The validation procedure for newuser is too slow. We need to simplify the process. This responsibly can be given to volunteers in the people group to help expedite the process. I also propose that access to network tools such as "ping" "traceroute" and "ssh" be given to validated users in the people group. 1st level validation should be given the current access level that the people group has,and after a period of time,when said users have shown no desire to abuse the system,they can be given full network access.9 responses total.
Really? I see most validation requests responded to in a couple of hours; Kent does a great job keeping on top of things. Do you have data showing otherwise? Why do you think it's slow? We did lose some access to RT in the aftermath of the breakin that made some requests get lost, but that's not the normal situation. We just had a root breakin that was a real pain to recover from, that got us on all kinds of spam lists and trash like that because of network abuse. What would we gain giving users things like outbound SSH access? Note that Grex has never done that for anyone short of those who actually provide real ID. Note also that most people just don't care about outgoing network access except for things like IRC.
I setup a new account with newuser when my login failed for "lar" and it was never validated,I don't need it now though. However,this was during the period when tickets for "porter' and "help" were both failing so perhaps that was the problem. It would be nice to able to use ping and traceroute,though. whois and "dig" work fine and if you want to ping a router or a DNS server you can't do it with people access.
So get validated status. I can't remember whether it will work or not.... I guess we can set up the firewall rules for it. Grex probably isn't a great place to do network diagnostics from, though. I'm willing to bet your request ticket got lost during that window when RT was broken. That happens sufficiently rarely that I don't think we should devote a lot of resources to making alternate arrangements.
There was time(7 years ago) when I had network access and grex was fine for network diagnostics. At least for check A records and TTLs in zone files.However this was before tonster installed dig on m-net. Since he has done that I use m-net for that now.
Sounds like you don't need Grex for that, then.
We provide network access to people who provide real ID, yes? I don't see a problem with requiring that.
Yes, that's right.
ok,that's two votes in the negative. others?
Given we don't have many people asking for validation (which is another problem), I don't see we need to change the process we have right now. So far in Nov. I've done 21 validations, so about 1 or 2 a day is what we are getting. Not very overwhelming. Almost all validations are done within a day and many within minutes, so we really aren't lagging on them given we are a volunteer organization. I don't see that users in general will do a better job than the group of "porters" we already have, either (who are also users). Also, if anyone wants to volunteer to be a porter, they just need to ask and the Board can decide whether or not to add them. It's not so much the process that is the problem, it's the lack of volunteers to carry it out, in other words, just like most other inititiatives on Grex. If you want to focus on speeding anything up, I'd say it should be the **verification** process. One thing we have discussed in the recent past is setting up Grex to automatically verify (out-going access) users who pay some amount with a verified PayPal account. This is acceptable for ID already, but it would be much more efficient than having the treasurer check PayPal every day and manually do the verification (all of which is currently very slow--weeks and even months slow). Anyone who wants a shell account could pay $1 or $2 and be quickly set up. Sounds great, but needs implementation and testing.
You have several choices: