huxleypig wrote:Lauren, it is such a difficult dilemma, isn't it? Merely saying you have a tool that does x or y is enough to alert others to the fact that it is possible, which could lead to losing the idea, without ever even publicising the tool itself. And yet I really, really hate having to keep my best work hidden from view...but that is the reality right now and it is so very fucking frustrating. I know it is easy to say this, but you should see some of the stuff I have squirrelled away. Completely new NDE methods (or should I say, completely new NON-PUBLIC methods) of opening pin tumblers and lever locks and disc detainers...all sorts of crazy shit.
Josephus, I too sit on ideas and tools for years sometimes...but again, this can be a bad idea; I have an MCS opening system that has been sitting in Lockfall Towers for a few years, waiting until such a time as I can leverage it. But the fantastic Draukan found the same vulnerability, put it up on Youtube and now not only have I had to find a new method, but all that work and all that 'sitting on the tool' has been for (effectively) nothing now.
And yet doing the opposite, and making your work public can lead to even worse consequences. Like my Abloy Classic Pick/Decoder - it was only up here on KP for about 3 weeks and it had already been declassified from its secret status and for sale to the public. I asked everybody I knew if such a thing already existed and to a man, everybody said "no". I scoured long and hard, searching for any clue that the tool might already exist. There was none. So, confident I was doing something original, I embarked on a 6 year-long process that cost me a LOT of time, energy and money. Guess fucking what, it was there the whole bastard time. And not just the Safe Ventures tool either. Some of the guys I asked are/were (RIP Chris Belcher, you were a massive inspiration to me) very old, respected toolmakers from the UK, a couple of which do work for intelligence agencies. Nobody knew a thing about it.
I often equate it to artwork (because I consider the design and creation of locktools a form of artwork); imagine Mozart spending years writing his life's masterpiece. He unveils it at a grand ceremony to many plaudits. Then, a week later, Johan Strauss knocks on his door and tells him that his wonderful oeuvre is a total rip off of his own work, composed many years before. Whilst I do not place myself in the relative league of Mozart, I think my point still stands. I found the whole thing very distressing. I found it soul destroying.
So to summarise, it is not something that I will ever let happen again. Any stuff that I have shown since then are old versions of tools, very early prototypes or heavily redacted/obfuscated. Many of my concepts/techniques are still completely in the dark. So how do you get around this dilemma? Keep making stuff that only you will ever see or get to use? That is such a waste. I hate the way many of the government secret stuff never sees the light of day, if I were the inventor of some of that incredible stuff, I'd have to be pretty damn well compensated for that.
Jaakko Fagerlund wrote:Greets to Camlock company, I'll be making a tool for your stupid octagon shaped locks. Yours truly, Hold-My-Beer
Lol, shhh Jaakko, their revolutionary re-design of the tubular lock centre-post is FAR too complicated to make a tool for!
Great talk hux! I certainly have the same dilemma now. The traditional thing is to patent such a novel invention, but then to be told it's not novel or to have your designs stolen without recourse is a sad to say the least. No wonder manufacturers have this locked up tight and control things how they want.
Keeping things in the dark isn't a long term strategy in my opinion, that much is clear, however what's not clear is how someone should be fairly compensated for such work that we do? Many have said after I picked the MCS that "if you could really do that, the manufacturer would pay you a bunch of money!" ...but it's now obvious, pay for what? Even though I did design a lock that prevents the method, it's clear they are far from interested.
I don't expect such a huge lottery winning for finding exploits, but a nice bug bounty makes a lot of sense. Just like covered in your talk, the physical world has a lot of catching up to do with the digital world. In the beginning, I think hackers did it just to see if they could, and in some ways, that's how I approached the MCS.
I may take just the opposite approach of keeping everything secret, and publish absolutely everything I find. I went to the manufacturer first to see if they were interested in patching such an exploit and was literally shamed out of the room for even expecting some amount of money for my ideas. In the end, maybe they do just get free R&D from us (shameful for THEM in my opinion), but I don't really see a way to force them to do anything. Only their consumers can demand something better. In the information age, obscuring information is not a good long term strategy in my opinion, though on a small scale it certainly works well.
Posted: Tue Aug 22, 2017 8:50 pm