[Noisebridge-discuss] New Android app: Noisegate

Josh Juran jjuran at gmail.com
Wed Oct 10 22:26:08 UTC 2012 

On Oct 9, 2012, at 6:00 PM, rachel lyra hospodar wrote:

> On 10/9/2012 4:37 PM, Josh Juran wrote:
>> On Oct 9, 2012, at 9:01 AM, rachel lyra hospodar wrote:
>>
>>> We do have undesired, even banned users, who have smartphones. I
>>> personally
>>> don't think 'has an android' is a meaningful bar of entry.
>>
>> Please don't interpret the simplicity of my design as an  
>> endorsement of
>> lax security. I've merely duplicated the mechanism used in Patrick  
>> Keys'
>> app pending further discussion. I'm glad to implement whatever  
>> security
>> policy we reach consensus on.
>
> The simplicity of your design is a de facto decision to simply not  
> address lax security.

And is your lack of complaint about Keys' app also a de facto  
decision to simply not address lax security?

I have made no such decision.  What is true is that I released an app  
with identical security to another app that's existed for 21 months  
already.  It's not fair for you to take me to task over this when the  
Noisebridge app is described on the wiki at <https:// 
www.noisebridge.net/wiki/Apps>, which is linked from <https:// 
www.noisebridge.net/wiki/Getting_In>.  I have no more decided not to  
address security than anyone else at Noisebridge who hasn't  
complained about the mobile key.

In fact, I wrote "It uses the same Web service on pony as the  
existing Noisebridge app, with the same key...  I'd especially like  
to know if people think it should use a different key, or something  
more sophisticated than a single hard-coded value", 60 hours before  
releasing Noisegate.  I followed with "Though we should probably punt  
this as needless complexity until we start having an issue with  
undesired visitors using smartphones for entry, which doesn't seem a  
likely scenario for now" *specifically* to elicit contrary  
viewpoints.  I also added "buzzing the gate remotely... is a  
potential issue we may want to guard against".  So even in my initial  
vaporware announcement, I was already addressing security by way of  
raising questions.  Nobody said a word in response until I released  
the app two and a half days later.  Was your initial silence a de  
facto decision to simply not address lax security?

> Since this is an issue that is actually being discussed on the list  
> right now in a separate context I do not think I am out of line to  
> point out the connection and insist on its relevance.
>
>>> My preference
>>> would be a more platform-agnostic tool - for example, some kind  
>>> of sms
>>> authentication.
>>
>> The two are orthogonal. SMS has the benefit of not requiring a
>> smartphone or a data plan. The Web service, on the other hand, is  
>> better
>> if you pay for each text, or if you have a wifi-only device.
>> Additionally, users like Brian are probably more comfortable with  
>> an app
>> that just has Internet access versus one that can send SMS.
>
> This is a good point.  In some ways we may both be leaping too  
> quickly to the tool without first clearly and accurately defining  
> the problem. If the problem is clearly defined the solution is  
> often surprising, and easy.

Well, the problem I took on was replacing the Noisebridge app with  
Noisegate, which I've done.  There remain other problems to solve,  
such as designing and implementing security, which require community  
involvement.

>>> I think it's interesting that, at the same time that jake (with much
>>> community backing and momentum) is talking about further  
>>> restricting gate
>>> access, based on actual identity, josh has created a way for  
>>> anyone to
>>> come
>>> in without any authentication at all.
>>
>> This has already been commented on, so I'll just add that revoking  
>> the
>> access code in question will disable both Patrick's app and Noisegate
>> (in its current form).
>>
>>> We already had this, sort of, with
>>> physical keys. The difference now is that it comes with a handy  
>>> built-in
>>> economic and technological barrier,
>>
>> I think this is a red herring. Anyone with a Web browsing device  
>> can use
>> the same access mechanism; I've merely made a shiny front-end for it.
>
> Interface 101: Making something easier means more people will do  
> it. Making a shiny front end changes the character and quality of  
> the users.

Noisegate requires one tap instead of two, arguably (IMHO) a better  
UI than the Noisebridge app, but it isn't any easier to use.  Nicer,  
perhaps, but not easier.

> In general a shiny front end is the opposite of the pay-phone- 
> sekrit-code way of getting into NB.

When Noisegate is revised to ask for a code, it will still be shiny.   
These are orthogonal issues.

> hell, for a while someone had pulled down the sign outside with our  
> logo on it.  someone has scraped the name off our bell and nobody  
> replaced it the last time i checked.  A shiny front end is not a  
> 'merely', but yes in fact is the thing that you have done.

Quoting myself:  "Anyone with a Web browsing device can use the same  
access mechanism; I've merely made a shiny front-end for it."  It  
sounds like you are advocating security through obscurity.  Are you  
suggesting that the Noisebridge app be removed from the wiki, or is  
it sufficient to avoid discussion of gate-unlocking apps on the  
mailing list?

> Perhaps that is, in fact, the thing with which i am taking issue.   
> I believe a significant portion of our users think it is already  
> too easy to get into the space.

Then we should deal with that, but using a proper threat model.  Are  
they using the mobile key?  Should mobile key usage be logged?   
Should the mobile key be replaced with revocable keys, which would  
require either revising or replacing the Noisebridge app?

>>> and without the meatspace
>>> authentication process of having to be given a physical key.
>>
>> Agreed; complete strangers should not be able to let themselves in.
>
> Um. You have just created a tool to do this.  Am i missing something?

Yes -- that the gate Web page allows this, and that it can be driven  
by any of the existing Noisebridge app, any Web browser, curl, or  
even telnet, none of which I created.  Also, that I care about  
security and **specifically asked for discussion about this**, and  
that if we are going to revoke the mobile key, we'll need an app that  
sends a user-supplied access code, which almost certainly will be  
written by me, and toward which Noisegate is the first step.

So far, you've claimed that Noisegate weakens security at  
Noisebridge, which is not true, and expressed concern that the app is  
only accessible to those who can afford smartphones, which while true  
is not something I can address within the context of this project.   
You've participated in a discussion of security, but **even when I  
agree with you** you respond with an accusation.  You've cried foul,  
but you haven't actually requested anything of me, so I don't know  
how I could answer your complaints.

You also don't seem to be taking into consideration that it's you who  
have an issue with something I've done, not vice versa, and if you  
wish to influence my actions it would help to adopt a less a  
confrontational tone.

Josh

More information about the Noisebridge-discuss mailing list