SecWG Meeting Notes 2014 05 01

From Noisebridge
Jump to: navigation, search

crw [7:10 PM] i'm going to transcribe salient points, as i can

crw[7:10 PM]- need a handy list of folks to contact in case there's a problem

nthmost [7:11 PM] AWESOME

crw [7:11 PM] - list of folks who have keys for physical access? any currently persona non grata?

crw[7:12 PM]

crw[7:13 PM]- sid will not wear a docent vest, officially.

crw[7:14 PM]the concept of a docent creates a position of authority which can be exploited/abused

crw[7:16 PM]kiosk at front w/ an irc client and/or slack access - maybe use as a majordomo?

crw[7:16 PM]"area hosts"

crw[7:17 PM]"reasonableness as a service"

crw[7:18 PM]:grinning:

crw[7:19 PM]logs vs. anonymity in the space. consistency, recognizable faces.

crw[7:20 PM]slack API for suggestion box. "like google forms, but different"

crw[7:21 PM]NB ticket system

crw[7:21 PM]ticketing systems for NB has been discussed at least once before.

crw[7:23 PM]"if it didn't happen on the mailing list, it didn't happen"

tdfischer [7:24 PM] ++++1

crw [7:24 PM] logging

crw[7:25 PM]

crw[7:25 PM]

crw[7:26 PM]those are unrelated to the subject we're discussing, they appear to be infosec

crw[7:26 PM]"TODO: implement communication protocols: smoke signals & tcp over carrier pigeon"

crw[7:29 PM]docentry is a fragile system

crw[7:29 PM]who can make guarantees to the community? probably only the board.

crw[7:30 PM]

crw[7:30 PM]the wiki is a fragile system

crw[7:31 PM] YouTube jerkyboyz1 the jerky boys security service

crw[7:32 PM]"security service? yes, i'm very insecure"

crw[7:32 PM]NB lockable at night?

crw[7:34 PM]locking the member shelves?

crw[7:34 PM]security vs. anonymity

crw[7:35 PM]inter-group collaboration

crw[7:36 PM]are we deprecating the lockers already?

crw[7:38 PM]actionable: make a kiosk

crw[7:40 PM]i'm having a moment of cynicism, here.

nthmost [7:40 PM] yeah?

crw [7:41 PM] yeah i think we're missing some fundamentals. i don't feel having a kiosk is going to stop our more severe and chronic physical security problems.

nthmost [7:41 PM] Speak up!

crw [7:44 PM] WONTFIX

crw[7:45 PM]it's been about 6 months i've been in the space, does the internal door on the 3F lock at all? or is it just the gate?

crw[7:47 PM]"should" is a curse word

nthmost [7:47 PM] heh

crw [7:47 PM] being discussed: 2-factor auth w/ key & electronic

nthmost [7:48 PM] such a neat idea

crw [7:48 PM] theft

crw[7:48 PM]sleeping at the space

crw[7:48 PM]unauthorized access to other parts of the building

crw[7:49 PM]misuse/unsafe use of materials

crw[7:49 PM](interference on mumble, can't hear at present)

crw[7:50 PM]interference gone

crw[7:54 PM]helpful messaging for safe/DM/danger zones

crw[7:55 PM]shelf rotation

crw[7:57 PM]"trust is earned"

crw[7:57 PM]"trust but verify"

crw[7:58 PM]re-up sponsorships for associate memberships to keep relationships fresh, help build community?

crw[7:59 PM]"you get the security you deserve"

crw[8:00 PM]cultural responsibility

crw[8:00 PM]membership shelves as exemplar. glass walls and maglocks?

crw[8:01 PM]ioerror would shit a brick re: biometric at nb

crw[8:06 PM]TODO: what are the things we said we'd implement and didn't?

crw[8:08 PM]re-keying the first floor door?

nthmost [8:08 PM] the inner doors, not the gate door

crw [8:09 PM] oh man.

crw[8:09 PM]what about the 3F door?

crw[8:09 PM]what's the lock status on that? and the elevator area

nthmost [8:09 PM] the 3F door is lockable

nthmost[8:09 PM]problem is that the elevator situation is problematic

crw [8:09 PM] yes

crw[8:11 PM]layered security: YouTube Peter Lalic "Get Smart" title sequence [High Quality]

crw[8:12 PM]we've got a psyops infiltrator working for the aliens.

crw[8:13 PM]this just in: noisetor is a honeypot

crw[8:14 PM]this conversation has enough trigger words in it that the NSA will now be paying attention to @nthmost's mumble server.

nthmost [8:15 PM] hahaha

nthmost[8:15 PM]true

crw [8:15 PM] reaffirmation of previous security resolutions, revitalization of docent program, and the SuperKiosk.

nthmost [8:16 PM] Indeed!

crw [8:17 PM] :trollface:

tdfischer [8:17 PM] :doge:

adrian [8:17 PM] *reads*

crw [8:20 PM] most of the things in quotes were my own internal monologue

crw[8:21 PM]and nearly everything else was paraphrased. i'm not an unbiased note-taker.

nthmost [8:21 PM] The notes were a source of amusement, thank you

crw [8:22 PM] :grinning:

crw[8:23 PM]i'm going to need to think more about the whole securing-the-member-shelves thing.

nthmost [8:23 PM] What do you think about that?

crw [8:25 PM] ambivalent. unless you wanna fork out a large amount of money, any wall will be one i can put my foot through if i wanted. feels like security theater. the real answer is of course cultural, but that's not exactly easy. familiar with broken windows theory?

nthmost [8:25 PM] Ah

nthmost[8:25 PM]yes, for sure

crw [8:25 PM] so, yeah. we continue having these problems because we continue having these problems.

nthmost [8:25 PM] Yeah. Part of all of this stuff is just the idea of doing SOMETHING

tdfischer [8:26 PM] the first rule of tautology club is the first rule of tautology club

nthmost [8:26 PM] hahaha

crw [8:26 PM] +1 :grinning:

crw[8:27 PM]so we totally avoided threat modeling discussion, but i guess that's something to work up to.

nthmost [8:27 PM] That's totally okay

nthmost[8:27 PM]We had a productive conversation, new ideas, etc

nthmost[8:27 PM]Wish I weren't so sleepy!

crw [8:28 PM] i missed what, exactly, was said about aliens. but i think i'm glad i did.

nthmost [8:28 PM] NOthing of consequence.

crw [8:31 PM] gonna grab a quick bite to eat and think this over some more.

nthmost [8:31 PM] cool

nthmost[8:31 PM]are you going to come to the space anytime soon?

crw [8:31 PM] i probably should, just to meet folks.

crw[8:32 PM]i really am a hermit by choice, though.

nthmost [8:33 PM] You should!

crw [8:50 PM] ok so, i just drew a box and cut it into quadrants. the columns are for "2169 Mission" and "Inside NB Space", the rows are "members/associate members" and "non-members/guests"

crw[8:50 PM]and this is somehow related to security, i think.

crw[8:50 PM]what goes inside the boxes at the intersection of these things and what are the security ramifications?

crw[8:51 PM](this is an open question, im pretty mentally spent for today)

adrian [9:06 PM] is it still going on?

crw [9:09 PM] nah, finished around the time you were reading up the chat log

nthmost [9:09 PM] yep

nthmost[9:09 PM]nice clean hour

slackbot [9:09 PM] Breakfast is the most important meal of the day.

adrian [9:09 PM] damn

adrian[9:09 PM]I just connected

nthmost [9:09 PM] ugh, turn that stupid slackbot off

adrian [9:09 PM] heh

adrian[9:09 PM]how'd it go?

nthmost [9:09 PM] Breakfast is the most important meal of the day TO SKIP

nthmost[9:09 PM]fixed it.

adrian [9:09 PM] heh

crw [9:10 PM] a pot of coffee counts as breakfast, right?

nthmost [9:11 PM] nope

nthmost[9:11 PM]coffee and cream are "free"

nthmost[9:11 PM]I mean, if you're trying to suck up to someone that thinks breakfast is important

nthmost[9:11 PM]then yes, coffee is breakfast.

adrian [9:12 PM] heh

crw [9:12 PM] i keep a supply of instant coffee so i'm caffeinated enough to make proper coffee.

crw[9:14 PM]but back on topic, i think the meeting went well enough.

adrian [9:14 PM] swet

adrian[9:14 PM]+e

crw [9:15 PM] got some solid things to follow-up on, should someone want to actually do that. i'm not sure naomi's got the bandwidth for it at present.

adrian [9:19 PM] Yeah

adrian[9:19 PM]She sounded like close ot bruning out :disappointed:

adrian[9:19 PM]to burning*

crw [9:19 PM] i'm looking through last year's consensus history now to see what was agreed upon re: physical security. i remember some of the discussions, but not the outcomes.

crw[9:20 PM]2013-11-12 JC It should be possible to secure Noisebridge when not in use. Noisebridge should be secured when not in use. All Noisebridge Members and Associate Members should have access to Noisebridge.

crw[9:21 PM]is "so say we all" the same as "consensed"?

nthmost [9:25 PM] You'd have to ask @flamsmark

crw [9:31 PM] so that item from JC is the only thing in the consensus history from last year that discusses physical security of the space (unless i missed something)

crw[9:32 PM](apart from the obvious anti-harassment policy and associate membership including access to the space)

nthmost [9:38 PM] OK, good

nthmost[9:38 PM]Thanks for checking!

crw [9:39 PM] also grep'd page for docent or redshirt and didn't come up with anything. so those must've been done do-ocratically.

nthmost [9:39 PM] Yes.

nthmost[9:39 PM]Completely.

nthmost [10:09 PM] When I left, Sid was putting together a kiosk

nthmost[10:10 PM]I said i would do it, but i cant realistically do it until next week, so.

crw [10:12 PM] what's it going to do?

nthmost [10:15 PM] That "send a report" functionality we talked about

nthmost[10:16 PM]at least, the hardware part. the interface, i dunno. at least the kiosk has a touchscreen

crw [10:18 PM] whatever happened to that dude hilaire?

nthmost [10:19 PM] dunno who that is

crw [10:20 PM] he was a mainstay for a while. didn't interview well for membership and was denied.

nthmost [10:21 PM] I must have missed that completely

tdfischer [10:21 PM] I thought he was pretty neat

tdfischer[10:21 PM]he sponsored my associateness

nthmost [10:22 PM] i was in Oakland April 2012 to April 2013, spent all my time and effort at sudo room

crw [10:24 PM] yeah i didn't have any problems with him, he just presented himself poorly at that interview

crw[10:24 PM]was unfortunate

tdfischer [10:24 PM] :<

crw [10:25 PM] not yet having met sid, he already reminds me of hilaire in some ways.

nthmost [10:54 PM] Let me guess, Tom was running that meeting.

crw [11:11 PM] no, actually.

crw[11:12 PM]was jarrod:

crw[11:12 PM]he had a fair hearing, just did a poor job advocating for himself. in a way, it might've been better if tom /had/ been moderating

crw[11:12 PM]less time taken, less chance to put his foot in his mouth

nthmost [11:13 PM] oh. huh.

crw [11:15 PM] oddly enough, that was also the meeting that discussed physical security at the space.

crw[11:15 PM]"Proposal to require a minimum number of members present for consensus blocked"

nthmost [11:15 PM] one of them -- I was at at least one of that series of meetings

crw [11:21 PM] you were actually there the first time i was ever at the space, apparently:

nthmost [11:22 PM] oh wow

crw [11:22 PM] was a great first experience. danny moderated the meeting and gave me a great big hug afterward for making it all the way through.

nthmost [11:23 PM] moving to #general ...

adrian [11:48 PM] yay

Today May 8th, 2014 -----

teratoma [12:35 PM] joined #security-wg

schuyler [3:35 PM] @crw: Thank you so much for your live notes during the meeting! Reading through them all now, and you seem to have recorded a great snapshot of what was discussed and some of the points of contention. Awesome of you.

crw [3:47 PM] oh, thanks. is another meeting scheduled for tomorrow?

nthmost [3:47 PM] not tomorrow -- I think every other week will do

nthmost [3:48 PM] set the channel topic: next mtg May 15 @ 7pm, Noisebridge. Mumbler server at