Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Wikipedia: Wikitech Re: Inactive sysops + improving security   Index | Next | Previous | View Flat

ariel at wikimedia Apr 13, 2012, 12:06 AM Views: 149 Permalink Re: Inactive sysops + improving security [In reply to] Στις 13-04-2012, ημέρα Παρ, και ώρα 12:49 +1000, ο/η Andrew Garrett έγραψε: > On Wed, Apr 4, 2012 at 6:25 PM, Petr Bena <benapetr [at] gmail> wrote: > > > > An account with sysop rights cannot do that much damage anyway. > > > Deleting a page does no more damage than deleting a paragraph in an > > > existent page, and the latter can be done by anybody; in fact, > > > deleting a page makes a lot more noise. The same goes for protection, > > > blocking and editing in the MediaWiki space - everything is easily > > > traceable and reversible, and in a functioning wiki community the > > > damage will be minimal. > > > > That isn't excuse to leave project open to damage. Security of > > mediawiki users and their accounts should be important for us anyway. > > > > Actually, this is the most important thing to think about. > > There is no such thing as perfect security. You just need to make it more > costly to breach security than the benefit that a hacker would get for it. > Conversely, you need to expend no more effort in security than the cost of > a breach in security. > > Now, there are things that sysops can do that aren't so easily reversible. > You could surreptitiously add site JS that captured tokens from checkusers > and released large amounts of sensitive data, so it's not exactly without > merit. But I don't think it's justifiable to dismiss discussion about > whether extra security is "worth it". > If I wanted to cause harm to an editing community, one of the better ways might be to take over a few inactive sysop accounts and slowly start to push for policies and take actions that are divisive. The resulting damage to community trust would be hard indeed to undo; think back to the various infiltration programs of law enforcement into activist groups in the 1960's and 1970's in the U.S. for a prime example of this. I don't think this justifies automated de-sysopping of inactive accounts (because this also sends a message about trust or value to the account owner), but a notification system of some sort, as has been proposed earlier in this thread, might be nice. Ariel _______________________________________________ Wikitech-l mailing list Wikitech-l [at] lists https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Subject User Time Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 12:43 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 12:54 AM     Re: Inactive sysops + improving security jayvdb at gmail Apr 4, 2012, 1:15 AM     Re: Inactive sysops + improving security amir.aharoni at mail Apr 4, 2012, 1:16 AM     Re: Inactive sysops + improving security p858snake at gmail Apr 4, 2012, 1:19 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 1:25 AM     Re: Inactive sysops + improving security mwgrunny at gmail Apr 4, 2012, 1:26 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 1:33 AM     Re: Inactive sysops + improving security morton.thomas at googlemail Apr 4, 2012, 1:39 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 1:47 AM     Re: Inactive sysops + improving security jayvdb at gmail Apr 4, 2012, 2:03 AM     Re: Inactive sysops + improving security wikiposta at gmail Apr 4, 2012, 2:09 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 2:12 AM     Re: Inactive sysops + improving security jayvdb at gmail Apr 4, 2012, 2:16 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 2:21 AM     Re: Inactive sysops + improving security morton.thomas at googlemail Apr 4, 2012, 2:23 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 2:28 AM     Re: Inactive sysops + improving security morton.thomas at googlemail Apr 4, 2012, 2:31 AM     Re: Inactive sysops + improving security jayvdb at gmail Apr 4, 2012, 2:32 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 2:39 AM     Re: Inactive sysops + improving security morton.thomas at googlemail Apr 4, 2012, 2:48 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 4:31 AM     Re: Inactive sysops + improving security morton.thomas at googlemail Apr 4, 2012, 4:37 AM     Re: Inactive sysops + improving security dgerard at gmail Apr 4, 2012, 4:39 AM     Re: Inactive sysops + improving security lists at nadir-seen-fire Apr 4, 2012, 4:53 AM         Re: Inactive sysops + improving security emufarmers at gmail Apr 4, 2012, 9:40 AM     Re: Inactive sysops + improving security lists at nadir-seen-fire Apr 4, 2012, 4:56 AM     Re: Inactive sysops + improving security innocentkiller at gmail Apr 4, 2012, 5:35 AM     Re: Inactive sysops + improving security Platonides at gmail Apr 4, 2012, 5:36 AM         Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 5:33 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 5:38 AM     Re: Inactive sysops + improving security overlordq at gmail Apr 4, 2012, 7:24 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 7:35 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 7:40 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 7:42 AM     Re: Inactive sysops + improving security morton.thomas at googlemail Apr 4, 2012, 7:54 AM     Re: Inactive sysops + improving security morton.thomas at googlemail Apr 4, 2012, 7:56 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 8:33 AM     Re: Inactive sysops + improving security innocentkiller at gmail Apr 4, 2012, 8:45 AM     Re: Inactive sysops + improving security benapetr at gmail Apr 4, 2012, 8:48 AM     Re: Inactive sysops + improving security innocentkiller at gmail Apr 4, 2012, 8:59 AM     Re: Inactive sysops + improving security agarrett at wikimedia Apr 12, 2012, 7:49 PM     Re: Inactive sysops + improving security wikiposta at gmail Apr 12, 2012, 10:00 PM     Re: Inactive sysops + improving security jayvdb at gmail Apr 12, 2012, 10:17 PM     Re: Inactive sysops + improving security benapetr at gmail Apr 12, 2012, 10:56 PM     Re: Inactive sysops + improving security jayvdb at gmail Apr 12, 2012, 11:33 PM     Re: Inactive sysops + improving security benapetr at gmail Apr 12, 2012, 11:52 PM     Re: Inactive sysops + improving security ariel at wikimedia Apr 13, 2012, 12:06 AM         Re: Inactive sysops + improving security benapetr at gmail Apr 13, 2012, 12:30 AM     Re: Inactive sysops + improving security Platonides at gmail Apr 13, 2012, 11:21 AM     Re: Inactive sysops + improving security dgerard at gmail Apr 13, 2012, 12:17 PM

Index | Next | Previous | View Flat   Wikipedia     Foundation     Wikitech     WikiMania     Mediawiki     Mediawiki-announce     Mediawiki-CVS

Interested in having your list archived? Contact Gossamer Threads
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.