We need more people with access to CheckUser, because I don't scale, and we're under a nasty vandalbot attack. Proposal at:
http://en.wikipedia.org/wiki/Wikipedia:Quick_and_dirty_Checkuser_policy_prop...
Discussion at
http://en.wikipedia.org/wiki/Wikipedia_talk:Quick_and_dirty_Checkuser_policy...
Also, it's really slow, and I've had it time out for five hour stretches before when the DB's been under heavy load. So if anyone with a good grasp of the MediaWiki data structures wants to rewrite it to be faster/less load, please do!
My comments at the above:
As the guy who uses it now on en: (mostly so Tim Starling can get on with development and sysadmin matters), a few notes:
* _You have to pick people you can trust, and then trust them all the way._ Various people are going to ask to have this logged seven ways to Sunday to protect against possible abuses - but adding red tape is just going to be a massive PITA and not actually affect whether the CheckUser checker can be trusted to act with confidence. Basically, we have to pick people we trust not to use the power for evil. Like we do admins and bureaucrats, but more so. * Access by all bureaucrats is good IMO. They're highly trusted people. If people aren't sure about this one, we can reconfirm all current bureaucrats one by one. * Remember that a small number of the developers (those who have access to the database) already have this power and use it. They control the horizontal, they control the vertical, they see all and know all — because they have to have complete control in order to administer a top-50 website. But they respect the privacy policy, because that's what you do as a sysadmin. The proposal is to extend access to just one power, so as to avoid a bottleneck of too few people for the job. * It helps if the person understands various network foo. If not I am most happy to help and show how to interpret stuff. It's an art, not a science. * I really need to write up a Help: page for CheckUser checkers. * taw on pl: has CheckUser for pl:, I think — worth asking for ideas?
- d.
On 10/13/05, David Gerard dgerard@gmail.com wrote:
- Remember that a small number of the developers (those who have
access to the database) already have this power and use it. They control the horizontal, they control the vertical, they see all and know all — because they have to have complete control in order to administer a top-50 website. But they respect the privacy policy, because that's what you do as a sysadmin. The proposal is to extend access to just one power, so as to avoid a bottleneck of too few people for the job.
Do you really think there are people at other top-50 websites with unlogged and unfettered access to this sort of information? If so, do you think they had to go through any background checks, and sign a non-disclosure agreement? It certainly *is* possible to set up a system so that *no single person* can "see all and know all". I would hope all the other top-50 websites have set up such a system.
On 10/13/05, Anthony DiPierro wikispam@inbox.org wrote:
Do you really think there are people at other top-50 websites with unlogged and unfettered access to this sort of information? If so, do you think they had to go through any background checks, and sign a non-disclosure agreement? It certainly *is* possible to set up a system so that *no single person* can "see all and know all". I would hope all the other top-50 websites have set up such a system.
Most top-50 websites have a IT staff budget in excess of $1M a year. What's Wikipedia's IT staff budget, again?
Kelly
On 10/13/05, Kelly Martin kelly.lynn.martin@gmail.com wrote:
On 10/13/05, Anthony DiPierro wikispam@inbox.org wrote:
Do you really think there are people at other top-50 websites with
unlogged
and unfettered access to this sort of information? If so, do you think they had to go through any background checks, and
sign
a non-disclosure agreement? It certainly *is* possible to set up a system so that *no single person* can "see all and know all". I would hope all the other top-50 websites
have
set up such a system.
Most top-50 websites have a IT staff budget in excess of $1M a year. What's Wikipedia's IT staff budget, again?
Far too low. This is something which should be addressed.
Kelly
Anthony
David Gerard wrote:
We need more people with access to CheckUser, because I don't scale, and we're under a nasty vandalbot attack. Proposal at:
http://en.wikipedia.org/wiki/Wikipedia:Quick_and_dirty_Checkuser_policy_prop...
Discussion at
http://en.wikipedia.org/wiki/Wikipedia_talk:Quick_and_dirty_Checkuser_policy...
Hi,
Note that it would be nice that a global decision is made rather than a local one. If the global decision is made that on projects where there is an arbcom, only arbcom members should have access to the tool, then only arbcom members will have access to the tool.
if we agree that others can have also access to the tool, then agreeing on local editors to have access to the tool will be fine.
Also, it's really slow, and I've had it time out for five hour stretches before when the DB's been under heavy load. So if anyone with a good grasp of the MediaWiki data structures wants to rewrite it to be faster/less load, please do!
yup :-)
My comments at the above:
As the guy who uses it now on en: (mostly so Tim Starling can get on with development and sysadmin matters), a few notes:
* _You have to pick people you can trust, and then trust them allthe way._ Various people are going to ask to have this logged seven ways to Sunday to protect against possible abuses - but adding red tape is just going to be a massive PITA and not actually affect whether the CheckUser checker can be trusted to act with confidence. Basically, we have to pick people we trust not to use the power for evil. Like we do admins and bureaucrats, but more so. * Access by all bureaucrats is good IMO. They're highly trusted people. If people aren't sure about this one, we can reconfirm all current bureaucrats one by one.
I doubt very much that the global policy will be to grant all bureaucrats access to check user tool. I will personnaly oppose it very very very strongly.
* Remember that a small number of the developers (those who haveaccess to the database) already have this power and use it. They control the horizontal, they control the vertical, they see all and know all — because they have to have complete control in order to administer a top-50 website. But they respect the privacy policy, because that's what you do as a sysadmin. The proposal is to extend access to just one power, so as to avoid a bottleneck of too few people for the job.
Currently, this is not done any more by developers. This is done by a few people, who got access sometimes within the current rules, and sometimes against the current rules, plus stewards. The policy to give access is under discussion on meta. I am not very happy with the current proposal which seems unfinished to me. Some people support informing editors that they are ip-checked for exemple, but I fear this is very unpractical.
Currently, the check user log is private (only visible to those with check user access). Imho, this is just not a good idea. I think it should be public somewhere.
As for solving bottlenecks, I tend to agree with you when I see the amazing number of ip-check you handle per week. I am not entirely sure it is really required to do so by the way :-) But fixing a bottleneck by giving such an access to all bureaucrats is a bit too huge of a step. Bureaucrat status is given quite liberally on some projects, so it is to my opinion, just out of question.
* It helps if the person understands various network foo. If not Iam most happy to help and show how to interpret stuff. It's an art, not a science.
True, but it is easy enough to write a help page for check user editors.
* I really need to write up a Help: page for CheckUser checkers. * taw on pl: has CheckUser for pl:, I think — worth asking for ideas?
Taw is an example of a person who had check user access through a system I have no idea. Access is currently given out of the current rules. I do not find that so good. I do not doubt he is trusted by his community, but I have no proof of this. As a steward, so giving such access, I wonder how I can justify saying NO to a request when I have no idea why some editors were told YES and got the access.
It is a bit disturbing :-(
- d.
WikiEN-l mailing list WikiEN-l@Wikipedia.org To unsubscribe from this mailing list, visit: http://mail.wikipedia.org/mailman/listinfo/wikien-l
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
David Gerard wrote:
We need more people with access to CheckUser, because I don't scale, and we're under a nasty vandalbot attack. Proposal at:
<snip>
* _You have to pick people you can trust, and then trust them allthe way._ Various people are going to ask to have this logged seven ways to Sunday to protect against possible abuses - but adding red tape is just going to be a massive PITA and not actually affect whether the CheckUser checker can be trusted to act with confidence. Basically, we have to pick people we trust not to use the power for evil. Like we do admins and bureaucrats, but more so.
How about Stewards? They can set/remove the admin flag on users across all projects, so why not let them run IP checks as well?
- -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \
Alphax wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
David Gerard wrote:
We need more people with access to CheckUser, because I don't scale, and we're under a nasty vandalbot attack. Proposal at:
<snip>
- _You have to pick people you can trust, and then trust them all
the way._ Various people are going to ask to have this logged seven ways to Sunday to protect against possible abuses - but adding red tape is just going to be a massive PITA and not actually affect whether the CheckUser checker can be trusted to act with confidence. Basically, we have to pick people we trust not to use the power for evil. Like we do admins and bureaucrats, but more so.
How about Stewards? They can set/remove the admin flag on users across all projects, so why not let them run IP checks as well?
I fear it would not satisfy most editors. I had a look at the log some days ago, and basically, David use it everyday (roughly). It certainly takes him a lot of time. I have no idea whether it is really necessary to do so many checks, but if it is, he should be helped by a couple more people. If you ask stewards to do it, you will have to make a request each time, then wait for a steward to carry on the task, then for him to report. And only then can you block the person if needed.
On most projects, the needs are not very important (yet ?); so the stewards carrying the task seems feasible. En has much bigger needs, and has a group of editors already trusted by the community to handle such issues as deciding who should be banned or not. It seems a logical move that more arbitrators have check user access.
Ant