|
Grex > Coop > #34: Cyberspace Communications and Grexserver security |  |
|
| Author |
Message |
| 25 new of 68 responses total. |
unicorn
|
|
response 33 of 68:
| 
Jul 27 18:27 UTC 2007 |
I might add that I was responding primarily to the following from krj:
*) It's hard to figure out what do to about defending Grex when
there is no clear consensus as to what Grex is, in terms of
services offered to users. Various stakeholders in Grex
see it as:
*) online community with BBS and party
*) email service
*) place to utilize basic Unix shell services
*) place to learn about Unix
The point I was trying to make is that I see it as "all of the above."
I guess I was also responding to the parts that said "axe e-mail
beyond within-Grex communication" and "getting rid of text interface
to conferences would allow you to move into the modern world".
|
krj
|
|
response 34 of 68:
|
Jul 27 18:40 UTC 2007 |
(I typed a response but will let others have the soapbox now.)
|
cross
|
|
response 35 of 68:
|
Jul 27 23:37 UTC 2007 |
Sorry, I'm late to the conversation. I was away for a few weeks doing USMC
stuff; now I'm back. Well, for a while; I'm going back onto active duty in
late September for more training, but that's a ways off.
Here are my opinions in a nutshell:
1) Turning off newuser isn't going to be particularly profitable, *however*,
newuser needs to be changed to not be so trusting. We should require
that a user already have an email address that we can verify before we
open up the system to them. We should use a CAPTCHA or something to
verify that users cannot script newuser. I don't think we need to
require money, but we do need to be a bit more restrictive.
Something that I have observed with respect to our vandal problems is
that the problems most visible to the active user community (as defined
by those that use party and read the conferences) are not caused by
random miscreants from the Internet, but rather from a few determined
users who know the system well. To me, it makes no sense to shut off
access to the system for the 50 or so mostly harmless folks who create
new accounts on grex on any given day to stop the one or two who are
annoying (and well known).
2) The problem with fixing our existing software isn't necessarily with
staff time (well, maybe for write; that's Jan's balliwick, and him making
changes to it has to happen on his schedule), but at least in the case of
the conferences, that we don't have source code to picospan. Sure, we
could try and make binary patches to it, but I'm not going to waste my
time doing that. If we had source to it, or moved to something else, I'd
be far more inclined to look into changing a few things (like, extending
the twit filtering capabilities so that spin's little games couldn't be
played again....This would have the additional benefit of not having
backtalk be hamstrung by the necessity of backwards compatability with
Picospan).
3) We do need more staff, *and* we need an intermediate level between user
and staff of folks who can police the system and clean up obvious things
without staff intervention. I kind of like Vivek's idea of `helpers.'
Additionally, such a thing could be used to funnel qualified folks into
the ranks of the root-privileged staff.
Okay, I'm still playing catch-up at work with email and what not, so I'm
going to take off for right now, but that's my first set of gut feelings....
|
maus
|
|
response 36 of 68:
|
Jul 28 06:17 UTC 2007 |
I would definitely apply for something like what Vivek and Dan suggest
(an intermediate demi-staff position); I would like to help, but am
uncomfortable having full-root access on a box on which I am not the
sole stake-holder. I know I over-react to things and am immature, the
combination of which makes me think I need to do more growing up before
considering volunteering for full-on staff.
Much as I am loathe to say this, I do think the modicum of anonymity
offered by the incumbant newuser script is causing more problems than
it solves. I feel dirty for saying this, but we may be at the point at
which we need to be able to tie users to real-life entities, though I
would also say that this information must be kept highly secure and off-
server, only for baffers.
|
vivekm1234
|
|
response 37 of 68:
|
Jul 28 09:59 UTC 2007 |
Guys a couple of things: The trouble with our temp fix is that trolls
can still write to /dev/log and dump fake messages into /var/log.
This is very dangerous for a number of reasons: Say troll doesn't like
someone. He could fake the entries on our box and then lie to the
noob's ISP and tell the admin to scp whatever and take a look at the
"logs". Poor little noob will get into a LOT of trouble, especially if
he is logging in from college. Noob will not have enough knowledge to
defend himself and the admin will assume that what he sees in
/var/log/messages is legit.
Now Scholar, when we were talking before the fight, suggested removing
(rw) for others, but then exim, named, and other apps will not be able
to log. He suggested we create a separate group called "logger" and then
chgrp logger /dev/log and then add exim, named, etc to logger. Is there
a downside to this?
|
ils
|
|
response 38 of 68:
|
Jul 31 14:31 UTC 2007 |
At the end of the day, no matter how much mary, maus, krj, vivek, steve,
and HCMS McGee want to play sysadmin, the only reason anyone is able to
access Grex right now is because the so-called vandal has apparently
decided not to prevent it, not because of anything staff or anyone else
has done. The most devastating 'attacks' -- the ones that prevented
people from accessing the system remotely -- would not even have
required the miscreant to have an account on the system. The syslogd
flooder 'attack' exploited a problem that was well known to steve
because he was told about it, but which he didn't bother to fix or warn
anyone else about for over a year. You folks can be as frustrated as
you want to be and implement as many community-killing but trivial to
bypass measures as you want, but as much as you might not like it, the
choices you have are to a) do nothing and hope it doesn't happen again
(which isn't as bad as it sounds, believe it or not) or b) find a way to
get someone who has time and commitment and (!) knowhow to block attacks
like this. I would strongly suggest adding unicorn to staff. He's
ignorant and naive as fuck (remember how his proposed solution to the
crapflood was to attempt to limit user input to a humanly possible
speed, a suggestion that was lulzy on all levels), but he seems to have
endless hours to commit to Grex, can figure shit out at times, and
totally gets off at the mere thought of being on staff. Flailing your
arms around wildly and hitting everyone but who you want to hit is an
option, but it's your worst one.
|
nharmon
|
|
response 39 of 68:
|
Jul 31 15:01 UTC 2007 |
Okay, scholar.
|
unicorn
|
|
response 40 of 68:
|
Jul 31 20:26 UTC 2007 |
#38: "The most devastating 'attacks' -- the ones that prevented
people from accessing the system remotely -- would not even have
required the miscreant to have an account on the system.
You admit you're a miscreant? And yes, I believe I know how you did
that. If I knew then what I know now, I might have even more proof
of your identity. But I believe I have enough as it is.
"You folks can be as frustrated as you want to be and implement as
many community-killing but trivial to bypass measures as you want,"
It is you who are killing the community. This system, like the rest
of the Internet, was built on trust. It is only because of people
like you that measures have to be taken to lock down things that
shouldn't have to be locked down. It's like how it used to be possible
for people to leave their cars and homes unlocked, but that is no longer
an option in most non-rural and even many rural communities.
"but as much as you might not like it, the choices you have are to a)
do nothing and hope it doesn't happen again (which isn't as bad as it
sounds, believe it or not) or b) find a way to get someone who has
time and commitment and (!) knowhow to block attacks like this."
It will never be possible to secure everything. I read a quote once
(I'm sorry, I don't know who said it) that said something like, "any
computer that is completely secure is completely unusable." It appears
that you are attempting to make grex completely unusable by exploiting
every perceived hole you can find, forcing staff here to try to plug
those holes. Some of them may need to remain unplugged, and legal
remedies undertaken instead.
"I would strongly suggest adding unicorn to staff. He's ignorant
and naive as fuck (remember how his proposed solution to the crapflood
was to attempt to limit user input to a humanly possible speed, a
suggestion that was lulzy on all levels), but he seems to have endless
hours to commit to Grex, can figure shit out at times, and totally
gets off at the mere thought of being on staff."
I don't have endless hours to spend. I don't like seeing the system
abused, and since no one else seemed to be able to do anything at the
time, I spent more time on here that I really would have liked, trying
to do my part in helping to remedy the situation.
And no, I don't "get off" on the thought of being on staff. I didn't
even consider volunteering until there were problems, and I saw that
there wasn't enough staff to keep on top of them. I volunteered once,
and have said little, if anything, about it since. I figured if they
wanted to take me up on it, fine, and if not, that's fine, too.
|
unicorn
|
|
response 41 of 68:
|
Jul 31 20:29 UTC 2007 |
Frankly, I was a little surprised to see everyone jump on my offer so
enthusiastically.
|
cmcgee
|
|
response 42 of 68:
|
Jul 31 21:04 UTC 2007 |
well, the times they are a'changin.
|
cyklone
|
|
response 43 of 68:
|
Aug 1 01:34 UTC 2007 |
We can only hope . . . .
|
cmcgee
|
|
response 44 of 68:
|
Aug 2 01:39 UTC 2007 |
I'm not sure I'm hearing strong consensus around some of these issues.
I am sure Board will discuss the options and make a decision.
If you have a solution to propose, let's hear it soon.
|
cyklone
|
|
response 45 of 68:
|
Aug 2 01:51 UTC 2007 |
I can't believe I'm writing this, but:
Grex needs more unicorns.
|
cross
|
|
response 46 of 68:
|
Aug 2 05:02 UTC 2007 |
I think we need to tighten the reigns of what totally unauthenticated users
can do. Maybe that means leaving all but a sandbox conference closed to those
who have not been `socially validated.' I think the following are given:
1) Email access is severely curtailed, as per the current proposals.
2) Write(1) and tel(1) access become `opt-in' instead of on-by-default.
3) webpage publication becomes a `socially validated' thing (to avoid
phishers.... phishermen?).
Really, it's not such a big change from what we do now. We're just saying
that to use the community services, you have to establish contact with the
community beforehand, as opposed to just being given the access. Here's the
analogy I'm thinking of:
Right now, Grex is kinda like an apartment building; the community functions
are like apartments within the building. Both the building and the apartment
have the door wide open. Anyone is free to wander in and poke around to his
or her content. We trust that most people are pretty nice and aren't going
to abuse this open access; unfortunately, that's not realistic anymore and
is really starting to break down. Now, we're moving to a model where still
pretty much anybody can get into the building (by creating an account) but
to get into the interesting apartments, you've got to knock. Anybody who
wants to can still get in; we're not discriminating, but we're sort of
guessing that those who want to knock over the furniture and piss in the
kitchen sink aren't going to knock for the privilege.
It seems pretty reasonable to me.
|
cmcgee
|
|
response 47 of 68:
|
Aug 2 13:52 UTC 2007 |
*spews her early morning coffee*
Cyclone, you made me spill my coffee!!!!
|
cross
|
|
response 48 of 68:
|
Aug 2 13:57 UTC 2007 |
http://youtube.com/watch?v=Q5im0Ssyyus
|
remmers
|
|
response 49 of 68:
|
Aug 2 14:20 UTC 2007 |
I tend to support the three-tier social validation scheme proposed
elsewhere for outgoing access. For today's internet, the fact that Grex
offers such services is of far less value anyway than it used to be as
they're widely and cheaply available elsewhere. We won't know for sure
if the validation process meets our expectations, has unforseen
consequences, needs fine-tuning, etc., until it's put into practice,
ofcourse. So I think it's time to move to the implementation phase.
Making tel and write opt-in is probably a good idea, and easy to
implement - you'd just need to edit the templates that newuser uses to
create the shell startup files so that they set "mesg n" on login.
Regarding the conferences - I hesitate to embrace making major changes
in access because:
(1) automated conference-trashing incidents such as the recent Agora
episode tend to be rare;
(2) the conferences seem to be doing pretty well right now - Agora is
mostly polite and interesting (aside from the tedium resulting from the
same well-socially-validated users taking incessant swipes at each in
the socio-political discussions), and conferences like Kitchen and
AA-Ypsi have recently taken on new life;
(3) I suspect that the biggest reason for the decline in conference
usage from its peak in the 1990s is due mainly to the fact that Grex has
all kinds of competition that it didn't have back then: internet
discussion forums and blogs are a dime a dozen, chat rooms are too,
instant messaging is ubiquitous, etc. Making conference access more
restrictive isn't going to change that fact.
I'm willing to be convinced otherwise, but I'm skeptical that making the
conferences tougher to get into will *by itself* lead to an increase in
the quality and quantity of discussions; it might have the opposite
effect of driving people to the competition unless we also take some
positive steps to increase the visibility and attractiveness of Grex as
a destination.
|
cross
|
|
response 50 of 68:
|
Aug 2 14:28 UTC 2007 |
That's true. I'm not sure they'd be tougher to get into, just tougher to
abuse.
|
eteepell
|
|
response 51 of 68:
|
Aug 4 23:04 UTC 2007 |
Question, how old were the accounts that were the historical source of
attacks? were they new users? 6 months old? a year old? Were they well known
users of the system with a good relationship with other members? Answering
this question might help a little. And if we cannot answer this question that
certainly begs another question. just a thought.
|
eteepell
|
|
response 52 of 68:
|
Aug 5 01:26 UTC 2007 |
Still here. I think the helper idea is great BTW, why not start with a
"helpdesk" conference, "users helping users"?
|
cmcgee
|
|
response 53 of 68:
|
Aug 5 01:42 UTC 2007 |
There is already an Info conference and and Intro conference, set up to do
the things you are suggesting for Helpdesk. We might see if there is a way
to direct people with new accounts to those conferences.
There are also 7 other computer related conferences, Graphics, Hardware,
Internet, Systems, Web, and two rather dated ones: Amiga and Micros.
|
eteepell
|
|
response 54 of 68:
|
Aug 5 04:20 UTC 2007 |
I've always used the "help" command in the shell, the old help archives, for
a start when I'm stuck. Suggest updating that with some very clear "if you
are still unsure, email help@grex.org or in the bbs "join info" for help from
other users". sound like a good start? This is one area that hasn't been
updated since '97, and the links there refer to some very old info often (case
in point, the FAQ still has the old sun/os box listed as the current
hardware). When we do get new users the help system is the first thing they
see, I'm thinking we should look long and careful on how it is presented. thx,
toodles.
|
unicorn
|
|
response 55 of 68:
|
Aug 5 05:45 UTC 2007 |
#51: Speaking of the abuses I've seen here (which are the most recent
ones, anyway), the attacks have been from long-time users who are very
familiar with the system who create new accounts to hide behind
(presumably to try to keep from getting banned from grex). These new
accounts have generally been used immediately, or very soon after
creation. When the accounts are disabled, they just create new ones
when they want to attack again. This protects their well-known accounts,
from which they deny all culpability.
|
denise
|
|
response 56 of 68:
|
Aug 5 19:14 UTC 2007 |
Hmm, I've never been to the Info or the Intro conferences; just haven't
ever realized the need to. Perhaps checking them out would help [and
maybe these can be posted in the item in general about conferences to
join-as a possible way to get or provide assistance?]
|
gelinas
|
|
response 57 of 68:
|
Aug 5 23:06 UTC 2007 |
(The 'helpers' conference can also be interesting.)
Yes, the accounts used for abuse are generally "throwaways." Often, many
will be created at once and then used as necessary: When one gets locked,
another becomes active, and some are still idle when newuser gets shut off.
|