[AUUG-Talk]: Re: Membership Renewals

David Lloyd lloy0076 at rebel.net.au
Mon Sep 25 23:09:43 EST 2006

> Membership management has been somewhat patchy since Liz left.
> While we are processing membership renewals, we have not been
> sending out renewal notices. Further, the credit card details
> for auto-renewal were stored so securely that we have no access 
> to them. 
Without taking a too combatitive stance, I've taught security courses 
before. The very first thing I teach my students is this:

"If, for whatever reason, the system cannot do the work you are 
authorised to do, then the system is NOT SECURE. It is unusable.".

Humour me - why would I want to renew my membership with an organisation 
representing computing professionals who has, at best, an unusable (and 
insecure) system? If you can't work out how to find those credit card 
details, am I meant to trust that you actually know what members are to 
be RE-newed as opposed to RE-join?

It sounds like you've just LOST the credit card details in their 
entirety; I know admitting/confessing that could land AUUG in a heap of 
hot water, but really. *I* don't buy the "it's stored so securely" 
explanation at all, because:

1. Either that makes AUUG unable to manage security

 - remember, if it's unusable (in this case, if the credit card details 
are not retrievable), it's UNUSABLE
 - unusable !== secure

2. Or AUUG actually has lost all its members credit card details and 
doesn't know where they are

 - which is kind of dangerous, don't you think?

3. Or AUUG has lost its members credit card details, has no idea where 
they are and no idea how to retrieve them

 - errk, great, members' credit card numbers are effectively Lost In Space

Sorry, guys, if you want to portray yourselves as a "Professional 
Organisation" for Unix (and other computing) professionals, "losing" 
credit card details because they are UNUSABLE (euphemism: too secure) 
really kinda shoots you in the foot.


More information about the Talk mailing list