> Absolute nightmare.

Yes, but still probably a million times easier for both the building management and the software vendor to have a SaaS for that, than having to buy hardware to put somewhere in the building (with redundant power, cooling, etc.), and have someone deploy, install, manage, update, etc. all of that.

▲

jon-wood an hour ago | parent | next [-]

Its absolutely possible to have both a SaaS based control plane and continue functioning if the internet connection/control plane becomes unavailable for a period. There's presumably hardware on site anyway to forward requests to the servers which are doing access control, it wouldn't be difficult to have that hardware keep a local cache of the current configuration. Done that way you might find you can't make changes to who's authorised while the connection is unavailable, but you can still let people who were already authorised into their rooms.

▲

Ekaros 2 hours ago | parent | prev | next [-]

Easier maybe. But significantly worse. Parts of these systems have been build and engineered to be entirely reliable with automatic hand-overs when some component fails or with alternative routings when some connection is lost.

▲

potato3732842 2 hours ago | parent | prev | next [-]

>than having to buy hardware to put somewhere in the building (with redundant power, cooling, etc.), and have someone deploy, install, manage, update, etc. all of that.

You don't need any of that. You need one more box in the electrical closet and one password protected wifi for all the crap in the building (the actual door locks and the like) to connect to.

▲

Nextgrid 3 hours ago | parent | prev | next [-]

> with redundant power, cooling, etc

The doors the system controls don't have any of this. Hell, the whole building doesn't have any of this. And it definitely doesn't have redundant internet connections to the cloud-based control plane.

This is fear-mongering when a passive PC running a container image on boot will suffice plenty. For updates a script that runs on boot and at regular intervals that pulls down the latest image with a 30s timeout if it can't reach the server.

▲

onli 2 hours ago | parent | next [-]

What updates? That would be on a local network and have no internet connection, if done right.

	▲	csomar an hour ago \| parent \| next [-]
		I am guessing the main attraction of such a system is that owners can set the cards remotely and get data about it (ie: who accessed and when)
	▲	sofixa an hour ago \| parent \| prev [-]
		And? That doesn't mean, especially for a system with security impact (like door access), that it should never be updated.

▲

Telemakhos 2 hours ago | parent | prev | next [-]

You know what else would suffice plenty? Physical keys and mechanical locks. They worked (and still work) without electricity. The tech is mature and well-understood.

	▲	Nextgrid an hour ago \| parent [-]
		The reason for moving away from physical keys is that key management becomes a nightmare; you can't "revoke" a key without changing all the locks which is an expensive operation and requires distributing new keys to everyone else. Electronic access control solves that.

▲

lazide 2 hours ago | parent | prev [-]

Those devices can be trivially power cycled, and won’t have as many issues with dodgy power. Some PC somewhere with storage is a bigger problem.

▲

Nextgrid an hour ago | parent [-]

> Some PC somewhere with storage is a bigger problem

Both an embedded microcontroller and a PC have storage. The reason you can power-cycle a microcontroller at will is because that storage is read-only and only a specific portion dedicated to state is writable (and the device can be reset if that ever gets corrupted).

Use a buildroot/yocto image on the PC with read-only partitions and a separate state partition that the system can rebuild on boot if it gets corrupted and you'll have something that can be power-cycled with no issues. Network hardware is internally often Linux-based and manages to do fine for exactly this reason.

▲

lazide 38 minutes ago | parent [-]

PCs are orders of magnitude more complex, with a lot more to break. Sounds like a whole lot of work for… what?

Assuming the internet connection and AWS work of course. Which they won’t always, then oops.

	▲	Nextgrid 30 minutes ago \| parent [-]
		If you're relying on AWS you either way have a "PC" to relay communication between AWS and the keycard readers & door latches.

▲

quickthrowman 24 minutes ago | parent | prev | next [-]

Cooling for a card access system?

A card access system requires zero cooling, it’s a DC power supply or AC transformer and a microcontroller that fits in a small unvented metal enclosure. It requires no management other than activating and deactivating badges.

There is no reason to have any of the lock and unlock functionality tied to the cloud, it’s just shitty engineering by a company who wants to extract rent from their customers.

▲

csomar 2 hours ago | parent | prev [-]

The system was not built with resiliency in mind and had no care/considerations for what a shit-show will unfurl once the system or the link goes down. I wonder if exit is regulated (you can still fully exit the building from any point using the green buttons and I think these are supposed to activate/still work even if electricity is down).

> Yes, but still probably a million times easier for both the building management and the software vendor to have a SaaS for that, than having to buy hardware to put somewhere in the building (with redundant power, cooling, etc.)

A isolated building somewhere in the middle of the jungle dependent for its operation on some American data-center hundreds of miles away is simply negligence. I am usually against regulations but clearly for certain things we can trust that all humans will be reasonable.

	▲	HWR_14 2 hours ago \| parent [-]
		In the US, the answer is that exit would have to work in the event that AWS is down or power is out. Some exceptions exist for special cases.