<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
OK, there's that hypothetical undesirable guy sleeping in the
library again. He got in because his undesirable friend let him in
again. That one got in because someone who didn't know him let him
in. etc, etc. How is technology going to cure this very common
scenario?<br>
-Claudia<br>
<br>
<br>
<div class="moz-cite-prefix">On 5/10/2014 3:30 AM, Henner Zeller
wrote:<br>
</div>
<blockquote
cite="mid:CAEQqtJzcZXdXjSCpX7mcvB5360Nf0_gbXb8nyHo--Qe31PsiMg@mail.gmail.com"
type="cite">
<div dir="ltr">I would like to help researching RFID readers and
how to get a bunch of cards and help make this happen. RFID is
not absolutely secure, but this is not what we have to worry
about here (in fact, if someone can hack themself in with a
copy, they are at the right place).
<div>
<br>
</div>
<div>Starting with the top door being opened by RFID is a good
first step. I still would like to put an RFID reader
downstairs as well because remembering my 7-digit code always
is, uhm, troublesome for me. So it would just basically an
addition/replacement for the keypad downstairs (which doesn't
change the situation with other tenants that have a key, I
suppose).</div>
<div><br>
</div>
<div>I might come to NB tomorrow, is anyone there who wants to
discuss this, and work on it ? Let Do this.</div>
<div>I am happy to help purchase equipement if we need that (I
know there were already experiments with RFID readers before ?
What happened to that ?).</div>
<div>Getting basic physical access installed is IMHO the most
important thing to make NB functioning again.</div>
<div><br>
</div>
<div>(I am really looking forward to have only people there who
should be there. One of my reasons to only really rarely come
to Noisebridge is, because I know that I can't leave stuff
there I want to work on, so why should I do it there ?)</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 9 May 2014 17:28, Naomi Most <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:pnaomi@gmail.com" target="_blank">pnaomi@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">I'm just
reiterating my own stances said elsewhere.<br>
<br>
Basically, I'm a proponent of Approach #3.<br>
<br>
Important points:<br>
<br>
* the front door key is not a form of security; it's a meme
promoting<br>
Noisebridge.<br>
<br>
* changing the way the front door operates requires the use
of social<br>
capital w/ the landlord and tenants. Right now the landlord
is<br>
disturbed by the Electrical Situation -- not a good time to
bother him<br>
about other things.<br>
<br>
* installing RFID at the top door seems like the smartest
addition of<br>
security in terms of workingness (keyfobs are less easily
duplicable<br>
than key codes and just as revokable) and in terms of the
work<br>
involved (not removing anything from the front door, just
installing<br>
something new).<br>
<br>
* yes, this is still basically security theater -- unless we
also<br>
restrict access via the elevator.<br>
<span class="HOEnZb"><font color="#888888"><br>
--Naomi<br>
</font></span>
<div class="HOEnZb">
<div class="h5"><br>
<br>
On Fri, May 9, 2014 at 4:31 PM, Jeffrey Carl Faden <<a
moz-do-not-send="true"
href="mailto:jeffreyatw@gmail.com">jeffreyatw@gmail.com</a>>
wrote:<br>
> We have been discussing this for a few hours on
Slack and #noisebridge and<br>
> have come up with a few solutions. I thought I'd
share a few ideas that have<br>
> been thrown around so far.<br>
><br>
> Here's the current system, for those watching from
home. At all hours of the<br>
> day:<br>
> - Someone can use a key to get into the building
and space.<br>
> - Someone can use a keycode to get into the
building and space.<br>
> - Someone can buzz the intercom and be allowed in
by someone inside who has<br>
> a keycode. (or they can walk downstairs)<br>
><br>
> And now, for some new ideas...<br>
><br>
> Idea #1: Move the keypad from the gate to the door.
Keypad only active<br>
> during newly instilled associate/regular members
hours. Physical key, or<br>
> someone buzzing you in, required to enter the
building.<br>
> Benefits:<br>
> - Robotically enforced "members-only" hours,
instead of human-enforced like<br>
> in the past<br>
> - Semblance of 2-factor auth, if you ignore the
ubiquity of keys and<br>
> keycodes<br>
><br>
> Idea #2: idea #1, plus replacing gate lock with
RFID sensor.<br>
> Additional benefits:<br>
> - RFID fob can be revoked if shared, while key
cannot (or it's much harder<br>
> to do so).<br>
><br>
> Idea #3: keep lock/keypad as-is, install
members-hours-only RFID sensor at<br>
> door.<br>
> Additional benefits:<br>
> - No need to change existing setup.<br>
> - RFID sensor is less likely to be tampered with.<br>
><br>
> In all three cases, it will be less easy (but
nothing is impossible) for a<br>
> random person looking for a way to abuse the space
to find their way inside.<br>
> Of course, much like how things are now, there's a
significant amount of<br>
> security theater that goes into these "solutions."
There is no silver<br>
> bullet.<br>
> - In all forms, someone can still shadow someone
else being let in.<br>
> - With idea #2, replacing the lock with an RFID
sensor could inconvenience<br>
> other tenants, and RFID sensor could be subject to
on-the-street vandalism.<br>
> - In the past, people have complained about their
access/whereabouts being<br>
> tracked by being tied to an RFID fob.<br>
> - Anyone could use the elevator to get past any
form of authentication at<br>
> the door.<br>
> -- The elevator is either off-limits,
cost-prohibitive, or both to add an<br>
> additional keypad or sensor to.<br>
><br>
> Either way, this is what we've been discussing. If
you didn't read the<br>
> previous paragraph, I said that this is all
ultimately in the name of<br>
> security theater. But I think they're all
improvements on what we have now.<br>
><br>
> If you're interested in discussing these (beyond
the discussions we've<br>
> already been having on this list, on Slack, on
Freenode, and now on this<br>
> Etherpad I made the mistake of creating), please
consider coming to a<br>
> meeting of the Security Working Group. I'll defer
to Naomi or someone in<br>
> #security-wg on Slack for details about when that
will happen.<br>
><br>
> If you haven't read the antepenultimate paragraph
or the one prior to it,<br>
> this is all in the name of security theater. Please
do not complain about<br>
> holes in any of these systems that already exist
within our current one.<br>
> Thanks again!<br>
><br>
> Jeffrey<br>
><br>
> On Fri, May 9, 2014 at 4:01 PM, Johny Radio <<a
moz-do-not-send="true"
href="mailto:johnyradio@gmail.com">johnyradio@gmail.com</a>>
wrote:<br>
>><br>
>> Ya gotta love the "Let's somebody else do it."
Classic.<br>
>><br>
>><br>
>> Jeffrey Carl Faden <<a
moz-do-not-send="true"
href="mailto:jeffreyatw@gmail.com">jeffreyatw@gmail.com</a>>
wrote:<br>
>><br>
>> This thread is taking a worrying turn toward
"wishful thinking" and away<br>
>> from "doing".<br>
>><br>
>> On Fri, May 9, 2014 at 1:08 PM, Naomi Most <<a
moz-do-not-send="true" href="mailto:pnaomi@gmail.com">pnaomi@gmail.com</a>>
wrote:<br>
>> >> >> Let's do that. Who's around
who likes installing keypads?<br>
><br>
><br>
><br>
</div>
</div>
<div class="HOEnZb">
<div class="h5">>
_______________________________________________<br>
> Noisebridge-discuss mailing list<br>
> <a moz-do-not-send="true"
href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a><br>
> <a moz-do-not-send="true"
href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss"
target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
><br>
<br>
<br>
<br>
--<br>
Naomi Theora Most<br>
<a moz-do-not-send="true"
href="mailto:naomi@nthmost.com">naomi@nthmost.com</a><br>
<a moz-do-not-send="true" href="tel:%2B1-415-728-7490"
value="+14157287490">+1-415-728-7490</a><br>
<br>
skype: nthmost<br>
<br>
<a moz-do-not-send="true"
href="http://twitter.com/nthmost" target="_blank">http://twitter.com/nthmost</a><br>
_______________________________________________<br>
Noisebridge-discuss mailing list<br>
<a moz-do-not-send="true"
href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a><br>
<a moz-do-not-send="true"
href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss"
target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Noisebridge-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a>
<a class="moz-txt-link-freetext" href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<p class="" avgcert""="" color="#000000" align="left">No virus
found in this message.<br>
Checked by AVG - <a moz-do-not-send="true"
href="http://www.avg.com">www.avg.com</a><br>
Version: 2014.0.4570 / Virus Database: 3931/7466 - Release Date:
05/09/14</p>
</blockquote>
<br>
</body>
</html>