Using TypeScript to obtain one of the rarest license plates
jack.bioOne thing that stopped me from seeking the vanity plate - I learned that at least in Texas all plates are made by minimally paid prisoners. So any desire to finance that system beyond what's absolute possible minimum (i.e. regular plates) evaporated.
In New York it's the same, they make the license plates and also school furniture, and maybe other things too. I was scared for a moment when I was told by USPS Informed Delivery that I have incoming mail from Auburn Correctional Facility - but it was a license plate.
> One thing that stopped me from seeking the vanity plate
I'm sure it differs between countries but in the UK vanity plates have become reasonably contentious.
As a gross generalisation they're fine if the car is worth hundreds of thousands or the plate itself is worth hundreds of thousands.
The UK plate "F1" last sold for just under £1m (about US$1.3m) over 10 years ago and it's rumoured that there are offers for ten times that from someone who wants to buy it now.
It comes down to a classic British issue of "class", which is inherently difficult to explain.
If you have the money to have, say, a Ferrari 250 GTO then you can do what the hell you like with it, including getting a vanity plate for it. You are rich enough that you don't care what anyone else thinks about you. Anyone seeing you and that car will know you are rich.
If you have the money to spend close to £1m on a plate like "X1" and decide to put it on beat up 15 year old 1.2 litre Ford Focus then, again, it shows you have stupid amounts of money and some delicious irony in putting it on an old beater of a car.
But if don't have a supercar and you get a relatively cheap vanity plate like "RMZ 1327" and stick it on a Range Rover Evoque that's only a couple of years old then it just shows that you're trying too hard and just aspire to be seen as rich. You don't have enough money for a really nice car, or a really exclusive vanity plate.
I guess the other way of looking at it is that people who don't have the money to get a vanity plate aspire to being able to do so as it would mean they have more money than they have now. Once they get to having that amount of money most realise that the money is best spent elsewhere (or not spent at all). Once they have so much money that having a vanity plate is inconsequential to their finances they may as well do it. So it's natural that some people want to pretend they've reached the "rich" state by buying a vanity plate preemptively - the problem is that this is so easy to spot it just looks gauche.
All of this obviously doesn't apply to countries where vanity plates aren't traded for stupid amounts like famous pieces of art.
Loved your description of the class system. There's a general theme of old money wealthy people not caring about vanity purchases because they don't know how much stuff costs nor if that is a too much money or not.
It's interesting to see how luxury brands have different segments of clothes that range from no logos at all to a huge alligator the size of your chest, depending on whether you need to announce to the world that you made it or if you just want to have access to good quality clothes.
Yes, the classic description for a member of the British Upper Class is someone who looks down on people who have to buy their own furniture.
(One classification of "upper class" is someone who has never had to buy their own furniture because they inherit it and pretty much everything else they need.)
In CA and AZ vanity plates are first come, first served. You cannot sell them either. You either keep them on a car, or you can keep on paying to keep it out of circulation forever. But once you give it up it goes back to the pool, and someone can get it.
Also, my vanity plate is $0 more than a normal plate. Why wouldn't I?
I guess you're in AZ? In CA, the absurd yearly cost is enough to keep me from bothering with anything more than the basic olates.
https://www.dmv.ca.gov/portal/driver-education-and-safety/ed...
No price difference for the yellow on black plate when you want personalized.
Yeah, but the plate itself was $100/year last time I looked, which is outrageous. (It looks like it's $50/year now. I swear that's lower than it used to be)
This. When I moved from Ontario, Canada (where they charge a yearly fee for them), to CA, I was all excited to get a vanity plate - until I saw they also charge a yearly fee..
In the most ironic twist of all - Ontario did away with license plate renewals a few years ago, and now, I would actually consider a vanity plate..
I've always wondered if a regular plate was better for avoiding speeding tickets - a vanity plate is much easier to validate, IMHO.
I had a friend who used to work as a QA for an ANPR parking system. He said that they had to investigate an issue where the car with 11111 kept appearing in the system as unpaid, but at different places across the network at the same time.
The issue turned out to be drain covers in the field of the view of the cameras, which the system was detecting belonged to car 11111.
> It comes down to a classic British issue of "class", which is inherently difficult to explain.
The Frost Report sketch explains it quite well:
> I learned that at least in Texas all plates are made by minimally paid prisoners
Lol, wasn't slavery outlawed in the US, or were some states still allowed to keep it? That's absolutely bananas if true.
To be clear, the prisoners aren’t literally forced to do this work. It’s a job they can choose to apply for and do while in prison. (EDIT: In my state, it might be different in other states)
The contention is about how much they’re paid per hour.
>To be clear, the prisoners aren’t literally forced to do this work. It’s a job they can choose to apply for and do while in prison.
Sorry, do you have a source for that? The requirement to work is a major point of contention, and a very quick check with this[1] directly contradicts your claim in the federal system: "Sentenced inmates are required to work if they are medically able. Institution work assignments include employment in areas like food service or the warehouse, or work as an inmate orderly, plumber, painter, or groundskeeper. Inmates earn 12¢ to 40¢ per hour for these work assignments."
[1] https://www.bop.gov/inmates/custody_and_care/work_programs.j...
Those programs you’re referring to in your quote are work within the prison itself:
> Institution work assignments include employment in areas like food service or the warehouse, or work as an inmate orderly, plumber, painter, or groundskeeper.
Meaning some prisoners work in the kitchen preparing food for other inmates, others are on clean up duty, and so on. You could argue that nobody in prison should have to participate in anything inside their community and that’s a valid debate to be had.
In my state, the jobs that provide things outside of prison are applied for.
Apologies for the misinterpretation. I thought you were speaking of all prison jobs, though I don't think it makes much of a difference. From an ACLU report[1] on prison labor in the US which covers both labor for prison upkeep and labor for producing goods to be sold or providing services for companies or governments:
> They work as cooks, dishwashers, janitors, groundskeepers, barbers, painters, or plumbers; in laundries, kitchens, factories, and hospitals. They provide vital public services such as repairing roads, fighting wildfires, or clearing debris after hurricanes. They washed hospital laundry and worked in mortuary services at the height of the pandemic. They manufacture products like office furniture, mattresses, license plates, dentures, glasses, traffic signs, athletic equipment, and uniforms. They cultivate and harvest crops, work as welders and carpenters, and work in meat and poultry processing plants.
> From the moment they enter the prison gates, they lose the right to refuse to work. [...] More than 76 percent of incarcerated workers report that they are required to work or face additional punishment such as solitary confinement, denial of opportunities to reduce their sentence, and loss of family visitation, or the inability to pay for basic life necessities like bath soap. They have no right to choose what type of work they do and are subject to arbitrary, discriminatory, and punitive decisions by the prison administrators who select their work assignments.
[1] https://www.aclu.org/wp-content/uploads/publications/2022-06... (relevant quotes are found on page 5)
> To be clear, the prisoners aren’t literally forced to do this work.
Not 100% true it seems, but happy for someone else to correct me.
> Prison labor in the US is mostly optional - https://en.wikipedia.org/wiki/Penal_labor_in_the_United_Stat...
It's technically optional in most institutions, but not practically optional. For instance, a lot of labor can reduce your sentence, can give you better housing and can enable you to afford things on commissary you might need (e.g. phone time, hygiene products etc).
Ok so optional then
Sounds like optional to me. With benefits for exercising the option.
> The Thirteenth Amendment to the United States Constitution abolished slavery and involuntary servitude, except as punishment for a crime.
https://en.wikipedia.org/wiki/Thirteenth_Amendment_to_the_Un...
No, Thirteenth Amendment permits it as punishment for a crime.
This a good reminder to all Americans to read the Constitution. The amount of bizarre understandings (not necessarily this one) that I see is very high.
Since you didn't know about for-profit prisons, here:
I'm very well aware of private prisons, but I didn't know they also exploited essentially f̵o̵r̵c̵e̵d̵free labour, that one was new to me. Apparently in the constitution and everything. Remind me again why some people believe America to be "the land of the free"?
Not sure why you are bringing up private prisons. Private prisons are a tiny percentage of federal prisons and prison labor is used throughout the USA.
Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction.
For anyone unaware, that is nearly[1] the entirety of the text of the 13th Amendment to the US Constitution from 1865. This exception is rather (in)famous. I remember being quizzed on it in an elementary or middle school history or social studies class.
[1] the only excluded bit is the followup "Congress shall have power to enforce this article by appropriate legislation." Without this, the power to enforce the 13th Amendment would be left up to the states due to the 10th Amendment ("The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."), which would have slightly useless given the whole war that had just been fought over some states wanting to keep slavery.
they shouldnt be paid at all. they're in prison for a reason. they have a debt to society. a great many of those people didnt do 'one bad thing' then got caught. it was just the last bad thing they were caught for. any many of them did 'the bad thing', then continued doing other bad things up until the point they were put in prison.
> they're in prison for a reason.
Often that reason is "too poor to afford proper representation" or "looked vaguely like the actual criminal" or "took a plea bargain because the justice system was threatening them with an immorally-long wait for a trial and a likely worse outcome".
Often that reason is "committed a horrific violent crime"
Weed, though. In some states, now legal.
Non-violent marijuana users haven't ever materialized as a large cohort of the prison population. Sorry, I too used to believe that prisons were overflowing with them
I mean if this was the 90s, yes it was true but you are also correct that it's very rare for anyone to be in prison for just marijuana alone in the US. Even in states where it's "illegal."
Not really? I mean, when you compare the number of people who have committed a "horrific violent" crime to the total number of people caught up in the US prison system, I expect it's not "often".
The numbers are fuzzy but they indicate that at least a simple majority of (and possibly up to an extreme majority) of prisoners have committed violent crimes.
That really depends on what you classify as “violent”. There are a lot of crimes labeled “violent” that don’t include direct physical harm to another person. Eg burglary is labeled as “violent” many places when the actual act was “smashed a window, grabbed a TV and ran away”. Drug manufacturing is also typically considered “violent” even without any kind of assault/murder/turf war/etc.
The numbers I saw said 47% of inmates had a violent crime under federal or state classifications.
Often it is.
Often it is not.
Often, they too are a victim of our judicial system, and we can't just ignore them due to the peers we locked them in with.
That doesn't justify ignoring our established punishments. Good luck with a system that sets everyone free just in case.
They're literally guilty and in the prison for the crime of being unable to afford a lawyer.
That's the fact. You can't argue jail time is automatically fair only because it has been added in the sentencing.
Its legal, and that's it. Civil forfeiture is also legal. Slavery was legal (and is still legal in us prisons).
Doesn't make it justified.
Being paid for labor while imprisoned is not anywhere close to being set free.
Where in the world did I imply that?
> Where in the world did I imply that?
You didn't, but I'm taking your stance to its logical conclusion.
GP: > they shouldnt be paid at all. they're in prison for a reason. they have a debt to society.
Your response: > Often that reason is "too poor to afford proper representation" or "looked vaguely like the actual criminal" or "took a plea bargain because the justice system was threatening them with an immorally-long wait for a trial and a likely worse outcome".
Be that as it may, this is our system. Through a series of laws we have defined due process for our people, and people who end up in prison are a result of this due process. Like it or not this is the best we were able to do.
If we are going to say prisoners should be given more privileges because some prisoners do not deserve to be in there, then why are we holding them in a prison to begin with? Being confined to prison is a thousand times more punitive than not receiving pay for making a license plate.
A better reason for arguing that prisoners should be paid for their work is because it is more humane. That's a better argument than some people are in prison unjustly.
I'm actually in favor of prison reforms. Prisons' number one goal should be to reduce recidivism. I see that as the entire point of the prison system: reducing crime. If a person leaves prison and re-offends, we have failed to do our job.
I don't agree with your "slave labor is ok if the slave committed a crime" position, and find it morally indefensible.
Stepping aside the fact that I think most everyone here is playing fast-and-loose with the “slave” terminology here… Why do you feel prisoners doing low wage labor to be wrong?
Practically everyone in human history since the dawn of time has had to go out and produce something of value. Why, all of a sudden, should a murderer or rapist get to sit on their ass and consume what we all produce? I find nothing questionable about a humble job for them at all.
Working should be a free choice (we can discuss about how much freedom exists for many people), and should always be paid. There is nothing wrong if a prisoner chooses to enagage in (fairly paid) labor. But if they are not free to do so, then they are slaves, not workers.
Prisoners already lack freedom in many aspects. "Sitting on their asses" like if they were sipping cocktails on a beach is a bit a misrepresentation don't you think? I wouldn't exchange the possibility to move and do what I want for possibly any amount of money, nor for being able to "sit on my ass" in that sense. Would you?
Besides the moral arguments - which I will say, they are so obvious that it feels incredible even having to discuss why enslaving prisoners is wrong - you can make economic arguments. For example, that having cheap or borderline unpaid labor compresses the salary in that market, or that this system creates a dysfunctional incentive to increase prison population for private profits.
Maybe that's why the US is one of the countries with the highest incarcerated population in the world. The highest among western and larger countries.
I understand though there is a cultural barrier. I am from Europe and in most countries here prison has a rehabilitation purpose, which is what most benefits society, and prisons are not private entities.
You're instantly jumping to the worst of the worst types of prisoners: murderers and rapists. Prisons also include people who commit non-violent crimes like drug possession, burglary, cybercrime, etc. Why should those people be forced to work the same "humble jobs" in prison?
I do find that questionable.
I don't think you know what humble job means, and meant to say humiliating pay.
Two answers:
1. Why should they be restricted to ludicrously low wages? If they're producing something of value, they should be compensated. Not only is it morally wrong to, you know, enslave people, on a more practical level it would be very helpful for people who are leaving prison after serving their sentence to actually have some money saved up, so they have better opportunities, to avoid recidivism.
2. The reason they can sit on their ass and consume what they produce is that they effectively become wards of the state. They're still human beings, and if we have decided to incarcerate them, we become responsible for them, and they still have rights as human beings.
A humble job is fine; I'm not saying they should be sitting in an aeron chair bullshitting on Slack for 8 hours a day. But slavery for pennies on the hour is wrong.
Punishment is only one reason of inprisonment, another is correction. Majority of prisoners do not serve lifetime sentence, at some point they wikl return to society and ideally you don't want them to get right back to what they have been doing before because they have no other options or they don't know nothing better.
Ah yes. American Prisons prioritizing punishment over resocialising is the reason why criminals so often continue to hurt society after they have been released.
Then we have people who demand to double down on the punishment and wonder why these people never stop breaking the law.
Americans are a marvelous bunch. Thanks Dog I live in a first world country.
In many cases, their earnings are confiscated as part of restitution.
Imprisoning people for years seems like a much worse thing to do to people than underpaying them for work they do while locked up.
Is it that the latter can be called "slavery" that makes people upset?
There are a lot of incentives to lock people up. Cheap labor is one of them. We should support incentives such as "keeping society safe", but incentives such as "profits and cheap labor" are incentives that may actually incentivize locking up innocent people.
So it's not about which one is worse, it's about not supporting something that could lead to corruption or an unfair system.
“The morally correct thing is to pay them even less.”
I used to have a fun novelty plate when I lived in California, but when it came time to get new ones, I went with the most boring, plain plate I could. With how many crazy assholes there are on the road these days, anything I can do to promote my own inconspicuousness is something I'll do. No bumper stickers, no cute plate frames, nothing. When I'm not carrying skis, the rack comes off
In a world where people scratch sports cars painting out of pure envy. It's hard to criticise someone trying to stay under the radar of the crazy.
I found out recently that in my state, the online vanity plate checker shows plates that were PREVIOUSLY registered but NOW available as NOT available. I wanted to get one of my own plates I had years ago and assumed there was some process to have it transferred, but was told by a DMV rep that after two years of non-registration, they're up for grabs. Apparently the web page does not take this into account.
That means there are probably a lot of great plate names up for the taking that people are just assuming are taken. You'd need to call the DMV to verify.
Hopefully Florida's web page does not have that limitation.
This has nothing to do with TypeScript
Generally speaking, if someone specifies "TypeScript," I expect the type system to be the interesting part of the writeup. Otherwise, it could say "JavaScript."
(It could say "React," but still, the interesting part is that you built a scraper/visualizer, not that it used React.)
If the headline said "Using Python to obtain one of the rarest license plates" you wouldn't think twice.
That’s true. But the analogy is more correct if it said “Using Mypy to obtain…”
The scripts he wrote to pull the data were written in TypeScript, though all the TS I see is in the parameters in the function signature. Also he used Next.js for the dashboard
I think the GP's point was that the part of the article that's most interesting is the investigation into how the DMV's plate system works. The fact that Typescript was used is incidental (of course this could have been done in pretty much any language), and it's an odd choice to include the language choice in the article title.
In Denmark, you can buy a vanity plate (ønskenummerplade) for 8'000 DKK (needs renewal every 8 years), and it can be between 2 and 7 characters long; but the best part is that they permit all Danish letters, including Æ, Ø and Å. One could likely write a script quickly to check these platforms for short combinations, such as ØÅ, which appears to be available.
ØØ7
Don't forget that the cost is not only the bureaucratic fee; you also have to buy a vintage Aston Martin or Lotus, to display the plate.
While clever, as a Scandinavian I regret to inform you that I would read that as: Uh Uh Seven, not (double) Oh Seven ;)
a money-saver! uh uh seven belongs on a vintage Ford Pinto!
But the tourists visiting Europe will be impressed.
Shouldn’t be a problem with all that medieval money lying around. /s
Does a kit car count? You can build a Lotus for around the cost of a Honda civic. Like a Lotus 7.
Money? You mean you don't just go to Q and procure one?
I guess you could get the tax payers to pay for it.
I'm imagining someone driving in England and the police having no way to input those letters into their system.
I wonder if the Danish system would prevent ÆØÅ and AEOA from both being registered. Would the Danish system Match "ÆØÅ" if someone input "AEOA"? There are unicode normalization rules, but I wonder if systems would be built to handle that. If you're Danish, you'd just use those letters so it wouldn't be a useful feature. If you're English, you wouldn't often encounter those letters so it wouldn't be a useful feature.
> I'm imagining someone driving in England and the police having no way to input those letters into their system.
I would assume the UK has worked out a way of dealing with this having had plenty of years of foreign plates being driven around the country.
Any Danish license plate driven in the UK will almost certainly have to a be an EU style plate with the blue band on the left with the "DK" country code. If someone needs to send a fine to the registered owner of this plate I'd guess they'd be handing over the camera footage/images to a contact in the relevant country and letting them confirm what the exact plate is.
(There may be some weird exemptions for old classic/vintage cars that can continue to be driven on their original number plates, in which case you really don't know who to contact.)
The UK is very strict on license plates. I don't think there's any valid reason for driving a car without some form of a license plate on display (cars being driven on trade plates placed in the front/rear windscreens are the closest thing I can think of). I'd expect the UK Police to pull over any car that didn't have plates on it if they spotted it. It's certainly considered very suspicious in the UK if a car is missing either of its plates.
There are plenty of examples of normal ANPR cameras failing to capture plates properly. Or even sillier examples like this: https://www.bbc.co.uk/news/uk-england-somerset-58959930
This story got referenced by the associated Government body here: https://videosurveillance.blog.gov.uk/2021/10/27/the-camera-...
>I would assume the UK has worked out a way of dealing with this having had plenty of years of foreign plates being driven around the country.
Based on my experience, the UK approach is to not even bother and try and collect fines from owners of foreign registered vehicles. They do sell them to some private company that has been sending me scary letters for 10 years soon.
My understanding is that most countries just don't bother; I once drove around North America on Danish plates; since European plates are much wider than North American style plates, none of their cameras could scan my plates; so camera-only toll roads were essentially free for me. I consider that it happens so rarely anyway, that they don't bother.
Similarly, I've been flashed for speeding in France, which does have cameras adjusted to my plates' size, but they also didn't bother sending a ticket. Germany - on the other hand - will send you a ticket, but since they allow Ö, Ü, etc. on their plates, their system can probably handle Æ, Ø and Å as well.
Edit: Obviously, they don't bother to a degree; severe infractions will obviously make local law enforcement do something, but it's a rather manual process. Most countries are signatures to a treaty, that recognises other countries' plates.
So what happens when ÁÀÂÅÅÀÄ run a red light?
A fine for faking a license plate, may be? ÁÀÂÀÄ are not in the Danish alphabet.
Apologies. I'm not familiar with the alphabet. I just looked up Danish unicode and it showed those characters. I'll stick with 0OO0O00 as my license plate
> Most people never think twice about the random mix of letters and numbers the DMV assigns them.
I started thinking about it when someone parked next to me in a nearly-identical model - same brand, year, etc, the only difference was some roof accessory - and a nearly identical license plate. (Think ABC D12 and ABC E12). I started trying to open their car door, and was confused until I noticed some things in their front seat that were clearly not ours.
Later that week, I was shopping around for car tires, and saw that some shop - PepBoys or something - let you punch in your license plate and let you know what kind of tires you need, and that their API response included the car make and model. I thought about poking around it, and seeing if there was a pattern to the way my state assigned license plates, but never got around to it.
(They live in town, too, and I've seen where they park. I should go introduce myself to our car twin.)
They have a license plate checker on their site. I don't live in the states, therefore I don't have a plate to check. Or do I..... HY in Florida....
@lafond - do you own a 2010 Subaru Legacy with the 2.5L SOHC engine?
Yep. I wonder where and how they get this information.
When you realize the total combos of car key possibilities, you have a decent chance your key would work, too!
Had two GM 3500 cargo vans, one a 2002 Chevy Express, the other a 2001 GMC Savannah. Same vehicle different badges. Noticed the keys were a bit similar and found that the Chevy key could in fact unlock the GMC with some wiggling but not the other way around. It did not work in the ignition lock.
Ignition locks were always better machined - the door locks were the first to get loose enough for “alternative keys”
Eventually a screwdriver works for both.
Back in the 90s, I was on a trip and ended up parked next to a car which had a car alarm that responded to the key fob for my car alarm. It was very disconcerting.
I borrowed my friend's Prius once and accidentally opened the door to the wrong one and got in for a second before slowly realizing things felt off.
Around 2009ish I parked our dark grey Prius next to another dark grey Prius while going to the Beverly Hills Farmers’ Market and when I came back to the car, there was a third dark grey Prius parked next to the two original dark grey Priuses.
They were reproducing!
It's a keyfob, and it didn't open his door when I tried to get in :P
I swear I read some case a couple years back where a kid was facing serious prison time for automating requests to w publicly available government website. "Unauthorized access of a computer." I think the author may have just admitted to what the government considers a serious federal crime, as stupid as it is to consider it a crime.
Arguably the most famous one is this: https://en.wikipedia.org/wiki/Aaron_Swartz#United_States_v._...
I once had a flatmate who worked in IT at MIT at the time that happened. I don't remember the details, but it was a sad fluke that the feds even got involved - something like it was reported at the wrong time of day/when the person who should have got it was off-shift, or the feds happened to be doing something with the state police when the report came in and wanted to make a big news splash.
Whole thing was incredibly fucked up.
Interesting to see how much more thorough the Wikipedia page is now.
Whoa. That was an interesting read.
Different scenario but it reminds me of when Missouri prosecuted a reporter who found that teacher's SSN numbers were exposed in the HTML of a webpage
> "Parson described the journalist as a “perpetrator” who “took the records of at least three educators, decoded the HTML source code, and viewed the Social Security number of those specific educators” in an “attempt to steal personal information and harm Missourians.”"
Reminds me of a German developer that got prosecuted because he opened an EXE file with notepad and found a hardcoded database password there: https://www.heise.de/en/news/Modern-Solution-Convicted-IT-ex...
>The password to this database was stored unencrypted in an executable file of the middleware product and was the same for all Modern Solution customers
>Modern Solution then reported the security researcher to the police, who searched his home and confiscated his work equipment
>The programmer has thus been sentenced to a fine of 3,000 euros and must bear the costs of the proceedings
That didn't actually happen. The governor threatened to prosecute, and ordered the police to produce a report on their investigation into the matter. The police complied producing a report saying the person the governor wanted to prosecute did nothing wrong.
Isn't html copyrightable and thus it is a publication? (And thus exposed by the author). Or am I in the wrong ballpark here?
What makes something a publication is the act of publishing, not the format that it takes.¹ Copyright is implicitly granted at publication² although registration is required in order to sue for infringement.³
⸻
1. Within some limitations: certain types of creative works, most notably typefaces, are excluded from copyright law, although it was determined that digital font files that describe the outlines of the characters are programs and thus eligible for copyright. Bitmap font files on the other hand, as an expression of a typeface design are not eligible for copyright.
2. Although works created by federal employees as part of their job are explicitly excluded from copyright protection.
3. Note though, that the timing of the registration impacts what you can sue for. If registration takes place after the infringement you can only sue for actual damages, but if it takes place before the infringement you can sue for punitive damages.⁴
4. I should add the obligatory disclaimers that all of the above only describes US copyright law and also I’m not a lawyer (although I did used to watch Law and Order a lot) so everything in this comment could quite likely be completely wrong.
No. Imagine you wrote a personal diary entry in a text file on your computer, and only afterwards wrapped it in HTML tags. Did you just make it a document intended for broad publication?
It doesn't matter. The judges who pass these sentences don't know enough about the systems to understand whether or not a crime has been committed and they simply don't care.
Raw data isn't copyrightable. You can't copyright the contents of phone book, for example.
Just because you can hit a backend without a rate limit, doesn't mean you should. In my experience, government IT is very humorless about this sort of thing. Far better to blend in with normal traffic than to stand out as a bad actor.
Especially given how the response time doesn't matter much here! If you're just looking at 2-character license plates, that's 676/5=136 requests to check them all, and you could easily space that out to something like one request per minute to scan the space every two hours.
"Your honor, the defendant took steps to hide their activities, showing that they knew it was wrong"
Just append
(Mandatory disclaimer: IANAL, ignorance is no excuse for breaking laws)X-Crawl-Reason: Finding spare license plates, throttled ONLY to prevent service disruption. To the best of my knowledge, [legalese claiming good faith and compliance to all applicable laws]
The fun thing about the computer fraud and abuse act is that just about anything can be made into a federal crime with it!
Just about, indeed!
"Nonprofit hires woman, but she quits after a few days, asks for pay for that time; they refuse, and things get worse from there. But! They don’t turn off her email access to a board member’s email. She and a friend comb through the account, download internal documents, and then ask for a lot of money. Federal crime? Third Circuit: Not until they actually revoked her access."
Considering it was created during a major moral panic after the movie "War Games" came out, by a bunch of politicians who knew nothing about computers (aside from, again, watching the movie War Games).
As a direct result, anything and everything can be a crime (e.g. violating a private company's Terms & Conditions), and the punishments are completely disproportionate to the actual criminality.
See the AT&T/iPad data leak, where AT&T were leaking private information on the internet with no security checks at all. Someone found it, told the press, who in turn told AT&T, but the FBI still investigated it as a "crime", raided their home, charged them with "conspiracy to access a computer without authorization." AT&T go no punishment at all.
I think you are missing some nuance here. They found a vulnerability where they could just increment an "id" and get access to another user's information. They then went ahead and scraped as much as they could. Also this person (iProphet / weev / Andrew Auernheimer) is awful and certainly not a victim. AT&T did not leak the information, Andrew did!See the AT&T/iPad data leak, where AT&T were leaking private information on the internet with no security checks at all. Someone found it, told the press, who in turn told AT&T, but the FBI still investigated it as a "crime", raided their home, charged them with "conspiracy to access a computer without authorization." AT&T go no punishment at all.Should they have had better security? Yes. Was the vulnerability extremely basic? Yes. Doesn't change much, a vulnerability was used to dump a bunch of private data.
Exactly. If you find an unlocked warehouse, even if you are supposed to pick up something of yours, and instead of directly complaining you also ransack everything, you’re going to catch some heat.
> I think you are missing some nuance here. They found a vulnerability where they could just increment an "id" and get access to another user's information.
That's not nuance; the information was publically available on the internet without any security. Even search engines had indexed it before it was patched.
> They then went ahead and scraped as much as they could.
They told the press instead of releasing it.
> AT&T did not leak the information, Andrew did!
So AT&T dumping it all onto the open internet without any security isn't culpable, but the person who let the press know that their information was available to everyone is. That's quite an interesting take.
I'm struggling to see the nuance... You just repeated back what I already said, but added that you dislike the person personally, which is absolutely fine, but we're talking about miscarriages of justice not running a popularity contest. If you feel like they committed other crimes (which they likely did per Wikipedia), that is unrelated to THIS supposed crime.
> Was the vulnerability extremely basic? Yes.
There was no vulnerability. You just needed to request a record from a public web-server, which the server happily provided with no extra steps.
Let me ask this: When you request e.g. google.com, and they return a HTTP response, why is that not a "vulnerability?" Because we'd both agree it objectively is not. So then, why, when AT&T provides a URL with information they're meant to keep private but available to the public, and you then request it, that is suddenly a "vulnerability?"
Here is the actual URL you needed to call:
https://dcp2.att.com/OEPNDClient/openPage?IMEI=0&ICCID=<consecutive id>
You just needed to take any iPad's ICC ID and +1 for the next customer's record. So what is the "vulnerability?" Being able to count consecutively?
"The guy who did it sucked" is generally not a good justification.
It's an easy trap to fall into (we all want consequences for shitty people), but it's also a blurry line to hold.
"First they came…"
OP here - I did some pretty heavy research on this topic to make sure I'd be okay publishing this / automating anything at all. From what I looked into (and mind you, I'm a 23 year old security researcher & not a lawyer) there are a few recent landmark court cases (Van Buren vs. United States, hiQ Labs vs. LinkedIn) that protect webscraping of a public-facing page without bypass of any technological barriers. Furthermore, Florida has the Computer Abuse and Data Recovery Act that defines any malicious behavior as overuse of resources or an intent to defraud or cause harm, both of which I was very conscious about not violating. I appreciate the concern regardless!
I was charged with felony unauthorized access of a government computer years ago for an even stupider reason. Nobody should underestimate the state's willingness to prosecute over anything.
Soon he may be making vanity license plates
What we need is a "Little Bobby Tables" vanity plate that exploits a buffer overflow in speed cams.
Unfortunately they seem to filter special characters on input, that is, when you apply for your plate.
But don't despair! Depending on how crappy the cam's firmware is, NULL might just do the trick.
Isn’t there an xkcd abut a license plate of zeros an Os and ones and LS and the cops just say “it’s the guy with the plate again”.
That plate wouldn’t be allowed in Illinois where there is a hard requirement that all digits follow any letters on the plate.¹ The thing that I find mystifying is that they charge more for a vanity plate that’s all letters than one that’s letters and digits.
⸻
1. Although some specialty plates end up having suffixed letters, usually shown on the plate stacked.
Some states simply do not allow 0 and 1 on vanity plates, you have to use the letters.
Hah, in California I used to have HX.
The short plate came back to bite me: Years after I had moved to another state, an automatic license plate reader on a toll road (91 Express Lanes) in Los Angeles misread someone else's plate as mine. It was kafkaesque: My public records request for photographic evidence was blocked because, if I was correct that the offending driver was not me, the law prohibits the release of records revealing others' driving patterns.
The other plates available when I did a similar search were BO and IR. In retrospect IR wasn't a bad choice.
I have an iteration of NO PLATE, and have received numerous citations and impound notices. At this point, I just ignore them. Registration renewal is possible, only because my local county office understands the situation (years of this).
Of course I could change my license plate, but not'gonna.
If anyone else was wondering why it says NASCAR on the plate:
https://en.wikipedia.org/wiki/Vehicle_registration_plates_of...
I'm not seeing what TypeScript brings to the party here? Looks like regular old JavaScript plus a vanilla dashboard.
He used TypeScript for the scripts he wrote to pull the data. He also used Next.js to build the dashboard which is written with TypeScript
Very similar to this post from a few months ago - https://blog.jonlu.ca/posts/ca-plate-checker
In CO, there isn't an online search. When you apply, you have to list your top options and hope one is available. I'm also not a normal person. I'm an engineer and this was not good enough for me.
I emailed government employees until I figured out who was responsible for license plate records. I submitted a CORA (Colorado Open Records Request) for the entirety of their dataset. I had hoped to get the data on some regular cadence to build a simple online service for others. Unfortunately, they flat out refused and wouldn't discuss options.
When I told my family what license plate I wanted, they laughed at me and said "No one has that, just go get it". And so I did and it worked. I now have what I consider to be the best possible license plate in Colorado: "LCNZPLT"
Occasionally I'll see someone walk by my car, see the plate, think for a few seconds and then start laughing. Mission accomplished!
Oh I get it your license plate is “License Plate”
LCNSPL8
The best possible license plates in Colorado all start with ZG …
>EVENTVALIDATION is (was?) a novel security measure implemented in 2006 by the ASP.NET team to "prevents unauthorized requests sent by potentially malicious users from the client [..] to ensure that each and every postback and callback event originates from the expected user interface elements, the page adds an extra layer of validation on events".
The attack it prevents is called XSRF, and this security measure wasn't novel in 2006.
It's a fun story of course, but it also seems that people like OP who abuse public APIs are why we can't have nice things, and why so many web pages these days are bogged down by Cloudflare and Anubis interstitials that waste human time.
Yeah, also running a scraper with no rate limit against a government website is a pretty risky endeavor.
Skiddies targeting an individual site are a drop in the ocean compared with the industrial scale LLM scraping, so blaming them for it is in bad taste.
> Skiddies targeting an individual site are a drop in the ocean compared with the industrial scale LLM scraping
They're not. Both are bad, but at least there's some utility to LLMs.
The difference is that the government won't charge a major LLM vendor with a crime, but they may kick in John Smith's front door and ruin their life.
I did something similar to get OnlineOrNot's twitter handle - I realised that unclaimed names would 404 and so I set up a check to get an alert when that happened.
What character set does it use? For example, can "O" and "0" considered different characters or same character, and are some letters/numbers not used? If so, then how many they say are possible is not quite that simple, since some might match (so they cannot simply be added together) and some might not be possible.
I was hoping “using TypeScript” was going to be more along these lines, i.e. using the type system as a constraint solver for some combination of homoglyphs that resembles a target string.
I did something similar with CA a few months back - https://blog.jonlu.ca/posts/ca-plate-checker
Next steps would be to make it LLM assisted and to generate common number/letter replacement combos
Great minds think alike! Tough you weren't able to find anything cool with it, but glad I wasn't the only one thinking to automate it :)
I got my vanity phone number this way too. However key point is to have a registrar with an insecure lookup endpoint like in the article.
Most endpoints now only give you a list pre generated numbers to choose from, AND that endpoint is rate limited to the tits with reCaptcha. No more script kiddies.
Hey, would you please consider adding an RSS feed to your blog? I remember liking your post about Waffle house and now also this one, so I tried to add it to my RSS reader. But unfortunately no feed is available.
It's now available! https://jack.bio/feed :-)
I’m boring. The process for us was: Wifey and I thought of cool names, went to register with our shortlist written on paper, most didn’t work, until one did. Though now we’re considering dropping it because it costs too much.
Hehe, I do a similar thing for phone numbers and I got real good ones almost for free :)
phone numbers seem risky, years back I got randomly assigned a "cool" number (I think it ended with 8888 or something) and it seems it was on all possible fax spam lists, constant calls all hours of the day and the night, had to change it asap.
I have my HN name @gmail.com.
I've never actually used that account, because there are too many anonymous Bart Simpsons (and old people who don't understand email addresses) who use that one.
The shitty thing is that I use Google Apps for Your Domain (a.k.a. Dasher/GSuite) to get around this. For years, things like Photos and Music were stuck to my useless Gmail account, because the PMs involved never bothered going through the approvals to get those things to work on custom domain accounts (which Google ret-conned to be for businesses only).
A lot of these are resolved now, but there are still frustrating places where it comes up:
- I pay twice for YouTube Music - once for myself, and once for my family. I can't share my account with them, because it's attached to my domain name.
- I similarly can't join their Google Home accounts to do things like have my voice recognized when I visit them.
- Gemini CLI thinks I'm a business and quotas me like one.
My then-fiancée had a cell number that ended with 5 zeroes and a 1 and she got many wrong number calls from people who were trying to reach numbers that ended with 0-001x
Aren't all license plates rare since they're unique? I would also not call it rare unless everyone wants that specific combo of characters.
Personally, I wouldn't pay extra every year to have an easily recognizable vehicle.
You should not be getting notifications while driving.