response 29 of 50:

Feb 23 05:08 UTC 1999

I just created the login "mpukk2" from the Melonite web page.
You do get what appears to be the standard Grex newuser page when you come
in this way.  
 
Hmmmmm.

response 31 of 50:

Feb 23 12:51 UTC 1999

Yes, I agree with Ken.  I anyone I'm providing free services too to recognize
that it's little ol' us, not somecompany in Europe.  The attitude of newusers
who come from that site is likely to be far less grex-community oriented if
they don't even know who we are.  

response 33 of 50:

Feb 23 16:00 UTC 1999

   These things suggest to me that the person is a kid somewhere
is Sweden playing around.

response 35 of 50:

Feb 23 19:31 UTC 1999

   Right -- and the account doesn't exist, unless its been changed in
the last 20 hours.

response 37 of 50:

Feb 23 20:14 UTC 1999

Re #27: I wasn't aware that there's a requirement to register the copyright
if you want to sue.  Lawsuits cost money, just as copyright registration
does...

response 39 of 50:

Feb 23 21:12 UTC 1999

Any time you see a form on the web, like Grex's newuser form, it is
worth recognizing that there are two completely separate things
happening here:  the display of the form, and the processing of the
form.  Webnewuser is a program on Grex that processes forms.  Anyone,
anywhere could put up a form that points to it.

There is no particular security issue here.  If you submit the form on
mpuk's page, the submitted data goes straight to Grex, just the same as
it would if you had submitted the same data using our form.  Webnewuser
is conscious of the fact that submissions may come from forms other than
ours and does all sorts of checking on the input (for example, it
doesn't assume that nobody will submit a login name longer than eight
characters just because the login box on our form is only eight
characters wide).

Nor does mpuk's page have any control over what happens after the form
is submitted.  What happens, if account creation is successful, is that
you see this page:

      http://www.grex.org/nu/welcome.html

This welcomes users to Grex, and gives a brief summary of the rules
(including the "no irc bots" thing).  It says:

        Grex is funded entirely by donations from its users, and
        staffed entirely by volunteers. We offer free access everyone
        in the whole world. We are poor as church mice. If you find
        Grex useful to you and i you are not poor yourself, we hope you
        will eventually consider supporting Grex by becoming a member.
        This will also let you vote in our elections, thus becoming a
        member of one of the world's foremost on-line democracies.

I suppose you could add something to this page saying we are not
affiliated with MPUK, but it hardly seems a big enough issue to be
worth mentioning.  I don't think the page sounds much like an MPUK
affiliate.  I don't think the copy of our newuser form is that big
an issue.

I certainly agree that we shouldn't allow people we don't know to go
around claiming that they are affiliated with us.  We first heard about
this from some people at some kind of internet-cafe who had actually
seen him building the site, which also claimed that they were
affiliates.  They were sending mail to the other "affiliates" to see if
any of the others had ever heard of him.  These people know who this guy
is, and are probably in a better position to act than we are. 
Contacting whomever is hosting these pages might also be useful.

response 41 of 50:

Feb 24 00:15 UTC 1999

Trademarks can either be registered (R) or unregistered (TM).  Both have legal
force, but registered trademarks are, for obvious reasons, easier to document.
It's been our position for a while that Grex is a trademark of ours.  We
should certainly tell them to stop using the name and logo.

About the grammar:  Yes, a lot of the grammar on that page looks strange from
an American perspective.  I was noticing the same thing about the newspaper
articles and such when I was in Britian.  As far as I can tell, the page has
perfectly valid British grammar.

response 43 of 50:

Feb 25 00:03 UTC 1999

http://v3.come.to/answers/5.html says that the .to top level domain 
belongs to the South Pacific Island nation of Tonga.  I wonder if 
anyone in or employed by Tonga cares about how their TLD is being used.

response 45 of 50:

Feb 26 03:23 UTC 1999

Depending on what browser is used, grex's web server ought to often be able
to see a REFERER header, which could be used to determine which site submitted
the form.  This could be used to display additional text in the cases where
grex gets a referer header which indicates the form from the rouge site
was used to get this account.

response 47 of 50:

Mar 8 03:39 UTC 1999

There's no reason to mess around with REFERER fields or cookies or
anything else.  A simple way, that would work with *all* browsers, is to
have wnu generate the form as well as process the posted data.  When it
generates the form, it can generate a pseudo-path (such as
http://www.cyberspace.org/cgi-bin/wnu/haponymarryoneway ), and when
cgi-bin/wnu is run, it can just look at PATH_INFO to pull out
haponymarryoneway and if that string "checks out", it knows the form
given to it came from wnu.  The "haponymarryoneway" string can be an
encoded and encrypted data string (or could even be just a keyed
cryptographic hash, such as hmac) of the ipaddress, timestamp, and
perhaps a hidden field nonce.  If the data doesn't match up, wnu could
return any sort of helpful error form.  A useful error form might ask
people to only link to the wnu's main page, include a pointer to the
main page, a pointer to more information about grex, a feedback form in
case people get that due to an overly clever anonymous proxy server, and
might even include a hidden copy of any fields someone filled out from
the "bogus" wnu main page with a pointer to the wnu main page.

response 49 of 50:

Apr 14 03:08 UTC 1999

Any progress on our "partner"?  :-)