[Noisebridge-discuss] New Android app: Noisegate

Wed Oct 10 01:00:17 UTC 2012

On 10/9/2012 4:37 PM, Josh Juran wrote:
> On Oct 9, 2012, at 9:01 AM, rachel lyra hospodar wrote:
>
>> We do have undesired, even banned users, who have smartphones. I
>> personally
>> don't think 'has an android' is a meaningful bar of entry.
>
> Please don't interpret the simplicity of my design as an endorsement of
> lax security. I've merely duplicated the mechanism used in Patrick Keys'
> app pending further discussion. I'm glad to implement whatever security
> policy we reach consensus on.

The simplicity of your design is a de facto decision to simply not 
address lax security.  Since this is an issue that is actually being 
discussed on the list right now in a separate context I do not think I 
am out of line to point out the connection and insist on its relevance.

>
>> My preference
>> would be a more platform-agnostic tool - for example, some kind of sms
>> authentication.
>
> The two are orthogonal. SMS has the benefit of not requiring a
> smartphone or a data plan. The Web service, on the other hand, is better
> if you pay for each text, or if you have a wifi-only device.
> Additionally, users like Brian are probably more comfortable with an app
> that just has Internet access versus one that can send SMS.

This is a good point.  In some ways we may both be leaping too quickly 
to the tool without first clearly and accurately defining the problem. 
If the problem is clearly defined the solution is often surprising, and 
easy.

>
>> I think it's interesting that, at the same time that jake (with much
>> community backing and momentum) is talking about further restricting gate
>> access, based on actual identity, josh has created a way for anyone to
>> come
>> in without any authentication at all.
>
> This has already been commented on, so I'll just add that revoking the
> access code in question will disable both Patrick's app and Noisegate
> (in its current form).
>
>> We already had this, sort of, with
>> physical keys. The difference now is that it comes with a handy built-in
>> economic and technological barrier,
>
> I think this is a red herring. Anyone with a Web browsing device can use
> the same access mechanism; I've merely made a shiny front-end for it.

Interface 101: Making something easier means more people will do it. 
Making a shiny front end changes the character and quality of the users.

In general a shiny front end is the opposite of the 
pay-phone-sekrit-code way of getting into NB.  hell, for a while someone 
had pulled down the sign outside with our logo on it.  someone has 
scraped the name off our bell and nobody replaced it the last time i 
checked.  A shiny front end is not a 'merely', but yes in fact is the 
thing that you have done.  Perhaps that is, in fact, the thing with 
which i am taking issue.  I believe a significant portion of our users 
think it is already too easy to get into the space.

> (I'm willing to support non-touchscreen Android phones as well, if
> someone desires this and will help me test it.)
>
>> and without the meatspace
>> authentication process of having to be given a physical key.
>
> Agreed; complete strangers should not be able to let themselves in.

Um. You have just created a tool to do this.  Am i missing something?

>
>> Additionally, I have an issue with the ability to easily buzz the door
>> remotely. I think access to our physical space should be linked to
>> presence
>> at the physical space.
>
> I agree, with the possible exception of being able to remotely buzz in a
> friend visiting Noisebridge for the first time when I'm not there.
>

I think this would be nice as well.  It happens infrequently enough that 
i think it is something that could be addressed a different way, rather 
than this kind of brute-force default.

> Josh
>
>