Ummm, grex is regularly being attacked by a vandal and the best Grex can do is "well, staff doesn't check in regularly"? Didn't we just have a long debate about training new staff, or is that still in a consensus building committee meeting? Stopping vandals, at least in this case, doesn't involve any policy issues that I'm aware of. I do realize that this may need more than a simple IP block for reasons someone mentioned in agora. Still, is anyone on this yet? If not, why not? Anyone? Bueller?63 responses total.
Have you tried mailing the staff mailing list (staff@cyberspace.org)? If the problem is that they're not reading conferences, posting in yet another conference is probably not going to do the trick. But yes, staff attention is scarce these days.
Actually, I hadn't emailed staff. I was under the impression that someone who actually was in communication with someone on staff knew of the problem and conveyed it to that staffperson. But this is just an assumption, so your point is noted.
I have emailed staff
Me too. (and board as well)
Would someone post simple directions for filtering a user? I used Backtalk to ignore spin, but when I use Picospan, his responses show up. None of the utility menus seem to have incorporated this little program.
Type "twit spin" at the Ok: prompt to filter out response from user spin. Note that although you will no longer see his responses you will still see each item that they have responded to as a "new" item, which means you'll still have to go through them all, which means there's virtually no benefit to twit-filtering him.
My coping mechanism has been to use Backtalk to see a list of items with new responses; click on the ones with more than one, and then use picospan to fixseen the conference as soon as I've finished. Thanks.
I seem to have misplaced my cell phone which has gelinas's phone number in it. I found cross's phone number and managed to reach him. Unfortunately, he is in a situation where he is unable to log into grex. It is probably too late to call Jan tonight. I dont have STeve's or glenda's number. Ugh.
Don't these people read email? Or have each other's phone numbers?
I cant speak for them. I imagine, given the season, that it is highly likely that they are busy with things that might take them away from their computers. It is becoming clear to me that we really need staff who are more active participants in bbs. I dont know exactly how to go about recruiting them but it certainly is something we should think about. I mean usually, we have cross around very regularly but he is busy right at this moment. It isnt fair to put everything on his shoulders anyways.
The staff needs to accept some new people who are skilled enough to help out in some way, and with no obvious ethical flaws, even if they aren't long time buddies of all of the current staff members. The staff has traditionally been extremely paranoid about accepting new staff members, on the grounds they might not be trustworthy. They are overdoing it by a lot and doing harm in the process. Grex is not a critical application for anyone. Even organizations which have really critical operations (such as the CIA, banks, pharmaceutical companies, etc.) have to bring in new people sometimes. Letting the work be undone because you're too paranoid to bring in new people to do it is not *more* secure. It is a certain way for your organization to crumble. Grex is being ground to a halt right now, Agora is for all purposes dead in the water for the last couple of days, because there's no one active and trusted enough to replace the password field for the user's line in /etc/passwd with an "x". That's insane.
If you look at the history, being "long time buddies of all the current staff members" has never been a criterion for staff appointment here. The problem is finding qualified volunteers. Occasionally there have been calls for such, with little success. If you have some names to suggest, I'm sure the board and staff will be all ears. (And of course, a volunteer would have to be taught that the way to disable an account is *not* to put an "x" in the password field. The actual process is just about as simple, though...)
"Long time buddies" isn't the right way to phrase it, but John is right -- our staffing issues are seriously complicated by control issues some of the senior staff have. When they had time in their lives to respond quickly to whatever problems arose it didn't matter whether they were willing to delegate authority or not. But now they've moved on, but haven't let go, and it's causing problems for the system. I think the best thing that Grex could do about staff would be to thank Steve and Marcus, warmly and sincerely, for years' worth of unpaid work that they have selflessly contributed to the system, and then to ask them to retire to advisory-only positions, making room for a new generation. One HUGE impediment to this is that hardware unreliability problems have frequently necessitated intervention from staff who are physically local to Ann Arbor. We need to change that somehow, either by arranging a system which allows remote console access or through some other mechanism (such as perhaps virtualizing Grex and giving admins the ability to relaunch the whole system from a login on the host machine.)
#12: > The problem is finding qualified volunteers. Occasionally there have > been calls for such, with little success. If you have some names to > suggest, I'm sure the board and staff will be all ears. I don't know what else is involved, but I'd be willing to volunteer if it meant being able to stop things like the current ongoing abuse from spin.
Who are you?
Thanks unicorn!
If you do a !finger on STeve, you will find our home number and while we screen all calls, we do listen to the messages. I told STeve about this jerk and he is looking into it.
Thanks glenda!
Who am I? I'm not sure what kind of a response you're looking for. I'm not some pseudonym of someone else you know on here or m-net, if that's what you're wondering. The name you see at the top of all of my posts is my real name. Although I've been registered here for several years, until recently I've only popped into the bbs on rare occasions, and rarely said much when I did. I'm not local to Ann Arbor, but I am in Michigan (Mt. Morris, to be exact, up by Flint). I used to do a lot of BBSing in the Flint area when it was more popular. I'm no Unix guru or sysadmin or anything, but I've been running Linux on all of my computers exclusively since 1994. I've been running Slackware from the beginning, which requires a bit more knowledge than many of the Linux distros, and is much more similar to the *BSDs than most of the Linux distros, too. I also do a little programming (I'm the current maintainer of sc, the text-based spreadsheet calculator for Unix/Linux) and scripting (mostly shell, a little perl), so I'm not a complete dummy when it comes to staff-type activities. Vim is my editor of choice, and zsh is my shell. I've also used bash for years. What else do you want to know?
Can you autograph my copy of sc at the grex picnic? Wow, a local celebrity! Sc is one of the things I included in the 61MB of Slackware that I am putting together for people who don't know linux (the biggies are Opera and Abiword, which I rarely use myself). I have not found a small simple enough database program.
Thanks, Chuck, for volunteering to help out.
Indeed. Thanks very much.
Joe Gelinas blocked the user 'spin' this morning. Since 3 o'clock 'pins' has spammed Agora 5 times. I telephoned and left a message for STeve around 9 tonight, after talking with Gelinas. During the conversation with Gelinas, he brought up the fact that spin had apparently come in from several different ISPs, and therefore we could probably not block him that way. Any new ideas, other than fix your twit filters?
Develop the capability to add writing-to-conferences to the list of privileges one needs approval for. Leave a switch on this so it can be turned on/off as needed.
I'd prefer to see fronttalk and backtalk modified so that the filtering
system works a little better. The problem that "spin" ("pins", etc.)
is exploiting is that even if you twit-filter their response, it's
still aggravating to go through the conference because the twit filtering
occurs after the fact -- i.e. after the conferencing software has decided
which items to show you as "newresponse" items.
If that's too much to bite off, then I suggest we try to work on an
alternative "fixseen" command that will mark as read any items where
the *only* new comments are from a person identified on your twit list.
Used in conjunction with existing twit filtering mechanisms such a
command would take most of the pain out of the "spin" vandalism,
at least for regular conference readers experienced enough to know
how to use twit filtering.
How about if something was written into the system to detect if someone is typing faster than is humanly possible, and reading/replying faster than is humanly possible, and automatically logging them off the system?
No. For one thing, people might have good reasons for doing that (I can think of one user (no longer active) who used to run a script which went through agora and downloaded all newresponse items, then read them off-line, composed responses, and logged back in with the responses.) For another, it doesn't really address the problem and is simple for the vandal to circumvent. I can write an expect script in 10 minutes to do what "spin" (etc) is doing, and furthermore if I set a variable, expect will happily mimic the typing speed of a real human for me. You could spend hours or days writing such a countermeasure and it could be circumvented in 10 minutes. And you might break other (worthwhile) scripts in the process. I think it's a flawed approach. I like my approach (though I'm sure someone can come up with a better idea) because it improves the functionality of the conferencing system and gives users additional control over blocking people they want to block. I would prefer some sort of solution that left people the option of still reading every single response in a conference, however worthless some of those comments might be.
I am thinking about abandoning agora in favor of other conferences for a week or so. I mean, I wonder how long they are likely to keep this up. Alternately, I wonder if we could temporarily shut down newuser? I suppose this person might just choose to wait us out though. It is hard to say. I dont like any of the above as a solution really. Like Mike, I would prefer to see improvements in the filtering or fixseen or both. But realistically, I dont see that happening in any sort of timely mannar.
ok, I'd like the board to call an emergency meeting, with two agenda items: 1) appoint unicorn to staff 2) discuss appropriate strategies for keeping Grex from being totally shut down by this twerp. I'd be glad to host the meeting at my place, if necessary. Clearly STeve doesn't have enough time to deal with this; Gelinas and cross are out of action for the moment, and janc hasn't signed on recently enough to recognize there is a problem. Board needs to make a temporary decision about keeping people interested in reading Agora. One idea I have is from trapping stalkers with email. You leave the email account funtional, and let everyone but the stalker know the new address. We could leave Agora functional, but start a new summer agora that we privately emailed people about. Then he could spam Agora all he wanted. It doesn't seem that he's actually reading anything, so we might be under his radar.
The other thing I'd do is unlink any linked items, and relink them to AgoraII
Also, we'd have to make sure Walter doesn't reset the automatic roll-over mechanism when he opens the new cf.
Folks, I'm willing to bet money this person is using TOR, and that every single one of the hosts he is coming in from is a TOR exit. http://tor.eff.org/faq-abuse.html.en TOR was never intended to be a way for people to evade bans, etc. And as a result, it provides a python script that will give a list of current TOR exits. That would provide us adequate protection.
So all we have to do is get ONE staff member to spend a little time?
There are lots of proxy servers out there. I suspect this is not as easy as blocking a known list of IP addresses. I like Mike's solution although the immediate response should be to close newuser, temporarily.
re: shutting down newuser. Yeah and then we have to hope that this user doesnt already have a bunch of accounts created. But that clearly seems to be the thing to try. There are tons of proxy servers out there and new ones get added all of the time. Our staff situation is such that I am willing to take a risk with unicorn, even though I dont know him well. He seems like a nice enough fellow. Another possible temporary solution would be to grant several trusted people fw powers in agora so that they could delete any inappropriate responses as they get entered. Would that prevent items from showing up as new?
I'd prefer not to shut down newuser. It would give this guy feedback that he had indeed gotten a strong reaction from his harassing tactics. If we leave the current Agora open for his attacks, and start a version II, he may never change his tactics. If we shut down newuser we've given him a lot of information and made ourselves a more interesting target.
Of course, there's also the possibility that he or she is already a well-known user under another login id, and is reading all this, and so already has lots of information. In which case, none of the quick fixes proposed, other than shutting down newuser, will do any good.
Of course that's possible John. And it's possible that it will not do any good to attempt a quick fix. It is far more likely that a quick fix will work, however.
No, I think John is on the right track. Our friend has at least one loginid that hasn't been used yet.
Let me get this straight. John and Joe believe we have a current user (whom we may or may not recognize as a contributor to conferences) who is maliciously creating new logins and flooding Agora with spam by using TOR. So far the user has spammed agora under pins, pnis, and spin. Joe knows of at least one other loginid that hasn't been used yet. The solution to this problem is to close Grex indefinitely to any new users. This will cause the person to become bored and to discard the tactic. At some point, we will reopen newuser, and the person will refrain from trying this tactic again.
After reading the latest posting in Agora, a lightbulb went off. During Happy Hour we had a discussion about an MNET decision to permantly block a certain user. I raised the question about that user (who has been on Grex in the past) refocusing their behavior to disable Grex. I think perhaps that has happened.
We don't know whether this person is a part of our community or not. Either way, there may be established accounts ready to go even if we close newuser. So closing newuser may not give us instant gratification. There are lots of anonymous ways to access Grex. Tor is only one of 'em. Anything we do will reward this twit. Anything. This discussion is rewarding. I really, really hope we don't try something like stealth or closed conferences. If we close newuser we could put up a message (on the newuser page) saying we're having a twit problem and we don't know how long it will be before we get it under control. Could we offer folks the opportunity to request an account by contacting a volunteer, like the path we've already discussed, maybe even implemented, for those wanting to expand guest priviledges. A hassle? Sure. Doable, maybe. It would be tricker to screen at the pre-account level. But it would be a way to allow those who want in, in, until the bigger problem can be addressed. It's not perfect. We've had twits before and we'll have 'em again. Maybe establising a way to bridge such a problem by closing an automatic newuser is something we should have available at all times.
Regading #41. Doubtful. Really. For a number of reasons.
I like mary's suggestion of closing newuser, and setting up a "request" system for new bbs privileges.
I'm pretty sure there are other accounts that have been created by
this user already, so we should expect more attacks even if newuser
is shut down. E.g. check out user "nips" ("spin" backwards) created
on July 15th.
More to the point, though, I think Colleen has got it exactly wrong
(when she suggests a show of force will make the user think twice)
and Mary is exactly right when she writes "Anything we do will reward
this twit. Anything." Trolls, twits, and vandals thrive on attention
and a sense of power. Power to disrupt your enjoyment of the system
is minimally satisfying. Power to compel you to compromise the mission
of your organization and close off access to new users is on another
level.
Regrettably we may need to take some temporary steps to give time to
address the problem but I'd like to ask that we try to come up with a
plan FIRST and also a timetable. We're now 18 months from the point
where we "temporarily" turned off outgoing mail access for new users
and I don't want to see newuser die the same death by default.
I don't think I suggested a show of force, and I really don't think I implied that we could get a user like this to think. I have exactly the same fear you have about "temporarily" turning off newuser. My suggestions are meant to try to solve the problem with some other steps before we move to that level.
The standard approach favored by most other discussion systems or collaborative content systems (Wikipedia comes to mind) is to provide an easy way to simply declare a user a "vandal", either hiding by default or removing entirely everything that user has contributed. This only works if it's easier for the moderator to remove the vandalism than it was for the vandal to enter it in the first place, and if there are enough active moderators with this power so the vadalism is taken care of reasonably quickly. Unfortunately the nature of our conferencing software makes this a difficult prospect. Certainly making newuser harder to use seems unlikely to deter a determined vandal (who likely has tons of free time) but may deter the (rare) bona fide new user.
Ah, I see where you got that idea, McNally. No, I was summarizing how I saw as remmers and gelinas suggestions. I should have added a line that I thought that assuming that this person would go away if we closed off newuser was wishful thinking of the most head-in-the-sand variety. See response 36, which is a clearer statement of my current stance.
Regardless of how grex chooses to deal with our vandal, I'm quite certain that that there is no connection with the disgruntled mnet user, because she has extremely limited computer skills. She'd have to enlist help to pull off the stunts "spin" is responsible for.
Ok, thanks cyklone. I doubt that is who it is then.
I agree with cyclone, while she would find it highly humorous.
#29: "It doesn't seem that he's actually reading anything, so we might
be under his radar."
Check this out:
unicorn@grex.cyberspace.org:~% ls -al ~pins | grep coop
-rw-r--r-- 1 pins newpeople 459 Jul 14 22:37 .coop14.cf
It appears he read this very conference late Saturday night. If John
is correct, and this is a well-known user, he may have read it since
that time under his other login. I'm quite certain he's watching our
response, though. It may be that certain aspects of our solution may
need to be discussed privately (private e-mail among staff, or even
in-person communications among those of you in Ann Arbor). Technical
solutions, in particular, may be more difficult to circumvent if he
doesn't know how he's being blocked.
re my comments in resp:11: It seemed it took cross a really long time to get onto the staff, despite his evident Unix skills and willingness to contribute a great deal of effort. I don't think it took so long for some current and past staffers who are personally better known to mdw and steve. It seems the reluctance to add new staffers was done in the name of security. It was my intention to assert that this did not make Grex more secure, but that it instead made Grex less secure. It was not my intention to personally attack anyone. I am a huge admirer of the abilities and efforts of a lot of the staff, specifically including mdw and steve. The Board appears to be moving quickly to accept unicorn into the staff. I find this remarkable. The Board isn't waiting for staff approval before adding a new staff member. I am not sure that's ever been done before. I guess we will all see whether it works out. I am in favor of giving it a try, myself. Grex seems to be in much more danger from staff inactivity than from possibly bringing in an evil staff member.
I really have to agree with the very last sentence in that last paragraph.
Correction to #53, first paragraph: It didn't take long for cross to get on staff the *first* time. After he resigned in a huff and left questions about his suitability as a team player, it took a while for him to get onto staff the *second* time.
I thought it took a while for him to get taken seriously when he first volunteered. Maybe my perception is wrong. If so, I apologize for my error. I understood why it took him a while to be accepted back onto the staff after resigning.
Would rebooting open up the telnet ports?
Grex was rebooted shortly after noon today, and it hasn't helped.
neither has shaving your scrotum
You guys never figured out that spin,pins,nips ect. was cdalten aka"jan"?
But it wasn't. Go to the oldagora conference (aka agora62), and look at item #4, response #215 for the proof. You can also backtrack to the previous responses if you want to see more of the discussion. The real culprit has been behaving himself since then, as far as I've been able to tell, but Chad has taken up where he left off with a vengeance.
hi lar
it was polytarp! soup's right hand!
You have several choices: