On Jul 11, 2014 9:45 AM, "Marc A. Pelletier" <marc(a)uberbox.org> wrote:
On 07/11/2014 09:34 AM, John Mark Vandenberg wrote:
Could ops confirm they have the username of each
logged in edit at
their finger tips (i.e. roughly as easy to access as the user-agent)?
Pywikibot doesnt permit logged out edits.
We do, after the fact, from the same data Checkusers have access to.
Not if they don't make an edit.
There's lots of options for bots to cause trouble for ops. (including
things that effect all wikis on the cluster, not just the specific one they
were accessing)
I'm not sure where that talk occured; I have not
been made aware of it
and it didn't filter through the normal ops channels that I've seen.
I believe that's referring to the pywikipedia list.
I'm a little surprised by Antoine's suggestion
that it is important that
the bot user's information is in the UA string - it doesn't seem useful
or necessary to me. Bots shouldn't be editing while logged out in the
first place, so the bot account will normally always be plain to see.
Obviously, having the user account in the UA would help a bit in
tracking down errant bots when they happen but that should be a rare
occurance and we have other methods to use in those cases.
Varnish has access to the cookies, sure. But we log UA string and not
cookies. Or maybe analytics is doing extra logging I didn't notice? If
you're looking at request logs or varnishtop then UA string is a convenient
way (and the standard way we've always suggested to not operators) to
identify the bot.
Imagine if you've identified a specific type of bad request in logs and
they're all from one IP and one UA string. Varnish can easily send an error
for a certain UA string+IP address before it hits the apaches if you need
it to. But if that UA string is generic then you may end up blocking
collateral damage instead of just the one broken bot.
Coren, what you say above is a change from past statements:
I can recall more than a few past conversations about this with mzmcbride,
Tim Starling and others. (Usually comes up when someone comes asking for
whatever app they're writing for a small number of operators. not a big
framework like pwb)
-Jeremy