response 51 of 110:

Sep 7 05:10 UTC 2003

Just to test out this Grex policy of forwarding e-mails and the like, just
yesterday afternoon I created a .forward file in naftee's home directory and
placed my e-mail address in there.  I then IMMEDIATELY afterwards sent a mail
to staff requesting that I stop receiving tons of spam from naftee@grex.org.
Staff (Valerie Mates) replied, stating:

I've turned it off, and reset the password for the naftee account.  It's 
Grex policy that in this situation, we'll assume that you can have control

of the account if you'd like (since people only forward their e-mail to 
their own other accounts).  Please let me know if you'd like the password 
for naftee sent to you.


This above message is very disturbing, and raises some important questions
that polytarp/dah hinted at and that  I would like answered.  Firstly, what
if I had purposely tried to harass a certain user by forwarding all my mail
to him/her?  That person would have immediate access to my old account and
my password, not to mention my files, etc.  Or, what if I had NOT forwarded
all my mail, but merely the spam that I had been recieving? Would staff had
checked this (procmail)?  I should think not. And finally, why was this all
done WITHOUT a warning? For example, it would have been trivial for the staff
to have removed the .forward (or .procmailrc , whatever) and sent a mail to
that user, asking them to stop, informing them of the consequences of their
actions, etc. etc.  I believe the staff does something like this for deleting
large files owned by a user. Actually, there's precedent above: Valerie Mates
did say she would return polytarp's account to him if he stopped sending mail
to staff. HMMM, shouldn't this be done BEFORE the account gets reset, the
files modified, etc. etc. ?

Also, please give me back my naftee account.  I apologise if all this has
caused any inconveniences, and strongly encourage the staff to look at  these
problems a little more closely.

response 53 of 110:

Sep 7 12:48 UTC 2003

Since can't randomly create .forward files in other people's accounts, I don't
see where the problem might be.  More specifically, I don't see how you can
get your account taken away without doing something of ill intent.

response 55 of 110:

Sep 7 17:08 UTC 2003

re 52 I forwarded the mail to myself because I didn't feel like losing an
account.  That has nothing to do with it.

re 53 I wasn't expecting it to be taken away, I was testing a hypothetical
situation.

re 54 Of course they don't give a warning in deleting big files, but what they
DON'T do is reset your password and send it to an alternate email address.
You all missed the point completey. The fact is that changing an account
password on the system and sending it to an offsite person is a very dangerous
thing, and should not be taken lightly.  If anothe staffer wanted to approach
this problem, I think they should have taken a closer look at the creation
date of the file and the date of the e-mail, and they would have clearly seen
that something fishy had been going on.  This should be the MINIMUM required
care if a root is going to do something as drastic as changing account
passwords.  I find it crass that the staff won't even consider deleting the
file first and giving a message, but just change the password.  And I won't
state again that this could be a privacy violation.  Read my response above.

Another funny thing.  When I entered party last night as asddsa, it was
automatically assumed by our good friend krj that I haddone something wrong,
that I had pissed people off, etc. etc.  Maybe that's why certain users are
so afraid of posting their opinions in the bbs.  I can't say I blame them.

response 57 of 110:

Sep 7 17:23 UTC 2003

I'm sure glad you're not my mom.

response 59 of 110:

Sep 7 19:17 UTC 2003

Regarding #56; Why?  Are you sure you want him driving?

response 61 of 110:

Sep 7 22:36 UTC 2003

(Is "contrained" actually a word, or are we having trouble
spelling "contraindicated"?)

response 63 of 110:

Sep 7 22:55 UTC 2003

-bash-2.05b$ ssh polytarp@cyberspace.org
Warning: Server lies about size of server public key: actual size is 767 bits
vs
. announced 768.
Warning: This may be due to an old implementation of ssh.
polytarp@cyberspace.org's password:
Permission denied, please try again.
polytarp@cyberspace.org's password:
Permission denied, please try again.
polytarp@cyberspace.org's password:


ARE YOU GOING TO RECOUP ME MY ACCOUNT OR NOT?!

response 65 of 110:

Sep 8 01:46 UTC 2003

OR MINE?!
login as: naftee
Sent username "naftee"
naftee@grex.org's password:
Access denied
naftee@grex.org's password:
Access denied
naftee@grex.org's password:
Access denied
naftee@grex.org's password:
Access denied
naftee@grex.org's password:
Access denied

response 67 of 110:

Sep 8 02:26 UTC 2003

65: I think this proves Valerie "Popcorn" (?) Mates is a liar.

response 69 of 110:

Sep 8 03:36 UTC 2003

re 67 Her web page proves that fact nicely.

response 71 of 110:

Sep 8 10:25 UTC 2003

Make that 14. ;-)

response 73 of 110:

Sep 8 15:36 UTC 2003

The main handler of Grex staff email (Steve Weiss) is on vacation.  He usually
processes the week's email each weekend.  Valerie was covering things for him,
but she has been hit by a heck of a lot of work this weekend.  It'll be a few
days before she can reply.

Naftee:  Staff has a heck of a lot of work to do dealing with real issues.
We really don't need to spend time playing games with you so you can "test
out the policy".  Golly, gee, big surprise, the policy is exactly what we
say it is!  You have to play games to determine this?

I dug through some staff mail and found this mail below.  It appears that
the new password for naftee has been sent to you.  The old password will not
be restored by staff, because staff doesn't know your old password.  You
need to use the new password that was emailed to log in.

From the message below, it appears to me that (1) your problem has been
resolved, and (2) you have managed to confuse Valerie with your stupid games
and (3) you have elicited from her a wholely undeserved apology.  She's
been way to polite to you throughout.

> From: <valerie@unixmama.com>
> Date: Sun, 07 Sep 2003 09:59:33 -0400
> To: "Jim Daloonik" <haveaniceday@yourmom.com>
> Subject: Re: Help Please!
> 
> OHHH!  I see -- I thought you were complaining that someone else had
> created an account on Grex, directed lots of spam to it, and then set it up
> to forward mail to you to harrass you.  In fact you were saying that naftee
> is your own account, and that people were sending lots of spam to it.  My
> apologies!!!!!  I'll go reset the password and send it to you in a separate
> message in a moment.
> 
> And the correct answer to your original message about receiving spam is
> that everybody else on Grex is getting way too much spam too.  Grex is
> slowly working toward switching to a more modern computer.  Once that
> happens, we should be able to put more modern anti-spam blocks in
> place.  In the meantime, you can forward spam messages (they must include
> complete message headers -- all the "received from" lines -- in order to do
> any good) to uce@cyberspace.org.  That address is a repository of
> spam.  Once in a while grex's mail guru goes through the mail in that box
> and looks for patterns that can be used to add new teeth to Grex's
> anti-spam filters.  When you forward mail to that address, you won't get
> any reply; the message is simply accumulated until someone on staff can
> take a look at it.
> 
> Again, I apologize for the confusion!!
> 
> -Valerie Mates
> Grex staff
> 
> At 09:54 PM 9/6/2003 -0700, Jim Daloonik wrote:
> >It would be greatly appreciated if I could have my account back, please.
> >
> > >Date: Sat, 06 Sep 2003 17:41:40 -0400
> > > "Jim Daloonik" ,  Valerie Mates  Re: Help Please!
> > >At 01:50 PM 9/6/2003 -0700, Jim Daloonik wrote:
> > >
> > >>help me please.  i'm getting tons of forwarded spam from naftee@grex.org
. > > >>help > > >>please. > > > > > >I've turned it off, and reset the
password for the naftee account.  It's > > >Grex policy that in this situation,
we'll assume that you can have control > > >of the account if you'd like (since
people only forward their e-mail to > > >their own other accounts).  Please let
me know if you'd like the password > > >for naftee sent to you.  > > > > >
>-Valerie Mates > > >Grex staff > > > > > > > >
>------------------------------------------------- > > >Valerie Mates, Web
Developer > > >http://www.valeriemates.com > > >valerie@unixmama.com > >
>(734) 973-2472, fax (501) 423-8432 > >
>------------------------------------------------- > > > > > > > > >At 01:50 PM
9/6/2003 -0700, Jim Daloonik wrote: > > > > > >>help me please.  i'm getting
tons of forwarded spam from naftee@grex.org . > > >>help > > >>please. > > > >
> >I've turned it off, and reset the password for the naftee account.  It's > >
>Grex policy that in this situation, we'll assume that you can have control > >
>of the account if you'd like (since people only forward their e-mail to > >
>their own other accounts).  Please let me know if you'd like the password > >
>for naftee sent to you. > > > > > >-Valerie Mates > > >Grex staff

I haven't a clue what is going on with the polytarp account.  I don't see
a request from dah for the polytarp password to be restored in staff mail.
Did Valerie have a way in mind to prove that 'dah' is 'polytarp'?  That's
usually required before resetting and mailing out a password.  I dunno.
You needn't bother trying to log in with the old password.  We don't know
the old password and can't reset it.  To reset the password, a new one will
be set and mailed to you.