2006/3/19, - Essjay - essjaywiki@gmail.com:
- Bug 550 deals with the issue of allowing users who have accounts to edit
even if thier IP is blocked. The solution for it is quite simple; it's actually three lines of code that can be written by anyone with minor PHP skill. It requires the following:
a) that the patch be enabled; b) that account creation from blocked IPs be disabled (to prevent the vandals from simply creating an account to sidestep the IP block) which to my knowledge is already enabled c) throttling account creation from IPs to x per day, currently 10 per day. This allows legit people to create accounts, but prevents vandals from creating 1000 sleeper accounts to use once the IP is blocked.
The devs are aware of the fix, and are not willing to enable it. The exact quote was that doing so is a "very very bad idea." It is thier opinion that it will be of no use, that the vandals will just create sleeper accounts and evade the blocks. I don't agree, but I'm not a developer either; I defer to thier expertise in the matter.
Well, as a voice in the desert, let me say that I'm one not in favor of 550. In my opinion there is already too much overly broad and long blocking. If logged-in users are not hit by the block, that will only worsen, and we're looking forward to the day that not just all of AOL, but all roaming IPs, internet cafes, schools and libraries are blocked indefinitely. That's not the direction I want to go, and the possibility that one might be blocking a logged-in user is one thing that helps avoiding that.
-- Andre Engels, andreengels@gmail.com ICQ: 6260644 -- Skype: a_engels