|
Grex > Coop > #262: The problems with validation | |
|
| Author |
Message |
scholar
|
|
The problems with validation
| 
Jan 4 18:55 UTC 2010 |
For a number of months, Grex has required people to be validated after
creating their accounts before they can access the system in a useful way.
This was intended to prevent people from using greater access to abuse the
system. However, it seems that this purpose is not being met: at the recent
board meeting, one of the validators mentioned that on more than one occasion
a notoriously troublesome user had successfully been validated. With
validation as it is, it seems to me that any attacker with enough
knowledge and motivation to cause harm to Grex would also have enough
knowledge and motivation to get past validation.
There are many downsides to validation. It eats up volunteer time. It also
acts as a barrier to new users, who now have to discover the process, comply
with its conditions of entry, and wait for someone to make a decision. A
potential new user could justifiably view this process with some uncertainty,
since it requires them to wait an indeterminate amount of time, meet uncertain
conditions, and the validators may seem inaccessible. Given these added
barriers, new users are likely to go elsewhere. Additionally, it might stifle
open conversation; I think that over the years many users have created new
accounts to make comments they did not want tied to their regular identities,
but validation makes this more difficult.
Given that the current system of validation is ineffective, and that it
has many downsides, I think it should be disabled. If someone wanted to
harm Grex, they would have done it by now, since it would be trivial to
simply lie to get an account validated. At the least, I think Grex
should remove the procudure on a trial basis; it's easy to remove, and
it's easy to put back up if system abuse rises.
|
| 42 responses total. |
tonster
|
|
response 1 of 42:
|
Jan 5 02:41 UTC 2010 |
I agree. I don't think the validation system is really the deterrent
it's designed to be, and I think it does more harm than good.
|
kentn
|
|
response 2 of 42:
|
Jan 5 03:31 UTC 2010 |
It's not good if it chases the honest people away. It's also not good
if it lessens the Unix experience for those wanting to learn more about
it. When you come upon Unix for the first time, the last thing you
need is to jump through hoops in order to do an ls (most people are
confused enough). If it is not a deterrent to the vandals, then we
should evaluate whether it is doing more harm than good in the long
term. Still, no system is perfect and I'd hope any alternative isn't
worse. Dealing with people trying to bring the system down also takes
staff time.
|
unicorn
|
|
response 3 of 42:
|
Jan 5 04:47 UTC 2010 |
If vandals have gotten in, I think it was likely just to prove they
could. I haven't seen any actual acts of vandalism, though, but I'm not
so sure the current validation scheme would do much to deter a determined
vandal, anyway. Legal action is probably the only thing that would.
|
tonster
|
|
response 4 of 42:
|
Jan 5 09:19 UTC 2010 |
Anyone looking to do damage is more likely to see the validation as a
greater challenge rather than a deterrent. It would be better to report
these things to the authorities and providers than the current system,
IMO.
|
mary
|
|
response 5 of 42:
|
Jan 5 12:25 UTC 2010 |
It sounds like Tony would be on top of any vandal activity, as he's been
on M-Net. If that's what he has in mind I'd sure like to see us open the
doors.
|
kentn
|
|
response 6 of 42:
|
Jan 5 15:56 UTC 2010 |
I lump things like dumping hundreds of junk items into the conferences,
denial of service by using all ttys, and intentionally crashing or
hanging the system, to be acts of vandalism of a sort. I'm sure there
are other acts that would also qualify. Maybe there's a better term to
use to describe these acts, though.
|
unicorn
|
|
response 7 of 42:
|
Jan 5 16:43 UTC 2010 |
What I meant by my comment was that haven't seen any acts of vandalism
after the current validation requirements were in place, but I'm not so
sure the validation requirements are what has prevented those acts. I
certainly saw a lot of vandalism before that, though.
|
kentn
|
|
response 8 of 42:
|
Jan 5 16:54 UTC 2010 |
Okay, that makes sense.
|
tod
|
|
response 9 of 42:
|
Jan 5 17:45 UTC 2010 |
I hope Grex isn't banking on Tonster being the magic bullet for its
policy based problems.
|
tsty
|
|
response 10 of 42:
|
Jan 6 05:49 UTC 2010 |
ummmmmmmmmmm, i was a thte meeting and i have an mp3 of it as well.
i remember zip about validatoin allowingvandals in, but i may be wroing,
and i can say that the validation i hvae done has resulted in noe
vandals ... it -has- resulted in non-validatoin for a few logins thogh.
yeh, it tkaes some amount of my time but i consider that valuable
enough to continue to do it.
it also provides the oppeot9nity to establish a peson on the 'other end' who
converses with newuseres ... rather than an imperosnal, click-here, weldcome
to grex.
at a board meeingting 'we' might wnat to set up some boiler plate to add
to the personal touch.. i;ve been realtively careful with the tpyoing
on those, fwiw.
|
mary
|
|
response 11 of 42:
|
Jan 6 12:09 UTC 2010 |
So what's the deal with that mp3? I'd like to see it go up, public, just
as the Grex meeting itself was public. Board meetings should be open,
welcoming and transparent.
Now, TS, you objected and for that reason it was up for the meeting but
taken down the next day. But now it's being passed around among friends?
Yuck. I'd like to just make it public and let anyone who wants to be
"present" at the meeting be able to be part of the process.
|
tonster
|
|
response 12 of 42:
|
Jan 6 12:26 UTC 2010 |
if audio is taken, I'd say it should be public. the board meetings are
public and anyone else could have taken audio and passed it around.
trying to hide it or say it's private after the fact makes it seem like
there's something to hide.
as far as validation, the biggest problem I have is that it takes away
from the 'open access' system that has always been grex (and m-net).
the opportunity to talk to someone on the other end is nice, but not
everyone gives a damn to talk to someone to get free access to
something. they're more likely to just walk on by and find someone else
by putting up blocks.
|
tsty
|
|
response 13 of 42:
|
Jan 6 18:19 UTC 2010 |
re 11 .. i'll email you .. therse is some ocnfusion.
btw, only the offer has been passsed arond ... not hte file
no onwe took me up on it ... so far.
|
tsty
|
|
response 14 of 42:
|
Jan 6 18:20 UTC 2010 |
iird, the mp3 is 15 meg and the video is ~150 meg
|
tod
|
|
response 15 of 42:
|
Jan 6 18:51 UTC 2010 |
Write the check
|
scholar
|
|
response 16 of 42:
|
Jan 10 22:55 UTC 2010 |
Re. 10: I don't know who it was, but one of the validators who was at the
meeting mentioned that cdalten had gotten through the process successfully.
|
cross
|
|
response 17 of 42:
|
Jan 18 02:31 UTC 2010 |
A while ago, we talked about doing something like what SDF does: you
are in a restricted environment until you pay some nominal one-time charge
via, e.g., PayPal. It was agreed that we could do that, with some sort of
back-channel mechanism for people who couldn't otherwise do that. I think
that makes the most sense.
Before people talk about removing the validation step, recall what life was
like before it. Grex was up and down all the time; the open-access system
had failed.
Why is that? I think it's worth investigating that before changing things
around.
|
tonster
|
|
response 18 of 42:
|
Jan 18 09:19 UTC 2010 |
in all fairness, the system being up and down has kind of been grex's
trademark for the past decade for whatever reason. :) That said,
m-net's been pretty stable for the past several years and remains an
open-access system. Even through similar issues as what cdalten did, we
remained online nearly the whole time, with some periods of slowness or
bbs/backtalk locked up when he played his little games. Since being
asked to leave, those issues have not continued. It should certainly be
possible to return to being open access without requiring some form of
identity to have a usable shell.
|
mary
|
|
response 19 of 42:
|
Jan 18 13:19 UTC 2010 |
I think we should try being open again.
|
veek
|
|
response 20 of 42:
|
Jan 18 13:27 UTC 2010 |
Re #18: yup. all it required was some will and vigour in tackling Chad
+I think he was a reasonably(electron microscope required) nice guy
anyway. It also helps that the M-Net culture is less polite and more
willing to do things (forcefully if necessary). We, are awfully
bureaucratic! Too much chit-chat and soul-searching, and not enough of
the red-hot poker. Oh well..
|
cross
|
|
response 21 of 42:
|
Jan 18 16:35 UTC 2010 |
I think the Grex culture is structed to bring things like Chad on itself.
|
unicorn
|
|
response 22 of 42:
|
Jan 19 15:19 UTC 2010 |
Why do you say that?
|
cross
|
|
response 23 of 42:
|
Jan 19 16:43 UTC 2010 |
Grex is a place that never learned that just because you find people
who are messed up in the same way you are, that doesn't mean that
it's okay to be that messed up.
The Grex community prides itself on its openness, but the reality
is that Grex is only open if you conform to a very narrow definition
of what it means to be open; I actually find it very intolerant.
It's open in that same way that breezy-voiced ex-hippies who wear
wispy, flowing clothes and lots of bracelets like to think of
themselves as being open while locking their car doors whenever a
black person drives by.
Grex is the SUV with the "Save Mother Earth" bumper sticker.
Basically, Grex users are happy about users who are "supportive"
and "understanding" but completely intolerant of people who question
the established norms. Asking the question, "why is it not okay
for someone to not breastfeed?" is likely to get someone jumped
around here (or was, back when Grex was more than just a shell of
itself).
In short, Grex is something of the worst of the 1980s BBS culture
mixed with the best of the 1960s hippy movement.
Is it any wonder, then, that people like Chad prey on it like a
vulture attacking a dying animal to hasten its death so to pick at
its carrion? Chad could shut this place down, not so much because
of the technical accumin of his attacks, but rather, because the
Grex community responded so well to it. M-Net could better weather
the storm because, in the end, its community is stronger because
they are less into this touchy-feely way of being and more into a
rougher, thicker-hided exterior.
Grex is the type of place that attracts anti-social types like Chad,
because they can get a rise out of the community because the community
is so weakly held together by a set of really unhealthy relationships.
|
tonster
|
|
response 24 of 42:
|
Jan 20 02:50 UTC 2010 |
well said. I especially like the SUV comparison, although I'd change it
to a hummer.
|