1411471
story
MC68040 writes
"The guy at this site managed to build something together that's actually quite neat in the way he built it, all hand-crafted system that uses a linux box to unlock his door. Maybe not the coolest of solutions, but actually a pretty good idea as for security in my humble opinion."
Hum (Score:4, Insightful)
your house as a semi-permeable membrane (Score:5, Insightful)
With a system like this, you can provide time-bounded access -- the petsitter can come by while you're gone part of this week, but her code might not be on the approved list for, say, 1 a.m. next Saturday night. Not that it would stop a real burglar, but all security systems are a series of intentional nuisances to bad guys. This way, there's no "spare" key floating around to be lost and worried about.
Plus you can send someone who needs to come by when you're not there (that petsitter, or the neighbor you've asked to check up on things) to open the door a "key" as a JPG file; they print it out, and it's their open sesame, at least at the times you've set them as welcome.
Since I like to think of houses as cell walls (hey, metaphors are meant to be reversed and amplified!), this lock system really resonates with me.
timothy
Keypad (Score:2, Insightful)
Of course, you'd have to make the password sufficiently strong.
Honestly, really (Score:4, Insightful)
Video store barcode (Score:2, Insightful)
So i just have to work at his video store (or have a friend who works there), make myself a copy of his barcode, and i get free reign of his house? Sweet.
Not very secure (Score:5, Insightful)
To get into my house, you need to have my key, or a copy of my key. If I let you look at my key, you won't be able to copy it; you have to have my key in your possession to make a copy.
To get into this guy's house -- and please note that the pictures wouldn't load, so I'm going by the captions -- you need to have his barcode, or a copy of his barcode. If I look at his barcode, I can remember the information I need to copy it, even if I don't have his key when I make the copy!
It's a neat hack, and *maybe* it's more convenient than putting a key in a lock (but it's also more complex -- I picture him standing at the door in the rain during a power failure), but it's not secure. Even a PIN pad would be more secure, becaues you can memorize the PIN -- you *have* to write down the barcode.
Forget key impressions in soap... (Score:3, Insightful)
Re:Not very secure (Score:2, Insightful)
Contradiction aside, most people, and especially common thieves, would have no idea how to make a barcode. I personally know you can do it with some software, but I'm not familiar with any of it and have never done it. I do know there are several types of bar codes so that throws another hardball at you; you have to get the right type.
In this case, also, if this person lost his bar code, it's his video rental card. It doesnt exactly scream "this is the key to my house." *No one* is going to think its the key to his house. That. Is. Cool. Of course, if he doesnt have a copy or cant get another copy of from the video store, he's also screwed, etc etc.
On the other hand, if a thief were to somehow get your pin, I bet he would be able to remember the pin long enough to write it down, and entering it into your numpad is trivial.
I think its at least more secure then you give it credit.
Re:your house as a semi-permeable membrane (Score:2, Insightful)
If you used PNG and could guarantee that the receiver had a laser printer (or thermal, for that matter), then it would work. If you want to use JPG and inkjet, well, good luck.
Slashdot effect (Score:0, Insightful)
Smart burglars (Score:1, Insightful)
Re:Slashdot effect (Score:2, Insightful)
Are these the same editors that have time to post duplicate stories?
The sites that tend to be most quickly slashdotted are also the sites that are most likely not to be ad-supported. More, they're also the same sites that are most likely going to end up costing the owner an arm and a leg when their bandwidth allotment is completely smashed by a Slashdotting. In otherwords, they're not gaining any money by being linked to Slashdot, and are highly prone to actually losing money. Let's see what you'll do if you're faced with a $1000 bandwidth bill because your lego collection made it onto Slashdot.
What "rest"? Legal issues? The editors obviously should contact site owners (at the very least to warn them that Slashdot is about to launch a massive DDoS on their website). I'd much rather wait a day or two to see an interesting site than not be able to see it at all. If someone doesn't want Slashdot to cache their site, then they should at least be given the opportunity to not have the site posted to Slashdot.
For this kind of site? Not likely. I looked at the Google cache. The site has a lot of pictures of the guy's setup, and google doesn't cache images. Thus, the Google cache is nearly useless.
Re:$10 and I'm in (Score:3, Insightful)
That insecurity is indeed real. Although those systems which were compromised were single-finger systems, and my system uses 3 as well as hand shape. Being able to get 3 clear fingerprints and mimic hand shape is more difficult than simply picking the lock, anyway, so your efforts would be better served in investing a a few dollars worth of decent lock-picking tools instead of a set of hobbyist PCB boards and etchers.
Re:Not very secure (Score:4, Insightful)
i use my drivers liscence to switch to root on my box.. its not nesecery, in fact its probly over kill and pointless. however. most importantly it makes me think for a second if im about to do something as root.
plus, its something neet to brag about, which is part of the geek world. because you dont like it doesnt mean that himself and his friends dont like it
USB Keychains (Score:4, Insightful)
Instead of a barcode, why not use one of those USB-keychain things? Seems easier to rig under Linux -- just get the kernel to automount the device when it sees it and check some file on the device. Fit a USB socket into the wall and carry around your wee USB keychain.
Authentication is the least of concerns...just dump a gazillion random bits to the drive and compare them with the copy on the house. I imagine you could probably rig up some spiffo public-key crypto, but I don't really see the point. One-pads work fine here.
As usual, you've got the problem that if somebody steals your keychain, they can make a copy of it, but this is the same problem you have with regular keys or this barcode thing.
Another benefit is you can rewrite the key on the USB drive after every use. If $BAD_GUY steals your key without your knowledge but you manage to get back to the house first, his key is worthless.
The max # cycles isn't so hot on those flash drives, but I imagine you can get a few years worth of entry without any problems.
Plus, with a 64MB keychain, you've got enough space for as many keys as you could possibly every need (640k, anyone?)
I don't buy it; use a caching proxy if nothing els (Score:5, Insightful)
At a very minimum, use a caching HTTP proxy to feed a "mirrors.slashdot.org" site. Links would be set up under their own, unique path on this site (e.g. mirrors.slashdot.org/some.site/path/document or even mirrors.slashdot.org/50449) and this would funnel into a caching HTTP proxy. So long as the other site set up reasonable cache headers, there is no reason why the sites would object to their pages being cached in this fashion. This is built into HTTP, for fuck's sake. Wherever they have advertising being done, they're probably doing that in an iframe with its own caching policy. HTTP would handle all of this perfectly fine. Set an artificially low max-age value (overriding the site's) if you're really worried about things getting stale, but even this is unnecessary.
This is all fairly trivial to do. Slashdot authors/programmers have just gotten lazy in the last few years. They don't innovate or improve, they just watch over the slashcode "open source" project and occasionally toss out a few minor releases.
From your quote of the FAQ:
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Why don't you use some fucking common sense, ask yourself, "Do I think this site will survive linking?" And if the answer is "probably not," then e-mail them or call them, give them a head's up, and only if you fail to get a response in a reasonable amount of time would I ever think it's OK to link to them anyway.
They do have the information posted online, so any link and any amount of traffic is fair, but at least have the goddamn courtesy to mitigate the amount of damage you're knowingly causing. That's all that's being asked for: courtesy. Slashdot authors are lazy, that's all there is to it.
Re:Interesting (Score:4, Insightful)
Frustrated, he pulls the content down in an attempt at restoring at least some semblence of service to the site.
Wouldn't you share his emotions? Sure, he "asked" for it and "deserved" it by posting that data online, but it's still annoying and frustrating that you can't make that information available due to its inflated popularity by being reported on by a site.
Slashdot needs to be a little more cautious with this type of thing. At the very least, use standard HTTP caching mechanisms to set up a form of mirror for those sites that do express a willingness to be cached through HTTP.
Re:Let's be frickin' realistic... (Score:5, Insightful)
I completely agree that people posting information to the web should not be surprised if that generates more activity than they would have wanted. In that respect, yes, it is "their own fault" and they "deserve" what they get.
But your comment suggesting that every web server and network be configured to survive a Slashdotting is idiotic. A "properly configured 333Mhz crap machine" most certainly will not survive any but the most mild Slashdotting, even assuming the network does. The fact that you make this statement shows me that you have no idea what you are talking about. Please post some numbers.
Your lack of sympathy for those people just trying to get something interesting/useful posted to the web astounds me. Someone that can afford to put information online for the benefit of all but cannot afford to do so using high-end hardware and high-capacity network links should not be punished for doing so. Not everyone is a professional web provider. Not everyone needs to be one. For most sites, with most content, Slashdot-levels of traffic will never happen. Why spend money building an environment that will handle it? In addition, some environments can handle it, so long as they have sufficient notice. What's wrong with a policy of giving people a few days notice before posting their link on Slashdot when it's clear their site probably won't survive it? Maybe the site owners can take some steps to ensure their site would stay up, or maybe temporarily mirror the content in question somewhere else? There's a lot that can be done here to prepare for a Slashdotting, but nobody has the decency to allow that to happen.
I agree that 'michael' can't be directly blamed for this, but Slashdot's policies on the matter most certainly can. It's just a matter of common sense and not being an ass. You're right: there's nothing requiring Slashdot to do this, and anything with a URL is fair game to be linked (with the traffic that that causes), but come on, there is a human factor here, and Slashdot could be a bit more courteous here.
Re:What A Beautiful Mind (Score:3, Insightful)
The point is, whatever you're doing today seems like drudge work, but after a quarter-century, everyone forgets the boring bits and just recalles the sexy parts.
Less is more (Score:2, Insightful)
No, I'd rather see that nice hobbyist page stormed down, THEN wait 6 hours for the site to recover.. Oh, if it only were just 6 hours..
Is it possible to de-concentrate the traffic by any means? Show the story for 5 minutes, then show it again after a quarter or so.. Daily readers would get it eventually..
You /. guys are holding too much influence compared to your careless morality.
Re:Great (Score:2, Insightful)
Re:Mirror Site (Score:2, Insightful)
I give everyone on this Bcc list permission
to mirror the page with these conditions: you have to put my name
and email on it as the author, and you have to indicate on the page
that you're mirroring is http://bigasterisk.com/automation/door (not
[the address of the moved page], obviously).
What do I get? digital_gods (to whom I did not give any special additional permissions) mirrors my page, alters it with a comment that readers will not see that includes the secret address of the moved page! He didn't add my name to the page either. This doesn't make me mad; I'm just stunned at the way someone copied my work without attribution and without following my easy instructions about the URLs.
digital_gods, I hope you'll edit your mirror the way I asked. Everyone else, go look at digital_gods' page I guess, since all you want is to see my photos. I want to go to bed, so I'm not going to mess around with links and servers any more tonight. I hope I am still able to receive all your emails, as I've been receiving lots of interesting stories over the weekend.