response 38 of 334:

Sep 29 15:12 UTC 2010

IIRC the issue with verification is this: If we don't verify, we tend to
have problem users taking the system down. If we had more staff
resources, we could probably handle this. But we don't. Still, I recall
that it was a short term solution and in the long run, if we don't make
it really easy for new people to sign up, there is no future. On the
other hand, if the system keeps being brought down by malicious people,
there is no future. 

response 40 of 334:

Sep 29 17:04 UTC 2010

In terms of verification, yes that was a user vote a while back, so the
users at the time agreed enough with it to approve it.  See the coop
cf for background and proposals for this (item 23 covers a lot of this
policy, there may be other items that apply).

Note that if you want to change this policy you can propose a new policy
(see Grex by-laws for how to do this).  If you're not a member (hint
hint), though, you can't vote on it.

For the restricted access for new users, yes, it is due to trying to
keep the system protected from malicious people.  It works, but I think
it may be chasing a lot of non-malicious people away.  Unfortunately,
we need something in place to help, otherwise we'll be up and down all
the time--which users complained about (rightly so), and our staff will
spend most of their time dealing with the situation.

If there is a better alternative to leaving the system open to malicious
users, let's hear it.  I'm sure we'd all like to go to a more open
system, but not at the cost of being frequently locked out due to system
downtime and/or inability to use the system (denial of service).

response 42 of 334:

Sep 29 18:07 UTC 2010

There are a lot of things Grex could do to attract new users.  Some of
them may be compatible with doing what it does now, the things which
keep us all here.  How about a smart phone app?  Bring back the
multi-user Unix games like Phantasia.  Acquire a bigger computer and
host video messages in place of text based messages.  Attract some
people who will make the specialty conferences interesting.  It can be
done; it was done some years ago, and we haven't devolved *that* much as
a species.

I like Grex as it is.  I'm not going to devote any resources to changing
it substantially.  I'll toss out ideas, though, if I think of any and
there is any interest.

response 44 of 334:

Sep 29 18:47 UTC 2010

Helium, on the other hand...

response 46 of 334:

Sep 29 19:32 UTC 2010

re resp:43: Thanks!  I thought baloney was the most common element.

(Hydrogen is limited, just not as limited as anything else.)

response 48 of 334:

Sep 29 21:42 UTC 2010

Hydrogen is certainly common in the universe, just not on earth. Molecular
hydrogen, that is. The hydrogen in water is already burned and cannot be
recovered as molecular hydrogen unless you expend more energy than you will
get in using the hydrogen as a fuel, or whatever. 

response 50 of 334:

Sep 30 00:46 UTC 2010

To my knowledge, there is not a lot of support for a virtual Grex on
either the Board or staff, for various reasons.  I agree, it would be
good to lower our cost of co-location if we can.

Yes, we've been saying for the better part of this year that we have
a year plus a little more before we run out of money.  So for those
who said Grex has too much money as the reason they would not become
members, I'll ask again: at what bank balance will you consider Grex to
have not enough money and will become a member to help support Grex's
operations?

response 52 of 334:

Sep 30 15:21 UTC 2010

I think you need to have a viable idea to not get "bitch slapped".

I think Grex should get a million dollars. Money is very important in this
day and age, and the more money Grex has, the longer Grex will be around. If
we don't get a million dollars soon, I just don't know what could happen.

Wait... you want *me* to help get a million dollars? But I don't know anything
about having a million dollars! I'm more of an "idea guy". Stop shitting on
my awesome idea that nobody's had before!

response 54 of 334:

Sep 30 16:15 UTC 2010

I believe Richard is conflating two things: multiple levels of 
verification of users, and the restricted shell for completely non-
verified users.

The former was agreed upon by the users.  Some form of it basically 
must be used for legal indemnity purposes no matter what.

The latter initially came as an emergency measure to stop mickeyd and 
chad from bringing Grex down, basically, every day.  There is some 
precedence for it: SDF uses a restricted shell until users go through 
some form of validation.

I'll agree that "Cross's little patch" (the restricted shell) is 
probably stopping some users from really getting involved in Grex.  
Not as many as a person like Richard would like to believe (really, 
there just aren't that many accounts being created on a daily basis, 
and TS has been keeping up with validation requests).  But at this 
point, turning away almost anyone is a problem.

But, on the other hand, unrestricted access has proven to be a 
problem, as well.

So we've got a quandry.  Unrestricted initial access - without some 
kind of barrier - is going to cause problems.  Experience has proven 
that.  However, we need to give more access to the system so that 
people have some incentive to check us out: something to pique their 
curiosity, as it were.

Let's step back for a moment and examine, from a technical 
perspective, the problem and the current setup.  Giving brand new 
users unrestricted access to Grex gives them access to too many things 
that let them muck with the system.  They can post thousands of 
messages to the BBS, or send spam, or flood another computer, or send 
endless telegram messages to other users, or exploit OpenBSD (which is 
a lot more buggy than we were led to believe when we first decided to 
use it, but that's a topic for another item) to crash the operating 
system.  And these are not hypotheticals, they're actual events that 
have happened on Grex.  Everyone who has responded in this thread has 
been a witness to them.

In order to prevent that, we must necessarily lock brand new users out 
of some services.  For instance, we don't give them instant access to 
outgoing network services: doing so has been the source of many forms 
of abuse over the past.  Forms of abuse that have nearly lost Grex its 
connection to the Internet.  That's what the current system does.

So, what's the problem with the current system?  Well, there are 
several.

For starters, it's *too* restrictive.  The set of things that new 
users can do is embarrassingly small.  I believe that it can be 
exanded significantly, without undue risk to the system.  The 
challenge here is technical; we've got to make sure that brand new 
users can't "escape" out of the restricted environment and get to an 
unrestricted shell.  It's always something of a delicate balance here; 
too many restrictions make the system uninteresting.  Too few make it 
unstable.  Adding too much into the restricted environment means more 
chances for that instability (in that someone could potentially find 
some obscure way to escape to a shell or something like that).  How 
hard it is to find something like that (and thus whether it's worth 
it) and how hard someone is likely to look are debatable.  It was my 
senes that with, e.g., Chad and Mickey, they were both very motivated 
and enjoyed the search.  The second you give access to a programming 
language interpreter or compiler, or even a text editor, you're 
essentially done.

But on the whole, I think the current restricted shell environment 
errs too far on the side of caution.  So that's one problem, and 
loosing it up can mitigate that problem to some extent.

The other problem involves the mechanics of the verification system: 
it's based on humans.  That implies a certain amount of latency is 
involved, because a human has to look at a validation request and 
manually respond to it.  If the latency is *too* great, the 
(potential) user just goes somewhere else.  I submit that any system 
involving human verifiers is going to result in too much latency.

So how does one reduce it?  Well, I think that one can automate it.  
That's effectively what SDF did: they tied into PayPal and implemented 
an instant verification system on top of their restricted shell, and 
as a result, they have a huge membership.  I think we can do the 
same....  In fact, I don't even think it's that hard.  It's just a 
Small Matter of Programming.

A lot of people bring up things like web interface and other bulletin 
board software and the like.  These are all really good ideas; I agree 
with essentially all of them.  Grex does need to modernize (and at the 
same time streamline) its web interface.  I did a lot of work in that 
area a year or so ago; just trying to clean up the HTML.  I agree with 
Richard that some web based tools for things like real-time chat would 
be cool.  Certainly, backtalk needs (at least) a facelift.

But I don't think that any of these are the ANSWER that people are 
looking for.  Because people don't really want chat and conferencing; 
that stuff exists elsewhere, and is done better than Grex could ever 
do it.  Grex may have been a pioneer in a lot of ways, but it didn't 
retain the leading edge over time.  Blogs exist elsewhere.  If Grex is 
going to survive, it's got to be different, and its got to be 
compelling.  I think it needs to find a niche that its good at and 
really embrace that.  I'm not sure what that is, though.

response 56 of 334:

Sep 30 18:08 UTC 2010

SDF offers 600MB of space (for email and webpage etc.) including images in
your page, for $36 one-time payment.  Grex offers 1MB without images.

response 58 of 334:

Sep 30 18:33 UTC 2010

On the restricted user accounts as a defense against vandals:

My theory: There are two different types of hostile users.
The everyday type is interested in using Grex to go annoy people
somewhere else.  
The special ones are interested in screwing with the Grex community.
 
This is total speculation on my part, but I wonder if we need a 
2-tier defense system controlled by a switch.
 
Under Alert Code Yellow, normal conditions, newbies should be 
allowed access to party (especially), BBS, and maybe some other 
stuff which can't upset the outside world too much.

Alert Code Orange would be the status we have run on for the 
last couple of years, with pretty much everything locked down.
We'd save that for when a party hostile to Grex was actively
after us.

"Orange" might have to force users who newuser'd under "Yellow" 
to validate.   Otherwise the malicious anti-Grex person might 
just stockpile IDs under Condition Yellow.

This all sounds like work.  :-(   But locking newbies out of party
has pretty much killed the party community.


 

response 60 of 334:

Sep 30 19:34 UTC 2010

re resp:47: My point was lost.  It was that Unix programming does not
need to be a limited resource.  Anyone can acquire the skill.  Richard
can contribute to Grex if he wants to see changes.  

re resp:50: When I feel like my contribution is not mainly adding to a
big pile of money being accumulated for no apparent purpose, then I will
contribute to Grex as I used to do in the past.  I was not aware Grex
was below the $3,000 mark.  I was not aware it was below the $6,000
line.  I refused to send more when it was at around $4,700.  It climbed
much higher after that.  No one missed the money I didn't send.

I'll go on record now.  If Grex hits $1,000 I will pay for a membership,
provided I can afford one.