[Noisebridge-discuss] Access control and the DJ booth

[Rubin Abdi]

Jacob Appelbaum wrote, On 2009/09/30 03:17:
> Whoa nelly,
>
> Dr. Jesus wrote:
>> There was some discussion earlier tonight about putting a gate on the
>> DJ booth. Although I wasn't planning on doing it anytime soon, I
>> thought I'd write up my thoughts to prompt some discussion because I'm
>> not sure I covered all the details earlier tonight.
>
> As I've heard, it wasn't a very popular idea. I can see by counting the
> number of times you've said "I" in the above paragraph that you're not
> in good company.

Jason, I feel that your creation of this thread was prompted by a heated 
discussion we had earlier today. All of this started after you had asked 
me a couple times to remove a projector that has been in the space for a 
few months from the top of a wall.

What came out of that was a conversation about damaging and destroying 
things at Noisebridge. You kept on stating that you felt it was your 
rightful duty to make sure items in the space would not inadvertently 
get damaged through the actions of other members even if the intent was 
harmless, while I argued that there's the common sense of "please don't 
burn down the hack lab" but no member is required to police around the 
actions of other members while dealing with donated items to Noisebridge.

I couldn't understand why you were very heavy set on sticking to your 
guns here till I heard you state that you didn't want anyone in the 
space to damage or destroy your stuff (including the projector that I up 
until that moment identified as an item you brought into Noisebridge and 
left there marking it as a donation, the maglocks you wanted to use for 
the door, and a bunch of other infrastructure items) which is why you 
were going to throw a locked gate onto the doorway of the dj booth to 
keep people out of a space containing all of your items, thusly labeling 
that space as your own. You are more then welcome to respond back 
stating you didn't say that, but here I am remembering our conversation 
and sticking to my guns.

>> Basically, I thought it would be nice if we repurposed one of the
>> gates and installed it in front of an enclosed area, probably the DJ
>> booth.  I don't know whether I should install a lock or not, but if I
>> did it would be keyed to the same key used for the rest of the locks
>> at Noisebridge.  Door access would be audited by timestamp only, so
>> anonymity concerns would only apply to the same degree they did with
>> noisedoor (and no one has complained to me so far.)
>
> Actually, I personally complained to you about Noisedoor and about the
> mdns code you have had running. In addition to it adding more noise to
> the already mostly worthless irc channel, it's pretty lame to say that
> no one has complained. You disregarded my previous privacy concerns and
> I simply dropped it because you're unreasonable.

If something breaks something breaks. We don't place blame on anyone, so 
we don't need a system to register time stamps of when someone's entered 
a space to find an escape goat or something to reprimand.

mDNS has been completely useless to me other then asking...

Sep 12 16:05:00 <rubin110> Who the fuck is deer?

I do also remember asking you what's up with Noisedoor on Twitter not 
working anymore, and getting the response of, "it's working for me, it's 
just not posting to Twitter."

>> Locks in the space are a touchy subject, which is why I mention using
>> the door keys.  This requires people who want access to the resources
>> in there to participate in the existing web of trust model we use for
>> access to the rest of the space.  It's not strong security by any
>> means: I'm sure someone's going to program the makerbot to spit out
>> keys in the near future.  Think of it more as an IQ test.  I honestly
>> don't know whether the idea of installing a lock keyed to the door
>> keys is offensive, so apologies in advance if it is.  The alternative
>> is using an unlocked doorknob set and that's nearly as good, since the
>> main thing about the gate is it provides a fixture on which a magnetic
>> access sensor can be installed.
>
> Register one vote for: It's totally offensive.

The new space has been open for operation for almost a month now. Other 
then Joachim getting locked in, we haven't had a single issue with the 
current access system to the building and our floor. As much as the 
magnetic locks and keyless/touchless access would be a fun thing to 
install and setup, a problem hasn't arises yet to create the need for 
its added security.

We're an open group, just as long as you aren't coming in the space to 
shit in the middle of the floor access is granted. Keys are a sad 
reality that are just getting in the way of allowing anyone nice into 
the space right now.

>> There are several justifications for doing this.  First of all, it
>> allows the computers hosted there to be troubleshot more effectively
>> because the door access can be correlated with system failures.
>> Today, it is not possible to reliably tell the difference between a
>> hardware problem and someone using the machines for self education.
>> There have already been two such situations at 2169: the DSL modem
>> resetting and storage problems on pony.
>>
>
> If it's an accident, great. If it's malicious, it's not even worth
> trying to put in these kinds of controls. A slightly drunk adversary
> with no skill could subvert a magnetic sensor in the dj booth.

Good members own up to situations where they break things by accident. 
Mischievous members like to create problems when there are systems in 
place to track them, more so if they can cover their tracks.

>> Second, it allows people who want to temporarily store expensive or
>> medically related things at Noisebridge to have a some level of
>> assurance that access to the gear is mostly limited to people included
>> in the existing web of trust built out of the physical key
>> distribution.
>
> Huh. The web of trust we have for the space isn't a web of trust. It's a
> web of encouragement if it's anything at all.
>
> If you're basing your assumptions on the idea that getting a copy of the
> key is hard or somehow shows you're a good person worthy of trust,
> you're missing a big point. Anyone can bump our locks, they're keyed
> with shitty keys on _purpose_ to encourage easy access.
>
> I also really object to the idea of storing expensive or medical (!?)
> related things at Noisebridge with _any_ assurance of _RESTRICTED_ access.
>
> I'd just like to stop for a moment and clarify something. If you have
> expensive toys that you don't want to share with everyone at Noisebridge
> and it doesn't fit on your shelf, please take your toys home when you
> leave. On top of the totally anti-social and propertarian attitude, it's
> seemingly unreasonable to add additional risk to Noisebridge's liability.
>
> If you want - donate the equipment and let go of your attachments. If
> you don't want to do so, someone else probably will when the equipment
> is really needed.

As Jake said and both Mitch and I explained to you earlier tonight in 
person, established in one of our first meetings at 83c anything brought 
into the space is considered a donation to the space, and will be 
treated as such. The scenario used, ironically enough, was "I would like 
to donate my projector, but I don't want anyone using it if they're 
being rough, and if too many people handle it not to my expectations I'm 
going to just remove it from the space." We don't want to create 
conflict later on, which is why we have this general rule in place.

Also established, the only things in the space that are not property of 
Noisebridge were items left on personal shelves, and your own person 
items you keep with you when you're in the space.

>> For example, when we host an event there will sometimes
>> be objects present in the space which cannot comply with our general
>> policy of being available for hacking.  Again, this is not so much
>> about securing the gear as making sure that there's a mechanism for
>> knowing -- possibly in real time -- when someone's been in there.  If
>> what I heard about the last party is true, I think our average
>> gathering might be pretty chaotic and it might be a good idea to have
>> some island of stability where we can put things without worrying
>> about drunken partygoers.
>
> We have to be ever vigilant and while I like the idea of a secured
> storage area for parties - that seems like a different concept entirely.
> Why conflate the two?

I'm with Jake on this. Personal storage is for members and non members 
alike. You're asking for a stronghold to protect your own items and 
specially privileged Noisebridge resources. Who gets to say that you're 
the only person that gets to keep his shit in a locked box? What 
governing force dictates who's privileged to touch servers? When the 
fuck did we go from a very open community of intelligent people to a 
space that you feel needs policing?

>> Third, I think it would be a good idea to have a backup fire
>> extinguisher, flashlight, and first aid kit in an area with access
>> logging just in case the ones in the space are tampered with.  Sure,
>> there's no guarantee that someone's not going to screw with the
>> backups too, but I think it's less likely to happen accidentally due
>> to chair hockey.  I also think it would be nice if the safety critical
>> controllers like the fire and flood alarms are access audited so that
>> when access is logged unexpectedly someone can go check them out to
>> make sure a rat didn't get in there and eat them.  Being able to trust
>> the integrity of those controllers isn't just nice, it has real world
>> financial consequences.  I don't want to give an adjuster an excuse to
>> bone us on a claim because we don't have reliable safety equipment in
>> the space.  This is doubly important if we get that laser cutter that
>> was discussed recently.
>
> What? I disagree with basically everything you've said here. It's
> nonsense to string all of those things together. Acquiring the laser
> cutter is not related to rats chewing through hypothetical flood alarm
> systems. I mean, whoa. Seriously man. Whoa.

Who the hell said Noisebridge keeps backups?

Why are you so concerned with safety and dealing with insurance claims 
when you're not even working with the team of members on top of those 
subjects?

>> Fourth, I found myself needing to have a private conversation earlier
>> tonight on my netbook and I couldn't find a place at 2169 where there
>> was reliable Internet, privacy, and distance from the noise being made
>> on the far side of the space.  In my case the bathroom would have
>> raised some uncomfortable questions since it was a video chat.  I'm
>> sure other people might find it convenient to have a place to have
>> less than public conversations as well.
>>
>
> Perhaps you can ask people in one of the rooms for privacy? If not,
> perhaps a private space isn't available at 2169?

Again this has been dealt with before. Noisebridge is not anyone's 
private club house. If Noisebridge cannot provide you with the space 
you're looking for please try somewhere else.

>> The bottom line is, do you care and if you do, do you want the gate to
>> be lockable or not?  Please vote along with your (civil) comments.  If
>> this rubs you the wrong way and you'd like to tell me to eat a dick,
>> let's keep that off the mailing list.  I can send you my mailing
>> address for cock-related packages privately.
>>
>
> I do care and I don't want a gate. I certainly don't want a keyed,
> alarmed, monitored, access logging system in place.
>
> Oh and while we're at it. We don't vote.

As much as I feel that Jake can go eat a dick almost every time I have 
an interaction with him (the feeling is very mutual, I assure you), I 
have to ditto him on this. No gates, no locks, no need to audit who 
enters certain sections of the space.

There was a point in time a while ago I felt like totally all for 
keeping folks out of the server closet and setting up a couple cameras 
for laughs, but now that I've thought about it and discussed it with you 
I really don't feel comfortable with anything you're proposing, nor do I 
feel it goes with the merits I've observed at Noisebridge.

Consider this a block on forming any sort of consensus on this 
implementation or any others having to do with monitoring systems in the 
space or segregated sections to certain members.

>> To preempt some points I think might come up:
>>
>>   - Yes, I have been treating parts of the DJ booth as my personal
>> shelf, mainly because I had to store a few bulky and easy to lose
>> items I'm using for working with the locks and controllers.  Most of
>> those will go away in the near future because they're going to be
>> bolted to a wall somewhere.  I'm planning on continuing to keep the
>> remaining items (lock rekeying set, repair kit, glassware) out of the
>> way in the DJ booth and have any personal projects on a regular shelf
>> elsewhere.
>>
>
> Great. I'd hope you'd own up to that and knock it off.

I see you've just created the agenda page on the wiki for next week's 
meeting and added some discussion items...

/* Property rights at Noisebridge/

Again for the third time tonight, this was brought up at one of our 
first meetings and we reached consensus, if it's not on your shelf or in 
your immediate vicinity (like a laptop) then it's a donation and not 
your property anymore..

Jason, you seem to be pretty stuck on this idea that there's a great 
deal of items at Noisebridge that are still your items, which were left 
in the great big pile of crap the rest of us have been sorting, such as 
"oh hey that's my cell phone" that you found in Francis' hacking box 
which he found on the floor. I would highly recommend you reconsider 
what you value and remove them from the space before our recycling 
pickup on Thursday.

>>   - I am in no way married to the idea of enclosing the DJ booth in
>> particular for satisfying the use cases above.  Any other area would
>> be fine.
>>
>
> ...

I'm against any area being locked off, blocked, period.

>>   - Yes, even without locking the gate, adding access logging could be
>> interpreted as a lack of mutual trust between members and our guests
>> and this could have a chilling effect on our interactions.  I'm not
>> going to rebut this because that interpretation is an opinion.
>> However, I should point out that we did basically the same thing at
>> 83c on a coarser scale with noisedoor and as far as I know that
>> chilling effect didn't occur.
>
> Yep. You can rebut it but you'd still be missing the point from where
> I'm standing. I dislike noisedoor and I thought it was annoying that you
> logged personal information to the irc channel. It's disrespectful and
> many people didn't know that was happening because you sniffed/harvested
> the network for that information.
>
>>   - Yes, I know the current staircase is mechanically incompatible with
>> the available gates.
>
> ...
>
> Your ideas do not interest me and I do not wish to subscribe to your
> propertarian value system as you want to apply it to Noisebridge.
> Noisebridge isn't your personal police state playground. I wish you
> could have a little faith in your fellow Noisebridgers and not
> constantly attempt to log, restrict, lock down, isolate and "improve"
> the space.
>
> Please consider the other dissenting voices in the 2169 space this
> evening and add me to their ranks.

Jason, you've done some awesome stuff at Noisebridge in the past few 
months you've been here. Most of it I've been appreciating, like the 
touch panels, but some if it not so much, like getting into a discussion 
about "software religion" when Leif wanted to know why you were running 
a closed off Windows box for DHCP and DNS for internet access in the space.

I'm sorry that our conversation earlier in person tonight ended with me 
stating that I was done talking to you. Please just understand that it 
boggled my mind so hard that you even think you can use Noisebridge as 
your own private club house. Hopefully we can work through this so you 
can gain a better understanding of how Noisebridge functions for the 
whole community.

-- 
Rubin Abdi
rubin at starset.net