[Noisebridge-discuss] Proposal to open Noisebridge at sunrise
kjs
bfb at riseup.net
Sun May 3 06:39:58 UTC 2015
On May 2, 2015 10:09:27 PM PDT, Henner Zeller <h.zeller at acm.org> wrote:
>On 2 May 2015 at 22:04, kjs <bfb at riseup.net> wrote:
>
>>
>>
>> On May 2, 2015 7:09:42 PM PDT, Henner Zeller <h.zeller at acm.org>
>wrote:
>> >On 2 May 2015 at 19:02, Olivier Laleu <olivier.laleu at gmail.com>
>wrote:
>> >
>> >> Hi noisebridge,
>> >>
>> >> Thanks for having discussed the proposal during last Tuesday
>meetings
>> >> and on NB-discuss. Big thanks to Kevin for having helped me with
>> >format
>> >> dates in Golang and having launched some tests.
>> >>
>> >> Proposition:
>> >> 1 --- I did a pull-request to Henner and Kevin to have a user's
>(non
>> >> fulltime) token working 3 hours after the sunrise. You can check
>my
>> >code
>> >> here:
>> >>
>> >>
>> >
>>
>https://github.com/lol84/rfid-access-control/blob/master/software/earl/user.go
>> >>
>> >> Before
>> >> member - 24h a day
>> >> fullTimeUser - from 7 to 23h59
>> >> user - from 11 to 21h59
>> >>
>> >> After
>> >> member - 24h a day
>> >> fullTimeUser - from sunrise to 23h59
>> >> user - from (sunrise + 3 hours) to 21h59
>> >>
>> >
>> >Unless I missed something, I think the discussion about this last
>item
>> >has
>> >not settled yet. Leave it at 11:00 for
>> >now until we have come to a conclusion.
>> >
>>
>> I feel the problem here is the lack of a forum for lower case c
>consensus.
>
>
>the forum to quickly come to a lower case consensus would be the
>#security-wg channel on slack.
>
>
>> I am also confused on the outcome of this thread. I further feel the
>lack
>> of a forum brings docracy to halt.
>
>
>the forum _is_ slack.
>
Slack is a walled garden with an echo chamber effect. The self reinforcing nature of the beast is very conducive to clique consenses. Everyone is not on Slack, for good reason. Accounts are limited, access is guarded, we do not host the server, thus do not have control of the data transmitted. Of course, Slack users' accounts were also once compromised.
The alternatives are Tuesday meetings, a working group meeting and discuss. This proposal was discussed at three meetings. My impression from the meetings was largely positive. I was surprised by the many concerns raised on this thread. Thank you all for the feedback.
I suggest we convene the security working group, perhaps Monday night, and empower the group to sort through the concerns raised and move forward with some implementation.
>
>> Can someone please elaborate on how this is supposed to work?
>>
>> >
>> >>
>> >> 2 --- The idea of Patrick to have an interface from where visitors
>> >could
>> >> make their own rfid card sounds doocratically cool. Maybe I could
>> >give
>> >> help with databases.
>> >>
>> >
>> >I have not understood Patricks original comment, but I don't think
>he
>> >meant
>> >that
>> >anybody can create a token.
>> >
>> >
>> >>
>> >> Question:
>> >> 1 --- sunrise + 3 hours means a space opened at 9:32 for a user.
>Is
>> >> there a consensus on it? We still can write sunrise + 4 hours if
>you
>> >> think it would be unsecured.
>> >>
>> >
>> >Leave that at 11 for now until we have consensus. Also in
>winter-time,
>> >this
>> >might
>> >be pretty late.
>> >
>> >
>> >>
>> >> 2 --- What about writing on the wiki page "Noisebridge is opened
>> >today
>> >> from 9:32 to 22:00", via a javascript function. We can grab the
>code
>> >of
>> >> the NOAA sunrise hour (the same that is given by astrotime) via
>> >> javascript. I can help on it.
>> >
>> >
>> >Check with Patrick and Torrie, I think they were working on some 'is
>> >open'
>> >indicator somewhere.
>> >(also 'open' in your case means 'open with RFID' or something)
>> >
>> >
>> >>
>> >> Last thoughts:
>> >> For newcomers, to know they can enter noisebridge via an rfid
>related
>> >to
>> >> the sunrise, is, so cool!
>> >> For hackers, to know that the space do not depends from arbitrary
>> >> bi-annual time changes sounds cool too!
>> >>
>> >
>> >(At least it is a neat thing from the hack-perspective.
>> >Most peoples schedule is actually not related to sunrise, so it just
>> >makes
>> >it
>> >harder to reason when the space is open.)
>> >
>> >
>> >>
>> >> Henner, Kevin, Patrick,...let me know when you would like to ssh
>or
>> >> operate Earl manually. I'm really interested seeing it working.
>> >>
>> >
>> >I'll meet with Kevin on Monday evening and chat about implementing a
>> >web
>> >interface.
>> >
>> >
>> >>
>> >> Olivier
>> >> 'o o,
>> >> 'o o,
>> >> 'o o'
>> >> 'o o'
>> >> 'o ..ooo, o'
>> >> o''~ ~'o o'
>> >> o' ,o'^'o- ''o
>> >> o' 'o' 'o- o
>> >> o-o-o-o-o-o ;o o' 'o -o-o-o-o-o-o
>> >> :o, 'o- ,o o' ,o
>> >> 'o, '** ,d' ,o
>> >> 'o,..,,d' ,o'
>> >> o' ,o' o
>> >> o' 'o
>> >> o' 'o
>> >> o' 'o
>> >> o' 'o
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> kjs:
>> >> > jarrod hicks:
>> >> >> I agree with Harry that "the statement 'Membership has only one
>> >perk -
>> >> >> Block rights for concensus.' a lie."
>> >> >>
>> >> >> I think we should just own the fact that Membership has two
>perks
>> >now.
>> >> >> 1. Full particpation in consensus 2. After hours access. I
>already
>> >say
>> >> >> essentially this when I give tours nowadays. I'm also fine with
>> >there
>> >> >> being some grey 'case by case basis' area here.
>> >> >
>> >> > Thanks for sharing Jarrod. I think it's great that you want to
>own
>> >this,
>> >> > but I do not. I am generally the person at meetings, giving
>tours,
>> >> > iterating over my version of membership and access, dwelling
>> >entirely in
>> >> > the gray area of trust heuristics. Becoming a Member requires
>> >consensus
>> >> > of the group, thus demonstrates to me the observed
>> >'responsibleness' and
>> >> > trustworthiness needed to curate Noisebridge 24 hours of the
>day. I
>> >am
>> >> > vary wary of advertising this as a perk of membership. Rather, I
>> >prefer
>> >> > to share and consider the qualities needed, not the title.
>> >> >
>> >> >>
>> >> >> I don't think we should go out of our way, and risk the
>progress
>> >we
>> >> >> are making improving the space, to open up special access for
>> >users
>> >> >> who want to use Noisebridge but are not interested in being a
>> >greater
>> >> >> part of our community, they are already welcome during regular
>> >hours.
>> >> >> (Harry, I am not referring to you. I think you are excellent in
>> >the
>> >> >> space.) Not necessarily Membership status, but at least with a
>> >strong
>> >> >> track record of excellence, trust worthiness, and support of
>the
>> >> >> space. The sort of person who is assumed to be a member, even
>if
>> >they
>> >> >> are not.
>> >> >>
>> >> >>
>> >> >
>> >> > During discussion of this topic at meetings, there were a number
>of
>> >> > early birds expressing interest in being a part of our
>community,
>> >> > wanting to come and hack before 11:00. That was one motivation
>for
>> >this
>> >> > proposal. Broadly, I believe improving the interface at the door
>to
>> >> > support adding fulltimeusers will help to reduce this tension.
>In
>> >the
>> >> > current state there's an asymmetry and bottleneck at this stage,
>> >where
>> >> > only a handful of folks can add fulltimeusers. Hence why I
>proposed
>> >both
>> >> > removing the bottleneck by creating a more accessible interface
>and
>> >> > bumping up user hours. I never saw this as risking progress or
>> >going out
>> >> > of our way, though I hear and respect that many do. I hope that
>we
>> >can
>> >> > find a middle way where all are content.
>> >> >
>> >> > -Kevin
>> >> >
>> >> >>
>> >> >> On Thu, Apr 30, 2015 at 3:05 PM, kjs <bfb at riseup.net> wrote:
>> >> >>> Who gave sid, harvey, rob 2.0, etc. access tokens? The pool of
>> >people
>> >> who are able to create access tokens is small. I argue that more
>> >critical
>> >> systems fall apart in a world where we assume that someone has
>issued
>> >a key
>> >> to folks on the 86'ed list.
>> >> >>>
>> >> >>>
>> >> >>> On April 30, 2015 2:49:20 PM PDT, Torrie Fischer <
>> >> tdfischer at hackerbots.net> wrote:
>> >> >>>> On Thursday, April 30, 2015 01:53:19 PM Harry Moreno wrote:
>> >> >>>>> Anyone object to allowing anonymous users early access to
>> >> >>>> Noisebridge?
>> >> >>>>
>> >> >>>> I do. Vehemently.
>> >> >>>>
>> >> >>>> The set of anonymous users includes such people as Harvey,
>Sid,
>> >Rob
>> >> >>>> 2.0, and
>> >> >>>> other fun personalities from the 86 page. I'd be cool with
>> >giving
>> >> >>>> identified
>> >> >>>> people early access to Noisebridge. It isn't a requirement
>that
>> >the
>> >> >>>> information in the database be one's True And Legal Name (as
>the
>> >state
>> >> >>>> of
>> >> >>>> California calls it), but merely the nym one wishes to
>identify
>> >as. My
>> >> >>>> entries
>> >> >>>> in there say "tdfischer" and "tdfischer at hackerbots.net".
>You'd
>> >be
>> >> hard
>> >> >>>> pressed
>> >> >>>> to find a court of law that would accept tdfischer as my
>"legal"
>> >name.
>> >> >>>>
>> >> >>>> I honestly don't care what name people give when they
>> >deanonymize
>> >> >>>> themselves
>> >> >>>> in the database. I only care that people can be held
>accountable
>> >for
>> >> >>>> shitting
>> >> >>>> in the woodshop. Consensus on all levels has it that shitting
>in
>> >the
>> >> >>>> woodshop
>> >> >>>> is unexcellent. If an anonymous person with a vendetta comes
>in
>> >and
>> >> >>>> shits in
>> >> >>>> the woodshop, how could it be prevented? Would we just hope
>that
>> >they
>> >> >>>> don't
>> >> >>>> shit in there again? Shouldn't it make sense that we would
>know
>> >who
>> >> did
>> >> >>>> it and
>> >> >>>> tell the community "Hey folks, Jackhammer Jill shit in the
>> >woodshop.
>> >> >>>> Don't let
>> >> >>>> her back in."?
>> >> >>>>
>> >> >>>> Being listed in the access database as "member" is just a
>> >technical
>> >> >>>> implementation. Much like all attempts to programatically
>> >validate
>> >> >>>> someone's
>> >> >>>> Real Name as being two separate words with UTF-8 characters,
>it
>> >> >>>> completely
>> >> >>>> misses the reality of how things work. You still don't need
>to
>> >be a
>> >> >>>> member to
>> >> >>>> have 24/7 access to the door.
>> >> >>>>
>> >> >>>> However, you do need the consent of Noisebridge to have it.
>I'm
>> >pretty
>> >> >>>> much a
>> >> >>>> hardass about consenting to that and insisting that I get to
>> >know
>> >> >>>> someone and
>> >> >>>> feel comfortable with it before I'd be cool with them having
>> >24/7
>> >> >>>> access.
>> >> >>>
>> >> >>> _______________________________________________
>> >> >>> Noisebridge-discuss mailing list
>> >> >>> Noisebridge-discuss at lists.noisebridge.net
>> >> >>>
>https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>> >> >> _______________________________________________
>> >> >> Noisebridge-discuss mailing list
>> >> >> Noisebridge-discuss at lists.noisebridge.net
>> >> >>
>https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>> >> >>
>> >> _______________________________________________
>> >> Noisebridge-discuss mailing list
>> >> Noisebridge-discuss at lists.noisebridge.net
>> >> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>> >>
>> >
>> >
>>
>>------------------------------------------------------------------------
>> >
>> >_______________________________________________
>> >Noisebridge-discuss mailing list
>> >Noisebridge-discuss at lists.noisebridge.net
>> >https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>
>>
More information about the Noisebridge-discuss
mailing list