On Tuesday 30 July 2002 10:18 am, you wrote:

Hi, everybody. I thought it's about time I joined the list.

Instead of just a lockout button, why not also provide admins with the ability to:

a)       Limit edits to logged-in users, or

b)       Limit the frequency of edits to "one edit per minute" for any given user or any given IP

(You could adjust the time value of one minute in option B above.)

--Ed Poor

This seems like a reasonable alternative and should be considered -- however this would probably require more work than allowing mere admins the ability to use the existing database block feature now only available to developers.

But I digress... There has been several well reasoned posts about /not/ starting an arms race with vandals. Which would mean:

1) This feature would have to be given to admins in a hush-hush mannor and act as a "secrete weapon" to use only as a last resort (however, any script kiddy vandal with half a brain will scan all the mailing lists to find out security details and will quickly find out about such a "weapon" and mount counter-measures to circumvent it)

2) Or, this feature would be announced and open to act as some type of deterrence to a script kiddy vandal (which is also would fail due to the above).

I oftentimes (all-the-time?) overthink things and look too far ahead. So I leave this debate to saner minds than mine for now. Do what you think is best for the security of Wikipedia.

Maybe all we need is daily database snapshots sent to a few different secure locations (perhaps more often if it doesn't become a performance issue). Heck, send me a script to automate the process and I will download a daily snapshot -- I have bandwidth to spare.

--mav