[Noisebridge-discuss] access for members and associate members at all hours

Jake jake at spaz.org
Mon May 12 21:28:22 UTC 2014

I think that the clear language i proposed will make it easier to ask 
people to leave when necessary, but it's true that some of them will still 
argue.  Do you agree that it's an improvement?  If so, should we do it?

If a person says they're a member/associate member and they're not, and 
they're doing disruptive things, it will quickly become a thread on this 
list and/or a discussion at a meeting.  Then it won't work anymore.

If a person says they were sponsored but their sponsor left, that means 
they are no longer sponsored and they have to leave now.  Sponsorship can 
only occur when the sponsoring entity is present in the space.

if they say
- "Why are you singling me out?"
- "I don't have to tell you my name or anything about me"
- or they threaten you with harm or otherwise scare you
it's no different than what we deal with now, except that we can skip 
straight to the point without all the back-and-forth about whether they 
were sleeping or not.  I am not suggesting we will never have to argue 
with an oogle again this way, just that we can significantly reduce the 
toll it takes on us each time.  And then maybe we'll get good at it.

When the conversation gets to one of the above types of problems, it's 
time to ask your fellow members to back you up and help get them out.
Hopefully in the future there will always be lots of nice hackers around.

I have to ask if you're suggesting making the RFID card with the intention 
of removing the keycode access system.  I object to that, for many 
reasons, including that hackers should be able to get into the space 
without a physical token, even if their sponsor (for gaining access) is 
not available at noisebridge.  Yes this means a nonmember can be granted 
access (by a member with code control access) without a member-sponsor in 
the space, but they will presumably quickly be able to gain sponsorship.

That corresponds with erring on the side of letting people in rather than 
keeping them out.  I think that is essential to the spirit of noisebridge. 
Keep in mind that we will always have a doorbell and the ability to buzz 
people in without knowing anything about them.

In that sense, i think that it's essential that we design our security 
theater around dealing with people who are in the space, regardless of how 
they got there.  If we start trying to keep people out by default, we will 
lose some of the most interesting people in the bay area, who just 
randomly stop by.

Not that we're not losing them right now due to infestation of oogles, but 
i think we should aim high.

If you want to tighten access control, so that only people with 
keycodes/rfid can get in (and those who they choose to buzz in using their 
credentials) here is a list of what i think is needed:

1. Improve the automatic-closing mechanism on the gate downstairs
2. install a sensor to detect when the door is closed fully (make it 
3. install a noisemaker and alert system that goes off when the door is 
propped open for too long, which can be disabled per-session with an 
access code (for loading stuff in or events open to the public)
4. repair and maintain the videocamera peephole system (so you can see who 
is ringing the doorbell)
5. repair and maintain the two-directional audio intercom (so you can 
communicate with whoever is ringing the doorbell)
6. install an RFID reader upstairs so that people with a card can buzz 
people in without typing in their code to the upstairs keypad each time

note that installing a lock on the upstairs door is not an option of any 
kind.  Noisebridge is the most active tenant in the building and we are 
responsible for everyone who comes in through the gate, and what they do 
inside the building (surely you've heard of people sleeping in the 
basement, squatting under the steps, graffiti in the stairwell, etc)

also note that the main reason for having the camera and intercom at the 
door is not to check someone for positive reasons to let them in, but 
rather to check for recognized reasons to NOT let them in, such as "oh 
that's the guy that smeared cheesecake on his face and flashed the space" 
or "that's the same two people with the same three dogs that messed up the 
shop last week"

I hope this helps. and thank you for caring about this stuff.


On Mon, 12 May 2014, Jeffrey Carl Faden wrote:

> I agree with your overall assessment, Jake. I would also support the
> language change in your proposal which more clearly defines the roles and
> privileges of our member tiers. I agree that anyone who wants to be able to
> work at Noisebridge should be able to do so at any time, and if they are not
> a member, then one should sponsor their presence.
> I disagree, though, that your proposal will always make it easier for a
> member to approach someone and ask them to leave. That is because,
> regardless of what they are doing, the people who abuse the space can often
> make excuses that are hard to refute:
> - "I'm an associate member / full member, my name just isn't on the wiki"
> - "Oh, so-and-so said I could be here (but they left|but they don't
> exist|but I'm lying)"
> - "Why are you singling me out?"
> - "I don't have to tell you my name or anything about me"
> - or they might threaten you with harm or otherwise scare you.
> The reason I still think an RFID system should be in-place is because while
> it is important to enforce these roles at all times, it's not always
> possible. A second layer of computer-controlled access control will make it
> harder for people to make their way into the space when those who are
> available to sponsor them are less available.
> Bruce Schneier is keen to use the phrase "security theater" to describe
> systems that only seem to enforce restrictions but can easily be
> circumvented by those with enough intent. And if you'll notice in the other
> thread I've responded to, I've labeled this RFID system as such. It is not a
> silver bullet, but it might make it easier to get the job done.
> If we're being honest, if associate and full members are the only ones who
> should ever be able to enter the space on their own, then it would make
> sense to give them all access on this RFID system and keep the door locked
> 24/7 (just like the gate is). This technology won't solve our problems, but
> all-hours access restriction seems like the most effective way of keeping it
> relevant. Wouldn't you agree?
> (BTW, having just written the last paragraph, I'm not saying I agree with
> such a drastic measure. But anyone who's serious about members-only access
> should see why it makes sense.)
> Jeffrey
> On Mon, May 12, 2014 at 1:19 PM, Jake <jake at spaz.org> wrote:
>       I saw mention of the "members only hours" concept again recently
>       and i am sad that people don't remember why that failed.  It was
>       terrible.
>       I recommended from the start, and i still recommend, having the
>       same policy at all times.  There was actually a nice hacker
>       visiting from Germany who was kicked out of noisebridge only
>       because it was 11PM and people were just following orders.  The
>       after-hours thing is a dead idea.
>       I really think noisebridge should pass my last proposal, which
>       makes it really straightforward who can be in the space, at all
>       times:
> https://www.noisebridge.net/pipermail/noisebridge-discuss/2013-November/040
>       268.html
>        "Noisebridge is open to Members, Associate Members, and guests
>       sponsored
>         by same, at all times.  Any person who is not one of the above
>       may be
>         asked to leave if no Member or Associate Member present wishes
>       to
>         sponsor them at that time, with no other justification being
>       necessary.
>         People coming to Noisebridge who don't know anyone should be
>       introduced
>         to members who are present so that sponsorship can occur if
>       members
>         present choose to do so at that time.  Noisebridge should
>       present itself
>         as 'open to public visitors and guests as often as possible'"
>       on another note, i see that people have been talking about the
>       RFID thing as if it is going to solve social problems.  I don't
>       believe that's true. I think it's a great project and worth
>       doing, but ultimately the social problems we are dealing with
>       will ONLY be solved by people like us showing up at the space,
>       and caring for the space in-person.
>       Some people mentioned they were at the space the other day,
>       talking about the RFID stuff, while two people were sleeping in
>       the kitchen, and They Did Nothing.  I understand why, because
>       for too long Noisebridge has not provided an effective framework
>       for justifying or supporting the ejection of people for
>       sleeping, or general misuse of the space.  My proposal above
>       addresses that problem, in a practical way that eliminates the
>       blame game.
>       With the above proposal, a person can be asked to leave without
>       an accusation of sleeping or habitating or anything like that -
>       simply because there is no member present who wishes to sponsor
>       them.  It makes it much easier to ask someone to leave, which is
>       the only way we can take our hackerspace back from mission st.
>       chaos.
>       in the words of Bruce Schneier:
>       "If you think technology can solve your security problems, then
>       you don't understand the problems and you don't understand the
>       technology."
>       _______________________________________________
>       Noisebridge-discuss mailing list
>       Noisebridge-discuss at lists.noisebridge.net
>       https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss

More information about the Noisebridge-discuss mailing list