|
Grex > Coop > #284: Grex Town Hall -- How do we move forward? - Fall, 2010 |  |
|
| Author |
Message |
| 25 new of 334 responses total. |
veek
|
|
response 137 of 334:
| 
Nov 24 21:28 UTC 2010 |
-bash-4.0$ cat /etc/passwd|grep resh|wc -l
745
Login: freefall Name: Adam Dlugaszek
Directory: /a/f/r/freefall Shell: /usr/local/bin/newly-
validated
Last login Thu Oct 21 13:40 (EDT) on ttyp5
this was the latest new-validation... October?
Directory: /a/j/h/jherm Shell: /usr/local/bin/newly-
validated
Last login Thu Oct 28 15:40 (EDT) on ttyp1
|
cross
|
|
response 138 of 334:
|
Nov 24 22:45 UTC 2010 |
resp:134 Actually, Richard, do you have any data to back that up?
Because I've been watching the user population, and it's remained
more or less the same size from before the "user validation patch"
was installed.
That said, it declined significantly in the years leading up to
putting the validation policy in place. I attribute this to three
things:
1. Grex was frequently down for long periods, for two reasons:
a. The efforts of anti-social types like cdalten and mickeyd to
find and exploit security problems in OpenBSD (which we chose
to run for its much vaunted, but ultimately way overblown
security reputation) and in Grex's configuration, leading
Grex to either crash or be effectively unusable.
b. Despite much protestation about things like the necessity of
ECC RAM during the SPARC vs. x86 debate, when the current
Grex hardware was purchased, the buyers nickle and dimed on
important components (like ECC RAM, hardware RAID, and some
sort of remote console capability). I think this was a sad
side-effect of Grex being run by an organization that for
nearly its entire life operated on a shoestring budget.
2. The environment on the system was so hostile, in party, BBS and
even just for interactive users working at the command line,
that many older users left while many newer users didn't see the
point.
3. Grex, as a service and as a community, is generally less appealing
than it once was. If you want to argue endlessly about conservative
vs liberal, republican vs democrat, atheism vs religion, pro-choice
vs pro-life, gun control, oil, wars, and all the usual stuff,
and you want to argue it endlessly with the same five people
who's positions are known and extraodrinarily unlikely to change,
then Grex is a great place to do it. But so are thousands of
other places. If you want to do that using either a web interface
dating from the late 1990s or a command line interface from the
early 1980s, then Grex is just awesome. But most people don't
want to do that. Also, the scale of problems associated with
keeping Grex running increased in the mid-2000s to such an extent
that it became very challenging indeed to keep Grex running.
Note that the validation patch was designed, and largely succeeded,
in addressing points 1(a) and 2. It really has nothing to do with
1(b) or 3.
Now, Richard, what you will notice, and I will agree with you about,
is that there has been a general decline in participation in the
Grex community, as defined by the BBS and party. But that's only
one of several communities that exist on Grex; it would be a mistake
to conflate the two or to assume that decline in one implies decline
in the other.
Richard, you've made clear that you don't like the validation policy.
Fine. But you've also made no proposal for dealing with the problem
of electronic vandalism that, history has shown, will occur if we
get rid of it. If you have a viable alternative, I'd be very happy
to hear about it.
|
cross
|
|
response 139 of 334:
|
Nov 24 22:47 UTC 2010 |
resp:137 Beats me. If no one is requesting validation, no one will get
validated. A lot of people just don't bother requesting.
|
nharmon
|
|
response 140 of 334:
|
Nov 24 23:06 UTC 2010 |
Somebody, it might have been Dan, suggested validating via a micro-payment
like through PayPal. Couple that with a manual validation method for
people who are unable to use PayPal (ie. other country, or under 18), and
I think that would fit our needs.
|
cross
|
|
response 141 of 334:
|
Nov 24 23:11 UTC 2010 |
Yes, that was me. I never said the system was perfect. I'm starting to look
into doing it now.
|
kentn
|
|
response 142 of 334:
|
Nov 24 23:29 UTC 2010 |
We're in luck: the Board added PayPal verification as an acceptable form
of identification a few years back (see item 23 in coop). So, what we
are talking about then is an automated way of verification. You can
already be verified via PayPal, though it is a manual process of the
treasurer checking the PayPal account to see who has paid via a verified
PayPal account. If we do implement this, we'd need to make sure that
there are good records kept so that the treasurer and the verifiers are
in the "loop". The verification policy doesn't say anything about the
amount of money, so there may be micro-payments for verification only,
and payments for memberships to tell apart and handle.
|
richard
|
|
response 143 of 334:
|
Nov 24 23:29 UTC 2010 |
This response has been erased.
|
richard
|
|
response 144 of 334:
|
Nov 24 23:30 UTC 2010 |
Can't you just do automatic verification. Say you have to provide a
valid email address, a link is then automatically sent there that you
have to click on to validate. Then the system notes that email and ip
and in the future automatically rejects any other newuser request that
ever comes from those details. No humans or human judgement is
involved. You have a valid email, you get in.
|
kentn
|
|
response 145 of 334:
|
Nov 24 23:41 UTC 2010 |
E-mail isn't in the current list of acceptable forms of ID for
verification. PayPal has pre-validated accounts, where you link a
credit card or bank account to the PayPal account and they make sure
it's real. So, that gives use more confidence that the person with the
PayPal account is real and gives us a better audit trail if there are
issues.
To allow e-mail verification of the type you suggest would require more
Board actions and potentially a member vote (although it appears that
PayPal verification was added only via a Board vote). We certainly can
discuss this at an upcoming meeting.
I would be concerned that someone using a fake name could create a
free e-mail account and get verified, cause problems, and we'd have no
recourse to identify them if the govt. came calling.
|
cross
|
|
response 146 of 334:
|
Nov 24 23:46 UTC 2010 |
resp:144 What's the point? Kent understood exactly what I was getting at
in resp:142. There's no humans involved there, either (other than the
person getting an account).
|
cross
|
|
response 147 of 334:
|
Nov 24 23:49 UTC 2010 |
As a matter of fact, we talked about doing this at a board meeting in, I
think, 2008. It just hasn't been done yet.
|
richard
|
|
response 148 of 334:
|
Nov 25 00:07 UTC 2010 |
I'd think email verification is preferable to paypal. Grex is a non-
profit site and need not be in the business of encouraging or requiring
prospective new users to use a corporate site, PayPal, that has no
ownership stake here. Why solicit hits for PayPal unless Paypal is
paying Grex to do that?
Grex staff also doesn't need to get into storing personal information
about users. Email verification obviously isn't foolproof as kent
points out, but if it is done with Grex blocking future new user
requests from both that email address *and* the ip address it came
from, it at least makes it more difficult.
|
cross
|
|
response 149 of 334:
|
Nov 25 00:11 UTC 2010 |
We already know that the likes of Chad will give fake email addresses; they
did it to get around the *current* validation scheme. Richard, are you
willing to clean up after another attack from Chad or someone like him?
My suspicion is that your real objection to the validation scheme is that I
put it into place.
|
cross
|
|
response 150 of 334:
|
Nov 25 00:13 UTC 2010 |
Oh, yes, and it's really not about paypal per se. Any service that did
something similar, but could track a user down to a human being, would do just
as well.
Grex already stores personal information about users. It has since its
inception.
Trying to block on email address and IP address is a) useless when one
considers something like tor and how trivial it is to create a throw-away
email account, and b) more invasive for legitimate users who want multiple
accounts than what we're currently doing.
|
richard
|
|
response 151 of 334:
|
Nov 25 00:19 UTC 2010 |
No I object to the validation scheme based on what it is, not that you
came up with it. And re #150 I think limiting users to one login is
okay, who needs multiple logins here these days anyway?
The overriding point is that grex does not and should not be in any way
encouraging or promoting use of outside commercial services. Doing so
would just outsiders question grex's mission and whether grex is being
paid off by these commercial services to encourage its users to sign up
there in order to validate here.
|
richard
|
|
response 152 of 334:
|
Nov 25 00:30 UTC 2010 |
In fact I believe that Grex encouraging validating via a micro-payment
through PayPal is essentially promoting use of a for-profit service and
could be a violation of the rules for a 501(3)(c). This sort of thing
could threaten Grex's tax status.
|
mary
|
|
response 153 of 334:
|
Nov 25 00:49 UTC 2010 |
Oh, God, Richard. You better get right on the phone to The Red Cross,
Kiva and a host of other charitable non-profits and let them know about
this right away.
|
cross
|
|
response 154 of 334:
|
Nov 25 03:36 UTC 2010 |
resp:151 What if a user *wants* multiple logins? Why should we restrict
that? Have you *really* thought this through?
|
rcurl
|
|
response 155 of 334:
|
Nov 25 05:24 UTC 2010 |
Don't all online bbses, forums, etc "argue endlessly about [one or more
of] conservative vs liberal, republican vs democrat, atheism vs
religion, pro-choice vs pro-life, gun control, oil, wars, and all the
usual stuff"?
|
nharmon
|
|
response 156 of 334:
|
Nov 25 13:42 UTC 2010 |
I can not think of a single other forum I participate in that allows
political or religious arguments. So no, not all. But I'm sure many do.
|
cross
|
|
response 157 of 334:
|
Nov 25 13:44 UTC 2010 |
resp:155 That's my point. Grex is no longer unique; it's now a small fish
in a very, very big pond.
|
keesan
|
|
response 158 of 334:
|
Nov 25 15:10 UTC 2010 |
Last I looked at the Puppy Linux chat area two people were discussing
marijuana. Some linux forums have a 'general' area where people talk
about anything they like. SDF has a general forum.
|
kentn
|
|
response 159 of 334:
|
Nov 25 15:36 UTC 2010 |
If we can get the PayPal verification system working, would we also
credit their micropayment after we've assured ourselves the account
is okay? Any payment could be considered a donation and stated as
such several times during the verification process, if we cannot do a
credit. What is the smallest payment you can make via PayPal?
|
kentn
|
|
response 160 of 334:
|
Nov 25 17:04 UTC 2010 |
I see where PayPal offers micropayments and that might actually save
some fees as the rates are lower than if you send a small payment via
regular PayPal (the example I saw was that usually a $1 payment would
incur a 33c fee, but with micropayments the fee would be lower, 10c).
The problem with this is it requires a new PayPal account and is geared
more for merchants selling digital downloads. Plus, somebody in the
transaction (Grex or the user) loses those fees if you give money back
(and the credit transaction might incur a fee as well) unless PayPal
refunds the fees.
|
cross
|
|
response 161 of 334:
|
Nov 25 18:17 UTC 2010 |
Eh, I'd say ask them to donate either two or six dollars. Then you really
could make them members; if they let the membership lapse, that'd be their
decision.
|