Grex Board of Directors Meeting: September 26, 2006
Board Members in Attendance: Mark Conger, Lynne Fremont, Joe Gelinas,
Bruce Howard (by phone), Larry Kestenbaum, John Remmers, and Jan Wolter.
Non Board Members in attendance: Steve Andre, Mary Remmers, Marcus
Watts, drew
OPENING GAVEL TAP
1. Treasurer s Report:
In August we took in $240 and spent $150. We had two new members in
August. So far in September, we have taken in $680 mostly because one
user who has been a big donor in the past purchased a 10-year
membership. There are currently 52 members with 40 paid up. Mark passed
around some State of Michigan paperwork to be filled out by board
members with full names and addresses.
2. Staff Report
We have had a lot of up time lately and mostly Grex has been up. There
are users who are using pearl and C programs to attack other sites. They
often use a program called UDP.PL. It is a program that works on port 80
to attack other sites. It may be necessary to disallow access on port
80. There also continue to be many attempts to break into Grex. We are
off the KVM at provide.net. We may want to consider getting a monitor
and keyboard to keep at provide.net After recent crash, Grex came up all
on its own or maybe with intervention from provide.net staff.
3. Root-granting policy and staff initiatives
Steve reports that he was online and noticed that staff member mic was
editing a ulist so he went to staff.cf and discovered that user cross
was in the ulist for that conference. Then he saw that mic put cross in
the wheel so that cross could work on the password file. At that point
Steve took root access away from both mic and cross. Mic told Steve that
giving cross root access was something discussed in the garage.cf.
The board generally agrees that the main issue is mic giving cross root
access when our policy is to give root only in emergencies
Mark Conger suggested that we should give mic root access back after
further clarifying the policy to him. Mark is pleased to see people
taking initiative.
Some concerns were expressed about the risks involved with working on
the password files. Jan Wolter said that he believed that cross is very
capable and has the technical expertise to take on that task. However,
working on the password files is not an emergency.
There was some discussion about what the board should do about this
situation. Generally the board wishes to encourage initiative but with
caution. The board reviewed the root policy and believes that the policy
is adequate as written.
MOTION: The board values mic and his many contributions to Grex over the
years. The board appoints Mark Conger to discuss policy with mic. The
board gives Mark Conger the authority to re-enable mic s root access.
Moved by Jan Wolter. Seconded by John Remmers. Passed unanimously
4. Old Business
The web contest has a winner. Since there was only one entry there will
be no vote. Slynne will announce winner in agora.cf and will email
samples of web pages to staff. A prize of one year s membership will be
awarded.
5. Next Meeting - 8p Thursday, October 26 at Zingerman s or Mark
Conger s house if Zingerman s is unable to reserve a private room for us
or is not open late enough.
6. New Business
Steve says that we recently had an attack on port 80 that caused
provide.net to take us off the network. Peter at provide.net told Steve
that he was able to stop the attack by black holing packets destined for
Grex. Staff are reviewing many different possible solutions to this
potential future problem. Steve is going to talk to John at provide.net
about this issue. He will also talk to him about some issues we have
with outbound access on port 80
There have been a lot of outbound attacks on port 80. We may have to
consider limiting access to port 80 either by eliminating all access to
newusers or limiting the number of outbound packets.
Mark Conger read the following from coop item 364 response 28:
-------------------------------------------------------------------------
------------------------ nharmon Nathan Harmon response 28 of 41:
Sep 25 19:53 EDT 2006
I just think that more and more people fall into this "I am just a
volunteer" mentality because of the present way staff is organized. And
this is usually helped by instituting order on a professional level so
that instead of being "just a volunteer" you become an "unpaid
professional".
I've volunteered in a lot of organizations, most of which simply did not
accept the answer of "look, I m just a volunteer". I mean, if my CAP
commander called for my availability for SAR sorties, what would I say..
"Gee Major, I don t really feel like flying today, uh, besides im justa
volunteer"? It'd be the last thing I said. Or when I was on a volunteer
fire fighter. Do you think those guys blew off their responsibility? No
way. Or when I taught CPR/First Aid/AED for the Red Cross...what if I
just said "nah, im just a volunteer, ill just not show up at that
class". Yes, you can fire a volunteer, and the Red Cross doesn't have
any problem with doing so.
Now you might say "Gee Nathan, thats different, we're just an
organization on the internet". And I say that is exactly the attitude
you should NOT have. Board of Directors, how many times do you sit down
and think "what is grex NOT doing to promote free speech and free access
on the internet that we COULD be doing right now?" I mean, looking at
the BoD minutes...(this is just my opinion, not trying to be
offensive)...the BoD spends WAAY too much time micromanaging Grex. I
mean, discussion of the PC weasel? You should be discussing
GOALS...planning on how you can better accomplish your mission
statement. Forming committees for initiatives. Need an
initiative?...here is one: What is Grex doing to help promote a neutral
internet?
I say you people need to THINK BIG. Not about becoming big in size, but
rather big in impact. Grex is supposed to be about much more than just
running a BBS.
--------------------------------------------------------------------
Mark would like the board to consider this and perhaps spend some time
thinking about what we want Grex to be. What is the purpose of Grex? We
will discuss this at next meeting.
CLOSING GAVEL TAP
61 responses total.
I don't believe I'm mistaken in thinking that the removal of a board approved, permanent staff member's privileges by another staff member was supposed to be on the agenda for tonight's board meeting. In particular, I'd requested that the board investigate formalizing a policy for such things; since it's not addressed at all by the current root access policy, surely the minutes don't imply that the current policy is sufficient to cover that issue? The granting *of* root access, maybe (I've stated my arguments here several times). But I'm talking specifically now about the *revocation* of those privileges without prior board approval.
Thanks for posting the minutes so quickly, Lynne. I think the consensus of the board was that a staff member needs to be able to act in the best interests of Grex when he feels the system is threatened. In the current case, the dust has now settled, and we can go about resolving the issue. I have written to Mic about it, and we will sort it out.
Surely Steve didn't feel that Mic was a "threat" to grex. I wouldn't be surprised if Mic just quits in disgust.
If STeve had pulled cross' access, explained why to mic, and asked mic not to re-extend that access without discussion, and if mic had been intransigent about it, I would understand STeve's action in pulling mic's access. It is a judgement STeve had to make about the threat to Grex. I think policy is a good guide to judgement in just such a situation, and there is no policy that says basically "because we have set up a system to very carefully select trustworthy persons to be staff, do not revoke another staff member's access unless they are doing something immediately harmful to Grex which can only be stopped by removal of that access, or if they otherwise demonstrate that they have gained staff privileges under false pretenses and harbor ill intent towards Grex. Also, in the event staff privileges are revoked in a judgement call, should that judgement be shown to be either incorrect or over-harsh, privileges should be restored as soon as possible in order to retain the good will of all of the qualified volunteers of whom we have asked service in a staff capacity."
Hmmm...maybe that issue needs a bit more thinking about. The board was unanimous in thinking that Mic's grant of root to Dan was improper from a procedural point of view. But there was no ill intent and no harm done, so we really weren't especially upset. We didn't really discuss STeve's yanking of Mic's root. I'm not sure whether or not I would have done the same thing in STeve's shoes. He saw Mic giving Dan root, didn't know why or what was going on, so he acted to shut it all down. Completely understandable. But what is the policy on roots removing root access from other roots? If Mic had got the the /etc/group file first, would it have been OK for him to yank STeve's root access? I don't think that the board is going to want to take any further action on this particular incident, but maybe we should give at least some consideration to whether there should be some sort of policy on roots yanking root from other roots. Only I can't think of what that policy would be. If you want to formally authorize it under any circumstances, then you really need to establish a formal hierarchy of roots. After all, it is only going to happen when two roots disagree, and then you have to decide who has the authority to boot whom, which means a hierarchy. I don't think we want a hierarchy. Lacking that, then the only real way the board can address this is by working with staff to find ways that staff can do a better job of communicating with each other, so that we can all get on the same page before we start sudo-ing. The board DID discuss that, though we didn't really draw much of any conclusions. This whole incident really speaks of a communication breakdown among staff more than anything else, and we do need to work on that. But communication has gotten a lot harder. We used to have monthly staff meetings. But several of our staff are now pretty far apart. Should we do conference calls or something instead? Many of the staff (including me) are sufficiently distracted that we don't communicate very well at all.
I would sure like to see everyone take a break from this issue for a few days. Maybe it'll settle down a bit and everyone can treat it in a more reasonable manner. It seems to me like a series of overreactions, with each person pushing things just a little further away from where they should be. I am happy Mark will be talking with Mic about what happened. I expect and hope he'll be able to smooth things over with Mic. This all seems to me like an electronic pushing match between Dan and STeve, more than anything. Personally I respect and admire both of these gentlemen. I wish they felt that way about each other. There is one discussion which has happened in 3 items now that I know of, and maybe a couple more that I haven't been following. That's not a good way to get a reasonable settlement for a disagreement.
This all seems to me like an electronic pushing match between Dan and STeve, more than anything. I think it was a cop-out to ignore the fact that STeve yanked mic's access without explanation. Its also a misrepresentation to present the password hash standardization as "not an emergency". If the informal stance of staff and the board is that nothing will be improved upon unless its an emergency then say it. Don't waste staff volunteers' time by letting them think they can improve the system when the truth is that they can't do anything without prior written approval by self appointed capo de tutti capo staffers. It is pretty transparent that there is a trust issue at the root of this problem.
> I think it was a cop-out to ignore the fact that STeve yanked mic's > access without explanation cronyism.....pure and simple.
I don't think Jan is the crony type. I'm assuming he doesn't know that spooked was basically treated like dirt.
I was not treated perfectly, but the world is not a perfect place (and I am far from perfect). STeve: if you can apologise, it would be appreciated - I believe your intentions were not sinister, but I did not appreciate your rashness (and, more so, lack of communication since the episode). Nevetheless, I'm not going to resign either way. We all make mistakes, and can learn from them. At the end of the day, if we care about Grex we will cooperate better as a team - this includes following procedure, encouraging initiative (within reasonable parameters), and interacting more civally and respectfully.
Good for you Mic!
Regarding #5; The membership explicitly requested that Steve pulling Mic's access be on the agenda. I'm very disappointed that it wasn't really addressed, paricularly since it wasn't immediately restored. If Steve truly felt that grex was in danger, then he surely did the right thing in the moment. But then it surely became clear that the immediate cause of the incident was a communication breakdown and a difference of policy interpretation and not any malicious intent. It is clear Mic wouldn't have done the same thing again. Now, the board has met and agreed on an interpretation of the policy which clearly implies that both Mic and myself were wrong with our interpretations. (I do wish they'd update the language a bit to be more explicit, but hey, you can't win 'em all.) But no where in this fiasco has *anyone* thought that anyone else was acting maliciously, trying to hurt the system, or doing *anything* permanently damaging. Well, maybe that was Steve's initial reaction, but I hope he quickly came to see that that wasn't the case. Why, then, the delay? This is what has come to concern me more than anything else at this point. And actually, it's not even really about this episode: it's about the lack of a generic policy around this matter. If someone gets confused and sees someone installing a new version of emacs, are they going to cut off their access until the next board meeting? I certainly hope not! If Mic felt that Steve was purposely damaging the system, then yes, he'd be justified in yanking his access. If after the evidence was presented it was clear that Mic had been wrong, then surely Steve's access should be restored. Any delay in that would be an insult. I don't believe a hierarchy is necessary, and I certainly don't believe one is desirable. A liason position along the lines of that posed by eprom and nharmon might not be a bad idea, but is somewhat different. Certainly, a policy along the lines of what Eric was proposing cannot but be a good thing. Regarding #6; I have plenty of respect and admiration for Steve. I thought I'd made that clear since this incident happened. I just think he was wrong. It's nothig personal. I do think Todd is right that it's a bit of a cop-out not to discuss Steve's actions. Besides, I'd say this episode is almost over. But I do feel strongly that the issue of when and under what circumstances staff can revoke the access of other staff needs to be addressed. Regarding #9; I agree. Regarding #10; You are a bigger man than I. I quit staff because I felt insulted by a board member who makes little bones about having a personal dislike for me.
re #12 If Steve truly felt that grex was in danger, then he surely did the right thing in the moment. But then it surely became clear that the immediate cause of the incident was a communication breakdown and a difference of policy interpretation and not any malicious intent. I agree. And don't call me Shirley.
Mic's access to root will be restored momentarily. Dan: The delay in responding was because the board meeting was scheduled for Tuesday, adn it was a lot easier to sort out what to do then. So we waited a couple of days until the meeting.
I suppose if Mic was aware of that that's one thing.
Mic wasn't aware of that..... but, Mic's not focusing on the rather poor handling of that historical episode.
Mic's root access has been restored. Root long and prosper.
Root the ones you love.
Roto-rooter.
Root wart
*roots*
A round of root beer for everyone!
wow, nate; i'm impressed. i've never had anything that i've written on BBS be read aloud at a board meeting.
re resp:12: Dan said: --- Regarding #5; The membership explicitly requested that Steve pulling Mic's access be on the agenda. I'm very disappointed that it wasn't really addressed, paricularly since it wasn't immediately restored. --- Ahem. "The membership" speaks only through elections or user initiatives. Say "a member explicitly requested..." or "a couple of members requested..." and that statement becomes accurate. Otherwise you have no right to speak for "the membership". The Board does that.
re #24 Ahem. "The membership" speaks only through elections or user initiatives. Say "a member explicitly requested..." or "a couple of members requested..." and that statement becomes accurate. Otherwise you have no right to speak for "the membership". The Board does that. Nice way to explain why nobody gives a shit why a couple great staff folks quit. *golf clap*
Yeah, #24 should be mandatory reading for all. It pretty much sums up many of grex's problems in ways probably not intended.
I find nothing to disagree with in #24. I think its relevance is limited (pertaining only to the fact that in #5 Dan wrote that "the membership" requested something rather than writing "a member" or "some members") but jep makes a good point. There's no cause for sloppy writing or sloppy thinking.
Semantics. It only spins the conversation away from the Board's inaction toward resolving a rogue staff.
I agree that jep has a point; I could have phrased that better. But, the readership (better?) requested that something be discussed at a board meeting, and someone should have discussed it. Further, the board doesn't speak for the membership: the membership speaks for the membership, and the board listens. That said, I agree that quibbling over semantics isn't going to solve any of the problems with grex which, it is becoming apparant, run very deep.
yeah ; "readership" is probably the most accurate.
Or maybe, "members of the readership" or "elements of the readership"
Re #28: Exactly!
re #28: > It only spins the conversation away from the Board's inaction > toward resolving a rogue staff. Can you be a little clearer who you're referring to? I wouldn't use the term "rogue staff" to describe either of the two principal players (mic or steve) in the latest incident. Also, if you're going to be critical of "inaction", then what action is it that you want to see the board take? Reduce their pay? Put an official letter of reprimand in their Permanent Record? Ground them for 48 hours and impose a curfew for the rest of the month?
What's the succession plan if STeve has a heart attack? Janc? Train more staff on more stuff. Implement plans that further that goal. Is the status quo the best way to increase staff? I doubt it.
The situation appears to me to have been resolved between steve and spooked. Mistakes were made aplenty. That happens sometimes. With good will it is sometimes possible to work things out. That has happened, with some assistance from aruba and the couragement of the Board. I see no reason why I should be unsatisfied with what has been done to work out the issue. STeve has been part of Grex since the beginning. He's trustworthy, technically excellent, not as diligent as he used to be but geez it's been 15 years and he's still here. We're lucky to have him. I think so and I think almost everyone would agree. Now, what should be done differently? And why? About the request that they "discuss" the steve/spooked/cross thing... when has the Board *ever* acted hastily on anything? I can't recall a case. They deliberate and discuss and take their time. Usually by the time they get around to doing anything, it's clear to everyone that it's what they're going to do and most agree it's what they ought to do. They try to do what the membership wants and what will allow Grex to survive. I couldn't stand to be part of a Board that works that way myself, but... well... I'm not *on* the Board. It doesn't keep me from recognizing the way that it operates, nor from noticing it's worked pretty well for 15 years.
re resp:34: What are your suggestions?
A technical committee and change control processes would be a good place to start. The garage cf has some good ideas simmering and if people don't know how to get them implemented then a technical committee should embrace that challenge and document the procedures everyone on staff can agree to.
Regarding #35; I don't think it's been resolved. Mic quit from staff pending an apology from Steve that, unless I missed something, never came. Let's give Steve the benefit of the doubt and assume he's busy, but still...it's hardly been "resolved." This isn't a beat up on Steve issue. It's really not. It's about how to prevent things like this from happening in the future. Who cares when the board has or has not acted hastily? They have always put things on the agenda that people have requested be on the agenda. They didn't this time. What's up with that? Regarding #37; That's a good start. But, let's all be perfectly honest here: how many people think Grex is actually going to change something that goes against the personal opinions of either Steve or Marcus?
THe board made a mistake by not discussing the question of when one staffer should remove another staffer's privileges; it wasn't a premeditated mistake - we just forgot to discuss it. So I apologize for that.
One example, Dan, is that both STeve and Marcus thought it was a horrible idea to move to our new location and out of the Pumpkin. Staff and board discussed it and the decision was to move. That's a biggie and just one example. I've been present for a lot of discussions where major (and minor) decisions were made and I don't fault STeve if things went his way. There are a lot of people involved in important discussions. They hold the responsibility for all final decisions, not STeve.
re #40 That's why I'm suggesting a tech committee with change control responsibilities because if something gets hung up due to someone on the committee then it can be formally addressed in board meeting minutes rather than buried somewhere in coop cf and garage cf like it currently is.
Regarding #40; I was referring specifically to grex's hardware and software. What does colocation have to do with that? I suppose you could argue that both Marcus and Steve wanted to go with more SPARC hardware, but in the end we ended up on an AMD x86 machine anyway. Good for us. Aside from the hardware problems from not buying server-class machinery, we've actually done well with it. But the fact of the matter is that, for the most part, if Steve and Marcus want to make a change, they say, "I'm going to change this...." and go and do it. Like Steve resizing the disk partitions so that we had less space on /a and /c and more log space. I was on staff at the time; I don't remember any forward discussion of that AT ALL. Steve just did it because it made sense to him (and so that we could, potentially, back up user filesystems to DVD instead of tape. To my knowledge, this has never happened once). Or Steve buying non-ECC memory when *all* prior discussion had specified ECC memory (which, it turns out, was pretty important). Or installing PicoSpan after everyone had decided to go live with fronttalk - no one even knows if grex can legally use PicoSpan, after all. So I'll retract my earlier statement: some decisions have been made against the better judgement of Steve and Marcus. Most have not.
<aside> Grex has a license to Picospan. We can certainly use it. What we don't know is whether we can legally alter it. </aside>
Really? Where did grex get a PicoSpan licence in 1991?
re #44 It was a work in progress.
Hmm. Yeah, I thought NETI was a non-entity by that point.
I remember that Mike Myers and Marcus Watts had an agreement with NETI that allowed them to continue to distribute Picospan after NETI went under. I suspect that that agreement was never formally terminated, but presumably if they did sell a copy, then some payment would have to be transfered to NETI, something which would at this point be impossible to do, but probably would still have been possible in 1991. Of course, no payment was made so far as I know. It's possible that Marcus got approval to donate a copy from the same people who allowed Mike and him to sell copies after NETI's demise. I have no way of knowing. I wasn't associated with Grex in 1991. If you really want to know if it's a problem, I suggest you contact the former president of NETI. Larry Brilliant is now running the Google foundation, one of the bigger charitable institutions in the world, so he is easy to find. I think it's a pretty good bet that he'd tell us not to worry about it.
I wonder, if the former president of NETI had no problem with open sourcing the PicoSpan code, if such a thing could be done? Rather, *would* the participants be willing to do so?
NETI was a fat bottom girl that made the rockin world go round
Yeah, but flat bottom girls never make 60 year old Sikh men dance to Bhangra.
I should also say that the person who supplied Picospan to Grex, Marcus, has stated that Grex does have a valid license. Generally, when a software supplier assures me that I have a valid license, I don't keep worrying about it, and I don't feel morally obligated to run an investigation into the supplier's business affairs to ensure that he really had the right to make such assignments. Marcus says it's OK, and it's plausible that it is OK. That's good enough for me. If the heirs of NETI, whoever they may be, ever decide to sue Marcus for improperly distributing copies of Picospan (I'm sure they could collect as much as 47 cents if they could prove it) then that would be between them and Marcus. Cyberspace Communications has acted properly.
> Generally, when a software supplier assures me that I have a valid > license, I don't keep worrying about it, and I don't feel morally > obligated to run an investigation into the supplier's business affairs > to ensure that he really had the right to make such assignments. Where I work we have a policy entitled "Vendor/Supplier Due Diligence" and it includes some of those things.
Question: When a licensor goes under, who is responsible for enforcing the terms of the licence?
I think a contract or license on paper is always a good thing to have because you never know who is going to be around years later to know the facts. re #53 That would be defined in the license as clauses. The only obligation they would have is to ensure transfer of the digital materials to the licensee. Any changes would have to be covered in the license as a clause or specifically address "authorized users" and "limitations".
I'm really curious if someone could get the code open sourced.
Re: #54. What I mean is, who is responsible for making sure that the licensee abides by the terms?
re #56 The licensor of course! If you don't protect your licenses or copyrights then you risk them going into public domain.
In other words, if a licensor goes bust and no-one buys the rights to be a licensor, they DO go into the PD?
I would think so. This would be a case where our warped idea of "intellectual property" has twisted what copyright is. Everything is in the public domain, only the government grants exclusive rights to the inventor for a limited period of time. It isn't the inventor that OWNs the intellectual property, but rather the inventor has a license from the government saying he/she has exclusive rights to use it.
While I agree that's a reasonable interpretation of the Constitution, as a practical matter, it means little when Disney lobbies for an extension every time Mickey's about to fall into the public domain.
re #58 If people use the licensed item without dispute for a long enough period then yes it goes into PD. re #60 There is a fine distinction with Mickey because he was animated "with sound". There were mice before him like "Miky Mouse" (which Walt stole outright from a Jewish toy maker in Ohio) prior to 1923..those would be public domain and ripe for "any kind of usage". >:)
You have several choices: