|
Grex > Coop13 > #357: Member initative: Getting rid of ID requirements | |
|
| Author |
Message |
| 25 new of 58 responses total. |
scholar
|
|
response 26 of 58:
| 
Sep 4 04:41 UTC 2006 |
I'm glad you now agree that the ID requirement has deterred donations, though
I'm not sure why you think this hasn't hurt Grex.
|
steve
|
|
response 27 of 58:
|
Sep 4 04:43 UTC 2006 |
Sigh. Almost *any* policy in any endevour is going to have some kind
of negative effect. This was no different. What I am saying is that I
don't think it had a significant effect, compared to say our policy of
not allowing POP, for example.
|
naftee
|
|
response 28 of 58:
|
Sep 4 16:09 UTC 2006 |
re 21
Wow. That's perfect. So the only case that we know about of a person using
fake ID to become a member ended up being a person who was not a vandal. And
there has never been a case so far that the person who sent in valid ID to
become a member was caught vandalising and persecuted with help of that ID.
Clearly, the ID rule is in place not to deter vandals, but to deter people
who would donate money to GreX.
UDP flooders? A simple google search of "UDP flooder" brings up at least 3
websites with links to cracker programmes that do what you mention. A cracker
could go to an internet cafe and UDP flood to their heart's delight with those
programmes. GreX just isn't an efficient cracking platform anymore. It is,
however, a great teaching platform, as you mentioned. The extra priviledges
could be given to students who would like to do more with UNIX.
|
aruba
|
|
response 29 of 58:
|
Sep 4 17:37 UTC 2006 |
Again, the fact that Grex is not an efficient cracking platform doesn't mean
it isn't a potential cracking platform. I don't want us to be responsible
for helping someone do something illegal.
It's clearly a tradeoff: requiring ID hurts us in some way and helps us in
others. We're arguing about the amount it helps us and the amount it hurts
us, not whether it hurts us and helps us.
THe person who sent Grex a stolen ID didn't get a chance to do anything with
his membership privileges, because they were revoked as soon as I realized
the ID was stolen. So the example doesn't tell us anything about what kind
of people send in fake IDs.
But, I think the answer is, not many people are willing to send fake or
stolen IDs to Grex. And that's a good thing.
|
scholar
|
|
response 30 of 58:
|
Sep 4 20:04 UTC 2006 |
Nor are many people willing to use Grex as a 'cracking platform', but I bet
most of the people who do that would also be willing to send in fake ID.
Your contention that this is a disagreement about merely the degree to which
things help or hurt Grex mischaracterizes my argument. I believe the ID
requirement only hurts us, and that anyone willing to use Grex to do malicious
things is going to be more than willing to send Grex fake identification.
However, since most people don't seem to believe that, perhaps it would be
a better proposal to 'delink' membership privileges from network privileges,
allowing the latter only to those who have, at least in theory, had their
identity verified by Grex.
|
steve
|
|
response 31 of 58:
|
Sep 4 20:29 UTC 2006 |
I dunno Mark. This wasn't a problem until certain problem people
decided to make it a "problem".
|
kingjon
|
|
response 32 of 58:
|
Sep 4 20:34 UTC 2006 |
Re #30: 80% or more of the help requests I get (via "write help" -- and they
became so common this summer I started making my habitual first command on Grex
"mesg -h n") are asking for pointers on activities that either are or could be
interpreted as cracking. (I include "how to set up an IRC bot on Grex" in
"could be interpreted as".)
|
cross
|
|
response 33 of 58:
|
Sep 4 22:32 UTC 2006 |
Regarding #21; It's absolutely neat! But that doesn't justify the ID
requirement.
Regardig #29; I suppose the real question is, how can you substantiate the
claim that the ID policy does good, by preventing abuse? I think that it was
Mary Remmers who once said that a photocopy of my NYC Public Library card,
which pretty much just has a mag strip and says, "New York Public Library"
on it, would be acceptable ID. But there's really nothing on it that would
allow one to track it back to me. So, what's the point? In particular,
that's a completely ineffective form of ID, yet meets the requirements, so
the value of that ID is questionable, at best.
But anyway, if the ID policy has never been used, then there just isn't enough
data to say that it's really doing any good. It may be, but we can't say one
way or another. We all seem to agree that it does some amount of harm, by
discouraging at least some donators. I'll submit that that amount of harm
is probably relatively minor: I think very few people have objected so
strenuously. Now the question, however, does the potential for benefit
outweigh the established costs? I imagine it does, but clearly others
disagree. There's certainly no harm in discussing it. Which leads me to....
Regarding #31; Your anti-polytarp bias is showing. David can certainly be
a git sometimes, that doesn't make what he's talking about right now of any
less value. Theo De Raadt can be a HUGE git at times, yet you don't object
to running his software, after all.
|
nharmon
|
|
response 34 of 58:
|
Sep 5 01:30 UTC 2006 |
Am I the only one who is bothered by Steve's attitude torward legitimate
member proposals?
|
cross
|
|
response 35 of 58:
|
Sep 5 01:33 UTC 2006 |
No.
|
twenex
|
|
response 36 of 58:
|
Sep 5 01:40 UTC 2006 |
Git? lol. That's the first time I've heard an American use that word.
In case you're reading this, Rane, I used the word "heard" METAPHORICALLY,
ok?
|
cross
|
|
response 37 of 58:
|
Sep 5 01:43 UTC 2006 |
(I got it from Harry Potter)
|
aruba
|
|
response 38 of 58:
|
Sep 5 04:02 UTC 2006 |
Re #33: Mary was mistaken about your library card. See ~aruba/idpolicy for
the policy Grex adheres to in accepting IDs.
|
glenda
|
|
response 39 of 58:
|
Sep 5 07:49 UTC 2006 |
There is still the fact that Michigan State law requires that we keep and list
of member names and addresses.
|
cross
|
|
response 40 of 58:
|
Sep 5 08:06 UTC 2006 |
So you ask them for such; does Michigan State law require you to verify same?
regarding #33; Okay. But an officer of the corporate told me othewise while
she was an officer of the corporation. May I suggest, then, that future
officers are briefed on such things?
|
mary
|
|
response 41 of 58:
|
Sep 5 12:18 UTC 2006 |
Hmmm, I don't remember telling you such a card as you described would meet
our policy requirements. Is it possible we were talking about library
cards of a few years ago that tended to have a names and account numbers
on them?
|
nharmon
|
|
response 42 of 58:
|
Sep 5 12:21 UTC 2006 |
re 39: Glenda, can you cite the statute that requires Grex to keep and
list member names and addresses?
|
aruba
|
|
response 43 of 58:
|
Sep 5 13:15 UTC 2006 |
Nathan - it's been quoted in a number of other coop items in the past, but
I don't remember the number. It's part of a general law regulating
nonprofits in Michigan.
|
nharmon
|
|
response 44 of 58:
|
Sep 5 13:51 UTC 2006 |
Okay, I thought someone might have it handy, but here it is:
MCL 450.2413: "The officer or agent having charge of the shareholder or
membership records of a corporation shall make and certify a complete
list of the shareholders or members entitled to vote at a shareholders'
or members' meeting or any adjournment thereof. The list shall:
(a) Be arranged alphabetically within each class with the address of
each member or shareholder and the number of shares held by each
shareholder."
http://www.legislature.mi.gov/mileg.asp?page=getObject&objName=mcl-450-2413
I'm assuming Mark is said "officer or agent having charge of the
[...]membership records", and that certifying the list means making sure
it is accurate. If he requires ID to do so, then so be it.
|
nharmon
|
|
response 45 of 58:
|
Sep 5 13:52 UTC 2006 |
By the way, what happens if this proposal passes and it is in violation
of Michigan law? Is there a provision in the bylaws that cover such a
situation?
|
cmcgee
|
|
response 46 of 58:
|
Sep 5 14:50 UTC 2006 |
Just to clarify:
Anyone can make a donation to Grex. Cash in a plain envelope, sent to the
treasurer, with a note saying it is a donation, would be placed in our bank
account.
The ID requirement is for membership.
|
tod
|
|
response 47 of 58:
|
Sep 5 17:10 UTC 2006 |
re #44
Does Grex have a NOPP for members and would-be members so that they know their
personal data (name and address) is available to inspection by any member or
member's proxy at the meetings under 450.2413(c) and 450.2413(d)2?
I'm fairly certain most members are unaware that their personal home address
info is fair game for the rest of the membership.
|
jep
|
|
response 48 of 58:
|
Sep 5 17:33 UTC 2006 |
re resp:33: I think it's reasonable to take into account when someone
has been a harrasser of the staff and the general usership of Grex. I
think resp:31 reflects the assumption, reasonably based on past
behavior, that certain users including the author of resp:0 are
untrustworthy.
Scholar is one of 4 or 5 users on Grex whom I filter. Unfortunately he
is a member now and can further harrass us all with "user initiatives".
I will be predisposed to vote "no" on anything scholar recommends or
asks for.
|
tod
|
|
response 49 of 58:
|
Sep 5 18:12 UTC 2006 |
I don't find "user initiatives" as harrassment. These suggestions are lacking
cynical tones and while they may be "old hat" to some, they show a genuine
interest and should be given some attention.
|
naftee
|
|
response 50 of 58:
|
Sep 5 23:15 UTC 2006 |
re 46 Cash in a plain envelope sent by mail is illegal, just to clarify.
re 48 Please take your accusations of harassment out of this conference. We
are trying to have a serious discussion here.
|