51 comments

[ 3.1 ms ] story [ 117 ms ] thread
If you're even mildly handy with a lockpick, the tiny little keyway on the back of the lock is easy pickins. Even the most ham-fisted of raking techniques should open the lock inside of fifteen seconds. Use it for good, not evil! (Or at least make it fun evil.)
Very fascinating and a good thing to keep in mind if I ever forget my combination lock number, thought that's unlikely. The only thing you would use this for is breaking into other people's locks. ;)
Not necessarily. It would take ~10-15 minutes of straight work to get this (more for your first few tries), so you can't really open a lock in a public place this way. On the other hand, it means you can pick up locks that the owner doesn't know the code to, and make them usable again by "recovering" the code.
If social engineering taught me anything it is not only could I spent 15 minutes at the lock, but I could even print this out and tape it to the wall in front of me. I forgot my lock combo and am trying to recover it, thats all. Someone might even come over and help :)
I've read about fascinating sociology experiment along those lines. A sociologist was planted on a busy street, obviously trying to open a car door lock with a bent wire. The car contained an expensive television. No one called the police, they just looked at him curiously and kept walking.
Of course no one bothered him, he didn't appear to be doing anything wrong.

That's the secret behind most social engineering.

Well, the information has been out there for more than a decade, but this is a really cool way to represent the process. There are also a lot of faster ways to get past a $5 Master combination lock, so this method is really only useful if you want to deduce the combination of a lock -- for instance, if you found one on the side of the road, or you cared about not only opening it, but being able to open it in the future without leaving an obvious sign of breach such as would occur using bolt cutters or a hacksaw.
It's described in Feynman's biography 20 years ago - only for safes holding the designs of the atom bomb!
I've seen several of these now, but I like the way the information is presented here, usually its just a straight block of text, which is hard to read.
I mostly submitted because I liked the infographic aspect of it, not so much the information. That, as you say, has been around for a while.
I was not trying to downplay the submit, I was saying the infographic was an interesting way to display, it, one I hadn't seen before.
I just use a shim.
I hear a quick blow with a mallet also works.
If you are at all handy with a lockpick, you can pick the little keyway on the back of the Master combo lock in about fifteen seconds with even the most brutish of raking techniques.
Why are all the comments mentioning picking the back of the lock now [dead]?
(comment deleted)
Similar things happened with a 37signals story a couple weeks back.
A very good question. The same thing happened a little over a week ago, when a moderator deep-sixed all submissions of a particular thirtyseven signals post (sorry, I am avoiding regex bait now).

In fact, it appears that my account which attempted to post the aforementioned story is crippled, which is to say that all comments posted thereafter are auto-killed, yet do not appear so when I am logged in.

Another good question: does it bother anyone else that superuser-level moderation occurs in secret without any public recourse or justification?

Yes it bothers me very much, if they wanna cripple someone's account why not just admit it?They are the superuser moderators, who's gonna go against them?
does it bother anyone else that superuser-level moderation occurs in secret without any public recourse or justification?

It is a good question. It doesn't bother me. Maybe that's because I've been in the role of an ordinary user on plenty of sites with little or no moderation, and I have also been in the role of a moderator (with varying degrees of moderation power and authority in the chain of command) on various sites. Most discussion sites need moderation. Most moderation actions don't need metadiscussion.

Talking about moderation, I posted some things from an account which the people of HN didnt like and without any reason I have been crippled, the same thing is happening to me. All the comments that I post appear when I am logged In but they are actually not there.

This is preposterous. HN has steeped so low that they cannot even take views other than there own?Ridiculous.

I agree that comment sites require moderation, but HN makes every appearance of being community-moderated. The voting system is supposed to take care of the signal-to-noise ratio, and I think it does a pretty good job.

The moderation actions I am talking about, however, are unilateral (you can't even ask why), magical (you don't know it is happening), persistent (the account posts dead comments for a period of time, perhaps infinite), and arbitrary (the comments are not necessarily undesirable or contrary to the HN culture). These traits are bothersome to me, and to at least a few others. I think it warrants a discussion.

actually, news.yc is not "community-moderated." users have some input, but it is vastly subordinate to the power of the editors. it is them that sets the overall tone of the site. if it wasn't this way, we would have been overrun by trolls long ago.

if your account gets killed, you email pg to find out why. he will almost certainly reinstate you, if you agree to stop doing whatever it was that got your account [dead]ed in the first place.

At the very least, comments and stories that are killed should show the username of the user responsible. Is there any real justification for keeping it secret?
Nearly everything that's killed is killed by software, not manually. But if you want you can consider me responsible.
Now this is ridiculous I have changed two accounts in two days, just because for some reason I have pissed of software. It doesnt give any reason, it just cripples my accounts and kills my posts. This is preposterous. At least a reason should be given for such, an I am rather surprised to say, rude and uncivilized behavior.

All the posts that got my accounts killed had one thing in common, I posted something against HN. Cant it even take criticism anymore?

Just out of curiosity I looked at some of your older posts on your other accounts (turning on showdead). Being relatively new here myself (about 7 months) I can't speak for the staff or the downvoters, but if you were to look at your posting history over the past 21 days you might be able to infer the behaviors that get them upset. You might even try a statistical analysis of your killed posts if you really want to understand what is triggering the automatic kill switch.

The point I want to make is that when participating in a community, there is usually a natural feedback process that allows one to discover the rules and values of that community. If one does something out of line, the community will swiftly react. Multiple negative reactions are a sign that one's behavior isn't in line with the community's standards, and should be used as an input to the decision-making loop that says, "Wait, maybe they don't like it when I do X all the time." Then, you either decide to adapt to the community, or you leave.

Also, most communities will only accept a limited amount of correction from any given source, which varies by source and by community. One of the behaviors that's likely to earn repeated negative feedback is trying to change the community more than allowed by one's standing within the community.

just to make it clear, I didnt post a spam site nor was I promoting anything for myself. These were just ideas of mine. Which I think are perfectly legitimate to express. No explicit language was used and there was no blame games.

Also for your advice that multiple downvotes got me killed. I made another account (notrick2047) before this (thats was the two nots in notnotrick2047) and it was vetoed out in 2 hours at 3 points. Now 3 points count as a fair or at least competent comment. But still I was crippled. And the most annoying thing is that it didn't give any feedback.

I demand an explanation.

Sounds like HN is becoming self-aware and vetoing any attempts at critical thinking with regards to its policies.

Long live HN Skynet!

Don't be so paranoid. I recently discovered an account that was being auto-killed and made a small fuss about it. Paul read the comment and found the reason; that user submitted a story from a spam website and all his subsequent non-spam submissions were auto-nuked. Quickly Paul went back and unflagged the guys non-spam submission:

http://news.ycombinator.com/item?id=862023

Good submissions for me are carefully considered and composed. I always proof read mine before submission. I feel it is discourteous to expect 200 people to read something I am unwilling to read twice. I see four obvious mistakes in your post that someone with your clear command of English could have caught before posting. I have no knowledge of your other posts.
Ok now I have to take remedial grammar lessons?dude, I think it was a totally understandable post.
And I'm sure that nearly everything that's killed manually is justified, but that kind of misses the point, doesn't it? The whole point of transparency is so that we can see those cases where it wasn't automatic and where it wasn't justified. And especially so we can see if a particular user is killing stories that disagree with his political beliefs. I'm betting that just displaying his username next to the items he's killed would curb a lot of that.

Put another way, why wouldn't you be willing to surface this information?

If someone started killing stories that disagreed with his political beliefs, I'd notice and unkill them. So you really can act as if anything dead (for long enough for me to have noticed) has my username displayed next to it, because I in effect signed off on it by leaving it dead.
I find this really unsatisfactory, but I can't put my finger on why. After all, I would be trusting you in the same way if you did alter the software to put the username next to all killed stories, but something about this answer still doesn't sit right with me.
You can also develop hyper sensitivity in you finger tips and feel when lock aligns. Lock pickers like this can allegedly detect the tip of a feather brushing against a toothpick being moved by the lock they are picking.
lol@first comment. Epic.
give this dude some love, I had a good laugh after figuring out what that first comment meant.
Thanks =) I should have explained perhaps that the first comment on the page had noticed that the graphics that sould look like a finger pulling the lock looks like a.. well.. penis..
Thanks so much for the direct link, and the interesting discussion. I created the image, and I'm having a great time whizzing around the internets reading feedback.

Edit: If you're interested in some of the images that led up to this final: The process can be found at http://vdm3gd.wordpress.com/author/markofcca/

Also, I think I'm going to hang around here for a while : )
This is a pretty good method, but sometimes it won't work. I've cracked several master locks in my life, and I found one for which the above method did not work--I kept getting the wrong 3rd digit, no matter how carefully I looked for the .5's. (Trying several hundred combinations in the process.) I recall another occasion when I gave up after finding two wrong 3rd digits (and trying 200 combinations), and another when my friend told me that the 3rd digit I found was wrong. With Google, I found this method, and it seems to work perfectly: http://www.angelfire.com/ma4/masterlockcrack/3rd-2.html

It gives the same answers as the first method most of the time. Think about it: if the centers of the ranges of the lock are in fact arranged in a group of four xx.5's (e.g. 2.5, 12.5, 22.5, 32.5), a group of four xx.0's, and a group of three xx.5's and an xx.0, which is what the first method predicts, then the second method should give the same 3rd digit.

I know nothing about the internal workings of the master lock, so I can't argue for either method on its own merits, but I do know this:

1. Using the first method, I've failed at least three times, and I don't think I suck at implementing it. Using the second method, I have not failed yet.

2. On that lock for which I, using the first method, failed to find the correct 3rd digit after about five tries, I found the correct 3rd digit with the second method on my first try. This digit was, in fact, one of the digits that I was quite sure was not correct according to the first method.

3. The second method is easier to do and to feel confident about. Instead of seeing what looks like a .25 and trying to decide whether I should call it a 0 or a .5, I just need to see whether this range is the same as that range and these other two ranges.

Old news to me. I figured this out on my own 20-odd years ago. Then again, I'm a locksmith and that's the kind of stupid shit apprentice locksmiths do for fun. Thing is, to a locksmith it's not really a particularly useful trick. Any competent locksmith has access to the combination via the serial number. Back then we had to look them up in books, but now, I can access all that via a web site with my phone. It's like living in the future, I tell ya'.
The code for my lock would not be found this way. Choosing the correct 3rd number (which obviously I know) my whole code does not appear in the suggestions to try.
Is the resolution of a master lock down to the actual number? Perhaps the exploit relies on close combinations also working?
Worked in 5 minutes as advertised. Saved me a few bucks on a new lock. :-)