|
Grex > Coop > #224: Authorization to Post | |
|
| Author |
Message |
| 25 new of 70 responses total. |
cross
|
|
response 25 of 70:
| 
Jan 16 18:50 UTC 2008 |
I really don't think it matters that much either way. There are so few people
trying to use Grex to bypass repressive regimes and use Grex as a freedom of
speech platform, that us having a few IP addresses in some mail headers isn't
going to be that big of a deal. On the other hand, if someone is determined
to harass Grex, they'll just go through the motions of getting `validated'
and go from there. If they time it right, like at night, they can load up
Agora or another conference with oodles of goo before anyone notices and moves
to stop them. Either way, I don't think we either gain or lose that much.
I can think of a few technical ways we could do this that wouldn't require
anything other than an email address (e.g., user runs a program *on grex* that
generates a request to a help queue; a volunteer looks at it at some point
a little later down the road, and runs a program that generates some unique
token and stores it somewhere and sends it to the user along with instructions
to login to grex and run some program; that program asks for the token, and
if it matches, puts the user into a Unix group, deletes the token, and that
group is listed in the conference configuration for each conference as the
one that allows posting. The conferences, in turn, are configured in
`fishbowl' mode to allow reading by all and posting only by the individuals
in that group. No IPs or anything else are necessary, and the software would
be pretty easy to write).
With respect to YAPP, I think an interesting question is whether we can ask
the Thaler's to just open source it. Then we can modify it as need be. The
source code was already available on M-Net for some time; I would assume a
few people grabbed it.
In any case, going forward, we need the flexibility and adaptability of
software that *we can modify*. We've had some good ideas in the last few
years, but I have felt that we have been hamstrung in terms of implementing
them by concerns about backwards compatibility with Picospan. That program
has served us well, but it's time to move on. Fronttalk is a pretty good
replacement, but does have a few bugs. Perhaps we should consider paying Jan
a few thousand dollars to fix them and make it ready for prime time?
|
tod
|
|
response 26 of 70:
|
Jan 16 20:32 UTC 2008 |
I really don't think it matters that much either way.
Sure, if there is an endless supply of staff willing to maintain it.
|
mary
|
|
response 27 of 70:
|
Jan 16 21:17 UTC 2008 |
We already log IP addresses, right? Like, available for anyone to see
by simply running "laston".
Dan, when your newuser sends a request to the help queue and when the
token is sent back, it sounds like this all happens internally. A valid
offsite email account wouldn't be linked to this new poster? The
standard for entering commentary on blogs and in forums seems to be
linked to email verification. Sometimes it's an automatic email
response that's generated requiring a click-through to complete
verification, sometimes it's a social link, but email is involved. Am I
not understanding your suggestion, maybe?
Fronttalk and Backtalk are already configured to turn posting privileges
on and off. It sounds like your scheme would be a separate program that
would need to be written? Why not just go with Fronttalk and Backtalk?
I'll email Jan and ask him to take a look at this discussion.
|
cross
|
|
response 28 of 70:
|
Jan 17 00:58 UTC 2008 |
Regarding #27; Yeah, sorry, I should have been more specific.
The idea is that a new user logs into grex (after getting an account by
logging in as newuser or similar) and runs some program. That program asks
them for an email address and creates a request on their behalf in an RT
`help' queue. The RT system generates email to the `validators' who look at
the RT queue, `take' the request, and then run some program on Grex that sends
the user a randomly generated token via email to the email address they
entered earlier. The user then logs into Grex (or maybe uses some sort of
web interface), and runs a third program that accepts asks them for that token
and adds them to a Unix group that is allowed write access to the conferences.
In this case, the only additional piece of information we get about them is
a valid off-site email address. We never get email *from* them, so we don't
have originating host IP addresses in headers that, e.g., Hotmail or whatever
might put into a message one of their users sends.
If a user is paranoid about privacy, he or she can create a throw-away email
account somewhere (like on hotmail, yahoo, gmail, whatever) using tor and use
that as their validation address.
|
cyklone
|
|
response 29 of 70:
|
Jan 17 01:16 UTC 2008 |
Maybe I'm not understanding something here. If the "solution" to the "problem"
is turning off accounts that are used for "abusive" activities, then why is
any email needed? Maybe my lack of computer knowledge is showing here, but
can't staff already nuke abusive users? If I missed something in an
earlier post, just point me back to it.
|
mary
|
|
response 30 of 70:
|
Jan 17 01:40 UTC 2008 |
Staff can nuke an abusive user and within, maybe, 90 seconds, that user is
right back at it. That's the reality of an open newuser with automatic
posting privileges. It's so quick and easy and automatic that we aren't
even bothering to nuke existing vandals. Like, why?
|
cyklone
|
|
response 31 of 70:
|
Jan 17 14:27 UTC 2008 |
I thought the standard response currently was to nuke the account AND block
the IP. Are anonymizers that big a problem? I'm pretty sure we block those
on mnet as well, if there's a problem.
|
mary
|
|
response 32 of 70:
|
Jan 17 17:16 UTC 2008 |
Proxy servers are abundant and simple to use. I mean, if I use 'em,
doesn't everyone?
|
tod
|
|
response 33 of 70:
|
Jan 17 19:43 UTC 2008 |
Maybe proxyies should be blocked.
|
mary
|
|
response 34 of 70:
|
Jan 17 20:43 UTC 2008 |
Yeah, when you figure out how to do that, please let the Chinese
government in on it. Try as they may...
http://en.wikipedia.org/wiki/Proxy_server
|
tod
|
|
response 35 of 70:
|
Jan 18 00:17 UTC 2008 |
scrubit.com ?
|
veek
|
|
response 36 of 70:
|
Jan 18 05:39 UTC 2008 |
captcha? And a quicker response to garbage posts.. (like purging the
whole thread). How is the current proposal going to solve the problem of
Chad lying and logging in as Ms Miss Jane Eyre? Staff will have to
ponder if the person they just allowed is genuine or Chad in disguise..
Look IRC has already solved this problem - more responsible chan-ops,
with the power to purge posts. Use the hive mind Luke :p
|
mary
|
|
response 37 of 70:
|
Jan 18 13:04 UTC 2008 |
My proposal has nothing to do with censoring twits. We already have some
great tools to work with there where each reader can decide for him or
herself what's of interest and what isn't.
This proposal is about giving staff a few extra tools when it comes to
dealing with known vandals flooding the conferences. That's it. It also
wouldn't require a lot of staff work to get it going and almost none once
it's in place.
Are there ten people who would be interested in seeing this put to a vote?
|
veek
|
|
response 38 of 70:
|
Jan 18 14:11 UTC 2008 |
I am definitely in favor of giving it a try.
|
cmcgee
|
|
response 39 of 70:
|
Jan 18 16:45 UTC 2008 |
I'm in favor of voting on this, and I'm in favor of trying to implement
it.
|
tod
|
|
response 40 of 70:
|
Jan 18 19:01 UTC 2008 |
I think veek's 'captcha' suggestion makes alot of sense even at a text level.
|
cyklone
|
|
response 41 of 70:
|
Jan 18 23:59 UTC 2008 |
I oppose the proposal and second tod's comment about the "captcha"
suggestion.
|
cross
|
|
response 42 of 70:
|
Jan 20 15:24 UTC 2008 |
captcha where, though? When posting, or when getting an account? Entering
a captcha when posting would certainly cut down on noise, but might cut down
on signal, too. For new account creation, I don't know what it would do,
really; the offending parties manually create accounts already. The problem
is that once they *have* an account, they can use it to flood the BBS or party
or whatever with garbage.
I think my proposal is basically the same as a CAPTCHA, and the only
additional piece of information we get about a user is a valid email address;
what's the problem with that?
|
cyklone
|
|
response 43 of 70:
|
Jan 20 15:58 UTC 2008 |
Staff can already disable accounts. The new proposal doesn't change that.
People have to sign up manually. The new proposal doesn't change that.
To repeat what McNally said, what exactly is the problem and how does this
"solution" solve it?
|
mary
|
|
response 44 of 70:
|
Jan 20 16:09 UTC 2008 |
"I think what we got here is a failure to communicate."
-Cool Hand Luke
|
cross
|
|
response 45 of 70:
|
Jan 20 17:15 UTC 2008 |
Seems to me that the problem is that someone can create an account and flood
the conferencing system as quickly as they can type. This solution reduces
that problem by slowing the rate at which someone can damage the system to
the rate at which someone else can type. Now, the question I have is, what
does it hurt?
|
cyklone
|
|
response 46 of 70:
|
Jan 20 21:42 UTC 2008 |
Well, if all you're trying to do is create more steps to creating a new
account, then I think the "captcha" idea does the same thing.
|
veek
|
|
response 47 of 70:
|
Jan 21 02:47 UTC 2008 |
umm.. (re #46) I was thinking more on the lines of captcha for every
post and better garbage collection.
I feel it's best to first try what remmers/mary suggested - allow
Agora(our default)? to be free for all and the rest should be locked
down; OR, lock all AND let's see how things work out. It's the simplest
and easiest..
The problem is that if you deny Chad access to the BBS completely, he's
going to get very frustrated and umm..
|
mary
|
|
response 48 of 70:
|
Jan 21 12:40 UTC 2008 |
Except remmers/mary never suggested anything be locked down.
What mary is suggesting is that we follow the lead of other forums/blogs
and ask readers to email us for posting privileges. It won't stop vandals
but it may slow them down and give us a few more tools with which to
inconvenience them. This is not a grand fix. I'm not even sure it will work
with our brand of vandal. It would require we move from Picospan to
Fronttalk.
Captchas stop bots. Bots aren't running newuser here that I'm aware of.
Like, why bother, it takes so little time to do it yourself.
|
lar
|
|
response 49 of 70:
|
Jan 21 12:58 UTC 2008 |
"The problem is that if you deny Chad access to the BBS completely, he's
going to get very frustrated and umm.."
and what? send us all dirty emails? you act like this guy is a real
threat but he's not.
|