|
Grex > Coop > #262: The problems with validation | |
|
| Author |
Message |
scholar
|
|
The problems with validation
| 
Jan 4 18:55 UTC 2010 |
For a number of months, Grex has required people to be validated after
creating their accounts before they can access the system in a useful way.
This was intended to prevent people from using greater access to abuse the
system. However, it seems that this purpose is not being met: at the recent
board meeting, one of the validators mentioned that on more than one occasion
a notoriously troublesome user had successfully been validated. With
validation as it is, it seems to me that any attacker with enough
knowledge and motivation to cause harm to Grex would also have enough
knowledge and motivation to get past validation.
There are many downsides to validation. It eats up volunteer time. It also
acts as a barrier to new users, who now have to discover the process, comply
with its conditions of entry, and wait for someone to make a decision. A
potential new user could justifiably view this process with some uncertainty,
since it requires them to wait an indeterminate amount of time, meet uncertain
conditions, and the validators may seem inaccessible. Given these added
barriers, new users are likely to go elsewhere. Additionally, it might stifle
open conversation; I think that over the years many users have created new
accounts to make comments they did not want tied to their regular identities,
but validation makes this more difficult.
Given that the current system of validation is ineffective, and that it
has many downsides, I think it should be disabled. If someone wanted to
harm Grex, they would have done it by now, since it would be trivial to
simply lie to get an account validated. At the least, I think Grex
should remove the procudure on a trial basis; it's easy to remove, and
it's easy to put back up if system abuse rises.
|
| 42 responses total. |
tonster
|
|
response 1 of 42:
|
Jan 5 02:41 UTC 2010 |
I agree. I don't think the validation system is really the deterrent
it's designed to be, and I think it does more harm than good.
|
kentn
|
|
response 2 of 42:
|
Jan 5 03:31 UTC 2010 |
It's not good if it chases the honest people away. It's also not good
if it lessens the Unix experience for those wanting to learn more about
it. When you come upon Unix for the first time, the last thing you
need is to jump through hoops in order to do an ls (most people are
confused enough). If it is not a deterrent to the vandals, then we
should evaluate whether it is doing more harm than good in the long
term. Still, no system is perfect and I'd hope any alternative isn't
worse. Dealing with people trying to bring the system down also takes
staff time.
|
unicorn
|
|
response 3 of 42:
|
Jan 5 04:47 UTC 2010 |
If vandals have gotten in, I think it was likely just to prove they
could. I haven't seen any actual acts of vandalism, though, but I'm not
so sure the current validation scheme would do much to deter a determined
vandal, anyway. Legal action is probably the only thing that would.
|
tonster
|
|
response 4 of 42:
|
Jan 5 09:19 UTC 2010 |
Anyone looking to do damage is more likely to see the validation as a
greater challenge rather than a deterrent. It would be better to report
these things to the authorities and providers than the current system,
IMO.
|
mary
|
|
response 5 of 42:
|
Jan 5 12:25 UTC 2010 |
It sounds like Tony would be on top of any vandal activity, as he's been
on M-Net. If that's what he has in mind I'd sure like to see us open the
doors.
|
kentn
|
|
response 6 of 42:
|
Jan 5 15:56 UTC 2010 |
I lump things like dumping hundreds of junk items into the conferences,
denial of service by using all ttys, and intentionally crashing or
hanging the system, to be acts of vandalism of a sort. I'm sure there
are other acts that would also qualify. Maybe there's a better term to
use to describe these acts, though.
|
unicorn
|
|
response 7 of 42:
|
Jan 5 16:43 UTC 2010 |
What I meant by my comment was that haven't seen any acts of vandalism
after the current validation requirements were in place, but I'm not so
sure the validation requirements are what has prevented those acts. I
certainly saw a lot of vandalism before that, though.
|
kentn
|
|
response 8 of 42:
|
Jan 5 16:54 UTC 2010 |
Okay, that makes sense.
|
tod
|
|
response 9 of 42:
|
Jan 5 17:45 UTC 2010 |
I hope Grex isn't banking on Tonster being the magic bullet for its
policy based problems.
|
tsty
|
|
response 10 of 42:
|
Jan 6 05:49 UTC 2010 |
ummmmmmmmmmm, i was a thte meeting and i have an mp3 of it as well.
i remember zip about validatoin allowingvandals in, but i may be wroing,
and i can say that the validation i hvae done has resulted in noe
vandals ... it -has- resulted in non-validatoin for a few logins thogh.
yeh, it tkaes some amount of my time but i consider that valuable
enough to continue to do it.
it also provides the oppeot9nity to establish a peson on the 'other end' who
converses with newuseres ... rather than an imperosnal, click-here, weldcome
to grex.
at a board meeingting 'we' might wnat to set up some boiler plate to add
to the personal touch.. i;ve been realtively careful with the tpyoing
on those, fwiw.
|
mary
|
|
response 11 of 42:
|
Jan 6 12:09 UTC 2010 |
So what's the deal with that mp3? I'd like to see it go up, public, just
as the Grex meeting itself was public. Board meetings should be open,
welcoming and transparent.
Now, TS, you objected and for that reason it was up for the meeting but
taken down the next day. But now it's being passed around among friends?
Yuck. I'd like to just make it public and let anyone who wants to be
"present" at the meeting be able to be part of the process.
|