|
Grex > Coop > #284: Grex Town Hall -- How do we move forward? - Fall, 2010 |  |
|
| Author |
Message |
| 25 new of 334 responses total. |
cross
|
|
response 127 of 334:
| 
Nov 23 19:09 UTC 2010 |
I'm trying to look at this, but at the moment, it's blocked by the
government firewall I'm behind (no, really).
I think that encouraging people to come over from SDF is a great
idea. We really need to a) fix the web newuser interface, and b)
streamline the validation/verification process. Both tasks more or
less fall on me; both are just a Small Matter of Programming.
|
kentn
|
|
response 128 of 334:
|
Nov 23 19:28 UTC 2010 |
Thanks, Dan. I hope you'll have a chance to look into this soon.
|
richard
|
|
response 129 of 334:
|
Nov 23 21:05 UTC 2010 |
re #127 "streamline the validation/verification process"
Or better yet, do *away* with the validation/verification process. I
mean Grex survived more than a decade and a half without having to have
that and there's not that much traffic here anyway that it can really
be justified.
|
cross
|
|
response 130 of 334:
|
Nov 23 22:40 UTC 2010 |
resp:129 That was a different time and we've seen that it doesn't work
anything.
|
richard
|
|
response 131 of 334:
|
Nov 24 20:26 UTC 2010 |
that was a different time when there were a *lot* more users than there
are now.
|
veek
|
|
response 132 of 334:
|
Nov 24 20:36 UTC 2010 |
yeah, but there were a lot more staff to reset the b0x. in the end it
all b0ils down to the person willing to go to provide and do the button
pressing :)
|
veek
|
|
response 133 of 334:
|
Nov 24 20:39 UTC 2010 |
+it's no biggie.. the internet's like a jungle :) old trees die and new
ones will grow.. just differently.. if cyberspace closes.. SDF's there
and they are pretty good! they'll be the sole survivor :) bound to do
well once the competition's been killed off
|
richard
|
|
response 134 of 334:
|
Nov 24 20:42 UTC 2010 |
but veek don't you see that usage has gone down since the validation
patch was put in. If the validation patch discourages new users, which
it does, it defeats its own purpose.
|
veek
|
|
response 135 of 334:
|
Nov 24 20:57 UTC 2010 |
resp 134: it is as you say ducky, and I am in complete and whole hearted
agreement that validation is a pain that does more damage than is
worth!! but.. apparently ppl don't mind paying to forestall their
inevitable death.. +i'm not the one who has to run to provide.. ergo..
i do not feel his pain..
|
veek
|
|
response 136 of 334:
|
Nov 24 21:18 UTC 2010 |
i checked and there were 754 odd resh accounts..
|
veek
|
|
response 137 of 334:
|
Nov 24 21:28 UTC 2010 |
-bash-4.0$ cat /etc/passwd|grep resh|wc -l
745
Login: freefall Name: Adam Dlugaszek
Directory: /a/f/r/freefall Shell: /usr/local/bin/newly-
validated
Last login Thu Oct 21 13:40 (EDT) on ttyp5
this was the latest new-validation... October?
Directory: /a/j/h/jherm Shell: /usr/local/bin/newly-
validated
Last login Thu Oct 28 15:40 (EDT) on ttyp1
|
cross
|
|
response 138 of 334:
|
Nov 24 22:45 UTC 2010 |
resp:134 Actually, Richard, do you have any data to back that up?
Because I've been watching the user population, and it's remained
more or less the same size from before the "user validation patch"
was installed.
That said, it declined significantly in the years leading up to
putting the validation policy in place. I attribute this to three
things:
1. Grex was frequently down for long periods, for two reasons:
a. The efforts of anti-social types like cdalten and mickeyd to
find and exploit security problems in OpenBSD (which we chose
to run for its much vaunted, but ultimately way overblown
security reputation) and in Grex's configuration, leading
Grex to either crash or be effectively unusable.
b. Despite much protestation about things like the necessity of
ECC RAM during the SPARC vs. x86 debate, when the current
Grex hardware was purchased, the buyers nickle and dimed on
important components (like ECC RAM, hardware RAID, and some
sort of remote console capability). I think this was a sad
side-effect of Grex being run by an organization that for
nearly its entire life operated on a shoestring budget.
2. The environment on the system was so hostile, in party, BBS and
even just for interactive users working at the command line,
that many older users left while many newer users didn't see the
point.
3. Grex, as a service and as a community, is generally less appealing
than it once was. If you want to argue endlessly about conservative
vs liberal, republican vs democrat, atheism vs religion, pro-choice
vs pro-life, gun control, oil, wars, and all the usual stuff,
and you want to argue it endlessly with the same five people
who's positions are known and extraodrinarily unlikely to change,
then Grex is a great place to do it. But so are thousands of
other places. If you want to do that using either a web interface
dating from the late 1990s or a command line interface from the
early 1980s, then Grex is just awesome. But most people don't
want to do that. Also, the scale of problems associated with
keeping Grex running increased in the mid-2000s to such an extent
that it became very challenging indeed to keep Grex running.
Note that the validation patch was designed, and largely succeeded,
in addressing points 1(a) and 2. It really has nothing to do with
1(b) or 3.
Now, Richard, what you will notice, and I will agree with you about,
is that there has been a general decline in participation in the
Grex community, as defined by the BBS and party. But that's only
one of several communities that exist on Grex; it would be a mistake
to conflate the two or to assume that decline in one implies decline
in the other.
Richard, you've made clear that you don't like the validation policy.
Fine. But you've also made no proposal for dealing with the problem
of electronic vandalism that, history has shown, will occur if we
get rid of it. If you have a viable alternative, I'd be very happy
to hear about it.
|
cross
|
|
response 139 of 334:
|
Nov 24 22:47 UTC 2010 |
resp:137 Beats me. If no one is requesting validation, no one will get
validated. A lot of people just don't bother requesting.
|
nharmon
|
|
response 140 of 334:
|
Nov 24 23:06 UTC 2010 |
Somebody, it might have been Dan, suggested validating via a micro-payment
like through PayPal. Couple that with a manual validation method for
people who are unable to use PayPal (ie. other country, or under 18), and
I think that would fit our needs.
|
cross
|
|
response 141 of 334:
|
Nov 24 23:11 UTC 2010 |
Yes, that was me. I never said the system was perfect. I'm starting to look
into doing it now.
|
kentn
|
|
response 142 of 334:
|
Nov 24 23:29 UTC 2010 |
We're in luck: the Board added PayPal verification as an acceptable form
of identification a few years back (see item 23 in coop). So, what we
are talking about then is an automated way of verification. You can
already be verified via PayPal, though it is a manual process of the
treasurer checking the PayPal account to see who has paid via a verified
PayPal account. If we do implement this, we'd need to make sure that
there are good records kept so that the treasurer and the verifiers are
in the "loop". The verification policy doesn't say anything about the
amount of money, so there may be micro-payments for verification only,
and payments for memberships to tell apart and handle.
|
richard
|
|
response 143 of 334:
|
Nov 24 23:29 UTC 2010 |
This response has been erased.
|
richard
|
|
response 144 of 334:
|
Nov 24 23:30 UTC 2010 |
Can't you just do automatic verification. Say you have to provide a
valid email address, a link is then automatically sent there that you
have to click on to validate. Then the system notes that email and ip
and in the future automatically rejects any other newuser request that
ever comes from those details. No humans or human judgement is
involved. You have a valid email, you get in.
|
kentn
|
|
response 145 of 334:
|
Nov 24 23:41 UTC 2010 |
E-mail isn't in the current list of acceptable forms of ID for
verification. PayPal has pre-validated accounts, where you link a
credit card or bank account to the PayPal account and they make sure
it's real. So, that gives use more confidence that the person with the
PayPal account is real and gives us a better audit trail if there are
issues.
To allow e-mail verification of the type you suggest would require more
Board actions and potentially a member vote (although it appears that
PayPal verification was added only via a Board vote). We certainly can
discuss this at an upcoming meeting.
I would be concerned that someone using a fake name could create a
free e-mail account and get verified, cause problems, and we'd have no
recourse to identify them if the govt. came calling.
|
cross
|
|
response 146 of 334:
|
Nov 24 23:46 UTC 2010 |
resp:144 What's the point? Kent understood exactly what I was getting at
in resp:142. There's no humans involved there, either (other than the
person getting an account).
|
cross
|
|
response 147 of 334:
|
Nov 24 23:49 UTC 2010 |
As a matter of fact, we talked about doing this at a board meeting in, I
think, 2008. It just hasn't been done yet.
|
richard
|
|
response 148 of 334:
|
Nov 25 00:07 UTC 2010 |
I'd think email verification is preferable to paypal. Grex is a non-
profit site and need not be in the business of encouraging or requiring
prospective new users to use a corporate site, PayPal, that has no
ownership stake here. Why solicit hits for PayPal unless Paypal is
paying Grex to do that?
Grex staff also doesn't need to get into storing personal information
about users. Email verification obviously isn't foolproof as kent
points out, but if it is done with Grex blocking future new user
requests from both that email address *and* the ip address it came
from, it at least makes it more difficult.
|
cross
|
|
response 149 of 334:
|
Nov 25 00:11 UTC 2010 |
We already know that the likes of Chad will give fake email addresses; they
did it to get around the *current* validation scheme. Richard, are you
willing to clean up after another attack from Chad or someone like him?
My suspicion is that your real objection to the validation scheme is that I
put it into place.
|
cross
|
|
response 150 of 334:
|
Nov 25 00:13 UTC 2010 |
Oh, yes, and it's really not about paypal per se. Any service that did
something similar, but could track a user down to a human being, would do just
as well.
Grex already stores personal information about users. It has since its
inception.
Trying to block on email address and IP address is a) useless when one
considers something like tor and how trivial it is to create a throw-away
email account, and b) more invasive for legitimate users who want multiple
accounts than what we're currently doing.
|
richard
|
|
response 151 of 334:
|
Nov 25 00:19 UTC 2010 |
No I object to the validation scheme based on what it is, not that you
came up with it. And re #150 I think limiting users to one login is
okay, who needs multiple logins here these days anyway?
The overriding point is that grex does not and should not be in any way
encouraging or promoting use of outside commercial services. Doing so
would just outsiders question grex's mission and whether grex is being
paid off by these commercial services to encourage its users to sign up
there in order to validate here.
|