We installed a single turnstile to feel secure

Posted by firefoxd 2 days ago

We installed a single turnstile to feel secure(idiallo.com)

258 points | 116 commentspage 3

mdavid626 7 hours ago|

I feel the same way. Once I worked with junior developer, who was really eager to develop stuff. He was tasked to create a development environment, where we can tests features. Nothing fancy, just some scripts and simple containers.

He used copies of the production database, but forgot to set the admin password. The machine in ec2, public on the internet.

It was fixed few weeks later. But the connection still doesn’t use SSL, sends passwords plain text.

Yeah, he doesn’t really like criticism about his work…

I always think about the phrase:

“Security is our highest priority”

Sure.

jp57 5 hours ago||

Am I the only one who finds this post weird because this is a solved problem? I've worked for 18 years at companies where everyone had to badge into every building. There have never been lines of people waiting to get in. Once I worked in a 12-story building. Of course, the badging wasn't in the elevators: the elevator lobbies on each floor had doors with badge readers.

The feel of the piece is that the entire effort was misguided, when the real story seems to be, "My company was somehow unable to implement something that every other company does easily."

jiggawatts 3 hours ago||

“If the security is not in your face, then it’s not sufficiently theatre!”

That’s a quote I tell security people in jest when they suggest yet another door literally or figuratively slamming in someone’s face to let them know that there is a security procedure in place.

Seriously though, “security” is an overloaded word used for two unrelated business goals:

1. Having security.

2. Appearing to have security.

The latter is strongly preferred by management that just wants someone else or something else to blame.

To reiterate: this isn’t an error! It’s done on purpose.

OutOfHere 7 hours ago||

If you as an employer are not doing physical engineering or working with large or unsafe physical objects, you don't need an office, period. For computer work alone, you don't need an office at all. If you fix the "office theater", the physical security problems disappear.

robomartin 8 hours ago||

Interesting. I have worked in ITAR environments with serious security and have never experienced 30 minute lines at the door. In fact, I can't remember lines at all. Hard to understand what happened here.

Was it really a single turnstile for a building with over 10 floors? That's kind of silly, isn't it? Mass transit operations have this figured out. Most recently for me, taking the monorail in Las Vegas for the CES show. No problems for the most part. It would be interesting to know what this company actually installed.

wildzzz 8 hours ago|

I don't see how any of this wasn't already a problem. In the story, everyone shows up to the office at the same time, how did they use to work out the elevator issue? This story has a bunch of AI telltales so I doubt it's real anyway.

TYPE_FASTER 6 hours ago||

In the story, they implemented table (building) and row (floor) level permissions simultaneously. So you had to swipe into the building, then in the elevator to get the elevator to stop at your floor.

I guess I could see contention possibly happening as described if everybody arrived almost simultaneously and both swiping points had very high latency. But why not keep the door checkpoints armed and disable the elevator swipes? That makes me think it's a contrived example.

heytakeiteasy 9 hours ago|

Security theater, perhaps. Don't underestimate the degree to which those turnstiles were intended to serve the purpose of tracking employees' movements.