On Tue, Aug 12, 2014 at 12:18 AM, Brian Wolff <bawolff(a)gmail.com> wrote:
>>
>> Now, having observed that not only user Eloquence (aka Erik Moeller)
>> himself engaged in the enforcement of <superprotect> right on de.wp
>> [1] but soon after a workaround was published a change was deployed
>> [2, 3] as counter measurement to block any possible interference can
>> no longer be interpret as acting in good faith but rather strikes me
>> as a form of oppression (or worst as censorship).
>>
>
> [Putting the purely mw dev hat on]
>
> It was a bug in mediawiki, and thus it should be fixed. MediaWiki is used
> by many different groups and in general we [mw devs] do not judge people
> for how they use the software. If some non wmf entity reported the bug, it
> would still be fixed.
>
> So dont complain that mw fixes a bug in how page protection. If you are
> unhappy with current events you should direct your anger at how the wmf
> decided to use hard security to enforce its dictates, not at the software
> for "working".
Sorry Brian, which bug are you referring to? Could you point me to a
bug report?
Before this, there was no expectation that a page could be protected
such that sysops could not alter the content of the superprotected
page.
Now, the devs/ops have attempted to introduce that capability, and the
new functionality is very likely riddled with holes, some of which
MZMcBride has suggested in the thread 'Options for the German
Wikipedia'.
Moreover the deployed technical change is useless due to design flaws.
What was the goal of this change? Was it to prevent sysops injecting
JavaScript that logged out user-agents execute? If that is the
use-case, this patch is a very weak solution from an engineering
perspective. It was rushed it into a production environment, and
needed a follow up patch almost immediately. And the bug reports for
this new functionality will surely roll in.
These patches only make it 'forbidden' to deactivate the MediaViewer.
They don't prevent it. These patches only introduce a new policy,
signalling a new era, and make it technically more challenging to
bypass that new policy. The policy written says "Sysops are not
allowed to inject JavaScript into the reader's user-agent which
interferes with WMF's favoured features." It is still possible, but
the only thing that is stopping de.wp sysops from deactivating the
MediaViewer some other way is that the WMF has demonstrated it will
make drastic changes to the MediaWiki configuration to take away
capabilities from their community. Should the community work-around
this change, they are fairly confident that the WMF will desysop
whoeverdoes it, or more configuration changes and superprotection will
occur.
--
John Vandenberg