Grex Agora35 Conference Item 21

0-24

25-49

50-74

75-99

100-124

125-149

150-163

Author

Message

25 new of 163 responses total.

response 100 of 163:

Sep 26 20:32 UTC 2000

I know.. you poor thing, Michael. These people are horrible for picking on
you like they do. 

Especially when picking on includes messing with your files without asking
nicely.

willard

response 101 of 163:

Sep 26 20:47 UTC 2000

What did I ever do to them to deserve this?

response 102 of 163:

Sep 26 20:50 UTC 2000

Beats me. I think you were nice to them and it ruined their stereotype of
'meanie MNetters', so they backlashed and started hating you. It sucks to be
a scapegoat.

jerryr

response 103 of 163:

Sep 26 20:53 UTC 2000

i can understand why some morons might think it's cute to ignore my legitimate
questions, but it smacks of the height of hypocracy when a grex member's
questions are ridiculed and go unanswered.

willard

response 104 of 163:

Sep 26 20:55 UTC 2000

I'm getting pretty sick of it.  Almost to the point where I'm about
ready to go away and never come back.

scott

response 105 of 163:

Sep 26 21:00 UTC 2000

Jerryr, you are correct in that there is no formal set of rules for Grex. 
It's very informal instead.  I can see how that might worry people, since if
you don't know the exact rules you don't know if you are in violation (or if
you are missing something that *is* allowed but you didn't know about it).

That's part of Grex.  If you are a member, you could have the subject voted
on by the membership.  

However, as it turns out, you can presently assume that Grex is less anal than
M-Net about "offensive" users.

response 106 of 163:

Sep 26 21:01 UTC 2000

*Bullshit*.

Come back and post when you're not smoking crack.

tod

response 107 of 163:

Sep 26 21:06 UTC 2000

That's a bold statement from a recent offending staff person of Grex.
Sheesh. Why change the subject to M-Net when the questions are
in regards to Grex's AUP?

scott

response 108 of 163:

Sep 26 21:15 UTC 2000

Why change the subject from the AUP to the same bullshit accusation of Grex
staff abuse, Todd?

And Kate, could you provide any specifics beyond parroting the willard party
line?

tod

response 109 of 163:

Sep 26 21:47 UTC 2000

Grex is fond of an anarchist AUP it seems.
Fine. Great response, Scott.

jp2

response 110 of 163:

Sep 26 21:47 UTC 2000

This response has been erased.

gull

response 111 of 163:

Sep 26 22:13 UTC 2000

Most free systems I've been on dealt with this in the following way:

- They posted a statement saying there is never any guarantee of privacy for
any file on the system, that the system cannot be considered a secure
method of communications, and any email is subject to search if necessary. 
They did it in a much more legally robust bit of verbiage, though.  My
college's network AUP contains similar language.

- They arbirtarily removed files without warning, if the files were too
large or were something not permitted.

- They disabled all execute privilages on the home partition, and sometimes
disabled the ability to run shell scripts, as well.  Many didn't even allow
access to a shell prompt.

Now, obviously doing those things here would have made the entire situation
moot, but personally I like things better the way they are.

As far as there being no AUP, this does require a certain level of trust of
the staff.  I think it's a good tradeoff; when making an AUP, you remove all
ability of the staff to use judgement. They can't decide, "well, this person
broke the rules but didn't mean any harm, so we won't lock their account
this time," for example.  Once you have written rules, too, the tendancy
will be there for people to look for loopholes in them.  What Grex has isn't
an "anarchy AUP," as someone suggested; it's just that there's an implicit
assumption being made that most people will act reasonably, including the
staff.  On the whole this is true, but every once in a while we get a
Willard.

I'm very comfortable with Grex's stance on this issue, and I've never had
reason to be upset at the Grex staff's actions.  As far as what Willard had
happen, if it had been a text file or an email being edited by staff, I'd
see reason to be upset.  Executable code that's being run on the system is
quite another matter.

jiffer

response 112 of 163:

Sep 26 22:14 UTC 2000

Why is this such a big deal when it should involve simple common sense?  If
there is an idle time limit on grex, then you should not go out of your way
to "bust it".  It seems pretty obvious on that account.  So, people are
throwing stinking piles of poo on the walls for enjoyment now?

tod

response 113 of 163:

Sep 26 22:25 UTC 2000

It's worth addressing towards future conflict. Per example, if a
paying user finds that their files are being intruded by staff and
unchecked by an AUP then there is a privacy issue that should
be addressed. That's just one example of the type of red herring
that could emerge.

cmcgee

response 114 of 163:

Sep 26 23:18 UTC 2000

Let's not solve problems that don't exist.  If tod's scenario were to
occur, we could set up a policy at that time.

If we were to brainstorm every possible future scenario, and then develop
a policy to handle each of those future scenarios, we'd have such a
rule-bound system that we'd probably strangle ourselves.

carson

response 115 of 163:

Sep 26 23:51 UTC 2000

resp:64 (yes. no. you're welcome.)

mcnally

response 116 of 163:

Sep 26 23:57 UTC 2000

  I'm comfortable with trusting staff to generally do the right thing,
  but even though I have little patience for willard and his deliberately
  provocative behavior, I do think that going through someone's files 
  exposes the staff to more unwelcome criticism than simply giving a 
  final warning and then disabling the account if abuse (however defined)
  continues.

  Of course then we'd have whillard whining about how staff had silenced
  him for his behavior in agora, using his other misdeeds as a pretext.

  Bottom line?  Even if staff's actions *had* been personally targeted
  because of willard's public obnoxity (and that targeting has not been
  proven), willard is a poor candidate to seize the moral high ground..

keesan

response 117 of 163:

Sep 27 00:12 UTC 2000

At about 5 pm EST Willard announced that he was packing his bags and leaving,
so the problem should be solved.  Goodbye, Willard.

tod

response 118 of 163:

Sep 27 00:16 UTC 2000

Great, now how about pointing me to that AUP?

gull

response 119 of 163:

Sep 27 01:02 UTC 2000

Grex AUP:  Thou shalt play nice.

scg

response 120 of 163:

Sep 27 01:05 UTC 2000

As has been said, tod, there is no written AUP.  It lives in several peoples'
heads.  If you'd like to try to write it down, and submit it to the board or
membership for a vote, you're welcome to.

The Grex staff does take users' privacy very seriously.  If you've got a file
in your directory that's depermitted, and it's not an executable and you're
not running it, and you're not using the file in what looks like a deliberate
attempt to fill up the disk, and it doesn't look like a stolen passwd file
or a list of credit card numbers, nobody's going to look at it.  If you're
running something that appears to be trying to get around system security,
people are going to look at it.  In this case, it was pretty obvious what
willard was using his program for, so the staff members in question looked
at the file to confirm what he was doing, and then dealt with it.

twinkie

response 121 of 163:

Sep 27 04:25 UTC 2000

I think the issue is more *how* it was dealt with, rather than it being dealt
with. As in the example I posted, I was asked not to run a masstel script.
In willard's case, his script was modified by staff. Those are two drastically
different approaches to dealing with a problem. 

In my case, I asked to see the AUP, was told that there wasn't one, and got
some interesting e-mail to use for the future. In return, I voluntarily
stopped using the script, without saying "I'll never use this script."

In willard's case, his files were modified. (I'd say vandalized, as that seems
to be a popular Grex term, but I find it too cliche) There was no opportunity
for him to ask "What did I do wrong?", or to rectify the situation without
hard intervention. Admittedly, willard *should* know what was "wrong", but
again, it's not (or at least, shouldn't be) the staff's position to make that
determination.

rcurl

response 122 of 163:

Sep 27 06:40 UTC 2000

Also, children don't always understand when they are doing something wrong.

mdw

response 123 of 163:

Sep 27 08:04 UTC 2000

I've been one of the people pushing the hardest for not having an AUP,
so I suppose I better explain why.  Actually, I had a partial
explanation above, but I expect it may not have been obvious.  In the
society in which we live, people are used to having lots of codified
rules, and used to the concept that they can argue themselves out of a
bind by finding a loophole in the rules.  Rules are a common attribute
of a large and impersonal environment, so when people see rules, they
stop thinking they might be hurting another person or that they might be
dealing with people, and start thinking that nobody is going to notice
or care, and that any harm done will be diluted by the shear numbers of
people it might affect.  Worse yet, in this society, we have a bunch of
people who have learned not only to argue with the rules, but to enjoy
arguing about rules.  It's awfully easy, especially with a system of
this type, to get sucked into a huge argument over things - of which
this item is only a *tiny* tiny example of what this can be like.

Twinkie, above, makes the disingenuous suggestion that staff should not
be the ones that "decide what is wrong".  The reality is, that's not
possible, especially in an organization the size of grex.  The reality
is, staff, as the people involved with actually keeping the system up,
are naturally going to be the people who first find out about these
kinds of things, and as such are naturally already going to have to make
a determination as to whether something is a problem or not.  That is a
determination of "right & wrong" that is simply inescapable.  There are
a number of other things that radiate off of this.  One of them is that,
depending on the nature of the problem, it may be appropriate to make a
determination of policy.  This may be a matter for staff to resolve
amongst themselves, for the board to resolve, or in some case to be a
matter to be discussed in co-op.  The board has the ability to oversee
staff & decide if staff should have consulted them, & the membership at
large has the ability to oversee the board & see if they made the right
decisions.  In making a policy determination, staff & the board, as a
matter of practice, prefer not to discuss specifics of cases - not only
because this may violate the privacy of the culprit, but also because
the culprit may misinterpret the resulting publicity as a "reward" for
doing wrong and so may do more bad, and because in some cases there may
be security weaknesses that the staff/board would prefer not to
publicize.  Another thing that radiates off the original problem is
deciding what to do to "fix" the problem.  Staff have a variety of
remedies, with different timelines, available to them.  No one remedy is
suitable to every problem, or even repeat occurences of the same
problem.  Staff uses their judgement of the situation to decide what to
do - as overseen by other staff members, the board, & less directly the
membership.  The third part of the problem is providing an "appeal"
process in case the culprit doesn't like the original determination.
That "appeal" process, on grex, is the co-op conference.  It's not agora
because there are a lot of people on grex who don't really care how
policy is decided or implemented, and the idea is not to scare those
people away with a bunch of irrelevant crap.  This appeal process is
always available, but staff doesn't always say that; generally, it
depends on when they think the person might not honestly know either
what they did was wrong or how to go about appealing a decision, and
also, necesarily, on the communications possible with a particular fix.

I also ought to say something about "changing files" thing.  This is a
rememdy I came up with.  We had quite a few problems with people
("strangers") who would log in and do various bad stuff.  (mass mail,
www images, eggdrop, etc.)  Various other staff members experimented
with a number of other remedies that we already had in our arsenal.
That included, sending mail to the person (usually ignored), writing to
the person while online (doesn't work if they're not logged in, time
consuming, and not always practical), kicking them off (they oftentimes
just logged right back in), and deleting the account (drastic, and
sometimes they just ran newuser & got right back on.) I think there a
variety of reasons why this failed.  In some cases, I think it was
simply ignorance (gosh, my connection went away.  I'll just log back
on), and in some cases there may have been a genuine language barrier
(gosh, i don't know what that means.  I'll ignore it, maybe it will go
away), but in many cases, especially the repeat customers, I think it
was a sort of willful ignorance (I got away with it the last time, and
they *can't* do anything to me anyways, so I'll just ignore it and that
will work this time too.) I wanted something that was less drastic and
didn't destroy any information, hard to ignore, yet effective at getting
across the notion that we really were serious about the problem, and
most importantly, getting across the notion that yes, in this game of
magic, it's not just that we're card sharpers, and it doesn't matter if
they're a Unix god elsewhere, here we're the magicians and they don't
stand a chance, no matter how much sneaking and cheating they do.  In
the discussion above, I got the feeling people were thinking that we
were patching binary executable files, and destroying information.  This
is never the case, because if nothing else, it's entirely too
time-consuming.  Most often, the offending "executable" is actually a
small shell script, and what we might do is insert a few lines that read
something like
        echo 'THIS IS NOT AN ACCEPTABLE USE OF GREX.'
or perhaps
        echo 'DO NOT SEND MASS MAIL FROM GREX'
very likely followed by
        exit 0
Usually these scripts are 5-20 lines, so we are not in any case talking
about the creative effort of a mona-lisa, but for the good it does, the
original script is still all there.  I don't think we've collected any
statistics on the effectiveness of the various remedies, but my feeling
is this remedy is a lot less drastic than deleting the account, or the
file in question, is more obvious the latter, is more likely to be
understood by the culprit than an e-mail message of *any* length, &
generally, but not always, effective at getting the message across.  It
works best with strangers who *think* they understand what Unix system
administrators can and can't do, and are all prepared to deal with
deleted accounts and the other usual solutions.

Now, in this particular case, we have Master Willard.  So far as the
mass tel's & the idle cheat, sorry, but nobody on staff thought that was
even worth a 2nd thought concerning the policy on them.  Someone who
genuinely thinks they ought to be allowed on grex is welcome to enter
such a discussion in co-op, but I predict that's going to be a pretty
hard sell to the membership on grex.  There's been enough other
discussion regarding other forms of spam, and having user limits in the
first place, that I feel pretty safe in my prediction.  Willard's
contributions to the conferences certainly altered the staff response;
normally, people who cause these kinds of problems are "strangers" and
don't feel they are attached in any way to grex, or they are long-time
users, but just of e-mail, and in both cases they act differently, and
more predictably.  The staff people involved knew Willard was going to
act differently, but nobody could think of a different solution that was
more likely to resolve the problem.  So, the decision was made to treat
Willard like all the other cases.  That meant first a warning e-mail
message, followed by escalation.

I hope this helps people to at least understand why things are the way
they are here.  Everyone on staff & the board would be quite interested
to hear of any other remedies people can think of that we might have
done instead with Willard, and why those remedies might have been either
more or less effective.

bdh3

response 124 of 163:

Sep 27 08:08 UTC 2000

grex AUP:

        "Get along and play well with others  - or else"

As I have noted before the "AUP" policy in the 21st district of the
Chicago Police Department is engraved on the aluminium bats that some
officers carry in their trunks while on duty - its a very subtle play on
the phrase "trunk music".  "Play ball with the 21st, or we'll shove the
bat up your ass".  It works well in Chicagoland.  Grex is kindler and
more gentle.