response 26 of 68:

Jul 27 17:26 UTC 2007

Various thoughts.
 
*)  I've become much more relaxed about Grex's reliability issues
    since I moved most of my personal email to a professional service.
    
    M-net's recent revival as a community coincides with their 
    decision to terminate email.   Coincidence or causality?
    If nothing else, terminating email could free up a lot of 
    staff resources.
 
    Even if Grex isn't ready to terminate e-mail, we need to 
    make it really clear that relying on Grex for e-mail of any 
    importance is a bad idea, and relying on Grex for business 
    e-mail is, well, extra double bad.   

    The E-mail world has become a poisonous place; services with
    dedicated professional staffs are struggling.  E-mail may have
    become something which Grex no longer has resources to offer.
 
*)  Open newuser and open shell access brings pests to Grex, but 
    they also attract a lot of the constructive users who have shown 
    up in the last few years to join the conferencing & party
    community.   I think closing newuser would be really bad.

*)  It's hard to figure out what do to about defending Grex when 
    there is no clear consensus as to what Grex is, in terms of 
    services offered to users.   Various stakeholders in Grex
    see it as:
    *)  online community with BBS and party
    *)  email service
    *)  place to utilize basic Unix shell services
    *)  place to learn about Unix

    Many of the users in one of these interest groups have 
    no knowledge or interest in the others, and their interests 
    are somewhat in conflict.

    For example, if one were concerned with Grex primarily as 
    an online community, a strategy for going forward would be:
         -- axe e-mail beyond within-Grex communication
         -- develop web interface to party
         -- shut off public shell access, at least to new 
            users -- you could maybe allow heritage users, but 
            getting rid of text interface to conferences would 
            allow you to move into the modern world instead of making
            every web-based conference change compatible with the 
                 the text based conference readers

    This would of course piss off many Grex stakeholders.

*)  In the Good Old Days, nearly all of Grex staff 
    -- found it a privilege to work on Grex, because the opportunity 
       to be a Unix sysadmin was somewhat rare.  So there was a 
       good supply of volunteers.  
    -- were motivated to care for grex, because it was an 
       important hub to their own social lives.

    Now, however --
    -- anyone can be a sysadmin using a free version of Unix on 
       junk/free computers
    -- few of the remaining staff participate in Grex socially

I have no solution for those last problems; I tend to see them as
insolvable.

response 28 of 68:

Jul 27 17:35 UTC 2007

There's another class of Grex stakeholder I left out:
  *) people depending on Grex for low-tech dialup access to the net
 
 :)

response 30 of 68:

Jul 27 17:59 UTC 2007

I want e-mail to work.  I want a text interface to conferences.  And I
want a shell.  If those three things were all gone, I would be gone
from here.

I haven't been using the e-mail much yet, but I much prefer e-mail from
a shell over webmail.  In fact, I despise webmail.  I feel that procmail
is far more powerful than anything available at any web site.  I also
think cyberspace.org is a cool domain for an e-mail address.  I even
created a second account (chuck) for times when unicorn may not be
appropriate, although that was after e-mail was turned off for new users,
and that account still doesn't have full e-mail access.  I also dislike
the idea that *everything* needs to be on the web.

If the text interface to conferences was taken away, I would no longer
participate.  Again, I dislike the idea that everything needs to be on
the web, and I don't believe that putting it on the web makes it any
more "modern".  I feel that a text interface is a far superior interface
for most applications, and I realize that is a minority opinion.

I also want a shell for the same reason.  It allows me to do so many
things that would be difficult or impossible from a web interface, and
even those things that can be done from a web interface can be done
much more efficiently from a shell.  If you took away my shell while
still retaining e-mail and conferences, I would never return, because
I would be forced to use webmail and a web interface to conferences,
both of which I will not do.

response 32 of 68:

Jul 27 18:25 UTC 2007

Although I do disagree with Chuck about the BBS being more modern
because it is on the web, I do agree with him on the things he feels are
important to maintain.

response 34 of 68:

Jul 27 18:40 UTC 2007

(I typed a response but will let others have the soapbox now.)

response 36 of 68:

Jul 28 06:17 UTC 2007

I would definitely apply for something like what Vivek and Dan suggest 
(an intermediate demi-staff position); I would like to help, but am 
uncomfortable having full-root access on a box on which I am not the 
sole stake-holder. I know I over-react to things and am immature, the 
combination of which makes me think I need to do more growing up before 
considering volunteering for full-on staff. 

Much as I am loathe to say this, I do think the modicum of anonymity 
offered by the incumbant newuser script is causing more problems than 
it solves. I feel dirty for saying this, but we may be at the point at 
which we need to be able to tie users to real-life entities, though I 
would also say that this information must be kept highly secure and off-
server, only for baffers. 

response 38 of 68:

Jul 31 14:31 UTC 2007

At the end of the day, no matter how much mary, maus, krj, vivek, steve,
and HCMS McGee want to play sysadmin, the only reason anyone is able to
access Grex right now is because the so-called vandal has apparently
decided not to prevent it, not because of anything staff or anyone else
has done.  The most devastating 'attacks' -- the ones that prevented
people from accessing the system remotely -- would not even have
required the miscreant to have an account on the system.  The syslogd
flooder 'attack' exploited a problem that was well known to steve
because he was told about it, but which he didn't bother to fix or warn
anyone else about for over a year.  You folks can be as frustrated as
you want to be and implement as many community-killing but trivial to
bypass measures as you want, but as much as you might not like it, the
choices you have are to a) do nothing and hope it doesn't happen again
(which isn't as bad as it sounds, believe it or not) or b) find a way to
get someone who has time and commitment and (!) knowhow to block attacks
like this.  I would strongly suggest adding unicorn to staff.  He's
ignorant and naive as fuck (remember how his proposed solution to the
crapflood was to attempt to limit user input to a humanly possible
speed, a suggestion that was lulzy on all levels), but he seems to have
endless hours to commit to Grex, can figure shit out at times, and
totally gets off at the mere thought of being on staff.  Flailing your
arms around wildly and hitting everyone but who you want to hit is an
option, but it's your worst one.

response 40 of 68:

Jul 31 20:26 UTC 2007

#38: "The most devastating 'attacks' -- the ones that prevented
 people from accessing the system remotely -- would not even have
 required the miscreant to have an account on the system.

You admit you're a miscreant?  And yes, I believe I know how you did
that.  If I knew then what I know now, I might have even more proof
of your identity.  But I believe I have enough as it is.

 "You folks can be as frustrated as you want to be and implement as
 many community-killing but trivial to bypass measures as you want,"

It is you who are killing the community.  This system, like the rest
of the Internet, was built on trust.  It is only because of people
like you that measures have to be taken to lock down things that
shouldn't have to be locked down.  It's like how it used to be possible
for people to leave their cars and homes unlocked, but that is no longer
an option in most non-rural and even many rural communities.

 "but as much as you might not like it, the choices you have are to a)
 do nothing and hope it doesn't happen again (which isn't as bad as it
 sounds, believe it or not) or b) find a way to get someone who has
 time and commitment and (!) knowhow to block attacks like this."

It will never be possible to secure everything.  I read a quote once
(I'm sorry, I don't know who said it) that said something like, "any
computer that is completely secure is completely unusable."  It appears
that you are attempting to make grex completely unusable by exploiting
every perceived hole you can find, forcing staff here to try to plug
those holes.  Some of them may need to remain unplugged, and legal
remedies undertaken instead.

 "I would strongly suggest adding unicorn to staff.  He's ignorant
 and naive as fuck (remember how his proposed solution to the crapflood
 was to attempt to limit user input to a humanly possible speed, a
 suggestion that was lulzy on all levels), but he seems to have endless
 hours to commit to Grex, can figure shit out at times, and totally
 gets off at the mere thought of being on staff."

I don't have endless hours to spend.  I don't like seeing the system
abused, and since no one else seemed to be able to do anything at the
time, I spent more time on here that I really would have liked, trying
to do my part in helping to remedy the situation.

And no, I don't "get off" on the thought of being on staff.  I didn't
even consider volunteering until there were problems, and I saw that
there wasn't enough staff to keep on top of them.  I volunteered once,
and have said little, if anything, about it since.  I figured if they
wanted to take me up on it, fine, and if not, that's fine, too.

response 42 of 68:

Jul 31 21:04 UTC 2007

well, the times they are a'changin.

response 44 of 68:

Aug 2 01:39 UTC 2007

I'm not sure I'm hearing strong consensus around some of these issues.  

I am sure Board will discuss the options and make a decision.  

If you have a solution to propose, let's hear it soon.

response 46 of 68:

Aug 2 05:02 UTC 2007

I think we need to tighten the reigns of what totally unauthenticated users
can do.  Maybe that means leaving all but a sandbox conference closed to those
who have not been `socially validated.'  I think the following are given:

1) Email access is severely curtailed, as per the current proposals.
2) Write(1) and tel(1) access become `opt-in' instead of on-by-default.
3) webpage publication becomes a `socially validated' thing (to avoid
   phishers....  phishermen?).

Really, it's not such a big change from what we do now.  We're just saying
that to use the community services, you have to establish contact with the
community beforehand, as opposed to just being given the access.  Here's the
analogy I'm thinking of:

Right now, Grex is kinda like an apartment building; the community functions
are like apartments within the building.  Both the building and the apartment
have the door wide open.  Anyone is free to wander in and poke around to his
or her content.  We trust that most people are pretty nice and aren't going
to abuse this open access; unfortunately, that's not realistic anymore and
is really starting to break down.  Now, we're moving to a model where still
pretty much anybody can get into the building (by creating an account) but
to get into the interesting apartments, you've got to knock.  Anybody who
wants to can still get in; we're not discriminating, but we're sort of
guessing that those who want to knock over the furniture and piss in the
kitchen sink aren't going to knock for the privilege.

It seems pretty reasonable to me.

response 48 of 68:

Aug 2 13:57 UTC 2007

http://youtube.com/watch?v=Q5im0Ssyyus