Posted by
ryuzaki0
on from the do-it-yourself-toll-gate dept.
MC68040 writes "The guy at this site managed to build something together that's actually quite neat in the way he built it, all hand-crafted system that uses a linux box to unlock his door. Maybe not the coolest of solutions, but actually a pretty good idea as for security in my humble opinion."
Re:Great
by
Anonymous Coward
·
· Score: 4, Interesting
Does he have a back-up way of getting into the house, if the power goes out (and he doesn't have a UPS)? Or, would he resort to climbing into a back-window, which should have red-flagged his security plans earlier?
Now that we're in, I say we Slashdot his liquor cabinet. =)
-- ...oOOo..'(_)'..oOOo...
tattoo
by
Anonymous Coward
·
· Score: 3, Interesting
he should tattoo the barcode on his hand... kinda like a "fingerprint"
Re:tattoo
by
rainman31415
·
· Score: 3, Interesting
he should tattoo the barcode on his hand... kinda like a "fingerprint"
yeah, but why does that remind me of soemthing in the Bible? seems kinda apocalyptic if you ask me, and if he personally brought the beginning of the end of the world, i'd kick his ass.....
will eat script kiddies for fun....
rainman
23 years ago...
by
Pig+Hogger
·
· Score: 5, Interesting
23 years ago, I was involved in a project to make a portable computer for data-entry, to replace optically-readed mark-sense sheets.
The final solution was to have no keyboard at all, but rather a computer whose motherboard was embedded in a 3-ring binder, with sheets.
On the sheets, were some barcodes, arranged in roughly the same layout the mark-sense cards were.
(For the geeks, the machine was MC6809-based, and had 56K CMOS RAM. The LCD display was always powered, but the computer shut down after it finished decoding a barcode and processing the "keystroke".)
Does he have to scan a can of Spam to check his e-mail?
Note: Don't blame me, only one post and it's already/.ed, how am I supposed to read it?
-- Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Re:And to scan the barcodes
by
Harald+Paulsen
·
· Score: 4, Funny
CutCats are cool, I got a friend in the USA to send me one. Thought about hooking it up to a computer near my refridgerator to keep track of groceries and expiration dates.
Hmm, imagine using it for access entry. "Sorry, you have to carry a bottle of jolt to gain access here", or "what, a pepsi!? No access for you!"
-- Harald
Hum
by
Anonymous Coward
·
· Score: 4, Insightful
What happens if the power goes out?
your house as a semi-permeable membrane
by
timothy
·
· Score: 5, Insightful
What's cool about this idea (to me) is that it actually has the great thing about many modern hotel keys (the ones with little holes, or mag strips), which is reprogrammability, but without the major hassles (specialized equipment to punch holes or re-stripe a card).
With a system like this, you can provide time-bounded access -- the petsitter can come by while you're gone part of this week, but her code might not be on the approved list for, say, 1 a.m. next Saturday night. Not that it would stop a real burglar, but all security systems are a series of intentional nuisances to bad guys. This way, there's no "spare" key floating around to be lost and worried about.
Plus you can send someone who needs to come by when you're not there (that petsitter, or the neighbor you've asked to check up on things) to open the door a "key" as a JPG file; they print it out, and it's their open sesame, at least at the times you've set them as welcome.
Since I like to think of houses as cell walls (hey, metaphors are meant to be reversed and amplified!), this lock system really resonates with me.
Re:your house as a semi-permeable membrane
by
MORTAR_COMBAT!
·
· Score: 5, Interesting
Indeed a cool idea. I would add that the holder of a 'key' should definitely keep it in a sleeve, though, lest high-res photography would allow for a duplicate key to be easily created.
The 'sending a JPG' to the baby-sitter starts out as a very neat idea, but what happens when baby-sitter has a popular e-mail virus which sends her e-mail to 100 people in her address book? Instant house party? Naturally they would only have the same access time slice as the baby-sitter, but they could just wait until after he/she is alone in the house and walk on in.
but without the major hassles (specialized equipment to punch holes or re-stripe a card)
It also means any Joe with a printer can make themselves a valid access card. I thought for quite a while about putting a similar setup at my house, but I decided instead to go with an extremely similar method, except instead of bar-codes I use hand prints. A lot of the advantages (time slices for the maid and sitters) without being able to be so easily produced (until advanced cloning techniques allow people to commonly grow copies of my hand).
And w.r.t. the people who keep asking about 'power outages' for (1) ever heard of generators of batteries and (2) naturally a physical key still works in the lock, duh!
I was just reading about barcodes the other day... Check out This if you are interested.
Honestly, really
by
Anonymous Coward
·
· Score: 4, Insightful
This isn't flamebait or a troll but I think I'm starting to agree with other people: Whats the point of posting a story on a guys personal site if its almost certain to be slashotted?
Re:Honestly, really
by
sbaker
·
· Score: 5, Interesting
I agree.
Slashdot really, truly, utterly needs to have a local cache of the pages it references. It's getting to where Slashdotting is as bad as a denial of service attack - and that's a terrible thing to inflict on *anyone*.
Probably 50% of web sites referenced from main news items are down within an hour of Slashdot mentioning them - and they stay down until a couple of days have passed. That sucks.
They could easily implement some kind of opt-in thing where you put a META tag in your web page telling Slashdot that you grant them explicit permission to mirror the site for (say) a week after mentioning it - so Slashdot would have no legal/copyright come-backs. At the end of the week the Slashdot mirror could revert to become a redirect to the real site so you don't have problems with people bookmarking the Slashdot cache instead of the real site.
The whole process could be automated.
People who do cool things like this door lock would surely be aware that they could get Slashdotted and prepare for the event in advance by inserting the tag - and private individuals are the people who are most likely to have their server die.
Companies that want to profit from their slashdotting by advertising from their page or taking orders off of it could just leave off the META tag and handle the traffic as now.
An opt-in cache mechanism is a win-win-win solution. Slashdot wins because more people will use the service if it doesn't continually refer to dead sites. Readers will win because less sites will be dead-on-arrival - and web site operators will win (if they want to) by not having their site die from Slashdotting.
Humble opinions aside, I can't see describing this as secure, at least compared to an "unpickable" modern lock (i.e., a lock that's tough enough to pick that you'll just go through a window instead).
To get into my house, you need to have my key, or a copy of my key. If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
To get into this guy's house -- and please note that the pictures wouldn't load, so I'm going by the captions -- you need to have his barcode, or a copy of his barcode. If I look at his barcode, I can remember the information I need to copy it, even if I don't have his key when I make the copy!
It's a neat hack, and *maybe* it's more convenient than putting a key in a lock (but it's also more complex -- I picture him standing at the door in the rain during a power failure), but it's not secure. Even a PIN pad would be more secure, becaues you can memorize the PIN -- you *have* to write down the barcode.
Re:Not very secure
by
jjshoe
·
· Score: 4, Insightful
you can remember 12 digits? there was a time when i could remeber the 1st 6 of hp's barcode because i was often looking hp stuff up in our system.. 08689 who knows now.. that was a while ago.. but the point is most people cant look at 12 digits and just remember it...
i use my drivers liscence to switch to root on my box.. its not nesecery, in fact its probly over kill and pointless. however. most importantly it makes me think for a second if im about to do something as root.
plus, its something neet to brag about, which is part of the geek world. because you dont like it doesnt mean that himself and his friends dont like it
-- -- botsex is {grep;touch;strip;unzip;head;mount}/dev/girl -t {wet;fsck;fsck;yes;yes;yes;umount} {/de
Re:Not very secure
by
pongo000
·
· Score: 3, Interesting
If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
Don't go betting all your wordly possessions on this. An experienced locksmith (or someone who knows what they are looking for) can come up with a reasonable facsimile of your key based on the key cuts and the type of lock (probably imprinted on your key as well) if given a chance to look at your key. Keys can be traced and/or photocopied as well. A good reason why you should never leave your house key on the key ring when you hand over your car keys to someone you don't know or trust (valet, mechanic, etc.)
web / security server?
by
olrs
·
· Score: 4, Funny
I hope his security system isn't on the same box as his webserver or we may have just locked him out of his house... hope its not raining.
Re:Slashdot record?
by
DarthWiggle
·
· Score: 5, Funny
Maybe/. could start offering a prepackaged "Port 80 Flood Kit - Get the pride of being slashdotted without having to work for it." Say $1000 a pop. It's better than spending the money on advertising.
Geek 1: Hey, guys, I got slashdotted! Geek 2: Woah! No way! Geek 1: Yep. *smug* Chick: He's so dreamy...
Forget key impressions in soap...
by
Ben+Jackson
·
· Score: 3, Insightful
All you need to break into this guy's house is a few seconds with his "keys" and a photocopier. Though I guess if you were really worried about that you could put a small label printer by the door and get a new key every time you left...
Haven't you seen Star Wars? All you have to do to get past that is either shoot the keypad with a lazer gun, or tear it off the wall and short out the wires in the back.
From the few pictures I saw...
by
mstyne
·
· Score: 4, Funny
I think this guy needs to invest in some sandpaper and some paint. Having a neat-o super keen way to get into your house is great, but if it your house looks like shit to begin with...
That's mainly why I try to avoid "pimping out" my car. What's the point of a nice paint job and a fart pipe if the brakes are failing and the engine's falling apart?
Good idea. Or maybe use some sort of mechanical device that won't open normally, but will when you insert some sort of identification device - you could make it out of metal for strength and encode the identity in notches down the side. Sure, you have to carry something, but it's small and portable, and could easily fit into a pocket.
Hey, I might see if I can patent that one...
-- ++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
Re:$10 and I'm in
by
MORTAR_COMBAT!
·
· Score: 3, Insightful
Well, the difficulty bar is raised a bit from the 'bar code'. It seems reasonably more difficult to both (1) secure an object with a clear figerprint of mine and (2) use said fingerprint to etch a 3D image onto some PCB board than to (1) use a photocopier or camera/printer to copy a bar code.
That insecurity is indeed real. Although those systems which were compromised were single-finger systems, and my system uses 3 as well as hand shape. Being able to get 3 clear fingerprints and mimic hand shape is more difficult than simply picking the lock, anyway, so your efforts would be better served in investing a a few dollars worth of decent lock-picking tools instead of a set of hobbyist PCB boards and etchers.
-- MORTAR COMBAT!
Re:And to scan the barcodes
by
Frater+219
·
· Score: 5, Funny
Hmm, imagine using it for access entry. "Sorry, you have to carry a bottle of jolt to gain access here", or "what, a pepsi!? No access for you!"
] inventory
You are currently holding the following: a set of keys, a brass lantern, a case of Jolt Cola[tm], and no tea.
] look
You are in the Cubicle of the Mountain King, with passages in all directions.
A huge green fierce programmer bars your way!
] n
You can't get by the programmer!
You're in Cubicle of Mt. King.
A huge green fierce programmer bars your way!
] drop jolt
The programmer attacks the Jolt Cola[tm], and in an astounding fury rushes off to enter the International Obfuscated C Code Contest.
] n
You are in a low north/south hallway at a hole in the floor....
This is getting rediculous--most small, independent websites like this can't take a slashdotting, and it's making it almost pointless to link it.
It seems to me Slashdot could offer to mirror the content for a price, so that the linkee gets ad money, while slashdot carries the bandwidth burden.
Is there no way to:
1) Contact the website owner 2) Alert him of the amount of bandwidth he's going to need 3) Offer to mirror his pages such that ad referals still go to him 4) Everybody profits?
Obligatory quote...
by
nautical9
·
· Score: 4, Funny
Dave Bowman: Open the pod bay doors, HAL. HAL: I'm sorry Dave, I'm afraid I can't do that.
Slashdot really, truly, utterly needs to have a local cache of the pages it references. It's getting to where Slashdotting is as bad as a denial of service attack - and that's a terrible thing to inflict on *anyone*.
Slashdot should cache pages to prevent the Slashdot Effect!
Sure, it's a great idea, but it has a lot of implications. For example, commercial sites rely on their banner ads to generate revenue. If I cache one of their pages, this will mess with their statistics, and mess with their banner ads. In other words, this will piss them off.
Of course, most of the time, the commercial sites that actually have income from banner ads easily withstand the Slashdot Effect. So perhaps we could draw the line at sites that don't have ads. They are, after all, much more likely to buckle under the pressure of all those unexpected hits. But what happens if I cache the site, and they update themselves? Once again, I'm transmitting data that I shouldn't be, only this time my cache is out of date!
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
So the quick answer is: "Sure, caching would be neat." It would make things a lot easier when servers go down, but it's a complicated issue that would need to be thought through in great detail before being implemented.
They could easily implement some kind of opt-in thing where you put a META tag in your web page telling Slashdot that you grant them explicit permission to mirror the site for (say) a week after mentioning it - so Slashdot would have no legal/copyright come-backs.
You're a genius! Oh...wait...no... You just haven't read the FAQ:
Is it possible to have META tags that Slashdot looks for in a story link before allowing it to be submitted/posted? Many times a server can't handle the load of a Slashdotting. So can the site have tags to prevent it from being added to a Slashdot story?
Not inconceivable, but I don't really think it's worth the work. Most of the sites that are Slashdotted are prepared for it, and the sites that get smashed usually are caught completely off guard; they wouldn't know of this mysterious opt-out meta tag. (See also Caching Slashdot Stories).
It's not rocket science to configure Apache to handle a Slashdotting. I've been hit three times in the past five years. Every time, my little 333MHz eMachine has done just fine. I just followed the instructions in the Apache guide. This guy took another fine route -- he took his pages off-line for the time being. Either route works.
People who put up websites should recognize that people are going to look at it. Sometimes, a lot of people might look at it, as a result of a link from Slashdot or any of hundreds of other sites. People who bitch and moan about being linked to from Slashdot remind me of the companies who whine when people link to "confidential" webpages -- guess what, if it's on the web, it's not confidential.
-Waldo Jaquith
Re:And to scan the barcodes
by
DarkZero
·
· Score: 3, Funny
Also, barcodes for entry arn't very secure. If anyone gets ahold of your card for 10 seconds, they can make a photocopy and have your security level.
Personally, I see this as an upgraded form of "security through obscurity": security through weirdness. People know where the average person puts their keys and where the average person puts plastic cards (which most magnetic strips are put on)... but a barcode? W(here)TF does someone keep their BARCODE? A potential invader or an unscrupulous friend will be stunned by it. You can't look for a Hide-A-Key. He's not keeping it on a key rack. He probably can't just throw it down on his desk when he gets home. Hell, for all they know, his spare could be tattooed to his left ass cheek.
It's not obscurity, which is what the Hide-A-Key is. It's just weird, and on an individual basis, that could work for security.
I don't buy it; use a caching proxy if nothing els
by
Fastolfe
·
· Score: 5, Insightful
I don't buy the FAQ's explanation. I think they're deliberately oversimplifying or just saying "it'll be too complicated and annoying for everyone" because they're lazy.
At a very minimum, use a caching HTTP proxy to feed a "mirrors.slashdot.org" site. Links would be set up under their own, unique path on this site (e.g. mirrors.slashdot.org/some.site/path/document or even mirrors.slashdot.org/50449) and this would funnel into a caching HTTP proxy. So long as the other site set up reasonable cache headers, there is no reason why the sites would object to their pages being cached in this fashion. This is built into HTTP, for fuck's sake. Wherever they have advertising being done, they're probably doing that in an iframe with its own caching policy. HTTP would handle all of this perfectly fine. Set an artificially low max-age value (overriding the site's) if you're really worried about things getting stale, but even this is unnecessary.
This is all fairly trivial to do. Slashdot authors/programmers have just gotten lazy in the last few years. They don't innovate or improve, they just watch over the slashcode "open source" project and occasionally toss out a few minor releases.
From your quote of the FAQ:
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Why don't you use some fucking common sense, ask yourself, "Do I think this site will survive linking?" And if the answer is "probably not," then e-mail them or call them, give them a head's up, and only if you fail to get a response in a reasonable amount of time would I ever think it's OK to link to them anyway.
They do have the information posted online, so any link and any amount of traffic is fair, but at least have the goddamn courtesy to mitigate the amount of damage you're knowingly causing. That's all that's being asked for: courtesy. Slashdot authors are lazy, that's all there is to it.
Re:Interesting
by
Fastolfe
·
· Score: 4, Insightful
I think you're looking at it from the wrong angle. A guy puts up some information on a site using meager resources. He hopes that information will be useful and interesting to those that happen upon it. The hardware turns out to be perfectly adequate for his needs. Then someone posts a link on a popular site and the traffic increases by a factor of 10,000. The site goes down.
Frustrated, he pulls the content down in an attempt at restoring at least some semblence of service to the site.
Wouldn't you share his emotions? Sure, he "asked" for it and "deserved" it by posting that data online, but it's still annoying and frustrating that you can't make that information available due to its inflated popularity by being reported on by a site.
Slashdot needs to be a little more cautious with this type of thing. At the very least, use standard HTTP caching mechanisms to set up a form of mirror for those sites that do express a willingness to be cached through HTTP.
Re:Let's be frickin' realistic...
by
Fastolfe
·
· Score: 5, Insightful
Your point of view here is totally absurd (which I guess is why you're posting as an AC).
I completely agree that people posting information to the web should not be surprised if that generates more activity than they would have wanted. In that respect, yes, it is "their own fault" and they "deserve" what they get.
But your comment suggesting that every web server and network be configured to survive a Slashdotting is idiotic. A "properly configured 333Mhz crap machine" most certainly will not survive any but the most mild Slashdotting, even assuming the network does. The fact that you make this statement shows me that you have no idea what you are talking about. Please post some numbers.
Your lack of sympathy for those people just trying to get something interesting/useful posted to the web astounds me. Someone that can afford to put information online for the benefit of all but cannot afford to do so using high-end hardware and high-capacity network links should not be punished for doing so. Not everyone is a professional web provider. Not everyone needs to be one. For most sites, with most content, Slashdot-levels of traffic will never happen. Why spend money building an environment that will handle it? In addition, some environments can handle it, so long as they have sufficient notice. What's wrong with a policy of giving people a few days notice before posting their link on Slashdot when it's clear their site probably won't survive it? Maybe the site owners can take some steps to ensure their site would stay up, or maybe temporarily mirror the content in question somewhere else? There's a lot that can be done here to prepare for a Slashdotting, but nobody has the decency to allow that to happen.
I agree that 'michael' can't be directly blamed for this, but Slashdot's policies on the matter most certainly can. It's just a matter of common sense and not being an ass. You're right: there's nothing requiring Slashdot to do this, and anything with a URL is fair game to be linked (with the traffic that that causes), but come on, there is a human factor here, and Slashdot could be a bit more courteous here.
Re:What A Beautiful Mind
by
vrmlguy
·
· Score: 3, Insightful
I'm 47 years old. A little less than thirty years ago, I built one of Don Lancaster's TV Typewriters, an ancestor of the computer monitor you're sitting in front of right now. Around twenty years ago, I helped write "big iron" code that simulated underground explosions as an earthmoving tool (it tried to predict where the displaced soil and rocks would land), and I got to be on site for some of the tests) Ten years ago, I wrote a document management system that accepted faxed cell-phone contracts from kiosks, so that when someone tried to get out of a contract, we could fax them back their signature. Today, I'm active in Linux, Apache, MySQL, Perl, PHP, C, C++, PalmOS, Windows XP, Unix and SANs.
The point is, whatever you're doing today seems like drudge work, but after a quarter-century, everyone forgets the boring bits and just recalles the sexy parts.
Re:What A Beautiful Mind
by
Pig+Hogger
·
· Score: 3, Interesting
(Note: some details have been altered to protect the innocent and cover-up the guilty)
Read properly. I said 23 years ago, so that's 1980. I was only 18 at the time, but I had experience in computer graphics programming plotters (I volunteered for a computer graphics art group - this was waaaaay before Postscript) so it was only natural that I'd be the one they turn to to generate the barcode sheets.
They were done on a HP-9847 graphics terminal (a company oddball that was lying in a corner 'cause no one had any use for it. I learned years later that it was a demo unit THAT HP FORGOT THERE!!!!) onto which you could load a (surprisingly good - compared to the usual Microsoft crap - yes, Microsoft used to do crap then) BASIC interpreter, all this driving a IEEE-488 plotter. But eventually, I found the setup so disgusting (can't stand BASIC) that I wrote a device driver for the mainframe and I reprogrammed the barcode sheet programs. All in PL-1. Needless to say, that pretty well annoyed the dinosaur tenders of the time that I'd be using THEIR big iron to make graphics... Not to mention asking them all sorts of technical information in order to hack this...
In that project, I eventually also programmed the database on the mainframe that received the data, as well as the mainframe-side communication program, after my bosses saw that I managed to write a plotter driver for the dinosaur...
Anyway, the project was eventually canned because there was to much high-management interference (this was for a Fortune-500 ** CANDY ** company!!!) which brought the progress to a crawl. Only 10 prototypes of the computer were built, and I believe some still exist to this day.
* * *
Nowadays, I manage the computer department for a design company which designs museums (we're currently doing a museum for the Smithsonian, amongst other things), and I have a tax-credit consulting sideline.
For fun, I troll on Slashdot and NANAE, and have plenty of sex.
Now, for those who imply that there is no life beyond 30 years, I say you're fucking bunch of peepsqueaks whippersnappers; first of all, my sex drive went waaaay up when I hit 32 (went from 5 screws/week to 3/day), and I don't have any problems to pick-up; heck, a few months ago, a 19 year old jumped on me, and whas subsequently duly fully fucked by myself (and this happenned in a city park).
Slashdot Mirror
We Slashdotted the guy's door. So much for security. :)
Vincent J. Murphy
Spandex Justice
he should tattoo the barcode on his hand... kinda like a "fingerprint"
The final solution was to have no keyboard at all, but rather a computer whose motherboard was embedded in a 3-ring binder, with sheets.
On the sheets, were some barcodes, arranged in roughly the same layout the mark-sense cards were.
(For the geeks, the machine was MC6809-based, and had 56K CMOS RAM. The LCD display was always powered, but the computer shut down after it finished decoding a barcode and processing the "keystroke".)
Does he have to scan a can of Spam to check his e-mail? Note: Don't blame me, only one post and it's already /.ed, how am I supposed to read it?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
CutCats are cool, I got a friend in the USA to send me one. Thought about hooking it up to a computer near my refridgerator to keep track of groceries and expiration dates.
Hmm, imagine using it for access entry. "Sorry, you have to carry a bottle of jolt to gain access here", or "what, a pepsi!? No access for you!"
Harald
What happens if the power goes out?
What's cool about this idea (to me) is that it actually has the great thing about many modern hotel keys (the ones with little holes, or mag strips), which is reprogrammability, but without the major hassles (specialized equipment to punch holes or re-stripe a card).
With a system like this, you can provide time-bounded access -- the petsitter can come by while you're gone part of this week, but her code might not be on the approved list for, say, 1 a.m. next Saturday night. Not that it would stop a real burglar, but all security systems are a series of intentional nuisances to bad guys. This way, there's no "spare" key floating around to be lost and worried about.
Plus you can send someone who needs to come by when you're not there (that petsitter, or the neighbor you've asked to check up on things) to open the door a "key" as a JPG file; they print it out, and it's their open sesame, at least at the times you've set them as welcome.
Since I like to think of houses as cell walls (hey, metaphors are meant to be reversed and amplified!), this lock system really resonates with me.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
I was just reading about barcodes the other day...
Check out This if you are interested.
This isn't flamebait or a troll but I think I'm starting to agree with other people: Whats the point of posting a story on a guys personal site if its almost certain to be slashotted?
Humble opinions aside, I can't see describing this as secure, at least compared to an "unpickable" modern lock (i.e., a lock that's tough enough to pick that you'll just go through a window instead).
To get into my house, you need to have my key, or a copy of my key. If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
To get into this guy's house -- and please note that the pictures wouldn't load, so I'm going by the captions -- you need to have his barcode, or a copy of his barcode. If I look at his barcode, I can remember the information I need to copy it, even if I don't have his key when I make the copy!
It's a neat hack, and *maybe* it's more convenient than putting a key in a lock (but it's also more complex -- I picture him standing at the door in the rain during a power failure), but it's not secure. Even a PIN pad would be more secure, becaues you can memorize the PIN -- you *have* to write down the barcode.
I hope his security system isn't on the same box as his webserver or we may have just locked him out of his house... hope its not raining.
Maybe /. could start offering a prepackaged "Port 80 Flood Kit - Get the pride of being slashdotted without having to work for it." Say $1000 a pop. It's better than spending the money on advertising.
Geek 1: Hey, guys, I got slashdotted!
Geek 2: Woah! No way!
Geek 1: Yep. *smug*
Chick: He's so dreamy...
All you need to break into this guy's house is a few seconds with his "keys" and a photocopier. Though I guess if you were really worried about that you could put a small label printer by the door and get a new key every time you left...
Haven't you seen Star Wars? All you have to do to get past that is either shoot the keypad with a lazer gun, or tear it off the wall and short out the wires in the back.
The cache is useless because it's a page of images which are being loaded from the guys web server.
Prevent email address forgery. Publish SPF records for y
I think this guy needs to invest in some sandpaper and some paint. Having a neat-o super keen way to get into your house is great, but if it your house looks like shit to begin with...
That's mainly why I try to avoid "pimping out" my car. What's the point of a nice paint job and a fart pipe if the brakes are failing and the engine's falling apart?
PAINT YOUR HOUSE
mstyne: real name, no gimmicks
Then, when the computer restarts when the power comes on (because he's using a linux box) he can say "I CANT OPEN THE FSCKING DOOR!!!!!!"
I'm the Devil the Windows users warned you about.
Good idea. Or maybe use some sort of mechanical device that won't open normally, but will when you insert some sort of identification device - you could make it out of metal for strength and encode the identity in notches down the side. Sure, you have to carry something, but it's small and portable, and could easily fit into a pocket.
Hey, I might see if I can patent that one...
++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
Well, the difficulty bar is raised a bit from the 'bar code'. It seems reasonably more difficult to both (1) secure an object with a clear figerprint of mine and (2) use said fingerprint to etch a 3D image onto some PCB board than to (1) use a photocopier or camera/printer to copy a bar code.
That insecurity is indeed real. Although those systems which were compromised were single-finger systems, and my system uses 3 as well as hand shape. Being able to get 3 clear fingerprints and mimic hand shape is more difficult than simply picking the lock, anyway, so your efforts would be better served in investing a a few dollars worth of decent lock-picking tools instead of a set of hobbyist PCB boards and etchers.
MORTAR COMBAT!
] inventory
You are currently holding the following: a set of keys, a brass lantern, a case of Jolt Cola[tm], and no tea.
] look
You are in the Cubicle of the Mountain King, with passages in all directions.
A huge green fierce programmer bars your way!
] n
You can't get by the programmer!
You're in Cubicle of Mt. King.
A huge green fierce programmer bars your way!
] drop jolt
The programmer attacks the Jolt Cola[tm], and in an astounding fury rushes off to enter the International Obfuscated C Code Contest.
] n
You are in a low north/south hallway at a hole in the floor ....
This is getting rediculous--most small, independent websites like this can't take a slashdotting, and it's making it almost pointless to link it.
It seems to me Slashdot could offer to mirror the content for a price, so that the linkee gets ad money, while slashdot carries the bandwidth burden.
Is there no way to:
1) Contact the website owner
2) Alert him of the amount of bandwidth he's going to need
3) Offer to mirror his pages such that ad referals still go to him
4) Everybody profits?
Dave Bowman: Open the pod bay doors, HAL.
HAL: I'm sorry Dave, I'm afraid I can't do that.
Read the FAQ: They could easily implement some kind of opt-in thing where you put a META tag
in your web page telling Slashdot that you grant them explicit permission to mirror the site for (say) a week after mentioning it - so Slashdot would have no legal/copyright come-backs.
You're a genius! Oh...wait...no... You just haven't read the FAQ
People who put up websites should recognize that people are going to look at it. Sometimes, a lot of people might look at it, as a result of a link from Slashdot or any of hundreds of other sites. People who bitch and moan about being linked to from Slashdot remind me of the companies who whine when people link to "confidential" webpages -- guess what, if it's on the web, it's not confidential.
-Waldo Jaquith
Also, barcodes for entry arn't very secure. If anyone gets ahold of your card for 10 seconds, they can make a photocopy and have your security level.
Personally, I see this as an upgraded form of "security through obscurity": security through weirdness. People know where the average person puts their keys and where the average person puts plastic cards (which most magnetic strips are put on)... but a barcode? W(here)TF does someone keep their BARCODE? A potential invader or an unscrupulous friend will be stunned by it. You can't look for a Hide-A-Key. He's not keeping it on a key rack. He probably can't just throw it down on his desk when he gets home. Hell, for all they know, his spare could be tattooed to his left ass cheek.
It's not obscurity, which is what the Hide-A-Key is. It's just weird, and on an individual basis, that could work for security.
I don't buy the FAQ's explanation. I think they're deliberately oversimplifying or just saying "it'll be too complicated and annoying for everyone" because they're lazy.
At a very minimum, use a caching HTTP proxy to feed a "mirrors.slashdot.org" site. Links would be set up under their own, unique path on this site (e.g. mirrors.slashdot.org/some.site/path/document or even mirrors.slashdot.org/50449) and this would funnel into a caching HTTP proxy. So long as the other site set up reasonable cache headers, there is no reason why the sites would object to their pages being cached in this fashion. This is built into HTTP, for fuck's sake. Wherever they have advertising being done, they're probably doing that in an iframe with its own caching policy. HTTP would handle all of this perfectly fine. Set an artificially low max-age value (overriding the site's) if you're really worried about things getting stale, but even this is unnecessary.
This is all fairly trivial to do. Slashdot authors/programmers have just gotten lazy in the last few years. They don't innovate or improve, they just watch over the slashcode "open source" project and occasionally toss out a few minor releases.
From your quote of the FAQ:
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Why don't you use some fucking common sense, ask yourself, "Do I think this site will survive linking?" And if the answer is "probably not," then e-mail them or call them, give them a head's up, and only if you fail to get a response in a reasonable amount of time would I ever think it's OK to link to them anyway.
They do have the information posted online, so any link and any amount of traffic is fair, but at least have the goddamn courtesy to mitigate the amount of damage you're knowingly causing. That's all that's being asked for: courtesy. Slashdot authors are lazy, that's all there is to it.
I think you're looking at it from the wrong angle. A guy puts up some information on a site using meager resources. He hopes that information will be useful and interesting to those that happen upon it. The hardware turns out to be perfectly adequate for his needs. Then someone posts a link on a popular site and the traffic increases by a factor of 10,000. The site goes down.
Frustrated, he pulls the content down in an attempt at restoring at least some semblence of service to the site.
Wouldn't you share his emotions? Sure, he "asked" for it and "deserved" it by posting that data online, but it's still annoying and frustrating that you can't make that information available due to its inflated popularity by being reported on by a site.
Slashdot needs to be a little more cautious with this type of thing. At the very least, use standard HTTP caching mechanisms to set up a form of mirror for those sites that do express a willingness to be cached through HTTP.
Your point of view here is totally absurd (which I guess is why you're posting as an AC).
I completely agree that people posting information to the web should not be surprised if that generates more activity than they would have wanted. In that respect, yes, it is "their own fault" and they "deserve" what they get.
But your comment suggesting that every web server and network be configured to survive a Slashdotting is idiotic. A "properly configured 333Mhz crap machine" most certainly will not survive any but the most mild Slashdotting, even assuming the network does. The fact that you make this statement shows me that you have no idea what you are talking about. Please post some numbers.
Your lack of sympathy for those people just trying to get something interesting/useful posted to the web astounds me. Someone that can afford to put information online for the benefit of all but cannot afford to do so using high-end hardware and high-capacity network links should not be punished for doing so. Not everyone is a professional web provider. Not everyone needs to be one. For most sites, with most content, Slashdot-levels of traffic will never happen. Why spend money building an environment that will handle it? In addition, some environments can handle it, so long as they have sufficient notice. What's wrong with a policy of giving people a few days notice before posting their link on Slashdot when it's clear their site probably won't survive it? Maybe the site owners can take some steps to ensure their site would stay up, or maybe temporarily mirror the content in question somewhere else? There's a lot that can be done here to prepare for a Slashdotting, but nobody has the decency to allow that to happen.
I agree that 'michael' can't be directly blamed for this, but Slashdot's policies on the matter most certainly can. It's just a matter of common sense and not being an ass. You're right: there's nothing requiring Slashdot to do this, and anything with a URL is fair game to be linked (with the traffic that that causes), but come on, there is a human factor here, and Slashdot could be a bit more courteous here.
The point is, whatever you're doing today seems like drudge work, but after a quarter-century, everyone forgets the boring bits and just recalles the sexy parts.
Nothing for 6-digit uids?
Read properly. I said 23 years ago, so that's 1980. I was only 18 at the time, but I had experience in computer graphics programming plotters (I volunteered for a computer graphics art group - this was waaaaay before Postscript) so it was only natural that I'd be the one they turn to to generate the barcode sheets.
They were done on a HP-9847 graphics terminal (a company oddball that was lying in a corner 'cause no one had any use for it. I learned years later that it was a demo unit THAT HP FORGOT THERE!!!!) onto which you could load a (surprisingly good - compared to the usual Microsoft crap - yes, Microsoft used to do crap then) BASIC interpreter, all this driving a IEEE-488 plotter. But eventually, I found the setup so disgusting (can't stand BASIC) that I wrote a device driver for the mainframe and I reprogrammed the barcode sheet programs. All in PL-1. Needless to say, that pretty well annoyed the dinosaur tenders of the time that I'd be using THEIR big iron to make graphics... Not to mention asking them all sorts of technical information in order to hack this...
In that project, I eventually also programmed the database on the mainframe that received the data, as well as the mainframe-side communication program, after my bosses saw that I managed to write a plotter driver for the dinosaur...
Anyway, the project was eventually canned because there was to much high-management interference (this was for a Fortune-500 ** CANDY ** company!!!) which brought the progress to a crawl. Only 10 prototypes of the computer were built, and I believe some still exist to this day.
* * *
Nowadays, I manage the computer department for a design company which designs museums (we're currently doing a museum for the Smithsonian, amongst other things), and I have a tax-credit consulting sideline.
For fun, I troll on Slashdot and NANAE, and have plenty of sex.
Now, for those who imply that there is no life beyond 30 years, I say you're fucking bunch of peepsqueaks whippersnappers; first of all, my sex drive went waaaay up when I hit 32 (went from 5 screws/week to 3/day), and I don't have any problems to pick-up; heck, a few months ago, a 19 year old jumped on me, and whas subsequently duly fully fucked by myself (and this happenned in a city park).