Item 378. Minutes from Grex Board of Directors Meeting, November 28, 2006 S. Lynne Fremont (slynne) Tue, Nov 28, 2006 (22:55). 78 lines, 17 responses. Grex Board of Directors Meeting Minutes, November 28, 2006 In Attendance: Ken Josenhan, Steve Andre, Sindi Keesan, Mark Conger*, Jan Wolter*, Larry Kestenbaum*, Mary Remmers, John Remmers*, Lynne Fremont *, Joe Gelinas* = board member 1. Treasurer s Report. In October, we took in $511.26 and spent $155. We have three new members (ringbark, firewizs, lutefisk). In November so far we have taken in $132 with one new member (neisler). There are currently 58 members with 44 paid up (the rest are in a grace period). 2. Staff Report There is an election for new Directors for the Board beginning on December 1, 2006 There are a lot of vandals currently hitting grex. These people are hurting both Grex and Provide.net. Steve has locked 16 accounts and has closed newuser. The vandals are using flooding programs to flood DNS which takes down provide.net. Recently, Provide.net turned us off because a program that originated on Grex took down their network for over an hour. Grex was the recipient of a denial of service attack that caused Provide.net to take us offline. This situation is seriously jeopardizing Grex s future at Provide.net. Staff are working on a technical solution which will use the Cisco router to block certain kinds of traffic. However, the larger issue is that Grex is a magnet for this type of internet behavior. Staff frequently find malicious programs that use outbound internet ports (e.g. 53, 80). It might be that the best solution will be a policy solution to block or restrict outbound net access similar to the current block on outbound email. Before considering this, however, it is important to remember that there are a lot of users who use outbound net access for legitimate purposes. It was suggested that a software solution might be better than making a policy that restricts access. The problem with that is that it would take a while (perhaps too long) to implement a software solution. A policy change might be better in the short term because it could go into effect in a much shorter time. There was some concern brought up about the board changing policy regarding outbound net access because there was a former member vote that granted outbound net access to everyone and any policy changes made by the board may override that. There was discussion about if this situation was enough of an emergency to take action since our co-location may be in jeopardy. MOTION: To establish an interim policy that new users after today will not get outbound net and email access by default. Users wishing outbound access will be offered a means to request it. Once this policy is implemented, newuser will be reopened. This policy will remain in effect until ratified or replaced by the membership. Moved by Larry Kestenbaum, seconded by John Remmers. Vote: All in Favor, carries unanimously We will need to establish a way for people to request access. An account will be made for this purpose. Since root access will not be required, Lynne Fremont has offered to answer any emails until other volunteers can be found. She will enter an item in the coop.cf for this purpose. 3. Old Business 4. Schedule Next Meeting. - There will be no board meeting in December due to holidays. The scheduling of the next meeting in January is deferred until after the BoD election. 5. New Business. It was suggested that people be given the option to opt out of having mail on grex or be given the option to opt out of receiving offsite email to their grex accounts. Staff can look into that and does not need special board approval to enable users to choose to have less services. There was also a discussion of anti-spam options. 6. Meeting adjourned. 9:10p 17 responses total. !cmcgee ---------- (378) #1 C. S. McGee (cmcgee) Wed, Nov 29, 2006 (08:11). 1 line. Ahh, ok, my previous questions have been answered. !cross ---------- (378) #2 Dan Cross (cross) Wed, Nov 29, 2006 (23:21). 1 line. I'd recommend that email be an opt-*in* procedure, rather than opt-out. !blaise ---------- (378) #3 Jim Trigg (blaise) Thu, Nov 30, 2006 (10:39). 2 lines. Dan, as I read #0, email will be opt-in for new users, and opt-out for existing users (who already have email accounts). !ric ---------- (378) #4 Rick Root (ric) Fri, Dec 1, 2006 (09:35). 3 lines. Could we automatically opt out anyone who has never used email on grex? I don't know if you can tell that or not, maybe by the date of their mailbox file or something.... !keesan ---------- (378) #5 Sindi Keesan (keesan) Fri, Dec 1, 2006 (15:45). 4 lines. How about making the mailbox go away if not accessed within a month or two, except for registered members? Even for grex mail. They could ask later to get it back. Otherwise some vandal is likely to send everyone 100 copies of something and fill up the partition. !denise ---------- (378) #6 Denise M. Anderson (denise) Fri, Dec 1, 2006 (18:18). 2 lines. How would that work if people accesed their mailboxes to delete mail? Or to check for any mail from other grexers? !cmcgee ---------- (378) #7 C. S. McGee (cmcgee) Fri, Dec 1, 2006 (19:58). 13 lines. Let's not make up complicated schemes. Anyone who now has an email account will continue to be able to send and receive email to the outside Grex world. Anyone who does not now have an email account will have to specifically request off-Grex privileges by sending an internal email to a human being who will (generally) grant that request. If anyone abuses email, their email account can be blocked by staff. No complicated date stamp schemes, no special privileges for members as compared to non-members, !cross ---------- (378) #8 Dan Cross (cross) Sat, Dec 2, 2006 (08:46). 1 line. How is that different from what we have now? !remmers ---------- (378) #9 John H. Remmers (remmers) Sat, Dec 2, 2006 (09:49). 3 lines. It's certainly our current policy. The difference is that there will be a better-defined and publicized way to make access requests and a set of volunteers specifically designated to process them. !kingjon ---------- (378) #10 Jonathan Stuart Lovelace (kingjon) Sat, Dec 2, 2006 (10:04). 3 lines. Actually, our current policy allows users who registered after the outgoing-email block to still receive email from offsite. !remmers ---------- (378) #11 John H. Remmers (remmers) Sat, Dec 2, 2006 (11:02). 2 lines. You're right. And the motion passed by the board at the November meeting does not explicitly restrict inbound mail, only outbound. !kingjon ---------- (378) #12 Jonathan Stuart Lovelace (kingjon) Sat, Dec 2, 2006 (11:22). 4 lines. But the problem being currently discussed in the conferences was the volume of *incoming* spam, with a system-wide spam filter being discussed as another solution. !slynne ---------- (378) #13 S. Lynne Fremont (slynne) Sat, Dec 2, 2006 (11:44). 3 lines. resp:12 The problem this policy is meant to address is the problem of people using outbound net access in ways which can be harmful to grex. Incoming spam is a different issue. !kingjon ---------- (378) #14 Jonathan Stuart Lovelace (kingjon) Sat, Dec 2, 2006 (12:22). 2 lines. OK; I seem to have conflated the two issues. !cross ---------- (378) #15 Dan Cross (cross) Sat, Dec 2, 2006 (15:23). 1 line. Like I said, make all email opt-in for grex users. !eteepell