Tim Starling wrote:
I've just made a change to the software which allows sysops to ban logged-in users. See my post in wikitech-l for the technical details. It is currently in CVS. Once it's live, it should be a great help for dealing with Michael.
Thank you Tim! At least now we will force the vandals to take the time needed to create a new login and force their modem to fetch a new IP address.
Auto expiration of IP bans and rollback of page moves would also be nice...
Anything to slow down vandals like Micheal and the MIT vandal is a good thing.
-- Daniel Mayer (aka mav)
From: Daniel Mayer Thank you Tim! At least now we will force the vandals to take the time needed to create a new login and force their modem to fetch a new IP address.
Auto expiration of IP bans and rollback of page moves would also be nice...
Anything to slow down vandals like Micheal and the MIT vandal is a
good
thing.
Hooray! Let's make it into a competition, a game, because we know how unattractive computer games are to computer geeks!
Seriously, an arms race is not a useful allocation of developer energy, however much fun devising defensive stratefies is.
The Cunctator wrote:
From: Daniel Mayer Thank you Tim! At least now we will force the vandals to take the time needed to create a new login and force their modem to fetch a new IP address.
Auto expiration of IP bans and rollback of page moves would also be nice...
Yeah, that's definitely going to happen before this is implemented. Any suggestions for expiration time?
Anything to slow down vandals like Micheal and the MIT vandal is a
good
thing.
Hooray! Let's make it into a competition, a game, because we know how unattractive computer games are to computer geeks!
Seriously, an arms race is not a useful allocation of developer energy, however much fun devising defensive stratefies is.
This is not an arms race of hacker against hacker, it's an arms race of hacker against troll. Michael is using nothing more advanced than a web browser. You shouldn't think of this as some kind of technological cure-all, it is just a tool in sysops' arsenals, like the rollback button. Sure a vandal can log out, change their IP address and log back in again, but the moment they make a change to a page, a sysop can ban them again. This greatly increases the cost to vandals, and reduces the cost to us.
That said, the worst-case scenario of a vandalbot is always in the back of my mind. This feature cuts off the simplest kinds of vandalbots, and slows down the more advanced ones, meaning that they cause less damage in the time it takes for a developer to respond.
Anthere asked:
Will this be working on any wikipedia as well ?
That's a very good question. Currently the feature can't be turned on and off easily, but if you want I can easily fix it up so that it can be.
-- Tim Starling <tstarlingphysicsunimelbeduau>
Tim Starling wrote:
This greatly increases the cost to vandals, and reduces the cost to us.
I think that's exactly the right evaluation metric to use in cases like this, although we should of course factor in the costs associated with the risk that we may end up using the new feature in ways contrary to our spirit of openness.
That said, the worst-case scenario of a vandalbot is always in the back of my mind. This feature cuts off the simplest kinds of vandalbots, and slows down the more advanced ones, meaning that they cause less damage in the time it takes for a developer to respond.
Sure, but the great irony is that if someone did attack us in some more sophisticated way, the net result would not be to shut us down, but to force us to abandon one of our ideals of anonymous edits and instant-signup-edits.
We could always introduce waiting periods on signups before they can edit, etc., etc. What a horrible and sad day that would be, though.
--Jimbo
Jimmy Wales wrote:
Sure, but the great irony is that if someone did attack us in some more sophisticated way, the net result would not be to shut us down, but to force us to abandon one of our ideals of anonymous edits and instant-signup-edits.
Yes, but then the terrorists would have won.
-- Toby
At 05:13 AM 9/3/2003, you wrote:
Jimmy Wales wrote:
Sure, but the great irony is that if someone did attack us in some more sophisticated way, the net result would not be to shut us down, but to force us to abandon one of our ideals of anonymous edits and instant-signup-edits.
Yes, but then the terrorists would have won.
-- Toby
I can envision a protection against vandalbots that would not endanger our ability to accept instant anonymous edits. We could require that anyone trying to make an edit from an IP (not logged-in) have to pass a little test on every 5th edit or so. I'm sure you've all seen those images with distorted words where you are asked to read and type in the word so that bots can't sign up for various mailing lists, etc. We could use something like that. Every 5th edit wouldn't be TERRIBLY inconvenient for the user, but would sure stop a vandalbot. Plus, the minor inconvenience might even nudge people towards generating and using a login... which is A Good Thing. I suppose this could be problematic for anonymous contributors who are vision impaired, but we could have an audio version as well.
In any event, even if the above example isn't terribly feasible, I doubt we would truly have to give up in defeat (by disallowing anonymous edits) if we were subject to a concerted attack. We're resourceful, we'll come up with something when the time comes.
----- Dante Alighieri dalighieri@digitalgrapefruit.com
"The darkest places in hell are reserved for those who maintain their neutrality in times of great moral crisis." -Dante Alighieri, 1265-1321
"Dante Alighieri" dalighieri@digitalgrapefruit.com wrote in message news:5.2.0.9.2.20030903133745.02d3b748@digitalgrapefruit.com...
At 05:13 AM 9/3/2003, you wrote:
Jimmy Wales wrote:
Sure, but the great irony is that if someone did attack us in some more sophisticated way, the net result would not be to shut us down, but to force us to abandon one of our ideals of anonymous edits and instant-signup-edits.
Yes, but then the terrorists would have won.
-- Toby
I can envision a protection against vandalbots that would not endanger our ability to accept instant anonymous edits. We could require that anyone trying to make an edit from an IP (not logged-in) have to pass a little test on every 5th edit or so. I'm sure you've all seen those images with distorted words where you are asked to read and type in the word so that bots can't sign up for various mailing lists, etc. We could use something like that. Every 5th edit wouldn't be TERRIBLY inconvenient for the user, but would sure stop a vandalbot. Plus, the minor inconvenience might even nudge people towards generating and using a login... which is A Good
Thing.
I suppose this could be problematic for anonymous contributors who are vision impaired, but we could have an audio version as well.
In any event, even if the above example isn't terribly feasible, I doubt
we
would truly have to give up in defeat (by disallowing anonymous edits) if we were subject to a concerted attack. We're resourceful, we'll come up with something when the time comes.
A sophisticated vandalbot would not be at all deterred by this protection. A well-written vandalbot would create a new, random username before every edit. It would never use the same name twice. If the attacker was at all aware of how our software works, it would probably concentrate on deleting images by uploading a dummy and then deleting the old revision. It would open multiple connections to the server, for greater speed.
If this ever actually happens, then I would be in favour of implementing anti-bot protection when new users log in.
In the meantime, I think we should have better protection for our images. At the moment they're deleted permanently and instantly. They should be moved to an archive instead. More regular backups would also be useful -- some method of backing up only those old and cur entries which have changed would be useful for this. I don't think we should be spending too much time on filters and other annoying security when we don't even have a decent backup system in place. I think if we can get it to the stage where the most a bot can do is lose us a few hours worth of edits plus say half an hour downtime, it won't be worth spending any more time on the problem unless it actually happens.
-- Tim Starling <tstarlingphysicsunimelbeduau>