|
|
| Author |
Message |
| 25 new of 52 responses total. |
micklpkl
|
|
response 13 of 52:
| 
Dec 17 18:45 UTC 2003 |
Personally, I have sent extra money to cover the Paypal fees that are charged
to Grex. IIRC, you can send any amount you like via Paypal, though evidently
jep in resp:11 must've used an some URL that I'm not aware of.
|
aruba
|
|
response 14 of 52:
|
Dec 17 18:52 UTC 2003 |
I think both John and Mickey are correct - you *can* send any amount via
paypal, via http://www.cyberspace.org/grexmart/donate.html. But the link
at http://www.cyberspace.org/member.html doesn't allow you to change the
amount.
I agree we could do a better job with the links. I think John's ideas are
good ones.
|
jp2
|
|
response 15 of 52:
|
Dec 17 19:50 UTC 2003 |
This response has been erased.
|
aruba
|
|
response 16 of 52:
|
Dec 17 20:12 UTC 2003 |
Oh for Christ sake, Jamie, no personal information was ever available
online and you know it. You're referring to the fact that I have data on
my machine, and my machine is sometimes connected to the internet. That
doesn't mean that the data is available over the net! I'll bet your bank
has numerous computers which are both on the internet and capable of
accessing your banking records. Does that mean your bank is
irresponsible? Why don't you go stand in front of it and hand out fliers
complaining that they've lied in their disclosure statements. Let us know
what happens.
|
jp2
|
|
response 17 of 52:
|
Dec 17 20:57 UTC 2003 |
This response has been erased.
|
willcome
|
|
response 18 of 52:
|
Dec 17 23:26 UTC 2003 |
jp2's a millionaire!
|
scg
|
|
response 19 of 52:
|
Dec 18 02:01 UTC 2003 |
re 16:
If you're running Windows and aren't *very* careful about applying
security patches promptly, the answer is probably that any data on your
computer is reasonably easily accessable whenever you're on the Net.
Banks and the like, which have historically relied entirely on firewalls for
protection of PCs, have had some significant problems with this recently,
since a lot of the recent Windows worms have had no trouble at all getting
around firewalls.
|
jep
|
|
response 20 of 52:
|
Dec 18 10:48 UTC 2003 |
The e-mail I received, letting me know it was time to renew my
membership, had a link to Paypal which had a hard-coded $60 in it. I
just used that and didn't look beyond it.
Using the link was as simple as it could have been. Adding options
would complicate matters, and I don't know if it would be worthwhile
overall. I just know if other options were available, I'd probably
have used one of them.
|
jep
|
|
response 21 of 52:
|
Dec 18 10:50 UTC 2003 |
re resp:12: I'd overlooked the perks of membership. (-: I agree, a
no-ID membership would have to be without outbound Internet privileges.
I think it'd be worthwhile offering that as a contribution option.
|
aruba
|
|
response 22 of 52:
|
Dec 18 13:43 UTC 2003 |
Re #19: Steve is referring to Windows 2000ff, whereas I am running Windows
98, which is much stupider and therefore less exploitable. And I am up to
date on patches.
I don't want to do anything with the data that might compromise it, so if
there is a real issue here, I'll do what's necessary. But I bristle at
being called a liar for saying the data "is not stored on the net". It's
not, and never has been.
|
gull
|
|
response 23 of 52:
|
Dec 18 14:33 UTC 2003 |
Re resp:17: If you're hoping to only deal with companies that never put
your data through a Windows PC, all I can say is, "good luck".
Re resp:22: Windows 98 doesn't run most of the services that have been
compromised on NT, 2000, and XP, but it is vulnerable to some Internet
Explorer and Outlook Express exploits. (Note, too, that Microsoft is
dropping support for Win98 soon and will not be providing any more
bugfix updates.) The fact that you don't have any services running
doesn't help you when someone takes advantage of an IE bug to install
BackOrifice. There are at least three bugs in IE that have not been
patched yet and will allow a rogue website to install pretty much
anything on your computer. My advice at this point is for Windows users
to avoid IE and use something else, like Mozilla, Firebird, or Opera.
I think jp2 does have somewhat of a point, but the risk would be easily
mitigated just by keeping the membership info on removable media and
only having it in the computer when you need to work with it. I would
also hope you're only storing name and address info, not sensitive stuff
like credit card numbers, driver's license numbers, or SSN's.
|
aruba
|
|
response 24 of 52:
|
Dec 18 15:02 UTC 2003 |
We don't have any credit card numbers or social security numbers. We do
have drivers license numbers. I don't use Outlook Express and only use IE
when Opera and Netscape won't work on a particular site. (Try using Opera
on microsoft.com sometime - you get a teeny-tiny font that's illegible.)
I think putting the database on a floppy sounds like a good way to have data
corruption problems, and it's not a good solution for large databases. I
guess I could put it on a keyring data chip, and keep it with me at all
times, but that seems a little paranoid to me.
|
gull
|
|
response 25 of 52:
|
Dec 18 15:17 UTC 2003 |
My concern isn't that you have it on your person; I'm not worried about
physical attacks. I'm just suggesting that if it's not accessable on
the computer when you don't need to work with it, that greatly reduces
the window of time during which someone can gain access to the data.
|
jep
|
|
response 26 of 52:
|
Dec 18 15:25 UTC 2003 |
Mark, please don't let jp2 rile you. It doesn't seem to be his goal to
help Grex with anything. It seems to be his goal to pretend he knows
everything better than everyone else. Even if it would be a minor
improvement to security, I don't think anyone else expects you to go to
heroic efforts to protect Grex data. Just do what anyone would do in
these times; take ordinary, normal precautions and if a problem comes
up some day, we'll all deal with it.
If Jamie can post a piece of data from Mark's files about Grex (or e-
mail it to Mark), then I'll think he's uncovered a problem. Otherwise,
I'll think Jamie is just trying to stir up trouble where there is
none. Again.
|
carson
|
|
response 27 of 52:
|
Dec 18 15:40 UTC 2003 |
(I'd like the discussion to refocus on the initiative presented in
resp:0 and how modification of current policy may or may not benefit
Grex. I don't consider the security of gathered information to be
directly relevant to this discussion because even the initiative as
currently worded would require some information to be gathered.)
|
jp2
|
|
response 28 of 52:
|
Dec 18 16:03 UTC 2003 |
This response has been erased.
|
bhoward
|
|
response 29 of 52:
|
Dec 18 16:24 UTC 2003 |
Oh.
|
willcome
|
|
response 30 of 52:
|
Dec 18 19:01 UTC 2003 |
.hO
|
aruba
|
|
response 31 of 52:
|
Dec 18 21:24 UTC 2003 |
Maybe I wasn't clear, Jamie: personal data about members is not available on
the net, and never has been. I doubt your bank can claim as much.
|
jp2
|
|
response 32 of 52:
|
Dec 18 21:33 UTC 2003 |
This response has been erased.
|
jp2
|
|
response 33 of 52:
|
Dec 18 21:37 UTC 2003 |
This response has been erased.
|
aruba
|
|
response 34 of 52:
|
Dec 18 21:37 UTC 2003 |
What was it I said that made you think data was stored online?
|
gull
|
|
response 35 of 52:
|
Dec 18 22:56 UTC 2003 |
I hate to turn this into an argument about definitions, but it really
depends on what you mean by 'stored online'. jp2's argument is that if
the computer the data is on is ever connected to the internet, the data
is 'stored online'. I assume other people are arguing that the data is
not 'stored online' unless it's on a permanently-connected system. I
suspect the actual intent of the wording would be more accurately
expressed as, 'the data is not stored on Grex.'
|
tod
|
|
response 36 of 52:
|
Dec 18 23:01 UTC 2003 |
This response has been erased.
|
jp2
|
|
response 37 of 52:
|
Dec 19 01:20 UTC 2003 |
This response has been erased.
|