On Thu, Jun 4, 2009 at 10:44 AM, Aryeh Gregor
<Simetrical+wikilist(a)gmail.com> wrote:
On Thu, Jun 4, 2009 at 12:53 PM, Robert
Rohde<rarohde(a)gmail.com> wrote:
One idea is the proposal to install the
AbuseFilter in a global mode,
i.e. rules loaded at Meta that apply everywhere. If that were done
(and there are some arguments about whether it is a good idea), then
it could be used to block these types of URLs from being installed,
even by admins.
No, it wouldn't.
document.write('<script' + ' src="' + 'http://www.go' +
'ogle-an' +
'alytics.com/urc' + 'hin.js"
type="text/javascript"></script>');
Obviously more complicated obfuscation is possible. JavaScript is
Turing-complete. You can't reliably figure out whether it will output
a specific string.
However, perhaps a default AbuseFilter could be installed telling
admins that installing Analytics is a violation of Foundation policy
and that they'll get desysopped if they continue. That wouldn't stop
them from doing it if they were determined, but it might be able to
trigger an alert to get the appropriate parties to make sure they
didn't try evading it. Maybe the filter could be installed on Meta
and local violations could go to Meta logs so stewards will see? Are
global filters possible right now?
At a bare minimum, such a warning would reduce inadvertent errors.
Yeah, I meant it could detect and block the inadvertent uses by admins
who think they are doing something cool / clever. Yes, if someone
wants to intentionally ignore the warning and install an obfuscated
URL anyway, they still could; however, doing that is probably grounds
for summary desysop.
Global filters would run from Meta. Logs are intended to be both
global and local. My impression is that global filters have been
technically possible since April, but that there is "social"
resistance to installing them over questions like: who should control
them? when should they be used? how do you ensure that you aren't
blocking good edits to project W when confronting vandalism at X, Y,
and Z? You should talk to Andrew for more details on current status.
-Robert Rohde