This reminded me of Matt Blaze's work on physical lock security back in 2003. He found a method of deriving the "master key" for a building (one key that opens all locks) from a single example: https://www.mattblaze.org/masterkey.html
When he published about this he was bombarded with messages from locksmiths complaining that they all knew about this and kept it secret for a reason! https://www.mattblaze.org/papers/kiss.html
It was a fascinating clash between computer security principles - disclose vulnerabilities - and physical locksmith culture, which was all about trade secrets.
In 'Three Days of Condor', Robert Redford's character locates the hotel room of a professional hitmat (who is after him) by going to a locksmith and asking him "which hotel and room this key belongs to?" and the locksmith asks him "are you in the trade?" and he responds, "No, but I read a lot".
Perhaps the most important difference is that software — even after being purchased and used — remains relatively easy to patch, unlike a physical lock.
Tbf that's a new-ish principle. 2003 was Windows XP era and the early days of Metasploit. I.e. Microsoft and all the other companies were still figuring out this internet thing, while most computers were riddled with unpatched vulnerabilities. There was no such thing as zero day back then, because you could use many exploits years later.
Totally true. Also consider that although software can theoretically or technically be patched, sometimes patches just don't exist... the amount of unmaintained but yet useful software is just huge.
> On July 7, the company dismissed the lawsuit against McNally instead.
> Proven also made a highly unusual request: Would the judge please seal almost the entire court record—including the request to seal?
Tough at first then running away with the tail between their legs. Typical bullying behavior.
> but Proven complained about a “pattern of intimidation and harassment by individuals influenced by Defendant McNally’s content.”
They have to know it's generated by their own lawsuit and how they approached it, right? They can't be that oblivious to turn around and say "Judge, look at all the craziness this generated, we just have to seal the records!". It's like an ice-cream cone that licks itself.
> the case became a classic example of the Streisand Effect, in which the attempt to censor information can instead call attention to it.
A constant reminder to keep the people who don't know what they are doing (including the owners of the company!) from the social media.
If you want an extreme example of this; go look at the Sacramento startup Sircles. 7+ year old "startup" that has sub $100k revenue after several years but 9 million in debt. The founder has an account there under u/Sirclesapp where he goes off on toxic and insane tirades to anyone who dares say anything but utmost praise at his app. Apparently he stalks their reddit accounts and sends threatening letters to their personal home addresses from his lawyer for "defamation". That I understand he sent one to some ex employees and one to some woman who I think is a paralegal and is now suing them in civil court.
He partnered with some radio program called radradio where the host had a lot of personal issues and the show ultimately got axed. The radio host was known for having issues with alcohol, but they kept partnering with him because he kept shilling their WeFunder. They've raised over $6m in SAFEs but considering they are $9m in debt, haven't broken $100k lifetime revenue after 7 years, and seem to have over a million a year burn rate, it's doubtful that the shares from those SAFEs (if ever executed) would ever be in the money.
Oh, even without looking into it, I would assume that Sircles is probably pretty dodgy. I just meant that SacToHacker's original points against it aren't necessarily bad. But can be damning in the context of their industry, yes!
Wow, it seems like the whole purpose of the product is grievance based against yelp. Don’t get me wrong, I’m not a fan of yelp, but I get the vibe that maybe this person would be even more extractive if given the opportunity
They also made sloppy mistakes like naming the Proven owner's partner un-redacted in a document they submitted to the court (which is then available through legal search engines). If they were concerned with privacy they could easily have withheld her name.
> A constant reminder to keep the people who don't know what they are doing (including the owners of the company!) from the social media.
I'm just guessing based on the contents of the article, but it sounds like a typical "hard-fist founder-run company" so good luck convincing the founder to not sit on social media and argue their points.
We recently had an example of that with Automattic and the WordPress drama. Where the founder was here on HN hurting his own legal case despite people here repeatedly told him to stop posting for his own sake and asking him to talk to his lawyers.
I think their point was that the lock picking videos were faked. But it’s still a silly comment from the Proven employee.
I’ve also seen people use “liberal” as a literal curse word before. On one “reality show”, a member of the cast broke down while highly intoxicated and started screaming at other people saying:
“You’re worse than a beep! You’re a liberal”
It’s insane just how far the political divide has become.
Othering is easier than improving. An old philosophy professor taught me that at a community college when we started getting on the subject of philosophy in politics. This was probably 20-something years ago, now, but one of the many things that stuck with me from his teaching, and makes even more sense now than it did then.
I once worked for a company that kept its passwords locked in a safe. One day, all other copies of the password were lost, and they needed it, but the safe's key could not be found.
They expensed a sledgehammer and obtained the password through physical modification of the safe using a careful application of force. Some employees complained that meant the safe wasn't... well, safe.
The security team replied "Working as Intended" - no safe is truly safe, it's just designed to slow down an attacker. At that moment, I was enlightened.
I worked on port facilities. Everything corrodes quite quickly, and locks and keys need to be replaced fairly regularly. Once, there was a problem with key management following the replacement of locks on a building containing emergency diesel generators.
The doors were heavy, 45-minute fire-rated security doors, aka "Fucking heavy doors that can cut your fingers just from inertia or wind.".
These doors had to be opened quickly in the middle of the night. There was no locksmith on call, but there were boilermakers. Supports and a chain were welded to the doors, and a T-Rex container mover was used to carefully pull the doors off the building.
The whole operation took less than an hour. Physical security is a matter of time and resources.
However, for good safes, there's a rating on how long it takes.[1] Ratings start at TL-15, for 15 minute resistance against hand tools. They go up to TXTL-60: torch, explosive and tool resisting for 60 minutes. Safes with these ratings will have a metal plate indicating UL testing and approval.
If there are any rated safes on Amazon, I can't find them. A real TL-30 1 cubic foot safe sells for about $2000 and weighs about 500 pounds. Amazon sells something that looks similar for about $100 and weighs about 15 pounds.
There's a separate set of ratings for fire protection, from the NFPA. Fire safes are much simpler. They have more insulating materials and less steel.
Why? Everyone knows about rubber-hose cryptanalysis. The whole point of cryptography is to reduce them to this.
If they want our information, they should have to become literal tyrants, send armed men after us and violate human rights in order to get it. Not push a button on a computer to tap into their warrantless global dragnet surveilance networks and suddenly have our entire private lives revealed to them on a computer screen.
Yes, people will fold if they are kidnapped and tortured. That's not news. Forcing them to stoop to that is the entire design. Once the situation has escalated to that level, you are justified in killing them in self-defense. Torturers don't make a habit of allowing their victims to live and testify about it.
Why? There are actually valuable takeaways from this.
One would be that people are the weak point in your security system. If all your organizational security hinges on one guy not folding, that guy is the natural target. Whether a literal 5$ wrench is used or they bribe him makes no difference.
That means you could consider shaping your org in a way that is resistent against this by e.g. decentralizing secrets. That means instead of bringing a "5$ wrench" to one person (which may even work without raising suspicion), you now need to convince multiple people at once which is much more unlikely to work without being detected.
If you do a site search you'll find 700+ comments linking to it. I wouldn't be surprised if it was the number one most frequently linked page in HN history.
Yep. There’s a safe engineer on YouTube who was explaining the history of dial combination locks commonly used for government filing cabinets, etc. He pointed out that you can drill them in minutes but you’d need several hours to make good the damage such that the break in wouldn’t be easily detected. The combined time is therefore the ‘strength’ of the security. (Also, why it might be a good idea to have open sensors on safes, cabinets, etc)
He is a great source of knowledge on physical security for laymen and professionals alike, and leaves an impression of an extremely amicable and well-rounded human being.
That's why one of the more advanced challenges in lock picking is to minimize the amount of evidence you leave. Eg even a normal pick can leave some scratches on and in the lock in different places than a normal key.
If I remember right, 'bumping' is an interesting technique partially because it leaves even less of a trace.
Yup, I've got a three bolt break in resistant front door in my house, but right next to it is a window that can be breached in .5 seconds by yeeting a brick though it. But both will leave traces if they've been forced so my home owner's insurance should cover any losses / damages.
That seems to be a rather weak security, especially relying on “…should cover…” to save you, which I presume you have also never been able to test. And that’s without addressing common mistakes like not realizing the policy is for cash value and requires evidence; which people do not have, is not updated, or is not compliant. That can leave people with effectively no coverage at all, with the only test being run in deployed systems… the first time you check if your arms supplier provided quality arms, is when you’re facing the enemy trying to kill your at the front lines.
I mean theoretically ever the hardest encryption just buys you time. That time may be long past the lifetime of our own sun, but it just buys you time.
The same is true for locks and safes as well.
Being one of the few people who never had their bicycle stolen in a city where this is common, the trick that always works is: Just make your lock harder to attack than other locks that safeguard comparable things.
Good lock + old looking bicycle = no theft
Unless your stuff is unique and high stakes that means regular criminals won't pick you since the surrounding stuff looks more intersting and is the easier target.
Depends on the length of the key vs the message, but if the pad is 100 percent and has something approaching a random distribution, and the message length is suitably padded, and the results roll over in a modulo that is close to the information distribution, then all valid results become close to equally probable, so, while you may decode a message, it is very unlikely to be the message that was sent.
Still lots of ways to crack a poorly executed OTP.
"I parked my old, crappy bike and started locking it.
Some guy went past and said, "Don't worry, love - no-one will nick that", and a passing crackhead said "I fuckin' would", and we three strangers shared a moment of humour together. "
> Under questioning, however, one of Proven’s employees admitted that he had been able to duplicate McNally’s technique, leading to the question from McNally’s lawyer: “When you did it yourself, did it occur to you for one moment that maybe the best thing to do, instead of file a lawsuit, was to fix [the lock]?”
Sometimes a single question tells you how the entire case is going to go.
Back in 2007, I published the first YouTube bypass of the Master Lock #175 (very common 4-digit code lock), using a paperclip.
After the video reached 1.5M views (over a couple years), the video was eventually demonetized (no official reason given). I suspect there was a similarly-frivolous DMCA / claim, but at that point in my life I didn't have any money (was worth negative) so I just accepted YouTube's ruling.
Eventually shut down the account, not wanting to help thieves bypass one of the most-common utility locks around — but definitely am in a position now where I understand that videos like mine and McNally's force manufacturers to actually improve their locks' securities/mechanisms.
It is lovely now to see that the tolerances on the #175 have been tightened enough that a paperclip no longer defeats the lock (at least non-destructively); but thin high-tensile picks still do the trick (of bypassing the lock) via the exact same mechanism.
Locks keep honest people honest, but to claim Master's products high security is inherently dishonest (e.g. in their advertising). Thievery is about ease of opportunity; if I were stealing from a jobsite with multiple lockboxes, the ones with Master locks would be attacked first (particularly wafer cylinders).
Actual thieves don't give a shit to learn lock picking, they can use a fine toothed sawzall or oxy-acetylene torch and defeat any lock just as fast without having to youtube the particular brand.
I used to rent a storage unit. I lost the key to it, and went to the manager. He came back to the unit with a small battery powered grinder. Cut the padlock's loop through in a few seconds.
Most locks are only good if the attacker doesn't have any tools.
I bought a giant pair of bolt cutters a while back for a use case other than bolt cutting (shark fishing; cut the big hook instead of putting your hand near the mouth).
I never caught any big sharks like I thought, but now my wife runs a restaurant and occasionally employees just don't show up to work and leave things in their lockers. Once in a while it's clear it's to be annoying (locking supplies in their locker).
Never met a padlock or combination lock I couldn't shear through easily. Totally has paid for itself.
There's quite a few, many hardened locks will bend or mar bolt cutters... we're not taking bolt cutters off of the rigs because they're relatively small but a K12 and a pair of pliers is way more reliable.
Now, for a similar price, you can buy a hydraulic cutter powered by a hand pump. They also come with replaceable jaws so you dont wreck your cutters when attacking a hard lock.
Generally speaking, the hasps on employee locks aren't big enough to hold anything truly sturdy... I doubt even the most resistant lock you could put on a typical locker hasp would hold up to the giant 3 foot bolt cutters.
To be fair to Sentry Safe, this product is designed to be resistant to fire. A better name for this product would be ‘fire resistant box’ instead of ‘fire safe’ but that’s what they call it for marketing reasons.
A hardened metal safe designed to be resistant to cutting can still be cut through, just not in seconds with a screamer saw (trade name for a metal cutting circular saw)
If you want truly secure, encase your metal box in concrete like John Wick. Access is difficult but security is high :)
FYI, most safes already have a decently thick concrete layer — that’s most of why safes are heavy! (Or, I guess you could say, adding a concrete layer is cheaper than making the steel thicker.)
But they also have a rubber or foam (often styrofoam in cheaper safes) layer, to “smooth out” the force from a sledgehammer, jackhammer, or just dropping the thing out the window.
And a layer of compressible wet(!) sand, to spread out the point stress from a hammer and chisel, impact gun, gunshot, or small explosive configured for concussive force. (The goal here is essentially to replicate the behavior of a bulletproof vest.)
Plus, they often contain a layer to bind and foul and dull (or even break) the teeth of drill bits and reciprocating/chain/band saws. This can be any number of things — low-melting-point plastics, recycled broken glass, etc — but look up “proteus” for a fun read.
If the safe’s designer is clever, just a few materials can serve several of these functions at once. But more is always better. Which is why good safes (and vaults) are so dang thick. It’s not to solve one problem really well; it’s to mitigate N problems acceptably well, for a frighteningly large value of N.
so... if i were a suitably evil billionaire, would i be able to shop for a safe protected by a layer of compressed mustard gas, that is released upon attempted breaching?
This would be a Booby Trap and is illegal, so it's not worth it for that chance of going to prison no matter the value in the safe, if you are a billionaire. It would be hard to find someone willing to help you.
That is a subset of thieves. There are still plenty of situations where it is beneficial to have a lock that can't be opened in 5 seconds with a paperclip, like a school or gym locker room for example. Nobody is bringing a sawzall into the gym while it's open.
Similarly, I know the lock on my front door is not going to stop anyone who really wants to get inside, but it does stop drunk people or bored kids from wandering in because it's easy.
> Nobody is bringing a sawzall into the gym while it's open.
They are bringing in bolt cutters to locker rooms. The locker metal loop that the lock threads through is easier to cut than the lock. I've first hand seen lockers destroyed to remove the lock. Not while the break in is happening but it's easy piece the crime scene back together to understand their tools.
Manual bolt cutters are almost silent except for the "thunk" when it breaks the metal, and there are even battery operated bolt cutters that are quick and compact.
I'm convinced there is basically no foolproof way to secure a bicycle in public.
I've seen everything from braided steel being cut clean to combination bike locks getting picked (by the attacker actually figuring out the correct combination, not just brute-forcing it apart or wangjangling a paperclip).
They just need to steal 1 good bicycle to more than pay off the cost of their equipment. One stolen bicycle could feed a family for a week. In some place like the Bay Area where $1000 bicycles abound, the economics are just too appealing.
Sure there is, but you need to understand the variables involved. How expensive is the bike, how safe is he area, how long are you leaving it there for?
At its worst, people get their fancy bikes robbed as they're riding them in big cities like London; at its best, nobody in small villages locks their bikes because they all know each other.
In terms of locks, general advice is to get an angle-grinder resistant U-lock and lock it through the rear frame triangle+wheel+some solid object.
Since a U-lock like that is impossible to defeat with anything that's not a power tool, and you'd need to spend several minutes grinding through it [0] [1], most thieves will not bother. If they cut through whatever the bike is locked to, they still have a bike that's locked to itself.
For extra security you may want to do the same with the front wheel using something like a chain lock. Locking the saddle is also a good idea. Locks with alarms that notify you could be a decent idea too. And/or just get bike insurance.
From what I've heard, the way to go about it is to not have a very nice bike, make it identifiable and loud (eg ripped up neon tape and graffiti), and then use both a chain lock as well as a U lock that're both thick enough. Also perhaps throw on extra locks to make other bikes look attractive.
Of course none of these work if the thief is part of a ring that is targeting your bike because it's high value.
> use both a chain lock as well as a U lock that're both thick enough
No, thickness is an irrelevant property to an angle grinder. You're adding something like a second of grinding per kg of material. Makes no sense. The trick is to use grinder-resistant locks. Those extend grinding time to minutes.
I have a Brompton and no bike lock for this reason. When I’m on my Brompton it goes where I go.
Actually I do have a “cafe lock”. Its purpose is just to slow someone down enough for me to catch them on foot. I’ve once successfully used the strap on my helmet for the same purpose in Barcelona too.
In Japan they have bike theft sorted with mandatory registration with the local police force. A sticker on the bike and a corresponding bit of paper in the wallet provides proof of ownership, which may be requested by police at any time.
This costs money to administer but it means that nobody in Japan needs to overly worry about their bicycle being stolen. Huge locks are not needed, nor is GPS tracking or third party registration schemes.
The idea of getting a 'hack bike' that looks undesirable is often touted as a solution to cycle theft in the West. However, thieves just want money, so the 'hack bike' that can be easily sold trumps the hard-to-sell expensive bike if money is needed now, for tonight's high. More money can be tomorrow's problem.
Self driving cars won’t fix the real problem - cars take up too much space for the number of people they carry in any reasonably dense city. I’d be quite confident bike lanes should be improving traffic by taking cars off the road more than they are causing “headaches” for traffic.
There are well studied effects that show good bike infrastructure gets more people (especially the young, old, women etc.) cycling who would be too fearful to cycle in traffic, because separate cycle lanes are both in reality far safer but also feel far more safe.
And bike lanes are actually really good for mobility scooters and other kinds of ways for elderly and disabled to get around!
We broke into our own lockers the whole time with metal rulers back when I was in school because of forgotten keys or just because it was quicker opening them that way than actually unlocking and relocking them. (And of course the more students did this, the more worn the metal became and made it even easier the next time)
Most people would be absolutely astounded how bold you can get with a safety vest and/or a clipboard, and how passive most people are to an obvious suspicious situation.
I have used a grinder to take off a bike lock (I owned the bike) in broad daylight in Downtown Denver on a main street. A local business even allowed me to use their power outlets. Not one person questioned me or asked me to see proof of ownership. I was fully prepared to have to deal with cops or at least a good samaritan, but nope, plenty of people watched me do the exact thing a bike thief would do and didn't ask any questions.
> Most people would be absolutely astounded how bold you can get with a safety vest and/or a clipboard, and how passive most people are to an obvious suspicious situation.
I don't think they'd be surprised at all.
What the hell am I supposed to do if I see someone stealing a bike or whatever? Stop them? Hell no, if they have tools then it's a good bet they have weapons. Call the cops? They don't care; recently they don't even pretend to care.
Pretty much all you can do is say, "knock it off" and maybe they stop (they won't).
Don't do this and don't let anyone else do this. Intervening in a crime in progress is likely to lead to immediate execution. Even police squads get shot at, and they are armed to the teeth and well trained.
Yeah as long as we don't have unrealistic expectations from our $30 deadbolts and our $5 combo locks it's fine. But people sometimes buy the cheap thing and expect it to perform as well as a really expensive thing.
That's usually with skills that few have the time to acquire. But I also saw on LPL where he tested a cheap Chinese lock, where the "hardened steel" had a visible groove after just a few strokes of a file, and you could use pliers to rip off the plastic cover around the keyhole, after which all the little parts of the lock mechanism came tumbling out...
It is actually surprising just how little brute force many semi-decent padlocks can handle. A decent mallet and some force concentrator and I think good amount of them will fail.
I just need to be able to show the insurance company a police report and obvious tampering. On video, someone using an aluminum shim looks the same as someone using a key, and any evidence would require some decent forensics. Same goes for skilled lockpicking and bump-keying. Ideally, the weakest link should be the door, the hinges, the shackle, etc.
I don't think there's much of a point. If the thief came prepared with tools and is willing to make a lot of noise, there's not a ton that can be done.
Without even exotic tools, what are the odds the door the lock is attached to will withstand a crowbar? Or the same mallet and force concentrator applied to the door/hinges/where the lock attaches?
But usually the thing that's locked up can survive even less brute force than the lock -- a storage unit near mine was broken into, and the unit owner (who was there with the police) said the thieves just pried off the storage unit lock, the sheet metal door literally tore and the entire locking mechanism came out.
This was an outdoor unit, the thieves came in over the fence (the barbed wire on the fence didn't slow them), and left the same way. If I had anything valuable, I'd keep it in an indoor unit where at least there's a locked door in the way.
Barbed wire is security theater. It was invented for cattle, and it does a reasonably good job of keeping cattle confined. (It doesn't work well for horses because horses are even more stupid than cattle and horses repeatedly injure themselves on it and the wounds get infected.)
Barbed wire doesn't work for humans, especially humans who have some familiarity with it.
Barbed wire worked well for human soldiers in WWI. It was part of a security system that also included trenches, artillery, machine guns, and active counterattacks, but it was a crucial part.
I assume that means humans with adequate tools. If I didn't at least have some wire cutters or a carpet I don't know how I would get through it without grievous injury. (I further assume we're not talking about the serious barbed wire from WWI.)
There are diminishing returns. Just look at bike locks. Anything higher than trash tier, and the issue is finding a dedicated bike stand, since anything else will get destroyed by the grinder faster than the lock.
Instead of declaring all bike thieves felons and imprisoning the 1% of them we manage to catch, we should spend our money on sting operations that catch the 50 or so individuals in each city that steal 80% of the bikes, and reserve the felony treatment for repeat offenders.
I helped catch one of these repeat offenders when my bike was stolen. When it was recovered they told me they had a huge warehouse of bikes that nobody would claim, and mentioned 90%-ish of all bikes aren’t recovered and they were having space problems just storing all the unclaimed bikes. First thing we actually need to do is get people to register their bikes before they’re stolen, and then report them missing after.
Funny side note, the cops actually offered to let me setup the sting, make contact with the thief and pose as a buyer. I was sure they’d sternly recommend I do not get involved, so I was very surprised, but it was a busy night when I called and they had no officers immediately available. I did make online contact, but due to delays setting up the meet, the cops ended up handling it without me, and when I went to pick it up they were rightfully very proud of catching the guy and being able to return the bike to me.
You had better luck than me. The San Jose PD only begrudgingly gave me a police report weeks after reporting it (needed it for insurance purposes), and told me a could get a copy of it a month later. I'd have to go to the records dept in person between the hours of 10AM - 2PM (email a copy? Are you crazy?).
So I did that, showed up. No other people there. Person behind the counter told me they were too busy, and I'd have to show up some other (unspecified) day.
A bummer, sorry to hear it, that sounds frustrating. The big difference might be that I found my bike for sale in the local classified ads (a couple weeks after it was stolen), and I had the thief’s phone number, before I called the cops. They recognized the phone number. My PD might also do little to nothing if I just report something missing. I do think I got lucky, yes. And I was extra lucky that the thief listed my bike for a completely ridiculous amount of money, more than the original purchase price for a bike that was like 15 years old and not as well maintained as it should have been. His list price meant nobody else jumped on buying it right away. (But I do know now that my chances of recovery go way up if I register a bike.)
I like the bait bike operations some police departments do to catch the shops buying stolen bikes. Addicts steal things they can fence and cutting into the business side means you don’t have to catch nearly as many people, although Facebook is determined to fill some of the gaps.
I learned this as a kid: that big, chunky padlock on our garden shed could be busted open by a 10-year-old with a cricket stump and 3 seconds of pulling.
Actual thieves are most interested in low effort/fast methods of bypassing locks. Master single pin picking to LPL's level and the thief might as well just turn locksmithing into a career instead of stealing. Low effort attacks like shimming, raking, bumping though might be worth a thief's time to learn.
Some are still resisting this kind of attacks. The hiplok D1000 has a thick rubber like abrasive coating that makes it super hard to cut through the metal with power tools
These jobsite storage boxes [0] are typically too heavy to steal (and can also be anchor-bolted), and the locks are highly-recessed within an enclosure... practically the only exposure is the keyway... and then there's thousands of dollars of tools inside.
Worth it for smarter crooks. I'm a former IBEW electrician, and I've seen both stranger and more-miraculous occurrences — but I've seen it all.
Which is relevant when you're defending against Ocean's 11 or the Mossad, but for the other 99.999% of us, the lock is there to keep a bored teenager or a meth junkie out.
Or, more realistically, to convince an insurer that we've made a token effort to keep them out.
It depends on where you live. I guess it's not uncommon to hear about someone entering a building "as the delivery guy" just to try to pick a lock and see which one opens.
If you make too much noise people will get suspicious and might call the police.
Yes. I once saw a guy open a bike U-lock using a car scissor jack and he was done in about 20 seconds and the bike was gone. Nowadays there are very good battery powered grinders that can take a cutoff wheel and no padlock is going to resist that.
Get a used pickup, get some vinyl letters at home Depot, put something like "a+ home services" on the side, and you can probably break into a few dozen suburban homes without anyone reporting you
A portable plasma cutter? What is this, Star Trek? Are there some extremely-high-power-density battery-operated plasma cutters available on Aliexpress that I haven't yet run across? Or maybe I should locate my safe far away from my stove/dryer receptacles?
But people have been welding with batteries for ages. The most primitive welder is a car battery and a couple of wire leads. Tons of videos of it on YouTube.
Yeah, fair enough. Two car batteries in series is even better.
Not easy on the batteries, but it will get the jeep out of the bush.
You can also make your own stick electrodes from coathanger wire tightly wrapped in paper.
I couldn't tell you how many pairs of sunglasses you should parallel to protect yourself...
This rig, on the other hand, is something you could pack into just about any plant and fix something with without raising any eyebrows. If you have $5,000 to spend, that is. Super handy for small jobs in hard to access places.
Batteries in series, typical stick welding voltage is ~27v. You might be able to light up on one battery, but you will quickly learn why it's called "stick" welding.
I wouldn't arc weld with any number of pairs of sunglasses, that was firmly tongue-in-cheek; but yes you are right, stacked glasses would be series.
Also, if you try this, before pulling the battery from the non-broken jeep, drive it to the top of a hill so you can bump start it later when the battery is too dead to turn the engine over.
I doubt you could charge them faster than the welder can run them down, so you might want three sets and two gang chargers if you want production anything like a plug-in machine.
A while back I was making a point about the border wall farce--and found everything I would need to do "portable" plasma cutting on said wall on Home Depot's website. Not pick it up type portable, but put it in a wagon type portable. (Generator, not batteries.)
I don't know how anybody can look at those rusty metal pylons and not think their natural habitat is at home on top of a 40 year old white Toyota pickup with a suspension that long ago achieved sainthood. Like if I were looking to attract illegal immigrants, those pylons would be exactly what I would use. But then again isn't this just the standard fascist pattern? Propose a comically self-defeating solution to some problem, and build a tribal identity around aggressively denying the obvious. It's like the social justice preaching to the choir writ large.
You can pick up a wholly self-contained plasma cutter in Lidl or Hofer in their "cool tools week" for about £100 these days.
It wouldn't be beyond the wit of man to hook that up to a biggish inverter and 24V worth of deep cycle batteries on a small trolley, maybe a wheelie suitcase.
Entirely depends on what manner of thief we are talking about here, what they're going after, how important it is to them, and how much they care about the owner knowing the lock was tampered with.
This is why I don't like such black-and-white opinions... I think the answer is rarely so simple.
I think it's largely a class or educational divide. I come from a very hick, redneck, working class area. People use black-and-white statements and course language with the understanding that corner cases will exist anyway. My use of this type of language common in more middle America is something I find the more silicon valley or tech centered HN constantly finds issue with.
It's common in more upper-crust / educated circles to shit on people that use more course, black and white language. I believe it has more to do with cultural divide than misunderstanding that rare/corner cases exist.
In another recent exchange on HN, I was damned for using the word 'never.' They didn't even explain why, just said they wouldn't believe people that used it. I was using it in the redneck sense "you'll never get that girl" as in it's extremely unlikely to the point it's hardly worth even considering, rather than the nerded out version that it means the chance is literally precisely 0.
FWIW I come from a non working class background ( but am not American ). My friends and I routinely debate in such a manner, and don’t see any problem with this. If confronted with a stranger we might be a bit more cautious ( basically we’ll state the rules of the conversation) but that’s about it. If needed, we’ll sometimes be a bit more accurate.
I understand your statements as you mean them - I default to giving you the benefit of the doubt, and automatically assume that black and white statements are shortcuts. Only, and only if you seem to not understand nuance then I will adjust my stance, but I usually assume you do!
I think the problem can be described as assuming good faith in the argument - that is, that you're talking with someone who you are presuming is attempting to communicate, not just "win" the conversation.
The difference becomes clear very quickly - if there's a genuine misunderstanding, someone will clarify and move on; if someone is trying to rules lawyer the conversation, it won't.
People from "hick, redneck, working class" areas don't say "hick, redneck, working class".
They might say "hick" if they're from rural northern New England, the upper midwest, rural Canada, or Cascadia, usually with self-deprecating facetiousness. Most of these people are smart enough to do whatever they want in life, but just choose to live by their standard of normalcy and just like their friendly small towns best.
If they are from the lower midwest or south, they will sure as hell just say "redneck", and most take it as a compliment even though many of them deep down are just compensating because they don't have any other options.
But nobody calls themselves "working class". Not in the rust belt, not in the rural midwest, and not in the south. That's more of a politician's word, and a condescending slur from the white collar crowd that usually ends in a broken jaw.
> Low-intelligence people are masters of black-and-white thinking. It's also part of a psychological defense mechanism called "splitting."
> They only seem to think in terms of opposites, ignoring the grey areas in between. Reality is too complex to be interpreted only in opposites.
> As a result, they tend to simplify everything. While simplification is useful sometimes, not everything can, or should be, simplified. Knowing what does and doesn’t require simplification signals high intelligence.
The problem is when you speak in absolutes while simultaneously "not meaning it" that way, is that this is not conveyed to the people you are speaking to, so we can only assume that you did mean it, and now we think you're being unreasonably generalizing.
And I think it's pretty hard to have a useful conversation if we cannot use agreed upon terms to convey what we mean. If you know that not everyone will understand your intention by saying it that way, then why do it?
I'm saying that some people don't understand that some cultural uses of black-and-white English indicate practical precision rather than absolute theoretical precision.
Issues with master locks are hardly new- back in the 1980s, I downloaded a file from a BBS explaining how to open a combo lock (basically by pulling on the shackle while turning, and a few other tricks.
Oh my god, I remember doing this technique on my lock, I remember doing this in the early BBS days, I remember learning this from a short text file. I'm 80% sure it was this file!
The most absurd thing is the original video response from the company was good, and with a very compelling argument: their customers never saw shimming in the field. Their user base don't need shimming resistance: security needs to be adequate, not perfect. And they follow-up by presenting options about people requiring the lock to be shim-proof.
Granted, in this day and age, it's a disgrace to still make locks that can be shimmed. Especially when the shim-proof alternatives they show just have an additional notch to catch the shim.
> their customers never saw shimming in the field.
This is arguably good PR, but a terrible response. Shimming is so quick and hard to detect that even if you had 24-7 video of the lock, you probably wouldn't notice that the lock had been shimmed. You would just assume that someone lost a key.
It's a trailer hitch lock. If someone steals your trailer then you definitely do notice. And if they just shim the lock and put it back then it doesn't really matter.
This guy shims a $100+ lock in 10 seconds with a liquid death can, all without speaking in the video, just replays and then destroyed their claims and GTFO. Absolutely masterful.
If you don't know him already, I highly recommend videos by LockPickingLawyer — he routinely destroys bogus claims of various companies within seconds. It's quite entertaining to see how little security you actually get from most locks.
LPL owns Covert Instruments, who employs McNally, the YouTuber who got sued in this case. Probably not a coincidence that Covert Instruments wasn't named in the lawsuit.
There aren't that many ways to cut a shim from a can that work and don't take excessive effort. It's a rounded hook shape, with a handle piece trimmed so you don't cut yourself.
That explains so much. Done to well for a goof channel, eclectic assortment of skills ("tactical garden trowel" vs fully equipped metal shop vs perfect video production), all fat trimmed off the videos.
I kinda want tvtropes to put a name on his slapstick humor. It's like looking over the shoulder of that weird uncle that seems to live in an entirely different world.
My understanding is that LPL is not still practicing (he says he's retired, to focus on security work), but I'd guess he knows someone, if McNally didn't already have his own lawyer.
I mean, it's not exactly a secret. If you really want to know you can look it up online. He even has a whole talk he gives about why he generally doesn't reveal his identity. People send him packages with trackers hidden in them, hire private investigators to follow him with bogus stories, etc.
Crime had already been falling consistently for several hundred years throughout Europe when the first gun-licensing and gun-control laws were being passed in the Wiemar Republic. You don’t need control over weapons to reduce crime, you just reduce crime.
Incidentally, a few years later a certain political party got their candidate elected Chancellor. He more or less immediately ordered the police to use the gun-licensing records to identify Jews who owned guns and had them arrested. It’s actually pretty hilarious, in a very dark way, to read some of the arrest reports. When Jews were ordered to surrender their weapons to the police, many of them brought the weapons to a police station as instructed. They politely stood in line while the officer at the desk wrote out arrest warrants for them one after the other. The crime? Carrying an unlicensed weapon. The location? The police station in such-and-such precinct. The witness? The officer at the desk. The prisoner? Turned over to the SS.
Locking doors makes legal follow-up easier: "The deceased - do you know if he broke and entered?" "Yes, your honor. I always lock my doors at night. Exhibit A is a video of him busting the door down after trying the doorknob."
That's a really well put. We are expecting a son soon and as I was reading this read and your comment, I couldn't help but asking myself will I ever say anything that my son will remember for years. And how can I be prepared.
I've watched LPL videos and practiced on regular locks, I can pick something that is about 10$ or less, but these expensive locks with good tolerances (Abus) or disc detainer cores (kryptonite locks,) no amount of practice and fiddling with the correct tools has ever opened one of these. I lack the skill or touch.
I can hold a 18v grinder with a cutoff wheel just fine though, I lost the keys to one of those kryptonite locks on my bike and I was riding my bike again 30 seconds later.
Yep, it’s like those security screws, they’re not used to stop you opening the box, they’re used to prove that you knew you shouldn’t be opening the box.
Most of the time they’re just there to make you _think_ that you shouldn’t be opening the box. In the US the Magnusen–Moss Warranty Act of 1977 explicitly prohibits companies from voiding any warranty merely because the owner opened up the device, repaired it, or had it repaired.
> It's quite entertaining to see how little security you actually get from most locks.
Yeah, one of my conclusions after years of watching LPL is ironically to start buying cheaper locks.
The difference between a $3 and a $300 lock is just about a minute of time for an experienced lockpick. No lock is capable of dissuading a determined thief, but any lock is equally capable of dissuading a lazy one.
The best policy is to have a lock that is resistant to cutting and destruction, with a trivial key. Nobody tries to pick a lock, and if they do, they're winning. Most or all breakins happen through brute force not technical sophistication, so a decent chunk of metal is a fine adaptation.
About the only thing I've seen that qualifies is the no-car, metal gates to walking/camping trails in State Parks (PA, anyway.) The key-lock is surrounded by a 1/2" steel can, with only the bottom open and some distance to the lock itself. Attempting to pick that would mean being upside down 2 feet off the ground. The steel shroud would thwart a casual angle-grinder for long enough not to bother.
Most other security for locks I've seen could be defeated with 60 seconds and a 3" cutoff tool that fits in a pocket.
I use the locks my insurance company recommends. That's who it's there for anyways.
The other side is "career" thieves will know how to pop-can shim a lock but most of them are not going to use or break out a set of picks. One main reason it's an additional felony charge if you get caught using them. So a _slightly_ better lock is sometimes warranted for outdoor applications.
The final piece is they'll just steal a car and then drive that car through your shop front to get what they want. Up here in Northern California a gang pulled off the same heist as the movie "Casino." They drove a van up to a wall and then knocked out a small segment of the wall to gain entry.
I'm considering an angle grinder resistant lock for the bicycle. They are not totally uncuttable but it means you have to be stood there for a couple of minutes changing worn cutting disks and the like. Quite expensive though.
>The difference between a $3 and a $300 lock is just about a minute of time for an experienced lockpick.
How about non-experienced lockpick? Or the one who gonna brute force everything? I think there's value is expensive lock (Assume you buy the high quality one, not the over-price one)
Yep. The low hanging fruit principle in action. You can’t make anything completely secure so you put up more obstacles than your neighbor so the attackers go visit the neighbor instead.
Or in the case of targets with no neighbors like missile bases, you know approximately how long it might take an attacker to succeed, then put big guys with guns within that distance measured by time.
Oh, this is where I disagree. A wire can be quietly and discreetly cut with wire cutters in seconds. This is no protection at all. It's just inconvenience for you.
What I've been using for years is a heavy chain with a lock (disc-detainer style). The chain weighs around 3.5kg. You can of course cut it with an angle grinder, but have you ever tried cutting a chain with an angle grinder without a vise? The chain slips away and it's really difficult to hold it in place for the cutting, which would take more than a minute.
All those Kryptonite-style U-locks have the disadvantage of being easily fixed in place for the cutting. They are also useless for attaching your bike to large trees, street lights, etc.
Remember that if a bear is chasing you, you don't have to outrun the bear, you only have to outrun your friends. If there are 4 bikes and my bike is the most difficult to steal, I'm fine.
It's completely different to snip a cheap wire lock or even just pull hard on it and have the lock break versus pulling out the angle grinder and making a huge racket for a minute.
I picked up and started practicing with Lishi lock tools, and I cannot recommend them enough. Pocket Tool Warehouse out of Texas has been good in my experience for sourcing them, no affiliation. Like an automatic transmission for lock picking.
Ditto. I was even able to put my lock picking skills to use one fine summer day when the dog park was locked due to "rain from yesterday" even though the grass and everything was clearly fine. We had a lovely time running around as a family, along with a couple other families, for about an hour before the groundskeeper came and shooed us away.
The ethic, IIRC, is that you only pick locks that you own, or that you have permission to pick.
Also, maybe the groundskeeper knows things about groundskeeping that you don't, on account of how much time they spend doing their job, which is keeping the grounds.
When we moved last time, our "financials" filing cabinet accidentally got locked (one of the ones with button lock) and I wound up having to pick it. The ability, even at a basic level, comes in handy more often then you would expect.
At a previous company, a power outage knocked out our router, which knocked out the card access system, which locked us out of the server room where the router was. Good news, there was a physical key bypass. Bad news, nobody knew where said key was. Lucky for us, I could pop out to my car, grab my picks, and then got the thing open in a couple of minutes.
Definitely the most above-the-board use those picks ever got (Though obtaining access to my university dorm's AC controls definitely made me more popular).
In high school I didn't even have lockpicks, I just carried a super tiny pair of needle-nose pliers along with some other tools in my Five-Star zipper binder, and the tips of the pliers were fine enough to stab into the holes of those stupid snake-bite security screws that held down the thermostat covers in the classrooms.
Once teachers realized I could open the thermostat covers and adjust their setting in seconds instead of the hours it took to go the official route, not only was I very popular, they would occasionally send hall passes to summon me from other rooms to perform the service. I was doing fine in my studies and this was not an academic impediment, it was just hilarious. Eventually I just started leaving the covers loose, a fig-leaf that the custodial staff seemed content to ignore.
...
Fastforward a few years into my career, still not carrying lockpicks, but much more familiar with the art. A shipment of cabinetized network hardware arrived, but the cabinet keys were not ziptied to the doors as was customary. The installers were looking at having to go home with a short timesheet because they couldn't work.
I was in the NOC for another reason entirely, but I asked the supe to cover me for a minute and trotted out to the equipment room. I swiped a couple pins from the corkboard (for some reason, the office used dissection T-pins instead of regular pushpins), bent the tip of one, used the other as a turning tool, and proceeded to rake open one of the cabinets. The install crew lead's jaw hit the floor. I insisted on teaching him to do the rest, and moments later not only had he opened the rest of the cabinet doors, he had scared himself with how easy that just was, and stood in silence for a minute, shocked by his newly-acquired skill.
Early in our dating, my (now) wife moved into a new apartment and accidentally turned in the key to the back patio storage room with the keys to the old place. She was embarrassed to ask the old landlord, so she asked me to ask him. Instead, I popped home, picked open the patio storage lock, and then re-keyed the lock to match the front door. When I was a teenager I bought a (apparently lifetime) supply of assorted lock pins.
I had to use my lockpicking skills when my grandma moved across country to live with my mom. She put her stuff in a "Portable On-Demand Storage" container and accidentally put the key to the lock with her stuff inside the container.
Luckily, she used the shitty round lock that a lot of storage companies recommend. I was able to pick it in just a couple minutes. Someone like LPL would have had it open in mere seconds.
Thinking of doing the same! Which kit did you order? I see a FNG, FNG+ Bundle, and "Learn lockpicking bundle". 3rd one seems the most likely candidate. Any tips you can share? Thanks!
Start with a cheap kit from e.g. Amazon which includes a couple of perspex locks so you can see what you're doing. Get a real set of picks for real money once you graduate from that.
I got the Learn Lockpicking bundle a few years back, it's a solid customizable lock - six slots, a few different pin styles, and the springs to make it work. I got practiced enough to get a 3-pin opened, but I'm definitely out of practice now.
I did the same (also during COVID, after doing it for a bit in my youth). I haven't tried Covert Instruments gear, I bought some other pack from China, but whatever pack you can find with the basics (and maybe some variety so you can try different techniques) plus a training padlock so you can see what's going on inside, and it'll be a walk in the park.
> It's quite entertaining to see how little security you actually get from most locks.
Physical locks are for honest people. They signify that something is not meant to be accessed and at best slow down someone actively trying to access the other side of the lock.
I recall either "The lock picking lawyer" or McNally explains that only in 3% of cases are locks picked during a burglary. In all other cases windows or doors are simply forced open. So at best locks are meant to prevent of crimes of opportunities.
One day I came into the office and noticed that one of our neighbors doors had a triangular hole cut into it near the door handle. It was a solid core door on an interior hallway. One of our cameras picked up the sound, someone brought a chainsaw and in about 30 seconds cut a hole in the door so they could reach through and open it from the inside. They took the safe, but I was told the safe was empty.
Oddly, this is a case where they would have had plenty of time to pick the lock as well, and it would have been much quieter.
> at best locks are meant to prevent of crimes of opportunities
A lock forces the thief to either spend time defeating it or physically break something. Even if it doesn't slow him down it should hopefully make it visibly obvious that he's doing something illicit.
Yeah my understanding of burgling is it’s all about speed. One of the best deterrents you can have is I think called “laminate glass,”that doesn’t shatter into a bunch of pieces when it’s hit. It has a tendency to hold together so they have to spend precious seconds knocking out more of it which almost always makes them run away rather than risk it.
If I can go out on a limb here, I also think I recall that they have very specific things they look for. For instance they will often run straight for the master bedroom and start pulling out drawers/checking closets because people tend to keep jewelry in there. They want small items.
Anything that slows them down tends to deter them even if they make an initial attempt
This is why the complaint about smart locks being hacked is so utterly ridiculous to me. A thief isn't going to hack your lock, they're going to bash a window in
Even if I can unlock a hypothetical 90% of physical locks, I still need to go in person to every house that has one. On the other hand, if I crack one smart lock I now have remote access to every home that has one, and I can operate on all of them simultaneously. Anything internet-connected makes doing damaging things at scale much easier.
Exactly. There's a lot of strongly worded stuff in here about how easy locks are to defeat, but that's only against someone who's practiced the art, which is a very small percentage of the population. And in my experience they're mostly honest people interested in the technical challenge, rather than criminal exploitation. A typical modern lock is going to massively slow down or outright stop nearly everyone who comes up against it.
I think that it's more useful to think of all defenses against physical intrusion as increasing the cost of intrusion in some way, be that time, skill, risk of being caught, access to specialized devices, etc.
Most "normal" locks don't increase the cost too much but they do raise it - perhaps enough for a thief to pick another target, or perhaps enough for the thief to choose another method of entry such as kicking in the door (which itself comes with additional risk of detection).
Exactly it is about layers. It is the same with computer security. Is my network "unhackable" no. But I've put up enough layers of basic security that script kiddies and the like won't be able to get in.
Depends, do you count wave-raking as picking? I bought a cheap lock-picking set, takes me about 5 minutes to get their basic perspex lock open. "Masterlock", wave rake opens it in a few seconds -- even my then 10yo could open it in <30s.
> overpriced lock they conveniently have for sale and in stock in their vehicle
I object to the word overpriced in this context. It costs a lot of money to keep locks, tools, and other spare parts in a vehicle (including the cost of the vehicle). If you need a lock now and they have one it should cost a lot more than if you need a lock in 6 months and can wait for the factory to get around to making it. When you call their locks overpriced you are failing to understand the costs and value of having a part on hand.
Security is about layers. If I have a basic lock, all I want to do is stop an opportunist.
I have a vehicle that is extremely simple to steal (you can unlock everything with a screwdriver), to protect it I use both a pedal lock, a secret second key and a steering wheel lock.
Will it defeat a determined thief or a team of thieves? No way. However it will put off most opportunists and slow down a more experienced thief enough that they may choose another target.
Don't know why you are being downvoted because it's true. Lots of people wouldn't try to break past a lock but if you leave a door open many people would fall for the temptation.
No one would be surprised if you showed that you could cut a hole in pretty much any normal door given the right cutting tool. Yet people seem to act surprised and betrayed to learn that a normal lock can be picked or broken given the right tool.
And that's fair and reasonable. Of course you can cut a hole in a door. Everyone capable of forming thoughts on the subject has seen someone use a saw at some point in their life. However, locks greatly exaggerate their abilities, to the point you can forgive someone for believing that they actually mean them.
I just now went to masterlock.com, clicked HOME & PERSONAL > View All Products, and picked the very first product[0]. It says:
> The 4-pin cylinder prevents picking and the dual locking levers provide resistance against prying and hammering.
The very first thing it says is that it prevents picking. To someone who isn't familiar with LPL, and who doesn't want to have someone pick their lock, this seems like a great product. It prevents picking! And it must, because otherwise it would be illegal to say that, right? But alas, it does not, in fact, prevent picking.
Compare that to a random product page for a household front door[1] that says "Steel security plate in the frame helps to resist forced entry" and "Reinforced lock area provides strength and security for door hardware", which indicates that this might be a strong door, but doesn't claim that it "prevents someone kicking it in". It helps to resist forced entry, but doesn't say that it prevents it.
> No one would be surprised if you showed that you could cut a hole in pretty much any normal door
The definition of “normal” varies by region. In European cities, it means a pretty heavy door of multiple layers of steel (and pretty unpleasant stuff in the middle) that would probably take 15 minutes of deafeningly loud cutting with a circular saw. I understand the standard for US suburbs is much lower (as it might as well be, given windows exist and the walls aren’t all that sturdy either).
A very long time ago I worked in an office building that had several suites of offices. One of them was a biotechnics company that did things like genetic analysis of farmed fish for selective breeding, massively commercially sensitive stuff. They had a "secure document store" built within their suite, with a thick door made of 19mm ply layers either side of a 6mm steel plate, welded to a full-length hinge, which was in turn welded to a 25mm steel tubing frame, with big long brackets bolted into the brick work of the exterior wall on one side and a steel beam on the other. One key in the possession of the CIO, one in the possession of the CEO. CEO was at a fish farm in Norway. CIO was in the office, getting paperwork out of the safe in the secure room, got a phone call, stepped out of the room to get a better signal, slam <CLICK> <KACHUNK> as six spring-loaded bolts about as thick as your thumb pegged the door shut.
Rude words.
Can't get a locksmith that can pick that particular Ingersoll lock. Can't get a replacement key because the certificate is in the room, and you'd have to drive down to England to get it. Can't jemmy the door open, it's too strong.
Wait.
There's a guy who parks an old Citroën in the car park, I bet he has tools, doesn't he work for that video company downstairs? Let's ask him.
So yeah it took about ten seconds to get in to the secure room. I cut a hatch through the plasterboard with a Stanley knife, recovered the keys, taped the plasterboard back in place, and - the time-consuming bit - positioned their office fridge so no-one could see it.
A swift appointment with an interior decorator was made by a certain C-level exec, and a day or two later there was a cooler with about 25kg of assorted kinds of salmon and a bottle of whisky left in my edit suite.
I know it's OT but I wanna know what your old Citroën was. My first car was an S1 BX. Plasticky 80s goodness. I know it's not everybody's idea of a classic (at least in Australia where Citroëns aren't particularly common) but I loved it.
At the time I had a 1989 XM 2.0, but at various times I've had a couple of CXes, several XMs, a couple of GSAs, a BX briefly, and an AX GT.
One of the XMs was the 3-litre 24-valve one which would sit comfortably at twice the legal limit, with the only real difference being the stereo had to be a couple of notches louder and the trees and road signs came up twice as fast. Oh, and the trip computer showed an astounding 8MPG - you wouldn't be doing 147mph for long because you've got less than an hour of fuel in the tank at that speed.
The AX GT was the carby one, basically their 950cc hatchback with the 1.4 out of a BX dropped in and a lumpy cam and twin-choke 2x32mm Weber carb. It was a little pocket-size tin of hooliganism.
The CXes were probably the most refined of the lot. Look up DIRAVI steering - fully powered, no mechanical connection between the steering wheel and road wheels when it's working normally.
Our uncle had a CX when we were kids. When he would visit we loved waiting in the driveway for him to start it so we can watch the air suspension engage and lift the car a good foot up.
If you hadn't been there to fish them out of the situation, they would have been boned to a scale they weren't prepared to deal with. You deserved the reward for getting them off the hook.
> They had a "secure document store" built within their suite, with a thick door made of 19mm ply layers either side of a 6mm steel plate, welded to a full-length hinge, which was in turn welded to a 25mm steel tubing frame, with big long brackets bolted into the brick work of the exterior wall on one side and a steel beam on the other.
Wow, that sounds like a pretty secure entry! I wonder how they secured the walls, that’s a lot of steel plate, enough to require structural reinforc—
> So yeah it took about ten seconds to get in to the secure room. I cut a hatch through the plasterboard with a Stanley knife, recovered the keys, taped the plasterboard back in place, and - the time-consuming bit - positioned their office fridge so no-one could see it.
Haha, that was my guess. This is like constructing a safe with a super heavy reinforced steel door on the front and construction paper on the sides and top! He could’ve kicked his way through 5/8” (prolly 16mm to you lot) drywall ;) Your solution was a lot cleaner and you earned that tasty reward!
Hah, I love this sort of story. Recently I was on site and we needed some electrical as-built drawings. They’d been stashed in a tool box, which was locked (and pretty well designed to protect the padlock from bolt cutters / angle grinders). Unfortunately one of the guys had taken the key with him and it was now a two hour plane flight away. They already tried and failed to cut the lock, and were getting an angle grinder to just cut in through the lid (it was ~3mm steel sheet, so hardly impenetrable, but destroying the toolbox would not have been ideal) when I pulled the pin out of the hinge and recovered the drawings that way.
Turns out watching Pirates of the Caribbean wasn’t a waste of time after all. ;)
Right - the quality of your locks matter a lot less if your average 5-year-old tee-baller can through brick through the wind and climb in. One always needs to consider their threat model when considering what security to invest in getting.
Bang on. LPL himself uses a slightly modified Kwikset lock. The modification seizes the lock if someone tries to pick it. I'm the video, he says it isn't to stop all break-ins, but to stop non-destructive break-ins.
The difference here is that cutting a hole in a door is a destructive operation, like applying bolt cutters to a padlock. Lockpicking just operates the lock as designed.
The analogy is probably closer to someone entering your home by pushing the doorframe open so that the door opens without unlocking the lock, or that many automatic doors can be opened by spraying some compressed air through a thin sliver, triggering the internal door sensors. Both are feasible in practice, leave little evidence behind if done well, and do actually surprise a lot of people.
Bought my teenage son a couple lock picking kits, he's picked almost every single lock we have in our house.
I then picked up a sizable rock, and told him I could get into the house faster than he could. He didn't understand for a few moments, but the lesson was learned.
Dog is not the cheapest option. The amount of work that goes into taking care of a dog is quite substantial. I know from experience. While many/most people do not mind doing the work/expense, some of us prefer cats because they are a lot less work, among other reasons. I do however admit that cats suck at scaring away intruders.
A large dog is one of the few things that can actually prevent most break-ins.
Story time:
There was a serial killer in CA a few decades ago. The police mentioned he doesn't attack homes with dogs, next victim had a small dog. Next the police mentioned he doesn't attack homes with medium or large dogs, next victim had a 30lb dog. Next the police mentioned he doesn't attack homes with large dogs. His next victim didn't have a dog. If its 80+lbs, very few people will mess with them and they will love you forever.
Most of the world don't construct their homes out of flammable materials, so the risk of the entire place going up in flames is quite low. In some places your home is uninsurable if you dont have burglar bars on all windows.
Regarding dogs: some organophosphate mixed into minced meat and lobbed through your fence/gate/open window is an instant and quiet way to get rid of a dog - personal experience taught me this lesson.
Best and cheapest option is a dog, decent insurance, and off site backups that regularly get restores tested.
And maybe a little bit of not getting too attached to "stuff" - there's very little stuff that's truly irreplaceable. I'd miss my first guitar if my house was robbed and they took it or if my place burnt down. I'd miss the HiFi gear I bought in 1988 and still use, and maybe my modded espresso machine. But I'd get over that loss and my sentimental attraction to those things just fine, especially after I'd replaced then with my insurance settlement.
Or "diversify", basically don't put all of your eggs in one basket. Can be done at any scale too, from storing backup copies of important documents at your parents house to buying a few apartments in Indonesia.
Reminds me of high school when people were buying expensive locks for their lockers. These locks, no matter how tough, all still locked onto a flimsy 1.5mm steel hasp that you could bend with your fingers.
Folks that really care about security go for tamper evidence.
For example you can get a filing cabinet which has a lock and a counter that ticks every time it is opened. You pair it with a clipboard where you note the counter count, why you opened it and sign.
It can be picked, that can't be avoided. But the act of opening it creates a trail which can be detected. Adding a false clipboard entry is detected by subsequent users, there typically aren't many people with access.
Determining that you have a breach allows it to be investigated, mitigated. The lock is an important part of that, but it isn't perfectly secure so you manage that flaw.
Of course filing cabinets are getting rare and replaced by digital document stores, with their own auditing and issues.
But if that's not the threat you are trying to protect against, there are locks that are sufficiently secure that picking or other "low-impact" defeat attempts are considered pretty much pointless. Abloy protec2 comes to mind.
The Canadian Mint in Ottawa has a rather impressive large gold bar on display in the gift shop for people to lift and take photos with. It's not in a case or anything.
It's chained down with a Protec padlock - and there's a cop a few feet away to deal with you trying something un-subtle.
To me that sounds more like a good endorsement for having a guy legally authorized to use force against you standing guard. Any old padlock is probably safe when a uniformed agent of the state with weapons of varying lethality is standing next to it.
You don't even have to go that far. Firefighters have core pulling kits that take care of 90% of all locks in 2 minutes tops. And for most other locks, the thing holding the lock tends to be less of an issue than the lock.
I had an Abloy Protec2 malfunction while locked (PSA don't use them for key-only sashlocks) and the locksmith drilled it out in ~10 seconds. That is the last time I spend that kind of money on a lock!
Doesn't even need to go as far as using power tools.
Every lock I've been unable to pick (usually due to the fact that it's a pile of rust) has been susceptible to bolt-cutters. Big lock? Bigger cutters. Still cheaper than an angle-grinder.
Not in the sense of "can't be opened without the key".
Good locks buy you two things: Deterrence (maybe), and a set minimum of time and noise requirements to bypass them. If your lock reputably takes 3 minutes to pick or a Ramset gun to blast them open, make sure your guard comes by every two minutes, and otherwise stays in earshot.
It's obvious to the owner and the whole world that an intrusion has occurred if the door is sawed open or the lock is cut off. It's nice to know your home has been broken into vs. some of your jewelry is gone and you don't know whether to blame your teenager, a relative, someone who did work on your house since you last checked, etc.
Photos of your sawed open door will probably help in your insurance claim too. Telling your assessor "the cops say they might have picked the lock" isn't something I'd want to rely on to get my claim approved.
It depends on what "secure" means. Any lock can be destroyed with tools. Most locks can be broken with a big pair of bolt cutters, a drill, or, failing that, melting.
If secure means "without leaving evidence of tampering," things get a lot more interesting, but that has narrow practical use cases outside of stuff like espionage. Once you're in this space, we can start talking about how difficult something can be without specialized tools. But now we're leaving "I am protecting my stuff" territory and entering "this is just a sport and we're agreeing on a ruleset" territory.
There are a couple of lock designs out there that I don't think anybody's successfully ever picked. The ones that first come to mind are a couple of the "smart" electronic locks. Many of those are junk, but a few are very well thought out.
Secure against what? You might be surprised at what a wench and a truck can pull / destroy. If that fails, there are shotguns and also explosives, jackhammers and the like.
There are always assumptions built into lock design. A simple lock is very secure if a fence is jumpable, most people will jump the fence rather than mess with a lock.
Even a complex lock will never be secure for national secrets (like nuclear missiles), you need to just assign guards. Locks exist but are basically a formality (IIRC, many tanks and airplanes are left unlocked because all the security posture is with the military and the lock itself is too much of a hassle for logistics).
------
Fort Knox itself was designed to be safe from Nazi invasion. If the Nazis invaded New York City, they won't find any of the governments gold. The 'lock' in this case is the miles and miles of geography the Nazis would have to navigate before reaching Fort Knox.
"In 1933, the U.S. suspended gold convertibility and gold exports. In the following year, the U.S. dollar was devalued when the gold price was fixed at $35 per troy ounce. After the U.S. dollar devaluation, so much gold began to flow into the United States that the country’s gold reserves quadrupled within eight years. Notice that this is several years before the outbreak of World War II and predates a large trade surplus in the late 1940s. [...] In 1930, the U.S. controlled about 40% of the world’s gold reserves, but by 1950, the U.S. controlled nearly two-thirds of the world’s gold reserves."
Assa Abloy’s Cliq (electromechanical) keys aren’t able to be picked as far as I know (I could definitely be wrong!), the local international airport uses them to secure doors. The keys aren’t cheap, we have to put up a several hundred dollar deposit when checking them out from airport security for projects. These sorts of locks are useful in places with 24-hour operations or in public spaces that lead to private spaces, an unpickable lock falls to a drill pretty quickly if that’s an option.
Virtually any lock can be destroyed with tools and most doors/walls can be busted through with enough effort and equipment. I think the airport police would notice that, though ;)
This also works on places like HN. I will often make an argument in my normal, working class low educated redneck hick sort of writing style. People will assume I have an unsophisticated basis for my argument and are way more likely to debate me on it. They like to attack an 'easy' target and even better if they are culturally seen as different.
If I use my pretend upper well-to-do white guy rhetoric with precise and deep vocabulary, I can make claims with a lower likelihood someone will challenge it, even if they are equally well backed.
Great channel, and yes the ineffectiveness of nearly all commercially available locks is depressing. At best it would briefly slow down a skilled picker.
Once came back to work after 4 week holidays (not USA) and realized I forgot the 3 digit code to my locker.
But I remembered that friend's locker (he was on holidays then) used US police code for murder. (Police in US use codes for crimes when communicating on the radio).
I googled the code, used friend's locker for the day, and by lunch the next day I've bruteforced through enough codes to learn that my code was the embarrassing 420.
If a company’s first reaction to a flaw is to sue instead of fix it, the problem probably goes beyond the lock itself. A real security company would appreciate someone pointing out a weakness rather than trying to take the video down. That kind of openness would actually make people trust them more.
The weird thing is, they actually had someone competent dealing with the issue:
> The strange thing about the whole situation is that Proven actually knew how to respond constructively to the first McNally video. Its own response video opened with a bit of humor (the presenter drinks a can of Liquid Death), acknowledged the issue (“we’ve had a little bit of controversy in the last couple days”), and made clear that Proven could handle criticism (“we aren’t afraid of a little bit of feedback”).
> The video went on to show how their locks work and provided some context on shimming attacks and their likelihood of real-world use. It ended by showing how users concerned about shimming attacks could choose more expensive but more secure lock cores that should resist the technique.
Sounds to me like someone professional in the company with a cooler head was on this and was handling it well, but someone else higher up got angry and aggressive and decided that revenge was more important.
This reminds me of the CEO of a cyber security company that challenged Anonimous https://en.wikipedia.org/wiki/HBGary. If you work for any kind of security company, do not ever ever ever challenge any kind penetration specialist. Everything is hackable, it is only a matter of cost vs reward, but when you challenge someone that goes out of the window.
Don't challenge people. Don't insult people. Don't humiliate people. Don't threaten people. Allow them to maintain their self-respect even when they lose. Don't rub it in. Give them a face-saving exit.
Plenty of violence and aggression is caused by violation of the above rules. They seem simple but they're broken on a daily basis. Famous last words: "you don't have the guts".
If anyone is interested in the legal side, I'd also recommend 'Runkle of the Bailey' who has a series on this saga but with a focus on the legal shenanigans [0]
There were locks that were secure against this attack, but they're more expensive. The cheaper locks vulnerable to this attack probably still makes them a load of money, though.
Here in Finland mechanical locks with electronic keying are pretty common in some places. Some of them like iLOQ or Abloy eCLIQ are actually pretty clever: electrical bits of the lock are powered from mechanical action of inserting and turning the key, so you don't have to worry about batteries. In theory, they promise significant cost savings in scenarios like rental apartment buildings where tenants move in and out, need access to common areas, lose keys, etc, without compromising security or having to replace or recode locks - they just give you a generic key, click some buttons in the admin panel, and your key could be provisioned accordingly once you first enter the building and interact with one of the "smarter" locks that are externally powered and networked to the mothership.
In practice, in addition to the usual bugs you would expect from a software-based system managed and maintained by a plethora of organizations and contractors, they tend to become very annoying as parts wear out, so you have to fiddle with the key reinserting it repeatedly trying to find just the right angle so it will make a good contact to be recognized by the lock (for example the iLOQ system by my landlord communicates over a thin contact strip molded into the key opposite of the cutting and separated from the rest of the key with a thin layer of plastic).
Sounds about right for Abloy. They own Yale and their app-based alarm is subcontracted dogshit (by https://mobilepeople.dk) that didn't get updated for years on end, logs you out constantly, has less functionally than a 90s keypad model and even the hub thing sometimes just falls over and needs a power cycle, etc etc etc. Presumably they are entirely unable to handle any of it in house and are at the mercy of the contractor to fix anything.
This is how Nintendo engineered a legal argument disallowing 3rd party cartridges original GameBoy. The cartridge needed to display the Nintendo logo on startup which was checked pixel for pixel, otherwise the GameBoy wouldn't proceed with booting. Third party carts couldn't do so without infringing trademark.
I don't really "get" locks. If you want something to be closed forever, seal it shut. If it should be opened and closed, leave a hinge. If it should only be open and closed by a select few, leave it in a trusted environment
I've lived in a fair few places, but I've never lived in a place where an unlocked bicycle wouldn't be stolen. I'll keep using locks, thank you very much.
> A trusted environment, even in a "good neighborhood", requires a lock at least to the front door of your house, or gate, or w/e.
I don't think that's a trusted environment or "good neighborhood". But then I basically use "can leave front door unlocked with zero worries" as the threshold for "trusted environment".
But those environments and neighborhoods definitively exists today across the world, although they're probably becoming less and less common.
I wonder how many stories like this are caused simply because a corporate lawyer is looking for some work to do, and maybe to meet some kind of internal KPI.
Former in-house lawyer here and in my experience the answer is something like "probably less than you think." The job of the lawyer is to advise the client and (within the bounds of ethical rules) advocate for their position, not to come up what the company's position should be.
Suing someone because your product doesn't work correctly is diabolical. Instead of filing a lawsuit, they should have acknowledged the issue and released an upgrade to their locks.
Someone : “Sucks to see how many people take everything they see online for face value,” one Proven employee wrote. “Sounds like a bunch of liberals lol.”
The company : Proven also had its lawyers file “multiple” DMCA takedown notices against the McNally video, claiming that its use of Proven’s promo video was copyright infringement.
When did facts and enlightenment started to be for "liberals lol" ?
Freedom of speech based on facts should be universal.
I like liquid death because their water is delicious and not high in sugar. I usually drink a sparkling water with dinner and I definitely prefer liquid death over la croix. They are technically different products though.
That their marketing is so edgy is just fun. I don't take it seriously, and it doesn't seem like they do either.
But Proven is definitely full of toxic masculinity internet tough guys.
> When did facts and enlightenment started to be for "liberals lol" ?
It didn't. That's one employee of the company, who has a clear bias in the matter, being ridiculous. It has nothing to do with liberal ideology, nor critique of liberal ideology, nor whatever sort of person that employee thinks should be considered a "liberal", nor their ideology. It's only the employee who even suggests that, and probably not even seriously.
>Freedom of speech based on facts should be universal.
To be fair that's not what we have in USA. For instance, a nurse who never even signed a private privacy agreement with anyone (unusual, but could happen) could violate HIPAA if they factually tell a patient's spouse the patient is being treated for AIDS and they ought to watch out.
Yes, they could and most definitely would be. The case you describe is one of the reasons it’s that way.
For what exactly would this fly-by-night nurse be telling me to “watch out,” in relation to my partner who’s living with and being treated for HIV?
One hopes this nurse, being medically trained and apparently working with vulnerable populations, understands the efficacy of the modern HIV therapies the patient is receiving. That, when managed, HIV is not transmissible by conventional marital means [0]; and that, until recently at least [also 0], concerted public health efforts have meant that most anyone who seeks medical attention ends up on those modern therapies.
That said, I hope said nurse would catch me in a charitable mood rather than a litigious one.
I said AIDS, not HIV. I am no AIDS expert but I would be shocked if a large portion of people AIDS had no detectable viral load, while people with HIV commonly do not have detectable one. Wouldn't people with no detectable viral load generally not being exhibiting AIDS?
In that case—and in re-reading the comment you were responding to—I think I’m agreeing with you and that I should have read more carefully before getting my dander up :)
It sounds like we’re agreeing that you’ve given a good example of why it both is and should be that way.
And that, in US jurisprudence anyway, speech tends to be allowed unless there’s a broader social interest that’s served by protecting the specific categories of facts in question.
With the slight caveat that I’m not sure that “should watch out” is a fact, it sounds like an opinion to me (and one that’s potentially unsupported by the facts). In fact, don’t people governed by HIPAA still have a duty to report situations of actual or likely physical harm—for example if a minor presents with signs consistent with abuse [0]? Or even, in your example, if the provider became aware that the HIV-positive patient, out of malice or negligence, were declining treatment, exhibiting substantial viral load, and asserting that they intended to continue with behaviors that put the partner at risk?
How could that happen exactly? In what circumstances could a nurse end up working for (or even volunteering for) a HIPAA covered entity without signing a privacy agreement?
And the privacy agreement isn’t required anyway. If you’re a doctor, and you treat your neighbor, you’re bound by HIPAA laws that cover the arrangement. All a privacy agreement really does is give the clinic a hope of being found not liable in a lawsuit or government action: “see, we have it in writing that the nurse knew this was illegal! Blame them, not us.” Even without the agreement, the practioner is still legally obligated to obey HIPAA.
And as a side note: sue the hell out of the hypothetical nurse spilling the beans on a hypothetical AIDE patient. Why? Because if you don’t, then other people who suspect they might have HIV are going to avoid going to the doctor, resulting in more deaths for them and their lovers.
It's probably a good thing for Proven that they didn't get into this dispute the LockPickingLawyer instead. He'd wind up owning their company in the counter-suit...
That'd be an interesting channel, the "LockMakingLawyer" where the lock is highly lawsuit resistant, "Press the NDA button to always be informed when the next video comes out"
In the case of a trailer, you do some combination of...
- Receiver pin lock similar to the one highlighted here (but probably not that exact one)
- Wheel lock / boot
- Receiver coupler lock (locks inside the cup-shaped receiver, preventing somebody towing the trailer with an undersized ball)
- Secured storage lot / garage
But, basically all options are only going to stop random opportunistic thieves. If somebody really wants whatever you're protecting, they'll find a way. That's why insurance exists.
The question is "what do you want to secure against?" Describe the threat and then go from there. What are you securing? Is it meth-head or teenager? Or is it person determined to get in while making your insurance grill you over "did you lock it?"
Just clicked around after watching the vid and stumbled onto [0]. So there are locks he recommends... When it requires focus + several minutes to pick.
Someone seriously needs to be taken to task for filing a false DMCA. DMCA is just another term for SLAPP these days. If anyone is a lawyer, they could still be despite retracting the case?
Anti-SLAPP is a great tool to have, but we do need slightly stronger ones. It’s a tough balance to find - to minimize the potential ways to abuse the system for all different kinds of entities/people.
YouTube’s TOS would be the most critical place to begin in terms of evaluating legal options. To file a “DMCA” (not really DMCA but YT’s proprietary version of it) claimants generally have to create an account and agree to the TOS. So it may bind both parties (the YTer and the abusive DMCA claimant). That might limit legal options for anti-SLAPP, tortious interference, etc.
But without either significant legal expertise or someone finding some particularly relevant case law, it seems like a nuanced enough domain that no one’s lay “legal” opinion would be particularly illuminating.
My pitch for an improved system is to give defendants the opportunity to file a lawyer-less motion for summary dismissal, which is 1) geared towards being filled out by a layperson and 2) doesn't disqualify you from a subsequent filing for summary dismissal once you get a lawyer. Basically, an initial "this is a stupid lawsuit, here's why" type deal.
And then fine plaintiffs (and pay the defendants) that lose a summary dismissal, because if your case can be thrown out before trial, it was a shit case that should have never been filed in the first place.
As the recipient of a SLAPP lawsuit (~decade ago) for truth I published online, the biggest problem with Anti-SLAPP statutes is that laypeople (particularly poorer ones) have limited access to attorney representation... the judicial system isn't accessible/friendly to the pro se litigant.
So even if the case is clearly being used to strategicly silence you, it'll probably still work (from plaintiff's POV). Same for DMCA.
With a strong Anti-SLAPP statute, the person who files the lawsuit is on the hook for the defendant's legal fees, which would (in theory) let the defendant hire an attorney on contigency fees.
Of course, one of the other issues is there's no federal Anti-SLAPP statute, and circuits are split as to whether or not state Anti-SLAPP applies to federal lawsuits, so if someone can diversity jurisdiction you into a federal SLAPP lawsuit, you're kind of stuck.
The real problem with DMCA is that in theory it's under penalty of perjury, but in practice it's completely ignored. What is really needs is statutory damages for bogus takedown requests.
Part of the problem with the DMCA is that the "perjury" clause only applies to "claiming that some IP exists", not "claiming that this violates the IP".
> Lee’s partner and his mother both “received harassing messages through Facebook Messenger,” while other messages targeted Lee’s son, saying things like “I would kill your f—ing n—– child” and calling him a “racemixing pussy.”
Some people always go too far, undermining the good cause of the others
I am concerned about the public reacting aggressively agaisnt the lock company owner amd his family. The guy is definitely a toxic bully, but he was indeed violently harrassed by filing a lawsuit, however unjust it was.
The correct support for a just cause must have been constructive: providing financial support for the defendant, public manifestation campaign, professional lobbying, etc
Although this time I agree with the defendant cause, the response by the public was as toxic bullying as the plaintiff, only stronger.
That’s the internet these days. It’s been going on for decades. Game developers got death threats over minor changes to video games and nothing happened to them. Is it that surprising that tactic has continued?
People can make fun of the company all they want. That’s fair game. They shouldn’t be calling the guy’s personal phone or harassing his family, that’s totally over the line.
But nothing happens. The behavior gets a pass so it continues to become more common. That passes for debate now.
And I can find relatives/friends on Facebook to harass. Doesn’t make it ok.
Just like the fact we have agreed upon rules against using chemical weapons or attacking civilians in war (which some violate), the fact something is possible doesn’t mean society should accept it.
If we don’t have even the basic civility of not getting death threats over whatever minor thing someone on the internet is mad at, even mixing us up with their real target sharing our name, what’s left?
Everything becomes full force win at all costs, no matter how stupid or trivial. Who wants to live like that?
This all sounds great in the abstract. But reality is different due to the power differential. McNally is just one dude (albeit with a huge following). Lee is obviously a toxic jerk and his attacks and mockery of McNally triggered both McNally repeatedly proving the flaws in Proven's technology.
McNally obviously did the correct thing it seeking counsel and basically demolishing Proven's case in court. Too bad the SLAPP stuff doesn't work with DMCA takedowns.
And everyone else cheering on the sidelines (who isn't a paid shill of Proven's like the guy making the "liberal" comment)? Well giving Lee's company shit is fine IMHO. Call up the publicly available phone numbers, make service requests to flood his business etc. Fine with me. You poke the Internet bear, you get some claws.
As to the threats? If they actually occurred (which is questionable considering the BS Proven has been saying), then let the authorities know about them. That's not on McNally at all, it's more Lee being a jerk who doesn't know about the Streisand Effect, combined with social media companies that allow stuff like that to happen. It's also a good idea to not expose too much info about your personal life on social media that can be linked to your business, opsec ya know?
You’re getting downvoted which is unfortunate because I think you make a worthwhile point.
Emotionally I disagree with you. It feels like a bully is getting what a bully deserves. Logically, I think you are right though. Crowds just aren’t equipped to handle these situations. There are cases where the wisdom of the crowd is correct, but there are many more where it multiplies harms.
The underlying problem is that it never feels like justice is being served. Another comment mentions that there should be harsher punishment for false DMCAs. I don’t think the “wisdom of the crowd” approach is the best way to write those wrongs but I lament that modern justice has not been up to the task.
I’m going to border closely to blaming the “victim” here, but if the lawsuit had been filed without toxic, threatening, man-baby social media posts, we wouldn’t be hearing about it. Harassed because he filed a lawsuit? C’mon, there’s a lot more to it than that. When one goes swinging their dick around on Twitter in an attempt to garner support (from one’s equally toxic fans, I presume), one will also likely attract equally toxic folks who disagree. Talk enough shit, and you’ll eventually get a punch to the face. Right or wrong, such is the world long before social media.
> the lock company owner amd his family. The guy is definitely a toxic bully, but he was indeed violently harrassed by filing a lawsuit
I think you're confusing who filed the lawsuit here. That was also the lock company owner as well (Lee/Proven).
While I agree that flash mob harassment from the Internet is a terrible dynamic, filing baseless lawsuits has been a longstanding way to predictably summon them. So if the table stakes of launching or defending these type of aggressive attacks have gone from a significant amount of money for attorneys, to a significant amount of money for attorneys plus public relations and/or having a large audience, does that really actually change much? Either way most people simply don't file lawsuits, even if they've been actually wronged, due to the extreme personal stress.
The straightforward way of diminishing mob justice is to make people believe the system provides justice. If we lived in a society where McNally would predictably win the lawsuit [0], and be predictably compensated for his expenses/time/emotionalDistress for being on the receiving end of this baseless SLAPP, then there would be much less mob outrage to begin with. As it stands, everyone can imagine themselves receiving these types of legal shakedown letters, but having much less power to push back.
[0] it sounds like this particular suit was slapped down pretty hard and "quick" by the standards of the legal system, but there are many similar cases that don't go this way
Um...shouldn't Proven just hire Trevor McNally as a consultant or heck, make him a partner? I mean...can you imagine the next level reputation they'd have if they can adapt and make a Trevor-proof lock?
These kinds of results seem all too common. Like, why? Are companies just too used to using their general business attorneys for it, and those attorneys are just ignorant? Hungry for extra billable hours?
The answer, as succinctly as possible: cognitive dissonance.
This is exhibited in every human endeavor, but it's particularly acute, or at least more apparent to simple analysis, in business. In business, anything that diminishes the perception of value is a threat to earnings. Business people don't tolerate the existence of such perceptions in their minds. They readily adopt whatever mental state is necessary to deny realities that reveal a lack of value in whatever work product they sell.
In this case, someone demonstrated a weakness in a lock design. In the minds of the business people behind the product, this is impossible. Their locks are awesome. Best locks in the world! Therefore, the only conceivable possibility permitted, in their minds, is fraud or some other actionable offense that can be feasibly pursued in court.
The role of lawyers in this is a symptom, not a cause. Lawyers are paid to exhibit the necessary cognitive dissonance their clients require. Whatever aberrations or iniquities arise from this are simply denied by yet more cognitive dissonance.
Even if they know they would lose in court, lawsuits are expensive enough that threatening to sue or filing a lawsuit is often enough to get people without deep pockets to do whatever you want.
I don't know if that was the reasoning in this case though, considering that they didn't drop the lawsuit once it was clear that the youtuber wasn't going to give in to their demands.
its a very confusing video to watch without sound haha, not sure if it gets better with sound. The fact that you do not see the lock pickers face makes you assume it is the same person doing the talking (the representative).
> In the end, Proven’s lawsuit likely cost the company serious time and cash—and generated little but bad publicity.
There's no such thing as bad publicity. People say this for a reason. It's true. I'm willing to bet that their sales have only increased since this started.
There's absolutely such a thing as bad publicity. Entire products and even companies have tanked because of bad publicity. I don't know why this myth continues to be so prevalent.
You're right! I'm off to the next Fyre festival and making sure my bag is secure with a Proven lock..... I wonder if Dassani still exist so I definitely can quench my thirst.
This reminded me of Matt Blaze's work on physical lock security back in 2003. He found a method of deriving the "master key" for a building (one key that opens all locks) from a single example: https://www.mattblaze.org/masterkey.html
When he published about this he was bombarded with messages from locksmiths complaining that they all knew about this and kept it secret for a reason! https://www.mattblaze.org/papers/kiss.html
It was a fascinating clash between computer security principles - disclose vulnerabilities - and physical locksmith culture, which was all about trade secrets.
In 'Three Days of Condor', Robert Redford's character locates the hotel room of a professional hitmat (who is after him) by going to a locksmith and asking him "which hotel and room this key belongs to?" and the locksmith asks him "are you in the trade?" and he responds, "No, but I read a lot".
Watched it a few months ago, such a great and under-rated film! RIP Robert Redford
Perhaps the most important difference is that software — even after being purchased and used — remains relatively easy to patch, unlike a physical lock.
Tbf that's a new-ish principle. 2003 was Windows XP era and the early days of Metasploit. I.e. Microsoft and all the other companies were still figuring out this internet thing, while most computers were riddled with unpatched vulnerabilities. There was no such thing as zero day back then, because you could use many exploits years later.
But Windows Update was definitely already a thing back then, so I don’t think this “Microsoft was still figuring out this Internet thing” holds.
Software was updated all the time, and it’s much more difficult to do that with locks.
Totally true. Also consider that although software can theoretically or technically be patched, sometimes patches just don't exist... the amount of unmaintained but yet useful software is just huge.
Oh, the bugtraq era, when any grade schooler could download a 0day POC and force remote reboot his classmates' laptops. (I'm told)
Grade schoolers didn’t exactly have laptops in the 00s.
In the long run, transparency always wins
> On July 7, the company dismissed the lawsuit against McNally instead.
> Proven also made a highly unusual request: Would the judge please seal almost the entire court record—including the request to seal?
Tough at first then running away with the tail between their legs. Typical bullying behavior.
> but Proven complained about a “pattern of intimidation and harassment by individuals influenced by Defendant McNally’s content.”
They have to know it's generated by their own lawsuit and how they approached it, right? They can't be that oblivious to turn around and say "Judge, look at all the craziness this generated, we just have to seal the records!". It's like an ice-cream cone that licks itself.
> the case became a classic example of the Streisand Effect, in which the attempt to censor information can instead call attention to it.
A constant reminder to keep the people who don't know what they are doing (including the owners of the company!) from the social media.
The company who sued him is, still, embarrassingly, attempting to hold a social media presence, despite getting exposed as fraudsters and bullies:
https://m.youtube.com/@provenindustries8236
> Proven Is so secure that if they detect a robber trying to lock pick they sue them.
Incredible
If you want an extreme example of this; go look at the Sacramento startup Sircles. 7+ year old "startup" that has sub $100k revenue after several years but 9 million in debt. The founder has an account there under u/Sirclesapp where he goes off on toxic and insane tirades to anyone who dares say anything but utmost praise at his app. Apparently he stalks their reddit accounts and sends threatening letters to their personal home addresses from his lawyer for "defamation". That I understand he sent one to some ex employees and one to some woman who I think is a paralegal and is now suing them in civil court.
He partnered with some radio program called radradio where the host had a lot of personal issues and the show ultimately got axed. The radio host was known for having issues with alcohol, but they kept partnering with him because he kept shilling their WeFunder. They've raised over $6m in SAFEs but considering they are $9m in debt, haven't broken $100k lifetime revenue after 7 years, and seem to have over a million a year burn rate, it's doubtful that the shares from those SAFEs (if ever executed) would ever be in the money.
> [...] go look at the Sacramento startup Sircles. 7+ year old "startup" that has sub $100k revenue after several years but 9 million in debt.
Going on a tangent:
Depending on your industry, taking a while to see any revenue is common. Eg look into biotech or the people trying to make atomic fusion a reality.
Debt is just as valid a way to finance your company as equity is. See https://en.wikipedia.org/wiki/Modigliani%E2%80%93Miller_theo... for the theory.
> Depending on your industry, taking a while to see any revenue is common.
That is true. But Sircles, which appears to be just another social recommendation app, is not in one of those industries.
Oh, even without looking into it, I would assume that Sircles is probably pretty dodgy. I just meant that SacToHacker's original points against it aren't necessarily bad. But can be damning in the context of their industry, yes!
True. and a screwdriver is as just a valid tool as a hammer. Though their use isn’t always interchangeable .
This is cool. Love little tangential info bombs like this. Thanks.
Cool but Sircles isn't a biotech company. It's a social network. They arn't "trying to make atomic fusion a reality" either.
Oh, definitely. I was just nerding out about finance.
Yes, Sircles is probably pretty dodgy.
That is cool! Sorry for nerding out just then.
Wow, it seems like the whole purpose of the product is grievance based against yelp. Don’t get me wrong, I’m not a fan of yelp, but I get the vibe that maybe this person would be even more extractive if given the opportunity
They also made sloppy mistakes like naming the Proven owner's partner un-redacted in a document they submitted to the court (which is then available through legal search engines). If they were concerned with privacy they could easily have withheld her name.
The one time security through obscurity would have helped them?
That would be more like: shuffling that document randomly between other documents, or using white font on a white page in Word.
Shushh, don't tell people about Streisand Effect.
Guy who paid someone to throw a brick through his ex wife's window is insensed at being intimidated.
There is delicious irony in the owner of a lock company being so insecure.
> A constant reminder to keep the people who don't know what they are doing (including the owners of the company!) from the social media.
I'm just guessing based on the contents of the article, but it sounds like a typical "hard-fist founder-run company" so good luck convincing the founder to not sit on social media and argue their points.
also known as the 'double down on stupid' and 'triple down on stupid'
We recently had an example of that with Automattic and the WordPress drama. Where the founder was here on HN hurting his own legal case despite people here repeatedly told him to stop posting for his own sake and asking him to talk to his lawyers.
Seeing someone post here a screenshot of case filings that included a screenshot of that founder's HN comments thereafter was golden.
This is known as the “Randy Pitchford” social media strat.
That article just kept getting better and better.
Also:
> “Sucks to see how many people take everything they see online for face value,” one Proven employee wrote. “Sounds like a bunch of liberals lol.”
So when a great product is not a great product, it turns out to be great alone for the fact of being built by republicans.
That was probably the final straw for me. Well, one of the final straws. Imagine trying to politicise this.
I think their point was that the lock picking videos were faked. But it’s still a silly comment from the Proven employee.
I’ve also seen people use “liberal” as a literal curse word before. On one “reality show”, a member of the cast broke down while highly intoxicated and started screaming at other people saying:
“You’re worse than a beep! You’re a liberal”
It’s insane just how far the political divide has become.
Othering is easier than improving. An old philosophy professor taught me that at a community college when we started getting on the subject of philosophy in politics. This was probably 20-something years ago, now, but one of the many things that stuck with me from his teaching, and makes even more sense now than it did then.
Yeah, I noticed that. I’d put money on not a single person in this whole dispute being a liberal at all.
I once worked for a company that kept its passwords locked in a safe. One day, all other copies of the password were lost, and they needed it, but the safe's key could not be found.
They expensed a sledgehammer and obtained the password through physical modification of the safe using a careful application of force. Some employees complained that meant the safe wasn't... well, safe.
The security team replied "Working as Intended" - no safe is truly safe, it's just designed to slow down an attacker. At that moment, I was enlightened.
I worked on port facilities. Everything corrodes quite quickly, and locks and keys need to be replaced fairly regularly. Once, there was a problem with key management following the replacement of locks on a building containing emergency diesel generators.
The doors were heavy, 45-minute fire-rated security doors, aka "Fucking heavy doors that can cut your fingers just from inertia or wind.".
These doors had to be opened quickly in the middle of the night. There was no locksmith on call, but there were boilermakers. Supports and a chain were welded to the doors, and a T-Rex container mover was used to carefully pull the doors off the building.
The whole operation took less than an hour. Physical security is a matter of time and resources.
However, for good safes, there's a rating on how long it takes.[1] Ratings start at TL-15, for 15 minute resistance against hand tools. They go up to TXTL-60: torch, explosive and tool resisting for 60 minutes. Safes with these ratings will have a metal plate indicating UL testing and approval.
If there are any rated safes on Amazon, I can't find them. A real TL-30 1 cubic foot safe sells for about $2000 and weighs about 500 pounds. Amazon sells something that looks similar for about $100 and weighs about 15 pounds.
There's a separate set of ratings for fire protection, from the NFPA. Fire safes are much simpler. They have more insulating materials and less steel.
[1] https://www.vaultandsafe.com/vault-safe-classifications/
Obligatory xkcd
https://xkcd.com/538/
please stop mention this anymore, I gonna crazy
Please mention/link it even more. All security nerds _need_ to see this comic once a month.
Why? Everyone knows about rubber-hose cryptanalysis. The whole point of cryptography is to reduce them to this.
If they want our information, they should have to become literal tyrants, send armed men after us and violate human rights in order to get it. Not push a button on a computer to tap into their warrantless global dragnet surveilance networks and suddenly have our entire private lives revealed to them on a computer screen.
Yes, people will fold if they are kidnapped and tortured. That's not news. Forcing them to stoop to that is the entire design. Once the situation has escalated to that level, you are justified in killing them in self-defense. Torturers don't make a habit of allowing their victims to live and testify about it.
once a month???? I literally see this once every 2 days
every comment that has little bit content of security/cryptography/secure/blockchain/CIA etc always mention this particular entry
Just wait until you discover '10,000'.
It’s tonyhart7’s lucky day https://xkcd.com/1053/
Why? There are actually valuable takeaways from this.
One would be that people are the weak point in your security system. If all your organizational security hinges on one guy not folding, that guy is the natural target. Whether a literal 5$ wrench is used or they bribe him makes no difference.
That means you could consider shaping your org in a way that is resistent against this by e.g. decentralizing secrets. That means instead of bringing a "5$ wrench" to one person (which may even work without raising suspicion), you now need to convince multiple people at once which is much more unlikely to work without being detected.
All you need to do is s/wrench/social engineering/ and you will understand exactly why it's such an effective--if not infallible--vector of attack.
The only defence is to not have the secret at all.
https://xkcd.com/538/ LOOK AT IT
I thought maybe cwsx was posting this often but that doesn't seem to be the case. Is it that that xkcd is basically a HN trope at this point?
If you do a site search you'll find 700+ comments linking to it. I wouldn't be surprised if it was the number one most frequently linked page in HN history.
And Randall deserves EVERY single one of them, IMHO!
Slow down -- sometimes. But for the most part, locks are more like envelopes. They produce evidence of tampering.
Yep. There’s a safe engineer on YouTube who was explaining the history of dial combination locks commonly used for government filing cabinets, etc. He pointed out that you can drill them in minutes but you’d need several hours to make good the damage such that the break in wouldn’t be easily detected. The combined time is therefore the ‘strength’ of the security. (Also, why it might be a good idea to have open sensors on safes, cabinets, etc)
Not sure if you're referring to DeviantOllam or someone else, but here is his awesome talk on safes: https://www.youtube.com/watch?v=-Z_Jv7vuiqg
He is a great source of knowledge on physical security for laymen and professionals alike, and leaves an impression of an extremely amicable and well-rounded human being.
> They produce evidence of tampering.
That's why one of the more advanced challenges in lock picking is to minimize the amount of evidence you leave. Eg even a normal pick can leave some scratches on and in the lock in different places than a normal key.
If I remember right, 'bumping' is an interesting technique partially because it leaves even less of a trace.
Yup, I've got a three bolt break in resistant front door in my house, but right next to it is a window that can be breached in .5 seconds by yeeting a brick though it. But both will leave traces if they've been forced so my home owner's insurance should cover any losses / damages.
That seems to be a rather weak security, especially relying on “…should cover…” to save you, which I presume you have also never been able to test. And that’s without addressing common mistakes like not realizing the policy is for cash value and requires evidence; which people do not have, is not updated, or is not compliant. That can leave people with effectively no coverage at all, with the only test being run in deployed systems… the first time you check if your arms supplier provided quality arms, is when you’re facing the enemy trying to kill your at the front lines.
Most locks are there to keep honest people honest.
From what I remember, the quality of a safe is measured in minutes, with "15-minute" safes being OK for general use.
When the theory hits reality with a sledgehammer
reminds me of how a few years ago it became fashionable to say that "walls don't work"
Excellent koan
I mean theoretically ever the hardest encryption just buys you time. That time may be long past the lifetime of our own sun, but it just buys you time.
The same is true for locks and safes as well.
Being one of the few people who never had their bicycle stolen in a city where this is common, the trick that always works is: Just make your lock harder to attack than other locks that safeguard comparable things.
Unless your stuff is unique and high stakes that means regular criminals won't pick you since the surrounding stuff looks more intersting and is the easier target.I think 'one time pad' encryption can't be decrypted unless you get the key, even given infinite time.
Depends on the length of the key vs the message, but if the pad is 100 percent and has something approaching a random distribution, and the message length is suitably padded, and the results roll over in a modulo that is close to the information distribution, then all valid results become close to equally probable, so, while you may decode a message, it is very unlikely to be the message that was sent.
Still lots of ways to crack a poorly executed OTP.
> Good lock + old looking bicycle = no theft
"I parked my old, crappy bike and started locking it. Some guy went past and said, "Don't worry, love - no-one will nick that", and a passing crackhead said "I fuckin' would", and we three strangers shared a moment of humour together. "
> Under questioning, however, one of Proven’s employees admitted that he had been able to duplicate McNally’s technique, leading to the question from McNally’s lawyer: “When you did it yourself, did it occur to you for one moment that maybe the best thing to do, instead of file a lawsuit, was to fix [the lock]?”
Sometimes a single question tells you how the entire case is going to go.
Back in 2007, I published the first YouTube bypass of the Master Lock #175 (very common 4-digit code lock), using a paperclip.
After the video reached 1.5M views (over a couple years), the video was eventually demonetized (no official reason given). I suspect there was a similarly-frivolous DMCA / claim, but at that point in my life I didn't have any money (was worth negative) so I just accepted YouTube's ruling.
Eventually shut down the account, not wanting to help thieves bypass one of the most-common utility locks around — but definitely am in a position now where I understand that videos like mine and McNally's force manufacturers to actually improve their locks' securities/mechanisms.
It is lovely now to see that the tolerances on the #175 have been tightened enough that a paperclip no longer defeats the lock (at least non-destructively); but thin high-tensile picks still do the trick (of bypassing the lock) via the exact same mechanism.
Locks keep honest people honest, but to claim Master's products high security is inherently dishonest (e.g. in their advertising). Thievery is about ease of opportunity; if I were stealing from a jobsite with multiple lockboxes, the ones with Master locks would be attacked first (particularly wafer cylinders).
Actual thieves don't give a shit to learn lock picking, they can use a fine toothed sawzall or oxy-acetylene torch and defeat any lock just as fast without having to youtube the particular brand.
I used to rent a storage unit. I lost the key to it, and went to the manager. He came back to the unit with a small battery powered grinder. Cut the padlock's loop through in a few seconds.
Most locks are only good if the attacker doesn't have any tools.
I bought a giant pair of bolt cutters a while back for a use case other than bolt cutting (shark fishing; cut the big hook instead of putting your hand near the mouth).
I never caught any big sharks like I thought, but now my wife runs a restaurant and occasionally employees just don't show up to work and leave things in their lockers. Once in a while it's clear it's to be annoying (locking supplies in their locker).
Never met a padlock or combination lock I couldn't shear through easily. Totally has paid for itself.
There's quite a few, many hardened locks will bend or mar bolt cutters... we're not taking bolt cutters off of the rigs because they're relatively small but a K12 and a pair of pliers is way more reliable.
Now, for a similar price, you can buy a hydraulic cutter powered by a hand pump. They also come with replaceable jaws so you dont wreck your cutters when attacking a hard lock.
https://www.amazon.com/Lothee-Hydraulic-Cutting-Portable-Han...
And there are powered models too. The 3-foot snippers are long out of date for thieves.
Generally speaking, the hasps on employee locks aren't big enough to hold anything truly sturdy... I doubt even the most resistant lock you could put on a typical locker hasp would hold up to the giant 3 foot bolt cutters.
I remember the faghetbouditt of Kryptonite that broke the blades of that exact hydraulic cutter.
Oh this is about double what I paid. But good to know!
> Most locks are only good if the attacker doesn't have any tools.
The Louvre security staff similarly just learned this lesson.
For surprise of tool used the saw vs safe are the best:
https://youtu.be/2guvwQvElA8
The main thing locks do is make it noisy to get in.
To be fair to Sentry Safe, this product is designed to be resistant to fire. A better name for this product would be ‘fire resistant box’ instead of ‘fire safe’ but that’s what they call it for marketing reasons.
A hardened metal safe designed to be resistant to cutting can still be cut through, just not in seconds with a screamer saw (trade name for a metal cutting circular saw)
If you want truly secure, encase your metal box in concrete like John Wick. Access is difficult but security is high :)
> encase your metal box in concrete
FYI, most safes already have a decently thick concrete layer — that’s most of why safes are heavy! (Or, I guess you could say, adding a concrete layer is cheaper than making the steel thicker.)
But they also have a rubber or foam (often styrofoam in cheaper safes) layer, to “smooth out” the force from a sledgehammer, jackhammer, or just dropping the thing out the window.
And a layer of compressible wet(!) sand, to spread out the point stress from a hammer and chisel, impact gun, gunshot, or small explosive configured for concussive force. (The goal here is essentially to replicate the behavior of a bulletproof vest.)
Plus, they often contain a layer to bind and foul and dull (or even break) the teeth of drill bits and reciprocating/chain/band saws. This can be any number of things — low-melting-point plastics, recycled broken glass, etc — but look up “proteus” for a fun read.
If the safe’s designer is clever, just a few materials can serve several of these functions at once. But more is always better. Which is why good safes (and vaults) are so dang thick. It’s not to solve one problem really well; it’s to mitigate N problems acceptably well, for a frighteningly large value of N.
So carefully applied thermite to defeat all of them at once? Probably not directly down to drip into the valuables, but some tangent application.
It's fun looking at the machinery of old fashioned bank vaults. Very impressive.
so... if i were a suitably evil billionaire, would i be able to shop for a safe protected by a layer of compressed mustard gas, that is released upon attempted breaching?
This would be a Booby Trap and is illegal, so it's not worth it for that chance of going to prison no matter the value in the safe, if you are a billionaire. It would be hard to find someone willing to help you.
Is it still a booby trap if the safe displays a prominent warning, "CAUTION: EMITS DEADLY GAS WHEN DAMAGED"?
That's too bad - life would be better if we had a few fewer criminals around.
Is it perhaps called after the movie Screemers ? Some of the combat robots had circular saws, but they used to to cut through people instead of locks.
Unless they have an inductive heater.
Powered by what?
To be fair, a lot of people don't have tools.
Just found out my unit was robbed. The thieves ignored the lock and just destroyed the unit's latch which the padlock secured.
There went Uncanny X-Men 94 through 300.
That's exactly what I've seen too, either a grinder or just a crow bar.
Aha, a legitimate use for those things!
Saw the same, except it was bolt cutters.
That is a subset of thieves. There are still plenty of situations where it is beneficial to have a lock that can't be opened in 5 seconds with a paperclip, like a school or gym locker room for example. Nobody is bringing a sawzall into the gym while it's open.
Similarly, I know the lock on my front door is not going to stop anyone who really wants to get inside, but it does stop drunk people or bored kids from wandering in because it's easy.
> Nobody is bringing a sawzall into the gym while it's open.
They are bringing in bolt cutters to locker rooms. The locker metal loop that the lock threads through is easier to cut than the lock. I've first hand seen lockers destroyed to remove the lock. Not while the break in is happening but it's easy piece the crime scene back together to understand their tools.
Manual bolt cutters are almost silent except for the "thunk" when it breaks the metal, and there are even battery operated bolt cutters that are quick and compact.
> I've first hand seen lockers destroyed to remove the lock.
A neighbor secured his expensive bike with a hefty lock and chain around a tree in our courtyard. Bad guys brought a saw. I still miss that tree.
I'm convinced there is basically no foolproof way to secure a bicycle in public.
I've seen everything from braided steel being cut clean to combination bike locks getting picked (by the attacker actually figuring out the correct combination, not just brute-forcing it apart or wangjangling a paperclip).
They just need to steal 1 good bicycle to more than pay off the cost of their equipment. One stolen bicycle could feed a family for a week. In some place like the Bay Area where $1000 bicycles abound, the economics are just too appealing.
Sure there is, but you need to understand the variables involved. How expensive is the bike, how safe is he area, how long are you leaving it there for?
At its worst, people get their fancy bikes robbed as they're riding them in big cities like London; at its best, nobody in small villages locks their bikes because they all know each other.
In terms of locks, general advice is to get an angle-grinder resistant U-lock and lock it through the rear frame triangle+wheel+some solid object.
Since a U-lock like that is impossible to defeat with anything that's not a power tool, and you'd need to spend several minutes grinding through it [0] [1], most thieves will not bother. If they cut through whatever the bike is locked to, they still have a bike that's locked to itself.
For extra security you may want to do the same with the front wheel using something like a chain lock. Locking the saddle is also a good idea. Locks with alarms that notify you could be a decent idea too. And/or just get bike insurance.
[0]: https://youtu.be/v_0DB3gBM3Y?t=475
[1]: https://youtu.be/LD32NMCGDF0?t=2440
From what I've heard, the way to go about it is to not have a very nice bike, make it identifiable and loud (eg ripped up neon tape and graffiti), and then use both a chain lock as well as a U lock that're both thick enough. Also perhaps throw on extra locks to make other bikes look attractive.
Of course none of these work if the thief is part of a ring that is targeting your bike because it's high value.
I think there might be a common myth that having a tatty looking bike means it won’t get stolen.
Unfortunately I don’t think a lot of bike thefts are opportunistic and the value of the bike isn’t the motivating factor.
I think the most stolen cars are Hyundais and Toyotas (and maybe F-150s, these days).
They are often stolen for parts.
I don’t think bikes are stolen for parts, but commodity bikes are probably a big target.
Sorry there’s a (hopefully) obvious typo in what I wrote.
I 100% agree with you, most bike thefts are opportunistic.
I know that high end bikes do get stripped for parts but I think that’s got to be mostly after they are taken and pretty rare.
There’s been some raids in London where they found scrapyards full of stolen bikes. Most are still whole. Even those stolen to order.
Surely Hyundais (in the US at least) top the list because of how easy they've been historically to steal?
> use both a chain lock as well as a U lock that're both thick enough
No, thickness is an irrelevant property to an angle grinder. You're adding something like a second of grinding per kg of material. Makes no sense. The trick is to use grinder-resistant locks. Those extend grinding time to minutes.
Or a tough chain slack enough that it’s hard to press the grinder against.
I have a Brompton and no bike lock for this reason. When I’m on my Brompton it goes where I go.
Actually I do have a “cafe lock”. Its purpose is just to slow someone down enough for me to catch them on foot. I’ve once successfully used the strap on my helmet for the same purpose in Barcelona too.
The illusion of security is really all you have.
In Japan they have bike theft sorted with mandatory registration with the local police force. A sticker on the bike and a corresponding bit of paper in the wallet provides proof of ownership, which may be requested by police at any time.
This costs money to administer but it means that nobody in Japan needs to overly worry about their bicycle being stolen. Huge locks are not needed, nor is GPS tracking or third party registration schemes.
The idea of getting a 'hack bike' that looks undesirable is often touted as a solution to cycle theft in the West. However, thieves just want money, so the 'hack bike' that can be easily sold trumps the hard-to-sell expensive bike if money is needed now, for tonight's high. More money can be tomorrow's problem.
[flagged]
Self driving cars won’t fix the real problem - cars take up too much space for the number of people they carry in any reasonably dense city. I’d be quite confident bike lanes should be improving traffic by taking cars off the road more than they are causing “headaches” for traffic.
There are well studied effects that show good bike infrastructure gets more people (especially the young, old, women etc.) cycling who would be too fearful to cycle in traffic, because separate cycle lanes are both in reality far safer but also feel far more safe.
And bike lanes are actually really good for mobility scooters and other kinds of ways for elderly and disabled to get around!
the fat controller laughed, “you are wrong”.
* https://youtu.be/040ejWnFkj0
* https://youtu.be/2DOd4RLNeT4
Slightly disappointed that neither of these videos are about Thomas the Tank Engine.
My school had bolt cutter just sitting in the locker rooms because kids forgot their combinations.
> like a school or gym locker room for example
We broke into our own lockers the whole time with metal rulers back when I was in school because of forgotten keys or just because it was quicker opening them that way than actually unlocking and relocking them. (And of course the more students did this, the more worn the metal became and made it even easier the next time)
Most people would be absolutely astounded how bold you can get with a safety vest and/or a clipboard, and how passive most people are to an obvious suspicious situation.
I have used a grinder to take off a bike lock (I owned the bike) in broad daylight in Downtown Denver on a main street. A local business even allowed me to use their power outlets. Not one person questioned me or asked me to see proof of ownership. I was fully prepared to have to deal with cops or at least a good samaritan, but nope, plenty of people watched me do the exact thing a bike thief would do and didn't ask any questions.
Used liquid nitrogen to freeze and break a lock off my bike once. The one person who saw us was like "Whatcha doing? Cool, can I watch?"
> Most people would be absolutely astounded how bold you can get with a safety vest and/or a clipboard, and how passive most people are to an obvious suspicious situation.
I don't think they'd be surprised at all.
What the hell am I supposed to do if I see someone stealing a bike or whatever? Stop them? Hell no, if they have tools then it's a good bet they have weapons. Call the cops? They don't care; recently they don't even pretend to care.
Pretty much all you can do is say, "knock it off" and maybe they stop (they won't).
You have to hope a stubborn, but surprisingly fit, 60+ year old man is nearby to assert himself into the situation and tell the thief to bugger off.
Don't do this and don't let anyone else do this. Intervening in a crime in progress is likely to lead to immediate execution. Even police squads get shot at, and they are armed to the teeth and well trained.
That mentality is precisely what lets criminals gain the power to commit crime with impunity.
In any shithole society in which that's become the attitude, the solution is citizens becoming at least as brutal themselves.
Yeah as long as we don't have unrealistic expectations from our $30 deadbolts and our $5 combo locks it's fine. But people sometimes buy the cheap thing and expect it to perform as well as a really expensive thing.
I suggest watching LPL then to see how often the expensive thing fails just as quickly as the cheap thing.
That's usually with skills that few have the time to acquire. But I also saw on LPL where he tested a cheap Chinese lock, where the "hardened steel" had a visible groove after just a few strokes of a file, and you could use pliers to rip off the plastic cover around the keyhole, after which all the little parts of the lock mechanism came tumbling out...
It is actually surprising just how little brute force many semi-decent padlocks can handle. A decent mallet and some force concentrator and I think good amount of them will fail.
I just need to be able to show the insurance company a police report and obvious tampering. On video, someone using an aluminum shim looks the same as someone using a key, and any evidence would require some decent forensics. Same goes for skilled lockpicking and bump-keying. Ideally, the weakest link should be the door, the hinges, the shackle, etc.
I don't think there's much of a point. If the thief came prepared with tools and is willing to make a lot of noise, there's not a ton that can be done.
Without even exotic tools, what are the odds the door the lock is attached to will withstand a crowbar? Or the same mallet and force concentrator applied to the door/hinges/where the lock attaches?
Padlocks can be snapped open by angling two wrenches: https://youtu.be/dBSSA5ot0tA
This even works with bigger padlocks, you just need two really big wrenches and a buddy to help you.
But usually the thing that's locked up can survive even less brute force than the lock -- a storage unit near mine was broken into, and the unit owner (who was there with the police) said the thieves just pried off the storage unit lock, the sheet metal door literally tore and the entire locking mechanism came out.
This was an outdoor unit, the thieves came in over the fence (the barbed wire on the fence didn't slow them), and left the same way. If I had anything valuable, I'd keep it in an indoor unit where at least there's a locked door in the way.
Barbed wire is security theater. It was invented for cattle, and it does a reasonably good job of keeping cattle confined. (It doesn't work well for horses because horses are even more stupid than cattle and horses repeatedly injure themselves on it and the wounds get infected.)
Barbed wire doesn't work for humans, especially humans who have some familiarity with it.
Barbed wire worked well for human soldiers in WWI. It was part of a security system that also included trenches, artillery, machine guns, and active counterattacks, but it was a crucial part.
Barbed wire only slows you down.
Same with most locking mechanisms.
Barbed wire discourages casual trespassers.
I assume that means humans with adequate tools. If I didn't at least have some wire cutters or a carpet I don't know how I would get through it without grievous injury. (I further assume we're not talking about the serious barbed wire from WWI.)
So the whole Breaking Bad cash hoard on pallets thing is not a good idea?
There are diminishing returns. Just look at bike locks. Anything higher than trash tier, and the issue is finding a dedicated bike stand, since anything else will get destroyed by the grinder faster than the lock.
bike theft should be classified as a felony akin to grand theft auto
Instead of declaring all bike thieves felons and imprisoning the 1% of them we manage to catch, we should spend our money on sting operations that catch the 50 or so individuals in each city that steal 80% of the bikes, and reserve the felony treatment for repeat offenders.
I helped catch one of these repeat offenders when my bike was stolen. When it was recovered they told me they had a huge warehouse of bikes that nobody would claim, and mentioned 90%-ish of all bikes aren’t recovered and they were having space problems just storing all the unclaimed bikes. First thing we actually need to do is get people to register their bikes before they’re stolen, and then report them missing after.
Funny side note, the cops actually offered to let me setup the sting, make contact with the thief and pose as a buyer. I was sure they’d sternly recommend I do not get involved, so I was very surprised, but it was a busy night when I called and they had no officers immediately available. I did make online contact, but due to delays setting up the meet, the cops ended up handling it without me, and when I went to pick it up they were rightfully very proud of catching the guy and being able to return the bike to me.
You had better luck than me. The San Jose PD only begrudgingly gave me a police report weeks after reporting it (needed it for insurance purposes), and told me a could get a copy of it a month later. I'd have to go to the records dept in person between the hours of 10AM - 2PM (email a copy? Are you crazy?).
So I did that, showed up. No other people there. Person behind the counter told me they were too busy, and I'd have to show up some other (unspecified) day.
So yeah, I'd like to trade PDs with ya.
A bummer, sorry to hear it, that sounds frustrating. The big difference might be that I found my bike for sale in the local classified ads (a couple weeks after it was stolen), and I had the thief’s phone number, before I called the cops. They recognized the phone number. My PD might also do little to nothing if I just report something missing. I do think I got lucky, yes. And I was extra lucky that the thief listed my bike for a completely ridiculous amount of money, more than the original purchase price for a bike that was like 15 years old and not as well maintained as it should have been. His list price meant nobody else jumped on buying it right away. (But I do know now that my chances of recovery go way up if I register a bike.)
I like the bait bike operations some police departments do to catch the shops buying stolen bikes. Addicts steal things they can fence and cutting into the business side means you don’t have to catch nearly as many people, although Facebook is determined to fill some of the gaps.
Yea, be rather dumb for someone to grab their red Huffy at the park and get a felony charge because they picked up a look alike bike.
I'd bet that if you're stealing a $50-100k bike, it already is.
I learned this as a kid: that big, chunky padlock on our garden shed could be busted open by a 10-year-old with a cricket stump and 3 seconds of pulling.
but then it's obvious the locked thing in question had been defiled. To exfiltrate without detection is the real skill
Actual thieves are most interested in low effort/fast methods of bypassing locks. Master single pin picking to LPL's level and the thief might as well just turn locksmithing into a career instead of stealing. Low effort attacks like shimming, raking, bumping though might be worth a thief's time to learn.
Some are still resisting this kind of attacks. The hiplok D1000 has a thick rubber like abrasive coating that makes it super hard to cut through the metal with power tools
I had one of these for my e-bike in Oakland. The thieves used an angle grinder to cut through the bike stand instead
The solution in the east bay seems to be “don’t use a valuable bike”
That's why I have a dirty bike with a motorbike's chain wrapped around the wheels and stand. So they would have to cut through the wheel too.
These jobsite storage boxes [0] are typically too heavy to steal (and can also be anchor-bolted), and the locks are highly-recessed within an enclosure... practically the only exposure is the keyway... and then there's thousands of dollars of tools inside.
Worth it for smarter crooks. I'm a former IBEW electrician, and I've seen both stranger and more-miraculous occurrences — but I've seen it all.
[0] https://www.uline.com/Product/Detail/H-10011/Tool-Storage/Kn...
Oh man, reminds me of one project where theives rolled up with a truck, hotwired a forklift and loaded up 3 of these boxes.
A battery powered angle grinder with a zip wheel is the best lock picking tool out there. Hell, a cordless Dremel with a zip wheel might do it.
It’s much more difficult to tell if someone bypassed the lock if they picked it (and relocked it), as opposed to cutting it off completely
Which is relevant when you're defending against Ocean's 11 or the Mossad, but for the other 99.999% of us, the lock is there to keep a bored teenager or a meth junkie out.
Or, more realistically, to convince an insurer that we've made a token effort to keep them out.
It depends on where you live. I guess it's not uncommon to hear about someone entering a building "as the delivery guy" just to try to pick a lock and see which one opens.
If you make too much noise people will get suspicious and might call the police.
Yes. I once saw a guy open a bike U-lock using a car scissor jack and he was done in about 20 seconds and the bike was gone. Nowadays there are very good battery powered grinders that can take a cutoff wheel and no padlock is going to resist that.
But there are a handful of new U-locks that are quite difficult to cut using angle grinders.
No one is doing that in a nice residential neighborhood
That's when people can get away with it in broad daylight :) Because everyone thinks like you.
Get a used pickup, get some vinyl letters at home Depot, put something like "a+ home services" on the side, and you can probably break into a few dozen suburban homes without anyone reporting you
I also have a few tools from CI so I don't know what that makes me
most thieves don't even go that far. they find stuff that isn't locked or they kick in the door.
A portable plasma cutter? What is this, Star Trek? Are there some extremely-high-power-density battery-operated plasma cutters available on Aliexpress that I haven't yet run across? Or maybe I should locate my safe far away from my stove/dryer receptacles?
Like muffler fluid, the battery powered welder has gone from a joke to reality recently.
Not a plasma cutter, but same power class, and certainly able to heat a padlock shank to melting. https://www.dewalt.com/product/0447800880/esab-renegade-volt...
But people have been welding with batteries for ages. The most primitive welder is a car battery and a couple of wire leads. Tons of videos of it on YouTube.
Yeah, fair enough. Two car batteries in series is even better. Not easy on the batteries, but it will get the jeep out of the bush.
You can also make your own stick electrodes from coathanger wire tightly wrapped in paper.
I couldn't tell you how many pairs of sunglasses you should parallel to protect yourself...
This rig, on the other hand, is something you could pack into just about any plant and fix something with without raising any eyebrows. If you have $5,000 to spend, that is. Super handy for small jobs in hard to access places.
Hearing about it did ruin the "cordless welder" jokes my coworkers used to share.
Reminds me how the Sinclair C5 failed because the inventor couldn't source a 15 mile long power lead.
Shouldn't the sunglasses be in series?
Batteries in series, typical stick welding voltage is ~27v. You might be able to light up on one battery, but you will quickly learn why it's called "stick" welding.
I wouldn't arc weld with any number of pairs of sunglasses, that was firmly tongue-in-cheek; but yes you are right, stacked glasses would be series.
Also, if you try this, before pulling the battery from the non-broken jeep, drive it to the top of a hill so you can bump start it later when the battery is too dead to turn the engine over.
Damn, didn't know that existed but it makes sense with how much power lithium ion can deliver.
I'll have to keep my eye out for the Home Depot buy a battery and get a free tool deal on those.
Matt's Off Road Recovery uses one to stick broken Humvee steering rods back together about once every four or five episodes.
Heh, I'll have to watch for that sale.
4x12AH batteries, that's gonna be over $1200.
I doubt you could charge them faster than the welder can run them down, so you might want three sets and two gang chargers if you want production anything like a plug-in machine.
You're right, I've mixed them up with portable oxy-acetylene torch, unless they're just backing up to the lock in a pick-up.
Damn, I was hoping I was wrong. Going to need some kind of energy weapon to use against the coming robot armies.
Depends on how portable.
A while back I was making a point about the border wall farce--and found everything I would need to do "portable" plasma cutting on said wall on Home Depot's website. Not pick it up type portable, but put it in a wagon type portable. (Generator, not batteries.)
I don't know how anybody can look at those rusty metal pylons and not think their natural habitat is at home on top of a 40 year old white Toyota pickup with a suspension that long ago achieved sainthood. Like if I were looking to attract illegal immigrants, those pylons would be exactly what I would use. But then again isn't this just the standard fascist pattern? Propose a comically self-defeating solution to some problem, and build a tribal identity around aggressively denying the obvious. It's like the social justice preaching to the choir writ large.
You can pick up a wholly self-contained plasma cutter in Lidl or Hofer in their "cool tools week" for about £100 these days.
It wouldn't be beyond the wit of man to hook that up to a biggish inverter and 24V worth of deep cycle batteries on a small trolley, maybe a wheelie suitcase.
Always be red-teaming.
A plasma cutter needs a pretty decent supply of compressed air
A 5lb bottle of Nitrogen would do the trick.
Entirely depends on what manner of thief we are talking about here, what they're going after, how important it is to them, and how much they care about the owner knowing the lock was tampered with.
This is why I don't like such black-and-white opinions... I think the answer is rarely so simple.
I think it's largely a class or educational divide. I come from a very hick, redneck, working class area. People use black-and-white statements and course language with the understanding that corner cases will exist anyway. My use of this type of language common in more middle America is something I find the more silicon valley or tech centered HN constantly finds issue with.
It's common in more upper-crust / educated circles to shit on people that use more course, black and white language. I believe it has more to do with cultural divide than misunderstanding that rare/corner cases exist.
In another recent exchange on HN, I was damned for using the word 'never.' They didn't even explain why, just said they wouldn't believe people that used it. I was using it in the redneck sense "you'll never get that girl" as in it's extremely unlikely to the point it's hardly worth even considering, rather than the nerded out version that it means the chance is literally precisely 0.
FWIW I come from a non working class background ( but am not American ). My friends and I routinely debate in such a manner, and don’t see any problem with this. If confronted with a stranger we might be a bit more cautious ( basically we’ll state the rules of the conversation) but that’s about it. If needed, we’ll sometimes be a bit more accurate.
I understand your statements as you mean them - I default to giving you the benefit of the doubt, and automatically assume that black and white statements are shortcuts. Only, and only if you seem to not understand nuance then I will adjust my stance, but I usually assume you do!
I think the problem can be described as assuming good faith in the argument - that is, that you're talking with someone who you are presuming is attempting to communicate, not just "win" the conversation.
The difference becomes clear very quickly - if there's a genuine misunderstanding, someone will clarify and move on; if someone is trying to rules lawyer the conversation, it won't.
Exaggeration is not 'hick, redneck, working class.'
People from "hick, redneck, working class" areas don't say "hick, redneck, working class".
They might say "hick" if they're from rural northern New England, the upper midwest, rural Canada, or Cascadia, usually with self-deprecating facetiousness. Most of these people are smart enough to do whatever they want in life, but just choose to live by their standard of normalcy and just like their friendly small towns best.
If they are from the lower midwest or south, they will sure as hell just say "redneck", and most take it as a compliment even though many of them deep down are just compensating because they don't have any other options.
But nobody calls themselves "working class". Not in the rust belt, not in the rural midwest, and not in the south. That's more of a politician's word, and a condescending slur from the white collar crowd that usually ends in a broken jaw.
I don't think that's what it is.
> Low-intelligence people are masters of black-and-white thinking. It's also part of a psychological defense mechanism called "splitting."
> They only seem to think in terms of opposites, ignoring the grey areas in between. Reality is too complex to be interpreted only in opposites.
> As a result, they tend to simplify everything. While simplification is useful sometimes, not everything can, or should be, simplified. Knowing what does and doesn’t require simplification signals high intelligence.
The problem is when you speak in absolutes while simultaneously "not meaning it" that way, is that this is not conveyed to the people you are speaking to, so we can only assume that you did mean it, and now we think you're being unreasonably generalizing.
And I think it's pretty hard to have a useful conversation if we cannot use agreed upon terms to convey what we mean. If you know that not everyone will understand your intention by saying it that way, then why do it?
.
no, and I don't see how you could possibly deduce that from my statement
.
I'm saying that some people don't understand that some cultural uses of black-and-white English indicate practical precision rather than absolute theoretical precision.
It's not cultural.
Issues with master locks are hardly new- back in the 1980s, I downloaded a file from a BBS explaining how to open a combo lock (basically by pulling on the shackle while turning, and a few other tricks.
It's still online: https://cdn.preterhuman.net/texts/anarchy_and_privacy_contro...
Oh my god, I remember doing this technique on my lock, I remember doing this in the early BBS days, I remember learning this from a short text file. I'm 80% sure it was this file!
Thanks for unlocking this memory for me!
[dead]
The most absurd thing is the original video response from the company was good, and with a very compelling argument: their customers never saw shimming in the field. Their user base don't need shimming resistance: security needs to be adequate, not perfect. And they follow-up by presenting options about people requiring the lock to be shim-proof.
Granted, in this day and age, it's a disgrace to still make locks that can be shimmed. Especially when the shim-proof alternatives they show just have an additional notch to catch the shim.
> their customers never saw shimming in the field.
This is arguably good PR, but a terrible response. Shimming is so quick and hard to detect that even if you had 24-7 video of the lock, you probably wouldn't notice that the lock had been shimmed. You would just assume that someone lost a key.
It's a trailer hitch lock. If someone steals your trailer then you definitely do notice. And if they just shim the lock and put it back then it doesn't really matter.
Also the company sold a picking-proof version… at a higher price.
shimming proof not picking, sorry just noticed the entirely wrong word
This guy shims a $100+ lock in 10 seconds with a liquid death can, all without speaking in the video, just replays and then destroyed their claims and GTFO. Absolutely masterful.
The wohle article reads to me like: "AMERICA FKK YEAHHH BROO, HE GOT PWNNNDD, SON!" eagle sounds
Gotta admit its entertaining, though.
One of my favourite lock pickers is Marc Tobias. He was also sued by a number of lock companies.
https://www.youtube.com/watch?v=NadPAE6BDbA
It is interesting to see that these companies still don't know about the Streisand Effect or they choose to think that it won't happen to them.
If you don't know him already, I highly recommend videos by LockPickingLawyer — he routinely destroys bogus claims of various companies within seconds. It's quite entertaining to see how little security you actually get from most locks.
I wonder if anybody tried suing him…
LPL owns Covert Instruments, who employs McNally, the YouTuber who got sued in this case. Probably not a coincidence that Covert Instruments wasn't named in the lawsuit.
I wonder if McNally knows a lawyer familiar with lock picking ;-)
Oh sweet never knew there was a connection between LPL and McNally - I just notice they always cut their shims from cans the same way
There aren't that many ways to cut a shim from a can that work and don't take excessive effort. It's a rounded hook shape, with a handle piece trimmed so you don't cut yourself.
Well they make it look easy I always end up cutting myself
That explains so much. Done to well for a goof channel, eclectic assortment of skills ("tactical garden trowel" vs fully equipped metal shop vs perfect video production), all fat trimmed off the videos.
I kinda want tvtropes to put a name on his slapstick humor. It's like looking over the shoulder of that weird uncle that seems to live in an entirely different world.
In addition I've seen LPL refer to "my friend Trevor McNally" in a couple of videos.
> Probably not a coincidence that Covert Instruments wasn't named in the lawsuit
What's the non-coincidence?
That they avoided naming the lawyer or the lawyer's company in their bogus lawsuit and instead only named the non-lawyer.
He can still defend his employee, right?
My understanding is that LPL is not still practicing (he says he's retired, to focus on security work), but I'd guess he knows someone, if McNally didn't already have his own lawyer.
Even if he was practicing, if he were to take this case it would pretty obviously expose who he was.
So no matter what I would expect LPL would get someone he knew/equivalent to take the case.
I mean, it's not exactly a secret. If you really want to know you can look it up online. He even has a whole talk he gives about why he generally doesn't reveal his identity. People send him packages with trackers hidden in them, hire private investigators to follow him with bogus stories, etc.
> he routinely destroys bogus claims of various companies within seconds
I watched his video on high-security shipping container locks. Jeez, two minutes long? They must be tough!
No, it was two minutes long because he bypassed ten of them, one after the other.
My impression of most locks now is that they're really just to stop something from being casually broken into or even just falling open by accident.
My dad's wisdom as he cut my bike lock off when I lost the key in middle school: "locks keep honest people out."
I have a friend who says "gun control keeps law-abiding people unarmed."
Gun control gives cause for arresting any law breaking people. See how such parables go both ways?
Point is, gun control has led to a reduction in gun crime in every country I know of. Thats hard evidence against your qippy one-liner.
Crime had already been falling consistently for several hundred years throughout Europe when the first gun-licensing and gun-control laws were being passed in the Wiemar Republic. You don’t need control over weapons to reduce crime, you just reduce crime.
Incidentally, a few years later a certain political party got their candidate elected Chancellor. He more or less immediately ordered the police to use the gun-licensing records to identify Jews who owned guns and had them arrested. It’s actually pretty hilarious, in a very dark way, to read some of the arrest reports. When Jews were ordered to surrender their weapons to the police, many of them brought the weapons to a police station as instructed. They politely stood in line while the officer at the desk wrote out arrest warrants for them one after the other. The crime? Carrying an unlicensed weapon. The location? The police station in such-and-such precinct. The witness? The officer at the desk. The prisoner? Turned over to the SS.
> Gun control gives cause for arresting people who are armed
FTFY
Your friend should look at almost any other Western, developed nation for counterexamples
I assume your friend never bothers to lock their door?
Locking doors makes legal follow-up easier: "The deceased - do you know if he broke and entered?" "Yes, your honor. I always lock my doors at night. Exhibit A is a video of him busting the door down after trying the doorknob."
That's a really well put. We are expecting a son soon and as I was reading this read and your comment, I couldn't help but asking myself will I ever say anything that my son will remember for years. And how can I be prepared.
Your dad sounds like a very wise man.
I've watched LPL videos and practiced on regular locks, I can pick something that is about 10$ or less, but these expensive locks with good tolerances (Abus) or disc detainer cores (kryptonite locks,) no amount of practice and fiddling with the correct tools has ever opened one of these. I lack the skill or touch.
I can hold a 18v grinder with a cutoff wheel just fine though, I lost the keys to one of those kryptonite locks on my bike and I was riding my bike again 30 seconds later.
Or to make it clear that if someone does break the lock, they didn't have your permission to get at whatever it was protecting.
Yep, it’s like those security screws, they’re not used to stop you opening the box, they’re used to prove that you knew you shouldn’t be opening the box.
Most of the time they’re just there to make you _think_ that you shouldn’t be opening the box. In the US the Magnusen–Moss Warranty Act of 1977 explicitly prohibits companies from voiding any warranty merely because the owner opened up the device, repaired it, or had it repaired.
you are adjacent to the concept that locks are an honest persons way of communicating to other honest people that an invitation is required.
This one? https://youtu.be/_goIYP3FfO8
That’s McNally rather than LPL.
You are using a Master Lock model 606. It can be opened with a Master Lock model 606.
Can he pick an Assa Abloy lock though?
Many, often, quickly.
LPL is a crown jewel of YouTube. His April Fools' Day videos are hilarious, too, like the one where he gets into his wife's beaver [0] (SFW).
0: https://www.youtube.com/watch?v=TRozAbaKs9M
The Dutch translation is NSFW though as it translates “beaver” as suggested.
Does the Dutch word for beaver also act as a euphemism for the body part in Dutch?
~No it sadly doesn’t, so the double meaning will be lost in translation. If the lock depicted a pussy it would’ve worked though.~
After going over https://nl.wikipedia.org/wiki/Seksuele_volkstaal_en_eufemism... it seems that “bever” is apparently also used as euphemism. As is “floppy drive” TIL!
More explicitly so. The Dutch go rodent where Americans go feline.
> It's quite entertaining to see how little security you actually get from most locks.
Yeah, one of my conclusions after years of watching LPL is ironically to start buying cheaper locks.
The difference between a $3 and a $300 lock is just about a minute of time for an experienced lockpick. No lock is capable of dissuading a determined thief, but any lock is equally capable of dissuading a lazy one.
The best policy is to have a lock that is resistant to cutting and destruction, with a trivial key. Nobody tries to pick a lock, and if they do, they're winning. Most or all breakins happen through brute force not technical sophistication, so a decent chunk of metal is a fine adaptation.
About the only thing I've seen that qualifies is the no-car, metal gates to walking/camping trails in State Parks (PA, anyway.) The key-lock is surrounded by a 1/2" steel can, with only the bottom open and some distance to the lock itself. Attempting to pick that would mean being upside down 2 feet off the ground. The steel shroud would thwart a casual angle-grinder for long enough not to bother.
Most other security for locks I've seen could be defeated with 60 seconds and a 3" cutoff tool that fits in a pocket.
Good old "sketch-resistant materials". If a tweaker can't get through your lock/chain before the cops (might) show up, you're probably fine.
When all else fails, drummers are the best security anyway: https://loudwire.com/sleeping-drummer-stops-band-trailer-the...
[dead]
I use the locks my insurance company recommends. That's who it's there for anyways.
The other side is "career" thieves will know how to pop-can shim a lock but most of them are not going to use or break out a set of picks. One main reason it's an additional felony charge if you get caught using them. So a _slightly_ better lock is sometimes warranted for outdoor applications.
The final piece is they'll just steal a car and then drive that car through your shop front to get what they want. Up here in Northern California a gang pulled off the same heist as the movie "Casino." They drove a van up to a wall and then knocked out a small segment of the wall to gain entry.
I'm considering an angle grinder resistant lock for the bicycle. They are not totally uncuttable but it means you have to be stood there for a couple of minutes changing worn cutting disks and the like. Quite expensive though.
>The difference between a $3 and a $300 lock is just about a minute of time for an experienced lockpick.
How about non-experienced lockpick? Or the one who gonna brute force everything? I think there's value is expensive lock (Assume you buy the high quality one, not the over-price one)
Yep. The low hanging fruit principle in action. You can’t make anything completely secure so you put up more obstacles than your neighbor so the attackers go visit the neighbor instead.
Or in the case of targets with no neighbors like missile bases, you know approximately how long it might take an attacker to succeed, then put big guys with guns within that distance measured by time.
Unless you're a retail jewelry store. Then you are absolutely the main target in your area.
I came to the same conclusion with my bike. What's the point of an expensive and heavy chain lock, when the thief will break or bypass it anyway.
So I just fot a cheap wire combination lock, just so you can't just jump in the bike and ride away.
Oh, this is where I disagree. A wire can be quietly and discreetly cut with wire cutters in seconds. This is no protection at all. It's just inconvenience for you.
What I've been using for years is a heavy chain with a lock (disc-detainer style). The chain weighs around 3.5kg. You can of course cut it with an angle grinder, but have you ever tried cutting a chain with an angle grinder without a vise? The chain slips away and it's really difficult to hold it in place for the cutting, which would take more than a minute.
All those Kryptonite-style U-locks have the disadvantage of being easily fixed in place for the cutting. They are also useless for attaching your bike to large trees, street lights, etc.
Remember that if a bear is chasing you, you don't have to outrun the bear, you only have to outrun your friends. If there are 4 bikes and my bike is the most difficult to steal, I'm fine.
It's completely different to snip a cheap wire lock or even just pull hard on it and have the lock break versus pulling out the angle grinder and making a huge racket for a minute.
LPL is superb. He inspired me to get a lock pick kit and a few simple padlocks - a cheap and fun hobby during COVID lockdowns.
I picked up and started practicing with Lishi lock tools, and I cannot recommend them enough. Pocket Tool Warehouse out of Texas has been good in my experience for sourcing them, no affiliation. Like an automatic transmission for lock picking.
https://www.classiclishi.com/about/lishi-history
https://www.originallishi.com/what-are-lishi-tools
Ditto. I was even able to put my lock picking skills to use one fine summer day when the dog park was locked due to "rain from yesterday" even though the grass and everything was clearly fine. We had a lovely time running around as a family, along with a couple other families, for about an hour before the groundskeeper came and shooed us away.
Er... that's a crime?
The ethic, IIRC, is that you only pick locks that you own, or that you have permission to pick.
Also, maybe the groundskeeper knows things about groundskeeping that you don't, on account of how much time they spend doing their job, which is keeping the grounds.
When we moved last time, our "financials" filing cabinet accidentally got locked (one of the ones with button lock) and I wound up having to pick it. The ability, even at a basic level, comes in handy more often then you would expect.
At a previous company, a power outage knocked out our router, which knocked out the card access system, which locked us out of the server room where the router was. Good news, there was a physical key bypass. Bad news, nobody knew where said key was. Lucky for us, I could pop out to my car, grab my picks, and then got the thing open in a couple of minutes.
Definitely the most above-the-board use those picks ever got (Though obtaining access to my university dorm's AC controls definitely made me more popular).
Heyyy, guerilla HVAC team!
In high school I didn't even have lockpicks, I just carried a super tiny pair of needle-nose pliers along with some other tools in my Five-Star zipper binder, and the tips of the pliers were fine enough to stab into the holes of those stupid snake-bite security screws that held down the thermostat covers in the classrooms.
Once teachers realized I could open the thermostat covers and adjust their setting in seconds instead of the hours it took to go the official route, not only was I very popular, they would occasionally send hall passes to summon me from other rooms to perform the service. I was doing fine in my studies and this was not an academic impediment, it was just hilarious. Eventually I just started leaving the covers loose, a fig-leaf that the custodial staff seemed content to ignore.
...
Fastforward a few years into my career, still not carrying lockpicks, but much more familiar with the art. A shipment of cabinetized network hardware arrived, but the cabinet keys were not ziptied to the doors as was customary. The installers were looking at having to go home with a short timesheet because they couldn't work.
I was in the NOC for another reason entirely, but I asked the supe to cover me for a minute and trotted out to the equipment room. I swiped a couple pins from the corkboard (for some reason, the office used dissection T-pins instead of regular pushpins), bent the tip of one, used the other as a turning tool, and proceeded to rake open one of the cabinets. The install crew lead's jaw hit the floor. I insisted on teaching him to do the rest, and moments later not only had he opened the rest of the cabinet doors, he had scared himself with how easy that just was, and stood in silence for a minute, shocked by his newly-acquired skill.
Very Harry Tuttle, although to be fair everything feels a little Brazil these days.
Early in our dating, my (now) wife moved into a new apartment and accidentally turned in the key to the back patio storage room with the keys to the old place. She was embarrassed to ask the old landlord, so she asked me to ask him. Instead, I popped home, picked open the patio storage lock, and then re-keyed the lock to match the front door. When I was a teenager I bought a (apparently lifetime) supply of assorted lock pins.
Picking filing cabinet locks is part of the genesis of modern hacker ethos. Feynman would be proud.
See also: https://www.lysator.liu.se/mit-guide/MITLockGuide.pdf and the book "Hackers".
I had to use my lockpicking skills when my grandma moved across country to live with my mom. She put her stuff in a "Portable On-Demand Storage" container and accidentally put the key to the lock with her stuff inside the container.
Luckily, she used the shitty round lock that a lot of storage companies recommend. I was able to pick it in just a couple minutes. Someone like LPL would have had it open in mere seconds.
Thritto.
Thinking of doing the same! Which kit did you order? I see a FNG, FNG+ Bundle, and "Learn lockpicking bundle". 3rd one seems the most likely candidate. Any tips you can share? Thanks!
Start with a cheap kit from e.g. Amazon which includes a couple of perspex locks so you can see what you're doing. Get a real set of picks for real money once you graduate from that.
I got the Learn Lockpicking bundle a few years back, it's a solid customizable lock - six slots, a few different pin styles, and the springs to make it work. I got practiced enough to get a 3-pin opened, but I'm definitely out of practice now.
I’ve got a German practice lock and boy was that a hard wake up call. That thing was so hard to pick that I gave up. (The keyhole is really slim)
My bad though, LPL did warn about this.
I did the same (also during COVID, after doing it for a bit in my youth). I haven't tried Covert Instruments gear, I bought some other pack from China, but whatever pack you can find with the basics (and maybe some variety so you can try different techniques) plus a training padlock so you can see what's going on inside, and it'll be a walk in the park.
I got a £50 pick set from https://x.com/martin__newton
https://imgur.com/a/sbXoBCK
Putting the lock in lockdown I see.
> It's quite entertaining to see how little security you actually get from most locks.
Physical locks are for honest people. They signify that something is not meant to be accessed and at best slow down someone actively trying to access the other side of the lock.
I recall either "The lock picking lawyer" or McNally explains that only in 3% of cases are locks picked during a burglary. In all other cases windows or doors are simply forced open. So at best locks are meant to prevent of crimes of opportunities.
One day I came into the office and noticed that one of our neighbors doors had a triangular hole cut into it near the door handle. It was a solid core door on an interior hallway. One of our cameras picked up the sound, someone brought a chainsaw and in about 30 seconds cut a hole in the door so they could reach through and open it from the inside. They took the safe, but I was told the safe was empty.
Oddly, this is a case where they would have had plenty of time to pick the lock as well, and it would have been much quieter.
> at best locks are meant to prevent of crimes of opportunities
A lock forces the thief to either spend time defeating it or physically break something. Even if it doesn't slow him down it should hopefully make it visibly obvious that he's doing something illicit.
IIRC there's a legal distinction between mere unauthorized entry and unauthorized entry that involves circumventing any kind of lock
You know those super secure double-glazed front doors, with the kind of hook things that engage when you push the handle up?
You can spudger one of the glass units out and back in from the outside, without leaving a mark.
They look better than they are.
Most uPVC windows and doors should have the beads on the inside and a solid profile on the outside.
I have heard of someone cutting through all the plastic and pulling the glass out that way, though.
Both rather more obvious that surreptitiously jiggling the obscenely crappy Eurocylinder that the door came with.
Yeah my understanding of burgling is it’s all about speed. One of the best deterrents you can have is I think called “laminate glass,”that doesn’t shatter into a bunch of pieces when it’s hit. It has a tendency to hold together so they have to spend precious seconds knocking out more of it which almost always makes them run away rather than risk it.
If I can go out on a limb here, I also think I recall that they have very specific things they look for. For instance they will often run straight for the master bedroom and start pulling out drawers/checking closets because people tend to keep jewelry in there. They want small items.
Anything that slows them down tends to deter them even if they make an initial attempt
Impact glass is one option. Another option is to have security film installed on your existing windows: https://www.youtube.com/watch?v=V_APQ3CzQno
Security film! That’s the one I was trying to find it first but then I found laminate glass and assumed I was mistaken.
This is why the complaint about smart locks being hacked is so utterly ridiculous to me. A thief isn't going to hack your lock, they're going to bash a window in
Even if I can unlock a hypothetical 90% of physical locks, I still need to go in person to every house that has one. On the other hand, if I crack one smart lock I now have remote access to every home that has one, and I can operate on all of them simultaneously. Anything internet-connected makes doing damaging things at scale much easier.
Smart locks potentially give access to things that windows don't, like upper floor apartments.
They're also effective against incompetent thieves. Anecdotally that's a pretty high percentage of thieves you'll ward off that way.
Exactly. There's a lot of strongly worded stuff in here about how easy locks are to defeat, but that's only against someone who's practiced the art, which is a very small percentage of the population. And in my experience they're mostly honest people interested in the technical challenge, rather than criminal exploitation. A typical modern lock is going to massively slow down or outright stop nearly everyone who comes up against it.
Yeah, moar burglars aren't the kind who spend 10000 hours honing their skills.
People with that kind of dedication can often find gainful employment :)
I think that it's more useful to think of all defenses against physical intrusion as increasing the cost of intrusion in some way, be that time, skill, risk of being caught, access to specialized devices, etc.
Most "normal" locks don't increase the cost too much but they do raise it - perhaps enough for a thief to pick another target, or perhaps enough for the thief to choose another method of entry such as kicking in the door (which itself comes with additional risk of detection).
Exactly it is about layers. It is the same with computer security. Is my network "unhackable" no. But I've put up enough layers of basic security that script kiddies and the like won't be able to get in.
It requires a fair amount of skill to pick a lock quickly. Someone capable could probably make more money doing something legit.
Depends, do you count wave-raking as picking? I bought a cheap lock-picking set, takes me about 5 minutes to get their basic perspex lock open. "Masterlock", wave rake opens it in a few seconds -- even my then 10yo could open it in <30s.
Yeah, like running a Youtube channel on lock picking.
Or like being a lawyer?
Having heard of a typical locksmith's rates, if you can pick locks well then you really, really do not need to resort to burglary.
And even still, whenever I or a friend has hired a locksmith, they try for 5-10 minutes with no success and drill thru the lock destroying it.
That is to make it look like the job is hard
Or to sell you an overpriced lock they conveniently have for sale and in stock in their vehicle.
> overpriced lock they conveniently have for sale and in stock in their vehicle
I object to the word overpriced in this context. It costs a lot of money to keep locks, tools, and other spare parts in a vehicle (including the cost of the vehicle). If you need a lock now and they have one it should cost a lot more than if you need a lock in 6 months and can wait for the factory to get around to making it. When you call their locks overpriced you are failing to understand the costs and value of having a part on hand.
Security is about layers. If I have a basic lock, all I want to do is stop an opportunist.
I have a vehicle that is extremely simple to steal (you can unlock everything with a screwdriver), to protect it I use both a pedal lock, a secret second key and a steering wheel lock.
Will it defeat a determined thief or a team of thieves? No way. However it will put off most opportunists and slow down a more experienced thief enough that they may choose another target.
Apparently these days it’s sufficient car security simply to have a manual transmission. :D
I live in the UK. Almost anyone that can drive a vehicle knows how to change gears.
Don't know why you are being downvoted because it's true. Lots of people wouldn't try to break past a lock but if you leave a door open many people would fall for the temptation.
If a lock takes more than 20 seconds to break it’s basically Fort Knox
No one would be surprised if you showed that you could cut a hole in pretty much any normal door given the right cutting tool. Yet people seem to act surprised and betrayed to learn that a normal lock can be picked or broken given the right tool.
And that's fair and reasonable. Of course you can cut a hole in a door. Everyone capable of forming thoughts on the subject has seen someone use a saw at some point in their life. However, locks greatly exaggerate their abilities, to the point you can forgive someone for believing that they actually mean them.
I just now went to masterlock.com, clicked HOME & PERSONAL > View All Products, and picked the very first product[0]. It says:
> The 4-pin cylinder prevents picking and the dual locking levers provide resistance against prying and hammering.
The very first thing it says is that it prevents picking. To someone who isn't familiar with LPL, and who doesn't want to have someone pick their lock, this seems like a great product. It prevents picking! And it must, because otherwise it would be illegal to say that, right? But alas, it does not, in fact, prevent picking.
Compare that to a random product page for a household front door[1] that says "Steel security plate in the frame helps to resist forced entry" and "Reinforced lock area provides strength and security for door hardware", which indicates that this might be a strong door, but doesn't claim that it "prevents someone kicking it in". It helps to resist forced entry, but doesn't say that it prevents it.
[0]https://www.masterlock.com/products/product/130D
[1]https://www.homedepot.com/p/Masonite-36-in-x-80-in-Premium-6...
Very good points. Nobody can even legally claim Vitamin XYZ prevents cancer/etc even if the lack of it causes such.
Big Lock needs to be taken to task…
> No one would be surprised if you showed that you could cut a hole in pretty much any normal door
The definition of “normal” varies by region. In European cities, it means a pretty heavy door of multiple layers of steel (and pretty unpleasant stuff in the middle) that would probably take 15 minutes of deafeningly loud cutting with a circular saw. I understand the standard for US suburbs is much lower (as it might as well be, given windows exist and the walls aren’t all that sturdy either).
A very long time ago I worked in an office building that had several suites of offices. One of them was a biotechnics company that did things like genetic analysis of farmed fish for selective breeding, massively commercially sensitive stuff. They had a "secure document store" built within their suite, with a thick door made of 19mm ply layers either side of a 6mm steel plate, welded to a full-length hinge, which was in turn welded to a 25mm steel tubing frame, with big long brackets bolted into the brick work of the exterior wall on one side and a steel beam on the other. One key in the possession of the CIO, one in the possession of the CEO. CEO was at a fish farm in Norway. CIO was in the office, getting paperwork out of the safe in the secure room, got a phone call, stepped out of the room to get a better signal, slam <CLICK> <KACHUNK> as six spring-loaded bolts about as thick as your thumb pegged the door shut.
Rude words.
Can't get a locksmith that can pick that particular Ingersoll lock. Can't get a replacement key because the certificate is in the room, and you'd have to drive down to England to get it. Can't jemmy the door open, it's too strong.
Wait.
There's a guy who parks an old Citroën in the car park, I bet he has tools, doesn't he work for that video company downstairs? Let's ask him.
So yeah it took about ten seconds to get in to the secure room. I cut a hatch through the plasterboard with a Stanley knife, recovered the keys, taped the plasterboard back in place, and - the time-consuming bit - positioned their office fridge so no-one could see it.
A swift appointment with an interior decorator was made by a certain C-level exec, and a day or two later there was a cooler with about 25kg of assorted kinds of salmon and a bottle of whisky left in my edit suite.
I know it's OT but I wanna know what your old Citroën was. My first car was an S1 BX. Plasticky 80s goodness. I know it's not everybody's idea of a classic (at least in Australia where Citroëns aren't particularly common) but I loved it.
At the time I had a 1989 XM 2.0, but at various times I've had a couple of CXes, several XMs, a couple of GSAs, a BX briefly, and an AX GT.
One of the XMs was the 3-litre 24-valve one which would sit comfortably at twice the legal limit, with the only real difference being the stereo had to be a couple of notches louder and the trees and road signs came up twice as fast. Oh, and the trip computer showed an astounding 8MPG - you wouldn't be doing 147mph for long because you've got less than an hour of fuel in the tank at that speed.
The AX GT was the carby one, basically their 950cc hatchback with the 1.4 out of a BX dropped in and a lumpy cam and twin-choke 2x32mm Weber carb. It was a little pocket-size tin of hooliganism.
The CXes were probably the most refined of the lot. Look up DIRAVI steering - fully powered, no mechanical connection between the steering wheel and road wheels when it's working normally.
Our uncle had a CX when we were kids. When he would visit we loved waiting in the driveway for him to start it so we can watch the air suspension engage and lift the car a good foot up.
Not OP but my dad drove a CX for a while, but the real treat was our friend's DS.
If you hadn't been there to fish them out of the situation, they would have been boned to a scale they weren't prepared to deal with. You deserved the reward for getting them off the hook.
> They had a "secure document store" built within their suite, with a thick door made of 19mm ply layers either side of a 6mm steel plate, welded to a full-length hinge, which was in turn welded to a 25mm steel tubing frame, with big long brackets bolted into the brick work of the exterior wall on one side and a steel beam on the other.
Wow, that sounds like a pretty secure entry! I wonder how they secured the walls, that’s a lot of steel plate, enough to require structural reinforc—
> So yeah it took about ten seconds to get in to the secure room. I cut a hatch through the plasterboard with a Stanley knife, recovered the keys, taped the plasterboard back in place, and - the time-consuming bit - positioned their office fridge so no-one could see it.
Haha, that was my guess. This is like constructing a safe with a super heavy reinforced steel door on the front and construction paper on the sides and top! He could’ve kicked his way through 5/8” (prolly 16mm to you lot) drywall ;) Your solution was a lot cleaner and you earned that tasty reward!
Hah, I love this sort of story. Recently I was on site and we needed some electrical as-built drawings. They’d been stashed in a tool box, which was locked (and pretty well designed to protect the padlock from bolt cutters / angle grinders). Unfortunately one of the guys had taken the key with him and it was now a two hour plane flight away. They already tried and failed to cut the lock, and were getting an angle grinder to just cut in through the lid (it was ~3mm steel sheet, so hardly impenetrable, but destroying the toolbox would not have been ideal) when I pulled the pin out of the hinge and recovered the drawings that way.
Turns out watching Pirates of the Caribbean wasn’t a waste of time after all. ;)
Ahh, the classic Kool-Aid Man attack.
Right - the quality of your locks matter a lot less if your average 5-year-old tee-baller can through brick through the wind and climb in. One always needs to consider their threat model when considering what security to invest in getting.
Bang on. LPL himself uses a slightly modified Kwikset lock. The modification seizes the lock if someone tries to pick it. I'm the video, he says it isn't to stop all break-ins, but to stop non-destructive break-ins.
The difference here is that cutting a hole in a door is a destructive operation, like applying bolt cutters to a padlock. Lockpicking just operates the lock as designed.
The analogy is probably closer to someone entering your home by pushing the doorframe open so that the door opens without unlocking the lock, or that many automatic doors can be opened by spraying some compressed air through a thin sliver, triggering the internal door sensors. Both are feasible in practice, leave little evidence behind if done well, and do actually surprise a lot of people.
It's like we forget rocks can easily go through windows.
Bought my teenage son a couple lock picking kits, he's picked almost every single lock we have in our house.
I then picked up a sizable rock, and told him I could get into the house faster than he could. He didn't understand for a few moments, but the lesson was learned.
And if you try to put bars in the window; you'll have a really bad day if your house catches fire!
Same with a moad full of piranhas, it's not fun to fall in by accident :)
Best and cheapest option is a dog, or simply giving up.
Dog is not the cheapest option. The amount of work that goes into taking care of a dog is quite substantial. I know from experience. While many/most people do not mind doing the work/expense, some of us prefer cats because they are a lot less work, among other reasons. I do however admit that cats suck at scaring away intruders.
A large dog is one of the few things that can actually prevent most break-ins.
Story time: There was a serial killer in CA a few decades ago. The police mentioned he doesn't attack homes with dogs, next victim had a small dog. Next the police mentioned he doesn't attack homes with medium or large dogs, next victim had a 30lb dog. Next the police mentioned he doesn't attack homes with large dogs. His next victim didn't have a dog. If its 80+lbs, very few people will mess with them and they will love you forever.
Most of the world don't construct their homes out of flammable materials, so the risk of the entire place going up in flames is quite low. In some places your home is uninsurable if you dont have burglar bars on all windows.
Regarding dogs: some organophosphate mixed into minced meat and lobbed through your fence/gate/open window is an instant and quiet way to get rid of a dog - personal experience taught me this lesson.
Best and cheapest option is a dog, decent insurance, and off site backups that regularly get restores tested.
And maybe a little bit of not getting too attached to "stuff" - there's very little stuff that's truly irreplaceable. I'd miss my first guitar if my house was robbed and they took it or if my place burnt down. I'd miss the HiFi gear I bought in 1988 and still use, and maybe my modded espresso machine. But I'd get over that loss and my sentimental attraction to those things just fine, especially after I'd replaced then with my insurance settlement.
Or "diversify", basically don't put all of your eggs in one basket. Can be done at any scale too, from storing backup copies of important documents at your parents house to buying a few apartments in Indonesia.
Reminds me of high school when people were buying expensive locks for their lockers. These locks, no matter how tough, all still locked onto a flimsy 1.5mm steel hasp that you could bend with your fingers.
In this case, the right tool is an empty can and scissors
Are there any that are truly secure?
Folks that really care about security go for tamper evidence.
For example you can get a filing cabinet which has a lock and a counter that ticks every time it is opened. You pair it with a clipboard where you note the counter count, why you opened it and sign.
It can be picked, that can't be avoided. But the act of opening it creates a trail which can be detected. Adding a false clipboard entry is detected by subsequent users, there typically aren't many people with access.
Determining that you have a breach allows it to be investigated, mitigated. The lock is an important part of that, but it isn't perfectly secure so you manage that flaw.
Of course filing cabinets are getting rare and replaced by digital document stores, with their own auditing and issues.
Nothing is secure against an oxyacetylene torch.
But if that's not the threat you are trying to protect against, there are locks that are sufficiently secure that picking or other "low-impact" defeat attempts are considered pretty much pointless. Abloy protec2 comes to mind.
The Canadian Mint in Ottawa has a rather impressive large gold bar on display in the gift shop for people to lift and take photos with. It's not in a case or anything. It's chained down with a Protec padlock - and there's a cop a few feet away to deal with you trying something un-subtle.
I think it's a pretty good endorsement for Abloy.
To me that sounds more like a good endorsement for having a guy legally authorized to use force against you standing guard. Any old padlock is probably safe when a uniformed agent of the state with weapons of varying lethality is standing next to it.
Hopefully it's a well paid guy, or I wouldn't be surprised if they helped the bar disappear for how much gold that is.
If you want to reply, check this accounts post history and decide if you think it worth it.
Huh?
Add metal for extra fun: https://en.wikipedia.org/wiki/Thermal_lance
You don't even have to go that far. Firefighters have core pulling kits that take care of 90% of all locks in 2 minutes tops. And for most other locks, the thing holding the lock tends to be less of an issue than the lock.
I had an Abloy Protec2 malfunction while locked (PSA don't use them for key-only sashlocks) and the locksmith drilled it out in ~10 seconds. That is the last time I spend that kind of money on a lock!
> Nothing is secure against an oxyacetylene torch.
Can't be stuck if it's runny.
Yep! Or a plasma torch!
Many locks fail quickly with just an angle grinder and a cut-off wheel. (as you can see on Storage Wars)
Doesn't even need to go as far as using power tools.
Every lock I've been unable to pick (usually due to the fact that it's a pile of rust) has been susceptible to bolt-cutters. Big lock? Bigger cutters. Still cheaper than an angle-grinder.
>Nothing is secure against an oxyacetylene torch.
I want to build a front door with reactive-explosive armor. The team might get through the door, but not the guy with the cutting torch.
pretty sure trophy systems are generally not legal in any jurisdiction
Not in the sense of "can't be opened without the key".
Good locks buy you two things: Deterrence (maybe), and a set minimum of time and noise requirements to bypass them. If your lock reputably takes 3 minutes to pick or a Ramset gun to blast them open, make sure your guard comes by every two minutes, and otherwise stays in earshot.
Also 3) intrusion detection.
It's obvious to the owner and the whole world that an intrusion has occurred if the door is sawed open or the lock is cut off. It's nice to know your home has been broken into vs. some of your jewelry is gone and you don't know whether to blame your teenager, a relative, someone who did work on your house since you last checked, etc.
Photos of your sawed open door will probably help in your insurance claim too. Telling your assessor "the cops say they might have picked the lock" isn't something I'd want to rely on to get my claim approved.
It depends on what "secure" means. Any lock can be destroyed with tools. Most locks can be broken with a big pair of bolt cutters, a drill, or, failing that, melting.
If secure means "without leaving evidence of tampering," things get a lot more interesting, but that has narrow practical use cases outside of stuff like espionage. Once you're in this space, we can start talking about how difficult something can be without specialized tools. But now we're leaving "I am protecting my stuff" territory and entering "this is just a sport and we're agreeing on a ruleset" territory.
There are a couple of lock designs out there that I don't think anybody's successfully ever picked. The ones that first come to mind are a couple of the "smart" electronic locks. Many of those are junk, but a few are very well thought out.
Secure against what? You might be surprised at what a wench and a truck can pull / destroy. If that fails, there are shotguns and also explosives, jackhammers and the like.
There are always assumptions built into lock design. A simple lock is very secure if a fence is jumpable, most people will jump the fence rather than mess with a lock.
Even a complex lock will never be secure for national secrets (like nuclear missiles), you need to just assign guards. Locks exist but are basically a formality (IIRC, many tanks and airplanes are left unlocked because all the security posture is with the military and the lock itself is too much of a hassle for logistics).
------
Fort Knox itself was designed to be safe from Nazi invasion. If the Nazis invaded New York City, they won't find any of the governments gold. The 'lock' in this case is the miles and miles of geography the Nazis would have to navigate before reaching Fort Knox.
> what a wench and a truck can pull / destroy.
According to legend, a wench can destroy a whole city state (Troy)!
Evil villains trying to destroy the world know it too, it's why they hire so many wenchmen.
"In 1933, the U.S. suspended gold convertibility and gold exports. In the following year, the U.S. dollar was devalued when the gold price was fixed at $35 per troy ounce. After the U.S. dollar devaluation, so much gold began to flow into the United States that the country’s gold reserves quadrupled within eight years. Notice that this is several years before the outbreak of World War II and predates a large trade surplus in the late 1940s. [...] In 1930, the U.S. controlled about 40% of the world’s gold reserves, but by 1950, the U.S. controlled nearly two-thirds of the world’s gold reserves."
https://www.stlouisfed.org/publications/regional-economist/f...
> If the Nazis invaded New York City, they won't find any of the governments gold.
Is that because it’s not actually in Fort Knox? :P
At some point something else becomes the weak link, so a truly unpickable 100% secure lock is a meaningless concept.
Security is a practice, not a destination.
Certainly not at reasonable prices!
Assa Abloy’s Cliq (electromechanical) keys aren’t able to be picked as far as I know (I could definitely be wrong!), the local international airport uses them to secure doors. The keys aren’t cheap, we have to put up a several hundred dollar deposit when checking them out from airport security for projects. These sorts of locks are useful in places with 24-hour operations or in public spaces that lead to private spaces, an unpickable lock falls to a drill pretty quickly if that’s an option.
Virtually any lock can be destroyed with tools and most doors/walls can be busted through with enough effort and equipment. I think the airport police would notice that, though ;)
Any lock can be forced through given the right tools and enough time.
You need to be more specific with what "truly secure" means.
There's a few that are pretty good but at a certain point you can just grind off the shackle or blow the door off its hinges.
It’s similar to the idea that the only truly secure computer is sixty feet underground, encased in concrete, turned off, and ground into dust.
All the digital forensics experts I know suggest the bottom of the ocean FYI.
I can't get hacked if I live a self sufficient hermitic lifestyle in an off the grid cabin with no electric devices.
Tell that to machete-bear.
The fact that he is actually a lawyer probably helps greatly, both in terms of what he can legally do, and as a deterrence to others trying to sue.
This also works on places like HN. I will often make an argument in my normal, working class low educated redneck hick sort of writing style. People will assume I have an unsophisticated basis for my argument and are way more likely to debate me on it. They like to attack an 'easy' target and even better if they are culturally seen as different.
If I use my pretend upper well-to-do white guy rhetoric with precise and deep vocabulary, I can make claims with a lower likelihood someone will challenge it, even if they are equally well backed.
Great channel, and yes the ineffectiveness of nearly all commercially available locks is depressing. At best it would briefly slow down a skilled picker.
Opening a padlock by hitting it with another padlock has to be one of my favorite bits.
"This is a Master Lock XYZ. It can be opened with a Master Lock XYZ."
Same solid principle as homeopathy
this is HN; its a monad.
Once came back to work after 4 week holidays (not USA) and realized I forgot the 3 digit code to my locker.
But I remembered that friend's locker (he was on holidays then) used US police code for murder. (Police in US use codes for crimes when communicating on the radio).
I googled the code, used friend's locker for the day, and by lunch the next day I've bruteforced through enough codes to learn that my code was the embarrassing 420.
If a company’s first reaction to a flaw is to sue instead of fix it, the problem probably goes beyond the lock itself. A real security company would appreciate someone pointing out a weakness rather than trying to take the video down. That kind of openness would actually make people trust them more.
The weird thing is, they actually had someone competent dealing with the issue:
> The strange thing about the whole situation is that Proven actually knew how to respond constructively to the first McNally video. Its own response video opened with a bit of humor (the presenter drinks a can of Liquid Death), acknowledged the issue (“we’ve had a little bit of controversy in the last couple days”), and made clear that Proven could handle criticism (“we aren’t afraid of a little bit of feedback”).
> The video went on to show how their locks work and provided some context on shimming attacks and their likelihood of real-world use. It ended by showing how users concerned about shimming attacks could choose more expensive but more secure lock cores that should resist the technique.
Sounds to me like someone professional in the company with a cooler head was on this and was handling it well, but someone else higher up got angry and aggressive and decided that revenge was more important.
This reminds me of the CEO of a cyber security company that challenged Anonimous https://en.wikipedia.org/wiki/HBGary. If you work for any kind of security company, do not ever ever ever challenge any kind penetration specialist. Everything is hackable, it is only a matter of cost vs reward, but when you challenge someone that goes out of the window.
Generalizing the advice..
Don't challenge people. Don't insult people. Don't humiliate people. Don't threaten people. Allow them to maintain their self-respect even when they lose. Don't rub it in. Give them a face-saving exit.
Plenty of violence and aggression is caused by violation of the above rules. They seem simple but they're broken on a daily basis. Famous last words: "you don't have the guts".
They turned a one-minute critique into a PR disaster that millions of people now know about
https://youtu.be/qL_MeobAp5s?t=1487
For those interested in the actual case, here's some deeper coverage of this bruhaha including how Lee may have perjured himself during deposition.
That guy sure isn’t in a hurry to get anywhere. Good one to watch at 1.25x speed.
https://youtu.be/PVhYhLQ4Y64?si=5UrMMeovCkP2J3Nr
If anyone is interested in the legal side, I'd also recommend 'Runkle of the Bailey' who has a series on this saga but with a focus on the legal shenanigans [0]
[0] https://www.youtube.com/watch?v=y3WVme9LAcQ&list=PLo0bMOObfk...
Haven't laughed so much reading an article recently. Wow, this story looked taken right off a comedy movie.
Sounds like the guy had rude awakening that his lock wasn’t as good as he thought it was.
Another way of responding to this is… to improve the lock?
Could even explore a positive collaborative social media campaign promoting the new lock.
Ship has sailed now…
There were locks that were secure against this attack, but they're more expensive. The cheaper locks vulnerable to this attack probably still makes them a load of money, though.
Lock-makers should start including RFID and a software key checking mechanism, then sharing the key would be illegal
Here in Finland mechanical locks with electronic keying are pretty common in some places. Some of them like iLOQ or Abloy eCLIQ are actually pretty clever: electrical bits of the lock are powered from mechanical action of inserting and turning the key, so you don't have to worry about batteries. In theory, they promise significant cost savings in scenarios like rental apartment buildings where tenants move in and out, need access to common areas, lose keys, etc, without compromising security or having to replace or recode locks - they just give you a generic key, click some buttons in the admin panel, and your key could be provisioned accordingly once you first enter the building and interact with one of the "smarter" locks that are externally powered and networked to the mothership.
In practice, in addition to the usual bugs you would expect from a software-based system managed and maintained by a plethora of organizations and contractors, they tend to become very annoying as parts wear out, so you have to fiddle with the key reinserting it repeatedly trying to find just the right angle so it will make a good contact to be recognized by the lock (for example the iLOQ system by my landlord communicates over a thin contact strip molded into the key opposite of the cutting and separated from the rest of the key with a thin layer of plastic).
Sounds about right for Abloy. They own Yale and their app-based alarm is subcontracted dogshit (by https://mobilepeople.dk) that didn't get updated for years on end, logs you out constantly, has less functionally than a 90s keypad model and even the hub thing sometimes just falls over and needs a power cycle, etc etc etc. Presumably they are entirely unable to handle any of it in house and are at the mercy of the contractor to fix anything.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
That's an illegal number mate. Straight to the slammer!
(for those missing out: https://en.wikipedia.org/wiki/AACS_encryption_key_controvers...)
Thabk you so much this is a beautiful rabbit hole to go down
plz stop! my hddvds...
Could you make access illegal using the DMCA, by putting some copyrighted content inside, with the physical key also being the license key?
This is how Nintendo engineered a legal argument disallowing 3rd party cartridges original GameBoy. The cartridge needed to display the Nintendo logo on startup which was checked pixel for pixel, otherwise the GameBoy wouldn't proceed with booting. Third party carts couldn't do so without infringing trademark.
What criminal mastermind could possibly defeat the DMCA? :D
> sharing the key would be illegal
How so? And what region are you referring to? There are many countries in the world with vastly different laws.
Unfortunately, the "region" would be the 193 member states of WIPO: https://en.wikipedia.org/wiki/Anti-circumvention
So, you are right, the laws in Micronesia, Palau and South Sudan might be vastly different.
I don't really "get" locks. If you want something to be closed forever, seal it shut. If it should be opened and closed, leave a hinge. If it should only be open and closed by a select few, leave it in a trusted environment
Don't you live in a good neighborhood?
I've lived in a fair few places, but I've never lived in a place where an unlocked bicycle wouldn't be stolen. I'll keep using locks, thank you very much.
I think they were probably making a joke about software security.
A trusted environment, even in a "good neighborhood", requires a lock at least to the front door of your house, or gate, or w/e.
But where will you park your car when you go to work? You have to lock it.
> A trusted environment, even in a "good neighborhood", requires a lock at least to the front door of your house, or gate, or w/e.
I don't think that's a trusted environment or "good neighborhood". But then I basically use "can leave front door unlocked with zero worries" as the threshold for "trusted environment".
But those environments and neighborhoods definitively exists today across the world, although they're probably becoming less and less common.
The company who sued him is, still, embarrassingly, attempting to hold a social media presence, despite getting exposed as fraudsters and bullies:
https://m.youtube.com/@provenindustries8236
I wonder how many stories like this are caused simply because a corporate lawyer is looking for some work to do, and maybe to meet some kind of internal KPI.
Former in-house lawyer here and in my experience the answer is something like "probably less than you think." The job of the lawyer is to advise the client and (within the bounds of ethical rules) advocate for their position, not to come up what the company's position should be.
Interesting, thanks for the insight!
Suing someone because your product doesn't work correctly is diabolical. Instead of filing a lawsuit, they should have acknowledged the issue and released an upgrade to their locks.
Ah, but the truth came out here; the can't sell a lock that is upgraded, because they already do sell one at a higher price.
There are cheaper locks if you don't care to defend against shimming.
The internet : sees thoughts challenging facts
Someone : “Sucks to see how many people take everything they see online for face value,” one Proven employee wrote. “Sounds like a bunch of liberals lol.”
The company : Proven also had its lawyers file “multiple” DMCA takedown notices against the McNally video, claiming that its use of Proven’s promo video was copyright infringement.
When did facts and enlightenment started to be for "liberals lol" ?
Freedom of speech based on facts should be universal.
"Reality has a well-known liberal bias."[0]
0: https://youtu.be/IJ-a2KeyCAY?si=cIcawm3U5-55nI2D&t=252
They're all a tough guys act. It's the type. Many American men love playing soldiers. What is Liquid Death? It's water LOL. See?
I like liquid death because their water is delicious and not high in sugar. I usually drink a sparkling water with dinner and I definitely prefer liquid death over la croix. They are technically different products though.
That their marketing is so edgy is just fun. I don't take it seriously, and it doesn't seem like they do either.
But Proven is definitely full of toxic masculinity internet tough guys.
FWIW in my experience is less the monster energy / black rifle coffee audience, it's actually the red bull / white claw audience.
It still feels wrong to me, but that's how it is.
> When did facts and enlightenment started to be for "liberals lol" ?
It didn't. That's one employee of the company, who has a clear bias in the matter, being ridiculous. It has nothing to do with liberal ideology, nor critique of liberal ideology, nor whatever sort of person that employee thinks should be considered a "liberal", nor their ideology. It's only the employee who even suggests that, and probably not even seriously.
>Freedom of speech based on facts should be universal.
To be fair that's not what we have in USA. For instance, a nurse who never even signed a private privacy agreement with anyone (unusual, but could happen) could violate HIPAA if they factually tell a patient's spouse the patient is being treated for AIDS and they ought to watch out.
Yes, they could and most definitely would be. The case you describe is one of the reasons it’s that way.
For what exactly would this fly-by-night nurse be telling me to “watch out,” in relation to my partner who’s living with and being treated for HIV?
One hopes this nurse, being medically trained and apparently working with vulnerable populations, understands the efficacy of the modern HIV therapies the patient is receiving. That, when managed, HIV is not transmissible by conventional marital means [0]; and that, until recently at least [also 0], concerted public health efforts have meant that most anyone who seeks medical attention ends up on those modern therapies.
That said, I hope said nurse would catch me in a charitable mood rather than a litigious one.
[0] https://www.cdc.gov/global-hiv-tb/php/our-approach/undetecta...
This is an entirely different argument than the fact at hand, which is making the factual statement is illegal.
You're just explaining why stating the fact should be illegal.
>[0] https://www.cdc.gov/global-hiv-tb/php/our-approach/undetecta...
I said AIDS, not HIV. I am no AIDS expert but I would be shocked if a large portion of people AIDS had no detectable viral load, while people with HIV commonly do not have detectable one. Wouldn't people with no detectable viral load generally not being exhibiting AIDS?
In that case—and in re-reading the comment you were responding to—I think I’m agreeing with you and that I should have read more carefully before getting my dander up :)
It sounds like we’re agreeing that you’ve given a good example of why it both is and should be that way.
And that, in US jurisprudence anyway, speech tends to be allowed unless there’s a broader social interest that’s served by protecting the specific categories of facts in question.
With the slight caveat that I’m not sure that “should watch out” is a fact, it sounds like an opinion to me (and one that’s potentially unsupported by the facts). In fact, don’t people governed by HIPAA still have a duty to report situations of actual or likely physical harm—for example if a minor presents with signs consistent with abuse [0]? Or even, in your example, if the provider became aware that the HIV-positive patient, out of malice or negligence, were declining treatment, exhibiting substantial viral load, and asserting that they intended to continue with behaviors that put the partner at risk?
[0] https://www.hhs.gov/hipaa/for-professionals/faq/2098/if-doct...
How could that happen exactly? In what circumstances could a nurse end up working for (or even volunteering for) a HIPAA covered entity without signing a privacy agreement?
And the privacy agreement isn’t required anyway. If you’re a doctor, and you treat your neighbor, you’re bound by HIPAA laws that cover the arrangement. All a privacy agreement really does is give the clinic a hope of being found not liable in a lawsuit or government action: “see, we have it in writing that the nurse knew this was illegal! Blame them, not us.” Even without the agreement, the practioner is still legally obligated to obey HIPAA.
And as a side note: sue the hell out of the hypothetical nurse spilling the beans on a hypothetical AIDE patient. Why? Because if you don’t, then other people who suspect they might have HIV are going to avoid going to the doctor, resulting in more deaths for them and their lovers.
It's probably a good thing for Proven that they didn't get into this dispute the LockPickingLawyer instead. He'd wind up owning their company in the counter-suit...
That'd be an interesting channel, the "LockMakingLawyer" where the lock is highly lawsuit resistant, "Press the NDA button to always be informed when the next video comes out"
The whole case is up on RECAP:
https://www.courtlistener.com/docket/70036390/proven-industr...
Long (often an hour long) with significant snark videos going over the filings: https://www.youtube.com/@RunkleOfTheBailey/search?query=Prov...
It would be funny if all this was just a liquid death marketing campaign
So... what should we be using for physical security?
In the case of a trailer, you do some combination of...
- Receiver pin lock similar to the one highlighted here (but probably not that exact one) - Wheel lock / boot - Receiver coupler lock (locks inside the cup-shaped receiver, preventing somebody towing the trailer with an undersized ball) - Secured storage lot / garage
But, basically all options are only going to stop random opportunistic thieves. If somebody really wants whatever you're protecting, they'll find a way. That's why insurance exists.
The question is "what do you want to secure against?" Describe the threat and then go from there. What are you securing? Is it meth-head or teenager? Or is it person determined to get in while making your insurance grill you over "did you lock it?"
Just clicked around after watching the vid and stumbled onto [0]. So there are locks he recommends... When it requires focus + several minutes to pick.
[0] https://www.youtube.com/watch?v=HrV86GqlY8o
Someone seriously needs to be taken to task for filing a false DMCA. DMCA is just another term for SLAPP these days. If anyone is a lawyer, they could still be despite retracting the case?
Anti-SLAPP is a great tool to have, but we do need slightly stronger ones. It’s a tough balance to find - to minimize the potential ways to abuse the system for all different kinds of entities/people.
YouTube’s TOS would be the most critical place to begin in terms of evaluating legal options. To file a “DMCA” (not really DMCA but YT’s proprietary version of it) claimants generally have to create an account and agree to the TOS. So it may bind both parties (the YTer and the abusive DMCA claimant). That might limit legal options for anti-SLAPP, tortious interference, etc.
But without either significant legal expertise or someone finding some particularly relevant case law, it seems like a nuanced enough domain that no one’s lay “legal” opinion would be particularly illuminating.
My pitch for an improved system is to give defendants the opportunity to file a lawyer-less motion for summary dismissal, which is 1) geared towards being filled out by a layperson and 2) doesn't disqualify you from a subsequent filing for summary dismissal once you get a lawyer. Basically, an initial "this is a stupid lawsuit, here's why" type deal.
And then fine plaintiffs (and pay the defendants) that lose a summary dismissal, because if your case can be thrown out before trial, it was a shit case that should have never been filed in the first place.
then this will get filed by every corporation against every lawsuit
Is that not an absolute win?
As the recipient of a SLAPP lawsuit (~decade ago) for truth I published online, the biggest problem with Anti-SLAPP statutes is that laypeople (particularly poorer ones) have limited access to attorney representation... the judicial system isn't accessible/friendly to the pro se litigant.
So even if the case is clearly being used to strategicly silence you, it'll probably still work (from plaintiff's POV). Same for DMCA.
With a strong Anti-SLAPP statute, the person who files the lawsuit is on the hook for the defendant's legal fees, which would (in theory) let the defendant hire an attorney on contigency fees.
Of course, one of the other issues is there's no federal Anti-SLAPP statute, and circuits are split as to whether or not state Anti-SLAPP applies to federal lawsuits, so if someone can diversity jurisdiction you into a federal SLAPP lawsuit, you're kind of stuck.
"if someone can diversity jurisdiction you into a federal SLAPP lawsuit"
Sounds like a CivPro hypothetical exam question that would give law students nightmares.
The real problem with DMCA is that in theory it's under penalty of perjury, but in practice it's completely ignored. What is really needs is statutory damages for bogus takedown requests.
Part of the problem with the DMCA is that the "perjury" clause only applies to "claiming that some IP exists", not "claiming that this violates the IP".
Yeah saw this - I can't believe a company would steer so far wrong...
> Lee’s partner and his mother both “received harassing messages through Facebook Messenger,” while other messages targeted Lee’s son, saying things like “I would kill your f—ing n—– child” and calling him a “racemixing pussy.”
Some people always go too far, undermining the good cause of the others
Wait, what if a hacker found an exploit and then published it without giving the company a chance to fix it?
clearly proven needs to sue whoever initiated that lawsuit for "mockery produced for the purpose of humiliating plaintiff”.
so they were even asking for it themselves? ahah, geniuses
OMG
> Proven argued that it would be difficult for an untrained user to perform.
That’s are exactly the people who usually break locks. All others fail on simple locks too.
What a snowflake.
I am concerned about the public reacting aggressively agaisnt the lock company owner amd his family. The guy is definitely a toxic bully, but he was indeed violently harrassed by filing a lawsuit, however unjust it was.
The correct support for a just cause must have been constructive: providing financial support for the defendant, public manifestation campaign, professional lobbying, etc
Although this time I agree with the defendant cause, the response by the public was as toxic bullying as the plaintiff, only stronger.
That’s the internet these days. It’s been going on for decades. Game developers got death threats over minor changes to video games and nothing happened to them. Is it that surprising that tactic has continued?
People can make fun of the company all they want. That’s fair game. They shouldn’t be calling the guy’s personal phone or harassing his family, that’s totally over the line.
But nothing happens. The behavior gets a pass so it continues to become more common. That passes for debate now.
Phone numbers are public not personal secrets. If you have a number someone can call it.
And I can find relatives/friends on Facebook to harass. Doesn’t make it ok.
Just like the fact we have agreed upon rules against using chemical weapons or attacking civilians in war (which some violate), the fact something is possible doesn’t mean society should accept it.
If we don’t have even the basic civility of not getting death threats over whatever minor thing someone on the internet is mad at, even mixing us up with their real target sharing our name, what’s left?
Everything becomes full force win at all costs, no matter how stupid or trivial. Who wants to live like that?
To be clear, threatening people in person is against the law too.
This all sounds great in the abstract. But reality is different due to the power differential. McNally is just one dude (albeit with a huge following). Lee is obviously a toxic jerk and his attacks and mockery of McNally triggered both McNally repeatedly proving the flaws in Proven's technology.
McNally obviously did the correct thing it seeking counsel and basically demolishing Proven's case in court. Too bad the SLAPP stuff doesn't work with DMCA takedowns.
And everyone else cheering on the sidelines (who isn't a paid shill of Proven's like the guy making the "liberal" comment)? Well giving Lee's company shit is fine IMHO. Call up the publicly available phone numbers, make service requests to flood his business etc. Fine with me. You poke the Internet bear, you get some claws.
As to the threats? If they actually occurred (which is questionable considering the BS Proven has been saying), then let the authorities know about them. That's not on McNally at all, it's more Lee being a jerk who doesn't know about the Streisand Effect, combined with social media companies that allow stuff like that to happen. It's also a good idea to not expose too much info about your personal life on social media that can be linked to your business, opsec ya know?
You’re getting downvoted which is unfortunate because I think you make a worthwhile point.
Emotionally I disagree with you. It feels like a bully is getting what a bully deserves. Logically, I think you are right though. Crowds just aren’t equipped to handle these situations. There are cases where the wisdom of the crowd is correct, but there are many more where it multiplies harms.
The underlying problem is that it never feels like justice is being served. Another comment mentions that there should be harsher punishment for false DMCAs. I don’t think the “wisdom of the crowd” approach is the best way to write those wrongs but I lament that modern justice has not been up to the task.
[dead]
I’m going to border closely to blaming the “victim” here, but if the lawsuit had been filed without toxic, threatening, man-baby social media posts, we wouldn’t be hearing about it. Harassed because he filed a lawsuit? C’mon, there’s a lot more to it than that. When one goes swinging their dick around on Twitter in an attempt to garner support (from one’s equally toxic fans, I presume), one will also likely attract equally toxic folks who disagree. Talk enough shit, and you’ll eventually get a punch to the face. Right or wrong, such is the world long before social media.
> the lock company owner amd his family. The guy is definitely a toxic bully, but he was indeed violently harrassed by filing a lawsuit
I think you're confusing who filed the lawsuit here. That was also the lock company owner as well (Lee/Proven).
While I agree that flash mob harassment from the Internet is a terrible dynamic, filing baseless lawsuits has been a longstanding way to predictably summon them. So if the table stakes of launching or defending these type of aggressive attacks have gone from a significant amount of money for attorneys, to a significant amount of money for attorneys plus public relations and/or having a large audience, does that really actually change much? Either way most people simply don't file lawsuits, even if they've been actually wronged, due to the extreme personal stress.
The straightforward way of diminishing mob justice is to make people believe the system provides justice. If we lived in a society where McNally would predictably win the lawsuit [0], and be predictably compensated for his expenses/time/emotionalDistress for being on the receiving end of this baseless SLAPP, then there would be much less mob outrage to begin with. As it stands, everyone can imagine themselves receiving these types of legal shakedown letters, but having much less power to push back.
[0] it sounds like this particular suit was slapped down pretty hard and "quick" by the standards of the legal system, but there are many similar cases that don't go this way
Um...shouldn't Proven just hire Trevor McNally as a consultant or heck, make him a partner? I mean...can you imagine the next level reputation they'd have if they can adapt and make a Trevor-proof lock?
I'd buy it.
These kinds of results seem all too common. Like, why? Are companies just too used to using their general business attorneys for it, and those attorneys are just ignorant? Hungry for extra billable hours?
> Like, why?
The answer, as succinctly as possible: cognitive dissonance.
This is exhibited in every human endeavor, but it's particularly acute, or at least more apparent to simple analysis, in business. In business, anything that diminishes the perception of value is a threat to earnings. Business people don't tolerate the existence of such perceptions in their minds. They readily adopt whatever mental state is necessary to deny realities that reveal a lack of value in whatever work product they sell.
In this case, someone demonstrated a weakness in a lock design. In the minds of the business people behind the product, this is impossible. Their locks are awesome. Best locks in the world! Therefore, the only conceivable possibility permitted, in their minds, is fraud or some other actionable offense that can be feasibly pursued in court.
The role of lawyers in this is a symptom, not a cause. Lawyers are paid to exhibit the necessary cognitive dissonance their clients require. Whatever aberrations or iniquities arise from this are simply denied by yet more cognitive dissonance.
> Lawyers are paid to exhibit the necessary cognitive dissonance their clients require.
Thanks for answering this FAQ.
While IANAL: even people who have done wrong deserve to be treated fairly. "Cognitive dissonance" has nothing to do with representing someone.
Businesses don't have to delude themselves to succeed either.
Even if they know they would lose in court, lawsuits are expensive enough that threatening to sue or filing a lawsuit is often enough to get people without deep pockets to do whatever you want.
I don't know if that was the reasoning in this case though, considering that they didn't drop the lawsuit once it was clear that the youtuber wasn't going to give in to their demands.
This is the stupidest thing I read today.
[dead]
[flagged]
the YouTuber in question doesn't talk. that's the representative from the lock company - basically the infomercial
its a very confusing video to watch without sound haha, not sure if it gets better with sound. The fact that you do not see the lock pickers face makes you assume it is the same person doing the talking (the representative).
> In the end, Proven’s lawsuit likely cost the company serious time and cash—and generated little but bad publicity.
There's no such thing as bad publicity. People say this for a reason. It's true. I'm willing to bet that their sales have only increased since this started.
There's absolutely such a thing as bad publicity. Entire products and even companies have tanked because of bad publicity. I don't know why this myth continues to be so prevalent.
I didn’t buy a Juicero back in 2015. Seems like I was not the only one.
Who is in the market for a product that doesn't work as advertised?
Lockpicking youtubers? But I guess that market got exhausted early on.
You're right! I'm off to the next Fyre festival and making sure my bag is secure with a Proven lock..... I wonder if Dassani still exist so I definitely can quench my thirst.
Humane Pin?