[Noisebridge-discuss] Problem: people seeing NB as a backup shelter

girlgeek girlgeek at wt.net
Sun May 11 06:20:42 UTC 2014


OK, there's that hypothetical undesirable guy sleeping in the library 
again.  He got in because his undesirable friend let him in again.  That 
one got in because someone who didn't know him let him in.  etc, etc.  
How is technology going to cure this very common scenario?
-Claudia


On 5/10/2014 3:30 AM, Henner Zeller wrote:
> I would like to help researching RFID readers and how to get a  bunch 
> of cards and help make this happen. RFID is not absolutely secure, but 
> this is not what we have to worry about here (in fact, if someone can 
> hack themself in with a copy, they are at the right place).
>
> Starting with the top door being opened by RFID is a good first step. 
> I still would  like to put an RFID reader downstairs as well because 
> remembering my 7-digit code always is, uhm, troublesome for me. So it 
> would just basically an addition/replacement for the keypad downstairs 
> (which doesn't change the situation with other tenants that have a 
> key, I suppose).
>
> I might come to NB tomorrow, is anyone there who wants to discuss 
> this, and work on it ? Let Do this.
> I am happy to help purchase equipement if we need that (I know there 
> were already experiments with RFID readers before ? What happened to 
> that ?).
> Getting basic physical access installed is IMHO the most important 
> thing to make NB functioning again.
>
> (I am really looking forward to have only people there who should be 
> there. One of my reasons to only really rarely come to Noisebridge is, 
> because I know that I can't leave stuff there I want to work on, so 
> why should I do it there ?)
>
>
>
> On 9 May 2014 17:28, Naomi Most <pnaomi at gmail.com 
> <mailto:pnaomi at gmail.com>> wrote:
>
>     I'm just reiterating my own stances said elsewhere.
>
>     Basically, I'm a proponent of Approach #3.
>
>     Important points:
>
>     * the front door key is not a form of security; it's a meme promoting
>     Noisebridge.
>
>     * changing the way the front door operates requires the use of social
>     capital w/ the landlord and tenants.  Right now the landlord is
>     disturbed by the Electrical Situation -- not a good time to bother him
>     about other things.
>
>     * installing RFID at the top door seems like the smartest addition of
>     security in terms of workingness (keyfobs are less easily duplicable
>     than key codes and just as revokable) and in terms of the work
>     involved (not removing anything from the front door, just installing
>     something new).
>
>     * yes, this is still basically security theater -- unless we also
>     restrict access via the elevator.
>
>     --Naomi
>
>
>     On Fri, May 9, 2014 at 4:31 PM, Jeffrey Carl Faden
>     <jeffreyatw at gmail.com <mailto:jeffreyatw at gmail.com>> wrote:
>     > We have been discussing this for a few hours on Slack and
>     #noisebridge and
>     > have come up with a few solutions. I thought I'd share a few
>     ideas that have
>     > been thrown around so far.
>     >
>     > Here's the current system, for those watching from home. At all
>     hours of the
>     > day:
>     > - Someone can use a key to get into the building and space.
>     > - Someone can use a keycode to get into the building and space.
>     > - Someone can buzz the intercom and be allowed in by someone
>     inside who has
>     > a keycode. (or they can walk downstairs)
>     >
>     > And now, for some new ideas...
>     >
>     > Idea #1: Move the keypad from the gate to the door. Keypad only
>     active
>     > during newly instilled associate/regular members hours. Physical
>     key, or
>     > someone buzzing you in, required to enter the building.
>     > Benefits:
>     > - Robotically enforced "members-only" hours, instead of
>     human-enforced like
>     > in the past
>     > - Semblance of 2-factor auth, if you ignore the ubiquity of keys and
>     > keycodes
>     >
>     > Idea #2: idea #1, plus replacing gate lock with RFID sensor.
>     > Additional benefits:
>     > - RFID fob can be revoked if shared, while key cannot (or it's
>     much harder
>     > to do so).
>     >
>     > Idea #3: keep lock/keypad as-is, install members-hours-only RFID
>     sensor at
>     > door.
>     > Additional benefits:
>     > - No need to change existing setup.
>     > - RFID sensor is less likely to be tampered with.
>     >
>     > In all three cases, it will be less easy (but nothing is
>     impossible) for a
>     > random person looking for a way to abuse the space to find their
>     way inside.
>     > Of course, much like how things are now, there's a significant
>     amount of
>     > security theater that goes into these "solutions." There is no
>     silver
>     > bullet.
>     > - In all forms, someone can still shadow someone else being let in.
>     > - With idea #2, replacing the lock with an RFID sensor could
>     inconvenience
>     > other tenants, and RFID sensor could be subject to on-the-street
>     vandalism.
>     > - In the past, people have complained about their
>     access/whereabouts being
>     > tracked by being tied to an RFID fob.
>     > - Anyone could use the elevator to get past any form of
>     authentication at
>     > the door.
>     > -- The elevator is either off-limits, cost-prohibitive, or both
>     to add an
>     > additional keypad or sensor to.
>     >
>     > Either way, this is what we've been discussing. If you didn't
>     read the
>     > previous paragraph, I said that this is all ultimately in the
>     name of
>     > security theater. But I think they're all improvements on what
>     we have now.
>     >
>     > If you're interested in discussing these (beyond the discussions
>     we've
>     > already been having on this list, on Slack, on Freenode, and now
>     on this
>     > Etherpad I made the mistake of creating), please consider coming
>     to a
>     > meeting of the Security Working Group. I'll defer to Naomi or
>     someone in
>     > #security-wg on Slack for details about when that will happen.
>     >
>     > If you haven't read the antepenultimate paragraph or the one
>     prior to it,
>     > this is all in the name of security theater. Please do not
>     complain about
>     > holes in any of these systems that already exist within our
>     current one.
>     > Thanks again!
>     >
>     > Jeffrey
>     >
>     > On Fri, May 9, 2014 at 4:01 PM, Johny Radio
>     <johnyradio at gmail.com <mailto:johnyradio at gmail.com>> wrote:
>     >>
>     >> Ya gotta love the "Let's somebody else do it." Classic.
>     >>
>     >>
>     >> Jeffrey Carl Faden <jeffreyatw at gmail.com
>     <mailto:jeffreyatw at gmail.com>> wrote:
>     >>
>     >> This thread is taking a worrying turn toward "wishful thinking"
>     and away
>     >> from "doing".
>     >>
>     >> On Fri, May 9, 2014 at 1:08 PM, Naomi Most <pnaomi at gmail.com
>     <mailto:pnaomi at gmail.com>> wrote:
>     >> >> >> Let's do that.  Who's around who likes installing keypads?
>     >
>     >
>     >
>     > _______________________________________________
>     > Noisebridge-discuss mailing list
>     > Noisebridge-discuss at lists.noisebridge.net
>     <mailto:Noisebridge-discuss at lists.noisebridge.net>
>     > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>     >
>
>
>
>     --
>     Naomi Theora Most
>     naomi at nthmost.com <mailto:naomi at nthmost.com>
>     +1-415-728-7490 <tel:%2B1-415-728-7490>
>
>     skype: nthmost
>
>     http://twitter.com/nthmost
>     _______________________________________________
>     Noisebridge-discuss mailing list
>     Noisebridge-discuss at lists.noisebridge.net
>     <mailto:Noisebridge-discuss at lists.noisebridge.net>
>     https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>
>
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>
> No virus found in this message.
> Checked by AVG - www.avg.com <http://www.avg.com>
> Version: 2014.0.4570 / Virus Database: 3931/7466 - Release Date: 05/09/14
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20140511/c5baa61f/attachment.html>


More information about the Noisebridge-discuss mailing list