Item 197. Grex Board of Directors Meeting, June 2, 2003 Anne Perry (mooncat) Tue, Jun 3, 2003 (23:00). 89 lines, 16 responses. Attending Board Members: Gelinas, Other, Mary, Mooncat, Flem, Aruba, MDW Attending Non-Board Members: Bhelliom, Carson, Kip, Glenda, Steve, Janc 1. Opening gavel: 7:48 pm 2. Treasurer s Report: For May took in $406, paid $589. Our rent for the Pumpkin is going up 5% to $80.41 Many of the expenses for May were for the Next Grex- 2 case fans, cooling compound, 2 motherboards (which were not the ones we needed, were returned and 2 new ones purchased in their stead). Rebate came in for the cd read/write drive. UPS batteries were purchased (but at the time of the meeting they had not been installed, Steve has the batteries and has been having trouble getting another key to the Pumpkin). 1 New member in May, Kip. Auction: so far the high bids equal $492. We also received a picture of Charcat s cat (along with his check for an auction item), who is really cute. For Next Grex we got the cds for OpenBSD, and some really neat stickers. 4. (Passed initially, waiting for Janc and Steve to arrive) 5. Adding new staff: there is currently a discussion in staff e-mail, will wait another month for names of potential new staffers to be submitted to board for approval. Staff is still discussing what needs to be done in terms of choosing new staffers, training, and coming up with a list of tasks. Board debated the idea of some sort of apprenticeship system of training. No real conclusions reached at this time. Staff needs a list of what tasks need to be done, and on what kind of scheduled basis do these tasks need to be done. It has been suggested that at the next staff meeting staff compile a list of who does what, and what needs to be done- perhaps an item in the staff conference should be created ahead of time so those staffers not able to make the meeting can contribute to the list. The results of this list can be brought to the next board meeting. 4. Next Grex: Janc reports that Aruba delivered the machine to him, he set it up and installed OpenBSD 3.3. Jan also experimented with RAID (initially he didn t know anything about it, now he does, and has figured out that RAID isn t what we would want to use for Grex.) In short, the benefits of using a RAID software set-up does not balance with the system lag is causes. So instead of using RAID Jan is experimenting with mirroring files onto the IDE disk. He has installed a couple packages from PortTree (correct name?) and had detailed documentation of what he has done so far. Also set the SUID partitions. Next step would be porting packages. Some discussion at this point of the version of OpenBSD that was installed, apparently there may be a problem with ELF (?) and the a.a version is probably what we want. Currently Next Grex seems to be working just fine, although there is a potential problem in that when it boots up it occasionally does not recognize the network. This may just be a result of the card on the motherboard, someone will find out. 3. STeve has the UPS batteries at his home, will be stealing MDW s key and making copies as well as taking MDW to the Pumpkin with him. 7. New Business: Board needs to think about phone lines, how many do we want? Do we want to continue with the dialins at the number we have now? Canceling a few of the phone lines might allow for that funding to be put towards increasing our DSL speed. Again about the Portmaster, we have documentation and a Portmaster, but the two don t go together. Some unofficial talk of finding a Portmaster that fits the documentation that we have. What happens if a board member misses three meetings in a row: the general conclusion was that we should worry about this when a board member really abandons his/her post, and move on for the present time. Spam board@cyberspace.org receives, a possible short-term fix could be as simple as making the address on the website non-clickable. After much discussion of possibilities (making the address merely unclickable, making it a .gif file, changing the board s group e-mail, etc.) it was finally decided to merely make the address non-clickable for now, Other is heading up the project. 6. Next Meeting: scheduled for Tuesday, July 29th, 7:00 pm at Zing s Next Door in the Kid s Room. 8. Closing Gavel 9:10 pm. 16 responses total. ---------- (197) #1 Mark A. Conger (aruba) Wed, Jun 4, 2003 (00:18). 2 lines. Nice minutes, Anne. We actually took in $486 in May, and didn't pay for motherboards but did return two. Details are in the treasurer's report. ---------- (197) #2 Allergic to liars (russ) Wed, Jun 11, 2003 (23:59). 17 lines. Regarding the staff@cyberspace.org spam: Recent research has shown that non-clickability probably won't help you, but obscuring the address might (until the next phase of the spammer arms race). Encoding the address as \#116;\#117;\#97 etc. (or however it's done) was quite effective as of the date of the test (which is not to say it's effective now, as the people who write address harvesters probably read that report). A more effective system is to use Javascript to defeat harvesters. If you want an example of this, look at the contact information on this site: http://www.commutercars.com Hint: The displayed addresses are clickable, but there is no recognizable string in the page source for spam harvesters to grab. The address is built by a bit of Javascript from obscured components. I expect that this will be effective for some time. ---------- (197) #3 Eric R Bassey (other) Thu, Jun 12, 2003 (00:14). 2 lines. Our website is Javascript-free in order to be Lynxable, as I understand it. ---------- (197) #4 Todd Plesco (tod) Thu, Jun 12, 2003 (00:25). 1 line. It could be done with perl forms. ---------- (197) #5 Steve Gibbard (scg) Thu, Jun 12, 2003 (01:36). 2 lines. Which have their own issues when the spammers exploit formmail.pl to send their spam. ---------- (197) #6 Phil Green (polytarp) Thu, Jun 12, 2003 (14:16). 1 line. lynx can do Javascript. ---------- (197) #7 Allergic to liars (russ) Thu, Jun 12, 2003 (18:49). 8 lines. Re #3: Someone using Lynx can probably figure out instructions like: For help, send mail to "staff" at this site. This goes double if the words "mail", "staff" and "site" are obscured using escape codes for the ASCII instead of the literal characters. This will not affect a browser, but a spam harvester isn't going to be nearly as sophisticated as a human. ---------- (197) #8 Marcus Watts (mdw) Fri, Jun 13, 2003 (02:37). 2 lines. Send mail to staf<-- cask -->f@cyberspace ---------- (197) #9 Joe (gelinas) Fri, Jun 13, 2003 (07:50). 2 lines. (I thought the original complaint was about spam to the Board, but I don't mind fixing any e-mail references to the staff's address, too.) ---------- (197) #10 Greg Fleming (flem) Fri, Jun 13, 2003 (11:15). 4 lines. My two cents: I think that making sure access to staff and board is easy is more important than protecting staff and board from spam. If someone tries to send staff/board a message and can't figure out how, that's a worse outcome, imo, than me having an extra ten spam a day in my inbox. ---------- (197) #11 John H. Remmers (remmers) Sun, Jun 15, 2003 (12:00). 3 lines. I'm not on the board list, but I am on the staff list. It gets a little spam but not much. Assuming that the board doesn't get much spam either, I tend to agree with Greg. ---------- (197) #12 Eric R Bassey (other) Mon, Jun 16, 2003 (00:44). 1 line. Subjective. For me, the board list gets a lot of spam. ---------- (197) #13 Joe (gelinas) Mon, Jun 16, 2003 (09:25). 7 lines. A data point: Between 0200 and 0900 this morning, I received eleven messages. Five of them were spam. One was addressed to party@cyberspace, one was addressed to board@cyberspace (as well as several other grex addresses), two were addressed to me @umich, and the fifth was addressed to me at a specific machine in the umich domain. I usually check the 'to' address of spam, but I don't usually count them. ---------- (197) #14 David Brodbeck (gull) Mon, Jun 16, 2003 (11:51). 4 lines. Doesn't sound like a big problem if that's a representative sample. I'd be thrilled if I only got five pieces of spam a night. If only one of them was addressed to the board list, it doesn't sound like there's much to be gained here. ---------- (197) #15 Jared Mauch (jared) Wed, Jun 18, 2003 (10:17). 13 lines. Honestly, what likely needs to be done is install something like mimedefang in conjunction with the Milter functionality in sendmail to provide application layer filtering out of spam. I've found SpamAssassin to be a valuable tool in this arena and since enabling mimedefang a few days ago has reduced the spam i've had to deal with significantly. I'm using higher than defaut scores to reject the spam at the smtp layer. You'd be surprised how many messages get a score of 18 or more. This is an unfurtonate necessity in the realm of providing email to people these days. Providing people access to filter spam via spamd/spamc is something that should be considered. ---------- (197) #16 Todd Plesco (tod) Wed, Jun 18, 2003 (13:06). 2 lines. I'm also using MIMEDefang with Spamassassin. It works great once it is configured correctly.