Erik Moeller wrote:
I agree. Sysops need emergency powers to ban signed in users in cases of obvious vandalism.
As I stated in a previous post, I think it would help if Wikipedia's tech people could work on some enhanced security features. We can debate the details, but I think they should include:
(1) Flexibility on the part of the administrator (Jimbo). If there are no vandals currently active, the current laissez-faire system works fine. When there's a pest afoot, however, Jimbo should be able to temporarily turn on additional security features, such as giving sysops added powers.
(2) The ability to temporarily restrict contributions from non-registered users.
(3) The ability to create some kind of registration barrier that will make it harder for vandals to get back in the door immediately by simply registering under a new name.
(4) The ability to push a button that will instantly send one million megavolts coursing through the body of Ed Poor. (Just joking.)
Sheldon's suggestions:
(1) Flexibility on the part of the administrator (Jimbo). If there are no vandals currently active, the current laissez-faire system works fine. When there's a pest afoot, however, Jimbo should be able to temporarily turn on additional security features, such as giving sysops added powers.
Any solution that depends on Jimbo being present is IMHO flawed. Jimbo is usually logged off on the weekends, for example.
(2) The ability to temporarily restrict contributions from non-registered users.
We already have that - IP blocking. We never had a vandal that could switch IPs faster than we could block them. What would be nice is wildcard support at least for the fourth octet.
(3) The ability to create some kind of registration barrier that will make it harder for vandals to get back in the door immediately by simply registering under a new name.
See my suggestion on wikitech to allow sysops to ban signed in users who have made no contributions older than n days. We should also have account creation per IP throttling.
A real ermegency measure would be to only allow users listed on "Most active Wikipedians" to make edits when emergency mode has been switched on.
We could allow any sysop to turn on this emergency mode. If it is turned on, a message would be prominently displayed on every page. If a sysop abuses this privilege, he is promptly banned.
(4) The ability to push a button that will instantly send one million megavolts coursing through the body of Ed Poor. (Just joking.)
No teasing, please ..
Regards,
Erik
Erik Moeller wrote:
Any solution that depends on Jimbo being present is IMHO flawed. Jimbo is usually logged off on the weekends, for example.
I agree with this.
At this point, we're not talking about *policy* per se. Policy on simple vandals very much empowered the sysops to ban the MIT vandal, it's just that a technical limitation made it impossible. The wiki model of trust means that sysops can ban simple vandals without even talking to me about it -- this happens all the time -- but that bans of people who are not *just* simple vandals requires a discussion point.
This is a check on our power (all of us, even me), to prevent the temptation to ban people for political disagreements.
We already have that - IP blocking. We never had a vandal that could switch IPs faster than we could block them. What would be nice is wildcard support at least for the fourth octet.
This would have been helpful this weekend. Obviously, wildcard blocked ips should be restored to use more rapidly than single ips, because they are much more likely to negatively impact legitimate users.
We should also have account creation per IP throttling.
That's a good idea, too, but in this *particular* case it would not have helped. The MIT vandal was hopping ips fairly quickly.
But a fourth octet wildcard would generally knock out an entire computer lab or coffee shop no problem.
--Jimbo
The MIT vandal might be discouraged from repeating his antics if someone complains to MIT about him. While we don't explicitly know who it was, it seems from what I've read that we know what IP addresses he was using at specific times so if MIT keep track of this then they will know who he is. Pointing out to them that if actions like these are repeated then wikipedia may be forced to block ranges of MITs IP addresses which would adversely affect their students as this is a useful educational resource etc might spur them into action.
While I wouldn't like to see anything serious happen to him a warning about his future conduct regarding university network facilities (which universities seem quite keen to give) might encourage him not to repeat his actions.
Just an idea..
Andrew
----- Original Message ----- From: "Jimmy Wales" jwales@bomis.com To: wikien-l@wikipedia.org Sent: Monday, February 10, 2003 11:53 AM Subject: Re: [WikiEN-l] Re: SERIOUS HELP NEEDED NOW!
Erik Moeller wrote:
Any solution that depends on Jimbo being present is IMHO flawed. Jimbo is usually logged off on the weekends, for example.
I agree with this.
At this point, we're not talking about *policy* per se. Policy on simple vandals very much empowered the sysops to ban the MIT vandal, it's just that a technical limitation made it impossible. The wiki model of trust means that sysops can ban simple vandals without even talking to me about it -- this happens all the time -- but that bans of people who are not *just* simple vandals requires a discussion point.
This is a check on our power (all of us, even me), to prevent the temptation to ban people for political disagreements.
We already have that - IP blocking. We never had a vandal that could switch IPs faster than we could block them. What would be nice is wildcard support at least for the fourth octet.
This would have been helpful this weekend. Obviously, wildcard blocked ips should be restored to use more rapidly than single ips, because they are much more likely to negatively impact legitimate users.
We should also have account creation per IP throttling.
That's a good idea, too, but in this *particular* case it would not have helped. The MIT vandal was hopping ips fairly quickly.
But a fourth octet wildcard would generally knock out an entire computer lab or coffee shop no problem.
--Jimbo _______________________________________________ WikiEN-l mailing list WikiEN-l@wikipedia.org http://www.wikipedia.org/mailman/listinfo/wikien-l
There might be others here who can do that, but, um, dare I suggest that if someone send me IP addresses and times of access, I could probably pretty easily chase down who exactly this MIT vandal is (being a stone's throw from MIT), which would be much more helpful in figuring out what to do.
Saurabh
------
In message 005e01c2d100$7f982dc0$24e76f83@andrew, "Andrew Smith" said:
The MIT vandal might be discouraged from repeating his antics if someone complains to MIT about him. While we don't explicitly know who it was, it seems from what I've read that we know what IP addresses he was using at specific times so if MIT keep track of this then they will know who he is. Pointing out to them that if actions like these are repeated then wikipedia may be forced to block ranges of MITs IP addresses which would adversely affect their students as this is a useful educational resource etc might spur them into action.
While I wouldn't like to see anything serious happen to him a warning about his future conduct regarding university network facilities (which universities seem quite keen to give) might encourage him not to repeat his actions.
Just an idea..
Andrew
----- Original Message ----- From: "Jimmy Wales" jwales@bomis.com To: wikien-l@wikipedia.org Sent: Monday, February 10, 2003 11:53 AM Subject: Re: [WikiEN-l] Re: SERIOUS HELP NEEDED NOW!
Erik Moeller wrote:
Any solution that depends on Jimbo being present is IMHO flawed. Jimbo is usually logged off on the weekends, for example.
I agree with this.
At this point, we're not talking about *policy* per se. Policy on simple vandals very much empowered the sysops to ban the MIT vandal, it's just that a technical limitation made it impossible. The wiki model of trust means that sysops can ban simple vandals without even talking to me about it -- this happens all the time -- but that bans of people who are not *just* simple vandals requires a discussion point.
This is a check on our power (all of us, even me), to prevent the temptation to ban people for political disagreements.
We already have that - IP blocking. We never had a vandal that could switch IPs faster than we could block them. What would be nice is wildcard support at least for the fourth octet.
This would have been helpful this weekend. Obviously, wildcard blocked ips should be restored to use more rapidly than single ips, because they are much more likely to negatively impact legitimate users.
We should also have account creation per IP throttling.
That's a good idea, too, but in this *particular* case it would not have helped. The MIT vandal was hopping ips fairly quickly.
But a fourth octet wildcard would generally knock out an entire computer lab or coffee shop no problem.
--Jimbo _______________________________________________ WikiEN-l mailing list WikiEN-l@wikipedia.org http://www.wikipedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@wikipedia.org http://www.wikipedia.org/mailman/listinfo/wikien-l
There might be others here who can do that, but, um, dare I suggest that if someone send me IP addresses and times of access, I could probably pretty easily chase down who exactly this MIT vandal is (being a stone's throw from MIT), which would be much more helpful in figuring out what to do.
The following IP addresses were used, the vandal has been active for up to four hours until the blocks (times are UTC+1).
# 14:24 Feb 8, 2003, Jimbo Wales blocked 18.56.0.30 (contribs) (unblock) (This is Ivone?) # 14:33 Feb 8, 2003, Jimbo Wales blocked 18.56.0.31 (contribs) (unblock) (The MIT vandal) # 14:40 Feb 8, 2003, Eloquence blocked 18.56.0.32 (contribs) (unblock) (preventive blocking) # 14:41 Feb 8, 2003, Eloquence blocked 18.56.0.33 (contribs) (unblock) (preventive blocking) # 14:41 Feb 8, 2003, Eloquence blocked 18.56.0.34 (contribs) (unblock) (preventive blocking) # 14:51 Feb 8, 2003, Jimbo Wales blocked 18.21.0.97 (contribs) (unblock) (MIT vandal again) # 14:56 Feb 8, 2003, Jimbo Wales blocked 18.21.0.108 (contribs) (unblock) (MIT vandal) # 15:02 Feb 8, 2003, Jimbo Wales blocked 18.21.0.109 (contribs) (unblock) (MIT vandal) # 15:02 Feb 8, 2003, Jimbo Wales blocked 18.21.0.110 (contribs) (unblock) (MIT Vandal) # 15:02 Feb 8, 2003, Jimbo Wales blocked 18.21.0.111 (contribs) (unblock) (MIT vandal (pre-emptive strike))
Here you are.
Saurabh
[Note: details of vandal hunt removed from archive by Jimbo Wales, for reasons of privacy]
In message 13391.1044894288@www68.gmx.net, Erik Moeller said:
There might be others here who can do that, but, um, dare I suggest that if someone send me IP addresses and times of access, I could probably pretty easily chase down who exactly this MIT vandal is (being a stone's throw from MIT), which would be much more helpful in figuring out what to do.
The following IP addresses were used, the vandal has been active for up to four hours until the blocks (times are UTC+1).
# 14:24 Feb 8, 2003, Jimbo Wales blocked 18.56.0.30 (contribs) (unblock) (This is Ivone?) # 14:33 Feb 8, 2003, Jimbo Wales blocked 18.56.0.31 (contribs) (unblock) (The MIT vandal) # 14:40 Feb 8, 2003, Eloquence blocked 18.56.0.32 (contribs) (unblock) (preventive blocking) # 14:41 Feb 8, 2003, Eloquence blocked 18.56.0.33 (contribs) (unblock) (preventive blocking) # 14:41 Feb 8, 2003, Eloquence blocked 18.56.0.34 (contribs) (unblock) (preventive blocking) # 14:51 Feb 8, 2003, Jimbo Wales blocked 18.21.0.97 (contribs) (unblock) (MIT vandal again) # 14:56 Feb 8, 2003, Jimbo Wales blocked 18.21.0.108 (contribs) (unblock) (MIT vandal) # 15:02 Feb 8, 2003, Jimbo Wales blocked 18.21.0.109 (contribs) (unblock) (MIT vandal) # 15:02 Feb 8, 2003, Jimbo Wales blocked 18.21.0.110 (contribs) (unblock) (MIT Vandal) # 15:02 Feb 8, 2003, Jimbo Wales blocked 18.21.0.111 (contribs) (unblock) (MIT vandal (pre-emptive strike))
-- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!
WikiEN-l mailing list WikiEN-l@wikipedia.org http://www.wikipedia.org/mailman/listinfo/wikien-l
(someone) could be him. The MIT vandal started out on [[Woman]] under the IP 18.21.0.98. The same IP also engaged in a flamewar on [[Kosovo War]] a few days earlier. Now if we search for "(someone)" in Google, what do we find? The guy is a a Serbian student; from Belgrade, to be precise.
Isn't the Internet wonderful? I'll leave it to Jimbo to write a nice warm letter.
Regards,
Erik
Erik Moeller wrote:
Isn't the Internet wonderful? I'll leave it to Jimbo to write a nice warm letter.
A 3rd year graduate student in the M.I.T. math department?
Fortunately, we happen to have a regular contributor and guy I've known for so many years I can't count who happens to be an M.I.T. math professor.
So getting to the bottom of this is getting pretty easy.
I would totally appreciate that.
rednblack@alum.mit.edu wrote:
There might be others here who can do that, but, um, dare I suggest that if someone send me IP addresses and times of access, I could probably pretty easily chase down who exactly this MIT vandal is (being a stone's throw from MIT), which would be much more helpful in figuring out what to do.
Saurabh
In message 005e01c2d100$7f982dc0$24e76f83@andrew, "Andrew Smith" said:
The MIT vandal might be discouraged from repeating his antics if someone complains to MIT about him. While we don't explicitly know who it was, it seems from what I've read that we know what IP addresses he was using at specific times so if MIT keep track of this then they will know who he is. Pointing out to them that if actions like these are repeated then wikipedia may be forced to block ranges of MITs IP addresses which would adversely affect their students as this is a useful educational resource etc might spur them into action.
While I wouldn't like to see anything serious happen to him a warning about his future conduct regarding university network facilities (which universities seem quite keen to give) might encourage him not to repeat his actions.
Just an idea..
Andrew
----- Original Message ----- From: "Jimmy Wales" jwales@bomis.com To: wikien-l@wikipedia.org Sent: Monday, February 10, 2003 11:53 AM Subject: Re: [WikiEN-l] Re: SERIOUS HELP NEEDED NOW!
Erik Moeller wrote:
Any solution that depends on Jimbo being present is IMHO flawed. Jimbo is usually logged off on the weekends, for example.
I agree with this.
At this point, we're not talking about *policy* per se. Policy on simple vandals very much empowered the sysops to ban the MIT vandal, it's just that a technical limitation made it impossible. The wiki model of trust means that sysops can ban simple vandals without even talking to me about it -- this happens all the time -- but that bans of people who are not *just* simple vandals requires a discussion point.
This is a check on our power (all of us, even me), to prevent the temptation to ban people for political disagreements.
We already have that - IP blocking. We never had a vandal that could switch IPs faster than we could block them. What would be nice is wildcard support at least for the fourth octet.
This would have been helpful this weekend. Obviously, wildcard blocked ips should be restored to use more rapidly than single ips, because they are much more likely to negatively impact legitimate users.
We should also have account creation per IP throttling.
That's a good idea, too, but in this *particular* case it would not have helped. The MIT vandal was hopping ips fairly quickly.
But a fourth octet wildcard would generally knock out an entire computer lab or coffee shop no problem.
--Jimbo _______________________________________________ WikiEN-l mailing list WikiEN-l@wikipedia.org http://www.wikipedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@wikipedia.org http://www.wikipedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@wikipedia.org http://www.wikipedia.org/mailman/listinfo/wikien-l
Sheldon Rampton wrote:
As I stated in a previous post, I think it would help if Wikipedia's tech people could work on some enhanced security features. We can debate the details, but I think they should include:
(1) Flexibility on the part of the administrator (Jimbo).
I agree with Sheldon that it would help if Wikipedia's tech people could work on my flexibility. Having a 2 year old asking me to do various tricks that she can do makes me realize how badly my flexibility has declined in recent years. ;-)
Just kidding...
If there are no vandals currently active, the current laissez-faire system works fine. When there's a pest afoot, however, Jimbo should be able to temporarily turn on additional security features, such as giving sysops added powers.
My general feeling is that the wiki model of trust (trust everyone as much as you can) suggests that whatever additional features we develop can be trusted to sysops all the time. We just agree not to use them except when absolutely necessary.
(2) The ability to temporarily restrict contributions from non-registered users.
For this Saturday's problem, this would not have helped at all. The MIT vandal was logging in over and over, from different machines. There was just enough time lag that I think he was hopping from one machine to another in a lab. I think at one point, he moved from one lab to another, although it's hard to say exactly.
(3) The ability to create some kind of registration barrier that will make it harder for vandals to get back in the door immediately by simply registering under a new name.
*nod*
(4) The ability to push a button that will instantly send one million megavolts coursing through the body of Ed Poor. (Just joking.)
I've already got that one installed. It came with Phase II. In phase III, we hooked up *two* million megavolts to *you*. I just haven't used it yet. ;-)
--Jimbo