Re: [racket-users] Core Team: I need you decide what I should do about the spammer.
Thank you Sage for taking on this task. — Matthias -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-users/FC8531A1-1D73-47EB-B379-E0138DF143EC%40felleisen.org.
Re: [racket-users] Core Team: I need you decide what I should do about the spammer.
Great! I think I get moderation messages too, and I'm happy to help out in letting people in. Robby On Wed, Jan 12, 2022 at 12:25 PM Sage Gerard wrote: > Both racket-users and racket-dev have just now been changed to "Anyone > can ask." > > On 1/12/22 1:17 PM, Sam Tobin-Hochstadt wrote: > > On Wed, Jan 12, 2022 at 1:14 PM Sage Gerard wrote: > >> Yes. I assumed was that (b) was not true, since I thought volunteers > >> were hard to come by for most community tasks. "Ask only" makes more > >> sense if someone can be found and made available at any time. > >> > >> All: I normally wait for a go-ahead from a quorum before applying > >> changes like this. If I don't need to wait, then please tell me. > > I think if you're good with this approach, you should move forward with > it. > > > > Sam > > > >> Sam: You mentioned someone got a 404 from an invite link. 404s sometimes > >> disguise permission issues, so I suspect that switching to "ask to join" > >> will make that problem go away too. > >> > >> On 1/12/22 1:00 PM, Sam Tobin-Hochstadt wrote: > >> > >>> Here's my suggestion: we switch to "ask to join" on Google Groups. I > >>> think that will notify all the moderators, and thus (a) more people > >>> can potentially respond (eg, I think I currently get those emails too) > >>> and (b) if someone can no longer take on this responsibility, it's > >>> easy to have someone else step up. The alternative where we specify a > >>> specific email requires potentially changing that email address when > >>> the responsibility changes. > >>> > >>> Does that seem like a reasonable approach? > >>> > >>> Sam > >>> > >>> On Tue, Jan 11, 2022 at 2:30 PM Sage Gerard > wrote: > No no, that was helpful, thank you. We do need to figure this part > out. > > On 1/11/22 2:22 PM, Robby Findler wrote: > > Sorry, I probably shouldn't have jumped in here. I'm happy with > whatever you folks decide is best! > > Robby > > > On Tue, Jan 11, 2022 at 1:09 PM Sage Gerard > wrote: > > Makes sense. > > > > I'll repeat one key difference in the context of Google Groups > > > > Ask to join > > > > Racket volunteer must be available for vetting requests, on > receiving them. Member starts process in Google Groups > > > > Invite only > > > > Racket volunteer may vet first, but must initiate contact with > member. As Sam said, strangers can't start that process. > > > > If you publish an email to request invites, then the process is > going to be "ask to join" no matter what, so the mailing list configuration > is relevant for a different reason. Do we want members to start the process > in Google Groups, or by sending an email to a fixed address? > > > > On 1/11/22 1:51 PM, Robby Findler wrote: > > > > Probably people find out about the mailing list by the website, > right? We could post an email address or two there where asks should go? > > > > Robby > > > > > > On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt < > sa...@indiana.edu> wrote: > >> One thing to note here: it's now not possible to _request_ to join > the > >> list. If someone wants to join the list, they have to know someone > who > >> is already a member and ask them to join. > >> > >> It looks like another option is "Anyone on the web can ask" to join. > >> It's not immediately clear who gets the emails when people ask, but > >> this seems like it might be a good intermediate position. > >> > >> Sam > >> > >> On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard > wrote: > >>> Alright, thanks to all of you for the quick replies. As of this > writing, the list has been reconfigured to create an explicit perimeter > between the non-members and members. The public can no longer let > themselves in. > >>> > >>> Not totally out of the woods yet. > >>> > >>> Someone please confirm if you can invite others using Members page > -> "Add Member". If not, then please follow up with me. > >>> This model can be compromised by someone going rogue and inviting > a bunch of spammers. I'm expecting that our communal trust is high enough > to make this unlikely. > >>> > >>> Considering the risk profile seems less scary, disregard request > to delete my emails. :) > >>> > >>> On 12/18/21 3:02 PM, Matthias Felleisen wrote: > >>> > >>> > >>> +2! And many thanks. (I was personally spared this spam until very > recently. No clue why) > >>> > >>> — Matthias > >>> > >>> > >>> > >>> > >>> On Dec 18, 2021, at 2:55 PM, Robby Findler < > ro...@cs.northwestern.edu> wrote: > >>> > >>> +1! Thank you. > >>> > >>> Robby > >>> > >>> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt > wrote: > The "members" option sounds right to me. Thanks for tracking down > a way > to improve the situation! > > At
Re: [racket-users] Core Team: I need you decide what I should do about the spammer.
Both racket-users and racket-dev have just now been changed to "Anyone can ask." On 1/12/22 1:17 PM, Sam Tobin-Hochstadt wrote: > On Wed, Jan 12, 2022 at 1:14 PM Sage Gerard wrote: >> Yes. I assumed was that (b) was not true, since I thought volunteers >> were hard to come by for most community tasks. "Ask only" makes more >> sense if someone can be found and made available at any time. >> >> All: I normally wait for a go-ahead from a quorum before applying >> changes like this. If I don't need to wait, then please tell me. > I think if you're good with this approach, you should move forward with it. > > Sam > >> Sam: You mentioned someone got a 404 from an invite link. 404s sometimes >> disguise permission issues, so I suspect that switching to "ask to join" >> will make that problem go away too. >> >> On 1/12/22 1:00 PM, Sam Tobin-Hochstadt wrote: >> >>> Here's my suggestion: we switch to "ask to join" on Google Groups. I >>> think that will notify all the moderators, and thus (a) more people >>> can potentially respond (eg, I think I currently get those emails too) >>> and (b) if someone can no longer take on this responsibility, it's >>> easy to have someone else step up. The alternative where we specify a >>> specific email requires potentially changing that email address when >>> the responsibility changes. >>> >>> Does that seem like a reasonable approach? >>> >>> Sam >>> >>> On Tue, Jan 11, 2022 at 2:30 PM Sage Gerard wrote: No no, that was helpful, thank you. We do need to figure this part out. On 1/11/22 2:22 PM, Robby Findler wrote: Sorry, I probably shouldn't have jumped in here. I'm happy with whatever you folks decide is best! Robby On Tue, Jan 11, 2022 at 1:09 PM Sage Gerard wrote: > Makes sense. > > I'll repeat one key difference in the context of Google Groups > > Ask to join > > Racket volunteer must be available for vetting requests, on receiving > them. Member starts process in Google Groups > > Invite only > > Racket volunteer may vet first, but must initiate contact with member. As > Sam said, strangers can't start that process. > > If you publish an email to request invites, then the process is going to > be "ask to join" no matter what, so the mailing list configuration is > relevant for a different reason. Do we want members to start the process > in Google Groups, or by sending an email to a fixed address? > > On 1/11/22 1:51 PM, Robby Findler wrote: > > Probably people find out about the mailing list by the website, right? We > could post an email address or two there where asks should go? > > Robby > > > On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt > wrote: >> One thing to note here: it's now not possible to _request_ to join the >> list. If someone wants to join the list, they have to know someone who >> is already a member and ask them to join. >> >> It looks like another option is "Anyone on the web can ask" to join. >> It's not immediately clear who gets the emails when people ask, but >> this seems like it might be a good intermediate position. >> >> Sam >> >> On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard wrote: >>> Alright, thanks to all of you for the quick replies. As of this >>> writing, the list has been reconfigured to create an explicit perimeter >>> between the non-members and members. The public can no longer let >>> themselves in. >>> >>> Not totally out of the woods yet. >>> >>> Someone please confirm if you can invite others using Members page -> >>> "Add Member". If not, then please follow up with me. >>> This model can be compromised by someone going rogue and inviting a >>> bunch of spammers. I'm expecting that our communal trust is high enough >>> to make this unlikely. >>> >>> Considering the risk profile seems less scary, disregard request to >>> delete my emails. :) >>> >>> On 12/18/21 3:02 PM, Matthias Felleisen wrote: >>> >>> >>> +2! And many thanks. (I was personally spared this spam until very >>> recently. No clue why) >>> >>> — Matthias >>> >>> >>> >>> >>> On Dec 18, 2021, at 2:55 PM, Robby Findler >>> wrote: >>> >>> +1! Thank you. >>> >>> Robby >>> >>> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt >>> wrote: The "members" option sounds right to me. Thanks for tracking down a way to improve the situation! At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote: > Core team, > > Sam asked me to issue bans for a troublesome spammer. I've done so, > even > just today. I understand I need quorum for larger decisions. This is > why > I have not yet reconfigured the list to
Re: [racket-users] Core Team: I need you decide what I should do about the spammer.
On Wed, Jan 12, 2022 at 1:14 PM Sage Gerard wrote: > > Yes. I assumed was that (b) was not true, since I thought volunteers > were hard to come by for most community tasks. "Ask only" makes more > sense if someone can be found and made available at any time. > > All: I normally wait for a go-ahead from a quorum before applying > changes like this. If I don't need to wait, then please tell me. I think if you're good with this approach, you should move forward with it. Sam > Sam: You mentioned someone got a 404 from an invite link. 404s sometimes > disguise permission issues, so I suspect that switching to "ask to join" > will make that problem go away too. > > On 1/12/22 1:00 PM, Sam Tobin-Hochstadt wrote: > > > Here's my suggestion: we switch to "ask to join" on Google Groups. I > > think that will notify all the moderators, and thus (a) more people > > can potentially respond (eg, I think I currently get those emails too) > > and (b) if someone can no longer take on this responsibility, it's > > easy to have someone else step up. The alternative where we specify a > > specific email requires potentially changing that email address when > > the responsibility changes. > > > > Does that seem like a reasonable approach? > > > > Sam > > > > On Tue, Jan 11, 2022 at 2:30 PM Sage Gerard wrote: > >> No no, that was helpful, thank you. We do need to figure this part out. > >> > >> On 1/11/22 2:22 PM, Robby Findler wrote: > >> > >> Sorry, I probably shouldn't have jumped in here. I'm happy with whatever > >> you folks decide is best! > >> > >> Robby > >> > >> > >> On Tue, Jan 11, 2022 at 1:09 PM Sage Gerard wrote: > >>> Makes sense. > >>> > >>> I'll repeat one key difference in the context of Google Groups > >>> > >>> Ask to join > >>> > >>> Racket volunteer must be available for vetting requests, on receiving > >>> them. Member starts process in Google Groups > >>> > >>> Invite only > >>> > >>> Racket volunteer may vet first, but must initiate contact with member. As > >>> Sam said, strangers can't start that process. > >>> > >>> If you publish an email to request invites, then the process is going to > >>> be "ask to join" no matter what, so the mailing list configuration is > >>> relevant for a different reason. Do we want members to start the process > >>> in Google Groups, or by sending an email to a fixed address? > >>> > >>> On 1/11/22 1:51 PM, Robby Findler wrote: > >>> > >>> Probably people find out about the mailing list by the website, right? We > >>> could post an email address or two there where asks should go? > >>> > >>> Robby > >>> > >>> > >>> On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt > >>> wrote: > One thing to note here: it's now not possible to _request_ to join the > list. If someone wants to join the list, they have to know someone who > is already a member and ask them to join. > > It looks like another option is "Anyone on the web can ask" to join. > It's not immediately clear who gets the emails when people ask, but > this seems like it might be a good intermediate position. > > Sam > > On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard wrote: > > Alright, thanks to all of you for the quick replies. As of this > > writing, the list has been reconfigured to create an explicit perimeter > > between the non-members and members. The public can no longer let > > themselves in. > > > > Not totally out of the woods yet. > > > > Someone please confirm if you can invite others using Members page -> > > "Add Member". If not, then please follow up with me. > > This model can be compromised by someone going rogue and inviting a > > bunch of spammers. I'm expecting that our communal trust is high enough > > to make this unlikely. > > > > Considering the risk profile seems less scary, disregard request to > > delete my emails. :) > > > > On 12/18/21 3:02 PM, Matthias Felleisen wrote: > > > > > > +2! And many thanks. (I was personally spared this spam until very > > recently. No clue why) > > > > — Matthias > > > > > > > > > > On Dec 18, 2021, at 2:55 PM, Robby Findler > > wrote: > > > > +1! Thank you. > > > > Robby > > > > On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt > > wrote: > >> The "members" option sounds right to me. Thanks for tracking down a way > >> to improve the situation! > >> > >> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote: > >>> Core team, > >>> > >>> Sam asked me to issue bans for a troublesome spammer. I've done so, > >>> even > >>> just today. I understand I need quorum for larger decisions. This is > >>> why > >>> I have not yet reconfigured the list to permanently stop the spammer. > >>> After researching the problem further, I need your urgent attention. > >>> > >>> I found that the spam
Re: [racket-users] Core Team: I need you decide what I should do about the spammer.
Yes. I assumed was that (b) was not true, since I thought volunteers were hard to come by for most community tasks. "Ask only" makes more sense if someone can be found and made available at any time. All: I normally wait for a go-ahead from a quorum before applying changes like this. If I don't need to wait, then please tell me. Sam: You mentioned someone got a 404 from an invite link. 404s sometimes disguise permission issues, so I suspect that switching to "ask to join" will make that problem go away too. On 1/12/22 1:00 PM, Sam Tobin-Hochstadt wrote: > Here's my suggestion: we switch to "ask to join" on Google Groups. I > think that will notify all the moderators, and thus (a) more people > can potentially respond (eg, I think I currently get those emails too) > and (b) if someone can no longer take on this responsibility, it's > easy to have someone else step up. The alternative where we specify a > specific email requires potentially changing that email address when > the responsibility changes. > > Does that seem like a reasonable approach? > > Sam > > On Tue, Jan 11, 2022 at 2:30 PM Sage Gerard wrote: >> No no, that was helpful, thank you. We do need to figure this part out. >> >> On 1/11/22 2:22 PM, Robby Findler wrote: >> >> Sorry, I probably shouldn't have jumped in here. I'm happy with whatever >> you folks decide is best! >> >> Robby >> >> >> On Tue, Jan 11, 2022 at 1:09 PM Sage Gerard wrote: >>> Makes sense. >>> >>> I'll repeat one key difference in the context of Google Groups >>> >>> Ask to join >>> >>> Racket volunteer must be available for vetting requests, on receiving them. >>> Member starts process in Google Groups >>> >>> Invite only >>> >>> Racket volunteer may vet first, but must initiate contact with member. As >>> Sam said, strangers can't start that process. >>> >>> If you publish an email to request invites, then the process is going to be >>> "ask to join" no matter what, so the mailing list configuration is relevant >>> for a different reason. Do we want members to start the process in Google >>> Groups, or by sending an email to a fixed address? >>> >>> On 1/11/22 1:51 PM, Robby Findler wrote: >>> >>> Probably people find out about the mailing list by the website, right? We >>> could post an email address or two there where asks should go? >>> >>> Robby >>> >>> >>> On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt >>> wrote: One thing to note here: it's now not possible to _request_ to join the list. If someone wants to join the list, they have to know someone who is already a member and ask them to join. It looks like another option is "Anyone on the web can ask" to join. It's not immediately clear who gets the emails when people ask, but this seems like it might be a good intermediate position. Sam On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard wrote: > Alright, thanks to all of you for the quick replies. As of this writing, > the list has been reconfigured to create an explicit perimeter between > the non-members and members. The public can no longer let themselves in. > > Not totally out of the woods yet. > > Someone please confirm if you can invite others using Members page -> > "Add Member". If not, then please follow up with me. > This model can be compromised by someone going rogue and inviting a bunch > of spammers. I'm expecting that our communal trust is high enough to make > this unlikely. > > Considering the risk profile seems less scary, disregard request to > delete my emails. :) > > On 12/18/21 3:02 PM, Matthias Felleisen wrote: > > > +2! And many thanks. (I was personally spared this spam until very > recently. No clue why) > > — Matthias > > > > > On Dec 18, 2021, at 2:55 PM, Robby Findler > wrote: > > +1! Thank you. > > Robby > > On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt wrote: >> The "members" option sounds right to me. Thanks for tracking down a way >> to improve the situation! >> >> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote: >>> Core team, >>> >>> Sam asked me to issue bans for a troublesome spammer. I've done so, even >>> just today. I understand I need quorum for larger decisions. This is why >>> I have not yet reconfigured the list to permanently stop the spammer. >>> After researching the problem further, I need your urgent attention. >>> >>> I found that the spam messages sometimes link to other Google group >>> posts affected by the spammer. A recent trail leads to a >>> comp.lang.python Google message in 2017. I suspect that email addresses >>> are scraped in unmoderated lists that freely hand out membership. After >>> checking the list settings, I found that this is one of those lists. I >>> hypothesize that our email addresses are being scraped and
Re: [racket-users] Core Team: I need you decide what I should do about the spammer.
Here's my suggestion: we switch to "ask to join" on Google Groups. I think that will notify all the moderators, and thus (a) more people can potentially respond (eg, I think I currently get those emails too) and (b) if someone can no longer take on this responsibility, it's easy to have someone else step up. The alternative where we specify a specific email requires potentially changing that email address when the responsibility changes. Does that seem like a reasonable approach? Sam On Tue, Jan 11, 2022 at 2:30 PM Sage Gerard wrote: > > No no, that was helpful, thank you. We do need to figure this part out. > > On 1/11/22 2:22 PM, Robby Findler wrote: > > Sorry, I probably shouldn't have jumped in here. I'm happy with whatever you > folks decide is best! > > Robby > > > On Tue, Jan 11, 2022 at 1:09 PM Sage Gerard wrote: >> >> Makes sense. >> >> I'll repeat one key difference in the context of Google Groups >> >> Ask to join >> >> Racket volunteer must be available for vetting requests, on receiving them. >> Member starts process in Google Groups >> >> Invite only >> >> Racket volunteer may vet first, but must initiate contact with member. As >> Sam said, strangers can't start that process. >> >> If you publish an email to request invites, then the process is going to be >> "ask to join" no matter what, so the mailing list configuration is relevant >> for a different reason. Do we want members to start the process in Google >> Groups, or by sending an email to a fixed address? >> >> On 1/11/22 1:51 PM, Robby Findler wrote: >> >> Probably people find out about the mailing list by the website, right? We >> could post an email address or two there where asks should go? >> >> Robby >> >> >> On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt >> wrote: >>> >>> One thing to note here: it's now not possible to _request_ to join the >>> list. If someone wants to join the list, they have to know someone who >>> is already a member and ask them to join. >>> >>> It looks like another option is "Anyone on the web can ask" to join. >>> It's not immediately clear who gets the emails when people ask, but >>> this seems like it might be a good intermediate position. >>> >>> Sam >>> >>> On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard wrote: >>> > >>> > Alright, thanks to all of you for the quick replies. As of this writing, >>> > the list has been reconfigured to create an explicit perimeter between >>> > the non-members and members. The public can no longer let themselves in. >>> > >>> > Not totally out of the woods yet. >>> > >>> > Someone please confirm if you can invite others using Members page -> >>> > "Add Member". If not, then please follow up with me. >>> > This model can be compromised by someone going rogue and inviting a bunch >>> > of spammers. I'm expecting that our communal trust is high enough to make >>> > this unlikely. >>> > >>> > Considering the risk profile seems less scary, disregard request to >>> > delete my emails. :) >>> > >>> > On 12/18/21 3:02 PM, Matthias Felleisen wrote: >>> > >>> > >>> > +2! And many thanks. (I was personally spared this spam until very >>> > recently. No clue why) >>> > >>> > — Matthias >>> > >>> > >>> > >>> > >>> > On Dec 18, 2021, at 2:55 PM, Robby Findler >>> > wrote: >>> > >>> > +1! Thank you. >>> > >>> > Robby >>> > >>> > On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt wrote: >>> >> >>> >> The "members" option sounds right to me. Thanks for tracking down a way >>> >> to improve the situation! >>> >> >>> >> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote: >>> >> > Core team, >>> >> > >>> >> > Sam asked me to issue bans for a troublesome spammer. I've done so, >>> >> > even >>> >> > just today. I understand I need quorum for larger decisions. This is >>> >> > why >>> >> > I have not yet reconfigured the list to permanently stop the spammer. >>> >> > After researching the problem further, I need your urgent attention. >>> >> > >>> >> > I found that the spam messages sometimes link to other Google group >>> >> > posts affected by the spammer. A recent trail leads to a >>> >> > comp.lang.python Google message in 2017. I suspect that email addresses >>> >> > are scraped in unmoderated lists that freely hand out membership. After >>> >> > checking the list settings, I found that this is one of those lists. I >>> >> > hypothesize that our email addresses are being scraped and >>> >> > cross-referenced for use in other unmoderated lists. >>> >> > >>> >> > It's one thing to flatly complain about a spammer on this list, and >>> >> > another to willingly maintain a transmission vector. We need to stop >>> >> > automatically handing out group membership with our current settings. >>> >> > We >>> >> > can have issue list memberships. I need you all to fill in the >>> >> > blank with "moderators" or "members." I'll translate the settings >>> >> > accordingly. >>> >> > >>> >> > Given the holidays, I respect your time. Please reciprocate with
