Right at this moment, Michael is logged in as User:Fuck. He has cottoned on to two key weaknesses in our security setup.
Either one on its own is a problem, but both together is a gaping hole:
(a) There is no way to block a logged-in user if you can't guess his IP address.
(b) You can revert and rollback, but page moves are *much* more difficult to restore. You can't jus rollback a page move, you have to fiddle about making sure you are restoring the right page and not losing the history, and so on.
So far as I can see, there are only three possible solutions - no, make that four, but I don't like the last one much.
(i) Establish a time + number of edits before any new user is unblockable
(ii) Figure out a way to make the Rollback feature work on page moves as well as ordinary edits
(iii) Disallow page moves to ordinary users and make that a sysop-only task
(iv) Pick another half-dozen people, trusted and experienced sysops, and give them the ability to stand in when Brion and Eloquence are not around to block the Michaels of this world. Those guys are great, but they can't be here all the time.
This current vulnerability is a *major* problem, and in my view it needs action RIGHT AWAY.
In the meantime, Michael is running rampage through the database.
Tony
(Tannin)