Letter to the Locksmith Community

[swolcott]

As someone that has started at the bottom and worked up I have to say I wish the internet had been around when I started. This forum is great and the people are too.
I've not worked as a locksmith in some years but I still love to pick anything that looks hard to pick. I was always known as the one to try the impossible and usually succeed at it.
I even went to some trade shows with a friend and when he got booked to teach two classes at the same time I got to teach his impressioning class that day. That was almost as fun as picking.
In fact, on the way to the trade show my friend gave me the GM pick and a bag of locks. I'd never seen one of the GM picks before but after reading the manual I got to it and picked every one of the locks in short order.
I especially love talking new, or old, ideas with others.
I really don't understand the narrow mindedness of others when the information on the site is available at so many other sites online. Maybe they want you to join THE association and pay for their titles like CML and such. reminds me of scuba classes with PADI. "Put Another Dollar In".
So as far as I know there still isn't any form or certification that matters. No State or Federal licensing. So why all the restrictions on information? Knowledge is power and those with the power do not like to give it up without a fight.
Keep up the great info trading and 'lock on!"

[flyfisher]

I'm not the type to jump on anyone, especially without knowing all the facts, but I DO want to say I appreciate all the work and heart that Varjeal has put into the LP 101 Forum. I have spent most of the past 7 days trying to read EVERY WORD on the site. I am Totally facinated, but it seems obvious that Varjeal is without at least ONE ATHORITY on the subject if not THE ATHORITY. I can't keep from looking for his posts!
To everyone here, THANKS! You have taught me so much in such a little time what I did not even know existed. I assumed that if something was locked, it had to be destroyed to get into it. I never knew, or thought that the locks themselves could be of such intrest. Such keen workmanship, yet like most manmade things, so many underlying faults or weakneses. I can't wait until I can get some "real" picks. The ones I have made are such fun to play with. Thank you all for my new toys!

[flyfisher]

SWOLCOTT, I just read your post, and don't see how I missed it before I posted. I have aquired "Mastery" at Putting Another Doller In too! I started that with NOUI and was told that the other was "So much better!"
It is funny(not really) that so many want to CONTROL! It does not matter WHAT, just CONTROL!
I fell in the floor laughing when I read your post. Thanks!

[NKT]

Sorry to re-open this thread, but it was mentioned to me by EricM last night, so I searched for it.

Below is part of my application for I-L, in which I mentioned another member here who is a member there, and also, and I quote:

K Bohn (Varjeal) of Azor Lockworks in Alberta can also vouch for me.

so either it wasn't read properly, or, more likely, whoever was kicking up the stink has calmed down a bit.

My $25 is going towards trying to calm, trying to reduce the militant attitudes of a few of the members. Of course, many if not most of them are perfectly ok. I just bring a different perspective to the debates about whether it is right or wrong for things like the Matt Blaze paper on safecracking to be out in the open, and so on.

A large part of the fear is that someone could take the entire site and rip it, then a lot of sensitive stuff would be out in the open.

Like IT security, obscurity is generally not a great thing to rely on. However, the analogy falls down when we look at things like your PGP key - without the obscurity of the passphrase and private key, there is no security. In fact, it breaks down further when we consider that updating a set of 100 servers hosting 100,000 websites can be done in a day for almost no cost. A large masterkeyed lock suite is far, far more difficult to update, it's disruptive, and the costs will be in the 6 figures due to re-issusing keys alone!

This makes the publication of a flaw, even a major flaw, in a system far more difficult to justify releasing. How long would it take you to go out and replace every lock you've ever played with due to a security flaw? Years? Probably a few days, even for the members who merely play with locks a few days a year and have never even posted! And there are many locks that are sucure because of the obscurity, too. There might be some ultra-secret flaw in a few locks, that no-one has found yet. It's of no use to anyone, though, and, if it does get published somewhere, then that lock design will, eventually be changed. But re-tooling costs a lot.

Due to the mul-t-lock pin-in-pin weakness, there is now a simple change which has been reported to Eric from the factory which stops the attack from working. It took a while, and may not be true of all the locks world-wide, but going round to change the thousands of mul-t-lock cylinders that have this weakness is going to never happen. It simply isn't cost- or time-effective.

So, hopefully by now I have shown why security through obscurity *is* still security, at least in the real world, where automated attacks cannot be carried out at the rate of a billion a second. That's why safes are still secure against auto-diallers, at least for a time. And the safe combo, like the password, is simply obscurity.

[scampdog]

this thread about varjeal being banned from IL has intrigued me,firstly,for what reason was the ban put in action and secondly who gave these so called locksmiths the authority to action this. Being a working lockie in the uk,i can probably pick a lock as good, if not better than any of these so called LOCK GODS,but i dont go around pretending i'm something im not. Is it just jealousy, or the fact that their sacred domain, is being threatened by up and coming lockies,or perhaps the insecurity of realising, that there ARE people out there with similar, if not superior capabilities,i stumbled on lp101 by accident and have found it to be invaluable if looking for specific information, so lets not worry about those out there,we dont need or want them in our community.

[Varjeal]

I didn't realize this thread was still open otherwise it would have been locked awhile ago...I'll respond to the current questions posted and then if anyone else has comments they can pm me personally.

scampdog:

The ban was put into action because of the perceived threat that I might divulge information from that site to this one. I virtually became the scapegoat of the operation since more than a few of their members are still members of both sites. I was likely targeted as I was the most public figure, even though I had never attempted nor wanted to pass information from that site to this one.

The owner/admin/mod team has every right and authority to operate their site as they feel, and because of certain forum members raising complaints, they felt it best for the site that I and another member were not around to "compromise" their site.

My worrying stopped the moment the moronic replies to email enquiries as to reasons for why I was banned arrived.

I'm letting bygones be bygones (or however its spelled) and am continuing in the path I chose.