[Noisebridge-discuss] access for members and associate members at all hours
Jeffrey Carl Faden
jeffreyatw at gmail.com
Mon May 12 22:24:36 UTC 2014
I agree that it's an improvement. I would happily go to the weekly meeting
tomorrow with your consensus item (unless we think the use of "should"
should change first).
About your suggestion that you involve your fellow hackers: it's a lot less
common at night or in the early morning for your fellow hackers to be
around. What happens then?
I have no intent of changing the key/keypad system at the gate. I think it
works fine as-is, assuming the gate, camera, or intercom aren't broken.
What I've been proposing is Item #3 from this email:
https://www.noisebridge.net/pipermail/noisebridge-discuss/2014-May/044448.html
and here are some more findings from Saturday:
https://www.noisebridge.net/pipermail/noisebridge-discuss/2014-May/044469.html
This supplements the existing key/keypad system by introducing a second
factor of authentication at the third-floor door, in the form of one or
more RFID readers that, when powered, keep the door locked until a
recognized RFID tag is presented.
- In the case of an associate or full member who wants to enter the space
*while the reader is powered*, they would use their key or key code at the
gate as always, then use an RFID tag to unlock the door.
- In the case of an associate or full member who wants to enter the space
at all other times, their method of entry would be identical to how it is
now.
- In the case of a guest who wants to enter the space, they would ring the
intercom at the gate and be buzzed in. Whoever buzzed them in would remain
at the door and open the door for them. If that person somehow disappeared
*and the reader is powered*, the guest would ring the second doorbell at
the door.
Most of your suggestions to tighten access control have to do with
improving the existing infrastructure. I agree. The only added "feature"
would be some sort of alarm that would sound if the door is kept open.
Sounds interesting; not sure how one would be able to override it for a
certain amount of time, but if someone else wants to start a separate
project to do this, I'm all for it.
I have no objection to RFID being used from *inside* the space, *in
addition to outside the space*, to open the door. In fact, the existing
950MHz reader has enough range to register an RFID tag on either side of
the door, so that might be a solved problem.
It's rather extreme to say that installing a lock is "not an option". I
don't see why you say that. Locking the door means that people could in
theory make their way into the building but not the space, but I don't
think that's a problem worth worrying about. People already have access to
the hallways, elevator, basement, etc. as-is, so if someone's going to
cause damage, they can do so now.
Even when the camera, intercom, etc. are in working condition, there's
often so much backlighting or other sorts of obstructions or uncertainties
that it's really hard to make a good judgement about whether a person can
be let in or not. And I know that the people you provided are just
examples, but let me roll with those examples: I don't know what either of
those people look like, so how is seeing them on camera going to help me?
Jeffrey
On Mon, May 12, 2014 at 2:28 PM, Jake <jake at spaz.org> wrote:
> I think that the clear language i proposed will make it easier to ask
> people to leave when necessary, but it's true that some of them will still
> argue. Do you agree that it's an improvement? If so, should we do it?
>
> If a person says they're a member/associate member and they're not, and
> they're doing disruptive things, it will quickly become a thread on this
> list and/or a discussion at a meeting. Then it won't work anymore.
>
> If a person says they were sponsored but their sponsor left, that means
> they are no longer sponsored and they have to leave now. Sponsorship can
> only occur when the sponsoring entity is present in the space.
>
> if they say
>
> - "Why are you singling me out?"
> - "I don't have to tell you my name or anything about me"
> - or they threaten you with harm or otherwise scare you
> it's no different than what we deal with now, except that we can skip
> straight to the point without all the back-and-forth about whether they
> were sleeping or not. I am not suggesting we will never have to argue with
> an oogle again this way, just that we can significantly reduce the toll it
> takes on us each time. And then maybe we'll get good at it.
>
> When the conversation gets to one of the above types of problems, it's
> time to ask your fellow members to back you up and help get them out.
> Hopefully in the future there will always be lots of nice hackers around.
>
> I have to ask if you're suggesting making the RFID card with the intention
> of removing the keycode access system. I object to that, for many reasons,
> including that hackers should be able to get into the space without a
> physical token, even if their sponsor (for gaining access) is not available
> at noisebridge. Yes this means a nonmember can be granted access (by a
> member with code control access) without a member-sponsor in the space, but
> they will presumably quickly be able to gain sponsorship.
>
> That corresponds with erring on the side of letting people in rather than
> keeping them out. I think that is essential to the spirit of noisebridge.
> Keep in mind that we will always have a doorbell and the ability to buzz
> people in without knowing anything about them.
>
> In that sense, i think that it's essential that we design our security
> theater around dealing with people who are in the space, regardless of how
> they got there. If we start trying to keep people out by default, we will
> lose some of the most interesting people in the bay area, who just randomly
> stop by.
>
> Not that we're not losing them right now due to infestation of oogles, but
> i think we should aim high.
>
> If you want to tighten access control, so that only people with
> keycodes/rfid can get in (and those who they choose to buzz in using their
> credentials) here is a list of what i think is needed:
>
> 1. Improve the automatic-closing mechanism on the gate downstairs
> 2. install a sensor to detect when the door is closed fully (make it
> tamperproof!)
> 3. install a noisemaker and alert system that goes off when the door is
> propped open for too long, which can be disabled per-session with an access
> code (for loading stuff in or events open to the public)
> 4. repair and maintain the videocamera peephole system (so you can see who
> is ringing the doorbell)
> 5. repair and maintain the two-directional audio intercom (so you can
> communicate with whoever is ringing the doorbell)
> 6. install an RFID reader upstairs so that people with a card can buzz
> people in without typing in their code to the upstairs keypad each time
>
> note that installing a lock on the upstairs door is not an option of any
> kind. Noisebridge is the most active tenant in the building and we are
> responsible for everyone who comes in through the gate, and what they do
> inside the building (surely you've heard of people sleeping in the
> basement, squatting under the steps, graffiti in the stairwell, etc)
>
> also note that the main reason for having the camera and intercom at the
> door is not to check someone for positive reasons to let them in, but
> rather to check for recognized reasons to NOT let them in, such as "oh
> that's the guy that smeared cheesecake on his face and flashed the space"
> or "that's the same two people with the same three dogs that messed up the
> shop last week"
>
> I hope this helps. and thank you for caring about this stuff.
>
> -jake
>
>
> On Mon, 12 May 2014, Jeffrey Carl Faden wrote:
>
> I agree with your overall assessment, Jake. I would also support the
>> language change in your proposal which more clearly defines the roles and
>> privileges of our member tiers. I agree that anyone who wants to be able
>> to
>> work at Noisebridge should be able to do so at any time, and if they are
>> not
>> a member, then one should sponsor their presence.
>> I disagree, though, that your proposal will always make it easier for a
>> member to approach someone and ask them to leave. That is because,
>> regardless of what they are doing, the people who abuse the space can
>> often
>> make excuses that are hard to refute:
>> - "I'm an associate member / full member, my name just isn't on the wiki"
>> - "Oh, so-and-so said I could be here (but they left|but they don't
>> exist|but I'm lying)"
>> - "Why are you singling me out?"
>> - "I don't have to tell you my name or anything about me"
>> - or they might threaten you with harm or otherwise scare you.
>>
>> The reason I still think an RFID system should be in-place is because
>> while
>> it is important to enforce these roles at all times, it's not always
>> possible. A second layer of computer-controlled access control will make
>> it
>> harder for people to make their way into the space when those who are
>> available to sponsor them are less available.
>>
>> Bruce Schneier is keen to use the phrase "security theater" to describe
>> systems that only seem to enforce restrictions but can easily be
>> circumvented by those with enough intent. And if you'll notice in the
>> other
>> thread I've responded to, I've labeled this RFID system as such. It is
>> not a
>> silver bullet, but it might make it easier to get the job done.
>>
>> If we're being honest, if associate and full members are the only ones who
>> should ever be able to enter the space on their own, then it would make
>> sense to give them all access on this RFID system and keep the door locked
>> 24/7 (just like the gate is). This technology won't solve our problems,
>> but
>> all-hours access restriction seems like the most effective way of keeping
>> it
>> relevant. Wouldn't you agree?
>>
>> (BTW, having just written the last paragraph, I'm not saying I agree with
>> such a drastic measure. But anyone who's serious about members-only access
>> should see why it makes sense.)
>>
>> Jeffrey
>>
>> On Mon, May 12, 2014 at 1:19 PM, Jake <jake at spaz.org> wrote:
>> I saw mention of the "members only hours" concept again recently
>> and i am sad that people don't remember why that failed. It was
>> terrible.
>>
>> I recommended from the start, and i still recommend, having the
>> same policy at all times. There was actually a nice hacker
>> visiting from Germany who was kicked out of noisebridge only
>> because it was 11PM and people were just following orders. The
>> after-hours thing is a dead idea.
>>
>> I really think noisebridge should pass my last proposal, which
>> makes it really straightforward who can be in the space, at all
>> times:
>>
>> https://www.noisebridge.net/pipermail/noisebridge-discuss/
>> 2013-November/040
>> 268.html
>>
>> "Noisebridge is open to Members, Associate Members, and guests
>> sponsored
>> by same, at all times. Any person who is not one of the above
>> may be
>> asked to leave if no Member or Associate Member present wishes
>> to
>> sponsor them at that time, with no other justification being
>> necessary.
>>
>> People coming to Noisebridge who don't know anyone should be
>> introduced
>> to members who are present so that sponsorship can occur if
>> members
>> present choose to do so at that time. Noisebridge should
>> present itself
>> as 'open to public visitors and guests as often as possible'"
>>
>> on another note, i see that people have been talking about the
>> RFID thing as if it is going to solve social problems. I don't
>> believe that's true. I think it's a great project and worth
>> doing, but ultimately the social problems we are dealing with
>> will ONLY be solved by people like us showing up at the space,
>> and caring for the space in-person.
>>
>> Some people mentioned they were at the space the other day,
>> talking about the RFID stuff, while two people were sleeping in
>> the kitchen, and They Did Nothing. I understand why, because
>> for too long Noisebridge has not provided an effective framework
>> for justifying or supporting the ejection of people for
>> sleeping, or general misuse of the space. My proposal above
>> addresses that problem, in a practical way that eliminates the
>> blame game.
>>
>> With the above proposal, a person can be asked to leave without
>> an accusation of sleeping or habitating or anything like that -
>> simply because there is no member present who wishes to sponsor
>> them. It makes it much easier to ask someone to leave, which is
>> the only way we can take our hackerspace back from mission st.
>> chaos.
>>
>> in the words of Bruce Schneier:
>> "If you think technology can solve your security problems, then
>> you don't understand the problems and you don't understand the
>> technology."
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20140512/8d251ee2/attachment-0003.html>
More information about the Noisebridge-discuss
mailing list