<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 2 May 2015 at 22:04, kjs <span dir="ltr"><<a href="mailto:bfb@riseup.net" target="_blank">bfb@riseup.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><br>
<br>
On May 2, 2015 7:09:42 PM PDT, Henner Zeller <<a href="mailto:h.zeller@acm.org">h.zeller@acm.org</a>> wrote:<br>
>On 2 May 2015 at 19:02, Olivier Laleu <<a href="mailto:olivier.laleu@gmail.com">olivier.laleu@gmail.com</a>> wrote:<br>
><br>
>> Hi noisebridge,<br>
>><br>
>> Thanks for having discussed the proposal during last Tuesday meetings<br>
>> and on NB-discuss. Big thanks to Kevin for having helped me with<br>
>format<br>
>> dates in Golang and having launched some tests.<br>
>><br>
>> Proposition:<br>
>> 1 --- I did a pull-request to Henner and Kevin to have a user's (non<br>
>> fulltime) token working 3 hours after the sunrise. You can check my<br>
>code<br>
>> here:<br>
>><br>
>><br>
><a href="https://github.com/lol84/rfid-access-control/blob/master/software/earl/user.go" target="_blank">https://github.com/lol84/rfid-access-control/blob/master/software/earl/user.go</a><br>
>><br>
>> Before<br>
>> member - 24h a day<br>
>> fullTimeUser - from 7 to 23h59<br>
>> user - from 11 to 21h59<br>
>><br>
>> After<br>
>> member - 24h a day<br>
>> fullTimeUser - from sunrise to 23h59<br>
>> user - from (sunrise + 3 hours) to 21h59<br>
>><br>
><br>
>Unless I missed something, I think the discussion about this last item<br>
>has<br>
>not settled yet. Leave it at 11:00 for<br>
>now until we have come to a conclusion.<br>
><br>
<br>
</div></div>I feel the problem here is the lack of a forum for lower case c consensus.</blockquote><div><br></div><div>the forum to quickly come to a lower case consensus would be the #security-wg channel on slack.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> I am also confused on the outcome of this thread. I further feel the lack of a forum brings docracy to halt.</blockquote><div><br></div><div>the forum _is_ slack.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Can someone please elaborate on how this is supposed to work?<br>
<div><div class="h5"><br>
><br>
>><br>
>> 2 --- The idea of Patrick to have an interface from where visitors<br>
>could<br>
>> make their own rfid card sounds doocratically cool. Maybe I could<br>
>give<br>
>> help with databases.<br>
>><br>
><br>
>I have not understood Patricks original comment, but I don't think he<br>
>meant<br>
>that<br>
>anybody can create a token.<br>
><br>
><br>
>><br>
>> Question:<br>
>> 1 --- sunrise + 3 hours means a space opened at 9:32 for a user. Is<br>
>> there a consensus on it? We still can write sunrise + 4 hours if you<br>
>> think it would be unsecured.<br>
>><br>
><br>
>Leave that at 11 for now until we have consensus. Also in winter-time,<br>
>this<br>
>might<br>
>be pretty late.<br>
><br>
><br>
>><br>
>> 2 --- What about writing on the wiki page "Noisebridge is opened<br>
>today<br>
>> from 9:32 to 22:00", via a javascript function. We can grab the code<br>
>of<br>
>> the NOAA sunrise hour (the same that is given by astrotime) via<br>
>> javascript. I can help on it.<br>
><br>
><br>
>Check with Patrick and Torrie, I think they were working on some 'is<br>
>open'<br>
>indicator somewhere.<br>
>(also 'open' in your case means 'open with RFID' or something)<br>
><br>
><br>
>><br>
>> Last thoughts:<br>
>> For newcomers, to know they can enter noisebridge via an rfid related<br>
>to<br>
>> the sunrise, is, so cool!<br>
>> For hackers, to know that the space do not depends from arbitrary<br>
>> bi-annual time changes sounds cool too!<br>
>><br>
><br>
>(At least it is a neat thing from the hack-perspective.<br>
>Most peoples schedule is actually not related to sunrise, so it just<br>
>makes<br>
>it<br>
>harder to reason when the space is open.)<br>
><br>
><br>
>><br>
>> Henner, Kevin, Patrick,...let me know when you would like to ssh or<br>
>> operate Earl manually. I'm really interested seeing it working.<br>
>><br>
><br>
>I'll meet with Kevin on Monday evening and chat about implementing a<br>
>web<br>
>interface.<br>
><br>
><br>
>><br>
>> Olivier<br>
>> 'o o,<br>
>> 'o o,<br>
>> 'o o'<br>
>> 'o o'<br>
>> 'o ..ooo, o'<br>
>> o''~ ~'o o'<br>
>> o' ,o'^'o- ''o<br>
>> o' 'o' 'o- o<br>
>> o-o-o-o-o-o ;o o' 'o -o-o-o-o-o-o<br>
>> :o, 'o- ,o o' ,o<br>
>> 'o, '** ,d' ,o<br>
>> 'o,..,,d' ,o'<br>
>> o' ,o' o<br>
>> o' 'o<br>
>> o' 'o<br>
>> o' 'o<br>
>> o' 'o<br>
>><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>> kjs:<br>
>> > jarrod hicks:<br>
>> >> I agree with Harry that "the statement 'Membership has only one<br>
>perk -<br>
>> >> Block rights for concensus.' a lie."<br>
>> >><br>
>> >> I think we should just own the fact that Membership has two perks<br>
>now.<br>
>> >> 1. Full particpation in consensus 2. After hours access. I already<br>
>say<br>
>> >> essentially this when I give tours nowadays. I'm also fine with<br>
>there<br>
>> >> being some grey 'case by case basis' area here.<br>
>> ><br>
>> > Thanks for sharing Jarrod. I think it's great that you want to own<br>
>this,<br>
>> > but I do not. I am generally the person at meetings, giving tours,<br>
>> > iterating over my version of membership and access, dwelling<br>
>entirely in<br>
>> > the gray area of trust heuristics. Becoming a Member requires<br>
>consensus<br>
>> > of the group, thus demonstrates to me the observed<br>
>'responsibleness' and<br>
>> > trustworthiness needed to curate Noisebridge 24 hours of the day. I<br>
>am<br>
>> > vary wary of advertising this as a perk of membership. Rather, I<br>
>prefer<br>
>> > to share and consider the qualities needed, not the title.<br>
>> ><br>
>> >><br>
>> >> I don't think we should go out of our way, and risk the progress<br>
>we<br>
>> >> are making improving the space, to open up special access for<br>
>users<br>
>> >> who want to use Noisebridge but are not interested in being a<br>
>greater<br>
>> >> part of our community, they are already welcome during regular<br>
>hours.<br>
>> >> (Harry, I am not referring to you. I think you are excellent in<br>
>the<br>
>> >> space.) Not necessarily Membership status, but at least with a<br>
>strong<br>
>> >> track record of excellence, trust worthiness, and support of the<br>
>> >> space. The sort of person who is assumed to be a member, even if<br>
>they<br>
>> >> are not.<br>
>> >><br>
>> >><br>
>> ><br>
>> > During discussion of this topic at meetings, there were a number of<br>
>> > early birds expressing interest in being a part of our community,<br>
>> > wanting to come and hack before 11:00. That was one motivation for<br>
>this<br>
>> > proposal. Broadly, I believe improving the interface at the door to<br>
>> > support adding fulltimeusers will help to reduce this tension. In<br>
>the<br>
>> > current state there's an asymmetry and bottleneck at this stage,<br>
>where<br>
>> > only a handful of folks can add fulltimeusers. Hence why I proposed<br>
>both<br>
>> > removing the bottleneck by creating a more accessible interface and<br>
>> > bumping up user hours. I never saw this as risking progress or<br>
>going out<br>
>> > of our way, though I hear and respect that many do. I hope that we<br>
>can<br>
>> > find a middle way where all are content.<br>
>> ><br>
>> > -Kevin<br>
>> ><br>
>> >><br>
>> >> On Thu, Apr 30, 2015 at 3:05 PM, kjs <<a href="mailto:bfb@riseup.net">bfb@riseup.net</a>> wrote:<br>
>> >>> Who gave sid, harvey, rob 2.0, etc. access tokens? The pool of<br>
>people<br>
>> who are able to create access tokens is small. I argue that more<br>
>critical<br>
>> systems fall apart in a world where we assume that someone has issued<br>
>a key<br>
>> to folks on the 86'ed list.<br>
>> >>><br>
>> >>><br>
>> >>> On April 30, 2015 2:49:20 PM PDT, Torrie Fischer <<br>
>> <a href="mailto:tdfischer@hackerbots.net">tdfischer@hackerbots.net</a>> wrote:<br>
>> >>>> On Thursday, April 30, 2015 01:53:19 PM Harry Moreno wrote:<br>
>> >>>>> Anyone object to allowing anonymous users early access to<br>
>> >>>> Noisebridge?<br>
>> >>>><br>
>> >>>> I do. Vehemently.<br>
>> >>>><br>
>> >>>> The set of anonymous users includes such people as Harvey, Sid,<br>
>Rob<br>
>> >>>> 2.0, and<br>
>> >>>> other fun personalities from the 86 page. I'd be cool with<br>
>giving<br>
>> >>>> identified<br>
>> >>>> people early access to Noisebridge. It isn't a requirement that<br>
>the<br>
>> >>>> information in the database be one's True And Legal Name (as the<br>
>state<br>
>> >>>> of<br>
>> >>>> California calls it), but merely the nym one wishes to identify<br>
>as. My<br>
>> >>>> entries<br>
>> >>>> in there say "tdfischer" and "<a href="mailto:tdfischer@hackerbots.net">tdfischer@hackerbots.net</a>". You'd<br>
>be<br>
>> hard<br>
>> >>>> pressed<br>
>> >>>> to find a court of law that would accept tdfischer as my "legal"<br>
>name.<br>
>> >>>><br>
>> >>>> I honestly don't care what name people give when they<br>
>deanonymize<br>
>> >>>> themselves<br>
>> >>>> in the database. I only care that people can be held accountable<br>
>for<br>
>> >>>> shitting<br>
>> >>>> in the woodshop. Consensus on all levels has it that shitting in<br>
>the<br>
>> >>>> woodshop<br>
>> >>>> is unexcellent. If an anonymous person with a vendetta comes in<br>
>and<br>
>> >>>> shits in<br>
>> >>>> the woodshop, how could it be prevented? Would we just hope that<br>
>they<br>
>> >>>> don't<br>
>> >>>> shit in there again? Shouldn't it make sense that we would know<br>
>who<br>
>> did<br>
>> >>>> it and<br>
>> >>>> tell the community "Hey folks, Jackhammer Jill shit in the<br>
>woodshop.<br>
>> >>>> Don't let<br>
>> >>>> her back in."?<br>
>> >>>><br>
>> >>>> Being listed in the access database as "member" is just a<br>
>technical<br>
>> >>>> implementation. Much like all attempts to programatically<br>
>validate<br>
>> >>>> someone's<br>
>> >>>> Real Name as being two separate words with UTF-8 characters, it<br>
>> >>>> completely<br>
>> >>>> misses the reality of how things work. You still don't need to<br>
>be a<br>
>> >>>> member to<br>
>> >>>> have 24/7 access to the door.<br>
>> >>>><br>
>> >>>> However, you do need the consent of Noisebridge to have it. I'm<br>
>pretty<br>
>> >>>> much a<br>
>> >>>> hardass about consenting to that and insisting that I get to<br>
>know<br>
>> >>>> someone and<br>
>> >>>> feel comfortable with it before I'd be cool with them having<br>
>24/7<br>
>> >>>> access.<br>
>> >>><br>
>> >>> _______________________________________________<br>
>> >>> Noisebridge-discuss mailing list<br>
>> >>> <a href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a><br>
>> >>> <a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
>> >> _______________________________________________<br>
>> >> Noisebridge-discuss mailing list<br>
>> >> <a href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a><br>
>> >> <a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
>> >><br>
>> _______________________________________________<br>
>> Noisebridge-discuss mailing list<br>
>> <a href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a><br>
>> <a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
>><br>
><br>
><br>
</div></div>>------------------------------------------------------------------------<br>
<div class="HOEnZb"><div class="h5">><br>
>_______________________________________________<br>
>Noisebridge-discuss mailing list<br>
><a href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a><br>
><a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
<br>
</div></div></blockquote></div><br></div></div>