[Noisebridge-discuss] Problem: people seeing NB as a backup shelter

Henner Zeller h.zeller at acm.org
Sat May 10 01:30:00 UTC 2014


I would like to help researching RFID readers and how to get a  bunch of
cards and help make this happen. RFID is not absolutely secure, but this is
not what we have to worry about here (in fact, if someone can hack themself
in with a copy, they are at the right place).

Starting with the top door being opened by RFID is a good first step. I
still would  like to put an RFID reader downstairs as well because
remembering my 7-digit code always is, uhm, troublesome for me. So it would
just basically an addition/replacement for the keypad downstairs (which
doesn't change the situation with other tenants that have a key, I suppose).

I might come to NB tomorrow, is anyone there who wants to discuss this, and
work on it ? Let Do this.
I am happy to help purchase equipement if we need that (I know there were
already experiments with RFID readers before ? What happened to that ?).
Getting basic physical access installed is IMHO the most important thing to
make NB functioning again.

(I am really looking forward to have only people there who should be there.
One of my reasons to only really rarely come to Noisebridge is, because I
know that I can't leave stuff there I want to work on, so why should I do
it there ?)



On 9 May 2014 17:28, Naomi Most <pnaomi at gmail.com> wrote:

> I'm just reiterating my own stances said elsewhere.
>
> Basically, I'm a proponent of Approach #3.
>
> Important points:
>
> * the front door key is not a form of security; it's a meme promoting
> Noisebridge.
>
> * changing the way the front door operates requires the use of social
> capital w/ the landlord and tenants.  Right now the landlord is
> disturbed by the Electrical Situation -- not a good time to bother him
> about other things.
>
> * installing RFID at the top door seems like the smartest addition of
> security in terms of workingness (keyfobs are less easily duplicable
> than key codes and just as revokable) and in terms of the work
> involved (not removing anything from the front door, just installing
> something new).
>
> * yes, this is still basically security theater -- unless we also
> restrict access via the elevator.
>
> --Naomi
>
>
> On Fri, May 9, 2014 at 4:31 PM, Jeffrey Carl Faden <jeffreyatw at gmail.com>
> wrote:
> > We have been discussing this for a few hours on Slack and #noisebridge
> and
> > have come up with a few solutions. I thought I'd share a few ideas that
> have
> > been thrown around so far.
> >
> > Here's the current system, for those watching from home. At all hours of
> the
> > day:
> > - Someone can use a key to get into the building and space.
> > - Someone can use a keycode to get into the building and space.
> > - Someone can buzz the intercom and be allowed in by someone inside who
> has
> > a keycode. (or they can walk downstairs)
> >
> > And now, for some new ideas...
> >
> > Idea #1: Move the keypad from the gate to the door. Keypad only active
> > during newly instilled associate/regular members hours. Physical key, or
> > someone buzzing you in, required to enter the building.
> > Benefits:
> > - Robotically enforced "members-only" hours, instead of human-enforced
> like
> > in the past
> > - Semblance of 2-factor auth, if you ignore the ubiquity of keys and
> > keycodes
> >
> > Idea #2: idea #1, plus replacing gate lock with RFID sensor.
> > Additional benefits:
> > - RFID fob can be revoked if shared, while key cannot (or it's much
> harder
> > to do so).
> >
> > Idea #3: keep lock/keypad as-is, install members-hours-only RFID sensor
> at
> > door.
> > Additional benefits:
> > - No need to change existing setup.
> > - RFID sensor is less likely to be tampered with.
> >
> > In all three cases, it will be less easy (but nothing is impossible) for
> a
> > random person looking for a way to abuse the space to find their way
> inside.
> > Of course, much like how things are now, there's a significant amount of
> > security theater that goes into these "solutions." There is no silver
> > bullet.
> > - In all forms, someone can still shadow someone else being let in.
> > - With idea #2, replacing the lock with an RFID sensor could
> inconvenience
> > other tenants, and RFID sensor could be subject to on-the-street
> vandalism.
> > - In the past, people have complained about their access/whereabouts
> being
> > tracked by being tied to an RFID fob.
> > - Anyone could use the elevator to get past any form of authentication at
> > the door.
> > -- The elevator is either off-limits, cost-prohibitive, or both to add an
> > additional keypad or sensor to.
> >
> > Either way, this is what we've been discussing. If you didn't read the
> > previous paragraph, I said that this is all ultimately in the name of
> > security theater. But I think they're all improvements on what we have
> now.
> >
> > If you're interested in discussing these (beyond the discussions we've
> > already been having on this list, on Slack, on Freenode, and now on this
> > Etherpad I made the mistake of creating), please consider coming to a
> > meeting of the Security Working Group. I'll defer to Naomi or someone in
> > #security-wg on Slack for details about when that will happen.
> >
> > If you haven't read the antepenultimate paragraph or the one prior to it,
> > this is all in the name of security theater. Please do not complain about
> > holes in any of these systems that already exist within our current one.
> > Thanks again!
> >
> > Jeffrey
> >
> > On Fri, May 9, 2014 at 4:01 PM, Johny Radio <johnyradio at gmail.com>
> wrote:
> >>
> >> Ya gotta love the "Let's somebody else do it." Classic.
> >>
> >>
> >> Jeffrey Carl Faden <jeffreyatw at gmail.com> wrote:
> >>
> >> This thread is taking a worrying turn toward "wishful thinking" and away
> >> from "doing".
> >>
> >> On Fri, May 9, 2014 at 1:08 PM, Naomi Most <pnaomi at gmail.com> wrote:
> >> >> >> Let's do that.  Who's around who likes installing keypads?
> >
> >
> >
> > _______________________________________________
> > Noisebridge-discuss mailing list
> > Noisebridge-discuss at lists.noisebridge.net
> > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> >
>
>
>
> --
> Naomi Theora Most
> naomi at nthmost.com
> +1-415-728-7490
>
> skype: nthmost
>
> http://twitter.com/nthmost
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20140509/bf154bd2/attachment.html>


More information about the Noisebridge-discuss mailing list