[AUUG-Talk]: Re: Membership Renewals
lloy0076 at rebel.net.au
Mon Sep 25 23:09:43 EST 2006
> Membership management has been somewhat patchy since Liz left.
> While we are processing membership renewals, we have not been
> sending out renewal notices. Further, the credit card details
> for auto-renewal were stored so securely that we have no access
> to them.
Without taking a too combatitive stance, I've taught security courses
before. The very first thing I teach my students is this:
"If, for whatever reason, the system cannot do the work you are
authorised to do, then the system is NOT SECURE. It is unusable.".
Humour me - why would I want to renew my membership with an organisation
representing computing professionals who has, at best, an unusable (and
insecure) system? If you can't work out how to find those credit card
details, am I meant to trust that you actually know what members are to
be RE-newed as opposed to RE-join?
It sounds like you've just LOST the credit card details in their
entirety; I know admitting/confessing that could land AUUG in a heap of
hot water, but really. *I* don't buy the "it's stored so securely"
explanation at all, because:
1. Either that makes AUUG unable to manage security
- remember, if it's unusable (in this case, if the credit card details
are not retrievable), it's UNUSABLE
- unusable !== secure
2. Or AUUG actually has lost all its members credit card details and
doesn't know where they are
- which is kind of dangerous, don't you think?
3. Or AUUG has lost its members credit card details, has no idea where
they are and no idea how to retrieve them
- errk, great, members' credit card numbers are effectively Lost In Space
Sorry, guys, if you want to portray yourselves as a "Professional
Organisation" for Unix (and other computing) professionals, "losing"
credit card details because they are UNUSABLE (euphemism: too secure)
really kinda shoots you in the foot.
More information about the Talk