| Grex > Agora35 > #21: An item in which Grex's staff crosses the line ... |
| response 118 of 163: | 
Sep 27 00:16 UTC 2000 |
Great, now how about pointing me to that AUP?
| response 119 of 163: |
Sep 27 01:02 UTC 2000 |
Grex AUP: Thou shalt play nice.
| response 120 of 163: |
Sep 27 01:05 UTC 2000 |
As has been said, tod, there is no written AUP. It lives in several peoples' heads. If you'd like to try to write it down, and submit it to the board or membership for a vote, you're welcome to. The Grex staff does take users' privacy very seriously. If you've got a file in your directory that's depermitted, and it's not an executable and you're not running it, and you're not using the file in what looks like a deliberate attempt to fill up the disk, and it doesn't look like a stolen passwd file or a list of credit card numbers, nobody's going to look at it. If you're running something that appears to be trying to get around system security, people are going to look at it. In this case, it was pretty obvious what willard was using his program for, so the staff members in question looked at the file to confirm what he was doing, and then dealt with it.
| response 121 of 163: |
Sep 27 04:25 UTC 2000 |
I think the issue is more *how* it was dealt with, rather than it being dealt with. As in the example I posted, I was asked not to run a masstel script. In willard's case, his script was modified by staff. Those are two drastically different approaches to dealing with a problem. In my case, I asked to see the AUP, was told that there wasn't one, and got some interesting e-mail to use for the future. In return, I voluntarily stopped using the script, without saying "I'll never use this script." In willard's case, his files were modified. (I'd say vandalized, as that seems to be a popular Grex term, but I find it too cliche) There was no opportunity for him to ask "What did I do wrong?", or to rectify the situation without hard intervention. Admittedly, willard *should* know what was "wrong", but again, it's not (or at least, shouldn't be) the staff's position to make that determination.
| response 122 of 163: |
Sep 27 06:40 UTC 2000 |
Also, children don't always understand when they are doing something wrong.
| response 123 of 163: |
Sep 27 08:04 UTC 2000 |
I've been one of the people pushing the hardest for not having an AUP,
so I suppose I better explain why. Actually, I had a partial
explanation above, but I expect it may not have been obvious. In the
society in which we live, people are used to having lots of codified
rules, and used to the concept that they can argue themselves out of a
bind by finding a loophole in the rules. Rules are a common attribute
of a large and impersonal environment, so when people see rules, they
stop thinking they might be hurting another person or that they might be
dealing with people, and start thinking that nobody is going to notice
or care, and that any harm done will be diluted by the shear numbers of
people it might affect. Worse yet, in this society, we have a bunch of
people who have learned not only to argue with the rules, but to enjoy
arguing about rules. It's awfully easy, especially with a system of
this type, to get sucked into a huge argument over things - of which
this item is only a *tiny* tiny example of what this can be like.
Twinkie, above, makes the disingenuous suggestion that staff should not
be the ones that "decide what is wrong". The reality is, that's not
possible, especially in an organization the size of grex. The reality
is, staff, as the people involved with actually keeping the system up,
are naturally going to be the people who first find out about these
kinds of things, and as such are naturally already going to have to make
a determination as to whether something is a problem or not. That is a
determination of "right & wrong" that is simply inescapable. There are
a number of other things that radiate off of this. One of them is that,
depending on the nature of the problem, it may be appropriate to make a
determination of policy. This may be a matter for staff to resolve
amongst themselves, for the board to resolve, or in some case to be a
matter to be discussed in co-op. The board has the ability to oversee
staff & decide if staff should have consulted them, & the membership at
large has the ability to oversee the board & see if they made the right
decisions. In making a policy determination, staff & the board, as a
matter of practice, prefer not to discuss specifics of cases - not only
because this may violate the privacy of the culprit, but also because
the culprit may misinterpret the resulting publicity as a "reward" for
doing wrong and so may do more bad, and because in some cases there may
be security weaknesses that the staff/board would prefer not to
publicize. Another thing that radiates off the original problem is
deciding what to do to "fix" the problem. Staff have a variety of
remedies, with different timelines, available to them. No one remedy is
suitable to every problem, or even repeat occurences of the same
problem. Staff uses their judgement of the situation to decide what to
do - as overseen by other staff members, the board, & less directly the
membership. The third part of the problem is providing an "appeal"
process in case the culprit doesn't like the original determination.
That "appeal" process, on grex, is the co-op conference. It's not agora
because there are a lot of people on grex who don't really care how
policy is decided or implemented, and the idea is not to scare those
people away with a bunch of irrelevant crap. This appeal process is
always available, but staff doesn't always say that; generally, it
depends on when they think the person might not honestly know either
what they did was wrong or how to go about appealing a decision, and
also, necesarily, on the communications possible with a particular fix.
I also ought to say something about "changing files" thing. This is a
rememdy I came up with. We had quite a few problems with people
("strangers") who would log in and do various bad stuff. (mass mail,
www images, eggdrop, etc.) Various other staff members experimented
with a number of other remedies that we already had in our arsenal.
That included, sending mail to the person (usually ignored), writing to
the person while online (doesn't work if they're not logged in, time
consuming, and not always practical), kicking them off (they oftentimes
just logged right back in), and deleting the account (drastic, and
sometimes they just ran newuser & got right back on.) I think there a
variety of reasons why this failed. In some cases, I think it was
simply ignorance (gosh, my connection went away. I'll just log back
on), and in some cases there may have been a genuine language barrier
(gosh, i don't know what that means. I'll ignore it, maybe it will go
away), but in many cases, especially the repeat customers, I think it
was a sort of willful ignorance (I got away with it the last time, and
they *can't* do anything to me anyways, so I'll just ignore it and that
will work this time too.) I wanted something that was less drastic and
didn't destroy any information, hard to ignore, yet effective at getting
across the notion that we really were serious about the problem, and
most importantly, getting across the notion that yes, in this game of
magic, it's not just that we're card sharpers, and it doesn't matter if
they're a Unix god elsewhere, here we're the magicians and they don't
stand a chance, no matter how much sneaking and cheating they do. In
the discussion above, I got the feeling people were thinking that we
were patching binary executable files, and destroying information. This
is never the case, because if nothing else, it's entirely too
time-consuming. Most often, the offending "executable" is actually a
small shell script, and what we might do is insert a few lines that read
something like
echo 'THIS IS NOT AN ACCEPTABLE USE OF GREX.'
or perhaps
echo 'DO NOT SEND MASS MAIL FROM GREX'
very likely followed by
exit 0
Usually these scripts are 5-20 lines, so we are not in any case talking
about the creative effort of a mona-lisa, but for the good it does, the
original script is still all there. I don't think we've collected any
statistics on the effectiveness of the various remedies, but my feeling
is this remedy is a lot less drastic than deleting the account, or the
file in question, is more obvious the latter, is more likely to be
understood by the culprit than an e-mail message of *any* length, &
generally, but not always, effective at getting the message across. It
works best with strangers who *think* they understand what Unix system
administrators can and can't do, and are all prepared to deal with
deleted accounts and the other usual solutions.
Now, in this particular case, we have Master Willard. So far as the
mass tel's & the idle cheat, sorry, but nobody on staff thought that was
even worth a 2nd thought concerning the policy on them. Someone who
genuinely thinks they ought to be allowed on grex is welcome to enter
such a discussion in co-op, but I predict that's going to be a pretty
hard sell to the membership on grex. There's been enough other
discussion regarding other forms of spam, and having user limits in the
first place, that I feel pretty safe in my prediction. Willard's
contributions to the conferences certainly altered the staff response;
normally, people who cause these kinds of problems are "strangers" and
don't feel they are attached in any way to grex, or they are long-time
users, but just of e-mail, and in both cases they act differently, and
more predictably. The staff people involved knew Willard was going to
act differently, but nobody could think of a different solution that was
more likely to resolve the problem. So, the decision was made to treat
Willard like all the other cases. That meant first a warning e-mail
message, followed by escalation.
I hope this helps people to at least understand why things are the way
they are here. Everyone on staff & the board would be quite interested
to hear of any other remedies people can think of that we might have
done instead with Willard, and why those remedies might have been either
more or less effective.
| response 124 of 163: |
Sep 27 08:08 UTC 2000 |
grex AUP:
"Get along and play well with others - or else"
As I have noted before the "AUP" policy in the 21st district of the
Chicago Police Department is engraved on the aluminium bats that some
officers carry in their trunks while on duty - its a very subtle play on
the phrase "trunk music". "Play ball with the 21st, or we'll shove the
bat up your ass". It works well in Chicagoland. Grex is kindler and
more gentle.
| response 125 of 163: |
Sep 27 08:09 UTC 2000 |
re#123: Marcus doesn't think too highly of lawers?
| response 126 of 163: |
Sep 27 08:29 UTC 2000 |
It's neither useful nor appropriate in this case, but I often have cause to think that Draco was on the right track.
| response 127 of 163: |
Sep 27 09:08 UTC 2000 |
Oh, I think lawyers have their place, alright. I just don't seem them as a form of entertainment.
| response 128 of 163: |
Sep 27 10:20 UTC 2000 |
You rate them less on the social scale than 'actors'?
| response 129 of 163: |
Sep 27 14:01 UTC 2000 |
re: #105 thank you for answering. not exactly the question i asked, but i think what you are saying is - members have redress thru a vote by other members and guests are s.o.l.. is that the way it is?
| response 130 of 163: |
Sep 27 15:19 UTC 2000 |
Heh... baffling with bullshit... no Jerryr, I really don't think that's what was either said or meant. Guests are not sol, however policy is voted on by members. Does m-net let mere guests decide policy? All this talk about grex's policy regarding files (didn't Mike himself say that he got e-mail back in June or July warning him?) and the AUP from those people who are considered to be primarily m-netters (especially the staff) just strikes me as the severest hypocrisy. Not that I expected otherwise.
| response 131 of 163: |
Sep 27 15:20 UTC 2000 |
Guests can become members instantly by paying for a membership. $6.00 for one month. After three months (or advance payment for three months) you can vote. Not a really high threshold for you or willard. Not a really high threshold for even exptremley low income people (equivaltent to a carton of cigarettes, a few video rentals, a couple Ann Arbor parking ticket).
| response 132 of 163: |
Sep 27 15:30 UTC 2000 |
re: 105 -- I certainly appreciate the time you took to explain the issue. However, I find it genuinely disappointing. In all seriousness, I thought this was one area where Grex had M-Net beat. By virtue of not having an AUP, I was of the belief that the only thing that would get you "in trouble", or otherwise bothered by staff, was intentionally causing the system to crash, or a real DoS attack. The impression I'm getting (and correct me if I'm wrong) is that there's an arbitrary enforcement of "common-sense" rules, and that actions against such rules are often arbitrary in and of themselves. Admittedly, I don't care enough about Grex to drop by coop and try to steer your policy. And apparently, it's been working for some time now. But on a moral level, I really think it's wrong.
| response 133 of 163: |
Sep 27 15:49 UTC 2000 |
the point of re #131 is what?
| response 134 of 163: |
Sep 27 16:23 UTC 2000 |
What she's saying is that if the lack of an AUP really bothers someone they can easily become a member and then propose that one be set in place. You're already a member, tod, so if it bothers you that much, go to coop and call for a vote. It's really that simple. The problem, of course, is that it takes some work. You have to carefully draft the proposal and then take the time to defend it in the coop item. I don't think you want to put in that much effort. Instead, you'd rather just whine about it here. Whining generally does not get results.
| response 135 of 163: |
Sep 27 17:02 UTC 2000 |
Strange...Grexers seem to whine so often... ;-)
| response 136 of 163: |
Sep 27 17:31 UTC 2000 |
what do you meaaaaaaaaaaaaaaaaaaaaan?
| response 137 of 163: |
Sep 28 00:08 UTC 2000 |
thanx for the invitation to join. i was just trying to determine if guests had the same standing as members. the same protections. i realize what it takes to be a voting member. i was seeking the "culture" here. how guests are viewed and treated.
| response 138 of 163: |
Sep 28 00:28 UTC 2000 |
There are good guests and bad guests. I treat good guests better.
| response 139 of 163: |
Sep 28 00:34 UTC 2000 |
Guests can always try to convince a member to champion their cause... I can't recall any specifics, but it's happened at least once in my memory.
| response 140 of 163: |
Sep 28 01:47 UTC 2000 |
I don't think most people look at someone's membership status before deciding how to treat them, so I suspect guests that stick around for very long get about the same treatment as members.
| response 141 of 163: |
Sep 28 02:32 UTC 2000 |
I'm really annoyed at having to read this crap -- which I do because I feel it is my responsibility as board chair to follow these discussions. Willard doesn't have a legal, moral or social leg to stand on in this issue, and in my opinion, anyone who thinks he does hasn't been paying attention. I am also tentatively of the opinion that parties supporting willard in his claims are merely stirring up the shit for their own entertainment. Well, if you are entertained by shit, I suppose 20th century television marketing has a success in you.
| response 142 of 163: |
Sep 28 06:37 UTC 2000 |
I don't think there's any reason to be annoyed. This is an educational process. There are things we do on grex that don't follow the "conventional" wisdom. They deserve explaining - and it is a good and healthy process for us to stop and ask ourselves "why" and "is this really the best policy" every so often. Even if the answer is "yes" it's still a chance for more people to learn the "why" behind things, and helps to spread knowledge of what grex is all about. One of the things we've always tried to do on grex is to have a low-overhead minimalist style of bureaucracy on grex where in fact a fair amount of "trust" is invested at a low level - this is very much the inverse of what has been the historical tradition on m-net. So their surprise in us should be no surprise to us.