This item is for discussion of Grex's current problems with e-mail, and possible future directions Grex might take with e-mail service. The goal is to keep large-scale, big-picture discussion out of item:4, the "System Problems" item.480 responses total.
What I wanted to tell Sindi is that e-mail systems everywhere are staggering under the load of incoming spam, and network services everywhere are plagued with problems with outgoing spam. What's happening is not a Grex-specific problem. Just in the last week, I think I have seen a 30-50% spike in the amount of spam arriving at my work address.
I only use Grexmail to communicate with other Grexers. What would be an easy way of redirecting email not from Grex to /dev/null?
Re 1: That's interesting because we're seeing the same trend at my workplace. At this rate, the whole system will be overwhelmed in just a few months.
I work for a computer services company- and we've had several of our clients also complaining in a huge increase in spam.
We have to stop them before they fill up the tubes with internets!
Re #2: I believe I would like to do that too. Do Internet email messages have any kind of indelible post- mark to indicate its source? I understand the From: field is trivial to forge, but are they marked with a source IP address? Can Grex be configured to refuse connections from certain IP addresses or networks?
Procmail can easily refuse mail from any IP number, or from senders on various blacklists such as NJBL, SORBS, etc. The problem is that places like grex end up on these lists when one spammer abuses them. I just add more IP numbers when spam starts slipping through, but this week's spammer is mailing from all over the place. I think today I got about 30-40 Hi messages all addressed to some name starting in k, so I filtered on that. Some of the k names were keesan but most were not. I presume other people are getting other letters of the alphabet. And many of my other spams have started arriving in triplicate (every few hours) in the past week or two - @grex, cyberspace, and grex.cyberspace. Most mail providers use a spam filter by default. You might be able to turn it off at some places. Would this work for grex? Why is there no inbox size limit on some accounts?
I wouldn't be surprised if some of the spams that seem to come from all (IP) directions at once were generated by machines that have been infected or otherwise compromised. :-(
A huge amount of the spam that reaches your mailbox originates from "zombie" or "bot" machines -- ordinary homeowner's computers that are infected deliberately by a spammer using a customized virus or worm that gives him control over the machine. They do this largely for two reasons: (1) it makes IP-based blocking of spam sources much harder because the spam comes from hundreds of thousands, possibly millions, of sources, and (2) when a computer gets blocked for spamming or its ISP shuts it down, the virus victims are the ones affected, not the spammers.
That was my suspicion. MS Windows has a lot to answer for.
I suspect it's time we do what M-Net did and go to local mail only. There are loads of free email providers out there. The problems with email have exploded over the past five years or so. Trying to solve them here will put a strain on our staff resources and I don't think mail should be the priority.
I don't think M-Net has even local mail, does it? I think they shut down mail completely.
I use grex email because I can turn on my computer, boot into DOS, dial grex directly, and be into mail in about 30 seconds. I can't do that if I have to ssh from grex to my other account at freeshell - it doubles the time that it takes to check mail. And freeshell does not have spamassassin. Obviously a lot of other people also use their mail here, or there would be no discussion.
So ssh'ing to another email provider doubles your time to 60 seconds instead of 30? That hardly sounds like an inconvenience.
It is an inconvenience. And grex has better spam filtering available. Freeshell offers a 'filter' that throws out all mail with html in it.
But you want staff to devote hours of time to save you 30 seconds of login time. That hardly seems rational or justifiable to me.
No, I want staff to do something so everyone can use grex mail, maybe even new users eventually. Obviously a lot of us still want to use it. And you continue to ignore my comments on the lack of a spam filter at freeshell.
Ideally I would like Grex to have mail working both locally and for the Internet. I understand that given the nature of the problem and the limited resources that Grex has, that may not be practical. If Internet email were disabled, I hope that local email could continue to work because I find it a useful way to keep in touch with other Grexers. If it ever came down to a choice between no email (of either kind) and no Grex, I would be grateful for the years that we had email and thankful that Grex were still around. My 2p worth. Are there any inexpensive dial-up Internet services that adhere to the appropriate standards, so that people could dial in using DOS, BSD or Linux? Earthlink works, but it's almost as expensive as DSL.
VTISP - 5 hours/day, no phone support, no email, no webspace, $40/year, and it is working for a friend in a rural area of Kentucky. They have phone coverage for most of the country. For $5/month you can probably find something with no time limit. Search on 'cheap ISP'.
My DSL service probably comes with email and Internet news if their registration system were not Windows-only. :-/ Never mind, at least it gets me on the net.
Re #17: Your freeshell account is kind of irrelevant to the overall decision-making process of grex.
I would hate to see Grex eliminate email. I don't read email here anymore, but my cyberspace.org address is convenient because I can forward it to whatever ISP I'm currently using.
Has anyone else been getting tons of spam from 'debora-something/variant'? I've probably gotten 150-200 of them just this week! Every time I log in, I have probably 10-20 or more of them.
Yes, lots of Deborahs. Why don't you set up a filter to get rid of them, using procmail. Just dump anything From Deborah. Spamassassin gets most of my Debora mail. I set up a sample procmailrc.sample and procmailrc.simple (not as many additional filters). Copy to your home directory as .procmailrc and also copy .forward and you will see 90% less spam. I can explain how to eliminate anything from Deborah if you can't figure it out. I forget what Deborah is selling - viagra or stocks?
My procmail log shows 27 Deborahs since midnight, some Hi Keesan and then they switched to just a random name. This would come to about 200 per week so your estimate might even be low. Even a crazy spammer would not be sending out this many spams so maybe it has infected other machines?
I haven't set up any spam filters; I'm not that computer literate! Besides a few very basic things here-everything else is mysterious to me.
This response has been erased.
But I just explained how to copy over a working filter to keep all the Deborahs out of your mailbox. cp /a/k/e/keesan/procmailrc.simple .procmailrc then pico .procmailrc and change keesan to denise, then cp /a/k/e/keesan/.forward .forward. This copies my two files and changes one of them to work for you. Do you know how to use pico to edit? I presume you use it in your mail (with pine). This should take you a minute or two. Then when using pine you type L to get a choice of seeing what is in your Inbox or what is in your Spam folder. And you get a list of what went where: less ~/mail/from shows you the list and you can delete 'from' every day. The sample filter only dumps anything with 5 spam points and the rest goes into the spam folder. I use 3 points, which works better, and you can change it to that.
Sindi, I don't know how to use pico or any other editing program and though I've heard the term 'pine', I have no idea what that is [besides a type of tree]. Maybe that's partly why I rarely use mail here on grex; I am more comfortable with the mail I use on my non-grex account. But I get much more spam here, probably because of the spam filters they use...
I think it's amazingly wonderful that despite the fact Denise doesn't edit, her responses are clear, typo and spelling error-free. I use an editor and wish I could pull that off.
People who grew up with pen and paper tend to write slowly and purposefully. Kids like me grew up with word processors, and often we type faster than we think. *smile*
And TS, please realize that when you repost something like #27 you are simply acting as selfish as the original poster. Worse, actually, as you should know better. Don't make me filter you again.
Threatening to filter people is childish, IMO.
Is it? I mean, if someone threatened *me* with filtering, most likely it wouldnt alter my behavior. But I might appreciate being told that I was being filtered.
Yeah, threatening to filter is childish in a bossy "i wont be your friend unless you do X" sort of way. If you're going to filter, be done with it. But don't play these games where you threaten to filter someone because you don't like what they say.
Denise, I can edit the procmailrc file for you if you can manage to copy it to your own directory. Let me know. cp ~keesan/procmail.denise .procmailrc and then cp ~keesan/.forward . but you have to be at a prompt to do this, not a menu. I wish someone in staff would set up a filter that people can use who don't know how to edit, by just typing change and following instructions. I am still getting floods of debora and also est* and akst* .
Oh, I'll still be his friend. I just won't be reading re-floods.
resp:35 I think that some people do use the threat of filtering in a bossy way but I also think it is something of a courtesy to let people know you are considering filtering them. In fact, I generally dont tell people when I stop paying attention to them because I dont care enough about them to give them that courtesy. I suppose some people might actually believe that they are so important that it will come as a real blow to others to hear that they are being filtered. But mostly, I think people tell others when they do it to give others the opportunity to change their behavior if they wish to. I dont tell people because I am mean and I dont care if the socially retarded figure stuff out. Anyways, I guess what I find is funny is that you are calling a certain behavior childish which suggests that you think its opposite (i.e. NOT telling someone when they are going to be filtered) is a particularly mature behavior. It is funny because I engage in just that behavior but motivated not by any "taking the high road" sense. My motivation is pure and utter indifference to the feelings of certain others. It is unkind and has nothing to do with maturity at all.
Re: 30 Thanks, Mary! :-) Re:36 Sindi, I do use the menu options, so I don't know how to get the other prompts that I would probably need to copy and such. Thanks for offering to help, though.
Could someone who uses the menu explain how to get to a prompt that lets someone copy files? It would really help people like denise if there were a simple command in the menu that would set up a spam filter.
The "R)un a UNIX Program" option could be used for this, I suppose. (For a sequence of commands, give a shell like bash as the program to run.)
re #32 ................................again ?????????????????????????
Does "!/bin/sh" work from the menu prompt?
Yes.
Tidy :-)
Would all this spam mail go away if one was to get a new account [and never using email to begin with]?
If you got a new account and were a paying member, and never gave anyone except trusted friends your email address, you could send mail to them, and probably also receive mail without getting spam. If you are not a paying member you would be a new user and could not send mail except locally from a new account. And your old account would continue to receive spam for at least three months until it got deleted. But sometimes worms get hold of your email address in other people's address books - can spammers find you that way?
Yes they can, not least because worms can report back to
spammers and other criminals. It may help a little to create
a username that is not an ordinary English word, since
spammers are likely to try {dictionary}@cyberspace.org
I have seen e-mail systems where recipients of e-mail must authorize accepting e-mail from all correspondents. This is, of course, only a filter on from addresses, but it should drastically cut down spam from major lists. Is this implementable here?
Challenge-response systems are a bad idea; they produce what is known as "outscatter". (A spammer sends an email posing as a user of a large system; the c/r system sends a challenge to that user. That challenge is unsolicited bulk email being sent to that innocent user whose email address has been fraudulently used without his/her knowledge.)
re #47 Direct Harvest Attacks can guess email addresses through mailserver responses.
True. But first, but what fraction of spam is spoofed e-mail? If it is a small fraction, then the net result would be a significant reduction in spam (so long as the recipent's system automatically rejects denied source addresses). Then spoofed e-mail would indeed be redirected to an innocent user, but that e-mail would be from him/her self, which could be flagged for automatic rejection. Would not being able to send yourself e-mail be a major hardship?
#51 slipped in. #52 responds to #50.
Rane, the email would not be from him/herself but from the intended recipient of the spam. You couldn't block the receipt of challenges without preventing yourself from being able to send to people who use c/r systems, but unless you do you open yourself to being the recipient of floods of challenges when a spammer happens to use your email address as the alleged sender of a spam.
It seems to me that the vast majority of spam and UCE has a spoofed from: address. Not being able to send to myself would be an inconvenience because I have a poor memory and frequently email myself notes.
To some being unable to send email to themself would be a hardship. I often do homework at a work or school computer and email it to myself as a backup. This has often proven to be a lifesaver when I either couldn't use or lost the media it was saved on, i.e. one time I spent quite a bit of time on an assignment at work but didn't have time to print it. I saved it to a zip drive, the work computer didn't have a floppy drive. I went into the lab at school to print it out (I got there about 10 min before class started) to discover that not only were the computer science lab computers still using Win98 (WCC was using WinXP by then), but they had not zip drives. I just grabbed the copy I sent myself from email, printed it and still had time to grab a cup of coffee before class started.
Don't your e-mail programs have a "sent mail" file? Certainly the programs could have a "save copy" option that does not "send" the e-mail. Mine has a postpone command, which saves the unfinished copy until I retrieve it. I'm talking here about changing e-mail systems to suppress spam. How they currently work is not an argument against modifying the systems. Re #55: I would think that spoofed e-mail is the minority, but I may be wrong. Do you have data to show it is the majority? Re #54: Let's keep it straight who is on first and who is on second.... Say, I am "A" and a spoofer sends me mail apparently from "B", who is in my OK file. I will receive it, recognize it as spam, and write to B to tell them they have been spoofed and to change their e-mail address and let me know so I can update my file. Since they have a similar file, they can inform everyone on it that they have changed their e-mail address. It would be desirable to have a convenient way to automate this. E-mail addresses would have to be easily changed. If B is not in my OK file, they will get a c/r message, and have to jump through the hoops to contact me and ask me to put them in my OK file. In any case - there should be more effective and easily employed strategies invented to halt spam. The current situation appears to be one where people have given up. I'm only making suggestions, perhaps feeble ones, because the current situation is untenable.
Spamassassin is getting most of my spam, but I have been adding a new filter every day for stock spam, which mutates a lot.
You should not have to fight spam on a daily basis. There should be a universal solution - like the idea to charge a small fee for every e-mail sent, say $0.001, or whatever will make untargeted advertising unprofitable.
Re #57: I use (and very much like) the Berkeley mail program, which doesn't have a sent mail folder. Any messages that I want to keep a copy of, I simply cc to myself. I spend time every day deleting plenty of UCE with spoofed from: headers. If you like, I can certainly forward some to you. Spam- Assassin has helped a lot, but as keesan suggests, the volume just keeps going up. I may tweak my score setting.
Yikes! Changing your email address every time you get a spoofed email! I'd go crazy trying to keep business cards and stationery up to date, to say nothing of notifying friends. How would people I gave my email address to last week get in touch with me? That's like saying I should change my phone number every time I get a marketing call. And, no I do not want to pay google, or ATT or anyone else to send emails! Perhaps someone could offer a spam-free premium email service, that people like Rane and Sindi could subcribe to and pay for. For me, prudent use of my email on the net keeps most of my emails clean. As for the rest, the delete key works. It takes just a few seconds.
Rane, the problem is that when you receive a message spoofed to appear to be from C (who is not in your OK file), you will send C a challenge. If 100 messages were sent purporting to be from C, C receives 100 challenges (from 100 different users). That is the huge flaw with challenge/response systems.
Rane in #57: > Re #55: I would think that spoofed e-mail is the minority, but I may be > wrong. Do you have data to show it is the majority? I don't have data, but I handle spam complaints as part of my job, and my experience is that the amount of spam with spoofed "From:" addresses is, for a first cut approximation, 100%. Forging the "From:" address is trivial, if you know SMTP (Simple Mail Transfer Protocol). The protocol has no requirement that the FROM: field have any relationship to the actual sender of the message. Spammers stopped using their own From: addresses long ago, as soon as pushback from the spam recipients started coming back at them.
Most mail providers use a spam filter by default. Some (AOL?) use continuous feedback from users to tune the filter. Grex and sdf are exceptions. Today no spam slipped through my filter.
This situation, and the responses here opposed to apparently all "cures" for spam reminds me of the acceptance of the 40,000 annual deaths in auto accidents, because of the inconveniences that would result from any attempt to decrease the number of deaths. I'm guilty of this too. I find it "cheap" to just delete the spam - so far. But I don't argue, as others seem to here, against all proposals to eliminate spam, without coming up with workable alternatives. If you don't like my (probably partial) solutions, what are yours? (Ask the same about auto accident deaths.) There occurs interesting evolutions in the nature of spam. The Nigerian frauds are way down and now it is investments - which, incidentally, don't seem to provide any way to respond even if you wanted to. They don't even ask you to do anything.
re #65: The thing is, that smarter people than you, ones who actually know how e-mail works, understand the issues, and aren't making wildly incorrect guesses about the nature and quantity of spam, have been trying for years to solve this problem. It's a hard problem: it combines technological, economic, and sociological challenges, and that's just for starters. If some of us seem a little jaded and unenthusiastic about your suggestions it's not because we're not open to the idea of a solution -- for some of us whose work involves combatting the problem very little could please us more. It's because we've long ago considered and rejected as flawed all the easy solutions and some which are not so easy. The countermeasures we've tried to adopt have worked, to varying degrees, for limited times, until the adversaries in the spam-sending world figured out ways to circumvent them. You're an accomplished expert in your own field. Most of us recognize that. Give us a little benefit of the doubt, too, and don't assume that a half our of uninformed theorizing on your part is going to revolutionize the fight against spam..
I agree, I'm a e-mail system dummy. But it is still my duty as a citizen to raise the issue in any way I can, even by offering unworkable solutions. It is better to be part of the outcry against spam than to just sit back and suffer from it. Nothing I do will *revolutionize* the fight against spam, but it might raise more advocacy against it. The "professionals" at least appear to be too complacent. Maybe we need to get a better crop of "professionals" that better appreciate the waste of time and other resources engendered by spam.
Here's a background article discussing a recent group of "spambots" which are behind the recent surge in spam activity: http://www.eweek.com/article2/0,1895,2060235,00.asp Headline: "Pump-and-Dump" Spam Surge Linked to Russian Bot Herders" (pump-and-dump is a type of stock market scam) Ultimately the current spam problem is Bill Gates' fault, because the vast majority of Windows 2000 and XP computers are not properly secured -- and cannot be secured given the skill levels of their owners. (That's not a joke; I recall articles in the trade press predicting that the release of Windows 2000 was going to be a disaster for network security.) There was a fundamental assumption when the Internet e-mail protocols were designed: nearly every computer on the network would have a benign and competent administrator.
Re resp:67: If you had spent some time on email lists of groups that are trying to come up with ways to fight spam, as I have, you'd know that that's not the case. People aren't complacent about this. They know the cost is huge. They're desperately searching for solutions. But there's no simple way to solve it. Many simplistic attempts, like challenge-response systems, actually ended up making the problem worse. This is a complicated issue and the way forward is not easy. Please give other people a little credit, for once.
Show some progress, for once.
You wouldn't be able to see any progress from your viewpoint. You have no idea how many spams you didn't get because professionals have been trying out solutions that worked. I suspect the fact that I can still use my grex email account that is more than 10 years old and has fewer than 10 spam messages a day is because professionals have been making progres. Would you care to devise an experiment that proves they haven't made any progress?
I look at my Grex inbox, with ca. 40 spams a day, and I see no progress in slowing it. Almost all the spam I'm getting now is in the same format, e.g.: Nov 17 Christa Rhodes (1849) Rhodes message Why hasn't all of these been filtered out from incoming mail to Grex?
Because you haven't set up your spam filter? I don't filter my emails. In spite of the exponential growth in spam, I still see about the same amount as last year. Seems to me that the rate that spam is increasing is far higher than the rate that spam fills my mailbox.
This response has been erased.
Yeah, maybe we should make filtering of tsty the default? No...I am not seriously suggesting that but Geez-o-peets.
He is becoming a system problem, however. I suppose it's his naive "the squeaky wheel gets the grease" logic.
i think peats has a system problem i mean tsty
He's looking for attention; too bad for us he has to be obnoxious about it.
so why don't you guys complain this much about herasleftnut, who is the instigator of this.
When is the last time he crapped up the cf? I'm sorry ts has somehow got a problem blocking messages. Hopefully someone will have some helpful ideas. I thought some had been posted already.
yeah, I have a problem blocking messages as well, and staff is unable to tell m me how to fix it. If they can't fix my conferencing problems, why can't tehy a do something about people who abuse the system.
you type mesg n, bru. just make sure you don't write him back
can't. it screwz up my whole tel session.
Re resp:70: This is like asking physicists why they haven't shown some progress towards unifying General Relativity and Quantum Mechanics, or asking why world hunger hasn't been solved yet. This is a complex problem. Spammers are constantly changing their techniques to evade filters, which are trying to block spam without blocking legitimate messages. Additionally, the volume of spam being sent is continually growing, so even if filters are effective, they often only slow the rate of increase. There's never going to be a complete solution to the spam problem unless people can be convinced to completely abandon email as it exists today and use something else. That seems unlikely to happen any time soon. For that matter, the problem of junk mail in real mail boxes has been around even longer, and no one has solved that one yet, either. Stop assuming that everyone in the world except you is incompetent.
It costs money to send paper junk mail, so there is much less of it, and most of it comes from real and mostly reputable companies, who will take you off their junk mail lists if you ask, or tell you where they bought their lists so you can argue with the list supplier about it. Companies will also stop sending you unwanted emails (don't give them your address when they ask for it) but spammers will not, and it costs them almost nothing to send out 50 spams per recipient per day.
And yet, in spite of this differences, people still get junk mail. I tried putting my name on one of the no-junk-mail lists, and it was marginally effective at best. So even in that easier scenario, there isn't a perfect solution.
crucifying the messenger is soooooooooooooooooo much easier. there is an exploit, apparently: tsty: spew arrives.... how sweet the smell herasleftnut: blocks dont work if I suspsend the shell during the flood herasleftnut: its a long spanding bug herasleftnut: that steve is stupid to fix herasleftnut: .honkey
Physical junk mail is very different from spam. Comparing them is not particularly helpful.
No, it isn't. Just like comparing it to telephone advertising isn't helpful at all either. "But what if we had a national do-not-spam list???" AUGH.
T R I P L E T S !!!!
grex% f -m shutthefuckupkarenz
Login: shutthefuckupkarenz Name: la la la
Directory: /a/s/h/shutthefuckupkarenz Shell: /bin/csh
Last login Tue Nov 21 17:08 (EST) on ttypb from 66-52-181-171.oak.dasdial.com
No Mail.
No Plan.
grex% f -m herasleftnut
Login: herasleftnut Name: Dr Kim L
Directory: /a/h/e/herasleftnut Shell: /bin/csh
Last login Tue Nov 21 21:24 (EST) on ttypf from 66-52-181-187.oak.dasdial.com
Mail last read Tue Nov 21 22:23 2006 (EST)
No Plan.
grex% f -m krjsucksdick
Login: krjsucksdick Name: da
Directory: /a/k/r/krjsucksdick Shell: /bin/csh
Last login Tue Nov 21 16:16 (EST) on ttyp5 from 66-52-181-171.oak.dasdial.com
No Mail.
No Plan.
grex%
and WITH a plan:
Dear fatass nigger (aka aliz),
Unlike your homosexual ass that does nothing but waste bandwidth on grex, I
use this place to continue to abuse Jan's tel message. My final goal is get
to the point where I can totally break this fucking pos system. In some
respects I've been slowed up because of the funky learning curve associated
with C and Unix.
Here is what I'm working on:
1)I made the code more modular so it's easier to add and delete shit.
2)I came with up an alternate method to bypass the 4 tels and delay shit. I
say alternate because it is only in the concept stage.
3)I also have a crude but working method to bypass .nowrite.
denise ("you ignorant slut," SaturdayNightLive) ... you are next.
thre was supposed to be a <g!> up thre in #91 ...oops
oup s
hi tsty !
'lo naft
aruba suggested scribbles of
8888888_____________________8888888
8888888____________________88888888
EOF (herasleftnut)
!mesg nTelegram from herasleftnut on ttyp3 at 21:13 EST ...
homo
homo
- good idea, as i find them. however ... system problem ...
every scribble results in
homo
Pipe interrupt?
Respond or pass? scribble 74
Segmentation fault
grex%
someting is not working right and delays the scribbles
I've noticed the scribble problem lately, as well. When I scribble my telnet screen disappears and I have to log in again.
Hm... Just did a test of "scribble" in the Test conference and verified
that Picospan does indeed segfault (after successfully completing the
scribble). In cyklone's case, that would log him off, since he uses the
bbs shell. I wonder if this is new behavior.
Fronttalk ("ft") does not have the problem.
I just counted 90 From: Debora..... stock spams in my log file from procmail in the past 1.5 days, up from 50/day last week to 60/day now. Please could some staff member write up a script for people to easily use spamassassin (spamc) even from bbs menu? Fat spams are also on the increase.
It would certainly be convenient for Grex users if there was a way to simply select a Grex spam filter that is maintained for the deluge of current spam. Having every user do it individually is a huge waste of users' time, and many may not know how. CAEN maintains a Brightmail spam list. I think this costs them money, but a simpler one could surely be maintained by a Grex volunteer.
Rane, are you offering to volunteer to do that? A persistent issue on Grex, is the "someone-else-ought-to-stop-volunteering-on-their-preferred-project so they can work on the one I want done". How about recruiting someone to come to Grex and work on your project, if it's not one you can handle yourself?
The only people I know (...know of...) that could do it are here on Grex. Please would one of YOU implement a system-wide spam filter?
Re #101: Given the well-documented problems with our current staff structure (see the coop cf for more), I think it's an inappropriate cop-out to turn a reasonable request back on the person making the request. I, for one, wouldn't dream of recommending someone volunteer on grex given the recent treatment other volunteers have received.
I wrote a simple filter that anyone who knows how to copy can copy, but there are people who don't know anything but bbs shell. And other people who really want to get all their spam, including 60 a day from debora*. The stock spams have slipped through my filter again, sort of like malaria mutating every day. Today I am filtering on Target: Some days it is Projected price: or Projected: . They seem to be from .ua or .ru or .mx - should grex reject all Mexican ISPs?
No, we shouldn't reject all Mexican ISPs! Or any other blanket block of ISPs. If there is a particular IP that is causing nothing but problems, yes. Notice that I said IP not ISP, a significant difference.
re #98: picospan has had the "scribble" segv at least since we moved to OpenBSD.
Picospan is dead software; it will eventually stop running as assumptions it made about the underlying system become untrue as the underlying system evolves. I've volunteered to work on some of grex's quagmire of email. Slynne said a month or two ago she was going to talk to baff about giving me some staff privileges to work on some projects. I don't know what became of that....
What's really necessary is for some staffer to make this their pet project and bang something together. Dan seems like as good a choice for that as any. Going after the problem piecemeal is not going to be nearly as effective.
And he would seem to be an obvious answer to #101, as well.
I have two silly questions regarding filtering spam: - Is there a tutorial or primer on setting up one's account to use spamc or some other intelligent mail-cleaning bot? - Do the mail-cleaning bots use a shared (system-wide) corpus of mail-examples to learn from, or does it have to learn seperately for each user?
re:103 Well, there is that! If Dan is willing to do this, I'd encourage Board and Staff to give him the access he needs to get it done.
Re #110: I posted an item a while back on how users can set up spamc. It's in last summer's Agora conference. See item:oldagara,236. For convenience, I've copied the item text to the file ~remmers/www/ spamc.txt. You can also read it on the web at http://grex.org/~remmers/spamc.txt . The process is pretty simple and involves creating a couple of files. You can configure how "aggressive" you want the spam filtering to be. I think that a reasonable way to make this approach accessible to more people (who don't necessarily read agora or even know how to edit files) would be to have a standalone program that a user could run to create the necessary files and specify the level of spam filtering wanted. The existence of the program could be mentioned prominently in the motd. It could also be made accessible via a "menu" option, or even a web form. Enabling spamc in your account means that every mail message you receive is first filtered through SpamAssassin. Some staff members have expressed concern that this could swamp Grex's CPU if too many users do this. Although this may be true, spam has become so annoying to so many users that my inclination would be to try it anyway (unless somebody comes up with a better solution Real Soon Now), but make it "opt-in" by requiring users to run the program, rather than making spam filtering an automatic default for all users. In addition to the concern about system load, there's also the question of what to do with spam messages. Discard them? Save them to a separate "junk" folder in the user's directory, so that the user can examine them for false positives? The latter approach could eat up disk space real quick. If people think this is a reasonable approach, I'm willing to work on implementing it.
(Colleen's #111 slipped in.)
I'll add that another idea discussed at last night's board meeting was to offer users the option of turning off external mail, i.e. only receive mail from other Grex users. Once implemented, presumably that choice could also be built into a general-purpose mail configuration program that users could run.
Corrected link to my Agora post on spamc: item:oldagora,236
Thank you for the instructions. While I have no problem with the instructions given (they look very straight forward), I can see how they would give someone who has never really worked in a UNIX/BSD environment fits (I remember how alien pipes and regexes were to me all those many years ago). I applaud your offer to make a script or tool to allow users to easily set this up for themselves, and if I make it out to AnnArbor, I'll buy you a beer for your effort. It does not look like a horribly nasty script, but I would not trust myself with other folk's emails (I know how pissed off I would be if a well-intentioned but badly executed script from a college kid blew away a letter from a long-lost friend), so I am not stepping up to write it myself.
MAUS!!!!!
Just wondering, is there a mechanism by which one could mark a message as spam if it gets through the filter so that the filter's engines learn from it? I know spamassassin is supposed to be adaptive and adaptable. How can one help train the system?
Re #117: Squeak!
Re #117: Not the "maus" you think it is, I suspect.
Probably not, but who would turn down such a warm greeting? I am not the small, cute rodent from Mnet or The Well. I am not the grad student with huge boobs. I am, however, the small, cute rodent who has been inhabiting cyberspace.org for a fair number of years, but who was too introverted to participate in the discussions until recently.
I wrote up a small easy filter that you can just copy from my home directory to yours, along with my .forward file. cp ~keesan/procmail.simple ./.procmailrc. Then change 'keesan' to your own login, and change the 'jdeigert' in my whitelist to the name of someone you want to get mail from. This filters on anything assigned five points by spamassassin but I would change it to three points (*/*/* instead of */*/*/*/*) because I never got a false positive that way. Someone else copied this but did not let me know yet if it worked. A slightly more complicated sample is procmail.sample . I think I set this to send */*/* to /dev/null and */* to a spam folder. Today I got no spam in any folder, after adding a few more filters on such things as Windows character sets, embedded images, From: debora . I don't recall if my sample filter keeps a log of what went where, but I have my own filter set up to keep a short version, which is running 20 pages a day of mostly spam (at 3 lines per entry).
With spamc the main concern, load wise, is to make sure you're not running excessively large messages through it. On systems I configure I generally bypass spamc for messages larger than 1 megabyte. Its memory and CPU usage goes up rapidly with message size.
Using the method I described, it's easy to incorporate that.
I used to dump any message over 100K and now I forward them somewhere else before running spamc. remmers, are you working on some way to let people set up a filter without knowing how to copy and edit a file?
Yes.
glad i started something progressive ... keep it up - thank you. ,.
tajnxxxxxxxxx tws
There's an article in today's New York Times about the recent upsurge in spam and why methods of dealing with it that were reasonably effective a few months ago are now failing. http://www.nytimes.com/2006/12/06/technology/06spam.html According to the article, spam volume has doubled in the last year, 90% of internet email messages are spam, and spammers have developed new techniques that are very effective in getting past existing spam filters. The article has interesting details on how spammers are foiling the filters and why they remain motivated -- there are still enough suckers who fall for their scams to make them money, often a 5% or 6% return in just two days. Anti-spam companies are scrambling to develop techniques to filter the new breed of spam, but they have a way to go to catch up. If and when they do, spammers will invent new techniques to get around the new filters, judging from past patterns. My own experiments with spam control on Grex tend to bear out what the article is saying. A few months ago, SpamAssassin filtered over 90% of the spam coming to my mailbox. I reactivated the filter yesterday, and it was catching less than half of it. In fact, the spam score of most of the junk messages was 0.0, meaning that SpamAssassin didn't think the message was suspicious at all. SpamAssassin has a "learning" feature (the "sa-learn" command; you can tell it that messages it let through are in fact spam, and that's supposed to make it smarter about filtering in the future); I've been playing around with that and will see if it really improves things. But it's somewhat cumbersome to use. I'm sure users want a spam solution that "just works" rather than something that requires constant care and feeding. The trouble is, nobody has such a solution. Given that companies that specialize in spam filtering and actually pay their programmers are having such poor success nowadays, I'm pessimistic about Grex's prospects of effectively controlling spam, at least in the near term. Giving users the option of turning off inbound mail entirely seems more and more desirable.
Spam might be thought of as an infection, and spam blocking is equivalent to antibiotics. However is there any potential for *immunization*? I imagine an "anti-spam bot" that infects people's computers with a spam-bot killer application. I can see an ethical question in this - immunizing users' computers without their knowledge - but that is till better than the infection, especially as the "anti-spam bot" could be made to have no side effects.
Interesting idea. I can see various problems with it but won't discuss them here, as this item is supposed to be about what measures might be feasible for Grex to take regarding the spam problem.
I change my filter every day or two when the subject line of the stock spams changes. Today it is 'check this' with a name, some days just a name, some days 'name here' etc. Labor-intensive but I get less than 10 spams a day, most of them in the spam folder (anything on the spamcop or sorbs list which slips through spamassassin goes there). I am also dumping inline images, javascript, 3DContent, and all Windows charsets, and whitelisting any friends who use that junk, if I find their mail in my log file. I dump anything mailed by The Bat!
Sindi is using what could probably be thought of as the Howard Hughes method of spam immunization.
That takes probably more time than just deleting it.
Re: Anti-spam immunization, there are groups that do something like this except for exploit botnets not necessary spambots. I think its called the Honeynet project.
I consider it fun to tune the spam filter, but unpleasant to have to delete spams. And it only takes a few minutes a day to analyze what is slipping through. I seem to be missing a lot of the Windows-1252 stuff, it gets through the beginning of my filter, don't know why.
I rather liked the Alan Ralsky method of deterring spam...people found out his home address and signed him up for every kind of junk snail mail they could think of. Too bad other sapmmers' home addresses are not so easily found.
Re resp:130: The idea of retaliating against spam bots surfaces every so often. It's been tried, but there have always been problems with mis-targeting, collateral damage, and legal liability.
It would have to be done in the same spirit of the spammers - undercover. Is there a discussion somewhere of mistargeting and collateral damage?
Just as a personal whiny datapoint: I had 180 spam e-mails in my work e-mail this morning, which had all arrived since I left work the previous day. This extrapolates out to close to 300 per day; this would mean that my spam load has tripled since early November, when I was getting about 100 per day. If it triples again, my work e-mail account will get close to 1000 per day. There is no reason to assume this growth curve will stop short of the collapse of the e-mail infrastructure. On Grex, /var/mail is full again.
I think we should bring back the 100K mail limit, 1MB mailbox limit, and delete mailboxes of anyone who has not read their mail in 1 month except for members.
Given the spam load, a 1MB mailbox limit could be reached in one day - the limit should be big enough to allow a week's worth of mail since not everone can log in daily (like I usually do - but then, I will be away and possibly out of touch over the holidays). What happens to mail when the limit is reached? This is another reason for a general Grex filter for the spam-of-the-day variety.
This is yet another reason for grex to adopt an ``opt-in'' email strategy. The fact of the matter is that most grex users don't use grex email (and by users, I'm referring to the vast, vast majority who never touch the BBS or party). So their mailboxes just get full and sit on the disk, taking up space, but full of useless spam. A far better solution is to, by default, not to premit users to send *or receive* email unless they specifically request it. Then set up an automatic, and verifiable, way to determine who gets access (or allow some group of people to ``sponsor'' email access). The model could be this: You login via newuser, create an account, and have no network or email access. Say you want email access. You run some program that tells you to submit a $1 one-time donation via PayPal; then you get access. If you cannot do that, you can be told to ask a member to sponsor email access somewhow. E.g., send a write message, run another program to request access that sends a message on your behalf, etc. There should be a program called ``sponsor'' that allows members to set up accounts and email access for new users. So when Sindi donates some obsolete computer to some random person, she can beforehand create that person an account on grex. Then, once they get said computer, they can just dial in as normal and be shown how to use, e.g., mutt for email access. *They* don't need a PayPal account since we trust Sindi to vouch for them. International users are by and large looking for Unix access, not email. They can either use PayPal to verify their identity, or use ask someone to sponsor them. For that handful of users who *do* actually use email, a mixture of an aggressive spam and virus filter coupled with subscribing to the various spam detection services and blacklists would greatly reduce the amount of incoming spam. Anyone who wanted to go further could do something like use Sindi's filter.
If someone wants to eliminate my email account, consider this permission to do so.
How about emailing everyone asking if they want to keep their email account, and if they don't reply and have not accessed the account for amonth, delete it except for the 40 paying members. Limit everyone to 1MB and they can forward mail some place else if they go on vacation away from a computer. Make the spam filter optional, for people who like 1MB of spam in their box.
Emailing everyone to ask them something we could just as well ask them in bbs would place a tremendous load on the system; then we'd get people asking grexstaff to gun the job of the luser consuming unreasonable amounts of system resources by emailing everyone to ask them if they wanted their email account left open and do we really have to email everyone. For the record, I have too many places on the net where I've given my grex address to to even think about finding them all and redirecting email, so unless grexemail becomes a paid-for service I'd like my email account to remain open, please.
Re resp:139: Well, for starters, remember when Grex's mail was blocked by some sites because SpamCop had labelled us a spammer? Imagine how much worse it would have been if SpamCop had instead launched some kind of active attack against us to try to saturate our network connection or shut us down. That's the sort of thing that can happen. Lycos tried a screensaver that would bombard spam websites with requests, but pulled it after a few days: http://www.eweek.com/article2/0,1759,1735539,00.asp
I think the idea of sending a system-wide e-mail to users asking them to opt-in to e-mail before a certain deadline or be opted out has potential but needs some further thought put in to how it will be implemented. But it would greatly reduce the strain on Grex's e-mail system if we could eliminate the thousands of e-mail boxes that aren't being used. I might recommend starting out small with this change -- for example, identify a batch of, say, 200 users with large mail spool files but who haven't logged in regularly and try it out with them. If the approach proves workable, then start working one's way through the password file. This should be implemented in conjunction with a new opt-in system for e-mail and changes to newuser that give users the option to decline e-mail on Grex or to set up automatic forwarding to another site.
Regarding #146; Well, for starters, the vast majority of grex users never use BBS. At least not regularly. I don't think there's an intention to delete the mailboxes of active users. I don't know that sending an email is going to be a particularly efficient use of resources, either. I'd modify the system login procedure to force a check on login for pre-existing users and non-members. Or just make it the default for new accounts and run expire for most of the old, stale accounts. Regarding #148; I think you could grandfather existing users and use the normal account expiration mechanism to weed out most of the idle accounts. I wonder when the last time a reap was run.... One thing that I think is important is that, for users creating their own accounts via logging in as newuser or using webnewuser, opting into email should be a *separate process* that can only be done once they've created an account on grex. It shouldn't be a part of newuser (though it should be a part of the process by which members can sponsor other accounts). The only two options when creating a new account should be forwarding mail offsite or discarding email sent to that user, with instructions on how to opt into mail after the account has been created. I don't think any of this is particularly hard to implement; it just needs to be done. It doesn't require an army of volunteers to process manual requests, either; most of it could be automated.
Would a reap today keep incoming mail from bouncing for a while?
6 spams in 10 minutes x 6 x 24 is about 900/day.
I suppose my problem is very much in the minority. I represent a non-profit that has its e-mail address and website here, and is also a paying Grex member (in part on the basis of nonprofits helping nonprofits). On behalf of this nonprofit I would like Grex to keep email but operate a spam filter. If they can't do this, then I'm afraid this nonprofit will seek email support elsewhere. For myself, I can move my email off Grex, as I use it for only one mailinglist membership at this point.
Any number of people will be willing to tell you how to set up spam filtering for the non-profit group you represent. Continuing to provide reliable e-mail service, though, is a hard problems and it's only going to get harder from here.
Rane, don't expect staff to do everything for you. Copy my .forward, which forwards to procmail, and copy my procmail.simple or procmail.sample to .procmailrc and change keesan to rcurl, and if you like change /*/*/*/*/* to /*/*/* and you will have a spam filter that gets most of the spam. I got no spam in my inbox or folders since yesterday, but 56 spams got dumped in 15 hours (they seem to be less dense at night). The *** has never given a false positive. Spamassassin assigns points based on things like being on the spamcop blacklist, having only HTML message, forged receive, etc. I have had PINE mail from grex show up with a negative amount of points. You can also set it to put anything blacklisted that made it through the filter into a spam folder.
> Rane, don't expect staff to do everything for you. *PFFFFFFT* (the sound of coca cola streaming from my mouth) BWAHAHAA!
I've tried diy spam filters, and they require regular maintenance, as well as a lot of thought on what to filter on. I'm not interested in spending that time on it, especially as I consider it a system problem more than a personal problem.
I forward all my e-mail here to my Comcast address. The spam filters there are good enough I almost never see any unwanted messages at all. I understand other e-mail providers can do that, too. Spam at work is so rare I can't remember when I got one the last time. Let companies other than Grex, with the resources to handle the problem, take care of it. It works for me.
Technical question: If var/mail/ is full, will emails sent to a Grex account with email forwarding be forwarded or bounced?
Regarding #158; No.
Here's an article from the computer trade press about the current explosion in spam: http://www.informationweek.com/hardware/showArticle.jhtml?articleID=1966024 63 Some highlight quotes: > Spam volume is up 73% in the last three months, Postini reported, > thanks to a one-two-three punch of a huge increase in the number > of spam botnets and a major jump in the use of both image- and > document-based spam. For the year, spam quantity is up 143%. ... > "The combination of the [high] volume and the type of spam now > coming in is what's causing companies' defenses to melt down," > Druker says. "They just can't keep up with the rising tide." ... > While the war against spam may not be lost, as other experts have > claimed, Druker paints an ugly picture for 2007. "The more high-speed > connections and the more Windows PCs there are gives spammers that > much more raw material," he says. "Until home PCs get locked down, > I don't see attacks going down. Only when [consumers] start > locking down their computers will we see a big difference."
Re resp:152: If Grex isn't meeting your needs, it may indeed be time to move to another provider. No hard feelings. Re resp:158: I believe mail that's forwarded without being stored locally will still go through. I don't think Exim checks for disk space in the mailbox directory unless it actually has to do a local delivery.
Rane, spamassassin does not need any maintenance, and you don't even need to keep a log in case it is too much trouble to look at a few pages a day listing where your mail went (/dev/null, a spam folder, or inbox). Without adding a few other filters that change once in a while, 10% of spam might slip through.
Listen to keesan, rane. If you don't want to change email addresses then you should put in the effort, not expect grex staff to do it for you.
Applied to everyone, it is an enormous total waste of time. It should be as much of an ISP service as maintaining all the other aspects of the system. I guess my days on Grex are numbered, if that is the best Grex can do.
Rane, I have used my grex account as my email address for over 10 years. I have nowhere near the spam rate that you do, and it's certainly not from "hiding" that address. Perhaps your personal experience is different, but "applied to everyone" is a gross overstatement. I actually have 3 grex accounts, one of which is my give-it-freely address, and none of them are having the level of problems you're reporting. Yes, I routinely get spam and I just as routinely spend the less-than-thirty-seconds it takes to delete it before I read the rest. Sindi is correct that a smart spam filter would probably take care of most of it, since it's pretty obvious from the subject line that it's spam. She prefers to fiddle with a spam filter several times a day, I simply delete the unwanted mail. Take your pick. Or quit using Grex for email. As a retired professor, Grex is certainly not your only "free" option. Or, you could make it a retirement project. Sounds like you don't think it's worth your time, or anyone elses, to delete the stuff. So, perhaps you could perfect personal spam filters and share them as Sindi does. Perhaps this is another service you could perform for your not-for-profit. In any case, all of us are coping, using various strategies, with the overall spam problem. Some of us have higher thresholds than others for the nuisances that come with belonging to a community. If Grex email is the most important part of your membership here, then perhaps it IS time for you to start using your UM account instead, and quit participating in the bbs. Somehow, from your activities, I doubt that Grex = email for you.
I'm still working on a simple interface that will make enabling of spam filtering simpler for users. I think that *is* a reasonable thing for the staff to try to provide. But as I stated in an earlier response, I'm a little pessimistic about how effective Grex-based spam filtering will be, given the huge volume of spam nowadays. I'll take a look at Sindi's sample procmailrc files, which employ some additional strategies. By the way, my spam volume is, I suspect, comparable to Rane's -- well over a hundred per day on Grex, plus several times more than that on my primary mail server. The latter offers SpamAssassin-based spam filtering, and nowadays it's pretty ineffective, despite being hosted at Pair Networks, a major hosting service.
Since I've learned how to delete spam easily [by using the dx-y instead of each piece of mail individually], I'm finding the smam to be considerly less annoying than it was before. Not to excuse the spam, though.
Rane, you don't need to fiddle with or maintain a very simple spam filter based only on spamassassin, if you don't mind maybe 20% of the spams slipping through it,. Set to three stars, it gives me no false positives (I don't lose any real mail), set to two stars it gets an occasional mail from friends who you could put on a whitelist. If most of your wanted mail comes from just a few people, you could whitelist them and have their mail go to a separate folder to be read first, along with mail from grex. I can set this up for you if you like, and then you just copy it to .procmailrc. All John would do is let you type 'change' to select to use this filter, and maybe give you the opportunity to add the whitelist at the same time, unless he has other ideas. I am sure you can manage it without him.
Re resp:164: Grex isn't an ISP. Personally, I find I don't see much spam in email addresses that I don't list on a webpage or use as domain name contacts. Addresses that I do one of those two things with quickly become spam magnets.
Regarding #165; Suggesting that someone move on from grex becasue they have a legitimate complaint is not very productive. Look. I've been a sysadmin before; I'm qualified to say when I feel that we're doing a substandard job. And we're doing a substandard job here. Part of that is because the job is so hard, but part is because staff just doesn't want to make any changes. Rane is right: each person doing spam filtering *by themselves* is a huge waste of resources. Really, staff ought to get off their duffs and do a better job, or let someone who is willing to do a better job, and is capable, do it for them.
Dan is spot on with his comments about the status quo of individual user responsibility for spam management being a huge waste of resources**, and staff being slack here (and equally or more bad unwilling to change). That's primarily why I resigned from staff. It is also a big reason why I have informed staff I'm willing to rejoin staff - I want to change the poor/apathetic/slack culture of Grex staff. **FOOTNOTE: TO be fair to remmers, he is working on an opt-in spam-filter solution which will be a lot better than the current no solution default. I'm also happy to improve the opt-in solution where possible if staff can agree to take me back on board (however, like most things concerning staff on Grex, they are taking their time...)
Like Mic, I have also volunteered to do a number of projects on grex. Also like Mic, so far, all I've heard are cricket's chirping.
(Whosh)
Is that supposed to have meaning?
To recapitulate, and to slightly rephrase a response I entered in the Agora system problems item: There is currently a system-wide spam filter running - spamd, the "daemonized" version of SpamAssassin. It works like this: Operating in conjunction with procmail, it reads configuration files from the user's home directory (.procmailrc and a few other things) to decide what to do with incoming mail messages for that user. In particular, the user can decide how aggressive the filtering should be. SpamAssassin also has Bayesian filtering features. Sindi has it exactly right: What I've volunteered to do is write a simple menu-style interface that makes it easy for a user to set this up for his or her account. The problem with this approach - and I can certainly understand Rane's and others' concern - is that if you own the configuration files that control how your spam filtering is done, you also own the job of keeping them up-to-date. The fear that this could be a bothersome task is a legitimate one. I've been experimenting the last few days with SpamAssassin-based filtering in my own account, and I must say that my experience contradicts Sindi's. The same filtering options that caught over 90% of my spam a few months ago are now catching less than 20% of it. I woke up this morning with over 100 uncaught spam messages that had accumulated over the last day. If I'm going to make my filtering more effective, I'll have to tune my SpamAssassin options, or add stuff to my .procmailrc, or something. Now, I'm something of a computer geek and enjoy tinkering, so I might find that a bit fun, even. But I can certainly understand why people don't want to bother with it. So that raises the question: What can Grex do on a global level, independent of any user preferences, to control the spam problem? And do we have the resources - computing power and personnel - to do it? Offhand, I don't know the answer to that.
Computing power? Yes. Personnel? No. Culture? No.
Boy, we really suck, don't we.
I'd venture to say that so long as Cindy is tweaking her script then it wouldn't be too much scripting to propagate those rulesets globally. Computing power? I dunno..I think grex email is a bad idea altogether.
Remmers, have you set spamassassin to three points instead of the default five points? I also set my .procmailrc to put anything on the spamcop list in a /spam folder, after running spamd, along with anything with 2 points (which is sometimes real mail). Some real mail ends up in /spam folder. My tweaks are aimed at the residual 20% or so. I change the stock spam filter every couple of days, for instance, and throw out HTML with Windows charsets or 3D or embedded images (some of which comes from people I know).
Remmers, can you set up a script that will automatically update .procmailrc for everyone using spamd, if you do want to keep tweaking? Or just include that option in a change program (update spam filter)?
You still have to check all your mail, spam and all, before deleting, don't you? Or do you send any of it just to dev/null without checking?
I send things to /dev/null but keep a non-verbose log which I check every few days in case my filter threw out something it should not. It is much more aggressive than spamassassin itself, which has never thrown out anything it should not, using 3 points. I send 2-point mail to a spam folder, and about 1% of the time that is real mail. Ditto for anything on sorbs or spamcop lists. My aggressive filter is somewhat tempered by a long whitelist of any friend whose mail got dumped previously by the filter. But you can just use spamassassin without a log file, set to 3 points, and probably catch 90%.
The log file is a list of where the mail came from (The 'From' line, which spammers often fake), the subject line (spammers tend to use creative lines like 'Hi' or 'Re: Re: Re:'), and where it went (/var/mail/keesan, or /dev/null, or /var/mail/keesan/spam). Every few days I check over the /dev/null lines quickly and then delete the log file, at which time it is around 50K (pages and pages). If you are curious why things go to /dev/null you can set the log file to verbose and it will tell you which filter(s) the mail passed through and where it was caught. I used to do that until the spam count increased. If you notice a lot of the same spam slipping through for a few days, you can add your own filter before spamassassin.
But you still scan the subject of everything, don't you? That's all I do. I suppose your system just prevents your inbox from filling - or, does it? I don't expect a perfect system is possible, but so much spam is so obviously in *classes* of spam, and getting rid of those immediately would be a great help. Users that want to could keep tweaking a separate filter for themselves.
My system sends 90% of spam to /dev/null and most of the rest to a spam folder. I scan really quickly, just what went to /dev/null and came in less than 2 copies. Nothing to move or delete or save afterward, it is already gone. This week I got one false positive, since I filter on anything that looks like a webpage and the sender designed it to look like a webpage but will consider next time sending out holiday greetings as a text message with the link to a website.
I just revised my simple filter and added lots of explanations. See procmail.simple for instructions how to set up a spam filter using spamc. Copy one line to .forward and the rest of the file to .procmailrc after editing out my name and putting in your own. All your mail will be forwarded to procmail, which runs your filter, sends any whitelisted mail directly to the inbox, assigns spam points to the rest, dumps anything with 3 points, sticks anything with 2 points in a spam folder, and puts the rest in inbox. It keeps a logfile in the mail directory of where mail came from, subject line, and where it ended up, which you can read and delete every few days. You should also read the spam folder and delete it once in a while. Adding additional filters catches more spam but sometimes also gets real mail.
Actually, there are already some system-wide spam filters in effect. Marcus designed some, and they return an email to the sending system. To track what filter rule was applied, Marcus put in a cryptic quotation. I ran across these a few years ago when I was a list admin for a list on a different system. Some of the mail from that list bounced back from my Grex address. As admin, I saw the bounced email and made inquiries, but no one knew what the cryptic quotations actually referred to.
Its a countdown sequence for the alien invasions. "Haven't you ever wanted to be part of something special?"
I very much doubt Marcus' quotations/basic spam analysis have been ported across from SunOS/Sendmail to our current system featuring procmail. The DEFAULT way to cut spam for Grex (OR SHOULD BE!) is at our mail server on Grex, BEFORE it reaches user's mailboxes. I have been reading a technical book dedicated to combatting spam and believe I have the technical capability to hugely reduce the current epidemic problem of spam facing Grex user's currently. The question remains, and the options simple. Does Grex want to move forward (in anything other than microsteps)? If that is a yes, than staff should IMMEDIATELY reinstate Dan and myself to staff.
re #189: procmail is a local delivery agent. the program which fills the sendmail niche in our current configuration is exim. re #187: that sounds typically Marcus. I'm sure if pressed for an explanation of why he chose cryptic quotations rather than informative error messages he'd've given a compelling-sounding explanation about how readable error messages would have helped the spammers when the reality is that long after he lost interest in the project other people were reduced to trying to figure out his cryptic and non-standard configuration choices. re #189 (again): > I have been reading a technical book dedicated to combatting spam > and believe I have the technical capability to hugely reduce the > current epidemic problem of spam facing Grex user's currently. I'm all ears. Perhaps you could write a brief summary to tell us how you would approach the problem, what resources would be required, what e-mail would be affected, and what the potential downsides of your approach would be (in your opinion.) If the approach looks promising I'm betting that the board will support it, but running it by the user community for comments would be a great first step.
Yes, 'exim' is our current MTA (Mail Transfer Agent) component - thus my strong doubts the customisations to 'sendmail' that Marcus made on our last machine would have been ported over to this machine with a new MTA. 'procmail' is a Mail Delivery Agent (MDA) component (sitting between the MTA and user mailbox software, aka Mail User Agent (MUA) component, albeit a very powerful one. Customisations to 'exim' and server-interface 'procmail' components is the way to go. I would require staff re-instatement before I committed my services any further. It appears as though they do not value my input and technical capabilities, however.
I was under the impression that you resigned from staff. Its not surprising if nobody has reinstated you if no request has been made and you haven't previously indicated a willingness to rescind your resignation. I'm not trying to be difficult, though, but if you were evaluating someone else's proposal, would the "I have a secret plan to reduce spam. Make me staff and I'll tell you what it is.." be one that you found persuasive?
I have requested to be reinstated to staff about 2 weeks ago...
Perhaps next time you or Cross get disgruntled you could just take a leave of absence from staff instead of resigning? I sympathize with your reasons from resigning but wish you would stay unresigned.
Regarding #177; Well, when you don't bother to listen to anyone outside of your little inner circle then yes, you really do suck. Regarding #187; Those changes weren't ported to the current platform. Regarding #192; I've posted a number of suggestions for improving grex's email situation. I've offered to help. I haven't heard anything back. *Shrug*
Regarding #194; I think people should protest grex staff's practices. If that means resigning, then so be it.
re:194: Leave of absence: Oh yes, like Grex staff when any decision is required or real work needs to be done. Nah, I'd rather do the work or knick off. The solution/s (as there are many) to dramatically reducing spam (and I'm talking 95%+) are not rocket science (by any means!), and there are mighty fine people on Grex offering to help deliver those solution/s. I'm sure significantly less talented people have solved this problem many, many, many times before --- but have one big advantage, access and delight from the sysadmins. If I was a Grex member, I would not be happy. Hell, I am just a Grex user and I am NOT happy with staff apathy and non-leadership by example here.
Dan slipped-in... but, funnily enough, his thoughts echoed mine entirely.
Isn't it the Board that appoints (and dis-appoints) staff? Have you gone to a board meeting to make your case?
I am in Australia. Somehow after all the years I served on Grex's staff, I don't think I have to justify my capabilities/sincerity/diligence etc to anyone. This is more about the poor culture and attitude of a select few on Grex's staff than my quals.
Have you, then, determined the board's position on this? You deserve a clear position from them.
I suspect the board, if diligent, should be reading this discussion. PLEASE speak up.
The board has stated in the October minutes that they won't do anything with respect to staff without input from staff, which has not been forthcoming.
Is there a staff meeting scheduled in the near future? Are there regular scheduled staff meetings? An official policy for how to appoint staff?
I'm sure you can find all of that information by careful reading of what has already been posted, Sindi. I really have no idea.
A former staff member knows nothing about when staff meets? Has there EVER been a policy?
The policy is in the bylaws, available as Item 2 in Coop. But that just says the Board does all the staff appointing (and dis-appointing by inference). In any case, if the Board wants to hear from Staff on this, let us hear from Staff. Staff: do you have any problem with spooked being (re)appointed to Staff by the Board and, if so, what is it?
Regarding #206; I've never participated in a staff meeting. The last time I tried to participate in a board meeting, I was told there was no room for me to dial in. Regarding #207; Just Mic?
I'm glad to hear those ghost filters are gone. I too wish Cross and spooked were back on staff. I'd like to hear from Board members exactly what they need from Grex users/members in order to quickly move forward on reappointing them.
My only qualm, as a member and not a board member, is the issue of having hot tempers- of their both resigning in a huff and now rethinking. Tempers and ego will always be an issue (as a general statement for anyone, not just for these two) so can either of Mic or Dan give any reassurances that the next time they feel pissed off/unheard/shat on that they won't again quit in a huff and then later come back and want to be part of staff again? Yo-yo-ing I'm Staff/I'm not/I'm Staff/I'm not doesn't exactly speak for staff stability. Now I know this last time around it was a removal due to poor communication, and no reinstatement due to Mic quitting. That said, their interest in helping to improve Grex is something Grex really needs right now.
Neither cross nor spooked did any damage in the way they resigned. I don't have any qualms about them returning. I hope they can. Marcus is still on staff, right? How long since he's done anything on Grex? STeve has had absences of months. Dan and spooked have remained active, offered suggestions, and participated as non-staff members as much as they could. Why should dropping out of the staff count against them in any way? I perceive no absence of regard for their abilities, or their trustworthiness. They both say they are interested in applying their skills to at least one problem of crucial importance to Grex. What's the argument for keeping them *off* staff, again?
I resigned because I was not offered an apology. I still to this day have not been offered an apology by that certain individual whose discretionary behaviour was not appropriate, and (whilst the discussion has been done in discussion out of my eyes) I can bet who has since gone conveniently missing (again) when any decision (with regards to positive contribution) involving cross or myself needs to be made. I don't like to get personal, but I have stated on the record this IS personal for a small few persons on staff. It is about reputations and friendships spanning over a decade instead of what IS being done, and what has NOT been done in the last few years. I did think America was a democracy, fair and equal. At least that's what I hear from watching Fox News. How the Grex staff operates is not the best example of this.
The Grex staff is not a democracy. Neither is the company I work for. Why should they be? Would you want Grex to vote on whether you should, I don't know, delete some file or spend your time on a project of your choosing? Grex is a democracy but the staff is not.
Regarding #210; With all due respect, I think that shows a lack of understanding of the underlying issues as to *why* both Mic and myself resigned from staff. Should we just let staff and board members insult us? I mean, honestly. How about this: I think it's bullshit that Marcus Watts is still in the wheel group with root privileges when he hasn't been active on grex in several years. I think it's bullshit that no one spoke to Steve about the way he acted towards both Mic and I in the last go round. I think that it's bullshit that major technical problems go unsolved on grex and people are worried about ``huffs'' (which isn't how I see it at all, for the record) and not about fixing the underlying problems because, God Forbid someone should inadvertantly insult Marcus or Steve or anyone else in the process. I think that it's bullshit that there is no accountability with staff because we all want to sit around playing Happy Family and singing Kum Buy Yah instead of facing some hard realities. All Animals are Equal, but Some are More Equal than Others. Regarding #213; The thing is, the staff *wants* to run itself as a democracy. Or, a benevolent dictatorship. It's fine if Steve and Marcus make any changes they want, but God Forbid someone should do something else without consulting one of them first.
Dan is spot on again. I have never spoken to him one-on-one, yet it is quite clear to me he speaks the truth, fair-and-balanced by his reaccounts (through the public record) of how staff operates versuses how it guises to operate.
I put this proposition forward. Staff decides whether it wants cross and myself onboard by this Friday (it has already had weeks to decide). If by this time, I have heard nothing, I will remove my offer of services and utilise them elsewhere - you will not see or hear of me again on Grex, ever.
Re #210: Are you willing to apply that standard to current staff as well? As I recall, STeve was pretty "huffy" as well.
How can 'staff' decide when it is a conglomeration of different people? I don't think there is going to be a board meeting again until next year. Please don't make statements like this, most of us want you here and you are probably asking for something not possible. Can the board appoint a new or returning staff member before the next meeting?
resp:214 I may not have a complete understanding of the event, but I did read the items in coop. I also think that you would be a good addition to staff. Additionally, I remember when you were a part of staff and a few not-so-terrible things were said, then misinterpreted into the worst light possible, you blew up at the writer and quit in a huff. No, I don't think you should be insulted by staff and board. I think perhaps you should grow a thicker skin as to what's insulting. My intention, with my last post, was to say that you were very helpful and useful when you were on staff. Then you let a situation get WAY out of control and got mad and quit. Let me also say that I don't worship at the shrine to Marcus and STeve. Okay? I'm not going to sit here and claim that they are the only ones who know what's in Grex's best technical interests. I think your, and Mic's, input would be very valueable. I just want to see you stick around long enough to implement your ideas! :) resp:216 Ultimatums, even disguised as porpositions, rarely make the giver look good, or make anyone want to give in to that person. Or maybe that's just me, they tend to put my back up. It sounds petulant. "I didn't get an apology so DO THIS or I'm taking my toys and going home." I don't think that's what you intended, and I doubt that everyone else will read your statement the way that I have. You know, too, that Grex rarely, if even makes decisions on anything in less than a week's time.
resp:217 (which slipped in) Yeah, STeve got huffy- but he didn't quit staff over it. Which to me is the difference. Sure, get upset, defend your position, but don't allow yourself to be easily insulted, don't have a hyper-reactive 'then I quit!' reflex, and don't take all of it so personally. I don't think current staff is perfect, most everything seems to take too long, and I agree that STeve and Marcus seem to be the main factors in all decisions. I'm not sure that's appropriate, especially given that Marcus is too busy for Grex, and has been for years. However, I'm also speaking as someone who enjoys Grex but doesn't have any technical knowledge to speak of. I don't know UNIX/any of the BSDs, I don't know how to implement programs (like Sindi's spam blocker), and I pretty much just enjoy Grex for the social/community aspect.
It has been more than a week, in fact several weeks (including Dan's requests). Moreover, I was given assurances when I resigned that if I wanted back in it would be done so promptly. I am making definitive statements with regards to being wished-washed around, not just with Grex staff - but also my professional work, and my personal life. I'm at a stage of life where I don't need to prove myself to anyone nor be trapped-in by political bullshit. I am offering my time and services - Grex is NOT doing me a service, coincidentally something lost on some of the Grex current staff. My statements in regard to how Grex staff operates are not selfish, they are purely for the good of Grex --- if people cannot see that, that's not my problem (it is theirs' and Grex's).
FWIW, I can understand why Grex has the system it currently has for deciding who gets to be on staff. The staff basically makes recommendations to the board. I think this is a system that certainly worked very well in the past but has some limitations now. However, I cant think of a system that would work better. The staff are the ones who know what kind of technical ability prospective staff members have. They also (hopefully) have some idea of who they might want to work with. Now, I dont really know what any staff members think about re-adding cross/spooked back to staff. But I know that my own first gut reaction when someone gives me an ultimatums is pretty much exactly like what jade describes in resp:219 . They really make me not want to have anything to do with the person anymore and that is ESPECIALLY so if I think the ultimatum isnt true (i.e. that the person giving the ultimatum doesnt really mean it).
I vote to return cross and spooked to staff. Yes, I know I have no vote on this, but I want to express my belief that this would be good for Grex. I presume that they WOULD communiate with staff about any changes they plan to make to implement spam blocking, or whatever. There is no provision in the bylaws for electronic meetings or voting by the board. This might be desirable to permit. The board can, however, call a special meeting with the priviso "The time, place, and agenda of each BOD meeting shall be publicized one week in advance of the meeting, or as soon thereafter as feasible." (The antecedent to "thereafter" is not clear, but it would be Grexian to be "the meeting".) So, Please Board, do this. Now. And also, Please Mic, hold off on your ultimatum.
This item reads like a cross between a Scientology audit and a Freemason tracing board. "I'm sorry, Dave. I can't do that."
As I feel board does not want me on staff, and I have heard nothing from staff (just as I expected because they are strictly politically-anal), I feel I will be leaving Grex very shortly.
What gives you the impression the board members don't want you on staff?
*sound of crickets*
resp:223 - well, you can always request a member vote to force Grex to put cross and spooked on the staff if you want to. resp:225 - As a board member, I dont really have an opinion about if spooked or cross should be on staff. If the current staff were to recommend either one of them, I would have no reservations about giving my approval to the deal. On the other hand, I can kind of see why the current staff might have a problem with them. While I think that both of them probably can do good things for Grex to the point where I have brought it up at a board meeting, I can honestly see why the current staff might not want to work with them. If I were on staff, I would have no trouble working with them but I am not on staff. As a board member, I am not inclined to force the current staff to accept people they dont want to accept. There are a lot of reasons why I dont think it is a good idea to step on the current staff's toes but frankly, one of the major reasons is that I think that it is prudent to stick with the staff members who DONT quit because they are the ones who...well...DONT quit. I would urge the current staff to consider them, of course.
I would encourage the staff to keep doing what its been doing: Nothing.
Grex's 2006 Board members are: Mark Conger (aruba) (treasurer) S. Lynne Fremont (slynne) (secretary) Joe Gelinas (gelinas) Bruce Howard (bhoward) Lawrence Kestenbaum (polygon) (president) John Remmers (remmers) Jan Wolter (janc) o Have not heard from ---aruba--- on this matter. o ---slynne--- obviously thinks I am foxing and have selfish motives. o Have not heard from ---gelinas--- on this matter (though he IS a staff member also). o Have not heard from ---bhoward--- on this matter (though he IS a staff member also). o Not sure if polygon's weighted in on this matter. o ---remmers--- has privately stated he regrets supporting my re-instatement offer to staff (and he IS a staff member). o Have not heard from ---janc--- on this matter (though he IS a staff member also). Considering OVER half of the current board are also staff members, it is clear to me that both parties are taking pleasure is seeing me go.
Haha Tod, they need no encouragment for that :)
You're giving yourself too much credit. I think they just aren't even around as much as you are. Its too bad really cuz staff could use people who actually want to do some patching but I understand that nobody wants to feel the wrath of STeve or marcus when its possible they might have to face them at a Grexwalk for the ultimate haki sack showdown or something.
lol
Todd doesn't know what he's talking about. Progress can be made toward a staff appointment in the absence of a board meeting. That process is underway for Mic. The way it works is that staff discusses an application, makes a recommendation to the board, and then the board either approves or rejects it. There's precedent for doing it all in email if the board isn't going to be meeting soon, with the board reaching an informal concensus in email following the staff's recommendation, the staff then moving ahead, with the board ratifying the decision publicly at their next meeting. I'm a board and staff member. Generally speaking, there are good reasons for discussing personnel issues in private, and for not expecting non-technical bodies to make unaided decisions on appointments to positions that require technical skills. But since Mic and Dan have elected to raise the issue of their staff status in the public arena, I guess I'll weigh in publicly with my perspective too. First, although staff members don't comment in this conference as much as they used to (I wish they were more visible), that doesn't mean they're not doing anything. Steve Andre has a pretty busy life, but when something comes up that needs attention and about which he's knowledgable, he's there, and he acts. The recent problem with the DOS attack launched from Grex required some work and interaction with the company that hosts us -- he was there, he did it, although it was somewhat behind the scenes. Same for Jan -- he's got an extremely busy family and work life, but he's there for Grex when he's needed. Mic made a substantial contribution to Grex - he wrote the "menu" program under my supervision a few years ago. He did a nice job. I'm not sure what he's done since. I thought he showed poor judgement and people skills in the incident that led to his recent resignation but was sorry to see him go. When he asked staff for reinstatement a couple of weeks ago, mentioning a project he'd like to work on (not spam control, by the way), I was supportive and started an email thread among staff to discuss it. A few staff people responded and I was waiting to hear from more. Mic sent me mail a couple of days ago asking how things were going; I responded that I'd try to hurry it along. But a short time later I read his resp:171 in this item, and the statement "I want to change the poor/apathetic/slack culture of Grex staff" gave me pause, not because I think staff is perfect but because it's red flag when someone who's asking to be part of a team to publicly bad-mouth the people they're going to be working with. As I watched his rhetoric escalate, my misgivings increased. Anne pretty well sums up my own feelings in #219 and #220. And speaking as someone who *does* know something about computing, Unix, programming, etc. - I'm a little skeptical about Mic's claim that he can make giant strides in the spam control area, when it's pretty much an unsolved problem worldwide. I'm with McNally on that one -- what's stopping you from discussing your ideas if you've really got the good of Grex at heart? After all, spam control on Grex is what this item started out to be about - an open forum on how to approach Grex's spam problem. I'd love to see more ideas aired here. I'm also in agreement with Anne's comments regarding Dan and will go even farther. He's got some solid technical skills that would be useful to Grex. He's also got a temper, a thin skin, takes things way too personally, and has real trouble handling disagreements. He's resigned from staff twice over things that didn't even involve other staff members. He exaggerates the importance of certain technical decisions that didn't go his way in an effort to gain political traction in the public arena, such as the choice of operating system platform. Okay, FreeBSD might be better for Grex than OpenBSD. But not *that* much better. If Grex were to switch from OpenBSD to FreeBSD tomorrow, 99.9% OF THE USERS WOULDN'T NOTICE ANY DIFFERENCE - IT'S NOT THAT BIG A DEAL. Same for the password algorithm. But Dan dramatizes these things as if they were life-and-death issues. He airs his issues with the Grex staff not only on Grex but elsewhere as well. (Like his recent "Grex needs an enema" item on M-Net, among other things) It's hard to justify looking at someone whose technical skills are a good match to a technical staff and say that they're not suitable for that staff, but that's about where I am with Dan right now. Too volatile, too high-maintenance, too intolerant of disagreement, seemingly unable to work as part of a team.
Goodbye -- I am so not in agreement with remmers, particularly about what contribution I have made to Grex (but more so his unfair appraisal of Dan) and his way too kind account of STeve that it would not even be worth responding. So long - enjoy your productivity and lies.
re #234 Todd doesn't know what he's talking about. More than you'd like to admit, actually. The peanut gallery lights up like xmas when someone on the board sends out an alert on the batphone. It was completely transparent when Marcus appeared out of nowhere to defend a piece of code (as you put it) 99.9% OF THE USERS WOULDN'T NOTICE ANY DIFFERENCE - IT'S NOT THAT BIG A DEAL. Sure, maybe it isn't about haki sack in the Arb but I'm sure you can know this "sense" of loyalty I'm speaking of. Nobody dare second guess a "founder" of Grex else the xmas lights come on and the coop cf filleth up with hot air quicker than Orville Reddenbacher can get his bowtie off.
so much for "slow, thoughtful, careful decision-making" when there's nobody around to hold a real discussion. i can't believe that you guys (remmers and steVE) can't seem to grasp that this GreX fundamental principle simply doesn't work with just two people. it makes you guys look like dictators when you talk like that.
Regarding #219; I guess we'll just have to agree to disagree. Regarding #228; The same could be said of some of the present staff members. Regarding #236; *Shrug* Hey, it's grex's choice. If grex doesn't want the help, I can't force it to accept it. Obviously, I think your assessment of me is flawed.
Well, I'm glad the remmers provided some transparency into the process. I wonder, though, if "compatibility" with existing staff is as important as he seems to assert. Speaking more globally, in terms of ANY new volunteers, and not just cross and spooked, it seems to me they only need to be able to work with one or two staff members. I dont' think someone like Marcus should be able to cast a blackball in secret.
Regarding #238; Whoops; when I say ``Regarding #236'' that should be ``Regarding #234.''
Regarding #234; I guess I should make a technical point. It wouldn't matter to 99.9% of grex users if grex's operating system was written in assembly language with configuration files written in Klingon. Nor would it matter if small gnomes verified passwords by comparing them to scrolls held in jealously guarded caves deep within the depths of the earth. But, it *would* matter to the people tasked to fix something if it broke. And then it would matter to the users because some resource they used would be (potentially) unavailable. Oh well.
resp:238 What do you mean by "the same can be said of some of the present staff members"? Do you mean that you might not want to work with some of them? FWIW, I can see why someone might feel that way too. Anyhow, I too am glad that remmers had chosen to explain the procedure for selecting staff because in all honesty, I didnt really understand it totally before recently.
resp:241 Very nicely put. Just so you know, you can get the gnomes to work harder of you stick a chocolate cake into the chassis once a month.
Mmm..chocolate
Regarding #242; Me? I don't particularly care.... But some of the current staff members could certainly be perceived as prickly. I also suspect that, had anyone on grex ever actually met me in person, they'd be amazed at how laid back I actually am. Regarding #243; Hell, I'd like a chocolate cake RIGHT NOW.
resp:245 I wont argue with you on that point. I think that there are a LOT of prickly folks around this joint. FWIW, I suspect that if everyone got a chance to meet face to face over some nice chocolate cake, we might all get along just fine.
Oh yeah.... Maybe I should make some cookies.
I accidentally left my filter on verbose. About 90% of my spam is being filtered before it hits spamassassin because it is in an E. European font (koi-R cyrillic, Windows-1251 (or 50 or 52), has an embedded IMG, is sent with mailer The Bat! (I think they specialize in pharmacy stuff) or contains the string Price: in the message body (stock spams) but is in us-ascii or 8859-1. I caught a few with javascript or text/css or bordercolor. Spamassassin got most of the rest but I try to put it last after the other filters on the assumption that it uses more resources. I also put my whitelists ahead of spamassassin.
(Re transparency: Much of the process was discussed in Item 12 of this edition of coop, " Mom, Dad? Where do new Grex staffers come from?")
I wasn't referring specifically to the process when it comes to adding grex staff. I was referring to the decisions that staff makes.
It seems to me that a small group of staff members who work well with each other (ie spooked and cross) only need to get along with a few other staff members in order to be an asset. Perhaps staff members who are able to shrug off immature comments (really, mic, I have to agree that "or else I'm leaving" is petulant and childish). A technical subcommittee, whose work is brought back to staff by the staff member on the team, could accomplish a great deal without all the subcommittee members being staff. At an agile software company where I am working, the basic hiring standard is "makes other people look good". Not grades in CS courses, not demostrations of workable code, but simple kindergarten skills of working and playing well with others. These skills are teachable. Even folks with autistic tendencies can learn them. But it seems to me that the lessons need to be absorbed by current staff as well as potential staff. I suspect remmers has the ability to coach people who are just beginning to acknowledge these are critical skills to have. (In spite of his frustrated post above). I don't know what it's going to take to get current core staff to start helping newbies look good. I do believe that cross and mic have taken a great deal of personal abuse for taking the initiative to get things moving. I also believe that current staff take a lot of personal abuse when Grex doesn't meet the fantasies of some users. I offer my skills as an organizational development consultant, and team training consultant to work with staff (current and potential) to see who has the willingness to change behaviors so that Grex can continue to add staff, and not wither because people here don't know how to make others look good. The tipping point in changing staff culture does not have to wait for 100% of current staff to learn these behaviors. It only takes a few of them to make a big difference in whether or not Grex staff will begin to welcome newcomers.
Good points.
Interesting ideas.
For the record, in case it wasn't clear - the opinions I expressed above are strictly my own. I certainly wasn't speaking for the staff, or relaying any opinions that I heard from anyone else. As I said, I supported Mic's reinstatement and took the initiative to have an email discussion with staff about that. I hope I'm not violating any confidentiality protocols when I say that of the several staff who responded, none were opposed. I started having misgivings when Mic started posting with #171 and subsequent responses. I don't know if other staff members' positions have changed or not. Re #251: I certainly agree that "simple kindergarten skills of working and playing well with others" are vitally important to the functioning of a technical staff. But I honestly don't think that the problem is that the staff "doesn't welcome newbies". Besides Dan Cross, several new people were appointed to staff in the last three or four years (e.g. Mike McNally), and although a couple of them left for personal reasons, I never got a sense that the staff was dissatisfied with their work, or that they were unhappy with how they were treated. Mic was hardly a newbie, by the way - he was a staff member at least since 1999, a 7-year veteran. I can't speak for everybody, but I believe that the Grex staff would welcome new folks with useful technical skills who can "play well with others." Perhaps clearer lines of communication are needed for people to express an interest in staff work.
I think you need to define, ``play well with others.'' *My* impression was that means, ``defer to Steve and/or Marcus in all but the most trivial matters.''
Nobody wants any help because we're not to the "admitting something is wrong" phase yet. What will that take?
Thanks remmers for a calm assessment. My current sense is that staff, as a team, doesn't have a clear mechanism for reaching agreement if 100% consensus isn't happening. While I'm a strong believer in consensus-run teams, I have seen good ideas die because one strong person refused to go along with everyone else. [Experience with HRP political decision making] What appears to be missing for staff is an agreed upon decision process, by which decisions can be made if there is deeply divided staff opinion. There doesn't seem to be a way to test competing ideas, or to evaluate "success" after testing. We might want to think about "writing the test first", an agile software process that lets the user experience set criteria for a successful solution. It's often faster to test two competing ideas than it is to get two entrenched programmers to agree based on logical arguments with each other.
256 slipped
cmcgee, it sounds like you have a lot to offer grex and it also sounds like you are a person with a skill set that would be very useful in this situation.
In my opinion a conscensus form of decision is best when it is not very important if a decision is made or not. When decisions are important, I prefer a parliamentary system that allows the majority to rule with protections for the views of the minority. I have functioned within both systems, but have found that drift often results from conscensus systems.
Respectfully, Rane, consensus works just fine when it's important to make a decision. You and I have seen it work extremely well over the years here on Grex. There are varying definitions of consensus. What it means to a particular decision making body has to be defined by that body, just as "majority" has to be defined. (Please don't start the Robert's Rules conversation just yet). Often a democratic majority is defined as agreement by >50% of the voters. Often consensus is defined as agreement by 100% of the voters. In each case, the decision rule is accepted BEFORE the question is discussed. As far as I can see staff does not have a decision rule that defines consensus, and does not have a decision rule that defines how action is taken if the (fuzzily defined) consensus is not reached. At this point, there is enough staff burnout that I doubt they can reach either of those agreements (what is consensus, and what do we do if we can't reach consensus) by doing what has worked in the past. I'm suggesting that current staff explore (perhaps with me as a facilitator) ways to define those two decision rules, using some form of consensus to do so. [I'm going to link this to coop since we've really gotten into Grex governence issues is a big way.]
The choices do not just include democratic majority and consensus. I believe the most appropriate organizational structure for Grex staff is a hierarchy with one person appointed by staff to be a Systems Administrator, and that one person appointing staff, approving changes, and removing staff when necessary. The BoD would decide overall policy and dictate goals and vision. The staff would implement those plans under the leadership of the Systems Administrator. Where I work, the boss makes the decisions and he is responsible for them (including all the way up to my company's BoD).
(This item was already linked to coop, btw...)
Yes, this item is now #376 *and* #384 in coop. :)
Ok, killed 384 in coop. Thanks guys
sure.
I was serious with my comments, and neither selfish nor immature in fact. What is missed on the vast majority of those who think otherwise is that I am a very talented individual - with great qualifications and industry experience. I am trustworthy, and I have never had technical issues working with any of the Grex staff. Moreover, I am volunteering my services - any sane organisation would jump to have me doing so. On a personal level, I have nothing against any of the staff. However, on a political level, the runnings of Grex staff are less than satisfactory. Because I speak the truth, and don't mess about with words or live purely by (sometimes outdated) reputations and friendships I am perceived as somewhat a wildflower -- but, hey, that's me and I will not be changing. It has got me to where I am today, a position I am proud of - and, I have the strength and talent to succeed and not play political games like some.
and you're humble too! ;) And fwiw, I am in the same boat. People seldom realize my true greatness.
That's a generous offer you're making, Colleen, to jump in with your expertise and maybe get this team functioning a little better. Thank you so much. You've given us an overview of the consensus and teambuilding goals you'd like to facilitate, but I'm curious how you'd do this. Would you be willing to tell us about the process so we could better understand if this would work for Grex?
My question to you is: what have you done that makes other staff members look good? Nothing in your statement gives any information about your people skills. In order to help build a new culture within staff, everyone on staff is going to have to cultivate their people skills, and their ability to demonstrate their EQ. "Not play political games" often translates into "not consider other people's values when making decisions". "I speak THE truth" is an impossible statement. "I speak MY truth clearly" is possible. Strength and talent are not sufficient to make you a good addition to a team. In fact, teams that work well together don't need strong geniuses as members in order to be successful. There is a book out, "The Wisdom of Crowds". Much of the research in that book demonstrates that organizations that spend time and money searching for the planet-level expert have worse outcomes than those which put a good team on the problem. My experience with over 175 engineering teams, selected from the University of Michigan engineering school, confirms that "wildflowers" need to learn how to value EVERYONE's contribution to the solution, not just their own. Hence the question: What have you done that makes other team members look good? Many engineers hold a belief system that they must be heros and work alone to solve problems in order to be respected. Cred is not earned that way. Another good book is "How To Be a Star Engineer" which is longitudinal research done at Bell Labs. The people who were most respected as engineers were not the Lone Rangers. I'm hoping that the Grex staff can begin to incorporate some of this new information into the way they solve problems.
It's impossible to realize your true greatness, Lynne. Give it up. ;-)
Anyone who knows me professionally I am the first to admit I fuckup if I make a mistake. I don't really give a shit if anyone thinks I'm stuck-up. What matters to me is being transparent, fair, and hardworking. It is clear that is staff has not accepted me, that I will take my principles and services elsewhere.
Couple slips there while I was pontificating. Mary, I'd be delighted to talk about how I could do that. My first step would be to interview, via phone and email all the current members of staff and board to find out privately what aspects of the problem they thought were most pressing, and caused the most difficulty. I would then assemble the information into an anonymous summary so that we could all look at the same collection of data. I would also try to find out preferred work styles and what aspects of working with other techies worked best for each person, in order to discover common ground. I would do the same with any previous staff who would be willing to work with me. What the next step would be would depend heavily on the discoveries we all made during this first round. I would love to have face-to-face meetings with staff, but that may not be possible. Instead, I'd probably use some form of emailed Delphi technique, and try to reach common ground that way. Once we could all see where the mountains, hills, valleys, and deep pits were, we would have a much better sense of what next steps were possible.
Actually, I'd like to try some form of online staff meeting, using whiteboards and Skype if we could. I've participated in a couple world-wide meetings like that and found that the paid-for technology works extremely well. We'd have to look for the freebie stuff, which I think may even be available via Yahoo.
I can't speak for everybody, but I believe that the Grex staff would welcome new folks with useful technical skills who can "play well with others." That reads like so many job postings I've seen by places that have a few egomaniacs running critical systems and a manager or director who is afraid of making any waves for fear those egomaniacs will cause a shitstorm or bring the whole thing crashing down. "Yea, we'd love for you to contribute to our lovely IT group but please don't make any of the trolls under our data center bridge angry cuz we will always pick them over you if it comes down to brass tacks." Seriously. I saw it at Ford, Real Networks, Microsoft, Chrysler Corp, Nordstrom, and a bunch of other places. They all have a few weiners that aren't quite managers but are micromanaging sysadmins whose entire sense of self worth is vested in calling the shots of those few boxes they are responsible for. How dare cross, spooked, or anybody suggest any code is updated, patched, or changed to something better else they should be individually torn down and seperated as "individuals" rather than "team players". Good luck with your procmail hobby, Cindy..I don't think anybody on Grex staff is going to see your skill as an asset for the entire userbase anytime soon.
Notice that the criterion is "makes teammates look good". It is hard to have your selfworth vested in calling all the shots when you're being evaluated on that criterion. Relentless refactoring of code is another aspect of agile programming that would be useful on Grex.
I think you miss the point - I don't have to prove anything to anyone. This is about politics, and highlighting their sad plague here. If the staff was a 10th as transparent as me, Grex would not be in this political stagmire.
And speaking of quagmires, aren't we jumping the gun here with all this process improvement stuff? I mean, what is the official grex methodology for determining who should implement a process improvement plan? <insert ;) here for the humor-impaired> Anyway, I think tod's and cmcgee's comments are helpful inasmuch as the inject some well-needed perspective from people who have actual work skills that go beyond "I write code, damn it!"
Regarding #273; If you think it'd be useful, I'd be happy to talk to you. Shoot me a private email and I'll send you a phone number. Regarding #276; That's part of the problem. It's my opinion that refactoring of code is a big no-no on grex; I tried to start an effort to do this with the grexsoft project, but I was the only one who did anything on it. Ah well. Anyway, a lot of the attitude is, ``if it ain't broke, don't fix it.'' Or, ``even if you can make it better, don't if it's someone's pet project.'' For example I really felt - and still feel - that switching to the system-standard password hash was and is a good idea. I proposed this, and put forth technical arguments for why I felt it should happen. I never got a solid technical argument for *not* doing it: it was basically FUD, and despite addressing those technical points that *were* raised, no action was ever taken. Honestly, I was left - as were several other people - with the impression that it didn't happen because Marcus didn't want it to because the password hash grex uses now was his baby. See item #29 in garage for details (note also that Marcus hadn't logged in in nearly a year until he logged in to comment on that item). Actually, I think reading that item is pretty illuminating.
I think it is beyond repair, when other staff cannot admit the blatant political bullshit that occurs here.
I am applying to have my account deleted. Good luck sorting out your bullshit. I tried my best.
re #281: Thanks for providing, in your recent comments, an excellent example of what Grex does NOT need in a staff member -- a personal grudge against the other volunteers on the system and an unwillingness to participate at all unless one gets one's own way. Frankly we've got way too much of that already. I've tried to stay out of this because I think that there's a lot to be said for some of the points Dan and Mic have been raising but I also think they're ignoring some important practical and political considerations (and Mic's complaints about "political bullshit" aside, working well as part of a group ALWAYS involves politics and compromise.) I've also not wanted to speak ill of STeve, who's done a lot for the system, possibly as much or more than anyone else. I'm mindful, too, of the many important early contributions from Marcus, without whom there very well might not be a Grex. However, I definitely think there's a case to be made that their influence over the system is stalling progress. Given the level of emotional investment some of the principles have put into the issue, I haven't been wild about the prospect that by sharing my honest opinions about the situation that I might provoke them ALL to turn and attack me for the things I'm about to say. But I'll go ahead and have my say anyway and leave it up to the rest of you to decide whether you think I've got a point. -- First off, let's state the obvious: Grex DOES have a staff problem. We're stalled on several major needed technical projects that would greatly benefit the users of the system. And even if we were totally happy with the current state of the system, which I think most of us aren't, we still face a problem in the future which needs to be addressed NOW because practically speaking we're just one or two staff departures away from having real issues continuing to operate. What happens if STeve gets offered a dream job somewhere away from Ann Arbor, or if John Remmers finds something else he would prefer to spend his time doing? Bruce Howard is halfway across the world and spending what used to be staff time with his wife and daughter (as he should.) Jan Wolter is also spending time with his family and on his business and is only intermittently active. Joe Gelinas and Walter Cramer are still involved with Grex but not very active as staff these days, Steve Weiss has logged in only five times since the end of August, and Kip de Graaf is still in the staff group but doesn't appear to have logged in since February of 2005. Now, on to the less obvious: Grex's board and staff culture discourage staff participation from new volunteers -- unintentionally, I suspect, but the effect is still pronounced. It's hard to get buy-in from the board or the existing staff to make major changes to the system, even when they have the potential to benefit many users of the system. The board is extremely conservative in its approach to new technology initiatives, unwilling to spend any money on hardware without lengthy (and usually fruitless) debate, and in the end virtually always defers to STeve's opinion, meaning that projects never proceed unless STeve agrees with them and STeve's reaction to projects is often influenced buy his personal friendship or antipathy towards the person advocating the project. Another thing I want to address is the Marcus factor. As I said above, Marcus's contributions in the early days were key to the establishment of the system. Now, however, we've moved beyond the early days of the system and Marcus's role in managing the system has vanished almost completely and in his absence we are saddled with technology decisions made based on his own personal preferences that nobody else seems to want to support. The only time he seems to surface is when people are discussing reversing one of his decisions and moving forward with technology preferred by the rest of us and then he only sticks around until the effort to override his decision and move forward runs out of steam and we continue limping along with the status quo. -- OK, those are my basic complaints. Tomorrow, after people have had a chance to chew on part one, I'll post part two of my "manifesto", outlining what I think Grex's staff needs really are and some ideas for how we might proceed.
I've known a good portion of those on staff for a while now and I've attended a slew of board meetings and I'd like to share my impression of the State of Grex. We're doing pretty well. That's the summary for those who don't want to read on. If disks crashed tomorrow we'd have folks there to help out. Staff would put aside what was going on in their busy lives, maybe not tonight, or even tomorrow, but we'd get fixed. Folks without a lot of money would be offering what they could if we needed it. For the most part most folks are quietly doing good things for Grex in the background. But it's difficult to appreciate the quiet jewels when there is so much screaming, ego implosion and gnashing of teeth going on, by a scant few. Grex has weathered a lot. We are exisiting in a whole different environment than the one in which we started. We have issues that need to be dealt with, such as spam and security and growing our community (including staff). We're nibbling away at those issues at present. And frankly, I'd rather nibble at a good solution than panic and start down a course that will make things a whole lot worse. In terms of the personality issues mentioned by Mike and others, well, Marcus and STeve may have had too much influence in the past but that's not been the case recently. Hindsight is always so clear. And I'm not going to get into blame. In terms of helping out our present staff I'd proabably not go the white board and interview route quite yet. Mostly, I think they need to simply meet more often. When you get 'em together it's hard to shut them up - the ideas (and frustrations) flow. And this group hardly ever agrees about anything but they still respect each other. One or two people do not call the shots - it's a group think with emphasis put on the person with the most expertise in whatever area is being tackled. It's a team that needs a little slack in their personal lives, time together to talk, and maybe a little less flogging and a few more words of encouragement. My 2 cents.
Mary, I was not aware that the local members of staff ever had face-to-face meetings with everyone present. If one person in not part of the decision making process, she or he can usually unilaterally stop implementation of a decision until her/his ideas have been presented and included. This is especially true of a team that has worked together for a long time. How do non-local members participate in these decision-making meetings?
They don't.
Indeed. I think that one of the problems staff has is that the current system works very well when everyone is local. But everyone isnt local anymore. I am not sure what the answer is. I know that Grex owns a speaker phone so it is possible for at least one non-local person to phone into a staff meeting. That might be a start.
Is anyone currently working on putting back newuser?
Our staff have the technical savvy to connect real time, via voice and video. Mostly, it's the time zone thing that's difficult. If it's seven o'clock at night here it can be five in the morning there. Yuck. The staff conference is available 24/7 but that's not the most robust way of sharing ideas. Again, issues, but not insurmountable ones.
Right. It's hard to feel particularly involved when you're just informed that decisions were made a staff meeting the night before that you didn't even know was going to happen and you certainly weren't part of the loop. Of grex's staff, for the several years I was on staff, the only person's voice I ever heard was Jan's, when I called him to ask what the root password was. Despite what Mary says, I *don't* think grex is doing particularly well right now. The membership has halved over the past several years, reliability has been a problem, and there's a general air of stagnation. I was talking to another grexer last night who said about the system and community that it was ``in its last throws. They won't survive.'' (No, it wasn't anyone who's weighed in on this conversation.) Is grex in immediate danger of shutting its doors? No, but is that the metric by which one judges *health*? ``Well, they're not dead just yet, so they're doing pretty good'' doesn't sound quite right to me. But I think grex will die an assymptotic death. Sure, if a disk fails someone will go change it. If there's a major financial catastrophe, someone will step in and bail us out. The same core group of 20-30 people will keep grex running for a long while, indeed. But, they'll more or less be by themselves as other people leave and new people stop in, say hi once or twice, and disappear because grex doesn't offer anything unique they can't get from somewhere else (or they're just interested in running 30 copies of udp.pl or attempting to send millions of spam messages...). So the community will shrink to a point where it's the same people talking about the same things in the same way over and over again...do you see where I'm going here? I guess the *real* issue is what is the purpose of grex? If it's meant to be a clubhouse for the founders and other principle members, then say so. There's certainly nothing *wrong* with that; plenty of people do similar things. And if that's the case, the rosy picture that Mary paints is perfectly accurate. On the other hand, if it's meant to be something more, then some things have got to change and the situation isn't as positive as she makes it out to be. That's my take.
Regarding #288; Technical savvy isn't the same as desire or will.
The conferences are just as busy as they ever were, and grex has been up far more of the time than it used to be, but newuser is not working, which seems like the most urgent problem right now, not new hardware. Followed by a working spam filter for people who don't want to copy mine (or don't know how to copy anything), and getting rid of unused mail accounts so the mail partition does not keep filling up. What do other people think is most important?
As I recall, newuser was removed as a stopgap measure to keep the people who were running the denial of service attacks from coming back until some solution to that problem had been hammered out. I hope this doesn't become like the "Offsite mailing privileges for new user accounts are temporarily restricted" (from the MOTD, dated January 11).
Is anyone currently working on newuser? If not, would Cross like to volunteer?
Even if I volunteered (like I volunteered to work on email) I'm not sure it would do much good.
Regarding #291; With respect to the conferences, they're just as busy as ever with the same 20 or 30 people who regularly post to them. Like I said, if that's what people want, then just say that. There's nothing wrong with grex being a playground for those who put time and effort into it. But if that's the case, then why is newuser or the spam problem urgent? Sindi, why do *you* think that the newuser issue is the most urgent problem?
Dan, you are a clever person and do not need this bullshit in your life. Do yourself a favour and take your first-rate services and vision to better places. The following quote appropriately summaries my account of the increasing (over time) problems with Grex staff (from nearly 10 years first-hand observation inside the spectre): 'Those who cast the votes decide nothing. Those who count the votes decide everything.' (Josef Stalin) Just like in a totalitarian state, very little gets done. And, what is actually done is rarely in the best interests of the people the leader/s purport to be interested in. Furthermore, there is so much indoctrination that even once good people are unawares of their blindness, foolishness, and lies.
(Newusers are the lifeblood of the system?) Cross asked "I guess the *real* issue is what is the purpose of grex?" According to the Articles (Coop, Item 1): "The Corporation is organized for such charitable and educational purposes as may qualify it for exemption from the federal income tax under Section 501(c)3 of the Internal Revenue Code of 1986, as amended (or the corresponding provisions of any future United States internal revenue law.) More specifically, such purposes include, but are not limited to, the advancement of public education and scientific endeavor through interaction with computers, and humans via computers, using computer conferencing. Further purposes include the exchange of scientific and technical information about the various aspects of computer science, such as operating systems, computer networks, and computer programming." Is Grex doing those things and, if so, how well and if not well, what should it do to meet those purposes?
I think that it is likely that Grex will die off sometime in the future. I like all the discussion in the conferences here and that is my main reason for being here. I would love it if we could get some new users or even some former old users to check in. Certainly, if we dont get some new people online, we will die off. But I am not entirely sure of how to do that. I occasionally speak to people who used to be active on Grex and/or Mnet and they give all kinds of reasons for why they no longer log on here. Most of the things mentioned to me are things completely outside of Grex's control. None of that has anything to do with the current staff issues except that if we dont get newuser up and running, we are essentially making the death happen faster. I havent talked to a single person who doesnt understand that though.
Regarding #296; Oh, I don't know. I'm not ready to throw in the towel just yet. But to each their own. Regarding #297; I suspect that in a narrowly defined sense, grex is doing that. There are a core group of 20 to 30 users who, as I said, will keep grex alive. But I really think that claiming the grex is furthering the public knowledge or advancing science are stretching reality at best. Grex is quickly becoming a provencial backwater; are there people doing things *for* grex? Sure. But what is grex doing *for* anyone else? I think that the criticisms that grex has no real vision are perfectly valid. The articles of incorporation articulate a purpose, but it's rather vague. I guess what I'm asking is narrower in focus; where I ask what is the purpose of grex, feel free to substitute, what is the *character* of grex? Is it a system that is all-inclusive, really making an effort to be relevant on the modern Internet, or a playground for that same 20 or 30 users who have been here all along? The answer to that question really clarifies where the priorities for the system lie. If it's the former, then there are some significant problems that need to be addressed; in particular, if new users are really the lifeblood of the system, then how come there isn't more of an effort to encourage them to become involved? If the latter, then I'll agree with Mary Remmers that everything is peachy, but don't be surprised that there aren't a lot of people interested in playing. I think that a lot of the grex population really, truly, strongly believes in grex, which is great, but some of them also aren't willing to look at themselves to see if maybe, just maybe, there isn't a cultural problem on the system. Sometimes, belief can be so firm that one blinds oneself to other realities, even though someone is screaming at them that things aren't the way they see them. It seems to me that any attempt to say otherwise is interpreted as a viscious attack against something they hold dear. There's little objectivity around here, and I think that is a problem that's just going to grow over time. Let me rephrase the problem in a totally different way: has anyone stopped to think about why there aren't more new users who become part of the community? You'd think as the total number of Internet users increases, you'd see - perhaps not a corresponding increase - but certainly not a decrease of new users. So why has membership decreased? And why can't people even consider that maybe it's a problem with the way the grex community operates?
Regarding #298; Is there any one reason that pops up more frequently than another? You know, look at SDF: it's a *lot* more successful than grex. And part of that is that they do a *really* good job of being more inclusive of the community. They even solicit users to submit tracks of their bands' music for some sort of comp CD!
I think Mike outlined the major problems very well in #282 I pretty much withdrew from the Board election after seeing the same "status-quo" types throwing their hats in to get re-elected (of which I'm sure they will.) I don't see the point in trying to help or influence an organization that doesn't want it. Its laughable that Mary is content with the "somebody who doesn't have much but is a local will always be around to fix Grex" because that is highly elitist and typical of Grex's "problem" in general. (Its a diplomatic way of saying: Thanks for offering but we don't want any help.) One of these days, Grex will need to take the Ann Arbor training wheels off and learn how to operate with a virtual geographically global staff else it will become defunct when all current staff finally find a life off Grex.
Usually quote marks are used to repeat what someone actually said, not what you imagine they meant. But I understand why you can't do that.
I'm unusual.
resp:299 RE: "I think that the criticisms that grex has no real vision are perfectly valid." FWIW, I think those criticisms are valid too.
Regarding #302; So, is this your idea of ``encouraging words'' Mary? People post honest criticisms of what they see to be problems and you post back some snippy little comment like, ``But I understand why you can't do that.'' Do you really? Perhaps you could enlighten the rest of us, please? I mean, I've witnessed you do your own fair share of misinterpretation over the years. Perhaps you could give others the benefit of the doubt once in a while? Is this your idea of being more inclusive, of building a better community? Is this your evidence that grex is doing just fine? Because from where I sit, that sort of attitude reinforces my point that there is a serious problem. If Todd misinterpreted you, why not go ahead and correct his misinterpretation, instead of just sniping or poking with little barbs? Do you have something to lose otherwise?
I've got no problem with people pointing out my slaughter of punctuation.
You quotation-killer! I spit at you!
See, spitting at me is exactly what the staff does not need on its "TEAM."
First off Dan, you need to calm down. Rage isn't healthy. Todd has me saying something I wouldn't have said. Before I start correcting folks, in detail, I think I'm going to wait just a little longer until someone has me saying, in quotes, that Grex is perfect just the way it is.
"Al Gore invented the Internet"
We would like to be able to sign up a few friends with grex. One does not like the email provided by his broadband connection (Verizon) and is playing with sdf mail and would like to try grex. Another does not like the slow web mail at the university over dialup, and besides dialup is ending Jan 2 and they tell people to go find an ISP. He only wants email at home. And any system which does not allow new users is going to die a slow death. A friend of mine in Texas became a paying grex member this year before newuser disappeared because he wanted a shell account for mail. Grex seems to be less difficult to figure out than sdf. There may be other U of M students and staff who want to use a shell account from home without an ISP starting Jan 2. Could newuser be working by then? Is anyone actually working on it?
Mary seems to be one of these folks who, unintentionally, just sound rude. Considering htat in a high proportion of them that's caused by Asperger's, and that a high proportion of aspergers' sufferers are technical people, I'm surprised Cross isn't used to them.
Regarding #309; Wow, that's really surprising. Calm down? Rage? I'm not angry at all, nor have I been. Where did you get the impression that I was? I *am* curious if comments like what you made to Todd are really what you consider positive contributions, or the encouraging words you frequently refer to. I mean, do you think that being rude is a way to push things forward in a positive direction? Because you certainly seem to do things like this often, at least in my opinion. But for the record, I'm neither angry nor enraged. Just curious. Also, maybe the one with the unhealthy rage isn't me, Mary. :-)
Regarding #311; Like I said, there really ought to be a way for present members to ``sponsor'' new user's (and thus create new user accounts). But given the problems grex has with email, do you really think it's a good idea to suggest to these people that they use grex as their sole email provider? Just tell them to login to sdf and run pine or mutt instead.
(Re-enabling newuser consists of:
Defining a pf rule set for the newest members
Tweaking the current pf rule set to only allow the "grandfathered"
users
Setting newuser to use the pf rule set for the newest members
Creating a way to move people from the restricted group to the
permitted group
I can take care of the first three, but the last is more complicated, since
it involves changes to the password file.)
I have accounts at both grex and sdf. Once they were both down at the same time for a day. I have a fastmail.fm for emergencies like that.
In reviewing the staff meeting information posted in the past 24 hours, I'm struck by cross's statement that meetings were held that he wasn't asked to participate in. I don't agree with Mary that having Ann Arbor-based staff meet more often would solve the problems. Who is going to get them to meet more often? Especially if it's a team that needs more slack in their personal lives. Who is going to create that slack? And how can you call them a team if they don't even tell another team member about meetings? That is hardly respect if they are making decisions FOR another member. Did they decide he was too busy? Too sleepy to participate? Too disinterested to contribute? To new to know how things were done? This is not a functional team that is trying to include new members. It does not appear to be a team that has a good set of processes for bringing new members in and getting them up to speed. And it does not appear to be a team that has good ways of working with non-Ann Arbor members. I don't think that the current problem-solving strategies that staff has employed over the past year are working. I do think that there are ways this staff could make changes in its processes that would help them be more inclusive. Clearly current staff care a lot about Grex. And just as clearly, the way they've always worked doesn't work anymore. I would like to see the process evolve into a growth and renewal pattern rather than a spiral of death pattern.
Staff meetings are scheduled by e-mail. It is _possible_ that Dan wasn't in the 'right' e-mail group somewhere along the line.
Re resp:270: I haven't read "The Wisdom of Crowds." I got kind of turned off on that phrase when it started being used to argue that things like Wikipedia were going to revolutionize human existance. Re resp:277: For someone who claims to be transparent, you've been awfully coy about your ideas for fixing the spam problem. "Let me on staff and I'll reveal my secret plan" is not a very attractive pitch. While keesan's filtering scheme is a nice effort, applying it globally (as someone back there suggested) is not an answer. It's too specific to the email *she* gets. If someone else used it, it would probably miss more spam and throw out more legitimate mail than they would prefer. I'm going to reiterate that the email problem would be an excellent one to delegate, either to one staff member or to a committee. Email is a fairly stand-alone service; changes to it don't tend to affect other parts of the system. I think there'd be no harm in letting someone knowledgeable like Dan Cross take it on as a pet project and implement an improved email system, as long as it's documented so other staff members can maintain it later. I don't think anyone has emotional involvement in the current email system the way they do the password hash, so this should be politically fairly simple. It's baffling to me that no one seems at all interested in taking him up on his offer.
I'm not sure that grex staff has what can be said to be clearly defined processes. Rather, there's a set of general guidelines for doing things: try to get a concensus, work on what you're interested in, unless it steps on someone else's toes. Some things are always okay for all staff members. For instance, cleaning up stale accounts, deleting hacker tools or copies of BNC or eggdrop or other large files. Some are okay for certain staff members at all times. For instance, Marcus can more or less make whatever changes to the authentication system or password database he wants. Steve can more or less do whatever he wants (for instance, repartition the disks during an upgrade without, I don't think, consulting anyone beforehand or really making a plan to make sure we don't lose data). Some are okay for some staff members some of the time. Remmers can make certain changes to system configuration files in an emergency; usually he will go out of his way to let people know that he's done and and solicit feedback, etc. Let me reiterate because I think this is important: if you're one of the what one might call ``principle'' staff members, you can more or less do what you want and if someone objects you can later lay down an argument, but do so knowing that, basically, there won't be any real consequences (for example, under what circumstances would Steve ever get *his* root access pulled? Now before someone jumps down my throat, I'm not saying that anyone *should* pull Steve's access, but has anyone ever given any serious consideration to what it would take for that to happen? Now what would it take for someone to pull someone else's? We recently saw Mic's get yanked, for instance. What would have happened if the roles had been reversed?). It was also my sense that the idea of putting some processes in place just wasn't going to fly. The usual argument against would be something along the lines of, ``staff is busy; they have lives; they aren't paid; you can't ask them to do something they don't want to do; be grateful they do anything at all; why do you want to create more work?'' It's interesting to see some people other than myself say things that basically echo my own sentiment of how staff operates: if you want to make a controversial decision, odds are good you'll be told that it needs discussion first, and then discussion will continue until you lose energy to pursue it and just let it go. I feel like the password hash thing is a lot like that: there's no good reason for sticking with what we have now, but instead of changing, we're told we need to ``discuss'' it first and then no one says anything until whoever proposed it (in this particular case, me) gives up. If it's raised at some point in the future, the person raising it (again, in this case, me) is told that it's been discussed, no one wanted to do it, stop wasting everyone's time with endless debate, it creates friction on the staff team to keep raising the same issues, etc. Eventually the cycle repeats. Here's another way to look at that particular issue: some people are motivated to work on staff because sometimes they get to work on things that interest them. That was my initial draw to grex: the technology that allowed an open-access Unix system to actually work without imploding on itself. When I first got on grex staff, I was sort of dismayed at what a patchwork the software on the old Sun really was: in particular, the password subsystem was *really* hacked together, very brittle, and very, very easy to break (for example, making a textual edit to the password file would *really* mess things up. Instead, Marcus or someone had written an *interactive* tool for manipulating the user database. If you forgot and ran ``vipw'' you would really, really screw things up). It was interesting to me, with the move to the OpenBSD machine, to work on that problem, and it eventually became clear that the BSD people had sufficiently evolved the password subsystem in the standard distribution so that grex didn't need customizations. To me, it was an interesting problem to figure out how to get from our custom solution to the standard solution (which was necessary on the Sun given the primitive nature of that system's password subsystem). However, I found great resistance to doing that, because a lot of it was Marcus's baby, and no one wanted to make him mad, even though he hadn't really been active on grex in some time. Okay, fine, but *I* as a newish staff member was still prevented from working on a problem that interested me. Well, if that happens enough times, why would I *want* to continue to do anything but the grudge work that no one seemed to mind anyone doing? If every time you raise interest in working on some problem you're told no because someone else ``owns'' it, even though they're not doing anything with it, how long until you lose interest? Is that being thin-skinned? I don't really think so, but I'm no psychology expert, so take what I say with a grain of salt. I do think it's fair to say that it's not being inclusive of the interests of ``new'' staff members. It is, in my opinion, essentially saying that the interests of long-time grex staff members, even if they're inactive, outweigh the interests of newer members, particularly those that aren't local to Ann Arbor.
Regarding #318; It's also possible that I was, but that the scheduling notices got buried in the massive amount of spam that comes with the grex staff email aliases. What discussions I *do* remember about the staff meetings were usually along the lines of, ``can everyone meet at Steve's place tonight at 7?'' ``Yeah, sure, I'll bring a pizza....'' Nothing about how non-locals could dial into the meetings, no agendas, or anything. If you don't read that email until 8pm, you're sort of screwed. There were several times I recall seeing a post in the staff conference of the form, ``at last night's staff meeting...'' where there wasn't a lot, if any, notice that there *would* be a staff meeting that night. I certainly never participated in one, even though I would have liked to.
re #318, 321: I was on staff for at least a year and I frankly don't recall ever hearing about any staff meetings either. I definitely never participated in one. I thought they were something Mary imagined until comments from other respondents confirmed that they believed in them, too. Like Dan, it's also possible that I, too, might have missed e-mail notifications due to filtering the ludicrous amounts of mail that I got deluged with after being added to the staff mailing lists (I haven't mentioned this before but I almost resigned from staff less than a week after volunteering to help because the crap from the mailing lists so disrupted my personal mail account.) Instead I diverted that mail to gmail and archived it. A search through the archived staff mail shows only one conversation where the phrase "staff meeting" was used in mail that I received and on that occasion (in 11/2005) no staff meeting was called (that I was informed of..) My contributions as a staff member were extremely paltry, but if there was a loop I was so far out of the loop that I apparently wasn't even aware of its existence.
Regarding #322; Hey! You're still staff! At least, you're still in the wheel group and thus have root access.
To the best of my knowledge, the staff has not met since you were added to it, Mike.
Is it possible that the technology has moved so far beyond Grex, and most of the staff has moved with it, so it just isn't *interesting* to most of them?
Is anyone currently working on restoring newuser? keesan's proposed spam filter is simply using spamassassin to filter on anything with three spam points, plus a sample of how to put your friends on a whitelist, which is much shorter than what keesan is using to filter her own spam (which got all but one spam today) which probably uses less cpu time because most spam is WIndows charset or the 60 stock spams a day and I put those filters first.
Regarding #325; I don't know about that; a lot of the stuff that grex uses now is fairly modern (relatively speak, of course). Moving off of SunOS on the Sun 4 was a huge leap forward in technology, literally catching us up by about 15 years. In many respects, it's now on par with other systems. Judicious use of the money that grex has in the bank could further improve the technology new-ness situation. Actually, in some respects, I feel like staff is holding grex back technologically: a lot of things are being done like it's still 1991, sometimes paradoxically. For instance, we're told at once grex hits its hardware really hard, but at the same time told that we can't justify something like hardware RAID. Some of the things that have become almost automatic responses as far as system administration goes are sort of shoved out the window. E.g., someone says, ``highly available storage'' you just sort reflexively respond, ``hot-swappable hardware RAID.'' ``Reliable memory,'' ``ECC.'' ``Chasis profile for colocation,'' ``rackmountable case.'' ``Reliable backups,'' ``tape stacker unit.'' Certainly, some of these things *do* make grex less interesting to those who might otherwise be able to contribe really positively.
Regarding #326; I really doubt it.
Re resp:326: Ah, okay. I had thought you were still doing simple keyword matching. Re resp:327: Having worked with a tape changer, I'm not sure I'd have called it "highly reliable." In four years the Overland 10-slot unit where I used to work was out for repairs at least three times. Oddly, the problem was usually not the robotics, but the Benchmark DLT1 drive they fed.
i don't know why anyone responds to keesan. she's obviously in her own world
re 327: modern relative to what? and all the goodies you mentioned are very nice if one can afford them... grex doesn't even have a decent amount of RAM, a tape backup robot is probably way down on the wishlist... and re:passwd: I'm still pulling my jaw up from the desk where it slammed as I read about it... doesn't *BSD support anything like pam? was this thing ported over from the previous incarnations?
Let me be sure I have accurate data: There has been no face-to-face staff meeting since sometime before November 2005? The way staff communicate about a problem is to 1) discuss it in staff conference, 2) email each other using staff at Grex as the email address, Do staff members ever telephone each other? Do staff members have alternative email addresses that are known to other staff members? I'm curious about how staff decides who will handle an emergency, what problems are important to be working on, and whether or not any two staff members ever work together on a problem. I'm also curious who has staff privileges on Grex. So far I can see remmers, gelinas, STeve, marcus. Former staff members include mcnally, cross, spooked.
FreeBSD uses PAM, OpenBSD and NetBSD use login.conf. My understanding is that login.conf is simpler to audit, simpler to secure and more portable, and hence why it was retained by these two versions.
In case this is actually the spam item, I am curious if anyone got the usual 60 copies of Russian stock spam in the last 24 hours. I don't think I did, unless they changed to a different method of randomizing subject lines. Today my spam filter did not miss a single spam or get a single false positive. It caught lots of Russian or Chinese English viagra spam.
re #319 While keesan's filtering scheme is a nice effort, applying it globally (as someone back there suggested) is not an answer. It's too specific to the email *she* gets. If someone else used it, it would probably miss more spam and throw out more legitimate mail than they would prefer. I suggested it. I tried it and used it for a long time. She does a great job of hitting all the major offenders. I eventually just gave in and now use a .forward to a gmail account which has built-in filtering. I think that the KeesanFilter (KF) would be better than no filtering at all. KF could be easy enough to roll out so long as the first few lines are populated according to the user.
I am NOT suggesting that people use my filter, but a much shorter and simpler one that I wrote a sample of - see procmail.simple. It uses spamassassin and also has samples of how to whitelist your friends. The filter I am using for myself precedes spamassassin by a few other filters on Windows charsets and the current day's stock spam subject line, to save cpu time by searching only on header (including whitelisting friends). Header is the stuff you see all of when you view a mail with pine and hit H.
re #332: > Let me be sure I have accurate data: There has been no face-to-face > staff meeting since sometime before November 2005? Apparently since before March of 2005, actually. And depending on what is meant by "face-to-face" there probably never will be, as Grex has had several not-local-to-Ann-Arbor staff members during that time and there's not enough money in the Silly Hat Fund to fly everyone in for a staff get-together. > Do staff members ever telephone each other? Do staff members have > alternative email addresses that are known to other staff members? There's an off-site staff list that's available when Grex goes down and all staff are reachable via that. Also, some of the staff know each other socially and may communicate informally outside of e-mail. > I'm also curious who has staff privileges on Grex. staff:*:20:root,bhoward,gelinas,glenda,i,janc,kip,mcnally,mdw,remmers,srw,steve wheel:*:0:root,bhoward,gelinas,glenda,i,janc,kip,mcnally,mdw,remmers,srw,steve Apparently I am still in the "staff" and "wheel" groups despite my resignation.
Which one of those on staff is the newbie? That's the same staff from 10 years ago if I'm not mistaken.
Newbie (n): 1. Someone new 2. In the case of Grex staff, the person who wasn't an original founding member.
I'm not sure I see how staff reaches consensus, given that they don't seem to have a communication mechanism that includes all staff members. How do "meetings" occur. By "meetings" I mean whatever group process was used to reach decisions that were then conveyed to cross and mcnally as decisions reached "at a meeting last night"?
In my (limited) experience most of the time staff act unilaterally, generally in reaction to a crisis. There's some group communication in the staff conference and on the staff mailing list but there's not a lot of planning discussion that takes place in those forums. Such discussion, when it occurred, usually took place in agora or coop.
We are Devo
re:Mary's response in 283 " In terms of helping out our present staff I'd proabably not go the white board and interview route quite yet. Mostly, I think they need to simply meet more often. " Mary, do you still feel that a staff that has not met in more than 18 months does not need to make any changes other than more frequent meetings? It seems to me that a staff that acts unilaterally, and is crisis-driven needs some input from the board. Someone needs to begin a process of bringing new staff onboard, and it does not sound like current staff have the energy or time to do so. What is the role of the board and the membership in this regard? I'd like to hear from current staff and board, and from candidates as well.
I have been given the strong impression that the current staff would not take kindly to having the board take too much control over how staff chooses to run things. It is a delicate situation to be sure since anyone can easily quit and walk away at any time because they dont like the politics.
re 344: *giggle* Yeah, if you were a dictatorship, would you take kindly to an offer of a more fair, transparent, and useful direction?
I would start by encouraging staff to meet more often, maybe monthly on some set date. Then I'd evaluate and go from there. I have the feeling meetings don't happen because they are tricky to organize.
re #344 I've had the same constraints in similar organizations. Its all fun and games really til you're down for a month and lose the majority of your userbase, though. If you don't have at least a few reliable staff people that you can reach in a timely manner then you put the whole organization at risk. M-Net never really recovered from the crash in 2000. Prior to that, we had hundreds who relied on that system for email and within a couple weeks it became apparent we weren't ever going to fully recover even though we had a few folks willing to put in full time to replace the system. Even worse, we had a disconnect where the board itself didn't have an official communication liaison to deal with the media so alot of mixed messages were sent out.
What kind of help can I provide to get those tricky-to-organize meetings to happen. People who haven't been able to organize a meeting in more than 18 months may need something more than "encouragement" to overcome inertia.
I'm sharing my opinion here but, who really should be giving you advice, are the staff themselves. I'm not sure of the best way to reach them though. Maybe email? Or attend the next board meeting? There are almost always staff at the board meetings and you'll get a different kind of conversation going there than you will here.
Once again, its the "be in Ann Arbor" response. I don't think its on purpose but it seems to be the trend for interfacing with "staff"
This suggests that perhaps the board should start considering how to foster working relationships that do not require face-to-face meetings.
I would love to do that but I am not entirely sure how to go about it.
I sorta like the ol conferencing call technique. If you can find someone willing to donate their conference call trunk so you can have an "all hands" staff meeting with board members via teleconference then you'd be golden so long as its productive and re-occurring.
> I'm not sure of the best way to reach them though. Maybe email? Or > attend the next board meeting? There in lies the problem. Not all of the current staffers are reachable or even monitor the Grex community. Could you imagine if Grex's finances were managed by a lolly-gaggle of treasurers who each were able to write checks and process payments among which none were "in charge" and all decisions were made through "consensus" or "democratically"? We'd be in financial turmoil just as we are in technical turmoil. Instead we have Aruba who is in charge of finances and as a result Grex is fiscally strong and very well organized (kudos to Aruba who doesn't get thanked enough for the work he does). > I would love to do that but I am not entirely sure how to go about it. Put one person in charge of staff. Make her or him an officer in the company and clearly define what the authority and responsibility of the position requires. If it were me putting it together, I would say that this person has the authority to add or remove people from staff (with knowledge of the root password requiring BoD approval), approve all changes, and make security decisions when necessary. This person would also be required to submit staff reports to the BoD before each meeting. These reports could be submitted through e-mail, or better yet made public on coop similar to aruba's. Such a person wouldn't even need to be technically savy or even located in Ann Arbor. He/she would simply need to have plenty of personal time to devote to keeping things organized.
> I sorta like the ol conferencing call technique. Actually, I like the idea of using VoIP. Perhaps Grex could put together a voice conference system using some OSS. Heck, I'd even suggest using teamspeak because it would be simple to set up and the clients are available for Mac, Windows and Linux.
re #355 You might like VoIP but I doubt everyone on staff is as enthused about setting something like that up just so they can "touch base".
Kip, Cross and I were added to staff at the same time. McNally was added just before, or at the same time, Glenda was added. Glenda is the most recent addition. If we have a Lord High SysAdmin, I expect most everything to be left to that poor sod to do.
It is not unusual for the chief executive officer of an organization to be "in charge" of staff. That's "staff" generically, of course. But there would be some point to assign this duty to the Grex president/chairperson. His/her only duty assigned in the bylaws is calling BOD meetings and organizing the agenda: that's hardly "executive" responsibility. (Incidentally, there is no provision in the bylaws for choosing the president, treasurer and secretary, not even stating that the BOD does this. In fact, as far as the bylaws go, the members have as much right to choose the officers as does the BOD itself - it is a *member* based organization.)
That is a possibility also Rane. The chief of staff (*grin*) could be a BoD member or even the president of the board. Or he/she could be a non-board member, or even elected by the membership. Or the current staffers could themselves elect a chief and rotate the position around. I would recommend that this person not be part of the BoD however because he/she should be responsible to the BoD, adding a layer of oversight. > If we have a Lord High SysAdmin, I expect most everything to be left to > that poor sod to do. It would be a time consuming job, no doubt.
Are we having fun yet?
I think there might be a way to structure the job so that it was primarily a peer relationship instead of a hierarchical relationship. The included task would have the person help each staff member (or teams of staff members) find resources, track progress, and identify when a project was getting bogged down. Staff would need to shift thinking a little bit as well. When the person pointed out that it had been X weeks since the staff member had had time to move the project forward, the staff involved would have to practice saying Yes, I need some help, rather than defending the downtime with the shield of personal priorities above this task. The person could help find and integrate new staff, acting as a mentor, and keeping an eye on progress. All staff would have to relinquish total ownership of any particular piece of Grex. But there is no reason that staff wouldn't be able to choose a domain of expertise, and become the initial go-to-person with problems in that area. The difference is that the process observer saw no progress, the staff person would have to be willing to let someone else step up and begin working on the problem as well. This might require more frequent "meetings" of staff, but I don't think so. The "cat-herder" might have to initiate conversations, and be willing to spend time keeping a thread going. I nominate Remmers as our first cat-herder.
I don't think of it as either a "peer" or "hierarchical" function, but rather as a coordinating function, to keep the members of the orchestra in tune.
resp:315 This may not be a good idea, but would it be reasonable to simply name a new group, have newuser drop new folk into that group and then define either a login.conf or systrace policy to bar network access, instead of using pf for it? This would allow someone to gain access by simply doing: sudo usermod -g "nice_users" new_user1
Basically, that's how pf works. I've created the new group, set newuser to use it, and defined a pf rule for the old group. The only thing left, I think, is an easy way for the volunteers, solicited elsewhere, to do the user modification.
Actually one line of unix is manageable. But, to lower the fear factor, a tiny script, where you responded to the question "Which user ID should get outgoing mail access?" with a comma separated list of user ids, and an "is this the correct list" confirmation question would be nice.
Regrding #329; I'm guessing it probably depends on the tape changer. Regarding #331; Modern relative to a Sun4m machine running SunOS 4.1.4.... That is certainly true. As far as PAM goes, maus has it right in #333. We have login.conf, but we still need custom code to support the custom hashing algorithm. Regrading #340; I'm going off my recollection here, but I seem to recall reading things like that in the staff mailing list. It's been a while; my memory might be flawed. Regarding #360; Beats me. Are you? Perhaps you should calm down. :-) Regarding #361; I think that getting staff to relinquish ownership is going to be one of the harder things to do.... Part of the problem, as I see it, is that too many people view grex as a hobby versus something important to maintain. There's too much personal investment and too little community ownership. How does one go about changing that?
I think you're right. A long time ago I tried to interest Grex into seeking to serve the local non-profit community. There was no particular interest.
I suppose HVCN would be thought of as the place for such things, but it is distressing that grex isn't more active in things like that.
Grexers - and M-Netters - are only really interested in one goal. Keeping Grex (or M-Net) up and running. The charitable mission is a joke.
Wow. That's a pretty hardcore statement.
cross, send me an email at this login if you would please. I have a couple questions for you I'd like to clarify.
Sure thing.
Re #367: It was the manner of service that was the problem. We didn't want closed conferences.
It is definitely true that Arbornet's charitable mission was interesting to only a few, from the time of the merger on forward. Almost everyone involved wanted only to keep M-Net up and running. A number of vocal posters were pretty hostile to the idea of doing anything beyond that. I don't think there were more than a dozen people who ever did anything which was not exclusively for M-Net from the time of the merger. M-Net was tied to the Arbornet charter, which had provisions for community forums and an educational mission. No one at all was ever interested in those sorts of things, not since M-Net came along, anyway. Arbornet was founded with a big budget at first, I guess as a potential tax write-off for NETI. When Grex became a 501(c)(3) organization, Jan chartered it as doing exactly what it was already doing. That was simple, straightforward, and clever enough I didn't think it would actually work, but it did.
re #373: > We didn't want closed conferences. Except for staff, right?
Good point, Mike.
(That's where staff can bitch about all the users!) (For the humor impaired, that was a joke. Okay, only partly.)
Before too many people get off on a tangent about MISSIONS, lets just look at the Articles of Incorporation for both ARBORNET and CYBERSPACE COMMUNICATIONS. ARBORNET To organize and operate a community-based computer conferecing system in Ann Arbor, Michigan, involving as many local citizens as possible in computer conferencing activities of an educational, informational, and data collection and dissemination nature. This organization is organized and operated exclusively for purposed described in Section 501(c)(3) of the Internal Revenue Code. CYBERSPACE COMMUNICATIONS The corporation is organized for such charitable and educational purposes as may qualify it for exemption from the federal income tax under Section 501(c)3 of the Internal Revenue Code of 1986, as amended (or the corresponding provisions of any future United States internal revenue law.) More specifically, such purposes include, but are not limited to, the advancement of public education and scientific endeavor through interaction with computers, and humans via computers, using computer conferencing. Further purposes include the exchange of scientific and technical information about the various aspects of computer science, such as operating systems, computer networks, and computer programming. re #369 Grexers - and M-Netters - are only really interested in one goal. Keeping Grex (or M-Net) up and running. The charitable mission is a joke. re #374 M-Net was tied to the Arbornet charter, which had provisions for community forums and an educational mission. No one at all was ever interested in those sorts of things, not since M-Net came along, anyway. Neither of you remember when we had toolkits made and taught hardware class? Or maybe you missed the M-Net/UNIX manual that was published? To date, it seems both organizations have stuck to their purposes to provide "computer conferencing" or "interaction with computers" and the educational or scientific or data collection bits are sort of ancillary but they DO exist.
The particular closed conferences for local charitable non-profits would have been a service to the community. There is no reason why Grex cannot provide different services for different community functions, within its mission statement. They decided, however to continue to just do one thing one way.
on Gres, "they" is "we". Grex is run cooperatively, grex is run democratically, and there are procedures for anyone to bring an issue to a vote. Any minority viewpoint can be posted for discussion. Any viewpoint that is turned into a votable motion can be voted on by the whole membership IF a sufficient percentage of the membership agrees to place it on the agenda for a vote. It is disengenuous for rane to say "They decided, however,,,,,,". Rane is a member, and Rane's viewpoint did not prevail. No anonymous "they" made a decision.
To be fair, Rane probably didn't know that historically Grex wasn't a 501(c)(3) from its inception nor for many years so that mental picture of reaching out beyond the embittered Marcus crowd hadn't happened yet.
Todd, that's ridiculous. Grex is perfectly willing to support non-profits in ways within its means and consistent with its policies, and has done so. Re #375: "Except for staff, right?" Right. The policy disallowing closed conferences, with an exception for Staff, was passed by member vote in 1997, by the way. See http://www.grex.org/grexdoc/archives/votes/vote05b . The resolution was even stronger that, allowing unregistered users to read conferences.
I did know that as I was participating when Grex applied for 501etc. But that was no reason why Grex could not have acted out of "community spirit". I've noticed this tendency in other charitable non-profits. They tend to close around the specific interests of the controlling group, and avoid the more difficult realm of community outreach: unless, of course, that is specifically written in their mission. Re #380: don't read more into my use of "they" than is there. They, we, those that discussed it, the board....were opposed.
It seems clear that the staff needs a place to communicate privately. I'm not sure the staff conference is it; when I was on staff, I saw a lot of bashing in the (admitedly older) items that I found distressing. The staff, if anything on grex, is too closed, as has been stated. I would think that a mailing list would be better suited for that sort of thing (and probably more immediate, anyway: sometimes things get posted in the staff conference that aren't acted on by certain people because those people haven't logged into grex and thus don't see the conference). Perhaps it's time to reconsider opening up the staff conference (or restarting it with a new public conference). I also think that, instead of calling Todd ridiculous, one should take it as a clear voice of frustration with the current state of grex. This is something that should be addressed, not dismissed out of hand.
I took Todd's statement as a summary of Grex history and will stand by my characterization of it. I also believe that although Grex certainly has problems that need to be addressed, the current state isn't nearly as bad as you like to make it out to be.
re #382 Todd, that's ridiculous. Grex is perfectly willing... John, I was referring to Rane's perceptions at the time of the request. If today, there is a movement to provide closed conferencing for other 501(c)(3)'s then I'd love to hear/see it.
*sigh* It does not bode well for board members to start the new year with such ruffled fur. please, all of you, try to make a private list of the VALID criticisms that are being made, no matter who makes them. Grex's current state is distressful to quite a few of us. Board members sniping at each other, in public, adds to the problems.
Tod slipped.
Honestly, I'm not trying to snipe at anybody. But I'd prefer that we don't just blow people's criticisms off. Personally, I think Todd's got some valid things to say.
Re #385: You were speculating, then, and you were wrong. Rane was a board member at the time. Grex was committed from its inception to qualifying for and seeking 501(c)3 status, although we didn't have it yet. Rane and others were fully aware of this. Re #387: Colleen, I'm not trying to snipe either, but if I read something that I believe is unfair or incorrect, I'm going to speak my mind.
I'm going to speak my mind. Me, too. Grex wouldn't have happened if Marcus hadn't lost his M-Net account. Closed conferencing was an idea that staff wanted to keep to itself and the idea of giving that benefit to outsiders was beyond approach. I don't think my assessment of the period in which Rane referenced is "ridiculous" at all. If somehow the concept of providing closed conferences to 501(c)(3)'s has somewhere along the line become acceptable, I'd love to hear it. So far as I can tell, staff has been the one calling the shots on this since the idea was first suggested. It's all too telling that the folks who jumped for the seats on Board ARE/WERE staff, don't you think?
The folks who were ELECTED to the Board are/were staff. There were lots of other choices for members to make
I think that Todd is referring to the group of folks who logged into grex at nearly the last moment to nominate/be nominated/accept nominations.... At least one of those is a staff member who does not otherwise login on a regular basis. Regarding #390; Aw you're a swell guy, Remmers. I'll buy you a beer one of these days....
re #393 referring to the group of folks who logged into grex at nearly the last moment to nominate/be nominated/accept nominations.... At least one of those is a staff member who does not otherwise login on a regular basis. Yea, I thought I was the only one who noticed that. It pretty much convinced me to withdraw my nomination from the Board being that the major "problem" voiced by users has most often been actions of the staff.
I thought it was fishy. It also occurred to me it's possible, depending on how many "non-insiders" like tod and cross run, to essentially fix the election in advance by choosing not run once enough other "suitable" members stay in the race.
Yeah well, I can think of easier ways to win elections where only 20 people vote.
I didn't think it was fishy so much as transparent.
re resp:378: Todd, I was involved in organizing the hardware classes that TS Taylor taught. I tried to follow up and do it again a few years later, along with linda, but there was no interest at all at that time. None, other than the two of us. I was involved in K12Net -> Teachernet. I can probably list every person who contributed time to that project. I was involved in lots of those things, probably all of them, but very few others were. Arbornet tried expanding into roles outside of those which were it's core. All of those attempts were failures except the hardware classes.
re #398 I was around for all of those things also. I can actually remember a jubilant TS coming back to the house on Forest Ct after one of the classes. K12 was a flop because it tried to accomplish too much without enough human resource to support it. Several 386's sat dormant or were used to play games in classrooms. There were many attempts on the charity and education end but at no time has the "computer conferencing" or "interaction with computers" part of the 501(c)(3) education qualifier been missing. You say there was never an interest in community forums or education but I say M-Net has had that from the getgo.
For the record, I remember all of those things. Particularly one version of the manual which i helped produce and we sold hundreds of copies at the Art Fair offering "FREE INTERNET ACCESS". It was a very profitable venture for Arbornet, and filled the coffers because 1996 was a time when people were really starting to discover the internet. I remember the hardware kits and the hardware classes as well. That was 10 years ago. My only point was that the "charitable mission" - for both Cyberspace Communications and Arbornet - is a joke at this point. 10 years ago is pretty irrelevant.
So you don't see free system access and unpaid volunteers as charitable? Hey, that's your loss.
(hauling this back to the email issue)
Found this in the Info Conference.
Looks like you can't email staff anymore. Is that true???
-------------------------------------------
#244 of 245: by hakleton (hakleton) on Sun, Dec 24, 2006 (15:02):
Hello, I have a problem with the mail program from grex, I am unable to
sent emails to anyone outside grex, every time I sent an email this
response comes:
Date: Sun, 24 Dec 2006 14:34:32 -0500
From: Mail Delivery System <Mailer-Daemon@cyberspace.org>
To: hakleton@cyberspace.org
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
grex-staff-exploder@hvcn.org
(ultimately generated from help@grex.cyberspace.org)
You are not allowed to send mail to external mail sites.
------ This is a copy of the message, including all the headers. ------
What can I do about this?
-------------------------------------------------------
Really, you ought to be able to send an email to Grex help.
For various reasons, most (all?)) of us (staff members) read our mail on other systems. So "staff@cyberspace" goes off-system. I don't have a solution to getting mail from newer users to the staff, though. :(
That's an email addressed to help@grex.cyberspace.org Not to staff, just to help. Surely we can figure out a way that someone can get help questions answered. That's a pretty basice service for someone who is new to our community.
Please don't assume anything is basic to Grex staff.
I think using something like RT, which mediates the email on behalf of the user (the user sends email to RT, which is local to grex, and then RT sends email to staff, via the RT account, which could be permitted to send offsite email). RT has other uses on a system like grex, as well (it could, for instance, be configured with a queue for authorizing users to have Internet access, etc). http://www.bestpractical.com/rt
"There's a hole in the bucket, dear Liza, dear Liza."
Isn't it Dear Eliza?
Then fix it dear Jo-oe, dear Joe, dear Joe.
re 401 - the volunteers do so because they want to keep grex and mnet up, not because it's charitable. M-Net has no volunteers doing any significant work other than Rex, who kindly keeps the system running. The arbornet board has had one meeting in the last 2 years. And you've filled out some paperwork. I appreciate that, I really do. But I don't think those things make arbornet's charitable mission worthwhile. Free system access may have been a worthy charitable mission at one point, but today? Hardly.
It is just one aspect of the bases for Grex's 501(c)3 tax exempt status - or is that status also passe?
Regarding #410; I've offered to do systems stuff on m-net, but rex seems to not want additional help.
re #412 Well yea, that's the major difference here is that Rex is recognized as the SysAdmin by board appointment. Unlike Grex where leadership is ambiguous.
Yeah, that's cool. I'm just saying that it's not like he hasn't had offers for additional help. Perhaps he doesn't need it, but peole who are like, ``m-net is so poor: they only have one sysadmin!'' are distorting the truth.
m-net also has no email, so it presents far fewer problems.
rick moot
So it occurs to me that there's something we can do about spam: make email opt-in and outsource spam filtering for those users who must use grex for email. They can handle the cost of, e.g., using messagelabs.com's service.
People who 'must' use grex for email are dialin users who don't have money. Why should they be required to pay for spam filtering when grex has the capability to do it?
Because grex doesn't have the capability to do it. If they can't afford it, they should figure out how to use POP3 to talk to gmail or yahoo. You know, you can use email hosted somewhere else without using a web browser.
If they don't have the money, then they are more likely to want to spend the time fixing a spam filter. It is not that it can't be done on Grex, it is that staff has higher priorities. Sindi, if they cannot afford the for-pay service, then you can show them how to do it for free.
Yes, that is what I want to offer via the motd. People who can figure out how to use POP3 to talk to gmail probably can afford an ISP.
This post is sort of `thinking out loud,' not a plan of action. I'm looking for comments here, not buy-in. So comment away. Yesterday, I drove to Maryland and back with Tom Limoncelli, author of The Practice of System and Network Administartion (if you're in that business and haven't read that book, you have a problem. If you read it and didn't get something out of it, then you need to give it to all the people that report to you and get them to read it). He told me about the messagelabs.com solution, and it sounded really good. I'm coming to think that it's just not worth it for grex to even try and run spamassassin or any of the rest of it. The cost of messagelabs isn't very much; about $50 per person per year. Also, since they're an anti-spam company, it's well known that their servers don't *send out* spam. We could configure grex to route *outbound* mail for verified members through them and then we wouldn't run into that annoying situation where mail from grex users gets blocked because grex is known for sending out spam. Thus, a good overall solution for email is the following: slash the cost of a grex membership in half, to $3/month or $30/year. Users who want email have to become members and also agree to have their mail routed through messagelabs.com, which does all the spam and virus filtering for us, and the users agree to cover the cost of their email being filtered, for a total cost of $30 + ~$50 = ~$80/year. Grex's email configuration and firewall rules are modified so that connections to the mail server from outside grex are only allowed from messageslabs.com's servers. We modify our DNS data to point our MX records to messagelabs and let them take care of the spam problem for us. This provides an economic disincentive for users to continue to use email at grex, but not a terrible one: cost is only $20/year more than being a member now. It also basically eliminates the staff involvement in email: our email system can go back to being stupid and simple. Email is such a hard problem to solve from a staff perspective that I think we just have to start taking the position that users have to share in the cost. I'm sorry if it's a bummer, but there it is. This organization is just not in the position to support email as a first-class application anymore: it's just too hard. We need to abandon or outsource. For other users, we might be able to set something up where certain usernames are passed through to grex without filtration, and on grex's end we forward them to another provider of their choice (e.g., hotmail, yahoo, gmail, whatever). Then they can configure, e.g., pine or mutt to connect to those remote servers on the POP3 and SMTP ports so that they can use grex to read interact with their yahoo or gmail accounts. We could open ports in our firewall rules allowing access to a certain limited set of ports at the major mail providers (all of which require authentication, so sending spam through grex would still not be possible; or, if they did do it, they'd get their accounts at the Yahoo or GMail side closed almost immediately). But the point is, we need to face the reality that grex just does not have the bandwidth in terms of staff time and availability to run its own mail anymore...
resp:421 That is a rather absurd statement. How do you come to equate having available capital with having technical expertise? In most cases, the two are disjoint, hence the existence of finance. Keesan, if you have access to the Internet, even a slow 9600 bps dial-in SLIP access, you can get mail via pop-mail from a provider such as Y! or Google.
I do not want to use pop mail. I can use popmail with my ISP if I want. I like using pine or mutt at a shell account. I am happy with the spam filter that I have here and am only trying to make it easier for other people to use something similar. If all the mail accounts which are no longer being used were closed, spamassassin could be run on all incoming mail to the accounts still in use, but in the meantime I just want to help people set up individual filters. They can tell me if they want spam dumped or saved to a spam folder, and get help making a whitelist. Someone mentioned IMAP - would it be possible to ssh to grex and use IMAP to read mail at some other site? Viewing only the subject lines and deciding what to actually read?
Regarding #424; You can use POP and still use pine or mutt from the grex shell. In that case, pine or mutt or whatever just gets the mail via POP from a remote mail server and you read it as you normally would; conceptually, this is the same as reading it from /var/mail. It amazes me that you ask about SSH'ing to grex and using IMAP, but are opposed to POP. Conceptually, for this purpose, the two are exactly the same.
My first reaction to Dan's proposal is that it makes a big change in Grex's mission and philosophy. We have, in the past, agreed as a community, to keep the difference between being a paying participant and a non-paying participant as minimal as possible. Membership DOES NOT buy privileges. Just about everyone, except Sindi, probably makes liberal use of the many free email systems that are far more reliable than Grex. It is Sindi's philisophy that keeps her from helping her friends find free, reliable email. Access to much older equipment, for almost free (such as one can find at Kiwanis here in Ann Arbor) still allows one to use Yahoo!, Gmail, etc, etc. [philosophy, back up a few lines] There IS a solution to spam on Grex for those who want to use it. For free. I see no reason to enter into a longterm contract with someone else, increase membership fees, and give up on Grex email. I agree the tool is seriously bent. But it still works, and there are better, free tools out there for those who are unhappy with what we choose to provide.
Thanks, Colleen, for your thoughts. As I said, this is just thinking out loud. However, I think you misinterpreted at something in my proposal: it's not using membership for buying privileges, but rather covering costs and doing reasonable verification on those who can send/receive email here. Yes, it's a bit of a philosophical departure from what we have done in the past, but we need to take into account the fact that the economics of email and, indeed, just about everything computer related, have changed dramatically since grex was founded. As we move forward to a solution to the email problem, we can't forget that; our old assumptions about how mail fundamentally works have broken down and we need to adjust accordingly.
I mentioned IMAP because fastmail.fm (with 10MB mail storage but limited bandwidth in its free accounts) offers free IMAP, but paid POP. Their free spam filter is pretty bad though. Since Jan 24 I am getting increasing amounts of junk, up to 2 per day. My procmail/spamassassin filter here does a far better job. Can you download gmail mail to grex, for free? Using the webmail interface is not practical on older hardware and slower connections. Thanks for the motd. So far no takers. Fastmail explained how to use vi to edit Pine to work with their IMAP. I do have more reliable mail, at SDF. 100MB mailbox. But no spamassassin. So I don't post my address there online. I got NO spam here today.
#428: Yes, you can download Gmail mail via POP for free. If a message is marked as "read" via POP it won't show up on POP again, due I presume to Gmail's "tags" system (which replaces folders), so if you do so, make sure to locally save a copy of any mail you want to keep. (Which is, as I understand it, the original point of POP, the "Post Office Protocol" -- that you download mail and it's deleted on the original server.) For that matter, Gmail is -- minimally -- accessible via lynx. It's what they call their "bare HTML" view, and I'm not sure you can use all the standard features, but it works for reading, tagging (which replaces filing into folders -- read their FAQ for the details), and archiving. It does *not* work in links, since it detects that browser's minimal Javascript, tries to use that, and fails miserably. In my experience (admittedly my only experience with POP is with Gmail), IMAP is better than POP (A pity Gmail doesn't offer IMAP), but direct access as on Grex surpasses either. (When I run into my Calvin mail quota, I ssh into the web server, where mail folders are stored, and sftp them in a tarball off, rather than go through the web interface.)
Regarding #428; As Jonathan said, yes, you can do POP with gmail for free, and you have a 2GB (yes, *giga*byte) quota for mail. I wouldn't say that it's `not practical on older hardware and slower connections' to use the web interface, though. Opera running on most of the boat anchors you give out would probably do a reasonable job.
It took 2 minutes to download the gmail starting page with opera. Their pages are too large. And webmail is inherently slow and GUI-ish. Can one retrieve mail from another site with IMAP at grex? With POP? I am not ever going to use popmail via modem to download to my own computer. I don't read most of what is sent me (freecycle mail). I might some day experiment with IMAP/pine and fastmail just to learn something. But I would still need a spam filter at grex to do that. Testing lynx at mail.google.com. Lynx supports ssl. Faster than opera. I don't have an account to log into for testing purposes. Jonathan, the problem with links might be the ssl requirement.
I have been unable to get IMAP working between pine and fastmail. All I did was disable pine from sending mail. I was supposed to type several long lines into .pinerc with .vi. Eventually I gave up and used pico. This changed my sender to mailmessagingengine.com somehow. When I tried to mail to myself I was keesan@mailmessagingengine.com It would be much easier to change the login in .procmailrc than to edit .pinerc Does anyone else have PINE working at grex with IMAP and some free mail account?
lordy.
Regarding #431; For about the third time, YES, YOU CAN USE PINE ON GREX TO READ MAIL ON GMAIL VIA POP. YOU DO NOT HAVE TO DOWNLOAD IT TO YOUR LOCAL MACHINE. Gmail isn't slow. Your computer is slow. Sorry, there it is.
My computers are slow and when I dial in through a mobile phone my connection to Grex isn't all that quick. Berkeley mail is lightning fast though! :-)
#432: You shouldn't have to edit .pinerc manually. Pine has a built-in setup utility for just that purpose. The email provider should give you an IP address and port to connect to for POP or IMAP and an IP address and port for SMTP (to send). The line you probably want, should you decide to edit .pinerc by hand, begins "incoming-folders=" (assuming you want to keep your mailbox here).
I did edit something of the sort as instructed by Fastmail. They did not provide IP addresses, just a list of what to type. It failed miserably. How would one set up pine here to do popmail from a free account some place else, and does it automatically download mail? My IMAP setup tried to send via that other account, which I did not need to do. Gmail is designed for a fast connection. All webmails are slow for me.
I just discovered that when I tried sending myself a mail to here, it ended up at my fastmail account (before I undid the IMAP setup). That is NOT what I want, I want mail sent there to end up here so I can read it with pine.
In "IP address" I meant to include "domain name." Like I said, with pine, which includes an extensive internal setup feature, it should be unnecessary to edit .pinerc by hand.
Apparently IMAP works by having the mail go some place else but reading it here. So I would have to forward any mail from here to there and then read it here? To configure pine for IMAP setup/config Z. It is much simpler to just edit a .procmailrc file and probably catches more spam than fastmail.
IMAP, like POP3 is a protocol for retrieving mail from a server somewhere. If I remember correctly, IMAP is a bit more flexible in that it provides your mail user agent (in your case PINE) with the option to scan headers and delete messages without automatically fetching the entire message from the server. Whether PINE takes advantage of that facility is a separate question. Hopefully someone here will correct me if I'm wrong.
#441 is, as far as I know about pine and IMAP, correct. Re #440: Pine can handle multiple incoming mailboxes, so you don't need to forward mail from anywhere to anywhere. Just add whatever address and port you are given to your "incoming folders collection", as pine calls it.
Would someone like Jonathan be willing to set up a free account at fastmail.fm and figure out how to read mail at it with pine at grex? It is beyond me. But I am already getting 2 spams a day there from the same stock spam place (gifs advertising some stock). I would still need to use a filter here to filter on anything with a .gif, or pay fastmail for better spam filtering. It is easier to just use .procmailrc.
I'd be willing to (not this moment, as I've got class soon). I won't do it at Grex, since I don't use pine on Grex, but pine should be the same anywhere. I'll reply with my results when I have any. In my original response I didn't specify pine because pine is not the only tool in the arsenal for getting mail from somewhere. It is to be preferred if you want to use their space rather than your space for storing the mail, but you could use fetchmail or some other IMAP client to download the mail and use whatever tool you please here (including passing it through procmail).
I think it might be more profitable to set up an account on gmail, which probably has much better spam protection.
Regarding #441; The POP protocol has most of those functions, as well....
I just spent about 20 minutes trying to sign up for a google account using the lynx (latest) on my own computer. I could not find a link to the image you needed to type in to verify. I downloaded the .wav file and tried typing in the numbers I heard (against a ridiculously noisy background). I mailed asking them to email me to help. Then I broke down and used Opera to sign up. I could access my account with lynx and it took 30 seconds from the time I typed in the URL to read my mail. Since I have lynx set to number al links, I could type 10 for Compose, and 30 for send (or whatever they are). It sent in a couple of seconds. My ISP webmail can take 20 sec to delete mails. I have not tested google this way. I then tested access to pine. If I am already at grex it takes about 2 seconds. If I am not at grex, it took 10 sec to ssh here and enter my password and type pine and i to see a list of my mails (less if I had fewer mails in the inbox, more on a really slow day). I added another To: line to my .procmailrc to dump any mails to koresh, and another couple lines to send any mail about pills or girlfriend to the spam folder. Lynx can handle https sites (you need a cert.pem). I then accessed my inbox with Opera. 46 seconds. With Opera set to not display any images (but I think it still downloads them). The conclusion is that pine at grex is much faster to access via modem, (2 sec if I am already at grex), lynx takes 30 sec, and opera takes 40 sec (plus another 30-40 sec to load X and opera). On my fastest computer. Firefox or Mozilla take twice as long to load as Opera. Pine being faster than Google to access (with lynx or opera). Fastmail.fm took 10 seconds to access with lynx (on my computer, in all cases). Probably less if I set lynx to access fastmail cookies. Google took 30 sec with lynx. Fastmail is getting 2 spams a day now. Links indeed does not access gmail though the SSL part works. (The links at grex does SSL). How would someone read google mail using pine at lynx?
So now that you have a gmail account, try to get pine to pull email out of it using POP.
#445: I have a gmail account, but it only has POP and additionally makes messages disappear from POP once read via that method. #446: The difference seems to me to be that IMAP is intended for managing mailboxes remotely, while POP seems intended for simple mail retrieval. The first "definition" Google finds for "IMAP" is as follows: "(Internet Message Access Protocol) IMAP is gradually replacing POP as the main protocol used by email clients in communicating with email servers. Using IMAP an email client program can not only retrieve email but can also manipulate message stored on the server, without having to actually retrieve the messages. So messages can be deleted, have their status changed, multiple mail boxes can be managed, etc." I have now created a fastmail.fm account. Their "Pine" configuration entry is overly confusing -- as keesan noted, it tells you what keystrokes to use in vi, which is unforgiving, and likely some stray command keystrokes slipped in when she used pico. The "I know how to set up SMTP/POP/IMAP myself ..." FAQ entry is much more revealing. I'll enter detailed instructions when I get back to my dorm room, where I have pine set up (I'm typing this from the computer science Unix lab) and can substitute fastmail's IMAP server for Calvin's and post. That will include both fastmail IMAP and Gmail POP; as Dan said in #445, Gmail probably has better spam protection, and I add that it is entirely free unlike fastmail which reserves some features for those who pay.
447 and 448 slipped.
Regarding #449; It's true that IMAP is more featureful than POP. But for the simple commands that have been listed here (grabbing headers and deleting messages without first retrieving them) POP has enough functionality.
The relevant line from my .pinerc, edited with the information from fastmail
and to remove my username:
incoming-folders=Fastmail
{mail.messagingengine.com:993/ssl/user=username@fastmail.fm}inbox,
Gmail {pop.gmail.com:995/pop3/ssl/user=username}INBOX
(All of that should go on one line, or broken after the comma, but I added the
first line break to not disrupt those of us with smaller screens. I repeat my
strong advisement to edit .pinerc through Pine's internal setup utility rather
than manually. You will need to make sure that "enable-incoming-folders" is set
to true or yes or whatever Pine uses.)
In re the IMAP vs. POP debate see:
http://www.fastmail.fm/docs/faqparts/ExternalMail.htm#ExternalIMAPVsPOP
Shucks; I just read the RFC's back in the day.
Jonathan, did you set up pine to retrieve fastmail mail via IMAP and Gmail via POP? There were supposed to be three other lines for fastmail/IMAP. Fastmail said nothing about enabling anything.
What I have there will open your inbox on both fastmail and Gmail. POP doesn't
support opening other folders, so I omitted that for Gmail. For Fastmail, as I
said, I looked at the "I know how to do this myself" (or something like that)
FAQ entry rather than the "Pine" entry (specifing vi and giving keystrokes is
like specifying "Reinstall Windows" as the first solution to a problem like "my
sound doesn't work", before even checking that the speakers are plugged in)
and it didn't say anything about the other options. Looking at that entry now,
I see some things that you *may* or may not want.
To be able to access folders other than your inbox on their servers, append the
following to the line beginning "folder-collections":
----
fm-folders {mail.messagingengine.com/user=<username@fastmail.fm>/ssl}INBOX.[]
----
(I called it "fm-folders" to make it fit on one screen line on this screen.
That's just a label; you can adjust that to whatever you like.)
I'm omitting the stuff they say about "user-domain" and "inbox-path" because
those would make you not be able to read local mail with Pine.
I got to the point where it listed a fastmail folder but then said it did not exist nor could I read any of my mail here, so deleted everything. I will try again tomorrow. I don't plan to have more than an inbox any place but grex. I will probably have questions. Thanks for the help.
Three people have now asked for help setting up spamassassin.
A fourth request, who also commented that staff has not answered emails for two years, and he is unable to get mail sent from U of M. Could the motd also suggest asking for help in agora item 4 instead of mailing staff? Most questions could be answered by other users instead of staff.
Keesan, just a tip: keeping a running scorecard of the requests you have received does not convince a single person of anything and simply adds to the noise. You set and arbitrary threshold of ten requests. When you cross that threshold, please let us know. That said, thank you for mentioning that user's concern.
Message of the Day: Please do not email staff about problems with spam. Staff does not respond to such requests as they do not read their mail anymore because their mailboxes are full of spam.
This last person only wanted to know how to set up a whitelist.
Is there a way to set up a whitelist on grex. That would make my life a lot easier.
You can copy the one I set up for him and change the login name, and then copy one three-line section over as many times as you have names to whitelist. Email me. It is an extremely simple filter, without spamassassin. Sends mail from your whitelist to your inbox and dumps the rest. Or if you prefer the rest can go to a spam filter and you can dump it yourself. You choose.
cool I might try that when I have some time
Please call it a yeslist and quit the racial profiling.
I'm starting to get some spams on my Gmail account. There have been two types so far. The first is the latest version of the "I want to transfer $144 billion dollars to your account" scam. The other one is invariably Subject-titled "Information for your job", and is a work-at-home scam (as "Transfer Officer") from a domain that keeps changing - usually a variant of worldcash-somethingorother.com. I've duly clicked the Report Spam button on each one, but they keep coming in - the IDENTICAL content in the case of the worldcash spam. Gmail's filters don"t seem to be getting the message that this sort of mail is SPAM. Of course I get a LOT more spam here on grex...
For the past few days NO spam has reached me here at grex, where I can tune my own spam filter. About 60/day get dumped. It is very easy to add filters on identical content. DOn't know why gmail does not do that.
Gmail can do that.
So far six people asked for a spam filter. Two reported that it is working. One of them got 49 spams, of which 47 were caught by spamassassin, and the two real mails were not. 96% with no false positives. Using nothing but spamassassin set to 2 points, with cyberspace whitelisted.
Two more requests today. I have a stock filter that anyone can copy over if they know how to edit one line. Could I change /var/mail/keesan to /var/mail/$USER and have it work that way for just anyone? Two people wanted whitelists, the others either wanted to dump anything with 3 points and save 2 points in a folder, or save it all. So perhaps staff could set up some automated script allowing people to choose among these three options. Or I can continue to send pretty much the same message to everyone who writes me and edit the file for them. It takes about a minute.
One of the volunteer guinea pigs reports NO false positives (his friends had stopped using this address), and of 120 spams, 95 were dumped by spamassassin set to three points, and 25 went to the spam folder or his INBOX. That is about 80%, as I predicted, and higher if you count what went to the spam folder, which you can delete by typing d rather than individual messages in it.
Good work, keesan!
Nine people have now requested help, most of them non-conferencers. A Mexican, a Scandinavian or two. Two Americans are reporting back. They are keeping logs of what went where. One dumped 9 of 13 spams (the others went to INBOX or spam folder). One asked for an additional filter because he gets lots of spams per day and 20% of 150 is still a lot. I now have a default filter for people who don't want to remember to read and delete the log (since spamassassin set to 3 points has never yet caught a real mail). It dumps 3 point spam, sends 2-2.99 point spam to a spam folder, and has sections you can customize for a whitelist or to filter on words in the message body or subject line. One person is going to add to his filter that way. Some of these people don't write English well enough to report back, so they are not getting a log file of what went where. Two people only wanted a whitelist - they will fill it in themselves. I don't know how to automate making a whitelist. Could I set up .procmailrc with $USER instead of the login name, and let everyone copy over the same .procmailrc from my directory? Or from some other location on grex, along with .forward? Maybe staff could write some script called 'filter-spam' or the like, that would copy these files for people without my further involvement. I could even write the script and have staff copy it to some place on the path and leave the files in my home account.
A Mexican, a Scandanavian, and an American walked into a free shell/mail site.. ... ;-)
Did they run into the priest and the rabbi?
Someone from India wrote that he had been trying to make his own .procmailrc
and had failed, and thanks for mine, which was working. Then my mail to him
bounced. How do I get hold of him to let him know something is broken?
My filter worked for other people. He probably tried to improve it.
USER is not his real login.
pipe to |/usr/local/bin/procmail
generated by USER@grex.cyberspace.org
The following text was generated during the delivery attempt:
------ pipe to |/usr/local/bin/procmail
generated by USER@grex.cyberspace.org ------
procmail: Lock failure on "/var/mail/USER.lock"
procmail: Error while writing to "/var/mail/USER"
[two more copies of these two lines follow]
------ This is a copy of the message, including all the headers. ------
Subject: Re: Lots of spam
> Sindi,
>
> Thanks for all the help. I have copied the .procmail and .forward in my
> folder. I had a .procmail myself, but it did not work - most likely reason
> being I could not set it up correctly.
> I hope to get some relief from mails related to viagra, free holiday on hawai
> island, penis enlargement medicine, personal loans - all of which I do not
> need.
> Thanks once again.
USER from India
Followed by my response.
Please could some staff member edit .procmailrc for guntun and change /var/mail/guntum to /var/mail/guntun. My goof. Or even just delete the file so I can write him about this. Or copy over ~keesan/procmailrc.guntun to there.
(I fixed it, Sindi.)
Thanks, Gelinas. I will notify the other staff members.
Tenth request for a spam filter, from Jogya[karta?]. I now have a universal procmailrc.user to be copied to .procmailrc that sends mail to /var/mail/$USER, which I tested on myself. Copy that and .forward. Could copies of these files be put some place other than my home directory, and a script be put on the path to copy them automatically, perhaps even from the menu? My default - throw out anything with 3 points, put anything with 2-2.99 points in spam folder, do not keep a log. One guinea pig said his log got so big he was near quota on disk space. Everyone has been getting 80% of spam discarded and most of the rest in the spam folder. I put in some samples for whitelists and for sending list mail to a separate folder and for sending mail with certain strings in the message body to the spam folder. Two people just wanted to set up whitelists. I have not heard back from them. We could have a spamfilter script and a whitelist script.
You have several choices: