[Noisebridge-discuss] Access control and the DJ booth

Jacob Appelbaum jacob at appelbaum.net
Wed Sep 30 10:17:21 UTC 2009 

Whoa nelly,

Dr. Jesus wrote:
> There was some discussion earlier tonight about putting a gate on the
> DJ booth. Although I wasn't planning on doing it anytime soon, I
> thought I'd write up my thoughts to prompt some discussion because I'm
> not sure I covered all the details earlier tonight.

As I've heard, it wasn't a very popular idea. I can see by counting the
number of times you've said "I" in the above paragraph that you're not
in good company.

> 
> Basically, I thought it would be nice if we repurposed one of the
> gates and installed it in front of an enclosed area, probably the DJ
> booth.  I don't know whether I should install a lock or not, but if I
> did it would be keyed to the same key used for the rest of the locks
> at Noisebridge.  Door access would be audited by timestamp only, so
> anonymity concerns would only apply to the same degree they did with
> noisedoor (and no one has complained to me so far.)

Actually, I personally complained to you about Noisedoor and about the
mdns code you have had running. In addition to it adding more noise to
the already mostly worthless irc channel, it's pretty lame to say that
no one has complained. You disregarded my previous privacy concerns and
I simply dropped it because you're unreasonable.

> 
> Locks in the space are a touchy subject, which is why I mention using
> the door keys.  This requires people who want access to the resources
> in there to participate in the existing web of trust model we use for
> access to the rest of the space.  It's not strong security by any
> means: I'm sure someone's going to program the makerbot to spit out
> keys in the near future.  Think of it more as an IQ test.  I honestly
> don't know whether the idea of installing a lock keyed to the door
> keys is offensive, so apologies in advance if it is.  The alternative
> is using an unlocked doorknob set and that's nearly as good, since the
> main thing about the gate is it provides a fixture on which a magnetic
> access sensor can be installed.

Register one vote for: It's totally offensive.

> 
> There are several justifications for doing this.  First of all, it
> allows the computers hosted there to be troubleshot more effectively
> because the door access can be correlated with system failures.
> Today, it is not possible to reliably tell the difference between a
> hardware problem and someone using the machines for self education.
> There have already been two such situations at 2169: the DSL modem
> resetting and storage problems on pony.
> 

If it's an accident, great. If it's malicious, it's not even worth
trying to put in these kinds of controls. A slightly drunk adversary
with no skill could subvert a magnetic sensor in the dj booth.

> Second, it allows people who want to temporarily store expensive or
> medically related things at Noisebridge to have a some level of
> assurance that access to the gear is mostly limited to people included
> in the existing web of trust built out of the physical key
> distribution.  

Huh. The web of trust we have for the space isn't a web of trust. It's a
web of encouragement if it's anything at all.

If you're basing your assumptions on the idea that getting a copy of the
key is hard or somehow shows you're a good person worthy of trust,
you're missing a big point. Anyone can bump our locks, they're keyed
with shitty keys on _purpose_ to encourage easy access.

I also really object to the idea of storing expensive or medical (!?)
related things at Noisebridge with _any_ assurance of _RESTRICTED_ access.

I'd just like to stop for a moment and clarify something. If you have
expensive toys that you don't want to share with everyone at Noisebridge
and it doesn't fit on your shelf, please take your toys home when you
leave. On top of the totally anti-social and propertarian attitude, it's
seemingly unreasonable to add additional risk to Noisebridge's liability.

If you want - donate the equipment and let go of your attachments. If
you don't want to do so, someone else probably will when the equipment
is really needed.

> For example, when we host an event there will sometimes
> be objects present in the space which cannot comply with our general
> policy of being available for hacking.  Again, this is not so much
> about securing the gear as making sure that there's a mechanism for
> knowing -- possibly in real time -- when someone's been in there.  If
> what I heard about the last party is true, I think our average
> gathering might be pretty chaotic and it might be a good idea to have
> some island of stability where we can put things without worrying
> about drunken partygoers.

We have to be ever vigilant and while I like the idea of a secured
storage area for parties - that seems like a different concept entirely.
Why conflate the two?

> 
> Third, I think it would be a good idea to have a backup fire
> extinguisher, flashlight, and first aid kit in an area with access
> logging just in case the ones in the space are tampered with.  Sure,
> there's no guarantee that someone's not going to screw with the
> backups too, but I think it's less likely to happen accidentally due
> to chair hockey.  I also think it would be nice if the safety critical
> controllers like the fire and flood alarms are access audited so that
> when access is logged unexpectedly someone can go check them out to
> make sure a rat didn't get in there and eat them.  Being able to trust
> the integrity of those controllers isn't just nice, it has real world
> financial consequences.  I don't want to give an adjuster an excuse to
> bone us on a claim because we don't have reliable safety equipment in
> the space.  This is doubly important if we get that laser cutter that
> was discussed recently.

What? I disagree with basically everything you've said here. It's
nonsense to string all of those things together. Acquiring the laser
cutter is not related to rats chewing through hypothetical flood alarm
systems. I mean, whoa. Seriously man. Whoa.

> 
> Fourth, I found myself needing to have a private conversation earlier
> tonight on my netbook and I couldn't find a place at 2169 where there
> was reliable Internet, privacy, and distance from the noise being made
> on the far side of the space.  In my case the bathroom would have
> raised some uncomfortable questions since it was a video chat.  I'm
> sure other people might find it convenient to have a place to have
> less than public conversations as well.
> 

Perhaps you can ask people in one of the rooms for privacy? If not,
perhaps a private space isn't available at 2169?

> The bottom line is, do you care and if you do, do you want the gate to
> be lockable or not?  Please vote along with your (civil) comments.  If
> this rubs you the wrong way and you'd like to tell me to eat a dick,
> let's keep that off the mailing list.  I can send you my mailing
> address for cock-related packages privately.
> 

I do care and I don't want a gate. I certainly don't want a keyed,
alarmed, monitored, access logging system in place.

Oh and while we're at it. We don't vote.

> To preempt some points I think might come up:
> 
>  - Yes, I have been treating parts of the DJ booth as my personal
> shelf, mainly because I had to store a few bulky and easy to lose
> items I'm using for working with the locks and controllers.  Most of
> those will go away in the near future because they're going to be
> bolted to a wall somewhere.  I'm planning on continuing to keep the
> remaining items (lock rekeying set, repair kit, glassware) out of the
> way in the DJ booth and have any personal projects on a regular shelf
> elsewhere.
> 

Great. I'd hope you'd own up to that and knock it off.

>  - I am in no way married to the idea of enclosing the DJ booth in
> particular for satisfying the use cases above.  Any other area would
> be fine.
> 

...

>  - Yes, even without locking the gate, adding access logging could be
> interpreted as a lack of mutual trust between members and our guests
> and this could have a chilling effect on our interactions.  I'm not
> going to rebut this because that interpretation is an opinion.
> However, I should point out that we did basically the same thing at
> 83c on a coarser scale with noisedoor and as far as I know that
> chilling effect didn't occur.

Yep. You can rebut it but you'd still be missing the point from where
I'm standing. I dislike noisedoor and I thought it was annoying that you
logged personal information to the irc channel. It's disrespectful and
many people didn't know that was happening because you sniffed/harvested
the network for that information.

> 
>  - Yes, I know the current staircase is mechanically incompatible with
> the available gates.

...

Your ideas do not interest me and I do not wish to subscribe to your
propertarian value system as you want to apply it to Noisebridge.
Noisebridge isn't your personal police state playground. I wish you
could have a little faith in your fellow Noisebridgers and not
constantly attempt to log, restrict, lock down, isolate and "improve"
the space.

Please consider the other dissenting voices in the 2169 space this
evening and add me to their ranks.

Best,
Jake

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 155 bytes
Desc: OpenPGP digital signature
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20090930/4d08af97/attachment-0003.sig>

More information about the Noisebridge-discuss mailing list