On 5/17/07, Brianna Laugher brianna.laugher@gmail.com wrote:
On 17/05/07, Bryan Tong Minh bryan.tongminh@gmail.com wrote:
As you might, or might not know, I have been quite busy with Flickr lately, especially with [[User:FlickreviewR]]. I have written two tools (or actually, one tool with two functions) with helps Commons users with images for Flickr.
The first is a database of all images reviewed images from Flickr: http://tools.wikimedia.de/~bryan/flickr/browse You can search on nsid, username, photo_id, link, and Commons image. The database contains over 28,000 images, which is over 70% of the total number of Flickr images on Commons :) [1]
Whose username, Flickr or Commons? And if Commons is that reviewer or uploader or what? What is nsid? No search I tried actually returned any results. Bit more help, please?
Flickr. This part needs some help indeed.
Now the second tool is really handy (imho ;P). It allows you to easily upload images from Flickr:
If you find any security bug in
the upload part, the bot that performs the uploads and to be blocked is Flickr_upload_bot.
Magnus had a similar idea, a bot that performed transfers from (eg) Wikipedia to Commons. I asked him to disable it...
I kind of have a problem with this is in that it allows essentially anonymous uploads. At least in this case they are restricted to images from flickr with suitable licenses, that is better than totally anonymous, but still. What stops me putting the username 'Bryan' in and putting up whatever irrelevant, offensive, invasive, stupid images I can find on Flickr? oh... nothing.
It does. During the upload you will receive a token, which you must save to Commons. Then the bot will query Commons for the user who editted this page. It will only upload if if the username that has been given matches the username of the user who editted the page. So unless you know my password, the bot will refuse uploading under my name.
I think there's a good reason MediaWiki requires users to be logged in before uploading, and I don't think we should use bots that circumvent that requirement.
At the very least I think there should be a bot approval thing for this bot, where we can discuss as a community if we want to allow this kind of thing to happen.
It probably should. I will see whether everything works as expected, and will submit an approval request, explaining the full details of the security.
cheers Brianna user:pfctdayelise
Thank you for taking the time to think about this; I understand that the fact that any user can give a bot instruction sounds all alarm bells, but I think I have done enough to prevent massive unauthorized uploads.
Bryan