[Noisebridge-discuss] Summary of previous discussion

Dr. Jesus j at hug.gs
Thu Oct 1 06:14:15 UTC 2009


Now that we've all had a chance to calm down a bit, I thought I'd try
to summarize some of the more civil comments from the previous
discussion and apologize for pushing a few buttons.

I'm sure I'm not going to get this completely right the first time, so
please forgive me if I don't completely cover your point of view.
I'll talk about physical assets first, then electronic ones.

With regard to physical assets, there are three categories. 1) things
which have been gifted to Noisebridge the Corporation in the legal
sense, 2) things which are your personal property which are in your
personal space/shelf for projects, and 3) things which you have with
you temporarily which you will take when you leave.  Whether things in
category 2 should be able to be locked up or not doesn't seem to be a
settled issue.  The most convincing reason I've heard so far not to
allow it is that it creates a chilling effect among the regular users
of the space with regard to interpersonal trust.  The most convincing
counterargument I've heard so far is that there are situations where
there may be people who do not necessarily share our ethos present and
who may take unfair advantage of this open policy.

I think both positions are correct, and we'll each get to decide on
our own which approach to take if we get those lockers that were
discussed earlier.  Now, this "chilling effect" isn't just an abstract
concept: part of what makes noisebridge what it is are the creative
projects, and creativity is stifled by negative emotions such as a
feeling of mistrust.  There's something in the hacker psyche that will
sometimes spark strong negative emotions when a barrier of any kind is
encountered, and it's nearly never a rational reaction.  Books written
about the heroes in our culture often speak of it and I know I've
personally gone completely nonlinear over something as silly as locks
on highly dangerous industrial equipment.  I once found myself arguing
against locking up what amounted to a human-sized blender with a small
defect that could easily kill passersby without warning and for the
life of me I can't explain why that upset me so much compared to all
the other even more deadly safety concerns at that facility.  Given
the emotional strength of this phenomenon -- as seen in the previous
thread -- and the fact that it can hamper more positive uses of our
energy, I think I understand the points of view which recommended
against my suggestion now.

Logging physical presence is something else which seems fits in that
category of pissed off hacker triggers.  Again, the reactions to this
are not always rational or reasoned and I don't think there's anything
wrong with that.  I was having trouble figuring out why there was
concern over the mdns feature I implemented for noisedoor, since I
implemented it in response to seeing people wondering whether it was
worth showing up to the space after work or not.  (I since have seen
it used for another practical purpose: avoiding going if certain
people are present.)  After puzzling over this quietly for a while, I
came up with two reasons why it's a bad idea: 1) although mdns
broadcasts are generally opt-in, someone might screw up and they might
be being stalked, and 2) this can be used to determine if your home is
empty so it can be robbed.

Something which I'm having trouble figuring out over all the yelling
is whether I should finish implementing are adding the PIR sensors to
the noisedoor controller.  Although this is still logging, it's
independent of the mdns feature and can provide much more anonymous
presence detection.  This avoids the two problems mentioned above, and
allows implementation of very practical features such as automatic
light poweroff, turning off unneeded speakers to avoid bothering our
neighbors, detecting doors left open by accident, etc.  So far -- and
once again this has nothing to do with the mdns feature -- I haven't
heard anyone complain specifically about anonymous logging of the door
opening and closing, elevator movement, or the PIR sensor data.
Whether I do it or not will probably set some kind of precedent, so
I'd like to know your reasoning for or against.  If you feel yourself
having the aforementioned irrational anger at the idea, that's fine to
mention too, I won't take it personally.

As an aside: I've developed a strong curiosity in whatever that effect
is.  I'm not about to go around trying to trigger it because it causes
strong feeling and drama, but I find myself in a position to collect
opinions about it at the moment.  Certain things seem to trigger it
and other things don't, and the results are totally nonintuitive to
me.  I'm beginning to strongly suspect that what's really going on is
that a typical hacker's aptitude with security technology stems from
the strong motivation that comes from being disproportionally upset
about encountering security technology which is not under his or her
control.  That's how I learned to work with locks, for example.

Moving on, electronic assets.  I know this is a touchy subject, and
the current asset owners are in that irrationally angry state I
mentioned, so I'm going to say that I'm taking a neutral position on
changing anything until a need arises.  Noisebridge the corporation is
entitled to but does not own several assets which are required for the
proper functioning of the web and mail resources we share.  Once
again, I'm not arguing for changing this situation since it seems to
work pretty well from my point of view.  It may surprise you to know
that Ceren and Matt can attest that I actually argued for not
transferring ownership of these assets to noisebridge.  These assets
are: the bank account at wells fargo, account for the cernio xen
instances, the noisebridge.net domain, the IRS tax filing credentials,
the SSL certificate authority account (to generate revocation
certificates), the DNS master server and its three slaves (mine seems
to have been removed), and the privileged authentication credentials
for the operating systems running on the xen instances.  The fact that
these are all somewhat core to what noisebridge does but are the
personal property of individuals seems to elicit nothing but yawns,
from me included.  I don't think anyone's going to argue with me if I
say that the very idea of insisting on access parity between the bank
account and the physical assets at the space is ridiculous.

There are also other electronic assets which the corporation has been
gifted physically and are subject to the open access reasoning given
above. However, the electronic versions of these assets (root
accounts, etc) have historically not been open access.  The reasoning
I've heard for doing this is that it's important for new visitors to
ask for an account to encourage us to get to know one another.  I buy
this argument, and I can't recall anyone saying that it should be
otherwise.  I think that this is the majority opinion on access to
electronic assets.

Remember how I said I thought that the things which trigger this
hacker rage at barriers effect are nonintuitive?  This is what I'm
talking about.  My original suggestion with the gate was predicated on
the idea that we do have access controls for some things, and I
thought those precedents didn't make my suggestion totally
unreasonable.  Obviously some people disagreed with me, and I'm pretty
sure that what's really going on is that visibly restricting access to
anything around hackers who feel entitled to those things (and in our
case we are all in fact entitled to the group property) runs the risk
of triggering this phenomenon.  Future decision making might want to
take that risk into account to ensure a harmonious noisebridge.  The
takeaway version of all the above reasoning is that visible barriers
run the risk of creating irrational anger, but that very anger is the
motivating force behind a lot of useful work and we have to accept its
presence while at the same time trying to avoid triggering it.

So in summary, oops my bad, and I'd like to have your opinions on the
less featureful sensors to be installed on noisedoor.  After thinking
this through I have to say I'm much happier now that I think I
understand the different opinions involved.  In particular, I have to
offer apologies to Rubin for pushing his button last night and to Jake
for pushing his once again.  Really, I'm not upset about any of this,
and anyone who was ticked off can stop avoiding me since I'm delighted
to have puzzled this out and I'm eager to get back to useful work.

One last thing: I think whoever was on troll duty needs to get fired
because a few hours ago I found myself wondering if maybe there would
be enough high quality trolling to kick the thread over 100 mails.
Better luck next time, guys.



More information about the Noisebridge-discuss mailing list