HN Theater @HNTheaterMonth

The best talks and videos of Hacker News.

Hacker News Comments on
Keynote - LockPickingLawyer

SAINTCON · Youtube · 442 HN points · 1 HN comments
HN Theater has aggregated all Hacker News stories and comments that mention SAINTCON's video "Keynote - LockPickingLawyer".
Youtube Summary
The Lock Picking Lawyer is one of the most well-known names in the world of lock picking and covert entry. He is best known for his extremely popular, eponymous YouTube channel. This channel features over 1,000 videos exposing weaknesses and defects found in locking devices so that consumers can make better security decisions. What’s less well-known is that he also works with lock manufacturers to improve their products, private companies to improve their security, tool-makers to improve their products, and government agencies. As his name suggests, the Lock Picking Lawyer was a business litigator for nearly 15 years, but recently retired from practicing law to devote all of his time to security work.

Designer of tools available at Covert Instruments https://covertinstruments.com/
HN Theater Rankings

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this video.
Nov 28, 2021 · 442 points, 234 comments · submitted by brudgers
userbinator
If you watch LPL enough, you get the notion that most locks are for keeping honest people honest rather than stopping a determined attacker. All the comments from people who have managed to lock themselves out further reinforce that.
iso1210
You have to realise that LPL has a very specific set of skills. Skills he has acquired over a very long career. Skills that make hom a nightmare for people like masterlock.

I had a locksmith out a couple of years ago, and was very disappointed when he simply got out a drill rather than starting with 'click out of one'.

LPL makes things look easy, I'm sure they aren't.

celticninja
The locksmith drills your lock because it takes no skill and allows them to sell (or forces you to buy) a new lock and set of keys at whatever weird time of day it happens to be. The price is almost certainly going to be higher out of normal hours. Plus if he picks the lock in 30 seconds you may not pay such a high fee.
RyJones
I locked myself out one night and called a service. The guy showed up and asked if I wanted a show, or the door open. I said open the door please. He did in about ten seconds and I gladly paid full fare for the work.

Spoiler: he leaned on the door to hold the latch in place, then used a plastic shim to trip it open.

nirui
I would probably (mentally) look down on the locksmith if he/she just going to drill it out without trying anything else first. I own a power drill too and I know how to use it to break a lock myself with zero knowledge on how lock works (for some weak locks, even a flat head screwdriver is enough to get it done).

On the other hand, if the locksmith clicked my lock out in just 30 seconds, I would probably ask him/her to sell me a better (and sometimes more expensive) lock based on his/her professional opinion.

loloquwowndueo
But how are you going to get your power drill if you’re locked outside? :)
accountofme
The hardware store?
eatbitseveryday
Garage door opener glued to the outside that uses a PIN?
loloquwowndueo
You assume a garage exists or that said person keeps tools there and not in the basement.
nirui
If we're really going for the detail.... well, my neighbor is a contractor, he owns multiple almost-dead power drills with unlimited supply of dull bits (enough to get the door open). If that's not an option, there are few hardware shops within my walking distance where I can by a new cheap power drill as well as a cheap lock. And if I really messed it up, there is a market for home renovation supplies not really far, they sell doors with comes with lock.

Now that I thought about it this deep, I think I can be a locksmith too with all the nature advantages that I clearly have here. I don't even need a power drill, a battering ram is well enough for my job. And if somebody call me to open their door, I'll just ask which color they would like for the new door that whey about to own.

dwighttk
If he picked it as fast as LPL does some locks I may be inclined to buy a new lock from them
wayoutthere
The one who I call is more than happy to drive by, smack a bump key with a hammer and charge me $125 for the pleasure.
kzrdude
Don't you need a new lock anyway? After all, you no longer have the keys.
evilduck
A locksmith (or interested individual) can rekey a lock. The pins and keys are the cheapest part of the lock too, which is a contributing factor towards why locksmiths lean towards destructive entry. They get to be lazy, the method can't fail and make them look stupid in front of a customer and they get to offer you a sales pitch on buying a new lock right then and there.
paranoidrobot
> Plus if he picks the lock in 30 seconds you may not pay such a high fee.

A story I was told once by an electrician who worked at a steel works for years.

The story goes something like this:

One day he was called out to a big engineering workshop, all their fancy new equipment is on the blink.

He walks up to one of the machines, has a look, then without saying anything promptly turns around and walks outside, followed by the curious manager.

The electrician circles the building and turns on the first tap he sees, and lets the water flow for a few minutes spilling on the ground. After leaving that go for a while, he turns the tap off again, and walks back in and tells the machine operators to try again. Magically, they all start working again.

The electrician has been there for barely a few minutes and hasn't even touched the machine or anything else electrical.

The manager asks for an explanation, since the electrician didn't even touch anything electrical. By way of response, the electrician says "You had someone fix that tap outside that was leaking, didn't you?" the manager replies in the affirmative. The electrician then explains that the leaking tap was keeping the building grounded - the slow leak was just enough to keep the sandy soils moist enough for a proper earth connection.

The electrician hands over the bill, with the emergency callout fee and minimum hours, etc. The manager protests that surely just turning on a tap didn't warrant a fee that large.

The electrician replies that turning the tap on was free, knowing to turn the tap on was what they were paying for.

Whether that story is true or not, there's plenty of similar ones.

The point is that while you might get annoyed that an expert came in and solved the problem quickly, without that expert you were going to wait a lot longer or spend a lot more trying to fix it some other way.

Personally, I'd rather deal with a locksmith that gave me the option: We can drill the lock, you can pay (say) $300 for new locks and keys and it'll take 30 minutes. Or, you can pay $300, we'll pick it in a minute, you keep your existing keys.

The locksmith I called a few years ago used a long piece of wire with a string attached, slid it under the door to pull down the door handle from the inside.

iso1210
Another version of the old "hit with a hammer" parable, albeit one where the incompetence of the elecrtician is rewarded.
thesmok
Electrician in that story should have billed for and installed a better grounding, because grounding is safety.
jcrawfordor
This seems like a variation on the old story about Steinmetz, the Wizard of Schenectady, making a chalk mark on a generator at a Ford plant. Which seems to be a true story, although often not attributed. The punchline to this one has always been Steinmetz's itemized bill, of $1 to make the chalk mark and $9,999 to know where to make it.
lrvick
Honestly, when it comes to most US locks, they really are a joke.

I learned to pick my parents safe and door locks by 8, and have taught dozens of children to pick virtually every lock you can find in a hardware store.

As a security engineer the first thing I teach peers isn't even software, but lock picking.

Peoples minds really open up when you show them how to open every lock in their own office in under an hour of training.

"Is security on almost everything we trust every day really this shit?!"

"Yes"

techdragon
Thank you for this insight. I will forever advise anyone interested in getting started with computer security to learn lock picking first. Having done both In the other order id never thought of how insightful it is for fully realise the fragility of the illusion of safety as it exists in the real world as a better grounding for anyone about to learn the fragility of everything in the more complex and more abstract digital world.
xondono
> I had a locksmith out a couple of years ago, and was very disappointed when he simply got out a drill rather than starting with 'click out of one'.

That’s a common occurrence because of the incentives. The locksmith wants to spend as little time as possible (average time), and doesn’t pay a premium for destroying the lock, since most people don’t confront them on that.

LPL is amazing, but any decent locksmith could get at least near enough him in competence. It’s not that it’s so hard that very little people can do it, it’s that is very niche for most people to learn.

TravelPiglet
Damaging the lock in the process of picking it is also an outcome that isn’t shown in the videos. LPL damages locks as well.
celticninja
I bet most locksmiths are the drill and replace type and could not pick a lock reliably anyway. Locksmiths are taught how to dismantle and remove a lock these days rather than how a lock works and therefore how to beat it.
xondono
After thinking about this, I realized it makes a lot of sense given what LPL is saying.

After all, if you spent a fortune in some lock and the locksmith can open it in 5 seconds flat, you’ll feel ripped off. It’s possible that a lot locksmiths believe the locks to be safe, and they think they’re saving time by going the drill route.

Not to mention that if the locksmith is selling you the lock, he will want to avoid damaging their reputation.

lathiat
Time to watch this one

“Locksmith says my videos are BS… Loses $75 (Maybe)”

https://youtu.be/NSuaUok-wTY

Also if you actually watch this keynote half the problem isn’t locks you can actually pick but stuff you can just open with very basic tools that don’t even require the skill he has. Like combs, rakes, hammers, slithers of metal, etc.

josefx
Going by a presentation from a professional pen tester lock picking is usually far down on their list because there are easier ways to open many doors without picking the lock.

https://www.youtube.com/watch?v=rnmcRTnTNC8

Someone who wants to get in is probably already on his way out while LPL is only halfway through with the lock.

JshWright
A big part of what LPL does is exploit those non-destructive bypasses.
delusional
You have to excuse that I didn't watch the video, so i might be missing some context.

LPL's career isn't lockpicking is it? I was under the impression that it was just a hobby that turned into a youtube channel. I seem to recall him saying that he just picks locks all the time, and that's why he's good. I think he said that when he watches movies he takes a 30 locks and then he just sits there and picks them while watching.

Quequau
It wasn't (he used to be lawyer) but he's won lock picking contests, apparently has a gargantuan collection of locks some of which he habitually practises on, and these days runs a company that sells lock picking tools (though I have no idea if that's his only gig).

Anyway, if you watch all / most of his videos the near constant refrain running through them isn't "with finely honed skills and the right hard to find speciality tools it's easy to open this lock" (though he does do that). Instead it's: "it's easy to open this lock with no or few skills, no or little practice, with trivially found, improvised, or purchased tools, using exploits that have been known in the lock manufacturing and locksmithing industries for decades or centuries".

That in turn is his point in this keynote. These exploits have been known in the lock manufacturing and locksmithing industries for decades or centuries and yet many, perhaps most of the locks that people can buy in stores, still have those flaws (which are easy and inexpensive to eliminate in the design and construction process).

donatzsky
> (though I have no idea if that's his only gig).

Pretty sure it's not. From what I've gathered, watching his videos, he's also doing consulting/training for companies on physical security.

tylermenezes
Locks are worse than you think. I'm not skilled, I don't practice, but I've been able to get my parents back in their house within 5 minutes both times they've locked themselves out.

You call out masterlock but they're particularly bad. I lost the key to one and kept using it for a year because unlocking it was as simple as just putting the pick in while turning.

OkayPhysicist
I encourage you to try out locksport as a hobby. Pretty much anyone can learn to pop open a masterlock padlock in 30 seconds or so with maybe a couple hours practice. Don't get me wrong, he makes even really, really hard to pick locks look easy, but that doesn't negate the fact that a lot of locks are just actually easy.
Quequau
I feel like this comment comes up every time LPL is discussed outside of his context and I think it discounts the hundreds of low / no skill attacks he has demonstrated which apply to many, probably most, of the locks with recognisable name brands that are for sale in brick & mortar stores.

It took me 30 minutes to make and use a tool that he demonstrated using on a lock similar to one I own and most of that time was spent rummaging around my place trying find stuff.

Lastly, I think you got taken advantage of by a locksmith out to sell more locks and keys.

notatoad
The biggest part of the LPL skillset is his knowledge about all the low-skill attacks that exist, and which locks they work on. Low-skill attacks are only effective if you know about them, and remember which locks each exploit applies to.

The only low-skill attack that seems to have any widespread effectiveness (and would therefore be worth trying on every lock) is raking, and that is pretty easily defeated by any lockmaker who cares.

sdmike1
He is also a very skilled SPPer which he will frequently demonstrate. He mentioned in the video the reason he uses so many low skill attacks is because they work so well on locks people *care* about.
Quequau
I believe that "low skilled attack" also includes the ability to search the internet and watch a video. There are literally thousands of videos on YouTube with demonstrations of low skilled attacks using improvised tools.

For example I made a shim and opened a lock I own in less than 30 minutes after watching one of his videos that featured a similar lock. I had never opened a lock without a key before that day, don't have much use of two fingers on one hand, and my toolbox fits in a kitchen drawer.

For your list of common low skill attacks which have widespread effectiveness I would also include shimming, hammering, and cutting. Also in the case of locks with electronics associated with them, strong magnets.

LinuxBender
The locks I am most impressed with are from the days of alcohol prohibition. Some doors to speak-easy's looked like part of the wall, had no key holes. Rather just small holes all over the "wall" and you had to poke a piece of metal through the right holes and push/pull the wall in a known way. No windows, no appearance of a room, just a wall. The stairs leading down to it would usually go right past the "door" into a basement storage room with nothing exciting to see. The cops could walk right past the door a thousand times. It might be fun to build a home like this. I suppose you just have to design it so people can not see where you actually entered.
andrewflnr
Reminds me of port knocking. Is there a name for these, info on how they're designed?
LinuxBender
I honestly don't know if there is a name other than "custom pinhole latches". These were all custom made as required. I am not aware of a business that creates anything like this. You can find documentaries on hidden speak-easy's online but I don't have any links handy. The most prevalent implementations of this setup were in New York City but other big cities had them. I want to say the concept dates back to mid-evil times.
andrewflnr
"Pinhole latch" sounds about right, I'll see what I can do with that.
gambiting
So the interesting thing is that nearly all home insurance policies stipulate that you're only covered for theft if there are signs of forced entry - but clearly, any lock can be picked without leaving a mark. So I'd assume either these policies are a scam, or actual real world thieves are not very good lockpickers and a good old crowbar is simply faster and easier.
phonon
Source please? Standard HO-3 policy defines theft coverage as

9. Theft

a. This peril includes attempted theft and loss of property from a known place when it is likely that the property has been stolen.

b. This peril does not include loss caused by theft:

(1) Committed by an "insured";

(2) In or to a dwelling under construction, or of materials and supplies for use in the construction until the dwelling is finished and occupied;

(3) From that part of a "residence premises" rented by an "insured" to someone other than another "insured"; or

(4) That occurs off the "residence premises" of:

(a) Trailers, semitrailers and campers; (b) Watercraft of all types, and their furnishings, equipment and outboard engines or motors; or (c) Property while at any other residence owned by, rented to, or occupied by an "insured", except while an "insured" is temporarily living there. Property of an "insured" who is a student is covered while at the residence the student occupies to attend school as long as the student has been there at any time during the 60 days immediately before the loss

switch007
My policy from a large building society in the UK has an explicit section for cover for theft /not/ using force and violence, but it doesn't apply if the house is lent/let/sublet. That is covered by the preceding section of theft using force and violence.

I.e. force and violence required if letting the property.

wdb
Yeah, that makes insurances pretty useless. I have a jewellery insurance but it but the number of outs for the insurance company is saddening. I need to get hurt when I getting robbed on the street before they will cover the theft of my watch. One of the reasons why I mostly wear some watches at home. And if I get violently robbed they only cover up to the retail price and not the replacement cost/price.

If anyone know a better insurance the cover the above cases in the UK. Please tell me.

stjohnswarts
So you're telling me if I'm ever robbed by an ex roommate who made a copy of the key I should take a crowbar to my door?
gambiting
I mean, I'm not saying that you would, but I don't see how the rational decision when you find out you've been robbed isn't to break a window yourself. If there's no signs of entry then you simply aren't covered.
formerly_proven
Lockpicking leaves marks inside the lock which look nothing like what a key leaves behind. http://www.lockpickingforensics.com/
mtreis86
Depends on the atack, a Lishi key should leave little to no scratches on the pins. Raking would leave the most.
pdpi
The marks you’re looking for are on the sides of the pins, where they get jammed against the barrel. The Lishi doesn’t help that much in preventing this damage
formerly_proven
> a Lishi key should leave little to no scratches on the pins

https://www.youtube.com/watch?v=2YFW0nh7h3I

gambiting
Huh that is very interesting. However I suspect that unless the door was actually damaged the insurer would just go "yeah you didn't lock your door, no claim for you" - I guess you'd have to pay to get your own lock forensics done.
smolder
Yeah, the insurance company isn't going to go out of its way to prove they should pay a claim. But it could be useful for a claimant trying to get compensated.
sandworm101
Unless they stole your gold brick collection, no insurance company is going to dismantle your locks (all of them) and send them for forensic tests. Nor would they accept your hired expert opinion. Such procedures are only rational in extreme cases.
dwighttk
> Nor would they accept your hired expert opinion.

I guess they’d be hearing from my lawyer…

My lock picking lawyer…

LanceH
I bought lockpicks for the kids when covid hit for something to do. Within an hour, everyone could open the practice lock which is in a clear casing. Within a week, we could all open your typical masterlock and my daughter could open any of the locks you might purchase from home depot.
kingcharles
I spent many, many years in jail. It was fascinating to look at all the types and styles of locks used and try to figure out how to defeat them. The locks on the cells are practically impossible to pick with anything available, IMO, but the bolt itself was easy to defeat. Every cell I've been in has been insanely simple to open once the secret was known, and the knowledge was passed between all the inmates over the years.

It is so common for people to let themselves out of their cells whenever they want that I almost never saw anyone disciplined for the infraction unless you did something dumb like walked up to a sleeping guard and spooked them.

Handcuffs are hilarious. The tiny little bendable pens they sold in the jail were the best way to open the handcuffs - you can just push the nib in and turn it. Tons of people would pop the locks on their cuffs as soon as a guard wasn't looking, but you'd generally need to keep them loose on your wrists so that they would visibly look secure. Again, the guards would just grumble if you took your cuffs off, not write you up for it.

xwolfi
Many crimes are committed out of opportunity rather than careful obstinate planning, especially lock picking / breaking and entering: https://popcenter.asu.edu/sites/default/files/opportunity_ma...

In other words, if there was no lock, I'd enter houses that I can reasonably think are empty / populated by feeble elders myself eventually, however "honest" I appear to be now when I'm surrounded with locks and barriers to crime in general.

thurn
It's really interesting stuff, although realistically, the situations in which it matters how hard to pick a lock is are pretty rare -- the majority of situations where an evil actor is trying to bypass a lock are ones where they'd be willing to employ destructive techniques instead.
Fnoord
Some locks are surprisingly easy to open, despite being highly in use.

Locks are to slow an attacker. A determined attacker can bypass almost any lock, but not stealthy enough. If you drill the lock in my front door, you wake up the entire street. If you can pick it in 30 sec in the middle of the night, you wouldn't wake up anyone, but some kind of camera probably picked you up.

I used to pass this bicycle parking at a train station twice a day. I'd always look at the locks (or lack thereof) while walking, quickly thinking which ones I could certainly open (and the question is always: how quick). But I never gave in to the desire, despite a lack of locks and peers (for practice/fun).

stjohnswarts
If you pick my lock and open my door (or any window in my house) you and I will hear a 90 dB siren and I'll be waiting with a 12 gauge in about 5 seconds after the alarm goes off. I don't understand why anyone doesn't have a basic security and motion sensor setup in their house in this day and age.
lrvick
There are piles of great locks out there no one, including LPL, can open non destructively in hours of work, if at all.

The trouble is very few of these can be found in the US as consumers here favor low prices and a 10/10 promise over any actual security.

hun-nemethpeter
Can you name or even link a few?
asimpletune
Really? Asking because people send him locks all the time from all over the world, and he opens them all.
lrvick
He doesn't open them all. He videos the ones he -can- open to shame them.

The Kwikset smart key v3 can't be picked because you get no feedback until all pins are set. You can decode them one pin at a time with expensive specialized tools such as a micro camera put into the cylinder but they will keep someone out for a while so they do their job. You still need to cut a custom key to get in even when you decode it so it is time consuming.

A Medeco will keep out even an experienced lockpicker for a while since pins must be in the right rotation and the right heights.

Beyond that there are really good Disk Detainer locks like the Protec 2 that have no feedback until all discs are correct. There are 0 public confirmed defeats of them.

Beyond that you get into hybrid digital keys like the Cliq. Then you can combine an cylinder known to not have any defeats with a second set of pins that can only be engaged after an AES challenge/response between a microcontroller in the key and one in the lock.

These also have never been defeated.

There are also solutions like the Bowley lock that don't expose the tumblers to the outside world and can only be defeated with many hours of work making custom tools for that specific lock.

I could go on and on.

The reason you can't buy good locks at US hardware stores is fully because the uneducated masses rejected high security locks once companies like master lock pumped out $5 locks with 10/10 security ratings in spite of any informed child being able to open them.

I would love to see people like LPL put their lawyer hats on and sue these companies for dangerously deceptive advertising.

BenjiWiebe
Kwikset Smart Key V3 can be picked, for example: https://www.youtube.com/watch?v=--tva7GA9f4

Protec2: Very very difficult to pick, however there are videos of a few picking it: https://www.youtube.com/watch?v=6zVSJ_wauwg (https://www.reddit.com/r/lockpicking/comments/edrrjo/hardest...) https://www.youtube.com/watch?v=AsG90UGRTpw (https://www.reddit.com/r/lockpicking/comments/mie59t/abloy_p...) https://www.youtube.com/watch?v=6UZ6tcvgd9U

The Protec2 I would trust far more than the Kwikset SmartKey V3, since it appears only several of the best of the locksport community have been able to pick it.

I couldn't find record of anyone opening a Cliq. I'd be hesitant to say that's because they are unpickable, though. I believe quite a number of the locksport community would not be very interested in attempting to open a Cliq as it isn't purely mechanical.

lrvick
Fair points and thanks for the corrections. I underestimated how many new developments the pandemic would yield since I last did a deep dive here.

Still they are all well designed locks.

I recommend the smartkey v3 for people that need a lot of locks they can source quickly on a budget. The sidebar design is a real pain to defeat and if the lock is in a body with tight tolerances you may not be able to shim the sidebar at all. Without some kind of attack to tension the sidebar they can't be directly picked.

For those with more money to burn the Medecos are good security for dollar.

I put a couple Protecs on my luggage as tamper evidence devices so the TSA has to call me when they need to search it.

I would not bother with Protecs on a home as they are very expensive and there are generally better areas you can invest in home security for that kind of money but if you have a small number of ingress doors they are nice.

I don't think anything is unpickable/unbackable but when the time to defeat a particular lock someone has not seen before takes 10 minutes to hours and few if any in the world can do it I classify it as a "good" lock when the status quo can be defeated in seconds.

HWR_14
> I put a couple Protecs on my luggage as tamper evidence devices so the TSA has to call me when they need to search it.

Does the TSA no longer open those locks with a grinder/bolt cutter?

lrvick
If the shackles are short like on a trailer hitch lock so that a hardshell case like a Pelican fully covers them, then they will have to cut through the body of the lock itself or destroy the luggage.

I have never once had a lock cut. Only one flight ever did they call me for access but normally they don't bother.

YMMV.

asimpletune
Ah ok, interesting. Thanks for the information. I wonder if LPL is on HN and is reading any of this.
paulhart
He also talks about things he can't pick - here's a video on the Bowley where he almost immediately admits he can't pick it:

https://www.youtube.com/watch?v=qV8QKZNFxLw

There are a couple of (old) videos on Medeco locks:

https://www.youtube.com/watch?v=JmyC7KM5Qxk

https://www.youtube.com/watch?v=4fh6IHCr7uo

https://www.youtube.com/watch?v=avwt39uHDOQ

Related to the Disc Detainer (come for the tooling discussion, stay for the picking):

https://www.youtube.com/watch?v=QRO5wzAaT00

lrvick
Others have picked the Bowley even though LPL can't but it is more time and work than anyone could reasonably be able to do in a real world application so if anything those efforts are a strong endorsement of the lock.
mkl
This guy makes it look pretty easy, and doesn't use advanced tools or anything, just a piece of metal bent to go around the obstacle like the key does (i.e. totally reasonable time and work): https://www.youtube.com/watch?v=KS0FSzamUzc

Linked by ryzvonusef: https://news.ycombinator.com/item?id=29367579

lrvick
Fascinating!

Of course if anyone did it, it would be huxley.

It feels like Bowley underestimated strong vibration attacks like that and didn't invest enough in spool/serrated pins.

I suspect this is correctable, but I wonder if it would work as well mounted in a sturdy door since the vibration is not directly connecting with the pins.

gonzo41
The best thing I learnt from lock picking lawyer was that hand pumped hydraulic bolt cutters existed.
michaelt
Well, there's a selection bias in LPL's videos: If he can't pick a lock today, he doesn't make a video until he can.

But you're right at a higher level: 99% of buildings have glass windows. Paying $$$$ for locks that go beyond "keeping honest people honest" is pointless if they can be bypassed with a rock.

martincmartin
I've heard the common way a burglar opens a door is using a crowbar.
wayoutthere
Last time I called a locksmith to let me into my house (me losing my keys and locking myself out is a somewhat frequent occurrence) he didn’t even bother trying to pick it. Just took a few plastic wedges and used a rubber mallet to hammer them in between the door and the frame and the whole thing popped open. Took maybe 5 seconds.

Of course, you can reinforce your door frame and this doesn’t work. But the next locksmith (like I said, regular occurrence) used a bump key to pick it and was in just as fast.

Needless to say, I don’t trust door locks anymore.

toss1
I had a friend who had a car with different keys for the door and the ignition, and he lost the door key. I fashioned a coat-hanger wire into a tool to slide down the window and unlock the door.

By the time he got a replacement key, I was literally faster at opening the door with my tool than he was with his key — once you get the knack of it...

(of course the tool was much more clumsy to carry around than a key, and 2 seconds vs 3 isn't enough to care)

audunw
My new door has a mechanism where you first have to pull the handle up to engage this hook-like bolt and then lock the door with key or knob. I thought it was a bit tedious but now I finally understand the purpose. The bolt would prevent the door from being pulled apart from the frame easily.
JKCalhoun
The simplest were the old car-jacks that you could put sideways across a door: a few clicks to expand the jack and you could push the door frame out of linear enough that you can swing the door right open — lock catch no longer reaches.
JshWright
This is my go-to technique for lockouts (I'm a firefighter, we'll get called for more "urgent" lockouts... a young child still inside, something on the stove, etc).

There are plenty of custom made tools on the market that do a great job (with built-in pads to protect the door frame, etc).

The only issue they commonly run into is a deadbolt with a throw long enough that you have to destroy the jamb and surrounding frame before it comes free.

tgsovlerkhgsel
Is this technique non-destructive and the frame returns to its original shape? From the description it sounded like it'd be way worse than something that destroys the entire door.
bbradley406
You're just bowing the framing out enough for the bolt to clear, so maybe 1/4" inch in each direction. The studs will pop right back, but you might need to re-align the hinges or the bolt plate after.
JshWright
Ideally, yes. Wood is surprisingly flexible. Generally the worst that happens is that the paint cracks at the seams between the frame and the trim, or the jamb.

In cases where the deadbolt extends significantly into the frame, then yes, it tends to be destructive. But doors with locks that substantial tend to be sturdy enough that brute forcing the door in any fashion (even if you're just attacking the door itself) is likely to damage the frame.

There are options for "through the lock" forcible entry, where you attack the lock directly, using something like a Rex tool[1]. That will definitely destroy the lock, but usually preserves the door (but isn't suitable for every type of lock).

[1] https://www.allhandsfire.com/Rex-Tool-Forcible-Entry-Tool

BrandoElFollito
I saw a video where someone was opening doors with a hydraulic thing that moves heavyb things up (I do not know the English word for that, an inversed press).

You find a strong pint to lean on (a wall, or the ground) and the door is forced open in a matter of seconds (something gives away, hinges or lock).

This is why my lock is a smart one, to make it easier for people to get in (the ones I want to) and I know that a burglar is not going to analyze the emission spectrum but just force my door open.

I would definitely prefer him to use technonoly and not break my door.

slothtrop
I'd sooner get door jam reinforcements for this reason. For everything else, there's alarms. Some are meant to detect windows breaking, but motion sensors are also a good catch all. Security-film on windows also makes breaking them more tedious.
wayoutthere
Glass break sensors are almost never installed in residential homes; motion detectors are a lot cheaper, easier to install and more effective since a lot of attacks against windows don’t involve breaking the glass.
slothtrop
Can't get much cheaper than a DOBERMAN SECURITY Ultra-Slim.
gameswithgo
a swift kick or body slam often works too
zffr
I’m not sure that’s so easy https://www.reddit.com/r/cringe/comments/jwpr1e/guy_tries_ki...
IgorPartola
From what I gather:

Bump keys are the simplest way to bypass common locks. You can make one in a few hours and it’s pretty much universal.

Most doors aren’t that strong. You can’t pick a lock but you can just knock the door in.

If you can’t knock a door in, try a window.

House has a security system? Get a ladder and go to the second floor. Most security systems are only installed on the first floor.

Or cut the phone line outside the house as that’ll disable the security system entirely (unless it’s wireless).

If the security system has a combined control panel and main board, just run in and smash it. Good systems separate the control panel from the main board to delay the burglar finding it and allowing the system to call for authorities.

Basically locks, security systems, cameras, reinforced door frames, and protective film on windows are just delays, not preventatives. The idea is to delay the burglar enough such that they either get caught or so they decide to hit the next house without as many obstacles.

BenjiWiebe
Bump keys aren't quite universal. There are different keyways. Plus, not all locks are pin-tumbler locks. Also, this I'm not sure of, but I think some quality pin-tumbler locks are bump-resistant.
ploxiln
That's all true, but what's interesting is how ubiquitous the worst pin-tumbler lock design is. (I'll be honest, I never shopped for a good lock either! I've only bought one extra lock for an apartment once, and didn't care to get anything but the typical kind!)

The LPL is really similar to a lot of us, complaining that "right-click isn't really hacking, view-source isn't really hacking, come on your system is trivially broken" but about the locks practically everyone uses.

We also complain about companies marketing Super Military-Strength Proprietary Encryption but basic key management not making sense ... similar to how LPL likes to get the Pro Max Security big beefy trailer/fence locks and show how they have some of the same trivial design bugs as the cheap locks.

albrewer
I like this guy's talk about doors:

https://www.youtube.com/watch?v=4YYvBLAF4T8

randombits0
Raking is the simplest way to bypass common locks. I don’t recall ever seeing LPL bump a lock. It’s certainly not his first attack.
mschuster91
> You can’t pick a lock but you can just knock the door in.

A knocked-out door has the disadvantage of being noisy and visible - random passersby may spot either the act or the result and alert the police, whereas most won't even spot the difference between someone using a legit key and a comb key.

The more time passes between the burglary and the discovery, the better for the burglar - if you're already two counties away when the police establishes local roadblocks these won't catch you, CCTV camera or ALPR records get deleted, phone tower (=which phone was logged in at a certain time in a certain area) records grow bigger and harder to sift through, potential witnesses forget details.

IgorPartola
Show up in a pickup truck in an orange vest. Use power tools to remove the door or better yet a window. Act like you belong.
alex_h
LPL has discussed locks without being able to pick them, eg the Bowley lock

https://youtu.be/qV8QKZNFxLw

intrasight
Does he or anyone else have a list of locks that are really hard to pick?
yread
There is also this video https://www.youtube.com/watch?v=4FUge4YAXzk
qwertox
Breaking glass is noisy. If that would happen in my city, the entire neighborhood would know.
corobo
The neighbourhood might hear it but if nobody reacts who cares (from a burglary point of view)

If a car alarm goes off my reaction is not "oh no, someone is stealing a car" it's "man I hope they know how to shut that off quickly"

aspaviento
Isn't that the reason why you put tape on the glass first?
hellbannedguy
1. Break glass.

2. retreat to safe area.

3. look for security, or commotion.

4. Come back and loot the place.

5. #2 senerio. Just open the unlocked door, and loot the place while the family members are in the home.

(We had a mountian bike thief that did this senerio for years, and was never caught in my wealthy enclave. It's estimated he stole over a million plus dollars. I always thought it was a unhinged angry doctor, or a lawyer. Doctor's wives shoplift in huge numbers. It's a behavioral psychological thing. Ask any security guard who steals the most. They are never arrested because they spend a lot in stores. Nordstrom's turns in the minority shoplifters, but let go the white wealthy ones. How do I know? Used to be a Security guard, and hoping Nordstrom's would be outed by now.)

Lhiw
A rock wrapped in a t-shirt doesn't make much sound.
morsch
Presumably thieves professional enough to pick locks are also able to break glass windows without making a lot of noise?
lrvick
Most professional locksmiths can't even pick locks, let alone any successful former thieves I have known. You will rarely see either not go directly for a destructive entry method even when trivial bypasses are available if one had bothered to research.

Lock picking is basically only found among the locksport community.

stjohnswarts
gone in 60 seconds "i gotta get my tool"

https://www.youtube.com/watch?v=ZJN6VHWaerA

lrvick
Any lock or building is easy to defeat if you are willing to be destructive. Good locks and windows are tamper evidence devices above all else.
aphroz
I've watched way too many lockpicking videos since I discovered LPL. A little click on one, two is binding..
JaakkoP
I too find his explanation on each click soothing.

Except when he got challenged to open a “difficult” bike lock in under 2 minutes by another locksmith he was dead silent the entire time and opened it in like 20 seconds.

masklinn
The first video using lishis was absolutely stellar as well as it showed much more clearly what was happening under the hood.
unixhero
"Got a click out of him/hem"
shapefrog
"And back to one"
carreau
Read some of these and tell me if you hear his voice.

https://www.reddit.com/r/WritingPrompts/comments/irszx0/wp_h...

"Anyways, that’s all for me today, if you liked this video please subscribe to see more videos like this, and as always, have a nice day."

oxplot
I want LPL to tell me once what to buy, not keep telling me what not to buy 1400 times. It's educational, I understand, but man, can you put up one video where you tell us what you use on your own front door?
half-kh-hacker
There is a video for modified Kwikset that he showed that's what is on his door, AFAICT.
ImJasonH
https://youtu.be/7JlgKCUqzA0
kamranjon
This goes into some padlocks he considers to be quality: https://youtu.be/L6iMmCSayBQ
dotancohen
This is what an LPL recommendation video looks like:

https://www.youtube.com/watch?v=jXoS_HB1I3o

geertj
Besides the modified Kwikset, he was also unable to pick the Bowley lock.
dotancohen

  > I want LPL to tell me once what to buy,
That would entail far more responsibility - and possibly liability - than telling you what not to buy. Remember, this guy is a lawyer.
dotancohen
This is what a LPL recommendation video looks like:

https://www.youtube.com/watch?v=jXoS_HB1I3o

bjoli
I have done a little bit of lock picking as a hobby, and LPL is somewhat of a lock-picking Mozart. Locks I struggle with, he picks in less than 30 seconds.

He has inspired me to become better at lock picking, which helped me at least once when I locked myself out of my locker at work. My Assa-Abloy lock which would have taken me 20 minutes before was open in under 2 minutes.

codezero
I am convinced he’s a savant. A combination of maybe naturally higher senses in the fingers and a methodical approach to solving puzzles.

I got pretty good pretty fast at picking, and that convinced me he is otherworldly in his talent and abilities.

On another note, I’m really going to miss Bosnian Bill, he excelled as a teacher and worked hard to remove anything mystical or subjective from approaching lock picking. LPL is great, but still doesn’t quite go into deep detail about how to improve at tensioning, dealing with various types of pins, in a way that resonates with “regular” people, where Bill was just a huge help in those areas.

delusional
The wonderful thing about video is that even as Bosnian Bill retires his lessons will remain available, all 1909 of them.
codezero
Unless he shuts down his channel, though I suppose folks will have made copies.
unixhero
We do datahoard, yes.
tgsovlerkhgsel
The intro explaining the weirdness he was exposed to as a result of the channel was eye-opening and shocking to me. Some weirdness is to be expected, but the level of stalking resulting from even such a non-controversial channel is not something I would have thought of.

Edit: Didn't think of the "locksmiths hate it" aspect that probably explains at least some of the crazy (e.g. trackers).

therealdrag0
I hear about these crazy stalker-ish things from different public people like once a year, and I'm always amazed.
cranium
LPL videos are an example in educational videos. Clear explanations, no fluff, no finger pointing (except for Master Lock and unbacked marketing claims) and real expertise.
Stevvo
They stand out in all of the fluff on YouTube because it's just about the locks. No vane selfie cams.
mnw21cam
Similar to Big Clive.
unixhero
Now we're talking: https://www.youtube.com/watch?v=zfJjicQkYsU
sneak
There are a lot of famous no-face YouTubers. AvE, Maru's human, etc.
xaduha
I keep bringing up smartcards in every thread, but I just can't help it. Car keys seems to be moving towards contactless, at least Tesla got a right idea, there's even open-source implementation as an applet for it https://github.com/darconeous/gauss-key-card.

Cryptography is math and you can't beat math, cost and scale will always limit complicated physical keys. And most existing electronic keys/tags/fobs/cards use cheaper not-quite-smartcards that are vulnerable to replay attacks and cloning, LPL even had some videos about them.

pavel_lishin
> Cryptography is math and you can't beat math

But you can beat badly written software.

chrisseaton
> Car keys seems to be moving towards contactless

Moving towards? I don’t think you can buy a car that has a physical key anymore can you (except for the emergency key you can pry out.)

folmar
There is no shortage of those Dacia Spring Dacia Sandero Stepway Renault Clio Renault Captur Renault Megane VW T-Cross ...

I'm tired to list more.

approxim8ion
In US and some EU countries perhaps, but I can assure you that is not the case for most of us out here.
BenjiWiebe
And there's the weakness. An emergency key that you can use means there's an emergency keyway that can be picked.

And thank goodness, too. I spoke to a locksmith a while back and he told me about some fancy import sports car with no emergency keyway and there was a child locked in, and of course the key was in the vehicle.

He did get the door open, IIRC there was a button to press to unlock, but not where his long-reach tool could easily get to. He said a cop had to watch from the other side and guide him to the button. He said it took around an hour to open.

judge2020
Tesla got it wrong in the sense BT is vulnerable to repeater attacks and such could likely be used to steal your car, assuming you were targeted by someone trying.

Edit for reference: https://news.ycombinator.com/item?id=25187170

tux1968
I don't know how Tesla implemented their key, but there's nothing in BT that makes it inherently vulnerable to repeater attacks. Garage doors addressed that problem a long time ago by changing the code after every successful opening.
marcan_42
That's not a repeater attack; that's a replay attack.

A repeater attack means tunneling the communications over the internet/long distance radio/whatever, where someone's in your car and someone else is following you. That's the repeater bit, they have a pair of devices that act like a long distance radio repeater.

tux1968
That's diabolically clever. I'm curious how any technology can overcome that, and why BT is apparently more susceptible?
xaduha
> I'm curious how any technology can overcome that

Faraday cage/foil wallets for things that don't require any auth or PINs or even a button press.

tux1968
Okay, but that would work for a BT device too. I was mostly curious why BT was seen as a bad choice and more vulnerable than another option.
xaduha
This whole comment tree kinda got derailed into bikeshedding about BT with confusion between replay and repeater attacks to boot. It probably isn't any more susceptible than similar RF alternatives.

Personally I wouldn't want a BT key because I used smart rings, namely a contactless payment ring and an OMNI ring. They aren't without issues, but they are miles ahead of a device like Chameleon Tiny Pro (which I also used) when it comes to usability. There might be smaller BLE devices out there, but it is pretty small. About the same as Google Titan BLE based on the images.

istjohn
You just need a technology that only works across spaces no larger than a couple feet.
PeterisP
There really aren't common technologies that *only* work across spaces no larger than a couple feet; the technologies that normally are limited to very close range can actually be used at larger distances with proper (large, directional) antennas and more powerful radio hardware.
hoseja
NFC stands for Near-field communication.
PeterisP
Yes, it's designed for close-range communication, IIRC with proper hardware you can listen into NFC communications from as much 10m / 30feet; and with a relay attack, you can "extend the range" arbitrarily.
randomswede
Yes, but you have to distinguish what it is supposed to do, and what it can actually do.

With directional antennas, practical NFC relays have been done, <a href="https://hal.inria.fr/hal-01632735/document">this paper</a> cites distances of up to 100 metres.

ema
If you can make the response fast enough that the speed of light delay dominates you can measure the latency and have an upper bound on how far away the key can be.
xaduha
Cut Bluetooth then, I'm not talking about Bluetooth. Google Titan also had a Bluetooth version which was also vulnerable I think. And even BLE needs a battery, smartcards (or smart rings) don't.
oxplot
Repeater attacks can be mitigated by putting a time limit for a response from the device used as the key (e.g. phone). That's how a lot of contactless payment terminals ensure the physical credit card is in proximity of the reader and someone isn't relaying the responses across the country.
lgsilver
Funny that right after he explained how he keeps his family safe by keeping his face and name off the internet, he spent the rest of the video focusing on the ineffectiveness and "downright stupidity" of security by obscurity.
srfilipek
Privacy != security by obscurity.
GuB-42
I think there is a misunderstanding about security by obscurity. What is bad is hiding defects instead of addressing the problem. It does not mean you should reveal everything! I find it well explained in the video.

For example, if you don't tell people what kind of lock you are using to secure your stuff, this is a form of security by obscurity, but it is not a bad thing. Even if your lock is one of the best, if an attacker knows what it is, he will be better prepared. I think no one who cares about security will tell you things that you don't need to know, it is called OPSEC, I believe.

What is bad is when you realize that your lock is weak, instead of trying to fix it, you try to hide the weakness. And that's the idea that LPL criticizes in his talk.

Hiding his identity is most likely not his only defense against the craziness of the internet. From his videos, we know that he has guns, and who knows what he secures his house with. He is most likely prepared to deal with the consequences of an identity leak, but that doesn't mean he wants it to happen. That's defense in depth, an other important part of security.

lgsilver
Yep. That's totally fair and you're right. Would be interesting for him to compare / analogize that with the lock companies' approach.
elcomet
> From his videos, we know that he has guns

This is interesting because we know that's not a good security. In fact, it has been shown that having a gun in the house is associated with more firearm-related deaths and not less. So I suggest anyone that is thinking of buying guns to read this.

https://pubmed.ncbi.nlm.nih.gov/15522849/

GuB-42
The study doesn't mean that owning a gun is not good security. It shows correlation, not causation.

It is like saying that people who wear a helmet are more likely to die from a traffic accident. It may be true because riding a motorcycle is more dangerous than driving a car, and motorcycle riders usually wear a helmet and car drivers don't.

HWR_14
That study doesn't mean that guns are bad security. They obviously lead to more gun related suicides, and can turn domestic fights more violent. However, if you are at high risk of being attacked (if you are a criminal defense attorney or a minor YouTube celebrity), the risk of being assaulted is different from the general population's.
elcomet
Yes you're right about the different risk profile. I just hope most people that do not have such a risk profile are aware of this.
russellbeattie
I have an idea for a LPL-proof lock: Take a decent padlock, one that gets high marks from LPL, and then weld a curved steel tube to it ending at the keyhole. Then take the key and cut it in half at the head, welding a long stiff spring to attach the two halves, like a plumber's snake. To unlock, you simply stick the key bit down the tube around the bend and (with some fiddling I'm sure) into the keyway, then you can turn the key to open.

Without direct access to the tumbler, I'm not sure how you'd be able to pick it.

dmitriid
> I have an idea for a LPL-proof lock

There's a lock on his channel that he can't open. Bowley lock: https://youtu.be/qV8QKZNFxLw and there's a different prototype, too: https://youtu.be/D6vioIPVzM4

ryzvonusef
there was some kerkuffle aboyut whether he actually tried to pick it, since it could be picked:

https://www.youtube.com/watch?v=KS0FSzamUzc

Or maybe the picker aligned his stars when picking... not sure

raverbashing
Yes, if you push hard enough everything is "pickable" I guess

But an easy code, power tools and having the lock in an ideal work position doesn't make it easily pickable.

Sounds like the same useless discussions on computer security where people will discuss key sizes but not rubberhose cryptography.

dmitriid
This is amazing. Thank you!

There's discussion in the comments with Bowley Lock Company Inc saying that the stars did align, but we might never know

svennek
Some safes I have seen have insanely long keys, like 20 cm of "trunk"... I wonder if that is the reason ...
formerly_proven
The lock is on the inside and the key reaches through the entire door.
userbinator
To pick that, he would probably just make a pick and tensioner that has a similarly long flexible shaft.
ryzvonusef
are you perhaps talking about the forever lock?

https://www.youtube.com/results?search_query=Forever+Lock

while difficult, it can be undone

-----

making a one-off "unpickable" lock is possible, here is some to-and fro between two youtube channels about such locks:

Stuff Made Here:

https://www.youtube.com/watch?v=_7vPNcnYWQ4

https://www.youtube.com/watch?v=2A2NY29iQdI

Lock Picking Lawyer:

https://www.youtube.com/watch?v=Ecy1FBdCRbQ

But things from installation issues, to making sure tolerances are maintained while making the locks on a production line, mean that there are always some gaps left in a mass produced and installed lock.

filoeleven
Their friendly competition was fun to watch. LPL made some great suggestions for improvements, and was impressed by the idea that Stuff Made Here came up with as a physical security “outsider.”
istjohn
Here's a video of the Forever Lock being defeated with a custom-made bump key: https://m.youtube.com/watch?v=H4f1H6mYHOI
timonoko
Happiness is when you finally discover and experience "counter rotation" all by yourself.
codezero
And madness is when there are only serrated pins. At least for me :)
TwinProduction
I love LPL. I knew he liked his craft, but even his intentions are pure -- I had no idea he purposely shortened his videos to icnrease his reach.
junon
Watched this the other day. Great talk by a legend lockpicker.
mongol
Has there ever been a lock which he could not pick?
the_mitsuhiko
A lot of security locks he does not pick. I know that quite a few EVVA locks people were interested in but they were never picked.
alserio
If you watch the conf video, he couldn't get into his wife's Beaver and just gave up. But he's done it with ease in other videos.
arka2147483647
What would be the odds that was an intentional joke!
Twisol
Very intentional. He's also quite self-aware -- later in the same keynote, he says something about using a hole for something it wasn't designed for, then notes how wrong that sounded.
dugmartin
Watch his April Fools Day videos - they are full of not very subtle innuendo (and pretty funny).
aix1
For those not familiar with his channel, he's got a whole April Fools theme going. Here's another classic: https://www.youtube.com/watch?v=k9VewWKfH_0
cillian64
Last time I looked I couldn’t find any convincing videos of anyone picking an Abloy Protec2 cylinder. Abloy cylinders aren’t that uncommon so I took that as a sign of these locks being basically unpickable rather than nobody trying.
unclekev
> Abloy Protec2 cylinder

Something I hear quite often in lock picking circles is "The only quick/reliable bypass for a Protec2 is a titanium drill bit"

They are exceptionally difficult to try and bypass with traditional methods.

I've been picking as a hobby for 15+ years and picking the Protec2 is a pipe dream I spent far too long chasing. Never got it.

novok
For people who don't know much about drill bits, but know that steel is harder than titanium, it's a drill coating of titanium nitride or similar according to wikipedia that makes it harder than stainless steel: https://en.wikipedia.org/wiki/Drill_bit#Coatings
szundi
That would be interesting to know
mongol
Yes. After having watched the keynote, I have mixed feelings. He keeps repeating how awful common locks are, and that it is in the interest of lock users that that is revealed. But never does he mention how a lock buyer can evaluate if a lock is good. What should we look out for?
timonoko
From a row of cheap locks, you can easily find the best. The key has deep cut (ie long pin) first. It is really difficult to pick behind that first pin.
timonoko
Also the long pin might be long enuff to prevent comping, as demonstrated by the Lock Picking Lawyer.
mongol
I am surprised that my comment is downvoted. I think my criticism is valid
smolder
I think because you somewhat misunderstood the point of the keynote at this security conference. Giving advice about how to buy better locks is either going to be too basic or too lengthy & detail oriented for a presentation of this kind, meant to promote the practice of picking and give historical context. (And entertain.)
codezero
Look out for (keep away from) US residential lock brands, like Schlage or anything you can buy at Home Depot. Newer Kwikset locks are OK but still susceptible to some more moderate attacks with a shim.

In general, try to get any “rated” European lock. They have standards for pick resistance and brute force resistance unlike retail US locks. Look for something with dimple pins, an active element, or multiple pin stacks with security pins, trap pins (anti tamper).

With all that said I don’t think the low security locks we have are such a problem. You can break a window open or just find an unlocked door if you are looking to do some bad shit. I like how Schuyler Towne put it: locks are just a social contract. I’m saying, hey, don't go opening that door, and as a civil society we agree not to.

A higher security lock on your home isn’t going to make your flimsy door harder to kick down, or your window harder to break, so yeah it’s nice to be educated on the security trade offs you make physically, but I’m not sure it’s important to beef up residential security in the US.

mongol
I don't agree that locks are "just" a social contract. If they were, the most simple and cheap lock would be sufficient for everything. They are a social contract, but they are also for theft prevention. Those people that are determined to take something from you don't care about that contract and you need as good lock as possible to make it hard for them.
xyzzy123
TBH I think lots of people's mental security models have not been fully updated to deal with li-ion power tools.

I mean, an axe, sledge or crowbar will solve 90% of your problems, but if you add a sawzall, drill with cobalt bits and a portaband, you can gain access to basically anything in about 60 seconds unless it's actively guarded.

The general nature of the problem is that building materials need to be workable, and modern tools are intended to help you work those materials very quickly.

Even locksmiths don't futz around with lockpicks anymore unless they're in the mood.

codezero
But attacking the lock is the last thing a smart or determined person will do. Sure a better lock helps, this is why most modern cars have much better locks than homes, but even they can be easily opened with the right tools, and often even easier with improvised tools.

Most locks really are cheap and sufficient for everything, in the US, at least, because we are using them right now. Schlage and Master Lock are everywhere and I taught my sister to pick them in a single sitting over drinks.

Even the most common combination locks are easily openable without any tools whatsoever. All those key holding real estate locks are even easier to open than the doors the containing key opens.

But remember, social contracts of all kinds get broken, and that’s why we have a justice system.

formerly_proven
> this is why most modern cars have much better locks than homes

You mean the combination of physical lock and security system? Because the physical locks on cars are no good.

Eelongate
> But attacking the lock is the last thing a smart or determined person will do.

I think that is contextual. In a whole lot of apartment buildings, the windows into the apartment are inaccessible from the outside. The door frame is metal, so kicking down the door would wake half the apartment building. Without a lock on the door, anybody who got into the building (generally easy) could silently enter any unoccupied apartment and nobody would know it. But with a good lock, nearly every would-be thief who can't pick locks will go someplace else.

novok
Most thieves DGAF that their target knows that they've been broken into. They want to get stuff to sell later, they want to be in and out very quickly, and they tend not to be the smartest people out there, and having lock picks increases your jail time if caught.

When a thief steals, you are going to notice the missing items either way, a broken window doesn't change that much. Apartment dwellers also tend to be poorer, which makes homes the better target in more ways than one. If the lock is too hard, your just getting more bashed in doors or walls instead, or thieves / creeps climbing porches and going in that way, which happened recently in my area. Many porches are windows and often unlocked.

Also many apartments are not steel framed with steel doors. I have a skinny window in the interior wall of mine, and it's a solid wood door on a wood frame. Also you could get a sledge hammer and bash through the drywall. Or bring drills and take out the door that way.

Also having a fancy lock might actually make you more attractive, because the thief casing out your place might recognize it, think you might have more than the typical person and bring the appropriate battery powered tool and cut out the lock.

formerly_proven
To be perfectly honest, I'm amazed how bad physical security is in the residential and even commercial US space. E.g. just the fact that deadlatches, which rely on precise alignment of door and frame to actually be locked, are a thing is amazing. The Euro-stuff has some other issues (cylinder snapping), but at least the bolt-for-locking is literally just a 8x40 mm bolt that goes into the doorframe. I've also never even seen a flat doorframe profile - not even bathroom stalls have them. Manipulating stuff on the other side becomes pretty easy if there's a 9.3/64" gap between door and frame.
codezero
And yet, I would bet money that thefts in the US rarely are from lock manipulation (picking, drilling, but maybe brute force eg door frame). We have too many accessible windows in the US, and a lot lower density, maybe this is why Euro locks are more advanced, but regulation is also a factor, we don’t have it here, at least in residential, which makes me wonder if we need it (I assume our insurance system effectively covers the risk)
formerly_proven
Most of what I wrote is not about lock manipulation.
Twisol
> You can break a window open or just find an unlocked door if you are looking to do some bad shit.

> A higher security lock on your home isn’t going to make your flimsy door harder to kick down, or your window harder to break

From the keynote, that's why LPL puts a heavy focus on bike locks, gun safe locks, etc. The audiences for those locks have a more vested interest in physical security than mere "social conventions". A well-locked bike makes it more difficult for a thief to get all the / enough value from the target. A well-locked gun safe prevents accidents and saves lives.

Also, I live in an apartment on an upper floor. No accessible windows. The only viable way into my residence is through the front door. (There are like two RFID-gated doors before mine, but tailgating renders them pretty ineffectual, and let's not talk about elevator security. [0]) It's not worth it for me to put a better lock on my door, but I'm also not kidding myself about its effectiveness.

[0] https://www.youtube.com/watch?v=oHf1vD5_b5I

dskloet
https://news.ycombinator.com/item?id=29367405
speedgoose
If youtube suggests way too many lock picking videos after you watched this one, you can go to your YouTube history and remove the video from the list.
asimpletune
Much has been made about LPL s and his astonishing skill, but I’d like to briefly mention my appreciation for LPL the showman.

I really think the style and format of his show makes it so incredibly watchable. I love his voice, the delivery, and the way he so articulately breaks down how he thinks and approaches problem solving. He really makes you feel like you could do it too.

It’s very subtle but as a showman he’s one of the alltime best on YouTube.

GuB-42
He is a real lawyer after all, I believe that these are important skills in the profession.
barney54
These are important skills for the profession, but many lawyers don’t have them. The good ones do, however.
cianmm
From years of experience of being around Lawyers, many of them seek the need to say things in the most unnecessary complex and impersonal ways. Lawyers are often terrible communicators.
_wldu
They are taught to speak that way in certain circumstances. It's called "circumlocution". https://en.wikipedia.org/wiki/Circumlocution
stjohnswarts
I've met more than a few engineers and CS people who can do similar, especially when they get angry. Lawyers are on another level though.
13415
What's the function, if I may ask? Is it to be more persuasive, or not to get pinned down easily?
ehnto
I think it can help make ambiguous statements more robust and complete. "I wasn't there" instead of "I was not at the location stated at the time recorded in the complaint".

I sometimes use it if I'm discussing something with someone who likes to nitpick small details that aren't relevant to the main point of the discussion. It can help you railroad a discussion down a particular path. That makes me sound super rude but it's more of a defensive communication device in that circumstance.

mschuster91
> or not to get pinned down easily?

This. When dealing with legal stuff, it's very easy to commit verbal mistakes that can sink your case - in Canada, they passed the Apology Act of 2009 for that reason.

speg
That’s an Ontario law, but it looks like several other provinces have something similar.
_wldu
In some cases, the purpose is to say something in such a way that seems to have an opposite meaning to what is being said.

Here's an example, "I do not speak it in vanity, but simply record the fact, that I was not unemployed in my profession by the late John Jacob Astor;"

He could have instead said, "I always worked for John Jacob Astor."

For many more examples of this, read "Bartleby, The Scrivener" by Herman Melville.

https://gutenberg.org/cache/epub/11231/pg11231.txt

sleavey
> and the way he so articulately breaks down how he thinks and approaches problem solving

Agreed. I think this video is a nice (simple) demonstration of his style in this regard: https://www.youtube.com/watch?v=SoGCIuO2XkM

bitexploder
Also, he doesn’t start off being able to pick X lock in two seconds or whatever. He fiddles with things a while until it’s optimized. That is what makes it entertaining as well. You don’t have to sit through the whole process. He usually notes anything interesting that came up. Mostly you get results.
dwighttk
And the fact that he doesn’t surround his videos with tons of cruft to make them longer.

Probably the only YouTuber that tries to sell me stuff and I totally think that is a good and natural idea.

mschuster91
> And the fact that he doesn’t surround his videos with tons of cruft to make them longer.

Unlike most full-time Youtubers, LPL does not need to pad out videos or pander to sponsors to make a living, and he doesn't need to engage in clickbaiting and SEO/algorithm manipulation to lure new viewers. This independency from anyone else is what allows him the complete artistic control to do videos the way he prefers.

dwighttk
It is interesting (read: irritating) to me that YouTube never puts his videos in my algorithmic feed. Every other channel to which I subscribe gets woven in but I had to actually click the bell icon to get notified of new videos for his channel.
asimpletune
It’s probably because his videos are short so the algo doesn’t like them
dwighttk
Maybe, but every once in a while his videos get on trending… why can’t they just put them in my feed? I’m subscribed!

I need to stop; I’m getting angry just thinking about it.

reginold
Indeed, it's all about incentives. He said during the keynote that his goal is to get the word out and change locks for the better. So far he's seen more incentive to get views than making money on the channel.

This will not always be the case. Given his goals, the channel will change as his priorities shift. When he reaches his goal "everyone is aware that locks suck", his next goal is "change locks for the better". This will involve designing and selling locks and pointing viewers towards better locks in a commercial way.

stjohnswarts
Eh locks are only as good as the doors they're attached to. Any healthy adult male (and probably determined females) can kick and shoulder through a typical door, especially on suburban houses.
ohgodplsno
Shouldering/kicking through a door is made to break the door at the hinges (unlikely), or the lock. An adult made that tries to kick through the body a door and break it open will take several minutes, at the very least.
stjohnswarts
You'd be surprised how quickly you can kick a door down when your psycho (ex) girlfriend deadbolts your door and says she's going to burn your house down because you are evicting her.
mikecoles
Unless the frame is metal or otherwise reinforced, it's not overly difficult to split the frame where the lock pockets are with a couple of good "donkey kicks".
ohgodplsno
...yes, that's why I mention that the only way it works is by kicking at the lock.
mschuster91
> This will involve designing and selling locks and pointing viewers towards better locks in a commercial way.

Designing and selling his own locks on his own store would not be too different from his current business model of selling lockpicking tools.

Pointing viewers towards better locks on a commercial way is something I cannot ever see him doing. For one, he already points out there are some locks he cannot pick (IIRC some Abloy models). But especially: LPLs authority is directly derived from the fact he's impartial and unmotivated by financial decisions. Taking money for lock recommendations would completely compromise that impartiality. It's similar to amateur nude models on Reddit and the "OnlyFans hate" - in the eyes of many viewers, once the line between "they are doing what they do for fun" and "they are in it only for the money" blurs, the attractivity fades.

What I do can see LPL do in the future - with far better chances of profit for him - is sell consultancy services and reviews to lockmakers. That would both fit his goal of improving the lockmacking business as a whole and net him a hefty chunk of money, without compromising his outward image.

reginold
Monetization models are interesting. In most amateur's case it seems to start out as "for fun" and then flip to "for money". Instead it's simply a gradient of incentives, whether acknowledged or not.

As cryptocurrencies and other models increasingly securitize everything, I wonder what will happen to the "amateur" market. As viewers we get so much free benefit from the hard work of amateurs.

thefunnyman
He’s also the only YouTuber I’ve ever bought something from. He does a great job of using the things he sells in videos to demonstrate their value and he’s not overly pushy about it like many other creators. He’ll simply mention that the tool he uses is one that is available for purchase from him, no different than mentioning the names of other tools he uses. It’s an ingenious and very effective sales pitch.
j16sdiz
In the linked video at 33:10, he said he deliberately make his videos short.
stjohnswarts
I love videos that jump right into the meat of the video, please put the fluff at the end :)
modriano
In one of his videos he explained his process with videos. He wants to rule out the possibility of deceptive editing, so he only includes takes done in a single shot (at least for the portion where he demonstrates the technique). As a result, he keeps things short, as that reduces the chance of misspeaking and having to reshoot.
Abishek_Muthian
That makes me wonder if LPL had launched the channel today would the YT algorithm even allow the channel to surface in the recommendations anywhere? non-edited, succinct, no-cringe thumbnails or no click-bait title seems like top of the blacklist filter for YT.
w-m
I started watching the channel after the videos were suggested to me by the algorithm fairly recently, maybe a year ago.
Abishek_Muthian
Good to know, But LPL would have still had over 2 million subscribers a year ago, I'm talking about someone who starts a YT channel today and makes such videos.
Lockpickinglawyer gave a very interesting presentation recently https://m.youtube.com/watch?v=IH0GXWQDk0Q

Main takeaway is that when it comes to security, its important to stay open minded. Security by obscurity is a bad idea

HN Theater is an independent project and is not operated by Y Combinator or any of the video hosting platforms linked to on this site.
~ yaj@
;laksdfhjdhksalkfj more things
yahnd.com ~ Privacy Policy ~
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.