[sudo-sys] Outer door access, DNS changes, new services, new mesh AP

[Andrew]

Thanks for the updates marc. Jake sent me the source code for the key pad
system noisebridge is using. If we can get an eithernet cable wired up we
can get that working.

Also i have a usb wifi. Ill bring it next time im at sudo
On Mar 2, 2013 5:17 PM, "Marc Juul" <juul at labitat.dk> wrote:

> Hiya sudo-sysadmins!
>
> First off: Sorry for this exceedingly long mail. Here's the summary:
> We set up the .sudo domain and a few new web services + a new mesh
> access point router for 510pen. Included is also an explanation of the
> outer door access system and what still needs to be done.
>
> I should have been sending mails incrementally as I was doing stuff,
> instead of one huge mail like this. I'll try to do better in the
> future.
>
> --
>
> I set up wolfie's proposed .sudo domain on the DNS server running on
> space.local, and pointed space.sudo and *.space.sudo to the
> space.local machine (192.168.1.3).
>
> Since mDNS and DNS can't co-manage .local, it makes sense to have
> normal DNS manage .sudo and mDNS manage .local.
>
> If you point a web browser to http://space.local or http://space.sudo
> you will get the same page: A simple html page with links to local
> services. For now it has things like:
>
>   http://track.space.sudo/ (qr-code item tracking)
>   http://pad.space.sudo/ (etherpad lite)
>   http://lib.space.sudo/ (library genesis, setup in progress)
>   http://map.space.sudo/ (tidepools decentralized map, setup in progress)
>
> These services are all hosted via apache, but some (track, pad) have
> built in web servers, so apache is acting as a reverse proxy.
>
> I thought about making the domains like pad.sudo instead of
> pad.space.sudo, but I think it's nice that the domain names tell you
> which computer the services are hosted on.
>
> I want to improve the http://space.sudo/ overview page in two ways:
>
> 1. I want to make it pull the static list of services from a wiki page
> so that everyone can edit it, but it will still be up when the
> internet or sudoroom wiki is down.
>
> 2. I want to make it dynamically list zeroconf services that are
> currently being announced on the network.
>
> Regarding outer door access: I had to partially disassemble the door
> and drill a few holes to put in the wire, since the door did not have
> any built-in wiring channels. The electric strike is mounted in the
> fail-secure mode (as opposed to fail-safe), which means that it will
> stay locked if the power fails, and power is required to open the
> door. This is desirable because the push-bar on the inside of the door
> mechanically overrides the electric strike, such that you can always
> get out, even when there is no power, and likewise the key will open
> the door from the outside without power.
>
> The box next to the outer door contains a 12 volt AC power supply
> which is hooked up to the electric strike in the door, and controlled
> by one of the GPIO pins on a raspberry pi. The raspberry pi is running
> raspbian, and control of the GPIO pin is handled with a python script.
> A usb wifi adapter is connected to the raspberry pi and set to run in
> master mode (access point mode), with the ssid "sudodoor". A so-called
> captive gateway is running. It's based on dhcpd and two python
> scripts: One is a simple DNS server that resolves all queries to the
> (static) IP of the raspberry pi's wifi interface, and another is a
> simple web server that asks for the secret password. If the correct
> password is entered, then the door opens. The user never gets
> "through" the captive gateway.
>
> This is highly insecure, since the password is transmitted in
> plaintext as a simple URL get request over an unencrypted wifi
> connection. It also sucks because there is only a single password for
> everyone instead of per-user passwords, and because it takes way too
> long go through the process of entering the building, and because you
> need a laptop or smartphone, and you need to wave around your laptop
> or smartphone in what is not the safest neighborhood and lastly
> because there is no battery backup so you cannot enter without a key
> if there is no power.
>
> I'd love to see three new access mechanisms: Magnetic stripe card, pin
> entry and RFID.
>
> Preferably, magnetic stripe and rfid should not be stand-alone access
> methods, but should be combined with pin entry.
>
> I'll likely put in an RFID reader within the next two weeks, but the
> other two methods require a wired connection to the outside of the
> door. I don't want to drill more holes in the door, so we need a hole
> through the wall. We need to talk to George (the landlord) about this.
>
> The sudodoor computer is not connected to the internet. Matt Senate is
> coordinating with George (the landlord) to run two ethernet cables
> from the door and up to sudo room. Once this happens, we will be able
> to set up a system for per-user passwords. We don't have any plans for
> any of this. If you have any ideas and want to work on it: By all
> means throw an email on this list, or talk to someone at sudo room, or
> just implement a solution and tell someone about it.
>
> We also need to put in a simple method for sudo room and a couple of
> the other tenants to buzz in people. Helping the other tenants get
> this system working was part of the agreement that got us a new
> electronically controllable door for free. It would be great if this
> buzzing-in solution does not rely on the network or computer being
> operational, such that it is very resistant to failures (leaving sudo
> room with less time spent on support for other tenants). I imagine a
> small timer chip connected to the door circuit and a long wire going
> to each of the tenants, with a button attached. One press will trigger
> the timer and open the door for e.g. 3 seconds. I'm not sure what to
> do about the intercom/phone system. I don't know who set up the phone
> in sudo room. We'd at least need to add a button on the street for
> each tenant so all phones don't ring every time.
>
> We also need a better box and cable management than the current
> carboard+duct-tape solution :-)
>
> We also really really need an off-site and off-line backup system for
> all servers in the space.
>
> Lastly, Mark Burdett put up a mesh router as part of the 510pen
> (five-one-open) mesh initiative. It's on the shelf above the server
> closet (with all the old telephone wiring). It may not yet be
> operational.
>
> Also: If any of you have one or more wifi usb adapters that you'd be
> willing to donate to the mesh initiative (or maybe you want to join
> the mesh group?), please contact me! We need them for testing and for
> the first rooftop link.
>
> Thanks!
>
> --
> Marc Juul
> _______________________________________________
> sudo-sys mailing list
> sudo-sys at lists.sudoroom.org
> http://lists.sudoroom.org/listinfo/sudo-sys
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sudoroom.org/pipermail/sudo-sys/attachments/20130302/3fad44cd/attachment.html>