|
Grex > Coop > #284: Grex Town Hall -- How do we move forward? - Fall, 2010 |  |
|
| Author |
Message |
| 25 new of 334 responses total. |
cross
|
|
response 170 of 334:
| 
Nov 26 20:56 UTC 2010 |
I think we should at least restart some of the older and cruftier conferences.
For instance, the "micros" conference; really, when was the last time someone
called a desktop computer a "microcomputer"? Restarting the systems (nee
jellyware) conference resulted in a flurry of new activity for a few months,
though that's tappered off now; I sort of look at doing some selective
conference pruning as a way of repairing some of the more glaringly broken
windows on Grex.
resp:167 I think the thing that's likely to keep me interested is if Grex
remains an interesting place technically. While the technology has gotten
kind of boring in the last few years, I think the idea of it remains
sufficiently compelling that I stick around to poke at things and see where
it can be taken. The place definitely needs a facelift.
|
rcurl
|
|
response 171 of 334:
|
Nov 26 21:02 UTC 2010 |
There are bbses, forums and mailing lists for all kinds of obsolete
technology. I belong to one for pendulum clocks - improving their timekeeping
is its major thrust (they use atomic clocks to measure how well they are
doing). Maybe have a conference for obsolete computers?
|
cross
|
|
response 172 of 334:
|
Nov 26 21:05 UTC 2010 |
Sure. But don't make that the main source for information about modern PCs.
|
veek
|
|
response 173 of 334:
|
Nov 29 13:48 UTC 2010 |
hmm.. i just checked and Arbornet has no restricted shell. It's pretty
much took a few seconds to get an account. (and there was very little
text to read too)
|
cross
|
|
response 174 of 334:
|
Nov 29 15:01 UTC 2010 |
For whatever reason, they don't seem to have the same problems we do
with people attacking the server as soon as they get an account. I
don't know quite why that is, but I suspect that some of it is that
it's just easier to push people's buttons on Grex, and the
personalities that have been most disruptive over the past few years
seem to get a kick out of doing that.
|
veek
|
|
response 175 of 334:
|
Nov 29 15:44 UTC 2010 |
they have a slow fuse but when it gets lit they tend to annihilate -
like with taking chad to court.. I bet they would have. we need more of
that and less of validate is what i'm thinking - less pussyfooting
around and more of aggressive action once it crosses a certain point.
(also it helps that tonster's got m-net is in his backyard or
somethin.. so easy to fix) we really need to nuke validate BUT then we
need someone bullheaded enough that if there's trouble.. lawyers.. mm..
what we need is someone with a JD..
i read that there are lawyers that sort off dog patients footsteps
(accident victims).. i was seriously wondering.. is that true? is it
likely that if i gooled someone and approcached them, they'd be willing
to help for free? what's the probability of it working out (roughly)
|
cross
|
|
response 176 of 334:
|
Nov 29 17:26 UTC 2010 |
resp:175 The probability of such a thing is roughly zero.
We took action in the form of asking Chad to stop and locking account
after account. We talked about talking to law enforcement about him,
but it didn't happen. M-Net asked him to leave, and he did for a
while, but then came back.
What sort of gets me is that the people who are saying we should do
away with validation and so on are missing several points.
One is that Grex has always done some level of validation; from the
time this place has been connected to the Internet, there's been an
identity verification requirement to access more than just basic
Internet services (e.g., do hostname lookups). Not only is there
precedent for this sort of thing, but member votes were taken back in
the day and so on. I don't think this is going to change any time
soon.
The other is that people seem to have forgotten just what a mess Grex
was for a couple of years prior to putting the current scheme into
place. Some people were howling for action (some who are now
suggesting we get rid of validation). Grex would be down or unusable
for weeks or months at a time. It was a sad situation.... What we
got out of validation was some modicum of stability. We put a speed
bump in the road to getting to an unrestricted shell that set the bar
high enough that the ankle biters got bored and stopped trying. Now,
we're talking about streamlining things further, but I don't think we
should remove the speed bump: experience has shown us that without it,
we get taken down. And it wasn't just Chad: spammers were using Grex
like it was going out of style and our ISP nearly shut us down several
times as a result unless we took some action. People regularly
uploaded flooders and IRC bouncers and all sorts of stuff. While the
latter isn't particularly harmful, I don't think, the number of times
I saw `udp.pl' in home directories was astounding. Basically, the
bottom line is that Grex was regularly being used as a platform to
either attack, or attempt to attack, other systems elsewhere on the
Internet. We slowly narrowed things down further and further until
brand new users got basically no access to the network at all, then
they started attacking Grex itself.
Another issue is that of staff time and availability. Grex's staff is
much smaller than it used to be, and folks generally have way less
time than they did previously. It may be sad, but it's reality, and
it begs the question, if we let people get on with no road blocks
again, then who's going to clean up the resulting messes? The
spammers and crackers aren't going to pony up a couple of bucks to get
to the shell when they can pay the same amount of money to rent a
botnet for a few minutes (and send out an order of magnitude more
email and/or flood packets). If it cuts down on the amount of time I
*have* to spend to keep Grex up and running, that's a good thing and I
can use the limited time I have to play with Grex to do more
interesting stuff, like improve software or services.
Finally, I believe that some of the conclusions people have drawn
about validation are flawed. It's true that introduction of the
restricted shell roughly corresponded to a general decline in usage of
the BBS and party, but correlation is not causation and, as I've
posted before, the restricted shell came as a result of abuse of Grex,
the BBS and party: I claim it was largely this abuse that caused the
decline, not the validation speed bump. There is less activity on
Grex now than there was years ago, it's true, but I'd say that the
level of actual, real discussion hasn't changed that much since the
restricted shell got put in. It's easy to mistake turbulent and/or
destructive activity as just "activity"; when it goes away, things
seem to slow down a lot (because they do) but what's there instead is
what people are actually actively engaged in, not just observations
about damage to the system.
It's easy to point a finger at the restricted shell, but look at what
else is going on. I mean, for how many *years* did the web site say
that Grex was running on a Sun after we had transitioned to the
OpenBSD machine? How many dead links are still there?
Arbornet may not have a restricted shell, but SDF does, yet they get
new users all the time. Most of what I'm proposing is modelled on
what they do. It works there; why can't it work here? I think it can.
I think that Grex's problems are a combination of technical and
social, but the validation issue is somewhat separate. Here are some
technical things that I think could help out, if people were so
inclined:
a) Update the web site. Hey, we need a webmaster! Anyone want to
volunteer? What's there now isn't terrible (I went through and
converted almost all of the web pages to XHTML and cleaned up a lot of
cruft a few years ago, but it's actually quite a large job).
Specifically, if someone were so inclined, they could check out the
web site from the Subversion repository (svn co /var/svn/trunk/grex)
and make updates to the XHTML and CSS and send a patch. A consistent
look and feel across all pages would be great. Making the CSS more
generic would also be great (e.g., using relative percentages for
things like widths instead of hardcoded numbers of pixels). Pruning
and/or updating dead links. Making more of the content correspond to
reality (e.g., the FAQs and so on). Just proof-read the pages and
look for grammar and spelling mistakes.
b) There are a lot of scripts in grexsoft that date from the Suns.
Update these and make them reflect reality. A lot of shell scripts
are legitimately better written as Perl scripts. Remove SunOS-isms
(no, really). A lot of scripts can just be straight-up deleted.
c) I think most of the C programs are good to go at this point, but
verify this and clean things up as needed. Someone who could write
regression and/or unit tests for some of this stuff would be awesome.
d) Grex runs a few non-trivial software packages that need serious
cleanups. At this point, the big three are backtalk, fronttalk and
party. The former two need some serious work: backtalk needs some
serious updates to make it compliant with web standards and make sure
the HTML it generates is valid, etc. The user interface(s) probably
needs an overhaul. Fronttalk is written in a pretty clean style, but
is basically Perl 4, uses a lot of global variables, etc. Cleaning
that up would probably make it faster and fix some latent bugs. Party
has lots of legacy cruft that could be stripped out, again making it
cleaner and probably a little faster.
Anyone who wants to work on this stuff is welcome; pretty much
everything is in the subversion repository. Anyone who wants can
check it out and start making changes. Send me diffs.
|
jep
|
|
response 177 of 334:
|
Nov 29 17:57 UTC 2010 |
I didn't have much interest in that when sending money meant -- solely
-- that Grex would have the money and I wouldn't. Grex had six thousand
dollars in the bank at one point, and no intention to use any of it for
anything. Why would anyone send money under those circumstances?
If Grex needs money to pay the bills, I can send some. If it needs to
purchase something, I will help. (I did when it bought the current
computer.)
If it needs money because the bales are settling and getting
uncomfortable to sit on, though, I'm just not interested.
|
veek
|
|
response 178 of 334:
|
Nov 29 18:02 UTC 2010 |
This response has been erased.
|
veek
|
|
response 179 of 334:
|
Nov 29 18:14 UTC 2010 |
Dan,
1. I'm not for a milli-second blaming you for implementing validation.
It was, in an absolute sense, the only thing that could have been done
at that point of time!
2. I don't see a correspondence between validation and a decline in
Grex. Grex was already in decline long before validation!
(I'm NOT! blaming you for 'validate' - just get that out of your head -
at least as far as i'm concerned! Chad was a bit too much! also, agree
with almost all of the above - mail spammers, bots - arbornet has some
ass running udp.pl)
----------
What I'm asking is this:
1. could we bring back no-validation AND if trouble returns, put it
back in place quickly? Far as I know, it should be fairly simple to
switch between the two?
2. What is the worst that would happen if we reinstated no-validation -
Grex goes down? Would the person running to provide (that would be TS i
think, but remmers also does that) be willing to do so?
Try to see it from my point of view.. I abuse my Linux box doing all
sorts of crazy things.. i don't think twice about powering off whenever
i feel like etc.. and nothing ever goes wrong.. so i'm wondering wth??
We have like 5 users..
3. The web thing and scripts I think i can handle and I'll do so :) <g>
Anyway 1,2 can wait me thinks till we finish with the web-site.. (and
till we get CGI/MySQL for shrimp users)
|
cross
|
|
response 180 of 334:
|
Nov 29 20:51 UTC 2010 |
But what I don't get is, what's the point of turning it off? It's not
like there are hordes of new users clamouring to get accounts on Grex;
until Grex has something to offer those people, they're not going to
come here, regardless of whether they have to go through validation.
You could argue that what they come for is the shell, but I haven't
seen any evidence of that.
|
kentn
|
|
response 181 of 334:
|
Nov 29 22:05 UTC 2010 |
Especially since there are fewer people trying to get accounts, we
should be as welcoming as we can be, including making it as easy to
get an account as possible, without forgetting the issues we've seen
recently. We need a higher percentage of the people trying us out to
become regular users. This wasn't always so in the past, when there
were thousands of people trying Grex and a few hanging around to use it.
Locking people in a maze of twisty passages is not my idea of a good
welcome, even though it may be seen as necessary.
|
richard
|
|
response 182 of 334:
|
Nov 29 22:16 UTC 2010 |
One way to entice new users is to upgrade Backtalk or move to other
conferencing software. These days people don't want to participate in
conferencing/bbs's unless they can upload graphics and show pictures
and video in their messages.
|
richard
|
|
response 183 of 334:
|
Nov 29 23:46 UTC 2010 |
Could also re-open the Grex store and start selling those Grex logo
boxer shorts again. After all what better publicity can you get than
your logo on boxer shorts :) (and no I'm not making this up, Grex
once had a store and in fact sold boxer shorts)
|
kentn
|
|
response 184 of 334:
|
Nov 30 00:09 UTC 2010 |
Ha! That's a neat idea. Unfortunately, I'm told our last inventory
of products ended up being disposed of after traveling to Europe where
they wouldn't sell, either. Maybe times are different and if we limited
ourselves to very few items we'd do okay? But we probably don't want to
repeat history if things won't sell. What do others think?
|
denise
|
|
response 185 of 334:
|
Nov 30 00:46 UTC 2010 |
I'd consider buying a Grex t-shirt and/or a mug or something.
|
veek
|
|
response 186 of 334:
|
Nov 30 01:55 UTC 2010 |
resp:180 1. from what I've seen on SDF, people are always asking for
MySQL and CGI. One guy I spoke to suggested it might be for testing
purposes since he was completely clueless. But he did pay for arpa or
whatever..
2. People need a friendly push when it comes to such things.. like
sample scripts tailor made for Grex (a sample home-page with some
random cute girl/or guys, pic and a wall and crud like that). Then they
get ideas like Oo let me try that.. a decent home page is something no
one offers.. which is weird because look at Facebook :) 3. We have so
far never tried getting things going in a well organised manner.. ads,
and features together.
|
rcurl
|
|
response 187 of 334:
|
Nov 30 05:14 UTC 2010 |
I haven't used newuser for a very long time, but it occurs to me that it
would be easier to use if it didn't ask questions but instead set up a
"standard" account, and then offer the user to make other choices by
checking boxes on a choice page (like Setup in Alpine).
|
veek
|
|
response 188 of 334:
|
Nov 30 10:07 UTC 2010 |
Oo! yup! good idea! Actually i was thinking a cool cgi form or a shell
script.. and it could build his home-page and .plan simultaneously. I
could template that so it looks very nice (the home-page). The home-page
could also double as a resume so ppl looking for jobs. .. you know,
free- email.. resume on the web.. cool-domain-name.. some
work-experience with cyberspace.. it would be pretty useful to ppl!
|
kentn
|
|
response 189 of 334:
|
Nov 30 13:46 UTC 2010 |
Great minds think alike. Yes, this has already been suggested in the
previous town hall item, but it bears repeating. I've also brought it
up with the Board in the last couple months. It might make the most
sense to have the web newuser be the simple, straightforward one and the
command line new user be the one with all the questions. Presumably,
most people won't use the command line if they are coming in through the
web. And if they do use a command line, they can probably change their
settings. Do those sound like reasonable assumptions?
Another thing that we could do is provide opportunities (links) for web
users to verify or validate and/or become members at the end of the
newuser session. Then they wouldn't need to search for information on
what to do later. The web newuser may do this already, but I haven't
been able to get through a complete session with it recently to see if
it does.
|
cross
|
|
response 190 of 334:
|
Nov 30 15:16 UTC 2010 |
I've streamlined newuser and it only asks a few basic questions now;
it no longer asks about things like backspace characters or terminal
types. It now only asks questions about the person itself. We can
reduce those further. For instance, do we really need people's phone
numbers and addresses? Probably not. I'm not sure that's a huge
hurdle, though.
It strikes me that newuser has to ask some questions just to set up
the account: desired login name, the user's real name, an email
address. I'm not sure what the set of reasonable questions is,
however.
|
kentn
|
|
response 191 of 334:
|
Nov 30 17:09 UTC 2010 |
The long web newuser says phone number and/or e-mail address is in case
there are problems and for checking that the person is who they say they
are when they want a password changed (or similar). It's optional and
can be set up so only root can see the information. So, it's probably
okay to continue to collect that information if people want to enter it,
with the usual notes about how it will be used.
We obviously need a valid login name that does not conflict with one
already used on the system and a password. The real name field on the
long web newuser page says it's not required to be a real name. So,
people can give themselves a descriptive name if they want. That's
fairly traditional on unix systems. Changing it from the web, however,
may be something we want to set up so people who enter something they
don't like can modify it. But that would likely not be on a set up an
account page. If we don't have a "manage my account" page we probably
should.
|
cross
|
|
response 192 of 334:
|
Nov 30 17:22 UTC 2010 |
We don't have an account management page and we definitely should.
I'm not so sure about asking for phone number, though. Email address,
definitely, but I think it is extraordinarily unlikely that someone
would get a phone call, at least from me. That said, I don't think it
hurts anything to ask for it, but I think realistically it's not going
to be used.
|
kentn
|
|
response 193 of 334:
|
Dec 1 00:34 UTC 2010 |
I suppose it depends on the urgency of the problem as to whether we need
a phone number. I agree that an e-mail address would be less intrusive.
Unfortunately some people change their e-mail address frequently. Since
a phone number is optional, those who do not want to be contacted that
way can leave it out.
I'm wondering if it would help us be a better system if we did an
annual survey of users and members and see if there are issues or ideas
they want fixed or implemented? Of course, nothing prevents anyone
from sending in ideas and issues at any time, including here in the
agora or coop conferences or in an e-mail to staff and board.
|
remmers
|
|
response 194 of 334:
|
Dec 1 14:33 UTC 2010 |
Being something of a minimalist, I'd personally prefer a newuser that's
short and sweet. I'll think about what I'd like to see newuser say/ask
and post it.
Maybe discussion of newuser deserves its own item, particularly if we're
going to have go-rounds about what it should say and ask, to avoid
swamping the Grex Town Hall. I'm glad we actually have a new newuser
to discuss, that does some sensible things that bring it more into line
with current practices on the web - specifically the email verification
and the captcha thing.
|