|
Grex > Coop13 > #378: Minutes from Grex Board of Directors Meeting, November 28, 2006 | |
|
| Author |
Message |
slynne
|
|
Minutes from Grex Board of Directors Meeting, November 28, 2006
| 
Nov 29 03:55 UTC 2006 |
Grex Board of Directors Meeting Minutes, November 28, 2006
In Attendance: Ken Josenhan, Steve Andre, Sindi Keesan, Mark Conger*,
Jan Wolter*, Larry Kestenbaum*, Mary Remmers, John Remmers*, Lynne
Fremont *, Joe Gelinas* = board member
1. Treasurer s Report.
In October, we took in $511.26 and spent $155. We have three new members
(ringbark, firewizs, lutefisk). In November so far we have taken in $132
with one new member (neisler). There are currently 58 members with 44
paid up (the rest are in a grace period).
2. Staff Report
There is an election for new Directors for the Board beginning on
December 1, 2006
There are a lot of vandals currently hitting grex. These people are
hurting both Grex and Provide.net. Steve has locked 16 accounts and has
closed newuser. The vandals are using flooding programs to flood DNS
which takes down provide.net. Recently, Provide.net turned us off
because a program that originated on Grex took down their network for
over an hour. Grex was the recipient of a denial of service attack that
caused Provide.net to take us offline. This situation is seriously
jeopardizing Grex s future at Provide.net.
Staff are working on a technical solution which will use the Cisco
router to block certain kinds of traffic. However, the larger issue is
that Grex is a magnet for this type of internet behavior. Staff
frequently find malicious programs that use outbound internet ports
(e.g. 53, 80). It might be that the best solution will be a policy
solution to block or restrict outbound net access similar to the current
block on outbound email. Before considering this, however, it is
important to remember that there are a lot of users who use outbound net
access for legitimate purposes.
It was suggested that a software solution might be better than making a
policy that restricts access. The problem with that is that it would
take a while (perhaps too long) to implement a software solution. A
policy change might be better in the short term because it could go into
effect in a much shorter time.
There was some concern brought up about the board changing policy
regarding outbound net access because there was a former member vote
that granted outbound net access to everyone and any policy changes made
by the board may override that. There was discussion about if this
situation was enough of an emergency to take action since our
co-location may be in jeopardy.
MOTION: To establish an interim policy that new users after today will
not get outbound net and email access by default. Users wishing outbound
access will be offered a means to request it. Once this policy is
implemented, newuser will be reopened. This policy will remain in effect
until ratified or replaced by the membership. Moved by Larry Kestenbaum,
seconded by John Remmers. Vote: All in Favor, carries unanimously
We will need to establish a way for people to request access. An account
will be made for this purpose. Since root access will not be required,
Lynne Fremont has offered to answer any emails until other volunteers
can be found. She will enter an item in the coop.cf for this purpose.
3. Old Business
4. Schedule Next Meeting. - There will be no board meeting in December
due to holidays. The scheduling of the next meeting in January is
deferred until after the BoD election.
5. New Business.
It was suggested that people be given the option to opt out of having
mail on grex or be given the option to opt out of receiving offsite
email to their grex accounts. Staff can look into that and does not need
special board approval to enable users to choose to have less services.
There was also a discussion of anti-spam options.
6. Meeting adjourned. 9:10p
|
| 17 responses total. |
cmcgee
|
|
response 1 of 17:
|
Nov 29 13:11 UTC 2006 |
Ahh, ok, my previous questions have been answered.
|
cross
|
|
response 2 of 17:
|
Nov 30 04:21 UTC 2006 |
I'd recommend that email be an opt-*in* procedure, rather than opt-out.
|
blaise
|
|
response 3 of 17:
|
Nov 30 15:39 UTC 2006 |
Dan, as I read #0, email will be opt-in for new users, and opt-out for
existing users (who already have email accounts).
|
ric
|
|
response 4 of 17:
|
Dec 1 14:35 UTC 2006 |
Could we automatically opt out anyone who has never used email on grex? I
don't know if you can tell that or not, maybe by the date of their mailbox
file or something....
|
keesan
|
|
response 5 of 17:
|
Dec 1 20:45 UTC 2006 |
How about making the mailbox go away if not accessed within a month or two,
except for registered members? Even for grex mail. They could ask later to
get it back. Otherwise some vandal is likely to send everyone 100 copies of
something and fill up the partition.
|
denise
|
|
response 6 of 17:
|
Dec 1 23:18 UTC 2006 |
How would that work if people accesed their mailboxes to delete mail? Or to
check for any mail from other grexers?
|
cmcgee
|
|
response 7 of 17:
|
Dec 2 00:58 UTC 2006 |
Let's not make up complicated schemes.
Anyone who now has an email account will continue to be able to send and
receive email to the outside Grex world.
Anyone who does not now have an email account will have to specifically
request off-Grex privileges by sending an internal email to a human being who
will (generally) grant that request.
If anyone abuses email, their email account can be blocked by staff.
No complicated date stamp schemes, no special privileges for members as
compared to non-members,
|
cross
|
|
response 8 of 17:
|
Dec 2 13:46 UTC 2006 |
How is that different from what we have now?
|
remmers
|
|
response 9 of 17:
|
Dec 2 14:49 UTC 2006 |
It's certainly our current policy. The difference is that there will be a
better-defined and publicized way to make access requests and a set of
volunteers specifically designated to process them.
|
kingjon
|
|
response 10 of 17:
|
Dec 2 15:04 UTC 2006 |
Actually, our current policy allows users who registered after the
outgoing-email block to still receive email from offsite.
|
remmers
|
|
response 11 of 17:
|
Dec 2 16:02 UTC 2006 |
You're right. And the motion passed by the board at the November meeting
does not explicitly restrict inbound mail, only outbound.
|
kingjon
|
|
response 12 of 17:
|
Dec 2 16:22 UTC 2006 |
But the problem being currently discussed in the conferences was the volume of
*incoming* spam, with a system-wide spam filter being discussed as another
solution.
|
slynne
|
|
response 13 of 17:
|
Dec 2 16:44 UTC 2006 |
resp:12 The problem this policy is meant to address is the problem of
people using outbound net access in ways which can be harmful to grex.
Incoming spam is a different issue.
|
kingjon
|
|
response 14 of 17:
|
Dec 2 17:22 UTC 2006 |
OK; I seem to have conflated the two issues.
|
cross
|
|
response 15 of 17:
|
Dec 2 20:23 UTC 2006 |
Like I said, make all email opt-in for grex users.
|
eteepell
|
|
response 16 of 17:
|
Jan 1 21:16 UTC 2007 |
would an old clunker config'd as a bridge inline between grex and provider
be an option? 2way firewall and snort IPS, or maybe just snortIPS on grex
itself? gauge the amount of typical traffic ie. to port53, if it is exceeded
disable (port53) lookup, trigger an alarm (of some sort), kill the offending
account and reopen port automatically or manually. too complex? dunno.
|
cross
|
|
response 17 of 17:
|
Jan 1 21:47 UTC 2007 |
Some sort of traffic shaping solution is certainly an option.
|