Posted by
ryuzaki0
on from the do-it-yourself-toll-gate dept.
MC68040 writes "The guy at this site managed to build something together that's actually quite neat in the way he built it, all hand-crafted system that uses a linux box to unlock his door. Maybe not the coolest of solutions, but actually a pretty good idea as for security in my humble opinion."
Re:Great
by
Anonymous Coward
·
· Score: 4, Interesting
Does he have a back-up way of getting into the house, if the power goes out (and he doesn't have a UPS)? Or, would he resort to climbing into a back-window, which should have red-flagged his security plans earlier?
Just wondering...
23 years ago...
by
Pig+Hogger
·
· Score: 5, Interesting
23 years ago, I was involved in a project to make a portable computer for data-entry, to replace optically-readed mark-sense sheets.
The final solution was to have no keyboard at all, but rather a computer whose motherboard was embedded in a 3-ring binder, with sheets.
On the sheets, were some barcodes, arranged in roughly the same layout the mark-sense cards were.
(For the geeks, the machine was MC6809-based, and had 56K CMOS RAM. The LCD display was always powered, but the computer shut down after it finished decoding a barcode and processing the "keystroke".)
Does he have to scan a can of Spam to check his e-mail?
Note: Don't blame me, only one post and it's already/.ed, how am I supposed to read it?
-- Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Re:And to scan the barcodes
by
Harald+Paulsen
·
· Score: 4, Funny
CutCats are cool, I got a friend in the USA to send me one. Thought about hooking it up to a computer near my refridgerator to keep track of groceries and expiration dates.
Hmm, imagine using it for access entry. "Sorry, you have to carry a bottle of jolt to gain access here", or "what, a pepsi!? No access for you!"
-- Harald
Hum
by
Anonymous Coward
·
· Score: 4, Insightful
What happens if the power goes out?
your house as a semi-permeable membrane
by
timothy
·
· Score: 5, Insightful
What's cool about this idea (to me) is that it actually has the great thing about many modern hotel keys (the ones with little holes, or mag strips), which is reprogrammability, but without the major hassles (specialized equipment to punch holes or re-stripe a card).
With a system like this, you can provide time-bounded access -- the petsitter can come by while you're gone part of this week, but her code might not be on the approved list for, say, 1 a.m. next Saturday night. Not that it would stop a real burglar, but all security systems are a series of intentional nuisances to bad guys. This way, there's no "spare" key floating around to be lost and worried about.
Plus you can send someone who needs to come by when you're not there (that petsitter, or the neighbor you've asked to check up on things) to open the door a "key" as a JPG file; they print it out, and it's their open sesame, at least at the times you've set them as welcome.
Since I like to think of houses as cell walls (hey, metaphors are meant to be reversed and amplified!), this lock system really resonates with me.
Re:your house as a semi-permeable membrane
by
MORTAR_COMBAT!
·
· Score: 5, Interesting
Indeed a cool idea. I would add that the holder of a 'key' should definitely keep it in a sleeve, though, lest high-res photography would allow for a duplicate key to be easily created.
The 'sending a JPG' to the baby-sitter starts out as a very neat idea, but what happens when baby-sitter has a popular e-mail virus which sends her e-mail to 100 people in her address book? Instant house party? Naturally they would only have the same access time slice as the baby-sitter, but they could just wait until after he/she is alone in the house and walk on in.
but without the major hassles (specialized equipment to punch holes or re-stripe a card)
It also means any Joe with a printer can make themselves a valid access card. I thought for quite a while about putting a similar setup at my house, but I decided instead to go with an extremely similar method, except instead of bar-codes I use hand prints. A lot of the advantages (time slices for the maid and sitters) without being able to be so easily produced (until advanced cloning techniques allow people to commonly grow copies of my hand).
And w.r.t. the people who keep asking about 'power outages' for (1) ever heard of generators of batteries and (2) naturally a physical key still works in the lock, duh!
Now that we're in, I say we Slashdot his liquor cabinet. =)
-- ...oOOo..'(_)'..oOOo...
Honestly, really
by
Anonymous Coward
·
· Score: 4, Insightful
This isn't flamebait or a troll but I think I'm starting to agree with other people: Whats the point of posting a story on a guys personal site if its almost certain to be slashotted?
Re:Honestly, really
by
sbaker
·
· Score: 5, Interesting
I agree.
Slashdot really, truly, utterly needs to have a local cache of the pages it references. It's getting to where Slashdotting is as bad as a denial of service attack - and that's a terrible thing to inflict on *anyone*.
Probably 50% of web sites referenced from main news items are down within an hour of Slashdot mentioning them - and they stay down until a couple of days have passed. That sucks.
They could easily implement some kind of opt-in thing where you put a META tag in your web page telling Slashdot that you grant them explicit permission to mirror the site for (say) a week after mentioning it - so Slashdot would have no legal/copyright come-backs. At the end of the week the Slashdot mirror could revert to become a redirect to the real site so you don't have problems with people bookmarking the Slashdot cache instead of the real site.
The whole process could be automated.
People who do cool things like this door lock would surely be aware that they could get Slashdotted and prepare for the event in advance by inserting the tag - and private individuals are the people who are most likely to have their server die.
Companies that want to profit from their slashdotting by advertising from their page or taking orders off of it could just leave off the META tag and handle the traffic as now.
An opt-in cache mechanism is a win-win-win solution. Slashdot wins because more people will use the service if it doesn't continually refer to dead sites. Readers will win because less sites will be dead-on-arrival - and web site operators will win (if they want to) by not having their site die from Slashdotting.
Humble opinions aside, I can't see describing this as secure, at least compared to an "unpickable" modern lock (i.e., a lock that's tough enough to pick that you'll just go through a window instead).
To get into my house, you need to have my key, or a copy of my key. If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
To get into this guy's house -- and please note that the pictures wouldn't load, so I'm going by the captions -- you need to have his barcode, or a copy of his barcode. If I look at his barcode, I can remember the information I need to copy it, even if I don't have his key when I make the copy!
It's a neat hack, and *maybe* it's more convenient than putting a key in a lock (but it's also more complex -- I picture him standing at the door in the rain during a power failure), but it's not secure. Even a PIN pad would be more secure, becaues you can memorize the PIN -- you *have* to write down the barcode.
Re:Not very secure
by
jjshoe
·
· Score: 4, Insightful
you can remember 12 digits? there was a time when i could remeber the 1st 6 of hp's barcode because i was often looking hp stuff up in our system.. 08689 who knows now.. that was a while ago.. but the point is most people cant look at 12 digits and just remember it...
i use my drivers liscence to switch to root on my box.. its not nesecery, in fact its probly over kill and pointless. however. most importantly it makes me think for a second if im about to do something as root.
plus, its something neet to brag about, which is part of the geek world. because you dont like it doesnt mean that himself and his friends dont like it
-- -- botsex is {grep;touch;strip;unzip;head;mount}/dev/girl -t {wet;fsck;fsck;yes;yes;yes;umount} {/de
web / security server?
by
olrs
·
· Score: 4, Funny
I hope his security system isn't on the same box as his webserver or we may have just locked him out of his house... hope its not raining.
Re:Slashdot record?
by
DarthWiggle
·
· Score: 5, Funny
Maybe/. could start offering a prepackaged "Port 80 Flood Kit - Get the pride of being slashdotted without having to work for it." Say $1000 a pop. It's better than spending the money on advertising.
Geek 1: Hey, guys, I got slashdotted! Geek 2: Woah! No way! Geek 1: Yep. *smug* Chick: He's so dreamy...
Haven't you seen Star Wars? All you have to do to get past that is either shoot the keypad with a lazer gun, or tear it off the wall and short out the wires in the back.
From the few pictures I saw...
by
mstyne
·
· Score: 4, Funny
I think this guy needs to invest in some sandpaper and some paint. Having a neat-o super keen way to get into your house is great, but if it your house looks like shit to begin with...
That's mainly why I try to avoid "pimping out" my car. What's the point of a nice paint job and a fart pipe if the brakes are failing and the engine's falling apart?
Good idea. Or maybe use some sort of mechanical device that won't open normally, but will when you insert some sort of identification device - you could make it out of metal for strength and encode the identity in notches down the side. Sure, you have to carry something, but it's small and portable, and could easily fit into a pocket.
Hey, I might see if I can patent that one...
-- ++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
Re:And to scan the barcodes
by
Frater+219
·
· Score: 5, Funny
Hmm, imagine using it for access entry. "Sorry, you have to carry a bottle of jolt to gain access here", or "what, a pepsi!? No access for you!"
] inventory
You are currently holding the following: a set of keys, a brass lantern, a case of Jolt Cola[tm], and no tea.
] look
You are in the Cubicle of the Mountain King, with passages in all directions.
A huge green fierce programmer bars your way!
] n
You can't get by the programmer!
You're in Cubicle of Mt. King.
A huge green fierce programmer bars your way!
] drop jolt
The programmer attacks the Jolt Cola[tm], and in an astounding fury rushes off to enter the International Obfuscated C Code Contest.
] n
You are in a low north/south hallway at a hole in the floor....
This is getting rediculous--most small, independent websites like this can't take a slashdotting, and it's making it almost pointless to link it.
It seems to me Slashdot could offer to mirror the content for a price, so that the linkee gets ad money, while slashdot carries the bandwidth burden.
Is there no way to:
1) Contact the website owner 2) Alert him of the amount of bandwidth he's going to need 3) Offer to mirror his pages such that ad referals still go to him 4) Everybody profits?
Obligatory quote...
by
nautical9
·
· Score: 4, Funny
Dave Bowman: Open the pod bay doors, HAL. HAL: I'm sorry Dave, I'm afraid I can't do that.
I don't buy it; use a caching proxy if nothing els
by
Fastolfe
·
· Score: 5, Insightful
I don't buy the FAQ's explanation. I think they're deliberately oversimplifying or just saying "it'll be too complicated and annoying for everyone" because they're lazy.
At a very minimum, use a caching HTTP proxy to feed a "mirrors.slashdot.org" site. Links would be set up under their own, unique path on this site (e.g. mirrors.slashdot.org/some.site/path/document or even mirrors.slashdot.org/50449) and this would funnel into a caching HTTP proxy. So long as the other site set up reasonable cache headers, there is no reason why the sites would object to their pages being cached in this fashion. This is built into HTTP, for fuck's sake. Wherever they have advertising being done, they're probably doing that in an iframe with its own caching policy. HTTP would handle all of this perfectly fine. Set an artificially low max-age value (overriding the site's) if you're really worried about things getting stale, but even this is unnecessary.
This is all fairly trivial to do. Slashdot authors/programmers have just gotten lazy in the last few years. They don't innovate or improve, they just watch over the slashcode "open source" project and occasionally toss out a few minor releases.
From your quote of the FAQ:
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Why don't you use some fucking common sense, ask yourself, "Do I think this site will survive linking?" And if the answer is "probably not," then e-mail them or call them, give them a head's up, and only if you fail to get a response in a reasonable amount of time would I ever think it's OK to link to them anyway.
They do have the information posted online, so any link and any amount of traffic is fair, but at least have the goddamn courtesy to mitigate the amount of damage you're knowingly causing. That's all that's being asked for: courtesy. Slashdot authors are lazy, that's all there is to it.
Re:Interesting
by
Fastolfe
·
· Score: 4, Insightful
I think you're looking at it from the wrong angle. A guy puts up some information on a site using meager resources. He hopes that information will be useful and interesting to those that happen upon it. The hardware turns out to be perfectly adequate for his needs. Then someone posts a link on a popular site and the traffic increases by a factor of 10,000. The site goes down.
Frustrated, he pulls the content down in an attempt at restoring at least some semblence of service to the site.
Wouldn't you share his emotions? Sure, he "asked" for it and "deserved" it by posting that data online, but it's still annoying and frustrating that you can't make that information available due to its inflated popularity by being reported on by a site.
Slashdot needs to be a little more cautious with this type of thing. At the very least, use standard HTTP caching mechanisms to set up a form of mirror for those sites that do express a willingness to be cached through HTTP.
Re:Let's be frickin' realistic...
by
Fastolfe
·
· Score: 5, Insightful
Your point of view here is totally absurd (which I guess is why you're posting as an AC).
I completely agree that people posting information to the web should not be surprised if that generates more activity than they would have wanted. In that respect, yes, it is "their own fault" and they "deserve" what they get.
But your comment suggesting that every web server and network be configured to survive a Slashdotting is idiotic. A "properly configured 333Mhz crap machine" most certainly will not survive any but the most mild Slashdotting, even assuming the network does. The fact that you make this statement shows me that you have no idea what you are talking about. Please post some numbers.
Your lack of sympathy for those people just trying to get something interesting/useful posted to the web astounds me. Someone that can afford to put information online for the benefit of all but cannot afford to do so using high-end hardware and high-capacity network links should not be punished for doing so. Not everyone is a professional web provider. Not everyone needs to be one. For most sites, with most content, Slashdot-levels of traffic will never happen. Why spend money building an environment that will handle it? In addition, some environments can handle it, so long as they have sufficient notice. What's wrong with a policy of giving people a few days notice before posting their link on Slashdot when it's clear their site probably won't survive it? Maybe the site owners can take some steps to ensure their site would stay up, or maybe temporarily mirror the content in question somewhere else? There's a lot that can be done here to prepare for a Slashdotting, but nobody has the decency to allow that to happen.
I agree that 'michael' can't be directly blamed for this, but Slashdot's policies on the matter most certainly can. It's just a matter of common sense and not being an ass. You're right: there's nothing requiring Slashdot to do this, and anything with a URL is fair game to be linked (with the traffic that that causes), but come on, there is a human factor here, and Slashdot could be a bit more courteous here.
Slashdot Mirror
Does he have a back-up way of getting into the house, if the power goes out (and he doesn't have a UPS)? Or, would he resort to climbing into a back-window, which should have red-flagged his security plans earlier?
Just wondering...
The final solution was to have no keyboard at all, but rather a computer whose motherboard was embedded in a 3-ring binder, with sheets.
On the sheets, were some barcodes, arranged in roughly the same layout the mark-sense cards were.
(For the geeks, the machine was MC6809-based, and had 56K CMOS RAM. The LCD display was always powered, but the computer shut down after it finished decoding a barcode and processing the "keystroke".)
Does he have to scan a can of Spam to check his e-mail? Note: Don't blame me, only one post and it's already /.ed, how am I supposed to read it?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
CutCats are cool, I got a friend in the USA to send me one. Thought about hooking it up to a computer near my refridgerator to keep track of groceries and expiration dates.
Hmm, imagine using it for access entry. "Sorry, you have to carry a bottle of jolt to gain access here", or "what, a pepsi!? No access for you!"
Harald
What happens if the power goes out?
What's cool about this idea (to me) is that it actually has the great thing about many modern hotel keys (the ones with little holes, or mag strips), which is reprogrammability, but without the major hassles (specialized equipment to punch holes or re-stripe a card).
With a system like this, you can provide time-bounded access -- the petsitter can come by while you're gone part of this week, but her code might not be on the approved list for, say, 1 a.m. next Saturday night. Not that it would stop a real burglar, but all security systems are a series of intentional nuisances to bad guys. This way, there's no "spare" key floating around to be lost and worried about.
Plus you can send someone who needs to come by when you're not there (that petsitter, or the neighbor you've asked to check up on things) to open the door a "key" as a JPG file; they print it out, and it's their open sesame, at least at the times you've set them as welcome.
Since I like to think of houses as cell walls (hey, metaphors are meant to be reversed and amplified!), this lock system really resonates with me.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
I was just reading about barcodes the other day...
Check out This if you are interested.
Now that we're in, I say we Slashdot his liquor cabinet. =)
...oOOo..'(_)'..oOOo...
This isn't flamebait or a troll but I think I'm starting to agree with other people: Whats the point of posting a story on a guys personal site if its almost certain to be slashotted?
Humble opinions aside, I can't see describing this as secure, at least compared to an "unpickable" modern lock (i.e., a lock that's tough enough to pick that you'll just go through a window instead).
To get into my house, you need to have my key, or a copy of my key. If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
To get into this guy's house -- and please note that the pictures wouldn't load, so I'm going by the captions -- you need to have his barcode, or a copy of his barcode. If I look at his barcode, I can remember the information I need to copy it, even if I don't have his key when I make the copy!
It's a neat hack, and *maybe* it's more convenient than putting a key in a lock (but it's also more complex -- I picture him standing at the door in the rain during a power failure), but it's not secure. Even a PIN pad would be more secure, becaues you can memorize the PIN -- you *have* to write down the barcode.
I hope his security system isn't on the same box as his webserver or we may have just locked him out of his house... hope its not raining.
Maybe /. could start offering a prepackaged "Port 80 Flood Kit - Get the pride of being slashdotted without having to work for it." Say $1000 a pop. It's better than spending the money on advertising.
Geek 1: Hey, guys, I got slashdotted!
Geek 2: Woah! No way!
Geek 1: Yep. *smug*
Chick: He's so dreamy...
Haven't you seen Star Wars? All you have to do to get past that is either shoot the keypad with a lazer gun, or tear it off the wall and short out the wires in the back.
The cache is useless because it's a page of images which are being loaded from the guys web server.
Prevent email address forgery. Publish SPF records for y
I think this guy needs to invest in some sandpaper and some paint. Having a neat-o super keen way to get into your house is great, but if it your house looks like shit to begin with...
That's mainly why I try to avoid "pimping out" my car. What's the point of a nice paint job and a fart pipe if the brakes are failing and the engine's falling apart?
PAINT YOUR HOUSE
mstyne: real name, no gimmicks
Then, when the computer restarts when the power comes on (because he's using a linux box) he can say "I CANT OPEN THE FSCKING DOOR!!!!!!"
I'm the Devil the Windows users warned you about.
Good idea. Or maybe use some sort of mechanical device that won't open normally, but will when you insert some sort of identification device - you could make it out of metal for strength and encode the identity in notches down the side. Sure, you have to carry something, but it's small and portable, and could easily fit into a pocket.
Hey, I might see if I can patent that one...
++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
] inventory
You are currently holding the following: a set of keys, a brass lantern, a case of Jolt Cola[tm], and no tea.
] look
You are in the Cubicle of the Mountain King, with passages in all directions.
A huge green fierce programmer bars your way!
] n
You can't get by the programmer!
You're in Cubicle of Mt. King.
A huge green fierce programmer bars your way!
] drop jolt
The programmer attacks the Jolt Cola[tm], and in an astounding fury rushes off to enter the International Obfuscated C Code Contest.
] n
You are in a low north/south hallway at a hole in the floor ....
This is getting rediculous--most small, independent websites like this can't take a slashdotting, and it's making it almost pointless to link it.
It seems to me Slashdot could offer to mirror the content for a price, so that the linkee gets ad money, while slashdot carries the bandwidth burden.
Is there no way to:
1) Contact the website owner
2) Alert him of the amount of bandwidth he's going to need
3) Offer to mirror his pages such that ad referals still go to him
4) Everybody profits?
Dave Bowman: Open the pod bay doors, HAL.
HAL: I'm sorry Dave, I'm afraid I can't do that.
I don't buy the FAQ's explanation. I think they're deliberately oversimplifying or just saying "it'll be too complicated and annoying for everyone" because they're lazy.
At a very minimum, use a caching HTTP proxy to feed a "mirrors.slashdot.org" site. Links would be set up under their own, unique path on this site (e.g. mirrors.slashdot.org/some.site/path/document or even mirrors.slashdot.org/50449) and this would funnel into a caching HTTP proxy. So long as the other site set up reasonable cache headers, there is no reason why the sites would object to their pages being cached in this fashion. This is built into HTTP, for fuck's sake. Wherever they have advertising being done, they're probably doing that in an iframe with its own caching policy. HTTP would handle all of this perfectly fine. Set an artificially low max-age value (overriding the site's) if you're really worried about things getting stale, but even this is unnecessary.
This is all fairly trivial to do. Slashdot authors/programmers have just gotten lazy in the last few years. They don't innovate or improve, they just watch over the slashcode "open source" project and occasionally toss out a few minor releases.
From your quote of the FAQ:
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Why don't you use some fucking common sense, ask yourself, "Do I think this site will survive linking?" And if the answer is "probably not," then e-mail them or call them, give them a head's up, and only if you fail to get a response in a reasonable amount of time would I ever think it's OK to link to them anyway.
They do have the information posted online, so any link and any amount of traffic is fair, but at least have the goddamn courtesy to mitigate the amount of damage you're knowingly causing. That's all that's being asked for: courtesy. Slashdot authors are lazy, that's all there is to it.
I think you're looking at it from the wrong angle. A guy puts up some information on a site using meager resources. He hopes that information will be useful and interesting to those that happen upon it. The hardware turns out to be perfectly adequate for his needs. Then someone posts a link on a popular site and the traffic increases by a factor of 10,000. The site goes down.
Frustrated, he pulls the content down in an attempt at restoring at least some semblence of service to the site.
Wouldn't you share his emotions? Sure, he "asked" for it and "deserved" it by posting that data online, but it's still annoying and frustrating that you can't make that information available due to its inflated popularity by being reported on by a site.
Slashdot needs to be a little more cautious with this type of thing. At the very least, use standard HTTP caching mechanisms to set up a form of mirror for those sites that do express a willingness to be cached through HTTP.
Your point of view here is totally absurd (which I guess is why you're posting as an AC).
I completely agree that people posting information to the web should not be surprised if that generates more activity than they would have wanted. In that respect, yes, it is "their own fault" and they "deserve" what they get.
But your comment suggesting that every web server and network be configured to survive a Slashdotting is idiotic. A "properly configured 333Mhz crap machine" most certainly will not survive any but the most mild Slashdotting, even assuming the network does. The fact that you make this statement shows me that you have no idea what you are talking about. Please post some numbers.
Your lack of sympathy for those people just trying to get something interesting/useful posted to the web astounds me. Someone that can afford to put information online for the benefit of all but cannot afford to do so using high-end hardware and high-capacity network links should not be punished for doing so. Not everyone is a professional web provider. Not everyone needs to be one. For most sites, with most content, Slashdot-levels of traffic will never happen. Why spend money building an environment that will handle it? In addition, some environments can handle it, so long as they have sufficient notice. What's wrong with a policy of giving people a few days notice before posting their link on Slashdot when it's clear their site probably won't survive it? Maybe the site owners can take some steps to ensure their site would stay up, or maybe temporarily mirror the content in question somewhere else? There's a lot that can be done here to prepare for a Slashdotting, but nobody has the decency to allow that to happen.
I agree that 'michael' can't be directly blamed for this, but Slashdot's policies on the matter most certainly can. It's just a matter of common sense and not being an ass. You're right: there's nothing requiring Slashdot to do this, and anything with a URL is fair game to be linked (with the traffic that that causes), but come on, there is a human factor here, and Slashdot could be a bit more courteous here.