How do folks feel about our open newuser? I think it was the way to go here for a very long time but, no longer. Almost all online forums have gone the way of requiring some type of validation prior to allowing someone to post. I'd like us to consider doing the same. Here is one example of how it could be accomplished. Anyone can login now and read, anonymously. No account needed. This would stay the same. Or someone could run newuser, login under his/her account and read. This would maintain a participation file and conference list and make keeping up much easier. What would be different is that the ability to post to the conferences wouldn't be automatic. Newuser would make this clear and point folks to an email address, grexaccess@gmail.com, for requesting posting privileges. A bunch of non-staff helpers would man the email account and have the authority to then flip a software switch and turn on a user's posting privileges. Backtalk and Fronttalk already have this feature we just haven't been using it. Pico can't do this so we'd need to finally remove Pico and go with Fronttalk. It's time to do this no matter what happens with this proposal. The idea here is to make it a little harder for true vandals to do their thing. Each request for posting access would require an email transaction and a little time. I personally don't want to see this used as a form of censorship so I'd like to see helpers only have the authority to turn accounts on but not to turn off someone's posting access. That would be done by staff using the same criteria they now use to nuke accounts, meaning distruptive behavior intended to make Grex unusable by the rest of the community, illegal activity, etc. I don't know if this would work but I'd like to see it in action for a few months and go from there. Such a change would require a membership vote of approval. Anyhow, what do you think?70 responses total.
That sounds like it would require much less effort than continually adding to a twit filter and doing fixseen.
Here's an apropos article about The Well, a sister site that used Picospan. http://www.wired.com/techbiz/media/magazine/16-01/st_15thewell Other than have people to "staff" the email account, it sounds good. "Here's the most interesting quote in the article, from one of the founders, Steward Brand (of Whole Earth Catalog, et al): One thing that we insisted on was no anonymity. Lots of the systems now like anonymity or encourage it. Personally, I would have preferred to see it go the other way. The Well's compromise is that people can have whatever amusing handle they want, but it's linked publicly to a real person. That gives the accountability I wanted. I knew that flame wars would happen unless somebody's nose was identifiable so that, if necessary, you could go punch that nose. What The Well did was connect cyberspace with real space a little better." It seems to me that we could maintain all our blue-ribbon, free-speech attributes under this proposal. I'm for it.
I dont think this is a bad idea but I worry that there wont be enough people to validate bbs posters.
I believe that anyone familiar with the early history of the US, both as a nation and a colony, will understand that anonymity is a KEY element of free speech. I do not support any such proposal as the wells. I'd rather have people informally vouching for each other as has been the proposed already.
It would require, at the least, ditching Picospan (which we cannot modify to do this) and getting new software (that we can modify to do this). Or somehow otherwise restricting access to Picospan, even if we can figure out the backwards compatibility issues. I'm more worried about resources to do that sort of thing than anything else. I'd suggest that we make it on a conference setting, but that would definitely require changing the software. I believe YAPP basically did this (they had a concept of `fishbowl conferences'). If we could get our hands on YAPP, we'd be good to go; anyone want to contact the Thaler's and ask if they'll donate us a license, or maybe even open-source it?
I asked Jan about the software issues before proposing this. He said Backtalk and Fronttalk already have the capability to switch posting privileges on and off, both globally and on a conference by conference basis. I asked him if Fronttalk was ready to take the place of Pico and he said it was although there would be some differences and no doubt a few glitches that would require some attention in the short run. He offered to attend any board meeting where his input on the software would be helpful. Re: #4. I too wish we could all be anonymous with instant access and use the system in such a way that the next person to login found it usable. That would be lovely indeed.
I kind of like the idea of allowing anonymous users to post if they have been vouched for by a known user though.
I would love to know what problems we expect this to fix..
A very good question, and one I hope someone answers satisfactorily.
Someone who intends to repeatedly cripple the conferences would need to go through a few more hoops in order to do so. That's about it.
I guess I don't see that as a compelling justification.
with polytarp now walking the straight and narrow we only have one user who has a chronic habit of playing vandal. This proposal can't stop him for long. I vote we pay tod's gas money to drive south and kick his arse.
I follow about six or eight discussion groups and none of them allow someone to post to the group without first going through some type of authorization. Some are less anonymous than others but some type of admission process is required TO POST. That I can tell, they seem to not run into the kind of problems we have here. But there are other variables as well, so who knows. I entered this for a couple of reasons, one, to see how others feel about Grex trying something that seems to work well elsewhere. The second reason is I see Grex as dying and it will help me, just a little, to know I tried to intervene. But we've always been a cooperative and if folks want to continue, as is, that's the way it has to be. I do thank those who shared their opinion on this though.
And do you really think that removing anonymity is the least intrusive way to accomplish that goal?
This way doesn't remove anonymity.
If I understand it- the poster has to be authorized somehow (some do this by requesting an alternate e-mail address), but their posts can be entered 'anonymously'?
A person runs newuser and can enter as much or as little personal information as she / he wants. She then emails grexaccess@gmail.com asking for posting privileges. A Grex volunteer answers that mail telling the person they will be able to post within a few hours. That mail doesn't bounce. The posting switch is flipped. In the event this person is a vandal they get one shot to be disruptive then the staff nukes the account. Could they come back? Sure, using yet another email account and a proxy IP connection. Thems the hoops. Again, it seems to be enough on a number of discussion groups I belong to but unless we try it we'll not know how it would work on Grex.
Attaching real persons to BBS users seems hypervigilant. I would be more in favor of attaching real email addresses or something virtual which doesn't require invasion of privacy.
It looked like Mary's proposal did just require an outside e-mail address... not something like a copy of a drivers license sent in...
Re: 18 Who suggested anything like that?
re #20 Did I say anyone suggested more than what I favor? You simply asked how others feel and I'm telling you. Next time just make it multiple choice if you don't like people's responses.
Mary, your proposal stated "Each request for posting access would require an email transaction." I don't think it's fair for you to expect us to guess at exactly what you meant by an "email transaction." Given your vagueness, I think the comments that followed were quite reasonable.
Do we all understand each other now? Can we move on? :) What's under discussion is a global switch to allow posting, accompanied by a modest hoop to jump through to get the switch thrown, one that still allows anonymity. Not sure how I feel about the "global" part. I'd still like to see at least some of Grex open to posting by any user by default. But it would be interesting to try running some conferences with a posting switch and see how it works out in practice. Let the users vote with their feet, so to speak. Dan is absolutely right in #5 that implementing any of this would require ditching Picospan. It's a great piece of software, but I think it's time to do that regardless of the outcome of this discussion. I've got reservations about Yapp though - closed architecture, questionable support. At M-Net they still don't seem to have gotten all the glitches out, despite considerable effort, months after moving to a new machine. In any case, I think that going forward we'll want the flexibility and adaptability that web-based conferencing software such as backtalk/fronttalk affords.
Let's be honest. We're not just talking about collecting an email address. We're talking about headers and IP information. There's much more to this than is necessary for meaningful discussion forums. I'm really missing the whole point of a "switch" other than to maybe stop the bot kiddies whom will only code around it.
I really don't think it matters that much either way. There are so few people trying to use Grex to bypass repressive regimes and use Grex as a freedom of speech platform, that us having a few IP addresses in some mail headers isn't going to be that big of a deal. On the other hand, if someone is determined to harass Grex, they'll just go through the motions of getting `validated' and go from there. If they time it right, like at night, they can load up Agora or another conference with oodles of goo before anyone notices and moves to stop them. Either way, I don't think we either gain or lose that much. I can think of a few technical ways we could do this that wouldn't require anything other than an email address (e.g., user runs a program *on grex* that generates a request to a help queue; a volunteer looks at it at some point a little later down the road, and runs a program that generates some unique token and stores it somewhere and sends it to the user along with instructions to login to grex and run some program; that program asks for the token, and if it matches, puts the user into a Unix group, deletes the token, and that group is listed in the conference configuration for each conference as the one that allows posting. The conferences, in turn, are configured in `fishbowl' mode to allow reading by all and posting only by the individuals in that group. No IPs or anything else are necessary, and the software would be pretty easy to write). With respect to YAPP, I think an interesting question is whether we can ask the Thaler's to just open source it. Then we can modify it as need be. The source code was already available on M-Net for some time; I would assume a few people grabbed it. In any case, going forward, we need the flexibility and adaptability of software that *we can modify*. We've had some good ideas in the last few years, but I have felt that we have been hamstrung in terms of implementing them by concerns about backwards compatibility with Picospan. That program has served us well, but it's time to move on. Fronttalk is a pretty good replacement, but does have a few bugs. Perhaps we should consider paying Jan a few thousand dollars to fix them and make it ready for prime time?
I really don't think it matters that much either way. Sure, if there is an endless supply of staff willing to maintain it.
We already log IP addresses, right? Like, available for anyone to see by simply running "laston". Dan, when your newuser sends a request to the help queue and when the token is sent back, it sounds like this all happens internally. A valid offsite email account wouldn't be linked to this new poster? The standard for entering commentary on blogs and in forums seems to be linked to email verification. Sometimes it's an automatic email response that's generated requiring a click-through to complete verification, sometimes it's a social link, but email is involved. Am I not understanding your suggestion, maybe? Fronttalk and Backtalk are already configured to turn posting privileges on and off. It sounds like your scheme would be a separate program that would need to be written? Why not just go with Fronttalk and Backtalk? I'll email Jan and ask him to take a look at this discussion.
Regarding #27; Yeah, sorry, I should have been more specific. The idea is that a new user logs into grex (after getting an account by logging in as newuser or similar) and runs some program. That program asks them for an email address and creates a request on their behalf in an RT `help' queue. The RT system generates email to the `validators' who look at the RT queue, `take' the request, and then run some program on Grex that sends the user a randomly generated token via email to the email address they entered earlier. The user then logs into Grex (or maybe uses some sort of web interface), and runs a third program that accepts asks them for that token and adds them to a Unix group that is allowed write access to the conferences. In this case, the only additional piece of information we get about them is a valid off-site email address. We never get email *from* them, so we don't have originating host IP addresses in headers that, e.g., Hotmail or whatever might put into a message one of their users sends. If a user is paranoid about privacy, he or she can create a throw-away email account somewhere (like on hotmail, yahoo, gmail, whatever) using tor and use that as their validation address.
Maybe I'm not understanding something here. If the "solution" to the "problem" is turning off accounts that are used for "abusive" activities, then why is any email needed? Maybe my lack of computer knowledge is showing here, but can't staff already nuke abusive users? If I missed something in an earlier post, just point me back to it.
Staff can nuke an abusive user and within, maybe, 90 seconds, that user is right back at it. That's the reality of an open newuser with automatic posting privileges. It's so quick and easy and automatic that we aren't even bothering to nuke existing vandals. Like, why?
I thought the standard response currently was to nuke the account AND block the IP. Are anonymizers that big a problem? I'm pretty sure we block those on mnet as well, if there's a problem.
Proxy servers are abundant and simple to use. I mean, if I use 'em, doesn't everyone?
Maybe proxyies should be blocked.
Yeah, when you figure out how to do that, please let the Chinese government in on it. Try as they may... http://en.wikipedia.org/wiki/Proxy_server
scrubit.com ?
captcha? And a quicker response to garbage posts.. (like purging the whole thread). How is the current proposal going to solve the problem of Chad lying and logging in as Ms Miss Jane Eyre? Staff will have to ponder if the person they just allowed is genuine or Chad in disguise.. Look IRC has already solved this problem - more responsible chan-ops, with the power to purge posts. Use the hive mind Luke :p
My proposal has nothing to do with censoring twits. We already have some great tools to work with there where each reader can decide for him or herself what's of interest and what isn't. This proposal is about giving staff a few extra tools when it comes to dealing with known vandals flooding the conferences. That's it. It also wouldn't require a lot of staff work to get it going and almost none once it's in place. Are there ten people who would be interested in seeing this put to a vote?
I am definitely in favor of giving it a try.
I'm in favor of voting on this, and I'm in favor of trying to implement it.
I think veek's 'captcha' suggestion makes alot of sense even at a text level.
I oppose the proposal and second tod's comment about the "captcha" suggestion.
captcha where, though? When posting, or when getting an account? Entering a captcha when posting would certainly cut down on noise, but might cut down on signal, too. For new account creation, I don't know what it would do, really; the offending parties manually create accounts already. The problem is that once they *have* an account, they can use it to flood the BBS or party or whatever with garbage. I think my proposal is basically the same as a CAPTCHA, and the only additional piece of information we get about a user is a valid email address; what's the problem with that?
Staff can already disable accounts. The new proposal doesn't change that. People have to sign up manually. The new proposal doesn't change that. To repeat what McNally said, what exactly is the problem and how does this "solution" solve it?
"I think what we got here is a failure to communicate."
-Cool Hand Luke
Seems to me that the problem is that someone can create an account and flood the conferencing system as quickly as they can type. This solution reduces that problem by slowing the rate at which someone can damage the system to the rate at which someone else can type. Now, the question I have is, what does it hurt?
Well, if all you're trying to do is create more steps to creating a new account, then I think the "captcha" idea does the same thing.
umm.. (re #46) I was thinking more on the lines of captcha for every post and better garbage collection. I feel it's best to first try what remmers/mary suggested - allow Agora(our default)? to be free for all and the rest should be locked down; OR, lock all AND let's see how things work out. It's the simplest and easiest.. The problem is that if you deny Chad access to the BBS completely, he's going to get very frustrated and umm..
Except remmers/mary never suggested anything be locked down. What mary is suggesting is that we follow the lead of other forums/blogs and ask readers to email us for posting privileges. It won't stop vandals but it may slow them down and give us a few more tools with which to inconvenience them. This is not a grand fix. I'm not even sure it will work with our brand of vandal. It would require we move from Picospan to Fronttalk. Captchas stop bots. Bots aren't running newuser here that I'm aware of. Like, why bother, it takes so little time to do it yourself.
"The problem is that if you deny Chad access to the BBS completely, he's going to get very frustrated and umm.." and what? send us all dirty emails? you act like this guy is a real threat but he's not.
Re #48: hmm yeah.. cut and paste - a pox on that guy. Re #49: Mosquitoes and bed-bugs aren't WMD's, but they sure can keep you awake all night.
re #48 Thanks Senator Dole
This response has been erased.
Folks please stay on topic here. This is a discussion of Grex governance and adminstration.
C. S., please shut the fuck up and take what is given to you.
A small update. Apparently captchas are supposed to catch bots, but they generally fail miserably. I've been playing with RapidShare - they use captchas a lot, and there's this proggie that can trivially read the captcha. I think we had best scrap the idea, unless someone can write their own custom captcha generation thingy which hopefully would b0rk with the freely available OCR stuff. Oo and rapidshare has heaps of FLAC :) and the RIAA can't lay their grubby hands on my IP.. or is that the other way around :p
from what i remember, the ent is full of references to 'free unix' accounts with grex prominitlay mentioned. and the instructions are to run newuser at the login. i don;t know what newuser says now, bu tif newuser were to pull up a text file taht sayas to email new@cyberspace.org with your requets and htere were an (sorta) form to fill out sent back to the requester it mighgt filter out a lot of the crapola. right now new:*:614:500:Help is on the way:/usr/noton:/usr/noton/help exists and could be differently utilized. yeh, someone would have to monitor new and hte board would ahve to come urp with some sort of ;form; rquesting some details from the ;accoutn applicant;. somehting along these lines would allow us to accept new users and proivde a filter of sorts. content of the 'form' donesn;t have to be too burdensome, just something to ascertain 'good will; or ;reasonable will;. newuser pern who responsd reasonably (board decision??) would hvae new account set up by whoever is monitoring and email sent to pern with details on how to access/login to new account. fwiw, this twchnique seems tobe somewhat satndard for a lot of current sites on teh web already. who monitors and does the email to-fro ... guess i;'d vetter volunteer here and now before someone yells about too mulch for staff to do, which it would be.
no one can understand tsty :(
all i;d ve doing wold be handling the rtrafic ... and apasting in exitentg text fiels.
re #57: For real. What an asswipe he is.
56 & 17 are abourt the same.
It's dead, Jim.
yo umean taht with no spamiards there is nolthing to spam for?? or waht?
Are Spamiards people who come from Espama?
Are there Spamish people who wear black and drive around in horse driven carts to hand-deliver their advertisements?
"Thou hast mail!"
re #65: good one, but I think "Thee" would be more accurate.
Barak Espama
Thou is subject, thee is object. 65 is correct. But the Quakers started using thee where it should have been though.
What is all this fucking crap? This place is totally run by fucking retards.
61-67 ... pricerless!
You have several choices: