the leader in enterprise security, Microsoft Home Security
Not only can you now keep track of your MSN (tm) Instant Messenger Buddies on your computer, they can instantly know when you get home too! And don't forget about exciting new features like Internet Explorer In The Bathroom (version 8.0!) and a free Tablet PC with every purchase! Now you can feel secure about your home knowing that Microsoft's Award Winning Security Task Force is on your side! Sign up today and get 10% off the already 100% marked-up price!
And coming soon, look for Microsoft's answer to Parking Lot security, Security Guard Who Looks Like A Drunk Bum Lying Near The Booth version 2.0! Hackers will never figure that one out!
</press release>
I think this guy needs to invest in some sandpaper and some paint. Having a neat-o super keen way to get into your house is great, but if it your house looks like shit to begin with...
That's mainly why I try to avoid "pimping out" my car. What's the point of a nice paint job and a fart pipe if the brakes are failing and the engine's falling apart?
PAINT YOUR HOUSE
mstyne: real name, no gimmicks
Little wristband with my id on it, as I enter a room, get scanned, it sets the lighting, mood music I want...
----- LoboSoft specializes in Digital Language Lab
Access for everyone! (While not /.ed of course.)
You can't judge a book by the way it wears its hair.
Then, when the computer restarts when the power comes on (because he's using a linux box) he can say "I CANT OPEN THE FSCKING DOOR!!!!!!"
I'm the Devil the Windows users warned you about.
Are these the same editors that have time to post duplicate stories?
The sites that tend to be most quickly slashdotted are also the sites that are most likely not to be ad-supported. More, they're also the same sites that are most likely going to end up costing the owner an arm and a leg when their bandwidth allotment is completely smashed by a Slashdotting. In otherwords, they're not gaining any money by being linked to Slashdot, and are highly prone to actually losing money. Let's see what you'll do if you're faced with a $1000 bandwidth bill because your lego collection made it onto Slashdot.
What "rest"? Legal issues? The editors obviously should contact site owners (at the very least to warn them that Slashdot is about to launch a massive DDoS on their website). I'd much rather wait a day or two to see an interesting site than not be able to see it at all. If someone doesn't want Slashdot to cache their site, then they should at least be given the opportunity to not have the site posted to Slashdot.
For this kind of site? Not likely. I looked at the Google cache. The site has a lot of pictures of the guy's setup, and google doesn't cache images. Thus, the Google cache is nearly useless.
Read the FAQ.
Prevent email address forgery. Publish SPF records for y
All I really need is available at my local radioshack, as discussed here
As for the staff, Slashdot people could email web site admins and ask about their bandwidth/web server. But what if the site owner doesn't read email on the weekends? (that isn't uncommon) What is to be done in that case?
Uh, they wait until they get a response? It's not as if Slashdot is going to get scooped on one of these. Heaven forbid that the editors, with all their journalistic rabidity, actually had to wait to post a story that was probably submitted a week ago.
I agree with the FAQ. Slashdot shouldn't have to mirror the sites, but for all their emphasis on being a community-oriented site, they sure aren't kind to small site owners. CNN, BBCi, C|Net, etc should all be able to handle the traffic. Some rinky-dink virtual site will never be able to handle it, and if the editors can't realize that, maybe they need to turn over their "community-oriented site" to someone more knowledgeable about the community.
Come up with a legally sound solution and tell the editors about it (no, don't post it then whine about the -1 OT score that would be quickly dished out)
/. ing"
/.ID can "opt out" of their /. ing. When a file on their TLD gets listed for a good /. ing, the editor gets flagged with a "site will crash" message, which would then pop up the /.er's perferred /. response: either a link to a TLD, up to a twelve hour warning, or a smallish temporary mirror.
"Opt out
Anyone with a
This is getting rediculous--most small, independent websites like this can't take a slashdotting, and it's making it almost pointless to link it.
It seems to me Slashdot could offer to mirror the content for a price, so that the linkee gets ad money, while slashdot carries the bandwidth burden.
Is there no way to:
1) Contact the website owner
2) Alert him of the amount of bandwidth he's going to need
3) Offer to mirror his pages such that ad referals still go to him
4) Everybody profits?
Dave Bowman: Open the pod bay doors, HAL.
HAL: I'm sorry Dave, I'm afraid I can't do that.
Dude. It's easier to pick the lock than to memorize the key. Read the lockpicking faq or something. Takes about 30 seconds to pick a 5-pin lock.
PS: History and naming may show more meanings for X10 and X11, however, it's the common usage that I am refering to.
For those that lost the relevance to bar-coding.... My point was, how in the world can you expect something like bar-coding as a house key be important, significant, even remotely accepted as something that will ever happen in the future? The general population still is 1 step ahead of the 1800's "skeleton key" and not to tech savy. Even /. Readers are not so savy to make this happen in a moderate scale. How is this guys project even remotely significant?
We've all been paying attention to part two, making it hard to get into, but part one, which you noticed immediatetly, is that he's made his house look like there's nothing worth stealing in there in the first place.
Google Cached Site text with photos removed:
The front of the house. The windows on the left are to my room.
In my window sits a cheap barcode reader. It's powered by a computer power supply I ripped from an old computer.
Anyone who wants to get into the house can scan a barcode that they carry. A video store gave me a little keychain barcode which I'm using here. The scanner has a CCD; I don't have to slide the barcode. The scanner actually has a beeper that I can control from the computer. You can hear it beep from outside the window.
Here's the driver circuit I slapped together for the barcode reader. It's just a MAX232 chip that converts CMOS/TTL levels to the RS232 spec. The output connects to the serial port of one of my Linux boxes. That box runs a trivial python program to read a packet from the serial port and send it via TCP/IP to another computer in the house.
The receiving computer is connected to this K8000 experimenter board. I2C chips on this board . If your barcode was on the list of allowed keys, I raise output 7 on this board for 6 seconds. Input 6 (the right-hand illuminated LED) shows that the door was closed when I took this picture. See below for how I sense if the door is opened or not.
Some successful reads.
When the K8000 board raises the right output signal, this driver circuit sends 24VDC to the door strike, shown below.
In this electric strike is a solenoid that relaxes the part of the strike that was holding the door closed. The door still functions as it did before, but now I have an additional way to allow the door to open.
This is the top of the door frame, where I have wedged a reed switch into the wood. There's a magnet on top of the door that closes the switch when the door is closed (hence the turned-on LED in the picture above).
Closeup of the reed switch in the wood.
###
-Mac Refugee, Paper MCSE, Linux Wanna-be
Read the FAQ: They could easily implement some kind of opt-in thing where you put a META tag
in your web page telling Slashdot that you grant them explicit permission to mirror the site for (say) a week after mentioning it - so Slashdot would have no legal/copyright come-backs.
You're a genius! Oh...wait...no... You just haven't read the FAQ
People who put up websites should recognize that people are going to look at it. Sometimes, a lot of people might look at it, as a result of a link from Slashdot or any of hundreds of other sites. People who bitch and moan about being linked to from Slashdot remind me of the companies who whine when people link to "confidential" webpages -- guess what, if it's on the web, it's not confidential.
-Waldo Jaquith
This used to be an interesting page about the barcode scanner door entry system I built with Python and Linux. I posted this page because I'd like to share my project with others. I've answered emails giving people circuit diagrams, and I've had various online discussions about my design decisions.
Now MC68040 and michael@slashdot.org decide that it's time for me to go down. They didn't ask me if they could link; they didn't ask if I'd like to put up a mirror somewhere else. At least michael-the-slashdot-editor knew that I'd be down in minutes if he made a link.
I'd love to put this page back up, and maybe in several days I'll remember to do so. If you're interested in interfacing Linux with serial devices or electric door strikes, drop me an email at drewp@bigasterisk.com.
Bitter?
Mordor...a magical, mythical land where women are more rare than dragons--but where every man would rather find a dragon
He fails to mention that the scanner scans more than just barcodes. When it scans the correct barcode, it makes the door unlock. When it scans a boot or shoulder, it makes the door self-destructed
First of all he said 23 years ago, which would be 1980 or more likely 1979 (since today is only the 11th day of the year).
Second, he's friends with gandalf_grey (93942), who is also a fan of his; so this Pig Hogger dude has got to be fairly up in years.
;-P
This user account is inactive account replaced by the PDA
I'd still like to know 2 things. I'm not sure how to make this sound "polite" because it will probably end up sounding more like a challenge, but that is NOT my intention.
I'd love to read a bit more about this project Pig Hogger did back in early 80's (when I was happy enough being able to figure out how to overlay credits onto a home video tape with a Tandy)...
And I'd love to hear what Pig Hogger is doing now days.
The technology of X10 is very cool. It's a low speed protocol transmitted via standard home wireing, in duplicate to prevent errors, sent during the zero phase of the standard AC power curve. Quite cool, quite simple, quite elegent.
The ability to program you home lighting, broadcast home theater, lighting, temperature, security, and countless other bits of information over standard home wiring is defined by X10. It's there, unrestricted, and one could even argure it's BETTER than GPL, it's an EXPIRED patent, meaning there are NO rules on how to use it because it's an idea that can no longer be owned because it's past it's time limit for ownership.
What was your complaint again?
I don't buy the FAQ's explanation. I think they're deliberately oversimplifying or just saying "it'll be too complicated and annoying for everyone" because they're lazy.
At a very minimum, use a caching HTTP proxy to feed a "mirrors.slashdot.org" site. Links would be set up under their own, unique path on this site (e.g. mirrors.slashdot.org/some.site/path/document or even mirrors.slashdot.org/50449) and this would funnel into a caching HTTP proxy. So long as the other site set up reasonable cache headers, there is no reason why the sites would object to their pages being cached in this fashion. This is built into HTTP, for fuck's sake. Wherever they have advertising being done, they're probably doing that in an iframe with its own caching policy. HTTP would handle all of this perfectly fine. Set an artificially low max-age value (overriding the site's) if you're really worried about things getting stale, but even this is unnecessary.
This is all fairly trivial to do. Slashdot authors/programmers have just gotten lazy in the last few years. They don't innovate or improve, they just watch over the slashcode "open source" project and occasionally toss out a few minor releases.
From your quote of the FAQ:
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Why don't you use some fucking common sense, ask yourself, "Do I think this site will survive linking?" And if the answer is "probably not," then e-mail them or call them, give them a head's up, and only if you fail to get a response in a reasonable amount of time would I ever think it's OK to link to them anyway.
They do have the information posted online, so any link and any amount of traffic is fair, but at least have the goddamn courtesy to mitigate the amount of damage you're knowingly causing. That's all that's being asked for: courtesy. Slashdot authors are lazy, that's all there is to it.
I think you're looking at it from the wrong angle. A guy puts up some information on a site using meager resources. He hopes that information will be useful and interesting to those that happen upon it. The hardware turns out to be perfectly adequate for his needs. Then someone posts a link on a popular site and the traffic increases by a factor of 10,000. The site goes down.
Frustrated, he pulls the content down in an attempt at restoring at least some semblence of service to the site.
Wouldn't you share his emotions? Sure, he "asked" for it and "deserved" it by posting that data online, but it's still annoying and frustrating that you can't make that information available due to its inflated popularity by being reported on by a site.
Slashdot needs to be a little more cautious with this type of thing. At the very least, use standard HTTP caching mechanisms to set up a form of mirror for those sites that do express a willingness to be cached through HTTP.
he seems to have forgotten that one of the original ideas of the WWW was to have people link back and forth to each other
I think you're reading too much into things.
He's annoyed and frustrated that his server was brought down due to the traffic created by this article. Wouldn't you be?
Most servers cannot handle the traffic Slashdot generates. This is an unfortunate fact, but it needs to be a fact that Slashdot admits to and tries to mitigate. They don't. The FAQ gives a few excuses that don't hold any water and that's the end of the discussion as far as they're concerned.
Setting a password, or installing mod_throttle and setting it up right would be a start.
Most sites are small. By small I mean someone has decided they want to set up a quick-and-easy web site, throws it up on some personal web server software, and lets people at it.
Do they "deserve" the flood of traffic Slashdot might generate to it? Perhaps. Is it "their own fault" that their network connection and/or server is brought to its knees by the visits generated by Slashdot? Perhaps.
That doesn't mean they can't be annoyed, frustrated and a little bitter at Slashdot. Wouldn't you be?
For your challenge that someone come up with a "legally sound" solution to the problem, keep in mind the responses in the FAQ are an utter joke. Slashdot programmers are lazy.
All someone needs to do is set up a mirroring front-end that just hooks into an HTTP caching back-end. An image is a static resource. Most web servers will specify a 'max-age' for that resource, or at the very least they express a Last-Modified header that a proxy can use to compute an acceptable expiration date before trying to revalidate it. This simple HTTP caching behavior could very simply drive a mirroring site.
Sites that have certain areas or iframes or images or whatever that they want to be requested for every visit or every request can express (and should already be expressing) these requirements through proper use of Expires or Cache-Control headers.
Caching HTTP proxies have been around for years. All they'd need to do is put a different face on one and this problem is solved.
I agree with the fact that Slashdot shouldn't have to mirror sites. I think most of their excuses as to why they don't are fairly absurd, though. This problem can be solved in a site-friendly, banner-ad-friendly and legal-friendly way through the use of run-of-the-mill HTTP proxies.
But however that goes, Slashdot really does need to be a little friendlier towards site operators when it's fairly clear up front that their site probably won't handle the traffic.
For the record, I've had news sites (e.g. MSNBC) do a story that involved some piece of content on my site, and generally, they ask my permission first, checking that I'm OK with it and that my servers can handle it. If they can take a few moments to do this, surely Slashdot can as well.
Copying a barcode is a bit easier than copying a key, but he's got it on his keychain anyway (it's a little video store tag thing). So either way, they've got to get his keychain off of him somehow. Not really any more or less secure.
:p
Admittedly, if you knew something about the system, you could bring along a book of preprinted barcodes to get in, but then you could also bring a lockpick set too. And the lockpick is probably faster to do.
Then again, I prefer the hard and fast brute force method.. A swift kick to the door to break the frame. Works most every time.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Your point of view here is totally absurd (which I guess is why you're posting as an AC).
I completely agree that people posting information to the web should not be surprised if that generates more activity than they would have wanted. In that respect, yes, it is "their own fault" and they "deserve" what they get.
But your comment suggesting that every web server and network be configured to survive a Slashdotting is idiotic. A "properly configured 333Mhz crap machine" most certainly will not survive any but the most mild Slashdotting, even assuming the network does. The fact that you make this statement shows me that you have no idea what you are talking about. Please post some numbers.
Your lack of sympathy for those people just trying to get something interesting/useful posted to the web astounds me. Someone that can afford to put information online for the benefit of all but cannot afford to do so using high-end hardware and high-capacity network links should not be punished for doing so. Not everyone is a professional web provider. Not everyone needs to be one. For most sites, with most content, Slashdot-levels of traffic will never happen. Why spend money building an environment that will handle it? In addition, some environments can handle it, so long as they have sufficient notice. What's wrong with a policy of giving people a few days notice before posting their link on Slashdot when it's clear their site probably won't survive it? Maybe the site owners can take some steps to ensure their site would stay up, or maybe temporarily mirror the content in question somewhere else? There's a lot that can be done here to prepare for a Slashdotting, but nobody has the decency to allow that to happen.
I agree that 'michael' can't be directly blamed for this, but Slashdot's policies on the matter most certainly can. It's just a matter of common sense and not being an ass. You're right: there's nothing requiring Slashdot to do this, and anything with a URL is fair game to be linked (with the traffic that that causes), but come on, there is a human factor here, and Slashdot could be a bit more courteous here.
Now MC68040 and michael@slashdot.org decide that it's time for me to go down. They didn't ask me if they could link; they didn't ask if I'd like to put up a mirror somewhere else. Of the two of them, at least michael-the-slashdot-editor should have seen that I'd be down in minutes if he made a link.
I'd love to put this page back up, and maybe in several days I'll remember to do so. If you're interested in interfacing Linux with serial devices or electric door strikes, drop me an email at drewp@bigasterisk.com.
"I posted this page because I'd like to share my project with others."
"They didn't ask me if they could link; they didn't ask if I'd like to put up a mirror somewhere else."
Now, I've got a lot of respect for people who come up with new ideas and actually make them happen. I appreciate it when they tell the world how to do it. I think it kicks ass when Linux is their tool of choice. But what the hell is this guy thinking? "Stop looking at the information I want you to see!" It's pathetic when some stupid company wants to restrict linking, but it's inexplicable when a hacker does it.
I spent a year in Iraq looking for WMD and all I found was this lousy sig.
First of all, as you see on this guy's site now, he's taken it offline due to the load. I've sent him an email explaining that there woulden't be a slashdot effect if nothing was posted on slashdot but that I'm sorry anyway.
Second of all, as for security.
I was not considering this as a high-level mumbo-jumbo super-secure system but I'm just of the opinion that it was pretty neat (atleast more neat that just sliding your magnetic stripe card throught a reader) and a easy way to provide users with time-limited access not for it to be a failsafe system =) It's just cool.
My 0,5 cents.
I'll be forty in two months
Are you expecting me to stop posting to /. in two months? Am I allowed to do cool shit anymore?
What is this place? Logan's run?
Do you understand that caching websites without the author's permission is illegal? There is no standard HTTP mechanism for caching, and copying the page and giving it off as yours would surely spark many lawsuits.
I have no sympathy for someone who does not set up his webserver to prevent this type of DOS. At the very least, this is lazy. If you don't lock your front door, you shouldn't complain about burglars. If I had a site that got slashdotted, I would be glad for the extra publicity, not bitchy about the traffic.
If, on the other hand, Slashdot mirrored my site without asking permission, I would be somewhat pissed. I would not only have no chance to update it, but people would also not know the URL of that site, and I might not get my ad revenue.
The point is, whatever you're doing today seems like drudge work, but after a quarter-century, everyone forgets the boring bits and just recalles the sexy parts.
Nothing for 6-digit uids?
Do you understand that caching websites without the author's permission is illegal?
I apparently know a little more about HTTP than you seem to, my friend. If it were illegal to cache HTTP resources, then most HTTP proxies are illegal as well.
There is no standard HTTP mechanism for caching
Uhh, OK. RFC2616 section 13 seems to disagree with you.
copying the page and giving it off as yours would surely spark many lawsuits.
If a site is expressing a future date in an HTTP "Expires" header, or a max-age Cache-Control header, they're saying something very specific about how that data can be used by browsers and HTTP proxies alike. Read the document above to what it is.
At the very least, this is lazy
What?? Just because I choose to post some data online does not mean that I must automatically spend the money to create an environment and supply a network connection capable of withstanding a post on Slashdot. This reasoning is flawed. Most people with smaller web sites (e.g. academic) do not have the funds to do this. You seem to be under the flawed impression that any server with any form of network connection should be capable, with proper administration, of handling the traffic that a post on Slashdot generates.
This is like saying that people who are victims of distributed denial-of-service attacks get what they deserve for not having a fast enough network connection or a router that can do a better job of filtering packets. This is a totally unreasonable expectation. Sure, they "deserved" network traffic by placing their servers and networks on the Internet, but they're not lazy just because they choose not to spend the money for an enterprise-quality network when it's horribly out of scale for their requirements.
If you don't lock your front door, you shouldn't complain about burglars.
I can't even begin to touch this analogy.
I would be glad for the extra publicity, not bitchy about the traffic.
I'm sure that somewhere, deep down under his annoyance, he is.
Are you going to sit there and honestly say that if a web site you operated were brought to its knees and made totally unavailable due to a post on Slashdot, it would not have irritated you? "Aww shucks, I should have planned ahead better and gone with that Sun E5500 instead of this P133 after all! How stupid of me for not spending a half a million on infrastructure for my personal home page instead of this extra PC." Get real.
I do concede, though (as I have in previous posts), that he should not have been surprised this would have happened one day. And maybe he was aware that it could happen one day, and maybe he even planned ahead in the sense that there might have been some people willing and able to mirror his site's content at his request. If only he had some advance notice.
If, on the other hand, Slashdot mirrored my site without asking permission, I would be somewhat pissed.
If you are expressing the cacheability of resources on your web site incorrectly, then you are to blame here. Set up your cache control headers in your web server to more accurately describe how each resource could be cached. If you seem to think that every request should go back to the server and get re-retrieved, and that HTTP 304 responses are the devil, then by all means, just configure your web server so that it won't allow it. The point is, the site owner can make this decision (and should already be making it).
Please don't assume that everything you read on Slashdot is factual. Concede the possibility that the stuff in the FAQ is written by human beings who are fallible.
No, I'd rather see that nice hobbyist page stormed down, THEN wait 6 hours for the site to recover.. Oh, if it only were just 6 hours..
Is it possible to de-concentrate the traffic by any means? Show the story for 5 minutes, then show it again after a quarter or so.. Daily readers would get it eventually..
You /. guys are holding too much influence compared to your careless morality.
love slashdot. populate it. use it. abuse it. hate it. kill it. miss it. stop following links, they only kill servers.
Slashdot _does_ need to be more responsible when linking, HOWEVER...
/. could link to his page, he didn't mean in a legal sense, (which the parent poster seems to be thinking) he meant in a "hey, will your connection and server be ok if we do this?" sense.
/. to post a URL to the mirror even if you had one.
/.ed 4 years ago. (Mosfet's KDE page.)
The problem is that more geeks are hosting their personal sites on their broadband connections, and they simply don't have enough upstream bandwidth to handle a slashdotting. When Drew said that they didn't ask if
There was no reason to even think that they should ask. They didn't make a conscious "decision" to DDoS Drew, they simply saw a site worth linking to. Drew took it as a personal attack and he needs to realize that they had no idea that bigasterisk.com was hosted on a home DSL connection.
It's also more likely that his connection was unusable before his server ever "puked" (if it did.) He could have killed Apache and _still_ had no use of his DSL. How would you feel? Granted, it's no excuse for his irrational assumption of malicious intent, but you'd be unable to even do anything about it. You couldn't put up a mirror because your connection is hosed. You couldn't reach
And I'm speaking from experience, as the admin of a web server at an ISP that was
--
My comments and opinions completely reflect those of anyone and anything I am remotely associated with.
Read properly. I said 23 years ago, so that's 1980. I was only 18 at the time, but I had experience in computer graphics programming plotters (I volunteered for a computer graphics art group - this was waaaaay before Postscript) so it was only natural that I'd be the one they turn to to generate the barcode sheets.
They were done on a HP-9847 graphics terminal (a company oddball that was lying in a corner 'cause no one had any use for it. I learned years later that it was a demo unit THAT HP FORGOT THERE!!!!) onto which you could load a (surprisingly good - compared to the usual Microsoft crap - yes, Microsoft used to do crap then) BASIC interpreter, all this driving a IEEE-488 plotter. But eventually, I found the setup so disgusting (can't stand BASIC) that I wrote a device driver for the mainframe and I reprogrammed the barcode sheet programs. All in PL-1. Needless to say, that pretty well annoyed the dinosaur tenders of the time that I'd be using THEIR big iron to make graphics... Not to mention asking them all sorts of technical information in order to hack this...
In that project, I eventually also programmed the database on the mainframe that received the data, as well as the mainframe-side communication program, after my bosses saw that I managed to write a plotter driver for the dinosaur...
Anyway, the project was eventually canned because there was to much high-management interference (this was for a Fortune-500 ** CANDY ** company!!!) which brought the progress to a crawl. Only 10 prototypes of the computer were built, and I believe some still exist to this day.
* * *
Nowadays, I manage the computer department for a design company which designs museums (we're currently doing a museum for the Smithsonian, amongst other things), and I have a tax-credit consulting sideline.
For fun, I troll on Slashdot and NANAE, and have plenty of sex.
Now, for those who imply that there is no life beyond 30 years, I say you're fucking bunch of peepsqueaks whippersnappers; first of all, my sex drive went waaaay up when I hit 32 (went from 5 screws/week to 3/day), and I don't have any problems to pick-up; heck, a few months ago, a 19 year old jumped on me, and whas subsequently duly fully fucked by myself (and this happenned in a city park).
bigasterisk.com has address 64.139.32.113
% host 64.139.32.113
113.32.139.64.in-addr.arpa domain name pointer ip-64-139-32-113.dsl.sjc.megapath.net.
The reason Drew perceived this as careless and malicious is that he's not as clueless about how easy it is to determine that a site is hosted on a cable modem. Even a /. editor can correctly spell the 'host' command.
This is Drew Perttula, creator of the barcode door entry system. Many of you have emailed me asking for where I moved the site. In my bulk answer (which about 200 people have received by now), I included the following text:
I give everyone on this Bcc list permission
to mirror the page with these conditions: you have to put my name
and email on it as the author, and you have to indicate on the page
that you're mirroring is http://bigasterisk.com/automation/door (not
[the address of the moved page], obviously).
What do I get? digital_gods (to whom I did not give any special additional permissions) mirrors my page, alters it with a comment that readers will not see that includes the secret address of the moved page! He didn't add my name to the page either. This doesn't make me mad; I'm just stunned at the way someone copied my work without attribution and without following my easy instructions about the URLs.
digital_gods, I hope you'll edit your mirror the way I asked. Everyone else, go look at digital_gods' page I guess, since all you want is to see my photos. I want to go to bed, so I'm not going to mess around with links and servers any more tonight. I hope I am still able to receive all your emails, as I've been receiving lots of interesting stories over the weekend.
First, the RFC specifies proxying mechanisms. Proxying != mirroring. Yes, a proxy can cache. It's a grey area of the copyright law -- automatically-generated headers do not necessarily constitute the permission of the content owner, especially since the content owner can't always control the headers generated by his server (i.e. in a shared environment).
However, what people are proposing is to set up a mirror. A mirror is NOT an RFC proxy. It does not require intervention from the client (setting the web browser) and is not covered by any RFC I know of. It would be a completely non-standard solution.
A proxy would be completely inappropriate in this situation. Proxies are set up by ISPs and network operators, not people who merely provide links (like slashdot). If you want to use a proxy cache, use the one provided by your ISP. A slashdot-operated proxy would also require everyone to set up his/her web browser to use the proxy, and the proxy would have to relay the content for every web site accessed by the web browser, whether or not it is linked to by Slashdot. Otherwise, it would not be an RFC-compliant solution, and my comment about lack of standard caching/mirroring mechanisms would still stand.
About the website "brought to its knees" -- this is the problem and the responsibility of the site operator. If it's a P133, you cannot reasonably expect it to have 100% availability under any reasonable load. If you want that, get a Sun E5500 or an IBM mainframe or something. However, there is no reason to need a personal website to be 100% available, so a P133 may suffice. If you want to ensure that the amount of traffic to the website is limited, configure the web server to limit it. Hell, protect it with a password or restrict it to a certain subnet.
The main complain that people have are unexpected bandwidth bills. This is 100% their fault. A webserver can easily be configured to reject requests after the bandwidth limit has been exhausted. This can be configured per-hour, so as to not make a site unavailable for an entire month. One can easily configure a traffic shaper or throttling. The point is: if you have a limited amount of network resources available, it is your responsibility to avoid their exhaustion. This does not involve fancy network hardware -- any decent OS and web server has these features built-in or easily installable.
My point is: it is your responsibility to make sure that your web server does not misbehave. If you have a quota, it's your responsibility not to exceed it -- not Slashdot's or anyone else's.
The RFC (actually the HTTP/1.1 specification) discusses "HTTP caching". It's quite explicit. Caching at the user-agent and proxy level are discussed, but not to the exclusion of all other uses.
However, what people are proposing is to set up a mirror.
You're picking nits. An HTTP proxy can take a variety of forms. Here is the definition quoted in the HTTP/1.1 specification (emphasis mine):It does not say how this proxy should be built or implemented, it just describes some device that acts as a server from the user's perspective and a client from the origin server's perspective.
What I'm describing is just another form--albeit an unusual one--of a standard caching HTTP proxy. You're arguing technical definitions here that aren't really relevant.
Have you never visited a page using Google's cache?
It's a grey area of the copyright law -- automatically-generated headers do not necessarily constitute the permission of the content owner, especially since the content owner can't always control the headers generated by his server (i.e. in a shared environment).
Huh? It's absolutely not a gray area. In the case of the Google cache, it might be, because Google is indeed preserving the contents of the pages it spiders well beyond the norm for any HTTP cache.
But in the case of a "content owner" and the cache control functions of HTTP, there is no "gray area" whatsoever:
By default, most HTTP servers only send a Last-Modified header along with the content. If this were the extent of the "HTTP caching universe", it alone would be more than sufficient, since a caching proxy would just have to go back to the server and make a conditional GET request, where the origin server would respond with a "304" if nothing changed. This alone would significantly reduce the amount of load/traffic on a site without the possibility of the proxy delivering stale information to the user. Content owners don't need to know or care about any of this, and they certainly couldn't put up a legal case saying that their web servers were delivering a "304 Not Modified" response and that response facilitated copyright infringement. That is completely absurd.
So right up front, with extreme HTTP basics, we have enough to build our HTTP caching proxy (which appears to the user as a mirror, even though it isn't really one, since we never cache/duplicate content that is dynamic, changing for each request, or where the origin server has specified HTTP headers disallowing caching).
If we wanted to go a step further, this requires additional help from the origin server. In other words, to make proper use of the more advanced HTTP caching techniques discussed in the standard, the origin server has to explicitly be modified to give us additional cache-control headers, or the content needs to provide additional cache-control headers (perhaps in the <meta> tags, or configured through a
So at this point, if a page is delivering an Expires or Cache-Control header that is explicitly offering information that allows us to cache the resulting document for a certain period of time (seconds? hours? weeks?), someone had to make the very conscious and explicit decision to do that, which means any form of caching or proxying that we wish to do on that is fair game.
Keep in mind also that it is highly unusual for sites to have "volatile" content with cache-control information suggesting it can be cached for any extended period. Even having this information cached for just a few minutes, or an hour, would be completely sufficient to mitigate the effects of a Slashdot posting, since it would mean the caching proxy would only have to make a single request once every few minutes, or every hour, for the entire Slashdot community.
The bottom line is that if there is a web site out there that is lying as part of its HTTP implementation, you cannot remotely fault the users, user agents or proxies for acting in good faith on that information. Again, by default, servers do not provide any information on how long a resource may be cached (if at all), though it does allow validation through the use of conditional GETs, which can significantly reduce the volume involved in the responses, even if it won't reduce the number of hits. If a server expresses more advanced cache-control headers, it's doing so as part of an explicit request. If whoever performed that configuration was not authorized to do so, the content authors need to take that up with the owner of the server (much as an author would need to take up distribution issues over a physical book up with their publisher).
Keep in mind that at no time does this "mirror" or caching proxy ever keep a copy of this data that is truly independent from the data on the origin server. It only keeps this data around as long as the origin server said it could (as expressed through the Expires header or Cache-Control parameters). The proxy is still required to validate against the origin server as needed (by default, unless the web server was explicitly configured otherwise, this means it has to validate each and every request using a conditional or complete GET request). If the origin server disappears or removes the content, as soon as their cache-control values expire, the content disappears from the proxy as well. Yes, this appears to the user as a mirror, but functions more like a proxy.
If you have a quota, it's your responsibility not to exceed it -- not Slashdot's or anyone else's.
I completely agree. Nothing I have ever said in this thread has once indicated that Slashdot is in any way obligated to configure a mirroring service. I have repeatedly stated, however, that Slashdot is effectively being one giant asshole towards those smaller sites it does link to without giving them a head's up when it knows the site probably won't handle it. In most parts of the world, it's perfectly legal to be an asshole, and in many places, one's right to be an asshole is even protected. But that doesn't make the person any less of an asshole.