mdw
|
|
response 123 of 163:
| 
Sep 27 08:04 UTC 2000 |
I've been one of the people pushing the hardest for not having an AUP,
so I suppose I better explain why. Actually, I had a partial
explanation above, but I expect it may not have been obvious. In the
society in which we live, people are used to having lots of codified
rules, and used to the concept that they can argue themselves out of a
bind by finding a loophole in the rules. Rules are a common attribute
of a large and impersonal environment, so when people see rules, they
stop thinking they might be hurting another person or that they might be
dealing with people, and start thinking that nobody is going to notice
or care, and that any harm done will be diluted by the shear numbers of
people it might affect. Worse yet, in this society, we have a bunch of
people who have learned not only to argue with the rules, but to enjoy
arguing about rules. It's awfully easy, especially with a system of
this type, to get sucked into a huge argument over things - of which
this item is only a *tiny* tiny example of what this can be like.
Twinkie, above, makes the disingenuous suggestion that staff should not
be the ones that "decide what is wrong". The reality is, that's not
possible, especially in an organization the size of grex. The reality
is, staff, as the people involved with actually keeping the system up,
are naturally going to be the people who first find out about these
kinds of things, and as such are naturally already going to have to make
a determination as to whether something is a problem or not. That is a
determination of "right & wrong" that is simply inescapable. There are
a number of other things that radiate off of this. One of them is that,
depending on the nature of the problem, it may be appropriate to make a
determination of policy. This may be a matter for staff to resolve
amongst themselves, for the board to resolve, or in some case to be a
matter to be discussed in co-op. The board has the ability to oversee
staff & decide if staff should have consulted them, & the membership at
large has the ability to oversee the board & see if they made the right
decisions. In making a policy determination, staff & the board, as a
matter of practice, prefer not to discuss specifics of cases - not only
because this may violate the privacy of the culprit, but also because
the culprit may misinterpret the resulting publicity as a "reward" for
doing wrong and so may do more bad, and because in some cases there may
be security weaknesses that the staff/board would prefer not to
publicize. Another thing that radiates off the original problem is
deciding what to do to "fix" the problem. Staff have a variety of
remedies, with different timelines, available to them. No one remedy is
suitable to every problem, or even repeat occurences of the same
problem. Staff uses their judgement of the situation to decide what to
do - as overseen by other staff members, the board, & less directly the
membership. The third part of the problem is providing an "appeal"
process in case the culprit doesn't like the original determination.
That "appeal" process, on grex, is the co-op conference. It's not agora
because there are a lot of people on grex who don't really care how
policy is decided or implemented, and the idea is not to scare those
people away with a bunch of irrelevant crap. This appeal process is
always available, but staff doesn't always say that; generally, it
depends on when they think the person might not honestly know either
what they did was wrong or how to go about appealing a decision, and
also, necesarily, on the communications possible with a particular fix.
I also ought to say something about "changing files" thing. This is a
rememdy I came up with. We had quite a few problems with people
("strangers") who would log in and do various bad stuff. (mass mail,
www images, eggdrop, etc.) Various other staff members experimented
with a number of other remedies that we already had in our arsenal.
That included, sending mail to the person (usually ignored), writing to
the person while online (doesn't work if they're not logged in, time
consuming, and not always practical), kicking them off (they oftentimes
just logged right back in), and deleting the account (drastic, and
sometimes they just ran newuser & got right back on.) I think there a
variety of reasons why this failed. In some cases, I think it was
simply ignorance (gosh, my connection went away. I'll just log back
on), and in some cases there may have been a genuine language barrier
(gosh, i don't know what that means. I'll ignore it, maybe it will go
away), but in many cases, especially the repeat customers, I think it
was a sort of willful ignorance (I got away with it the last time, and
they *can't* do anything to me anyways, so I'll just ignore it and that
will work this time too.) I wanted something that was less drastic and
didn't destroy any information, hard to ignore, yet effective at getting
across the notion that we really were serious about the problem, and
most importantly, getting across the notion that yes, in this game of
magic, it's not just that we're card sharpers, and it doesn't matter if
they're a Unix god elsewhere, here we're the magicians and they don't
stand a chance, no matter how much sneaking and cheating they do. In
the discussion above, I got the feeling people were thinking that we
were patching binary executable files, and destroying information. This
is never the case, because if nothing else, it's entirely too
time-consuming. Most often, the offending "executable" is actually a
small shell script, and what we might do is insert a few lines that read
something like
echo 'THIS IS NOT AN ACCEPTABLE USE OF GREX.'
or perhaps
echo 'DO NOT SEND MASS MAIL FROM GREX'
very likely followed by
exit 0
Usually these scripts are 5-20 lines, so we are not in any case talking
about the creative effort of a mona-lisa, but for the good it does, the
original script is still all there. I don't think we've collected any
statistics on the effectiveness of the various remedies, but my feeling
is this remedy is a lot less drastic than deleting the account, or the
file in question, is more obvious the latter, is more likely to be
understood by the culprit than an e-mail message of *any* length, &
generally, but not always, effective at getting the message across. It
works best with strangers who *think* they understand what Unix system
administrators can and can't do, and are all prepared to deal with
deleted accounts and the other usual solutions.
Now, in this particular case, we have Master Willard. So far as the
mass tel's & the idle cheat, sorry, but nobody on staff thought that was
even worth a 2nd thought concerning the policy on them. Someone who
genuinely thinks they ought to be allowed on grex is welcome to enter
such a discussion in co-op, but I predict that's going to be a pretty
hard sell to the membership on grex. There's been enough other
discussion regarding other forms of spam, and having user limits in the
first place, that I feel pretty safe in my prediction. Willard's
contributions to the conferences certainly altered the staff response;
normally, people who cause these kinds of problems are "strangers" and
don't feel they are attached in any way to grex, or they are long-time
users, but just of e-mail, and in both cases they act differently, and
more predictably. The staff people involved knew Willard was going to
act differently, but nobody could think of a different solution that was
more likely to resolve the problem. So, the decision was made to treat
Willard like all the other cases. That meant first a warning e-mail
message, followed by escalation.
I hope this helps people to at least understand why things are the way
they are here. Everyone on staff & the board would be quite interested
to hear of any other remedies people can think of that we might have
done instead with Willard, and why those remedies might have been either
more or less effective.
|