|
Grex > Coop12 > #127: Grex, once again, has pissed me off | |
|
| Author |
Message |
| 25 new of 184 responses total. |
jp2
|
|
response 128 of 184:
| 
Sep 9 15:24 UTC 2002 |
This response has been erased.
|
jmsaul
|
|
response 129 of 184:
|
Sep 9 16:17 UTC 2002 |
Re #127: #126 is a response to Russ' #117. I forgot, though, that Russ
never replies live -- he probably hasn't seen Jan's post yet.
|
drew
|
|
response 130 of 184:
|
Sep 9 19:06 UTC 2002 |
Re #120:
I'd like to know that too. Then I can let Russ have his plans for
$5/gallon gasoline and not care.
|
bhelliom
|
|
response 131 of 184:
|
Sep 9 19:12 UTC 2002 |
I do not see anything wrong with keeping this information while an
individual is a member. Once the membership expires the information
should be destroyed, even if the member in question intends to renew and
misses the deadline. Sure, it means they'll have to provide it all over
again, but it shouldn't be the treasurer's job to worry about that.
That's what happens when a membership or an account is allowed to
expire: you have to provide you info all over again.
I don't know if such a change in practice really requires and amendment
change and vote, simply a change in style of record keeping.
Second, I'd like to take the opportunity to thank Mark for all his hard
work. He didn't have to take on this challenge, and his efforts should
be better appreciated by all of you. Constructive criticism is all well
and good, but give him credit where it is due, and separate him from the
policy when you dismantle it piece by piece.
|
jmsaul
|
|
response 132 of 184:
|
Sep 9 20:09 UTC 2002 |
Please don't interpret anything I've posted as criticism of Mark. It isn't.
|
krj
|
|
response 133 of 184:
|
Sep 9 20:49 UTC 2002 |
One solution to the conflict would be to move towards winding up
outbound telnet access. With the replacement of Gopher by the Web,
there's not much publically available stuff out there for people
to telnet to any more. I can think of the telnet server
at Weather Underground (rainmaker.wunderground.com) and maybe the
UM/MSU/Wayne State catalogs are still telnettable.
As another example of telnet fading away:
If I recall correctly, Michigan State intends to discontinue
telnet access for the campus e-mail system at the end of this school
year.
The current users of outbound telnet could be grandfathered in,
or something, if you are worried about inconveniencing anyone.
This would be somewhat in accordance with Grexian principles, in
that it would remove a distinction in system privileges between
members and non-members.
|
polytarp
|
|
response 134 of 184:
|
Sep 9 21:03 UTC 2002 |
jp2; how would you build a URANIAUM BLOW I
H
I
R
O
S
H
I
M
A
boom?
|
cross
|
|
response 135 of 184:
|
Sep 9 21:58 UTC 2002 |
Regarding #75; Well, how come ID is only required for outbound network
access, then? *All* users around here get access to compilers, etc.
And the public access kiosks at Columbia allow one to run Java in a
browser; practically the same thing as giving shell/compiler access.
|
cross
|
|
response 136 of 184:
|
Sep 9 22:24 UTC 2002 |
Regarding #131; Yes, Mark does an excellent job, and his performance
should be commended. This discussion isn't a criticism of him or his
hard work; it's about grex policy. ``Play the puck, not the man,'' as
my friend used to say about hockey.
|
other
|
|
response 137 of 184:
|
Sep 9 22:27 UTC 2002 |
You're telling me that public kiosks on the campus of Columbia allow
anonymous public access and allow saving of files onto them? Do they
have cd/disk drives or e-net ports so walk-up users can download data
they grab from the web, or upload their keystroke loggers?
And as for our compiler access, we do a pretty good job of securing our
own machine, but since we can't rely on the rest of the world to do the
same, the founders felt that we had the responsibility to implement some
basic measures to reduce the likelihood of Grex being used as a base for
launching attacks on the Internet. Therefore, we're not too worried
about what you might do with programs you've compiled on our own machine,
because staff watches, and robocop watches, and our software is developed
and configured to minimize the possibility of serious mischief, so we
don't feel the need to ask for ID for compiler access, but if you go
thrashing about on the Internet from our machine, I think it entirely
reasonable that we should know just who you are. Even if you only go
gently tiptoeing about the Internet from our machine, I still think it
entirely reasonable that we should know just who you are, because we
don't know in advance what kind of use you'll make of our machine, and
it's a hell of a lot more practical to prevent a mess than to clean up
after it.
The simple fact is we're playing a numbers game. The vast majority of
users don't have any intention or desire to cause trouble, the same can
be said of the members group. If we offered no threshold, no challenge,
to those who DO wish to cause trouble, then we'd have a much higher
percetage of them on our system. Our measures will not prevent any and
all possible abusers or abuses, but they do a hell of a lot to reduce the
incidences we actually have to deal with. We still get at least 20 or 30
attempted cracks or attacks on any given day. If we eliminated our ID
threshold, nobody would even be able to use our system, we'd be so
overloaded with assholes with just enough knowledge to be dangerous (as
opposed to the kind we entertain now).
|
gull
|
|
response 138 of 184:
|
Sep 10 02:19 UTC 2002 |
Considering the number of people who try to compile IRC bots and such as it
is, even though they won't work, I'd agree with that assessment.
|
jmsaul
|
|
response 139 of 184:
|
Sep 10 02:41 UTC 2002 |
>If we eliminated our ID
>threshold, nobody would even be able to use our system, we'd be so
>overloaded with assholes with just enough knowledge to be dangerous (as
>opposed to the kind we entertain now).
Not proven. And again, there's a middle ground between allowing completely
anonymous access and making copies of people's drivers' licenses. Why do
you feel it necessary to argue the extremes, when the reasonable solution
is probably somewhere in the center -- take names and addresses.
|
mdw
|
|
response 140 of 184:
|
Sep 10 08:19 UTC 2002 |
We already ask for names & addresses (in newuser). Granted, it's
optional, but it's amazing how many vandals enter <something>. A lot of
it is obviously bogus, -- telephone numbers like "555-0000"), but even
*just* given the number of people who bring bots over, if we gave them
network access purely upon receipt of getting a name/address, we'd be
overwhelmed in no time at all. If we made an attempt to verify those
names/addresses (and I can't think of any free way to do so), that in
itself would consume massive amounts of someone's time, who would
probably quickly fall behind. The latter is something that virtually
every freenet did, after they discovered that offering free internet
access created too many problems.
That is just the bot problem. Vandals present yet another problem.
Vandals normally like to hop through lots of systems to hide their
tracks. I don't think they would have any problem supplying fake data
to us, if that were our policy. There are already web pages out there
that document all of this. We recently asked one site to take grex's
name off their list, on the grounds that we weren't actually useful for
"hop-through" use (and yes, thankfully, they did grudgingly remove our
name.)
|
robh
|
|
response 141 of 184:
|
Sep 10 09:14 UTC 2002 |
Re 133 - FWIW, I routinely use telnet from Grex to access my
other shell account (and vice versa) at least a few times a week.
|
russ
|
|
response 142 of 184:
|
Sep 10 11:34 UTC 2002 |
Re #139: You can "take" names and addresses, but how do you know that
they belong to the person requesting access? I could give you a thousand
names and addresses out of the phone book; it wouldn't mean anything.
If the person making the request obviously had possession of some official
document such as a driver's license (because they were able to copy it),
we've handled that issue.
|
mynxcat
|
|
response 143 of 184:
|
Sep 10 11:53 UTC 2002 |
How do you know its his driver's license. I could send in a copy of my
boyfriend's license, and grex wouldn't be any the wiser. How did getting the
copy od identification help? Grex still doesn't have the right information,
and even worse, has the potential to implicate a third innocent person. If
you're not going to do an actual verification that the person who's id is sent
in is the actual person going to use the account, I see no point in actually
collecting, and then storing, that information
|
scott
|
|
response 144 of 184:
|
Sep 10 12:29 UTC 2002 |
So is anybody going to enter a proposal, or we going to just argue the same
things over and over?
|
gull
|
|
response 145 of 184:
|
Sep 10 12:44 UTC 2002 |
Re #139: Nether.net was almost always unusably overloaded for exactly that
reason, in spite of having far more bandwidth than Grex. It isn't an
exactly parallel situation, since they allowed anyone who ran 'newuser' full
outgoing access. Still, it shows what can happen.
|
jmsaul
|
|
response 146 of 184:
|
Sep 10 18:09 UTC 2002 |
This response has been erased.
|
jmsaul
|
|
response 147 of 184:
|
Sep 10 18:10 UTC 2002 |
Allowing full outgoing access to anyone who runs newuser is just a bad idea.
|
mynxcat
|
|
response 148 of 184:
|
Sep 10 18:13 UTC 2002 |
I agree
|
flem
|
|
response 149 of 184:
|
Sep 10 18:28 UTC 2002 |
Wait, so we're not supposed to use ID to help prevent identity theft, because
someone could beat us by... committing identity theft?
|
mynxcat
|
|
response 150 of 184:
|
Sep 10 18:49 UTC 2002 |
Something like that. It sounds weird, but if grex is not going to be actually
verifying that id, I really don't see the point in collecting and storing that
id.
|
cmcgee
|
|
response 151 of 184:
|
Sep 10 18:55 UTC 2002 |
NO, NO! I need telnet.
I need telnet for weather, for access to UM emails, to play games on the
Internet, for a number of different reasons.
|
mynxcat
|
|
response 152 of 184:
|
Sep 10 19:00 UTC 2002 |
I think he meant no telnet for people who don't pay. Its not a good idea
giving *every* newuser telnet. Get it?
|