[Moving to <wikitech-l>, since we're now discussing programming, not policy.]
Matthew Woodcraft wrote:
Toby Bartels wrote:
[plans]
These are surely good plans.
Thanks!
Note that if we're willing to do the work to classify IPs, we can ban on the 'Client-ip' and 'X-forwarded-for' headers instead of the real IPs, for known shared proxies.
I don't know what this means. But I hope that it works! ^_^
But in the long run, nothing based on ip-banning would be able to stop a sufficiently determined vandal. Neither would relying on registered accounts. At present, stealing someone else's account would be quite easy.
Right, the passwords and cookies are sent over the Net unencrypted. They just need to sniff our packets (how rude!).
I think techniques for automatically slowing down bots would be the most valuable place to concentrate our efforts.
This sounds promising to me too. What's the fastest rate of saving that a legitimate user is likely to use? What's the fastest rate of saving that we can expect to keep up with if used by a bot? I'm going make a 0th approximation of 1 minute for each. Too slow? too fast?
-- Toby