[Noisebridge-discuss] New Android app: Noisegate
Josh Juran
jjuran at gmail.com
Wed Oct 10 22:26:08 UTC 2012
On Oct 9, 2012, at 6:00 PM, rachel lyra hospodar wrote:
> On 10/9/2012 4:37 PM, Josh Juran wrote:
>> On Oct 9, 2012, at 9:01 AM, rachel lyra hospodar wrote:
>>
>>> We do have undesired, even banned users, who have smartphones. I
>>> personally
>>> don't think 'has an android' is a meaningful bar of entry.
>>
>> Please don't interpret the simplicity of my design as an
>> endorsement of
>> lax security. I've merely duplicated the mechanism used in Patrick
>> Keys'
>> app pending further discussion. I'm glad to implement whatever
>> security
>> policy we reach consensus on.
>
> The simplicity of your design is a de facto decision to simply not
> address lax security.
And is your lack of complaint about Keys' app also a de facto
decision to simply not address lax security?
I have made no such decision. What is true is that I released an app
with identical security to another app that's existed for 21 months
already. It's not fair for you to take me to task over this when the
Noisebridge app is described on the wiki at <https://
www.noisebridge.net/wiki/Apps>, which is linked from <https://
www.noisebridge.net/wiki/Getting_In>. I have no more decided not to
address security than anyone else at Noisebridge who hasn't
complained about the mobile key.
In fact, I wrote "It uses the same Web service on pony as the
existing Noisebridge app, with the same key... I'd especially like
to know if people think it should use a different key, or something
more sophisticated than a single hard-coded value", 60 hours before
releasing Noisegate. I followed with "Though we should probably punt
this as needless complexity until we start having an issue with
undesired visitors using smartphones for entry, which doesn't seem a
likely scenario for now" *specifically* to elicit contrary
viewpoints. I also added "buzzing the gate remotely... is a
potential issue we may want to guard against". So even in my initial
vaporware announcement, I was already addressing security by way of
raising questions. Nobody said a word in response until I released
the app two and a half days later. Was your initial silence a de
facto decision to simply not address lax security?
> Since this is an issue that is actually being discussed on the list
> right now in a separate context I do not think I am out of line to
> point out the connection and insist on its relevance.
>
>>> My preference
>>> would be a more platform-agnostic tool - for example, some kind
>>> of sms
>>> authentication.
>>
>> The two are orthogonal. SMS has the benefit of not requiring a
>> smartphone or a data plan. The Web service, on the other hand, is
>> better
>> if you pay for each text, or if you have a wifi-only device.
>> Additionally, users like Brian are probably more comfortable with
>> an app
>> that just has Internet access versus one that can send SMS.
>
> This is a good point. In some ways we may both be leaping too
> quickly to the tool without first clearly and accurately defining
> the problem. If the problem is clearly defined the solution is
> often surprising, and easy.
Well, the problem I took on was replacing the Noisebridge app with
Noisegate, which I've done. There remain other problems to solve,
such as designing and implementing security, which require community
involvement.
>>> I think it's interesting that, at the same time that jake (with much
>>> community backing and momentum) is talking about further
>>> restricting gate
>>> access, based on actual identity, josh has created a way for
>>> anyone to
>>> come
>>> in without any authentication at all.
>>
>> This has already been commented on, so I'll just add that revoking
>> the
>> access code in question will disable both Patrick's app and Noisegate
>> (in its current form).
>>
>>> We already had this, sort of, with
>>> physical keys. The difference now is that it comes with a handy
>>> built-in
>>> economic and technological barrier,
>>
>> I think this is a red herring. Anyone with a Web browsing device
>> can use
>> the same access mechanism; I've merely made a shiny front-end for it.
>
> Interface 101: Making something easier means more people will do
> it. Making a shiny front end changes the character and quality of
> the users.
Noisegate requires one tap instead of two, arguably (IMHO) a better
UI than the Noisebridge app, but it isn't any easier to use. Nicer,
perhaps, but not easier.
> In general a shiny front end is the opposite of the pay-phone-
> sekrit-code way of getting into NB.
When Noisegate is revised to ask for a code, it will still be shiny.
These are orthogonal issues.
> hell, for a while someone had pulled down the sign outside with our
> logo on it. someone has scraped the name off our bell and nobody
> replaced it the last time i checked. A shiny front end is not a
> 'merely', but yes in fact is the thing that you have done.
Quoting myself: "Anyone with a Web browsing device can use the same
access mechanism; I've merely made a shiny front-end for it." It
sounds like you are advocating security through obscurity. Are you
suggesting that the Noisebridge app be removed from the wiki, or is
it sufficient to avoid discussion of gate-unlocking apps on the
mailing list?
> Perhaps that is, in fact, the thing with which i am taking issue.
> I believe a significant portion of our users think it is already
> too easy to get into the space.
Then we should deal with that, but using a proper threat model. Are
they using the mobile key? Should mobile key usage be logged?
Should the mobile key be replaced with revocable keys, which would
require either revising or replacing the Noisebridge app?
>>> and without the meatspace
>>> authentication process of having to be given a physical key.
>>
>> Agreed; complete strangers should not be able to let themselves in.
>
> Um. You have just created a tool to do this. Am i missing something?
Yes -- that the gate Web page allows this, and that it can be driven
by any of the existing Noisebridge app, any Web browser, curl, or
even telnet, none of which I created. Also, that I care about
security and **specifically asked for discussion about this**, and
that if we are going to revoke the mobile key, we'll need an app that
sends a user-supplied access code, which almost certainly will be
written by me, and toward which Noisegate is the first step.
So far, you've claimed that Noisegate weakens security at
Noisebridge, which is not true, and expressed concern that the app is
only accessible to those who can afford smartphones, which while true
is not something I can address within the context of this project.
You've participated in a discussion of security, but **even when I
agree with you** you respond with an accusation. You've cried foul,
but you haven't actually requested anything of me, so I don't know
how I could answer your complaints.
You also don't seem to be taking into consideration that it's you who
have an issue with something I've done, not vice versa, and if you
wish to influence my actions it would help to adopt a less a
confrontational tone.
Josh
More information about the Noisebridge-discuss
mailing list