|
|
| Author |
Message |
| 25 new of 177 responses total. |
brighn
|
|
response 100 of 177:
| 
Sep 19 21:10 UTC 1996 |
DOes Backtalk log these anonymous users at all?
When someon uses a conference, lurker or poster, it's recorded. It's a bitch
and a half to get, but it's recorded. I'm not sure if this would likewise
be recorded when someone comes in off Backtalk with a grex account and just
lurks, but I'd guess that it isn't logged when an anon or guest does. IF
something came up and IF i really wanted or needed a completelist of people
who read a conference, it's available to me. IF i wanted to, i could at least
discover the node a troublesome user is coming from.
O.k., john, we've heard you. Fine. Selena could be me, for all anyone (other
than selena and me and valerie and jenna and kami) knows. BUT if grex really
needed to, grex COULD at least track user ladyevil down, or block it from the
system, or whatever. Selena could then go create another account, sure, but
after a while it wouldn't be worth her effort anymore. to keep causing
trouble. (Hypothetical situation sel, don't get cheesed at me =} )
now, i don't know what these hypothetical problems would be, especially
involving a read-only account, but are you willing, john, to go out on a limb
and tell me, assure me, that someone can't come along and use grex anonymously
and cause havoc and leave nary a trace? it COULD happen.
no, you can't get selena's phone number (or anyone else's for that matter)
unless selena goes and does something patently and viciously illegal and AT&T
is willing to do a trace... but you can at least get as far as restricting
access. you can't do ANYTHING to an anonymous web user (or a guest, for that
matter... those of you using that argument are assuming that we all are in
favor of anon guest accounts. poppycock, i'd like to see those gotten rid
of, too)
|
remmers
|
|
response 101 of 177:
|
Sep 19 22:46 UTC 1996 |
There are some incorrect assumptions in #100.
In Picospan, if you join a conference in "observer" mode, your
presence is not recorded. In that case, you can read but not
respond. Anonymous reading via the web would be a lot like
Picospan's observer mode.
Even if you join the conference in normal mode, so that you can
enter responses, your presence is logged *only* in your
participation file. This file is stored under you home directory
and you can delete it at any time. If you do so, there is no
record anywhere of your presence in the conference.
So no, there's no way to get a complete list of people who read
a conference, even in Picospan.
I think I can assure you that anonymous read access via
the web to conferences on grex affords no opportunities to
hackers. That's because of the way the http protocol works. When
you run a web browser and click on a link, the browser sends a
request to the remote host (grex in this example) to download
a page to your pc, which the browser then displays. As soon as
the download is finished, the connection is broken and you are
no longer interacting with the remote host. That's the way
Backtalk would deliver items to you. You're never actually
logged into the host. It's not like telnet or direct dialup,
where you have shell access and can run arbitrary commands.
|
russ
|
|
response 102 of 177:
|
Sep 19 23:06 UTC 1996 |
OTOH, in order to track what items are read, the backtalkd would
have to run as root. The daemon could be hacked just like fingerd.
|
brighn
|
|
response 103 of 177:
|
Sep 20 00:15 UTC 1996 |
#101> There's a command that lists everyone who's been in a conference.
I understand the part about observer, but does that command then go through
evryone's home directory and look for a participation file?
If so, that would certainly explain why it takes so long, but it would explain
why the output of the command is in chronological order of the firstjoin.
(i.e., cfadm usually comes up first, and cfadm clearly isn't first
alphabeticaally).
Explain, John.
|
janc
|
|
response 104 of 177:
|
Sep 20 01:27 UTC 1996 |
I think yapp does maintain a list of people who have been in the conference
in the conference's ulist. Picospan doesn't.
Backtalk doesn't do any more logging than Picospan, but that's because all
Backtalk queries are launched by httpd, and httpd does log all transactions.
Here's a bit from httpd.log:
pm049-03.dialip.mich.net - remmers [15/Sep/1996:13:00:35 -0400] "GET
/cgi-bin/pw/bt/pistachio/conflist HTTP/1.0" 200 10145 pm049-03.dialip.mich.net
- remmers [15/Sep/1996:13:01:03 -0400] "GET
/cgi-bin/pw/bt/pistachio/browse?conf=backtalk HTTP/1.0" 200 3485
pm049-03.dialip.mich.net - remmers [15/Sep/1996:13:01:15 -0400] "GET
/cgi-bin/pw/bt/pistachio/dispatch?conf=backtalk&csel=&showforgotten=0&rstyle=new
&way=forward&read.x=6&read.y=9 HTTP/1.0" 200 330 pm049-03.dialip.mich.net -
remmers [15/Sep/1996:13:01:19 -0400] "GET
/cgi-bin/pw/bt/pistachio/read.panel?isel=2-$&conf=backtalk&csel=&item=1&rsel=new
HTTP/1.0" 200 1391 pm049-03.dialip.mich.net - remmers [15/Sep/1996:13:01:21
-0400] "GET
/cgi-bin/pw/bt/pistachio/read.text?isel=2-$&conf=backtalk&csel=&item=1&rsel=new
HTTP/1.0" 200 5704
So remmers connected to backtalk from pm049-03.dialip.mich.net at 35 seconds
after 1pm on Sunday and after using the pistachio interface to look at a list
of all conferences, joined the "backtalk" conference where he did a "read new".
We even know exactly where on the button his mouse click landed. He first
saw item 1, at 1 minutes and 21 seconds after 1pm. He continued read more
items, but I haven't included the whole log here.
So the issue is not that Backtalk doesn't log as much as Picospan. Httpd
logs so assiduously that in fact Backtalk users get traced in more detail
than users of any other program on Grex. If there is any concern here it is
that too much logging is done. These logs are not publically readable but
the staff can access them quite easily.
Incidentally, whenever you access any website anywhere, you leave behind at
least this much information, sometimes more. Something to keep in mind as
you surf the web.
|
robh
|
|
response 105 of 177:
|
Sep 20 04:51 UTC 1996 |
Re 103 - Actually, that's *exactly* what the "participants"
command in PicoSpan does. It goes through every home directory
on Grex (!!!) and looks for a .cf file for the conference you're
in. Which is why it takes so long.
The order in which the ids is listed is by UID, so I would be
listed very early in any participants listing (UID 1515), I'd
be after folks like popcorn (112) and remmers (121) who have been
on longer, but well before you (7818) or ladyevil (54786).
|
janc
|
|
response 106 of 177:
|
Sep 20 05:10 UTC 1996 |
The participants command is one of the bigger differences between yapp and
picospan.
|
remmers
|
|
response 107 of 177:
|
Sep 20 11:35 UTC 1996 |
We've been referring to the option of reading Grex conferences
via Backtalk without a login id as "anonymous reading", but
considering how much logging is done, that appears to be a
misnomer. One is far from anonymous to the http daemon and the
people who can read the logs that it keeps.
|
kerouac
|
|
response 108 of 177:
|
Sep 20 15:00 UTC 1996 |
While as I stated I think fair witnesses need to have some control
over the confs they are overseeing (such as being able to control
linking), I think the confs are not owned by the fw's and that
therefore there are boundaries that they should njot
overstep. Anyone should have the right to readany
conf anonymously. In fact, I have to question why Jan and
Steve have setup Backtalk to log as much info as it does
(as demonstrated in #104). That isnt an accident. They
wrote the code that way and I fail to understand why
such logs of keystrokes and which buttons are clicked is
so neccesary. If the Internet becomes too much like
the Orwellian Big Brother, that is what will kill it. People
need to feel secure when using something. I think Backtalk
should be modified so it does not log any information other than
simply who is using it.
Selena and Brighn on the other hand, simply have a lmore
possessive attitude about fw''ing. They view the confs they fw
as THEIR property. That is contradictory to what Grex
is, anmd if they cant live with things like people reading
anonymously or through the web, they should resign as fw's and
let other peopletake over. They dont have the right to
impose their philosophies of how to conference on other people just
because they are the fw's of a particular conf.
|
russ
|
|
response 109 of 177:
|
Sep 20 15:32 UTC 1996 |
The contributions, including the administrative work, is the product
and thus the property of the contributors. If you make people feel
insecure about the way their work is used, they *will* withdraw it.
Mark my words.
|
kerouac
|
|
response 110 of 177:
|
Sep 20 15:32 UTC 1996 |
In fact, I dont think it is thebusiness of staff to know which
particular users are even using Backtalk or Picospan. They just
need toknow hard figures, like 300 people used Picospan during
a given time and 50 used Backtalk. As a user, it is
my own personalbusiness which interfaceI decide to use
at a given time. I can understand logging some of this stuff
during testing mode so one can study how peopleare using it, but
the logging functions should be turned off at some point.
The authors shouldnt overcode a program out of a natural desire
to micromanage everything.
|
robh
|
|
response 111 of 177:
|
Sep 20 17:40 UTC 1996 |
<robh is amused that anyone thinks the staff CARES what interface
an individual user chooses, like we don't have anything better to
do with our time>
|
kerouac
|
|
response 112 of 177:
|
Sep 20 18:59 UTC 1996 |
hehe...well I think its just assumed that those on staff dont have
lives. Thats whey they are so good. How can you be on staff and
have a life? There are only 24 hours a day!
|
robh
|
|
response 113 of 177:
|
Sep 20 19:29 UTC 1996 |
Exactly. We're far too busy doing actual IMPORTANT staff things
to say, "Gosh, I'm bored, I think I'll go read kerouac's mail..."
|
scott
|
|
response 114 of 177:
|
Sep 21 02:29 UTC 1996 |
Jan and Steve *didn't* write all that logging. That's just what happens to
*all* Web traffic. The http server software does that, and we got that from
somebody else.
|
ryan1
|
|
response 115 of 177:
|
Sep 21 13:44 UTC 1996 |
Re: #113
<ROTFL>
|
janc
|
|
response 116 of 177:
|
Sep 21 21:59 UTC 1996 |
Correct. Backtalk does no logging. All standard http servers log stuff like
that. Everytime you access any webpage anywhere you are creating that kind
of log entry on somebody's system. In some case, depending on the server and
your web browser, you may be telling it your email address and various details
about the kind of computer you have and the software running on it. I agree
that this is more log information than we need, but I've got higher priority
jobs than stripping logging out of httpd.
|
ladyevil
|
|
response 117 of 177:
|
Sep 23 02:49 UTC 1996 |
Well, I used complete sentances, I said what I have to say, and that is known.
As for you, kerouac, bugger off. You don't know the meaning of the word
"responsible." I feel this way for Sexuality, and I am quite against having
it linked to an anonymous-readable BackTalk. If BackTalk can be run without
it, and it HAS been said that it can be, then I have NO objections to
anything. If, however, Anon-reading gets activated, I want Seuality taken off
of the BackTalk-linked conferences. Why? Because, as FW, I take care with how
Sexuality runs. I find the assertion that this conference does not need more
than a janitorial role ludicrous- this isn't coop or agora.
Now, that restated, due to obvious ignorance on kerouac's part, I shall wait
for a reply on whether or not my request will be honored.
As I have BEEN waiting.
|
janc
|
|
response 118 of 177:
|
Sep 23 13:43 UTC 1996 |
Um, I've already said that when I turn it on, there will be no anonymous
reading. I can't say there will never be any, or that if there is any your
conference will be excluded. I don't have the authority to say that. I am
not in charge. I think it'd take a board vote to make you any such promises.
|
ladyevil
|
|
response 119 of 177:
|
Sep 23 17:56 UTC 1996 |
Thus, I wasn't expecting you to respond- but thank you for the effort.
I'm waiting for board to speak up- if need be, I'll have t placed in the next
agenda for the board meeting.
|
scott
|
|
response 120 of 177:
|
Sep 23 21:35 UTC 1996 |
(Hmm, I'm way overdue for entering an agenda.)
|
arthurp
|
|
response 121 of 177:
|
Sep 24 00:13 UTC 1996 |
I think that something like this might be good material for a members vote.
|
ladyevil
|
|
response 122 of 177:
|
Sep 24 13:29 UTC 1996 |
Which naturally leaves me out of it. Still, it's a broader thing than a Board
vote.
|
dang
|
|
response 123 of 177:
|
Sep 25 20:28 UTC 1996 |
A somewhat technical question: since Backtalk doesn't acutally connect
through telnet, but rather http, and http doesn't limit the number of
connections, will I always be able to cf through backtalk, even when I would
have gotten in the queue? Granted, it may be slow, but no slower than the
telnet would have been. I'm a bit concerned that this may swamp the link,
because we can't limit the amount of people confing any more. (Mind you, I
think backtalk is a wonderful idea, and I fully intend to use it.)
|
janc
|
|
response 124 of 177:
|
Sep 25 22:21 UTC 1996 |
Yes, right now there is no limit on the number of people who may access
Backtalk at the same time. You'll be able to use Backtalk even when there
is a queue to telnet in. We do intend to address this problem, but it isn't
going to be completely trivial to do in a sensible way. For the moment the
number of "connections" will not be limited. We'll see how big a problem that
is and how urgent it is to fix it once it comes on line.
(By the way, Backtalk is currently off-line while I fix some security
problems.)
|