What I do fear is some script kiddy with a couple dozen rotating proxies and a ship-load of bots flooding the database with junk and overwriting 20 articles a minute. A panic button to lock-down the site would then be nice (Sorry, I can't protect pages fast enough). Then that would give a sysop the time needed to block all the IPs of the vandal. But again, I don't think we are at that point yet.
I actually do already have a "lock the database" button available to developers; maybe I should make that available to sysops as well (as long as "unlock" is as well, of course)?
I also need to start thinking about some back-end stuff like the cron job for making more frequent backups.
lcrocker@nupedia.com wrote:
What I do fear is some script kiddy with a couple dozen rotating proxies and a ship-load of bots flooding the database with junk and overwriting 20 articles a minute. A panic button to lock-down the site would then be nice (Sorry, I can't protect pages fast enough). Then that would give a sysop the time needed to block all the IPs of the vandal. But again, I don't think we are at that point yet.
I actually do already have a "lock the database" button available to developers; maybe I should make that available to sysops as well (as long as "unlock" is as well, of course)?
I also need to start thinking about some back-end stuff like the cron job for making more frequent backups.
Whilst I was filling the database up with crud, I noticed that it still took days and days to reach 100,000 articles, even running several submit processes in parallel. Providing that sysops have powerful tools ready for rolling back changes, they will have plenty of time to react.
I agree that hard security leads to an arms race. But leaving the Wikipedia as a "soft target" with apparently magical self-healing properties should make the experience no fun for script kiddies: * they see that "vandalism" is easy, and no challenge * they should also see (eventually) that it is futile
Neil
On 7/29/02 2:51 PM, "Neil Harris" usenet@tonal.clara.co.uk wrote:
I agree that hard security leads to an arms race. But leaving the Wikipedia as a "soft target" with apparently magical self-healing properties should make the experience no fun for script kiddies:
- they see that "vandalism" is easy, and no challenge
- they should also see (eventually) that it is futile
I strongly agree.
I agree that hard security leads to an arms race. But leaving the Wikipedia as a "soft target" with apparently magical self-healing properties should make the experience no fun for script kiddies:
- they see that "vandalism" is easy, and no
challenge
- they should also see (eventually) that it is
futile
Neil
I completely agree. The people over at MeatballWiki have spent a lot of time developing and discussing wiki security:
http://www.usemod.com/cgi-bin/mb.pl?SoftSecurity http://www.usemod.com/cgi-bin/mb.pl?OnWikisAndSecurity
__________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com
wikipedia-l@lists.wikimedia.org