|
Grex > Coop11 > #47: Banning a site from Grex; a discussion of when to do this | |
|
| Author |
Message |
| 25 new of 264 responses total. |
steve
|
|
response 78 of 264:
| 
Dec 4 15:24 UTC 1998 |
Rick, India is a very very different place. I can readily believe
it. I have a list, and some of them have alternate listings for email.
The actual block is being done with the Tcp Wrapper package, and
telnet, ftp, rlogin and finger are being blocked. Http access is not
being blocked, but they don't have many machines there that can do
that, as I understand it.
One of the reasons Grex is so popular, is that we're tremendously
well connected compared to them. We have a fast connection(!) such
that its extremely attractive to use us. So if they do have ready
email access there, it may well be the case that mail can arrive
here many times faster.
|
steve
|
|
response 79 of 264:
|
Dec 4 15:42 UTC 1998 |
I sent another mail off to the contact person. They are trying
to contact the people at the actual site, but so far they haven't
made a connection yet.
|
mta
|
|
response 80 of 264:
|
Dec 4 16:00 UTC 1998 |
My understanding from some conversations I've had with several gentlemen from
universities and corporations in India is that generally there is one e-mail
account for everyone and you find your mail by scanning the subject line for
your name. No privacy at all.
That was a couple of years ago,m and it may have changed -- but maybe not,
or maybe not everywhere.
|
senna
|
|
response 81 of 264:
|
Dec 4 16:12 UTC 1998 |
If that's the case, that would fully explain the desire to get email on here,
although I'm still not comfortable with grex being used as little more than
a giant email server.
|
krj
|
|
response 82 of 264:
|
Dec 4 17:30 UTC 1998 |
I should stop responding. I'm in a sour mood today.
|
jiffer
|
|
response 83 of 264:
|
Dec 4 18:23 UTC 1998 |
That makes wonderful sense to use a place like grex. However, let me put this
is simple terms for Richard's sake, if someone (or some people) are going to
harm grex, or potentially harm grex, then we should, at best block that site.
Its like in elemmentary school when Tommy wouldn't shut up in class so you
all had to write an essay. There, an comparison for those that didn't get
the logic of normal thought.
Well, hopefully the contact people did something about it so that it will be
fixed, otherwise I am sure its back to reblocking. =/
But there are several places to get free email, hopefully people will find
them.
|
steve
|
|
response 84 of 264:
|
Dec 4 18:43 UTC 1998 |
As I understand it, the contact people are establishing contact with
the administrators at the particular site.
|
steve
|
|
response 85 of 264:
|
Dec 4 18:46 UTC 1998 |
If I'm reading peoples thoughts correctly, we should re-open the site
after I've written tha mail to be sent to all accounts (and reviewed here)
and put a message in the MOTD.
Correct? If so, I'll be starting this tonight when I get home.
|
dpc
|
|
response 86 of 264:
|
Dec 4 19:23 UTC 1998 |
Correct.
|
rcurl
|
|
response 87 of 264:
|
Dec 4 19:39 UTC 1998 |
ASAP, please.
|
cmcgee
|
|
response 88 of 264:
|
Dec 4 20:50 UTC 1998 |
Yes, #85 is what I understood we agreed to.
|
scg
|
|
response 89 of 264:
|
Dec 4 23:10 UTC 1998 |
I disagree. I don't think it would be a good idea to reopen stufff to that
site before we have confirmation that the administrators there are dealing
with the problem. This site was not blocked as a punative measure, where the
sentance would have a definite duration. This site was blocked because it
was becoming impossible to have Grex function well for the rest of its users
while allowing that site to access us. At this point, we have somebody
upstream from there saying he's trying to contact people, but we still haven't
gotten any response from administrators actually at that site. We certainly
haven't gotten any confirmation that anything to improve the situation is
being done. As far as I can tell, the situation that cuased us to need this
block really hasn't changed. It's looking like it may, and when it does, of
course we should open things back up.
|
mdw
|
|
response 90 of 264:
|
Dec 4 23:16 UTC 1998 |
It is trivial to type in a fork bomb. This response is *much* larger
than a fork bomb. Blocking ftp will not impede any vandal wanting to
run a fork bomb on grex.
|
aruba
|
|
response 91 of 264:
|
Dec 4 23:54 UTC 1998 |
Re #89: But if we open up the link for a bit, and let the people from that
site see their mail, they will get the message we've worded here and then
hopefully pressure their administrators into taking action. In other words,
opening up the site again is a way to accomplish the goal of getting something
done about the vandals.
|
remmers
|
|
response 92 of 264:
|
Dec 5 01:11 UTC 1998 |
Re resp:89 - The reason for reopening is not because anybody thinks
the problem is solved.
|
scg
|
|
response 93 of 264:
|
Dec 5 01:34 UTC 1998 |
I know we're not opening this up because anybody thinks the problem is solved.
That's what I'm objecting to.
|
steve
|
|
response 94 of 264:
|
Dec 5 03:50 UTC 1998 |
I hear what Steve is saying.
Are there other people who agree that this shouldn't be lifted?
I'm working on the mail anyway.
|
steve
|
|
response 95 of 264:
|
Dec 5 04:24 UTC 1998 |
I'm talking to someone from IIT now; it's VERY interesting.
I'll report when I'm done.
|
krj
|
|
response 96 of 264:
|
Dec 5 05:32 UTC 1998 |
My own cynical belief is that we will lift the site ban; some vandal
from that site will attack grex again; and we will reimpose the site
ban. However, as there seem to be 1000+ Grex users from this site --
presumably at least some of them nice people -- we need to lift the
ban, at least for a little while, to explain what has happened to
them, and to allow the legitimate users to download their e-mail and
make other arrangements.
And this is another reason to use the MOTD to communicate with the users
at this site: composing and sending the e-mail is adding days to the
interruption these users are seeing. The ban has been on for a week;
it would be good if Grex were prepared to lift the ban for Monday
morning, Indian time.
|
mdw
|
|
response 97 of 264:
|
Dec 5 05:55 UTC 1998 |
Would you like to be one of the people who cleans up after fork bombs?
|
steve
|
|
response 98 of 264:
|
Dec 5 06:10 UTC 1998 |
Well, I got the name of the director of computing, and what may
be a good email address for this person. I'm going to see if that
does any good.
There apparently is a mail machine there, but the person I talked
to just got mail dated November 17th, today. Small wonder then, given
the glacial speed of the machine that they'd be trying to use anything
else.
|
krj
|
|
response 99 of 264:
|
Dec 5 06:35 UTC 1998 |
No, I do not want to be the person who cleans up after fork bombs.
Yes, I realize that I am asking you, the staff, to clean up after
one more inevitable fork bomb from this site, for the cause of
sending a message to a very very large number of grex users.
I'm not going to go to the mat for this, though; but other responses
in this item have convinced me that Grex owes this large block of
users the minimum politeness of explaining the termination of
our relationship.
Here's some off the wall proposals. Disable the C compiler for a couple
of days. Disable newuser for connections originating from this site,
and move the users from this site into a group whose permissions
are drastically cut.
|
steve
|
|
response 100 of 264:
|
Dec 5 07:30 UTC 1998 |
I think it would be better to simply lift the ban, and see what
happenes after sending mail to all of them.
We could do things as you suggest, but I think thats more work
than cleaning up after them. And, sets a precident of tweaking
that I don't think we should do. If things come down to it, cut
access off cleanly, and simply ban them.
But I'm thinking that with a little luck we can deal with this
problem.
|
rcurl
|
|
response 101 of 264:
|
Dec 5 08:02 UTC 1998 |
I agree that the mail should be loaded and then the ban lifted. STeve
seems both very able and willing to handle another fork bomb for the sake
of getting the message out to such a large constituency. If another fork
bomb does occur, and we impose the ban again, at least thousands will know
why, and I would expect that it would be interesting to *be* at that site
to see the uprising against the vandals by the many responsible users.
|
mdw
|
|
response 102 of 264:
|
Dec 5 10:19 UTC 1998 |
It's pretty trivial to write a fork bomb in assembler too. Or ftp a
binary over. Or to use "adb" to compose one here. Or to send one over
as a MIME attachment, or to use http: to fetch one. So "fixing" this on
grex to make it impossible for someone to ship over and run a fork bomb
on grex is not a trivial exercise. The problem is here is that you're
breaking a fundemental design principle of grex, and in order to "fix
it", you pretty much have to rethink every single software decisions
we've made on grex.
It would be simpler to just teach grex to do something more intelligent
about fork bombs to start with. Long ago, I did, in fact, do some
kernel hackery on the m-net altos to do just this; I patched bits of the
OS to notice when memory seemed to be getting a bit short, and to locate
the most greedy normal user and to kill everything they owned, violently
and with much prejudice. Doing this sort of thing took a *lot* of work,
and would be significantly harder to do on grex today. We have, in
fact, implemented some things that make fork bombs not as bad as they
used to be (like we don't have to reboot the system to fix them), but
doing much better than this requires a *lot* of very specialized hard
work.
It is worth remembering, too, that fork bombs are just one form of
denial of service attack. There are also network flooding tricks that
can be done. Network flooding problems can't be solved on grex. The
only way to stop them is to wait until "they" get tired, block them
somewhere far enough downstream that they can't dam up legitimate data
traffic, or beg their ISP to stop the problem. Technical fixes only go
so far.
Yes, we could start fiddling with newuser & permissions, so that we
could gain the effective ability to deny random 164.100.*.* users access
to grex. It would really be rather a lot of work, as we take on the
responsibility to act as parents to non-native speakers of english
located about as far away as you can get from grex and still remain on
this planet. There *are* people who thrive on this sort of power trip.
Fortunately, none of them are on grex staff, and I am not surprised to
discover krj is not one of those people either.
|