Good. Someone's awake out there. Wondered if I was talking to a
void :-)
> They would seem to allow the kind of behaviour that has often
> been criticised of other UTS admins by our own admins.
Perhaps. They allow pretty broad behaviour based on the observations
that:
(i) We trust our admins. (Ultimately, we don't have much choice.
Any organisation that trys to not trust its admins is shooting
itself in the foot. Feet. Everywhere really.)
(ii) Most users have nothing to hide and would prefer not to have
their use of ProgSoc machines suspended for a couple of
weeks every time an admin thought something slightly amiss
was happening.
(That second point is a slightly oblique poke at your suggestion. I'll
explain below.)
> Administators aren't supposed to be thought police they are
Agreed.
> supposed to be ensuring the fair operations of the
> equipment.
Well, acceptable use. This needs definition and is one of the aims
of this discussion.
> Sometimes these things may intersect, but I would contend that
> normally they are quite different.
:-)
I don't think that ProgSoc (and thus its admins) should be thought
police at all.
> For instance, has Progsoc clarified legally what the
> responsibilties of the the Society are in dealing with Pirated
> Software for instance? Has someone even called the Business
> Software Association or whatever it is?
Not as yet. Frankly, we are treading a difficult line. However, about
a dozen members have had their accounts locked for 6 months and been
warned that, after unlocking, if they are EVER caught with pirate
software (on ProgSoc machines) again, we'll be involving the Federal
Police. In fact, we'll probably call BSAA first.
> I would have thought that management of anonymous ftp and the
> normal auditing for account sharing and excessive disk use
> would take care of this.
I don't quite follow. Most of the instances of software piracy that
we have become aware of have indeed been the result of someone
suddenly consuming a large amount of CPU/disk/network. Is this
what you are referring to?
> If there is to be an investigative role to our System
> Administrators it needs to be heavily codified with process,
> otherwise there is great potential for problem with legal
> and even just university review.
Not at all. This is one approach, it is implied by the proposed GFA,
and I'd like the membership to discuss it in advance, rather than
complain about it in retrospect. Thus my prompting to get someone
talking!
As the proposed GFA stands, the admins are effectively empowered
to do anything at all if they feel (or more importantly, if the
exec feels) that they have just cause. This provides us with the
ability to proceed without being shackled by process, and never find
ourselves powerless to stop pirates. (As things stand right now,
we have no documented policy, and indeed, some individuals may
consider examination/alteration of their data to be an invasion
of privacy. This is all well and good, except that it means that
we can't act against pirates.)
The other approach that I can see is pretty much what you propose.
Paraphrased slightly it is "Lock member accounts at the drop of a hat.
Have their account contents investigated by an appropriately convened
meeting of the executive/admins in the member's presence."
This has three problems:
(i) Lots of users are going to get upset about having their accounts
locked more frequently than before.
(ii) A pirate may decide that, having been caught, his/her best
option is to never turn up. ProgSoc is powerless to act,
short perhaps of a court order.
(iii) This only allows us to catch abuses that can be proven by
virtue of files in possession. Abuses that revolve around
data in motion can never be proven this way.
As I see it, so far, ProgSoc members have two choices:
(i) Trust the admins to weed out the ratbags (who are becoming
numerous).
(ii) Not trust the admins (worse, threaten the admins with
disciplinary action), and severely interrupt the activities
of some (currently unknown) number of innocent members.
This is the discussion that I'd like members to have, to help the exec
set appropriate policy.
My opinion? Storing ANYTHING that you don't consider public on an
Internet connected machine, particularly with as many users as ProgSoc
machines, is pure stupidity. You are asking for someone, somewhere to
discover your secrets. More important to ProgSoc's interests is ProgSoc's
ability to protect its reputation (and thus its ability to remain connected
to the 'net) by allowing its administrators to take timely approriate
action when (and only when) they have just cause to believe that abuse
is occuring or has occured.
This of course is why the drafts are worded as they are.
More opinions anyone?
> If our users can't be an example of how people should use computer
> systems why can't our Administration be something that we can hold
> up to the rest of UTS on how things should be done?
I'm not quite sure I follow the reasoning there - if our users (members)
were an example of how things should be done, then our admins probably
could too. It is because a signifigant number of members aren't that the
need for administrators to be supervisors arises. (Bear in mind that the
primary role of the admins is NOT user administration, but making ProgSoc
machines do usefl and interesting things!)
I'm also not sure that anyone (outside ProgSoc) cares how ProgSoc is run
so much as how little negative impact ProgSoc has on the outside world.
(And then again, perhaps I care about that more than any outsider.)
- Raz rjturner@nospam.socs.uts.edu.au
"It often upsets a man's God fantasies to have (Misquoted? from )
someone shoot down one of his helicopters." (Ben Elton's "Stark" )