[hackerspaces] Abuse Of Power

Sat Apr 13 17:56:14 CEST 2013

Dear Paul,

I got a couple alerts while I was at a conference in Amsterdam, and
two emails about broken parts, and after taking a look and seeing
someone unknown access my server and have root privs as I got back, I
sent an email to the tech@ mailing list and removed sudoers access
until I got a statement from fh. His account's access was restored
within minutes after his reply. As I would like to know who gives
access to whom on my servers, I would've very much hoped to get
informed by you about this previously, personally or via the tech@
mailinglist - because that's what it's there for. No, I do not rejoice
in alerts while I'm away that leave me clueless about why they were
generated, as I'm sure you would not, either.

On Sat, Apr 13, 2013 at 5:32 PM, Paul Bohm <bohmps at gmail.com> wrote:
> While we're almost done with this, the site got spammed heavily again. Flo
> asked me if he could step in, and I said - well, the site is being spammed.
> He fixed it

Well, actually no. I tried something else today as the StopForumSpam
integration doesn't work any more, and we'll see how that goes.

> and also deployed the fixes that will make pagination work again

Which I am more than thankful for, and that's also what I wrote to fh.

> but she seems to have gotten
> angry at FH and removed his and my access. At some point she said "you have
> access again, enki not".

Enki, you have access, as does fh, but until you learn to use the
tech@ mailing list to at least have the gracefulness to let me know
that you've asked someone else to fix something and give him root, I
do not see how I can trust you with such privileges.

> This isn't the first such story I've heard. Eric Michaud (who wrote a
> sizable up to half of the stories at (http://blog.hackerspaces.org/) also
> told me she removed his access much earlier for power struggle reasons.
> (Eric is in cc)

I have never before deliberately removed someone from sudoers. We
have, however, migrated the wiki twice and home directories weren't
always fully restored on new servers. As with every other bug that's
brought to the tech@ mailinglist's attention, an email from Eric
explaining he needs access would've sufficed.

> it's not cool to sabotage others who actually do the
> work, when you've let the site languish for years.

I am not sabotaging anything. Without going down the same accusational
path you have, I'd like to point out that letting something languish
does not involve caring for the hardware, backups, fixing small bugs,
or helping people with questions or access to data for their projects.

> Sorry to put the laundry out in the open, but this just isn't a way to deal
> with people.

Exactly.

Hack on,
/astera

PS: I will not spam the lists included in /cc any further by replying
to this thread.