SecWG Meeting Notes 2014 05 01
crw [7:10 PM] i'm going to transcribe salient points, as i can
crw[7:10 PM]- need a handy list of folks to contact in case there's a problem
nthmost [7:11 PM] AWESOME
crw [7:11 PM] - list of folks who have keys for physical access? any currently persona non grata?
crw[7:12 PM]https://noisebridge.net/wiki/Docents
crw[7:13 PM]- sid will not wear a docent vest, officially.
crw[7:14 PM]the concept of a docent creates a position of authority which can be exploited/abused
crw[7:16 PM]kiosk at front w/ an irc client and/or slack access - maybe use as a majordomo?
crw[7:16 PM]"area hosts"
crw[7:17 PM]"reasonableness as a service"
crw[7:18 PM]:grinning:
crw[7:19 PM]logs vs. anonymity in the space. consistency, recognizable faces.
crw[7:20 PM]slack API for suggestion box. "like google forms, but different"
crw[7:21 PM]NB ticket system
crw[7:21 PM]ticketing systems for NB has been discussed at least once before.
crw[7:23 PM]"if it didn't happen on the mailing list, it didn't happen"
tdfischer [7:24 PM] ++++1
crw [7:24 PM] logging
crw[7:25 PM]https://www.noisebridge.net/pipermail/security/
crw[7:25 PM]https://noisebridge.net/wiki/Security_Group
crw[7:26 PM]those are unrelated to the subject we're discussing, they appear to be infosec
crw[7:26 PM]"TODO: implement communication protocols: smoke signals & tcp over carrier pigeon"
crw[7:29 PM]docentry is a fragile system
crw[7:29 PM]who can make guarantees to the community? probably only the board.
crw[7:30 PM]https://noisebridge.net/wiki/DocentSchedule
crw[7:30 PM]the wiki is a fragile system
crw[7:31 PM]https://www.youtube.com/watch?v=jQOwchtUdcs YouTube jerkyboyz1 the jerky boys security service
crw[7:32 PM]"security service? yes, i'm very insecure"
crw[7:32 PM]NB lockable at night?
crw[7:34 PM]locking the member shelves?
crw[7:34 PM]security vs. anonymity
crw[7:35 PM]inter-group collaboration
crw[7:36 PM]are we deprecating the lockers already?
crw[7:38 PM]actionable: make a kiosk
crw[7:40 PM]i'm having a moment of cynicism, here.
nthmost [7:40 PM] yeah?
crw [7:41 PM] yeah i think we're missing some fundamentals. i don't feel having a kiosk is going to stop our more severe and chronic physical security problems.
nthmost [7:41 PM] Speak up!
crw [7:44 PM] WONTFIX
crw[7:45 PM]it's been about 6 months i've been in the space, does the internal door on the 3F lock at all? or is it just the gate?
crw[7:47 PM]"should" is a curse word
nthmost [7:47 PM] heh
crw [7:47 PM] being discussed: 2-factor auth w/ key & electronic
nthmost [7:48 PM] such a neat idea
crw [7:48 PM] theft
crw[7:48 PM]sleeping at the space
crw[7:48 PM]unauthorized access to other parts of the building
crw[7:49 PM]misuse/unsafe use of materials
crw[7:49 PM](interference on mumble, can't hear at present)
crw[7:50 PM]interference gone
crw[7:54 PM]helpful messaging for safe/DM/danger zones
crw[7:55 PM]shelf rotation
crw[7:57 PM]"trust is earned"
crw[7:57 PM]"trust but verify"
crw[7:58 PM]re-up sponsorships for associate memberships to keep relationships fresh, help build community?
crw[7:59 PM]"you get the security you deserve"
crw[8:00 PM]cultural responsibility
crw[8:00 PM]membership shelves as exemplar. glass walls and maglocks?
crw[8:01 PM]ioerror would shit a brick re: biometric at nb
crw[8:06 PM]TODO: what are the things we said we'd implement and didn't?
crw[8:08 PM]re-keying the first floor door?
nthmost [8:08 PM] the inner doors, not the gate door
crw [8:09 PM] oh man.
crw[8:09 PM]what about the 3F door?
crw[8:09 PM]what's the lock status on that? and the elevator area
nthmost [8:09 PM] the 3F door is lockable
nthmost[8:09 PM]problem is that the elevator situation is problematic
crw [8:09 PM] yes
crw[8:11 PM]layered security: https://www.youtube.com/watch?v=ElqZms_SUjg YouTube Peter Lalic "Get Smart" title sequence [High Quality]
crw[8:12 PM]we've got a psyops infiltrator working for the aliens.
crw[8:13 PM]this just in: noisetor is a honeypot
crw[8:14 PM]this conversation has enough trigger words in it that the NSA will now be paying attention to @nthmost's mumble server.
nthmost [8:15 PM] hahaha
nthmost[8:15 PM]true
crw [8:15 PM] reaffirmation of previous security resolutions, revitalization of docent program, and the SuperKiosk.
nthmost [8:16 PM] Indeed!
crw [8:17 PM] :trollface:
tdfischer [8:17 PM] :doge:
adrian [8:17 PM] *reads*
crw [8:20 PM] most of the things in quotes were my own internal monologue
crw[8:21 PM]and nearly everything else was paraphrased. i'm not an unbiased note-taker.
nthmost [8:21 PM] The notes were a source of amusement, thank you
crw [8:22 PM] :grinning:
crw[8:23 PM]i'm going to need to think more about the whole securing-the-member-shelves thing.
nthmost [8:23 PM] What do you think about that?
crw [8:25 PM] ambivalent. unless you wanna fork out a large amount of money, any wall will be one i can put my foot through if i wanted. feels like security theater. the real answer is of course cultural, but that's not exactly easy. familiar with broken windows theory?
nthmost [8:25 PM] Ah
nthmost[8:25 PM]yes, for sure
crw [8:25 PM] so, yeah. we continue having these problems because we continue having these problems.
nthmost [8:25 PM] Yeah. Part of all of this stuff is just the idea of doing SOMETHING
tdfischer [8:26 PM] the first rule of tautology club is the first rule of tautology club
nthmost [8:26 PM] hahaha
crw [8:26 PM] +1 :grinning:
crw[8:27 PM]so we totally avoided threat modeling discussion, but i guess that's something to work up to.
nthmost [8:27 PM] That's totally okay
nthmost[8:27 PM]We had a productive conversation, new ideas, etc
nthmost[8:27 PM]Wish I weren't so sleepy!
crw [8:28 PM] i missed what, exactly, was said about aliens. but i think i'm glad i did.
nthmost [8:28 PM] NOthing of consequence.
crw [8:31 PM] gonna grab a quick bite to eat and think this over some more.
nthmost [8:31 PM] cool
nthmost[8:31 PM]are you going to come to the space anytime soon?
crw [8:31 PM] i probably should, just to meet folks.
crw[8:32 PM]i really am a hermit by choice, though.
nthmost [8:33 PM] You should!
crw [8:50 PM] ok so, i just drew a box and cut it into quadrants. the columns are for "2169 Mission" and "Inside NB Space", the rows are "members/associate members" and "non-members/guests"
crw[8:50 PM]and this is somehow related to security, i think.
crw[8:50 PM]what goes inside the boxes at the intersection of these things and what are the security ramifications?
crw[8:51 PM](this is an open question, im pretty mentally spent for today)
adrian [9:06 PM] is it still going on?
crw [9:09 PM] nah, finished around the time you were reading up the chat log
nthmost [9:09 PM] yep
nthmost[9:09 PM]nice clean hour
slackbot [9:09 PM] Breakfast is the most important meal of the day.
adrian [9:09 PM] damn
adrian[9:09 PM]I just connected
nthmost [9:09 PM] ugh, turn that stupid slackbot off
adrian [9:09 PM] heh
adrian[9:09 PM]how'd it go?
nthmost [9:09 PM] Breakfast is the most important meal of the day TO SKIP
nthmost[9:09 PM]fixed it.
adrian [9:09 PM] heh
crw [9:10 PM] a pot of coffee counts as breakfast, right?
nthmost [9:11 PM] nope
nthmost[9:11 PM]coffee and cream are "free"
nthmost[9:11 PM]I mean, if you're trying to suck up to someone that thinks breakfast is important
nthmost[9:11 PM]then yes, coffee is breakfast.
adrian [9:12 PM] heh
crw [9:12 PM] i keep a supply of instant coffee so i'm caffeinated enough to make proper coffee.
crw[9:14 PM]but back on topic, i think the meeting went well enough.
adrian [9:14 PM] swet
adrian[9:14 PM]+e
crw [9:15 PM] got some solid things to follow-up on, should someone want to actually do that. i'm not sure naomi's got the bandwidth for it at present.
adrian [9:19 PM] Yeah
adrian[9:19 PM]She sounded like close ot bruning out :disappointed:
adrian[9:19 PM]to burning*
crw [9:19 PM] i'm looking through last year's consensus history now to see what was agreed upon re: physical security. i remember some of the discussions, but not the outcomes.
crw[9:20 PM]2013-11-12 JC It should be possible to secure Noisebridge when not in use. Noisebridge should be secured when not in use. All Noisebridge Members and Associate Members should have access to Noisebridge.
crw[9:21 PM]is "so say we all" the same as "consensed"?
nthmost [9:25 PM] You'd have to ask @flamsmark
crw [9:31 PM] so that item from JC is the only thing in the consensus history from last year that discusses physical security of the space (unless i missed something)
crw[9:32 PM](apart from the obvious anti-harassment policy and associate membership including access to the space)
nthmost [9:38 PM] OK, good
nthmost[9:38 PM]Thanks for checking!
crw [9:39 PM] also grep'd page for docent or redshirt and didn't come up with anything. so those must've been done do-ocratically.
nthmost [9:39 PM] Yes.
nthmost[9:39 PM]Completely.
nthmost [10:09 PM] When I left, Sid was putting together a kiosk
nthmost[10:10 PM]I said i would do it, but i cant realistically do it until next week, so.
crw [10:12 PM] what's it going to do?
nthmost [10:15 PM] That "send a report" functionality we talked about
nthmost[10:16 PM]at least, the hardware part. the interface, i dunno. at least the kiosk has a touchscreen
crw [10:18 PM] whatever happened to that dude hilaire?
nthmost [10:19 PM] dunno who that is
crw [10:20 PM] he was a mainstay for a while. didn't interview well for membership and was denied.
nthmost [10:21 PM] I must have missed that completely
tdfischer [10:21 PM] I thought he was pretty neat
tdfischer[10:21 PM]he sponsored my associateness
nthmost [10:22 PM] i was in Oakland April 2012 to April 2013, spent all my time and effort at sudo room
crw [10:24 PM] yeah i didn't have any problems with him, he just presented himself poorly at that interview
crw[10:24 PM]was unfortunate
tdfischer [10:24 PM] :<
crw [10:25 PM] not yet having met sid, he already reminds me of hilaire in some ways.
nthmost [10:54 PM] Let me guess, Tom was running that meeting.
crw [11:11 PM] no, actually.
crw[11:12 PM]was jarrod: https://noisebridge.net/wiki/Meeting_Notes_2013_11_05
crw[11:12 PM]he had a fair hearing, just did a poor job advocating for himself. in a way, it might've been better if tom /had/ been moderating
crw[11:12 PM]less time taken, less chance to put his foot in his mouth
nthmost [11:13 PM] oh. huh.
crw [11:15 PM] oddly enough, that was also the meeting that discussed physical security at the space.
crw[11:15 PM]"Proposal to require a minimum number of members present for consensus blocked"
nthmost [11:15 PM] one of them -- I was at at least one of that series of meetings
crw [11:21 PM] you were actually there the first time i was ever at the space, apparently: https://noisebridge.net/wiki/Meeting_Notes_2013_07_02
nthmost [11:22 PM] oh wow
crw [11:22 PM] was a great first experience. danny moderated the meeting and gave me a great big hug afterward for making it all the way through.
nthmost [11:23 PM] moving to #general ...
adrian [11:48 PM] yay
Today May 8th, 2014 -----
teratoma [12:35 PM] joined #security-wg
schuyler [3:35 PM] @crw: Thank you so much for your live notes during the meeting! Reading through them all now, and you seem to have recorded a great snapshot of what was discussed and some of the points of contention. Awesome of you.
crw [3:47 PM] oh, thanks. is another meeting scheduled for tomorrow?
nthmost [3:47 PM] not tomorrow -- I think every other week will do
nthmost [3:48 PM] set the channel topic: next mtg May 15 @ 7pm, Noisebridge. Mumbler server at nthmost.net