|
|
| Author |
Message |
| 25 new of 63 responses total. |
remmers
|
|
response 37 of 63:
| 
Jul 15 16:01 UTC 2007 |
Of course, there's also the possibility that he or she is already a
well-known user under another login id, and is reading all this, and so
already has lots of information. In which case, none of the quick fixes
proposed, other than shutting down newuser, will do any good.
|
cmcgee
|
|
response 38 of 63:
|
Jul 15 16:10 UTC 2007 |
Of course that's possible John. And it's possible that it will not do
any good to attempt a quick fix. It is far more likely that a quick fix
will work, however.
|
gelinas
|
|
response 39 of 63:
|
Jul 15 16:15 UTC 2007 |
No, I think John is on the right track. Our friend has at least one loginid
that hasn't been used yet.
|
cmcgee
|
|
response 40 of 63:
|
Jul 15 16:38 UTC 2007 |
Let me get this straight. John and Joe believe we have a current user
(whom we may or may not recognize as a contributor to conferences) who
is maliciously creating new logins and flooding Agora with spam by using
TOR.
So far the user has spammed agora under pins, pnis, and spin. Joe knows
of at least one other loginid that hasn't been used yet.
The solution to this problem is to close Grex indefinitely to any new
users. This will cause the person to become bored and to discard the
tactic. At some point, we will reopen newuser, and the person will
refrain from trying this tactic again.
|
cmcgee
|
|
response 41 of 63:
|
Jul 15 16:49 UTC 2007 |
After reading the latest posting in Agora, a lightbulb went off.
During Happy Hour we had a discussion about an MNET decision to permantly
block a certain user. I raised the question about that user (who has been
on Grex in the past) refocusing their behavior to disable Grex.
I think perhaps that has happened.
|
mary
|
|
response 42 of 63:
|
Jul 15 17:11 UTC 2007 |
We don't know whether this person is a part of our community or not.
Either way, there may be established accounts ready to go even if we
close newuser. So closing newuser may not give us instant
gratification.
There are lots of anonymous ways to access Grex. Tor is only one of
'em.
Anything we do will reward this twit. Anything. This discussion is
rewarding. I really, really hope we don't try something like stealth or
closed conferences.
If we close newuser we could put up a message (on the newuser page)
saying we're having a twit problem and we don't know how long it will be
before we get it under control. Could we offer folks the opportunity to
request an account by contacting a volunteer, like the path we've
already discussed, maybe even implemented, for those wanting to expand
guest priviledges. A hassle? Sure. Doable, maybe. It would be tricker
to screen at the pre-account level. But it would be a way to allow those
who want in, in, until the bigger problem can be addressed.
It's not perfect. We've had twits before and we'll have 'em again.
Maybe establising a way to bridge such a problem by closing an automatic
newuser is something we should have available at all times.
|
mary
|
|
response 43 of 63:
|
Jul 15 17:12 UTC 2007 |
Regading #41. Doubtful. Really. For a number of reasons.
|
cmcgee
|
|
response 44 of 63:
|
Jul 15 17:54 UTC 2007 |
I like mary's suggestion of closing newuser, and setting up a "request"
system for new bbs privileges.
|
mcnally
|
|
response 45 of 63:
|
Jul 15 19:16 UTC 2007 |
I'm pretty sure there are other accounts that have been created by
this user already, so we should expect more attacks even if newuser
is shut down. E.g. check out user "nips" ("spin" backwards) created
on July 15th.
More to the point, though, I think Colleen has got it exactly wrong
(when she suggests a show of force will make the user think twice)
and Mary is exactly right when she writes "Anything we do will reward
this twit. Anything." Trolls, twits, and vandals thrive on attention
and a sense of power. Power to disrupt your enjoyment of the system
is minimally satisfying. Power to compel you to compromise the mission
of your organization and close off access to new users is on another
level.
Regrettably we may need to take some temporary steps to give time to
address the problem but I'd like to ask that we try to come up with a
plan FIRST and also a timetable. We're now 18 months from the point
where we "temporarily" turned off outgoing mail access for new users
and I don't want to see newuser die the same death by default.
|
cmcgee
|
|
response 46 of 63:
|
Jul 15 19:20 UTC 2007 |
I don't think I suggested a show of force, and I really don't think I implied
that we could get a user like this to think.
I have exactly the same fear you have about "temporarily" turning off newuser.
My suggestions are meant to try to solve the problem with some other steps
before we move to that level.
|
marcvh
|
|
response 47 of 63:
|
Jul 15 19:30 UTC 2007 |
The standard approach favored by most other discussion systems or
collaborative content systems (Wikipedia comes to mind) is to provide an
easy way to simply declare a user a "vandal", either hiding by default
or removing entirely everything that user has contributed. This only
works if it's easier for the moderator to remove the vandalism than it
was for the vandal to enter it in the first place, and if there are
enough active moderators with this power so the vadalism is taken care
of reasonably quickly.
Unfortunately the nature of our conferencing software makes this a
difficult prospect. Certainly making newuser harder to use seems
unlikely to deter a determined vandal (who likely has tons of free time)
but may deter the (rare) bona fide new user.
|
cmcgee
|
|
response 48 of 63:
|
Jul 15 19:32 UTC 2007 |
Ah, I see where you got that idea, McNally.
No, I was summarizing how I saw as remmers and gelinas suggestions. I
should have added a line that I thought that assuming that this person
would go away if we closed off newuser was wishful thinking of the most
head-in-the-sand variety.
See response 36, which is a clearer statement of my current stance.
|
cyklone
|
|
response 49 of 63:
|
Jul 16 01:16 UTC 2007 |
Regardless of how grex chooses to deal with our vandal, I'm quite certain that
that there is no connection with the disgruntled mnet user, because she has
extremely limited computer skills. She'd have to enlist help to pull off the
stunts "spin" is responsible for.
|
cmcgee
|
|
response 50 of 63:
|
Jul 16 01:49 UTC 2007 |
Ok, thanks cyklone. I doubt that is who it is then.
|
krokus
|
|
response 51 of 63:
|
Jul 16 05:53 UTC 2007 |
I agree with cyclone, while she would find it highly humorous.
|
unicorn
|
|
response 52 of 63:
|
Jul 16 06:47 UTC 2007 |
#29: "It doesn't seem that he's actually reading anything, so we might
be under his radar."
Check this out:
unicorn@grex.cyberspace.org:~% ls -al ~pins | grep coop
-rw-r--r-- 1 pins newpeople 459 Jul 14 22:37 .coop14.cf
It appears he read this very conference late Saturday night. If John
is correct, and this is a well-known user, he may have read it since
that time under his other login. I'm quite certain he's watching our
response, though. It may be that certain aspects of our solution may
need to be discussed privately (private e-mail among staff, or even
in-person communications among those of you in Ann Arbor). Technical
solutions, in particular, may be more difficult to circumvent if he
doesn't know how he's being blocked.
|
jep
|
|
response 53 of 63:
|
Jul 19 22:49 UTC 2007 |
re my comments in resp:11: It seemed it took cross a really long time to
get onto the staff, despite his evident Unix skills and willingness to
contribute a great deal of effort. I don't think it took so long for
some current and past staffers who are personally better known to mdw
and steve.
It seems the reluctance to add new staffers was done in the name of
security. It was my intention to assert that this did not make Grex
more secure, but that it instead made Grex less secure.
It was not my intention to personally attack anyone. I am a huge
admirer of the abilities and efforts of a lot of the staff, specifically
including mdw and steve.
The Board appears to be moving quickly to accept unicorn into the staff.
I find this remarkable. The Board isn't waiting for staff approval
before adding a new staff member. I am not sure that's ever been done
before. I guess we will all see whether it works out. I am in favor of
giving it a try, myself. Grex seems to be in much more danger from
staff inactivity than from possibly bringing in an evil staff member.
|
jadecat
|
|
response 54 of 63:
|
Jul 20 13:14 UTC 2007 |
I really have to agree with the very last sentence in that last paragraph.
|
remmers
|
|
response 55 of 63:
|
Jul 20 13:27 UTC 2007 |
Correction to #53, first paragraph: It didn't take long for cross to
get on staff the *first* time. After he resigned in a huff and left
questions about his suitability as a team player, it took a while for
him to get onto staff the *second* time.
|
jep
|
|
response 56 of 63:
|
Jul 20 13:35 UTC 2007 |
I thought it took a while for him to get taken seriously when he first
volunteered. Maybe my perception is wrong. If so, I apologize for my
error.
I understood why it took him a while to be accepted back onto the staff
after resigning.
|
cmcgee
|
|
response 57 of 63:
|
Jul 21 19:25 UTC 2007 |
Would rebooting open up the telnet ports?
|
unicorn
|
|
response 58 of 63:
|
Jul 21 22:47 UTC 2007 |
Grex was rebooted shortly after noon today, and it hasn't helped.
|
naftee
|
|
response 59 of 63:
|
Aug 6 01:29 UTC 2007 |
neither has shaving your scrotum
|
lar
|
|
response 60 of 63:
|
Nov 28 21:16 UTC 2007 |
You guys never figured out that spin,pins,nips ect. was cdalten
aka"jan"?
|
unicorn
|
|
response 61 of 63:
|
Nov 28 22:49 UTC 2007 |
But it wasn't. Go to the oldagora conference (aka agora62), and look
at item #4, response #215 for the proof. You can also backtrack to the
previous responses if you want to see more of the discussion. The real
culprit has been behaving himself since then, as far as I've been able
to tell, but Chad has taken up where he left off with a vengeance.
|
