Agenda for Grex BoD meeting: Sunday, May 20, 2007, 7 PM
1. Arrivals 7:00 PM
2. Opening Gavel Tap 7:30 PM
3. Treasurer's Report
4. Staff Report
5. Old Business
*Surplus - what do do with it.
1. Spam Filtering (being researched by staff)
2. New Motherboard/Memory (being researched by staff)
3. RAID Disks/Bigger Disks (being researched by staff)
* Internet Access Policy and Classes of Users (please see
coop:407 for discussion)
6. Schedule Next Meeting
7. New Business
8. Closing Gavel Tap
The meeting will be held at 208 N Grove St, Ypsilanti, MI. All are
welcome.
23 responses total.
Here's something else I'd like to address: I tried to email this to the board and staff, but it's not clear that it made it through. In the middle ages, theological scholars frequently debated such (seemingly) silly questions as, how many angels can one fit onto the head of a pin? I read somewhere (perhaps in the fortune file) that we must take this in context; at the time, they weren't debating whether the number was one, two, or even two hundred, but whether the numbers were finite or infinite. In other words, the discussion was a debate on the limits of divinity; the particular question was merely an allegory in the larger discussion. We're not dealing with issues weighted by the same theological import as those late scholars, but I do think we've reached a point in our existence when an existential question becomes important: what does immortality mean for a grex account? In particular, I've been poking around in the password file a lot recently, and have noticed that we have immortal users who have not logged in, in some cases, in more than a decade. Of the 307 names in /usr/local/etc/immortal (30 of which are accounts that do not exist or those mysterious non-existent single letter logins), 193 have not logged in in over six months (172 of those have not logged in in the past year; 154 in two years, 129 in 3, 105 in 4, 91 in five years or more). In other words, fully 1/3rd of our immortal users haven't logged in for over five years; more than half haven't logged in in over two years. So the question: Should these users continue to remain immortal? Is immortality on grex a synonym for infinite lifetime of one's account? For some of these, it seems obvious that they are not coming back, at least not any time soon. Should, then, their accounts be deleted, or perhaps locked? It seems that someone who disappears for a few years and comes back is one thing, but someone who disappears for more than a decade is quite another matter all together. What do others think? Btw: Some of these users are deceased (jor and blueyes, for instance).
PS: Here's a list of the users who are (a) immortal, and (b) have not logged in within the last five years: abby dorian host2 leann rogue abrahamk draken host3 livi sarrica adbarr dynamo hross lkt scgtest anasazi ec htp169 lotte sgs andrewb ejkloos indigo matrixg simcha autoresp fes info meena sisiro baby field info-f mfeo talon bad fire info-g mike threeps blh fish insanity morel truffle blueyes freida jasmine mraina uli bsa466 fwdehaan jbrennan msqladm user6122 cardding gandolf jedisg mutt wfh chr garima jhurmanf mysql willard cicero gregc jjc nissa wolfe confetti grexlogo jmc nsiddall wolfmage crude grexohio kendra pashok dadroc grrwoof kep precious des hawkeye kinnari quail dolly host1 ldiot regordon
(I'm inclined to keep the accounts around, for as long as grex continues to exist.)
I would tend to agree with gelinas. I think the incremental cost of keeping those accounts open is significantly smaller than the value of them having true IMMORTAL status (in big, capital, underlined letters, in italics, even). One presumes that the threshold to get that status was nontrivial in its first place, so why diminish the social value of what they did to earn that and stuff?
Actually, the threshold is just asking for it; becoming immortal is trivial on grex.
Does this list bother you?
I can think of some people on that list whom I think should stay on it. I imagine that for the people on that list that I dont know there may be people who would prefer it if the names remained on the list. I think our immortals list is a good idea. I think it is nice that all it takes to get on it is a request. I cant think of any real reason to get rid of it.
Regarding #6; Not in the slightest. In fact, I don't know the vast majority of people on it. However, I'm just curious what to do about people who clearly aren't coming back, for two reasons that I can think of: 1) Is it a security risk to leave old accounts around that are accessible? 2) What if someone else wants an older login name, that hasn't been used in 10-12 years? Should we tell them `no' just because someone has the login name, even though they aren't using it, and aren't likely to ever use it again?
Er, so, I apologize for the short notice, but something has come up this evening, and I won't be able to call into the board meeting. Sorry!
Re the last question in 8 above: Yup; that is, in my opinion, the real purpose of the immortals list: to prevent loginids being re-used. As for the first question, if there is a security risk, we could disable the accounts, or switch them to a shell that tells the user to contact the staff and then logs out again.
I'm not sure what good-for-Grex goal we achieve by removing names from the immortals list. Whatever title we put on this list (immortals, permanently reserved names, letter strings that may not be reused) does not add or subtract from its utility. It is useful to have a list of such letter strings. Given that there should be a list with *some* letter strings, what difference does it make how many are on it? Is anyone harmed by not having access to a particular letter string?
The only harm I can see is that people may want to use those particular logins for themselves. Generally, I think that they can probably find an acceptable alternative without too much trouble though.
I'd love to see some of those people back on grex, there were some pretty interesting people [not that there isn't any interesting people now! :-) ]. Too bad we can't get in touch with them to invite them back!
I suspect what Dan is getting at is that he'd like to phase out the old algorithm that Grex used to use for encrypting passwords, and that can't ever be completely done while there are old accounts around whose passwords are encoded he old way. If we can find a thecnical way around that issue, then that's fine, but I have to agree with the general chorus here that being in the immortals list should mean that you never get reaped. If there are only about 300 people on the list, then I can't see how it's any drain on the system at all.
I would not want to see loginids of deceased Grexers being used in the future. Another of those is ec. I would really hate to have someone start using his loginid. But those IDs can just be locked; there is no need to leave the actual accounts in place.
For security reasons, I could see locking the accounts and setting an error message telling them to email staff to have their accounts turned back on. I think keeping them immortal is a *GOOD THING*.
re #16: it goes without saying (I hope) that such accounts should have any special privileges (such as group membership in any but unprivileged groups) suspended while they are inactive, but why "lock" them "for security reasons"? Anyone who wants can have an account on Grex, after all..
'Not wantingto see loginids for deceased Grexers being used in the future. Another one of those is ec.' ec's deseased? [I may be misreading this...]
yes, ec committed suicide in canada about a year ago. well, maybe longer ago than that, actually. news made it to the m-b0x. VeryBadNews. i see absolutelyu azero advanatage or improbement to grex by disturbing the immortalz as they now are, fwiw.
Regarding #14; Mark has it correct, but reversed. It was rather because I've been dinking with the password hashing algorithm that I started to look at the password file and noticed a lot of inactive accounts that were immortal, but that I was dinking with immortals to try and change the hashing algorithm. I just sort of looked at it and said, ``wow, some of these accounts are really old, I wonder if anyone even knows these people are still around? I wonder if *they* know they still have an account?'' As far as converting the password file goes, I suspect that its irrelevant, as most of these folks aren't going to remember their passwords anyway, and are going to need them to be reset. :-) Let me clarify something that I think folks are confused about: I don't see a *problem* with the immortals list at all, but rather all I have are questions. I actually think it would be really cool if these people could be convinced to come back to grex, particularly if people know them and could ask them about it. For the record my two cents are that we shouldn't delete idle immortals either. Oh, and I also thought it was neat to see some accounts that had been inactive for 12 or so years. Well, let me rephrase that last bit; I see a lot of system type users in there that probably shouldn't be (they're already protected from automatic deletion by other means), but that's obviously not what we're talking about here, so let's ignore the pseudo-users that don't correspond to an actual human being, just some function of the systems software. (For completeness, an example of such a user is the `mysql' account; the MySQL database package has its own user. Nobody logs into that account, really; those who need to access it for various administrative reasons occassionally do so, but that's not the issue here. That account won't be deleted because it has a very low UID number, so its inclusion in the immortal file is redundant, though it doesn't hurt anything. In some ways its equivalent to putting `root' into the immortal file; doesn't hurt anything, but has no effect.) Now, the argument for disabling some of these accounts is largely for the protection of the user and account itself. It would be unfortunate if someone figured out how to break into one of these accounts and then started to impersonate that individual; the longer an account lies fallow, the higher the probability that that could happen. In particular, I could imagine this being particularly unfortunate for a user who is deceased (though I also like the idea of preventing that user's login from being reused as a legacy sort of thing).
[I remember ec from online years ago, and in person, too, at some of the mnet gatherings. Its sad that things got so rough for him. May he RIP.]
Yeah. I was never especially close with him but we were in the same class at Community HS and we had several mutual friends. I always really liked him. We would occasionally send each other emails. I had a little crush on him at one point. I was more effected by the news of his death than I would have thought.
I recognize one of the "immortal" accounts as something I was involved with. "grexlogo" was a place to keep image files for the Grex logo. Maybe there's a better solution for that now. I've lost the account password.
You have several choices: