[Noisebridge-discuss] 2169 door
Dr. Jesus
j at hug.gs
Mon Oct 26 20:46:23 UTC 2009
On Mon, Oct 26, 2009 at 11:50 AM, Jonathan Lassoff <jof at thejof.com> wrote:
> Excerpts from Josh Myer's message of Mon Oct 26 02:14:12 -0700 2009:
>> I must reiterate my concern from earlier: this opens up 2169 to a new DoS
>> (Denial of Silence) attack. I also heard rumblings of allowing anyone's
>> speakers to be used to play said jingle, which opens us up to a DDoS
>> (Distributed Denial of Silence) attack. We may want to implement something
>> like Nagle's algorithm to minimize the number of jingles which are played
>> for a single user-at-gate event, as well as an exponential backoff in time
>> in which the gate open command is allowed to be utilized.
>
> True, someone could repeatedly request the gate be opened through that
> page or call the script it calls.
>
> Then again, someone could just as easily log into the netbooted machines
> and run "beep" repeatedly, or the mpd on the greeter machine, or the mpd
> on zebra....
>
> Suddenly this problem isn't so new.
>
> Though rate limiting rapid-fire requests might not be such a bad idea,
> it just hasn't presented itself as a problem yet.
Energizing the door solenoid with a high duty cycle makes it smell like fire.
More information about the Noisebridge-discuss
mailing list