|
|
| Author |
Message |
| 13 new of 37 responses total. |
brighn
|
|
response 25 of 37:
| 
Jan 30 13:39 UTC 1996 |
Yes, but my verbiage is so very eloquent, Carson... ;)
|
srw
|
|
response 26 of 37:
|
Jan 31 07:50 UTC 1996 |
In #8, Brighn asked what would happen if an account was recreated without
the intent to impersonate. Well in that case the account wouldn't be
complained about, so the issue wouldn't come up. If someone complained
falsely against the account, we would reset the pw and send it to the
account's actual owner, resulting in no net damage. The benefit to staff of
this policy is that it does not require making value judgments or knowing
anyone personally.
This policy was developed because of two feuding Chinese users who both
took accounts out on Grex and posted to usenet through an email->usenet
gateway, and then accused each other of impersonation. I had
absolutely no clue who was who, so I reset both passwords and sent the
new passwords to the email addresses given in each account.
They stopped complaining after that.
|
carson
|
|
response 27 of 37:
|
Jan 31 14:13 UTC 1996 |
couldn't they have settleed it over a game of checkers?
|
chelsea
|
|
response 28 of 37:
|
Jan 31 14:32 UTC 1996 |
If you were unable to reach the person at the information left
in the .plan how would this type of complaint be handled? What
if the account was setup to be anonymous?
|
scg
|
|
response 29 of 37:
|
Feb 1 04:10 UTC 1996 |
If the account was set up to be anonymous, I'm not sure where the problem
would be. The problem is when an account is set to claim to be a specific
person, who it isn't. I don't remember this ever being an official policy,
but more of an extension of our lost password policy. When somebody loses
their password, it can be reset if we can be reasonably sure that we're giving
the new password to the right person. Under the same policy, if an account
claims to belong to somebody it would be perfectly reasonable to give the
account's password to the person it claims to belong to.
|
jazz
|
|
response 30 of 37:
|
Feb 1 06:21 UTC 1996 |
Is there a whap on the wrists to the person doing the impersonation,
or has that already been done?
|
popcorn
|
|
response 31 of 37:
|
Feb 1 06:32 UTC 1996 |
No need to do that, since the account has been returned to the person it
claims to belong to.
Re 22: Brighn, I think you misunderstand what the word "immortalization" of
an account means. It means that the account is put on a list of accounts that
won't be deleted, even if nobody has used the account in more than 3 months.
So if an account was immortalized and its owner came back 4 months later, the
owner would still have an account to get into, no problem.
|
arianna
|
|
response 32 of 37:
|
Feb 2 10:51 UTC 1996 |
I have a question: when an account is reaped, is it scrubbed clean of all
traces of it's former owner? Including mail, .plan, and other files?
|
davel
|
|
response 33 of 37:
|
Feb 2 11:34 UTC 1996 |
Yes. The home dir is removed (that's almost everything you're thinking of)
and also the incoming-mail box, and the record in the password file.
|
steve
|
|
response 34 of 37:
|
Feb 2 23:38 UTC 1996 |
Basically, its gone. We retain records of the logins (the wtmp file
that the 'last' program uses), and of the inital newuser data that was
first given to us, but other than that, its gone. Of course there are
the backup takes, but the mail that a reaped account in /var/spool/mail
is truely gone, since we don't make backups of that partition.
|
srw
|
|
response 35 of 37:
|
Feb 3 08:15 UTC 1996 |
Not only all of that, which is all true, but if someone takes out a new
account with the same name, it will still have a different UID, which would
prevent the new user from changing posts made by the previous user of that
name.
The only time we've had confusion regarding new accounts, is when mail arrives
to a new user of an old name. This happened once, and the new user was quite
offended at receiving unwanted highly personal mail. The sender was annoyed
at us for allowing the account to be recreated without waiting a year or so.
We've debated this occasionally, but it is quite impractical to put a waiting
period on the thousands of accounts that we reap.
|
brighn
|
|
response 36 of 37:
|
Feb 3 22:00 UTC 1996 |
Then obviously Melly's accusation in #0 of the impersonator tampering
with said files is erroneous, since said files did not exist to be
tampered with. Is that accurate?
Popcorn> No, I understand immortalization. If you were to go on to
other things, and we all couldn't stand to see another person using the
handle popcorn, we'd stick it on a list somewhere, and
if you were to ever return to us, you'd have the handle back.
Simple. I was referring to situations were Denise Roddenbacher of
the Roddenbacher family logs on and wants the handle that has been
vacated by you... *shrug* It's a case by case thing... there are too
many variables, IMHO, to justify an immortals list.
|
srw
|
|
response 37 of 37:
|
Feb 4 01:24 UTC 1996 |
I don't know any of the details of the tampering. The new account had a new
uid, so now files would have been accessible. Neither would posts in picospan.
Only email sent to that address would have wound up in tyhe wrong hands,
as far as I can tell.
|