Grex Coop Conference

Item 322: Official proposal to expedite the validation process and give access to network tools for validated users.

Entered by lar on Mon Nov 21 13:04:15 2011:

The validation procedure for newuser is too slow. We need to simplify
the  process. This responsibly can be given to volunteers in the people
group  to help expedite the process. I also propose that access to
network tools  such as "ping" "traceroute" and "ssh" be given to
validated users in the  people group. 1st level validation should be
given the current access  level that the people group has,and after a
period of time,when said users  have shown no desire to abuse the
system,they can be given full network  access.
9 responses total.

#1 of 9 by cross on Mon Nov 21 15:01:51 2011:

Really?  I see most validation requests responded to in a couple of hours;
Kent does a great job keeping on top of things.  Do you have data showing
otherwise?  Why do you think it's slow?  We did lose some access to RT in
the aftermath of the breakin that made some requests get lost, but that's
not the normal situation.

We just had a root breakin that was a real pain to recover from, that got
us on all kinds of spam lists and trash like that because of network abuse.
What would we gain giving users things like outbound SSH access?  Note that
Grex has never done that for anyone short of those who actually provide
real ID.  Note also that most people just don't care about outgoing network
access except for things like IRC.


#2 of 9 by lar on Mon Nov 21 17:39:59 2011:

I setup a new account with newuser when my login failed for "lar" and it
 was never validated,I don't need it now though. However,this was during
 the period when tickets for "porter' and "help" were both failing so 
perhaps that was the problem.

It would be nice to able to use ping and traceroute,though. whois and 
"dig" work fine and if you want to ping a router or a DNS server you
can't  do it with people access.


#3 of 9 by cross on Mon Nov 21 21:49:34 2011:

So get validated status.  I can't remember whether it will work or not....
I guess we can set up the firewall rules for it.  Grex probably isn't a
great place to do network diagnostics from, though.

I'm willing to bet your request ticket got lost during that window when RT
was broken.  That happens sufficiently rarely that I don't think we should
devote a lot of resources to making alternate arrangements.


#4 of 9 by lar on Tue Nov 22 15:59:02 2011:

There was time(7 years ago) when I had  network access and grex was fine
 for network diagnostics. At least for check A records and TTLs in zone 
files.However this was before tonster installed dig on m-net. Since he
has  done that I use m-net for that now.


#5 of 9 by cross on Tue Nov 22 16:21:03 2011:

Sounds like you don't need Grex for that, then.


#6 of 9 by nharmon on Wed Nov 23 15:18:59 2011:

We provide network access to people who provide real ID, yes? I don't
see a problem with requiring that.


#7 of 9 by cross on Wed Nov 23 16:27:24 2011:

Yes, that's right.


#8 of 9 by lar on Thu Nov 24 15:39:47 2011:

ok,that's two votes in the negative.

others?


#9 of 9 by kentn on Thu Nov 24 19:17:44 2011:

Given we don't have many people asking for validation (which is another
problem), I don't see we need to change the process we have right now.
So far in Nov. I've done 21 validations, so about 1 or 2 a day is what
we are getting.  Not very overwhelming.

Almost all validations are done within a day and many within minutes, so
we really aren't lagging on them given we are a volunteer organization.
I don't see that users in general will do a better job than the group of
"porters" we already have, either (who are also users).  Also, if anyone
wants to volunteer to be a porter, they just need to ask and the Board
can decide whether or not to add them.  It's not so much the process
that is the problem, it's the lack of volunteers to carry it out, in
other words, just like most other inititiatives on Grex.

If you want to focus on speeding anything up, I'd say it should be the
**verification** process.  One thing we have discussed in the recent
past is setting up Grex to automatically verify (out-going access) users
who pay some amount with a verified PayPal account.  This is acceptable
for ID already, but it would be much more efficient than having the
treasurer check PayPal every day and manually do the verification (all
of which is currently very slow--weeks and even months slow).  Anyone
who wants a shell account could pay $1 or $2 and be quickly set up.
Sounds great, but needs implementation and testing.


There are no more items selected.

You have several choices: