This is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page. |
Archives | |||||||||||||||||||||||||||||
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 |
CATcha
(Reset indent) I have changesets prepared to update ConfirmEdit (replace ReCaptcha with Asirra and modify the triggers) and to install AbuseFilter (no sense ignoring a tool that could be useful). I will push them to the repository as soon as we agree that there is consensus for these changes.
Also, @Giga: Have you begun to pursue the direct access with Donovan? —Dr Ishmael 21:30, 9 June 2011 (UTC)
- If we get AbuseFilter, I'm not sure we'll need to update the CATcha triggers. --JonTheMon 13:46, 10 June 2011 (UTC)
- They serve different purposes. ConfirmEdit is preventive, while AbuseFilter is reactive. You can't define filters in advance for every single attack that will happen in the future, but if the bots can't save any edits in the first place, you'll have fewer successful attacks that require a response. —Dr Ishmael 14:37, 10 June 2011 (UTC)
- Fair enough. I can live with that. --JonTheMon 14:48, 10 June 2011 (UTC)
- They serve different purposes. ConfirmEdit is preventive, while AbuseFilter is reactive. You can't define filters in advance for every single attack that will happen in the future, but if the bots can't save any edits in the first place, you'll have fewer successful attacks that require a response. —Dr Ishmael 14:37, 10 June 2011 (UTC)
- I'm going to request that the AbuseFilter extension be installed today. We are using it on the Terraria Wiki quite successfully against these types of gibberbots that started attacking early yesterday. Jon created the filter, and overnight it disallowed 99 gibber edits. You can choose to use it or not, but if you wish to see anon edits re enabled, it's probably the fastest solution. While it's not perfect, it's a relatively easy. -- Wynthyst talk 13:18, 13 June 2011 (UTC)
- Great, thanks! I'm also pushing the ConfirmEdit change to Asirra (or CATcha as Jon likes to say :P ), but without the new trigger settings - it will still only trigger if a new external link is added, when creating an account, and after 3 failed login attempts. —Dr Ishmael 15:23, 13 June 2011 (UTC)
- CATcha is live. —Dr Ishmael 16:25, 17 June 2011 (UTC)
- No, it's not. --31.150.9.250 21:09, 17 June 2011 (UTC)
- Try with a link to an extremely unlikely page to have been linked before, say, here (random link to random amazon). "it will still only trigger if a new external link is added, when creating an account, and after 3 failed login attempts." ∵Scythe∵ 23:48, 17 June 2011 (UTC)
- That's a nice sofa. If it only blocks new external links, we could just add links to the spamlist as they come up. Eventually we'll run out of old ones. 01:30, 18 June 2011 (UTC)
- That's no sofa! (it's a slipcover, they're made to prevent your cushions from becoming threadbare.) ∵Scythe∵ 02:13, 18 June 2011 (UTC)
- That's a nice sofa. If it only blocks new external links, we could just add links to the spamlist as they come up. Eventually we'll run out of old ones. 01:30, 18 June 2011 (UTC)
- Try with a link to an extremely unlikely page to have been linked before, say, here (random link to random amazon). "it will still only trigger if a new external link is added, when creating an account, and after 3 failed login attempts." ∵Scythe∵ 23:48, 17 June 2011 (UTC)
- No, it's not. --31.150.9.250 21:09, 17 June 2011 (UTC)
- CATcha is live. —Dr Ishmael 16:25, 17 June 2011 (UTC)
- You're all idiots, for different reasons.
- @Mr. IP: You added those links on the Sandbox within an HTML comment. That's not actually adding a link to the page, because it isn't displayed.
- @Scythe: "a new external link" means a new link on that article, not new to the wiki overall. That's just dumb.
- I know it was enabled because I tested it - I logged out, then added a link to an article that wasn't on the article before and was not hidden in a comment. Asirra was triggered. —Dr Ishmael 04:50, 18 June 2011 (UTC)
- Asirra was installed on GuildWiki and another Curse wiki yesterday, but after testing it was discovered that it was blocking new user registrations for some reason. It's been removed and ReCaptcha has been installed until they can figure out what the problem is with Asirra (or another alternative). -- Wynthyst talk 05:09, 18 June 2011 (UTC)
- "You're all idiots" seems like a bit of a harsh critique... :'( ∵Scythe∵ 13:47, 18 June 2011 (UTC)
- Goobers? —Dr Ishmael 14:04, 18 June 2011 (UTC)
- Goober = peanut (and the chocolate-coated peanut candy), booger = snot. I've never heard of "goober" referring to the other. —Dr Ishmael 15:29, 18 June 2011 (UTC)
Downtime
Working on the assumption that the downtime will become a topic of conversation, I provide a link to Curse's explanation for the downtime. Nwash 12:00, 26 June 2011 (UTC)
Curse made a number of changes to our base code today, one of which was to add an additional copyright notice to the Curse footer.
"GuildWiki content and materials are trademarks and copyrights of ArenaNet or its licensors. All rights reserved."
This is incorrect. GuildWiki content is not copyrighted at all, it is free content under the Creative Commons. The only content that is copyrighted by ArenaNet is images that are screenshots, concept art, or other game assets, and this is clearly specified by the {{screenshot}} template on each image's page.
This needs to be communicated to Curse, and it should probably come from a bureaucrat (**coughFelixcough**). —Dr Ishmael 14:42, 30 June 2011 (UTC)
- Ah, alrighty then. It's hard to tell when anyone from Curse is actually paying attention to our discussions here. —Dr Ishmael 16:08, 30 June 2011 (UTC)
- I just noticed something else. They updated our license from CC 2.0 to CC 3.0. I don't think that's allowed? Not without consent of the majority of the editors, anyway. —Dr Ishmael 16:33, 30 June 2011 (UTC)
- Ugh, another bad change:
$wgGroupPermissions['user']['suppressredirect'] = true;
- We do NOT want normal users to be able to suppress redirects. This was something we corrected right after moving to Curse. —Dr Ishmael 16:40, 30 June 2011 (UTC)
- I pushed a new version of LocalSettings.php to correct these issues. Please install it ASAP. —Dr Ishmael 17:08, 30 June 2011 (UTC)
- Also, I'm just 'wtf?' at these changes.
$wgGroupPermissions['*']['edit'] = false; $wgAutoConfirmAge = 345600; $wgAutoConfirmCount = 5; $wgGroupPermissions['*']['createpage'] = false; $wgGroupPermissions['user']['createpage'] = false; $wgGroupPermissions['autoconfirmed']['createpage'] = true; $wgGroupPermissions['sysop']['createpage'] = true;
- You've completely disabled anonymous editing again, and you're preventing anonymous and non-autoconfirmed users from creating pages. You've also instituted requirements for a user to be autoconfirmed: 4 days and 5 edits. Why? —Dr Ishmael 16:45, 30 June 2011 (UTC)
- If it weren't for the GuildWiki-specific changes to LocalSettings, I would almost think that they somehow forked our repo with another wiki. —Dr Ishmael 20:35, 30 June 2011 (UTC)
Curse changed our extensions
Curse made a number of changes to our extensions this morning. Since I'm the only one with repository access anymore, I'll summarize the changes here. Also, since Bumble already has her eyes on this page, maybe she can provide an explanation for some of these changes. (I'm not going to bother signing the individual sections, I think y'all are smart enough to figure it out.) —Dr Ishmael 16:28, 30 June 2011 (UTC)
New extensions
AntiBot
This isn't doing anything right now because it runs off of modules, and WikiMedia isn't releasing the source code for their modules (so the botters can't adapt to them). Curse would have to write their own modules, or somehow finagle them out of WM people, for this to do anything.
Cite
Might be useful, but going forward we would develop an inconsistency between old and new articles, unless we could get people to volunteer for going through and updating old pages (where we've adapted a strategy of in-line linking for the most part). If we'd had this from the beginning, that would've been great. Now, though, it's a "too little too late" scenario.
EmbedVideo
Everything EmbedVideo does we can already do with widgets. Granted, it combines all video sites into a single function, whereas we have to create a new widget for each site, but I don't recall anyone complaining that we don't have a widget for DailyMotion or Revver. Also, we can easily customize the widgets in-wiki versus having to update the extension code.
Nuke
I assume they installed this as a reaction to the recent bot attack; unfortunately, it would have been useless during that attack, for two reasons. 1) It's only useful against page-creation spam, and the attack was primarily edits to existing pages. 2) It's only useful if all the spam is from a single user/ip, and our attacker was using a botnet and/or rolling proxies. I guess there's no harm in having it around, though, unless one of our admins goes feral and starts abusing it (not likely).
Modified extensions
ConfirmEdit
It looks like they dropped the ReCaptcha version of the extension and installed the base version instead. The problem is that, without an additional configuration option, they have replaced ReCaptcha with... wait for it... SimpleCaptcha. All this does is present a simple math problem, in plain-text. ReCaptcha may have been compromised, but this is even worse.
InputBox
They removed the code that allows the use of 'type=create'. Not sure why they did that, but it doesn't really affect us. The same functionality is available in CreateBox, which we also have installed, so I guess it was redundant in any case.
SpamBlacklist
They removed the link threshold check, where it only allows 5 external links to be added to a page in a single edit. I don't know why they did this, since link-spam is a common form of vandalism. SimpleCaptcha certainly isn't going to stop it.
New users
New users seem to be getting this while trying to create their accounts:
A database query syntax error has occurred. This may indicate a bug in the software. The last attempted database query was: (SQL query hidden) from within function "SpoofUser::getConflicts". Database returned error "1146: Table 'guildwiki.spoofuser' doesn't exist (10.0.0.55:5002)".
Made worse by the fact that they can't make anonymous edits to complain about being unable to create accounts. Yamagawa 19:29, 2 July 2011 (UTC)