[Noisebridge-discuss] Unlocking the door via SMS
Ever Falling
everfalling at gmail.com
Thu Mar 11 04:55:27 UTC 2010
i know i'll prolly get yelled at for suggesting it but i think it's worth at
least a little consideration in light of the problems being discussed about
Google Voice logging numbers:
a while back it was mentioned we could implement an opt-in RFID key system.
now, to preface this i have no formal understanding of the full capabilities
of RFID's so forgive me if i start suggesting things that are beyond the
capabilities of this medium.
The suggestion would be to have a bowl, or a key ring rack, with a dozen or
so RFID tags people could take with them if they didn't have a key, didn't
have internet on their phones to access the wi-fi, and wanted to leave for a
brief time and still have the ability to get back in fairly easily without
disturbing people in the space with the door buzzer.
Imagine the dongle as a friend in the space. when you leave you have the
agreement with your friend that you're coming back within the hour and when
you come back you can only be let in with a secret door knock. if you're
gone past the hour the door knock becomes invalid and your friend won't let
you in (in case you were captured by ninjas or something) and you'll have to
go about the other means of entry.
the 'telling your friend you're leaving' part would be swiping the RFID tag
over a panel before you leave. the 'secret door knock' would be a randomly
generated string of characters that would be imbued into the RFID tag once
swiped over the panel that would identify that specific RFID tag and allows
it back in when presented to a partner panel located at the front gate. once
the key is swiped the code on it is deleted or made invalid and is reset for
another use. the time limit is self explanatory and it can be set shorter or
longer as needed. this is to prevent the RFID from being taken home and then
being used again like a regular key to get into the space at a later time.
now there is a very small risk that an RFID sniffer could be used on someone
exiting the space with the tag and that this person could then be given
entry into the space. to combat this i think that along with a time limit
that there should be a time that this RFID tag system as a whole cannot be
used any more like very late at night when there's not very many if any
people left in the space. This would mean that even if someone did sniff the
RFID while the system was active it's assumed that there's someone still in
the space at the time to catch any unwanted characters.
this system has the benefit of the 'constantly changing password listed in
the space' idea but solves the problem of simply broadcasting the password
of the day and having people spam the door. this also gets rid of the need
to use SMS technology and would solve the problem of google voice logging
since if there is any logging all it would only be a random string of
characters being created and then destroyed at certain times within the time
limit. there'd be no way to track who actually had the tag at the time
and you know... now that i think of it... is there any possibility of using
this exact same system but with a magnetic card reader as opposed to the
RFID medium? swipe the card before you leave to imbue the code, then swipe
at the door to let yourself back in? then there'd be no way to sniff the
code and any paranoia surrounding the system and its use of RFID's would be
gone.
On Wed, Mar 10, 2010 at 5:53 PM, Jeffrey Malone <ieatlint at tehinterweb.com>wrote:
> Note that you can also take apache out of the picture. In the default
> path on pony is a script called "opengate". When executed, it opens
> the gate.
>
> If you look at the script, it's a very simple item that just SSHs into
> another box and runs a command... you can implement what the script
> does, or simply execute the script if you'd like. The script at the
> URL on pony uses the "opengate" script...
>
> Jeffrey
>
> On Wed, Mar 10, 2010 at 5:35 PM, Micah Lee <micahflee at gmail.com> wrote:
> > The script doesn't log anything right now, but it does display verbose
> > info when someone sends a new text message. It would be easy to change
> > that to only contain the contents of the message and the time, and not
> > include the phone number or the SMS ID number. And you can do lots of
> > stuff with pygooglevoice, like delete SMS messages after they've been
> > processed. I think that's about as much removing logs as we can do.
> >
> > On Wed, Mar 10, 2010 at 5:25 PM, Jonathan Lassoff <jof at thejof.com>
> wrote:
> >> Whomever has access to an account on pony that is either UID 0, or is in
> >> the "adm" group.
> >> Only a few people, but who knows what unknown root access there is to
> >> this machine.
> >>
> >> It seems like pony is keeping copious apache logs. Logrotate is
> >> configured to keep 52 rolled-out copies of logs on pony.
> >
> > Since the script doesn't actually log anything itself, people with
> > root actually won't have access to the logs. And as far as apache logs
> > are concerned, each time someone sends an SMS to unlock the door, the
> > IP in the apache logs will be 127.0.0.1, since pony itself will send
> > the request.
> >
> > And also, in terms of keeping really stripped down logs, this stuff
> > might help: http://dev.riseup.net/privacy/
> >
> > micah
> > _______________________________________________
> > Noisebridge-discuss mailing list
> > Noisebridge-discuss at lists.noisebridge.net
> > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> >
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
--
Trying to fix or change something, only guarantees and perpetuates its
existence.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20100310/122b1d00/attachment-0003.html>
More information about the Noisebridge-discuss
mailing list