|
|
| Author |
Message |
| 25 new of 52 responses total. |
aruba
|
|
response 24 of 52:
| 
Dec 18 15:02 UTC 2003 |
We don't have any credit card numbers or social security numbers. We do
have drivers license numbers. I don't use Outlook Express and only use IE
when Opera and Netscape won't work on a particular site. (Try using Opera
on microsoft.com sometime - you get a teeny-tiny font that's illegible.)
I think putting the database on a floppy sounds like a good way to have data
corruption problems, and it's not a good solution for large databases. I
guess I could put it on a keyring data chip, and keep it with me at all
times, but that seems a little paranoid to me.
|
gull
|
|
response 25 of 52:
|
Dec 18 15:17 UTC 2003 |
My concern isn't that you have it on your person; I'm not worried about
physical attacks. I'm just suggesting that if it's not accessable on
the computer when you don't need to work with it, that greatly reduces
the window of time during which someone can gain access to the data.
|
jep
|
|
response 26 of 52:
|
Dec 18 15:25 UTC 2003 |
Mark, please don't let jp2 rile you. It doesn't seem to be his goal to
help Grex with anything. It seems to be his goal to pretend he knows
everything better than everyone else. Even if it would be a minor
improvement to security, I don't think anyone else expects you to go to
heroic efforts to protect Grex data. Just do what anyone would do in
these times; take ordinary, normal precautions and if a problem comes
up some day, we'll all deal with it.
If Jamie can post a piece of data from Mark's files about Grex (or e-
mail it to Mark), then I'll think he's uncovered a problem. Otherwise,
I'll think Jamie is just trying to stir up trouble where there is
none. Again.
|
carson
|
|
response 27 of 52:
|
Dec 18 15:40 UTC 2003 |
(I'd like the discussion to refocus on the initiative presented in
resp:0 and how modification of current policy may or may not benefit
Grex. I don't consider the security of gathered information to be
directly relevant to this discussion because even the initiative as
currently worded would require some information to be gathered.)
|
jp2
|
|
response 28 of 52:
|
Dec 18 16:03 UTC 2003 |
This response has been erased.
|
bhoward
|
|
response 29 of 52:
|
Dec 18 16:24 UTC 2003 |
Oh.
|
willcome
|
|
response 30 of 52:
|
Dec 18 19:01 UTC 2003 |
.hO
|
aruba
|
|
response 31 of 52:
|
Dec 18 21:24 UTC 2003 |
Maybe I wasn't clear, Jamie: personal data about members is not available on
the net, and never has been. I doubt your bank can claim as much.
|
jp2
|
|
response 32 of 52:
|
Dec 18 21:33 UTC 2003 |
This response has been erased.
|
jp2
|
|
response 33 of 52:
|
Dec 18 21:37 UTC 2003 |
This response has been erased.
|
aruba
|
|
response 34 of 52:
|
Dec 18 21:37 UTC 2003 |
What was it I said that made you think data was stored online?
|
gull
|
|
response 35 of 52:
|
Dec 18 22:56 UTC 2003 |
I hate to turn this into an argument about definitions, but it really
depends on what you mean by 'stored online'. jp2's argument is that if
the computer the data is on is ever connected to the internet, the data
is 'stored online'. I assume other people are arguing that the data is
not 'stored online' unless it's on a permanently-connected system. I
suspect the actual intent of the wording would be more accurately
expressed as, 'the data is not stored on Grex.'
|
tod
|
|
response 36 of 52:
|
Dec 18 23:01 UTC 2003 |
This response has been erased.
|
jp2
|
|
response 37 of 52:
|
Dec 19 01:20 UTC 2003 |
This response has been erased.
|
davel
|
|
response 38 of 52:
|
Dec 19 02:43 UTC 2003 |
Re 35: It may be an argument about definitions, but I don't think the issue
is (or is only) occasionally-connected versus permanently-connected. If the
data were on Grex, say, there'd be great reason for concern not only because
it's online almost all the time, but also because it runs lots of programs
which let outside parties initiate logins & other connections. That's not
likely to be true of Mark's PC. And it's a really big difference.
TBH, I don't know what software Mark uses for Grex's books (& what hardware
is required), but I have to wonder whether Grex (or some donor) mightn't find
it worthwhile to provide the treasurer - not the current person, but the
office - with (say) an older laptop which could hold such data and never be
connected, period. That would, at least, reduce the likelihood of
software compatibility issues when the treasurer changes - just pass along
the computer along with relevant paper stuff.
|
aruba
|
|
response 39 of 52:
|
Dec 19 04:20 UTC 2003 |
Well, personally, I'd rather not have to turn on a separate computer every
time I want to do something Grex-related. But being able to pass it on to
the next treasurer is an advantage, I agree. (I also don't have room to
operate two computers at once, so starting one would likely mean shutting
down the other.)
|
keesan
|
|
response 40 of 52:
|
Dec 19 17:08 UTC 2003 |
24 about Opera and tiny text size, do you have Opera 7? It lets you specify
minimum font size, or display in 'text' mode with all fonts the same size,
or in accessible mode with all fonts large, or zoom up to 400%. See View,
Styles, User mode.
|
aruba
|
|
response 41 of 52:
|
Dec 19 18:14 UTC 2003 |
Thanks Sindi - I'm still on Opers 6.05, so that gives m incentive to
upgrade.
|
gull
|
|
response 42 of 52:
|
Dec 19 18:46 UTC 2003 |
I upgraded from Opera 7.1something to 7.3something and it fixed a
problem I'd been having with eBay.
|
keesan
|
|
response 43 of 52:
|
Dec 20 00:00 UTC 2003 |
The latest (as of yesterday) was Opera 7.23. Opera 7x also lets you specify
to only accept requested popups. While I was downloading it 5 popup adds
accumulated behind the download window all trying to sell me something. I
used 6 to download 7.
Does Redhat 7 use glibc 2.2.x? Opera 7 is not available for older linuxes than
this and I have glibc 2.1.3.
|
tod
|
|
response 44 of 52:
|
Dec 20 00:00 UTC 2003 |
This response has been erased.
|
keesan
|
|
response 45 of 52:
|
Dec 20 02:50 UTC 2003 |
You can either choose text ads or set Opera not to automatically display
images (at which point you don't see any banner ad at all). In Opera 6 you
could not get rid of the graphical ad banner by setting it to 'no images' but
in 7 you can. Or you can hit F11 for full-screen without any ad banner, or
bars, or menus. You can also remove the icons from all the bars, and remove
most of the bars, and get 80% of the page usable even at 640 (as opposed to
50% before you tinker with it). You can run opera in monochrome (but it won't
display any images if you do).
|
mdw
|
|
response 46 of 52:
|
Dec 20 03:13 UTC 2003 |
jp2 is absolutely correct there's a non-zero security risk in what aruba
is doing. There is also a security risk for using a telephone,
receiving US mail, and using the bathroom. Most of us accept much
greater risks such as driving an automobile, picking change up off the
sidewalk, or eating food prepared by total strangers. Other familiar
risks many of us are willing to assume include sleeping, physical
intimacy with people who are statistically more likely than total
strangers to kill us, and oral consumption of ethanol for recreational
purposes. I submit that sharing trivial identity data with aruba is
much safer than most if not all of these other risks.
|
naftee
|
|
response 47 of 52:
|
Dec 20 04:37 UTC 2003 |
jp2 and mark: signs of the time.
|
willcome
|
|
response 48 of 52:
|
Dec 20 16:25 UTC 2003 |
46: you don't think we should do things to reduce risk where possible and
reasonable?
|