On Tue, Aug 12, 2014 at 12:18 AM, Brian Wolff bawolff@gmail.com wrote:
Now, having observed that not only user Eloquence (aka Erik Moeller) himself engaged in the enforcement of <superprotect> right on de.wp [1] but soon after a workaround was published a change was deployed [2, 3] as counter measurement to block any possible interference can no longer be interpret as acting in good faith but rather strikes me as a form of oppression (or worst as censorship).
[Putting the purely mw dev hat on]
It was a bug in mediawiki, and thus it should be fixed. MediaWiki is used by many different groups and in general we [mw devs] do not judge people for how they use the software. If some non wmf entity reported the bug, it would still be fixed.
So dont complain that mw fixes a bug in how page protection. If you are unhappy with current events you should direct your anger at how the wmf decided to use hard security to enforce its dictates, not at the software for "working".
Sorry Brian, which bug are you referring to? Could you point me to a bug report?
Before this, there was no expectation that a page could be protected such that sysops could not alter the content of the superprotected page.
Now, the devs/ops have attempted to introduce that capability, and the new functionality is very likely riddled with holes, some of which MZMcBride has suggested in the thread 'Options for the German Wikipedia'.
Moreover the deployed technical change is useless due to design flaws. What was the goal of this change? Was it to prevent sysops injecting JavaScript that logged out user-agents execute? If that is the use-case, this patch is a very weak solution from an engineering perspective. It was rushed it into a production environment, and needed a follow up patch almost immediately. And the bug reports for this new functionality will surely roll in.
These patches only make it 'forbidden' to deactivate the MediaViewer. They don't prevent it. These patches only introduce a new policy, signalling a new era, and make it technically more challenging to bypass that new policy. The policy written says "Sysops are not allowed to inject JavaScript into the reader's user-agent which interferes with WMF's favoured features." It is still possible, but the only thing that is stopping de.wp sysops from deactivating the MediaViewer some other way is that the WMF has demonstrated it will make drastic changes to the MediaWiki configuration to take away capabilities from their community. Should the community work-around this change, they are fairly confident that the WMF will desysop whoeverdoes it, or more configuration changes and superprotection will occur.
-- John Vandenberg