おはようございます、
jawiki の井戸端 (告知) に書いた enwiki でのパスワードクラックと注意勧告の件の詳細です。
英語版ウィキペディアの管理者のなかには "password"
や自分のアカウント名をパスワードにしていた方もいたそうですが、そのような弱いパスワードをお使いの方が万一おられた場合は、変更を強くおすすめします。
とくに管理者の方はパスワードの管理に一層ご留意ください。
---------- Forwarded message ----------
From: Brion Vibber <brion(a)wikimedia.org>
Date: May 8, 2007 7:17 AM
Subject: [Foundation-l] Password security notes
To: Wikimedia developers <wikitech-l(a)lists.wikimedia.org>
Cc: wikipedia-l(a)lists.wikimedia.org, Wikimedia Foundation Mailing List
<foundation-l(a)lists.wikimedia.org>, wikien-l(a)lists.wikimedia.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As noted in other threads on several mailing lists, a few admin accounts
on en.wikipedia have been compromised recently, used to vandalize
high-traffic protected pages.
We're starting to roll out some additional protections against
password-guessing attacks, including but not limited to:
* Additional logging to better detect dictionary-style attacks
* Speed-bump measures against multiple failed logins
[But not that should DoS legitimate users. The traditional "lock out the
account after three tries" would make it trivial to lock out all the
site's sysops -- not wise. :)]
* Weak-password checks on existing sysops on our largest sites. Several
accounts have had their weak passwords invalidated and will need to
reset by mail before logging in again.
* Several targeted blocks against known cracking attempts.
Over the coming days we will additionally be rolling out more automated
password-strength checkers at login / set-password / change-password
time to reduce the danger of guessable passwords.
Please distribute this information as appropriate to your local
projects/languages.
- -- brion vibber (brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGP6WDwRnhpk1wk44RApO6AJ9q8MXXhYbVAT9+YoTOZgFwv56YbwCdH2MU
ysd+CDuI1knUHJaD1jd8wUo=
=FGTh
-----END PGP SIGNATURE-----
_______________________________________________
foundation-l mailing list
foundation-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/foundation-l
--
KIZU Naoko
Wikiquote: http://wikiquote.org
* habent enim emolumentum in labore suo *
Wikizine 69 より
主なニュース
* ユーザ名とパスワードが同一のアカウントは使用できなくなりました。
* MediaWiki のバージョンアップにより「更新数の少ないページ」リストがみえるようになりました。
* ウィキメディア財団は「ミッションステートメント」と「ヴィジョンステートメント」を改訂しました。
* Advisory board のウィキができました(内容はないよう)
* Wikimania 2007
の発表応募は5月15日までに延長されました。またあらたにCISとアフリカを対象とする旅費補助プログラムを募集しています。Wikimania
ではスポンサーを引き続き募集中です。
以下全文です。http://en.wikizine.org でもお読みいただけます。
---------- Forwarded message ----------
From: Wikizine <info(a)wikizine.org>
Date: May 2, 2007 7:42 AM
Subject: [Announce-l] Wikizine - number: 69
To: announce-l(a)lists.wikimedia.org
******************************************
__ __ _ _ _ _
/ / /\ \ (_) | _(_)___(_)_ __ ___
\ \/ \/ / | |/ / |_ / | '_ \ / _ \
\ /\ /| | <| |/ /| | | | | __/
\/ \/ |_|_|\_\_/___|_|_| |_|\___|
.org
Year: 2007 Week: 18 Number: 69
******************************************
An independent internal news bulletin
for the members of the Wikimedia community
//////////////////////////////////////////
=== Technical news ===
[Login] - Passwords that are the same as the user name can no longer
be used. Affected accounts can reset their password by e-mail to
something more secure. If you do not have an email address provided in
your account you have no access any more. The only hope to keep your
account is to go to #wikimedia-tech and convince a developer that you
are who you say you are. In general providing an email address for
your account, and the same for all accounts, is a good idea.
http://thread.gmane.org/gmane.science.linguistics.wikipedia.misc/29945http://www.spammotel.com -- if you do not trust Wikimedia with your
email address
http://www.spamgourmet.com
[Special] - New special page [[Special:Fewestrevisions]] . It lists
.... yes ....pages that have very few revisions, other versions.
Because it also includes redirects its usefulness is limited. The
results are cached.
http://en.wikipedia.org/wiki/Special:Fewestrevisions
=== Request for help ===
[Wikimania2007] - Call for Participation deadline extended until May 15.
http://wikimania2007.wikimedia.org/wiki/Call_for_Participation
[ENDS] - WMF Chair Anthere is asking for comments about a draft
governance model for Wikimedia Foundation Board Policy.
http://thread.gmane.org/gmane.org.wikimedia.foundation/16587http://meta.wikimedia.org/wiki/Policy_governance_manual
=== Policy ===
[Who Are You?] - The WMF approved a resolution making it required that
people who have access to confidential information identify themselves
to the Wikimedia Foundation. This seems only to apply to access to
information that falls under the Wikimedia Privacy policy. This does not
seem to include the private mailing lists and wikis.
People who do need to identify themselves and prove that they are at
least 18 years old (or older if the legal age is higher in your country) are:
# All stewards
# All holders of the "checkuser" and "oversight" rights
# All OTRS volunteers
# And all developers with access to any electronic records which
contains non-public information
Sysop and bureaucrats are excluded from this. All users who fall under
this category need to comply with this resolution or their user rights
can be revoked. In the resolution 60 days are given to comply but it is not
clear from what date you need to count.
Board member Kat Walsh writes in a posting to Foundation-l:
"Those affected by this resolution should contact Cary Bass, WMF
volunteer coordinator, at <cbass AT wikimedia DOT org>. We will also
attempt to contact everyone individually who will need to do this;
however, please spread this message to those in your communities."
http://wikimediafoundation.org/wiki/Resolution:Access_to_nonpublic_datahttp://wikimediafoundation.org/wiki/Privacy_policyhttp://thread.gmane.org/gmane.org.wikimedia.foundation/16598
[Closed] - A proposal has been made for a procedure to close wikis.
This is for wikis who are de facto dead.
http://meta.wikimedia.org/wiki/Closure_of_WMF_projectshttp://thread.gmane.org/gmane.science.linguistics.wikipedia.misc/30011
=== Foundation ===
[Mission] - The WMF approved a new "Mission and Vision statement". The
Vision statement is "Imagine a world in which every single human being
can freely share in the sum of all knowledge. That's our commitment."
The mission statement is a bit too long to include it. See on Meta and
Wiktionary to translate it.
http://wikimediafoundation.org/wiki/Resolution:Mission_and_Vision_statementhttp://en.wiktionary.org/
[Scholarship] - To come to Wikimania 2007 are still available for
people coming from Africa and the Commonwealth of Independent States
(parts of the ex-USSR)
http://wm07schols.wikimedia.org/apply.php
[Sponsor] - The WMF is looking for sponsors for Wikimania 2007. This
is for large sponsors who can donate tens of thousands of dollars.
http://upload.wikimedia.org/wikipedia/foundation/0/0b/Wikimania_sponsorship…
[wiki] - The WMF advisory board has now its own wiki. It is a public wiki.
http://advisory.wikimedia.org -- nothing to see there
http://wikimediafoundation.org/wiki/Advisory_Board
=== Community ===
[Wild Sysop] - On EN Wikipedia an sysop has deleted several pages
including the Main Page and blocked some users and unblocked himself
after being blocked because of local policy violations. After being
de-sysopped the user was blocked again.
http://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2007-04-23/Robdur…
=== Media ===
[Virginia Tech] - The article of the EN Wikipedia about the shooting
at the university in Virginia, USA was for a few days the most popular
page of the EN Wikipedia and is praised by traditional media as a very
good source for information about this event.
http://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2007-04-23/Virgin…http://www.iht.com/articles/2007/04/23/america/wiki.php -- The Latest
on Virginia Tech, From Wikipedia
[Citizendium] - One Month Later
http://www.readwriteweb.com/archives/citizendium_one.php
=== Stats ===
[fur.wp] - Friulian Wikipedia reaches 2000 articles with
[[w:fur:Laurenzi]] (the chimical element). Friulian is a language
spoken mainly in northern Italy.
http://fur.wikipedia.org/wiki/Laurenzihttp://en.wikipedia.org/wiki/Friulian_language
[SuperStats] - Dynamic and recent statistics of all Wikipedias. A must
see for stats lovers.
http://s23.org/wikistats/wikipedias_html.php
[Study] - More than a third of American adult internet users (36%) consult
Wikipedia, according to a new nationwide survey by the Pew Internet &
American Life Project. And on a
typical day in the winter of 2007, 8% of online Americans consulted Wikipedia.
http://www.pewinternet.org/pdfs/PIP_Wikipedia07.pdf -- Sorry about the pdf
http://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2007-04-30/Statis…
=== Other news ===
[Correction] - In Wikizine 67 it was reported that 0.5 CD of the
English-language Wikipedia is produced by the Wikimedia Foundation and
LinterWeb. This is not correct. The CD was not produced by the
Wikimedia Foundation, it has been produced by Linterweb.
http://www.wikipediaondvd.com/
=== Weird shit ===
According to various observers there are many parallels between
communist ideology and practices, and the economic and political
system in The Smurfs ....
http://en.wikipedia.org/wiki/The_Smurfs_and_communism
=== Quote ===
"The problem with Wikipedia is that it only works in practice. In
theory, it can never work." -- Unknown attribution
=== Editorial ===
In Wikizine 68, the English and German edition and in a posting to
Foundation-l I have asked for assistance with Wikizine. The response
was less than pathetic. It was non existent.
So it looks like I will remain the only one working on Wikizine. I
have decided to give Wikimedia related things and Wikizine in
particular a lower priority in my life. Wikizine will continue but in
a even more erratic publication frequently then now. Also you can
expect reduced editions who are more basic between normal editions.
This depending of I feel like giving priority in going to the park or
so or sitting in front of the computer.
Walter Vermeir, the editor
//////////////////////////////////////////
Number of subscribers: 648
Unique Visitors website last week: 346
Editor(s): Walter
Corrector(s): Gary Kirk
Thanks to: Klenje, Schiste
Contact: reply or http://report.wikizine.org
Website: http://en.wikizine.org
Wikizine Auf Deutsch: http://de.wikizine.org
//////////////////////////////////////////
Wikizine.org makes no guarantee of accuracy,
validity and especially but not limited to,
correct grammar and spelling.
Wikizine.org is published by [[meta:user:Walter]],
and is not a publication of the Wikimedia Foundation.
Wikizine is a weekly publication as long as there is noteworthy news
(and time)
Content is available under the GNU Free Documentation License.
http://www.gnu.org/copyleft/fdl.html
_______________________________________________
To unsubscribe;
mailto:request@wikizine.org?subject=unsubscribe
--
KIZU Naoko
Wikiquote: http://wikiquote.org
* habent enim emolumentum in labore suo *
foundation-l からフォワードです。
To: を見る限りでは日本語プロジェクトで影響のある方には周知済みのようですが、念のためフォワードしておきます。
WMF resolution on access to non-public data passed についての続報です。
* 対象者: checkusers, oversights, stewards, and volunteers on OTRS
対象者の方は cbass(a)wikimedia.org (Cary Bass) さんまでご連絡をお願いします。
---------- Forwarded message ----------
From: Kat Walsh <kat(a)wikimedia.org>
Date: May 1, 2007 9:46 AM
Subject: [Wmfcc-l] WMF resolution on access to non-public data passed
To: Wikimedia Foundation Mailing List <foundation-l(a)lists.wikimedia.org>
Cc: stewards-l(a)lists.wikimedia.org, English OTRS discussion list
<otrs-en-l(a)lists.wikimedia.org>, checkuser-l(a)lists.wikimedia.org,
Communications Committee <wmfcc-l(a)lists.wikimedia.org>,
oversight-l(a)lists.wikimedia.org, internal-l(a)lists.wikimedia.org
The Wikimedia Foundation has passed a resolution requiring all users
with access to non-public data covered by the site's Privacy Policy to
provide identification to the Foundation. This includes checkusers,
oversights, stewards, and volunteers on OTRS. In addition, all users
holding these positions must be 18 or older, and also of the age of
majority in whichever jurisdiction they live in.
To read the details of the resolution, please see:
http://wikimediafoundation.org/wiki/Resolution:Access_to_nonpublic_data
A number of parties have trusted us with private, sensitive, or
confidential information. Some of the handling of this information is
delegated, by necessity, to certain trusted volunteers. In
consideration of those who depend on us to behave responsibly, and the
reasonable and commonly-accepted practices for handling private
information, we wish to be able to say who is responsible for handling
this information to ensure that volunteers can be held accountable for
their own actions.
Those affected by this resolution should contact Cary Bass, WMF
volunteer coordinator, at cbass(a)wikimedia.org. We will also attempt to
contact everyone individually who will need to do this; however,
please spread this message to those in your communities.
For the Wikimedia Foundation,
Kat Walsh
_______________________________________________
Wmfcc-l mailing list
Wmfcc-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/wmfcc-l
--
KIZU Naoko
Wikiquote: http://wikiquote.org
* habent enim emolumentum in labore suo *
Dear Japanese Wikipedia community,
I am conducting a study of the Wikipedia communities in six different
languages for my diploma thesis. Please read my initial announcement for
more information:
http://ja.wikipedia.org/wiki/User:Kurt_Jansson
I owe a big "thank you" to everybody who has helped answer my questions.
So far over 50 people across six Wikipedia communities have contributed
to their community's answers and I am grateful for their help. However,
for the study to be comprehensive I need more people to get involved.
Some communities also seem to need more time to discuss and work out the
answers.
Therefore I have extended the deadline for participation until May 13th.
I have used mailing lists and village pumps to spread the announcement
about my research questions, but every community has their own channels
for the distribution of information. So, I ask you to help get more
people involved to make sure the results accurately represent your
community.
When phrasing the answers, please approach it as if you were writing a
Wikipedia article: try to work on joint answers that your community can
agree on. The answers don't need to be neutral in an NPOV kind of way,
but please try to give a comprehensive picture of the processes and
ideals of your community.
The questions can be found at
http://ja.wikipedia.org/wiki/User:Kurt_Jansson/questions ;
please edit the questions page to contribute.
Best wishes,
Kurt
Dear Japanese Wikipedia community,
my name is Kurt Jansson, I have been a contributor to the German language
Wikipedia right since its start in 2001. I am also the president of Wikimedia
Germany, the German chapter of the Wikimedia Foundation.
I'm currently writing a diploma thesis about the Wikipedia project and its
editions in different languages. It's a qualitative study based on interviews
with six different Wikipedia communities. I hope you to answer eight questions
concerning your community and the encyclopedia you've created. I have put the
questions on a subpage of my user page and would like you to answer them there.
You can use the discussion page to discuss your answers within your community
and agree on your joint answers.
http://ja.wikipedia.org/wiki/%E5%88%A9%E7%94%A8%E8%80%85:Kurt_Jansson/quest…
Obviously I would like you to answer my questions the wiki way: You may edit the
existing answers that are already there, but try to find consensual answers that
the core community can agree on. If there are controversial points of view: say
so, elaborate on them and point out if one of them represents the majority's
opinion. The final answers should be in English, but of course you can translate
the questions and use Japanese on the discussion page to discuss your answers
and integrate the thinkings of non-English speakers.
Deadline for the answers is April the 29th. Of course I will make the results of
my study public and publish them under a free license. I am sure this is a great
opportunity for every Wikipedia community to tell others about their project and
also to learn from others. But of course this will work best if the answers of
other communities don't influence your own answers. So if you have to peek,
please try nevertheless to focus on an answer that fits best for your own project.
I'm using mailing lists and village pumps to call attention to the interview
questions. If you know other or more appropriate places to raise people's
attention, please put this notice there. I'd also be happy if you could
translate this notice into Japanese so that people with no English skills feel
also invited to participate in this survey.
Thanks for taking part!
Best wishes,
Kurt