Hi Gary:

On Wed, Jul 24, 2002 at 07:15:12PM -0400, Gary Fisher wrote:
> Kevin;
> 
> Having managed a few public message boards myself I agree that the problem
> won't be stopped by simply locking individual accounts or even entire
> domains from the Swikis, but limiting them to list members would in effect
> lock out everyone who either chooses not to join the list or has not yet
> figured out how to do so.  The first group includes many potentially
> valuable contributors who simply don't want the Squeak list's volume, the
> second includes almost every potential new Squeaker.

Yes, I hadn't thought of this.

> 
> Further, since joining the list from a "throwaway account" is just as easy
> as using such an account to deface a Swiki, tying the two together would add
> little security and might bring hooligans onto the list who until now have
> been satisfied with just defacing a web page here and there.

This is quite true as well.  It would likely stop the distracted kiddie
(like the one I suspect is defacing the swiki), but it wouldn't stop the
dedicated vandal.

> 
> Perhaps an answer could be found in a combination approach -- rather than
> making edits instantly "live," keep them out of view until approved by
> anyone with the current password, which could be sent with each month's list
> subscriber "reminder" message, the first of which (if I recall correctly)
> arrives the month AFTER someone joins the list (in contrast to the "new
> member welcome message").  The same information could be sent to
> non-members, including teachers and others who might not have time to
> participate in the dev list but would be qualified (and willing) to deal
> with the approval process.
> 
> If that were done, then list members would have full use of the Swikis after
> a few days or weeks on the list, and would share the task of seeing that
> inappropriate changes didn't make it into public view.  Qualified Swiki
> users who are not list members would also have access.  Casual vandals would
> be unlikely to sit through a few days or weeks of messages in hopes of
> picking up the "password of the month," while useful uploads or edits would
> wait only as long as it took the next list member / password holder to visit
> and decide.
> 

This is an interesting thought...a sort of "peer approval" method, right?

It's a thorny issue..having a system that is "open", but "secure" enough
that it keeps the bozos out (and doesn't squelch the openness).


> The main fly in the ointment is that some pages aren't visited as regularly
> as others; the answer to that might be to generate an email notice either to
> the list or an assigned "page editor" if something is left unapproved for
> some set length of time, perhaps 72 hours or less.
> 
> I think this would offer the best balance between the "open" spirit of the
> Swikis and the necessity of keeping some degree of order.
> 
> Gary Fisher


The open nature of the swiki is wonderful; the hostile nature of the Internet
is something else.   I don't like the idea of restricting swikis but the
reality of the internet makes me think otherwise.

We certainly aren't alone in this...I can think of another system I use
that provides -open shell access- no less...I can't help but think it's
only a matter of time before they become the next big warez drop. :/

It's an interesting problem--we have a system that is just great for
collaboration and whatnot...and yet, it exists on a network just as likely
to be abused as used properly.  Slashdot.org had a similar problem some
years back...I can't say I totally like the solution they came up with, but
they -were- forced into coming up with one, just the same.

USENET resembles what we are doing now:  some idiot sends out a pile of
SPAM, the USENET Cabal responds with cancels.  Mix, repeat ad nauseum.
Slashdot resembles more of a "peer approval"-style of moderation.

(and my apologies in advance if I sound a little jaded...my years on the
frontline as a sysadmin has given me a taste for the blood of script kiddies...
I still have the scars from the whole "Melissa" debacle.. :)

> 
> 
> ----- Original Message -----
> From: "Kevin Fisher" <kgf at golden.net>
> To: <squeak-dev at lists.squeakfoundation.org>
> Sent: Wednesday, July 24, 2002 6:21 PM
> Subject: Re: More Swiki damage by socp-b.scsnet.com
> 
> 
> > Not to be a cynic here (well, I guess it's unavoidable having been a
> sysadmin :)
> > but simply locking out the IP may not put an end to it.  After all, AOL
> > throwaway accounts are pretty much free in every cereal box these days.
> >
> > It doesn't seem to me that the vandal in question is going to stop anytime
> > soon, either...someone fixes the swiki, and he wrecks it the next day.
> >
> > Is there any realistic way to allow swiki access based upon membership
> > to this mailing list?  Ideally, we'd be the ones changing it the most.
> >
> >
> > On Wed, Jul 24, 2002 at 01:27:34PM -0700, Ned Konz wrote:
> > > This time it locked the page after damaging it:
> > > http://minnow.cc.gatech.edu/squeak/393
> > >
> > > Isn't there some way to lock out this IP?
> > >
> > > --
> > > Ned Konz
> > > http://bike-nomad.com
> > > GPG key ID: BEEA7EFE
> > >
> > >
> >
> 
>