[Wikipedia-l] Script Kiddies/Panic Button

[Daniel Mayer]

On Tuesday 30 July 2002 10:18 am, you wrote:
> Hi, everybody. I thought it's about time I joined the list.
>
> Instead of just a lockout button, why not also provide admins with the
> ability to:
>
> a)       Limit edits to logged-in users, or
>
> b)       Limit the frequency of edits to "one edit per minute" for any
> given user or any given IP
>
> (You could adjust the time value of one minute in option B above.)
>
> --Ed Poor

This seems like a reasonable alternative and should be considered -- however 
this would probably require more work than allowing mere admins the ability 
to use the existing database block feature now only available to developers. 

But I digress... There has been several well reasoned posts about /not/ 
starting an arms race with vandals. Which would mean:

1) This feature would have to be given to admins in a hush-hush mannor and 
act as a "secrete weapon" to use only as a last resort (however, any script 
kiddy vandal with half a brain will scan all the mailing lists to find out 
security details and will quickly find out about such a "weapon" and mount 
counter-measures to circumvent it)

2) Or, this feature would be announced and open to act as some type of 
deterrence to a script kiddy vandal (which is also would fail due to the 
above).

I oftentimes (all-the-time?) overthink things and look too far ahead. So I 
leave this debate to saner minds than mine for now. Do what you think is best 
for the security of Wikipedia. 

Maybe all we need is daily database snapshots sent to a few different secure 
locations (perhaps more often if it doesn't become a performance issue). 
Heck, send me a script to automate the process and I will download a daily 
snapshot -- I have bandwidth to spare. 

--mav