Misplaced Pages

talk:Arbitration Committee/Noticeboard: Difference between revisions - Misplaced Pages

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
< Misplaced Pages talk:Arbitration Committee Browse history interactively← Previous editContent deleted Content addedVisualWikitext
Revision as of 15:39, 14 December 2010 editGoodDay (talk | contribs)Autopatrolled, Extended confirmed users, Pending changes reviewers492,933 edits Section break: Peace in the valley← Previous edit Latest revision as of 18:10, 25 December 2024 edit undoLowercase sigmabot III (talk | contribs)Bots, Template editors2,292,502 editsm Archiving 1 discussion(s) to Misplaced Pages talk:Arbitration Committee/Noticeboard/Archive 52) (botTag: Replaced 
Line 1: Line 1:
{{Misplaced Pages talk:Arbitration Committee/Noticeboard/Front matter}} <noinclude>{{pp-move-indef}}</noinclude>{{Misplaced Pages talk:Arbitration Committee/Noticeboard/Front matter}}{{ArbCom navigation}}
<!-- Archive date of 10 days has been agreed amongst arbitrators and clerks. Do not change without discussion. -->
{{User:HBC Archive Indexerbot/OptIn
|target=Misplaced Pages talk:Arbitration Committee/Noticeboard/Archive index
|mask=Misplaced Pages talk:Arbitration Committee/Noticeboard/Archive <#>
|leading_zeros=0
|indexhere=yes
}}
{{User:MiszaBot/config {{User:MiszaBot/config
|archiveheader = {{talkarchivenav}}
|maxarchivesize = 250K
|maxarchivesize = 500k
|counter = 13
|counter = 52
|minthreadsleft = 0 |minthreadsleft = 0
|minthreadstoarchive = 1 |minthreadstoarchive = 1
|algo = old(4d) |algo = old(10d)
|archive = Misplaced Pages talk:Arbitration Committee/Noticeboard/Archive %(counter)d |archive = Misplaced Pages talk:Arbitration Committee/Noticeboard/Archive %(counter)d
}} }}
'''Behaviour on this page:''' This page is for discussing announcements relating to the Arbitration Committee. Editors commenting here are required to act with appropriate decorum. While grievances, complaints, or criticism of arbitration decisions are frequently posted here, you are expected to present them without being rude or hostile. Comments that are uncivil may be removed without warning. Personal attacks against other users, including arbitrators or the clerks, will be met with sanctions.

__TOC__ __TOC__
== Review of security ==

: ''']''' <!-- &nbsp;] <sup>]</sup> 18:40, 9 December 2010 (UTC)-->
What does this relate to? <font color="#A20846">╟─]]►]─╢</font> 18:42, 9 December 2010 (UTC)
:]. '''<font color="navy">]</font>''' ''(<font color="green">]</font>)'' 19:07, 9 December 2010 (UTC)

*Pages were "deleted as unnecessary, redundant, or obsolete". Hm, could some of those last three terms be "unnecessary, redundant, or obsolete"?--] 18:44, 9 December 2010 (UTC)

*Might I ask why SirFozzie and KnightLago did not vote on this (FayssalF presumably did not vote because of inactivity)? KnightLago's recent contributions, at the very least, show him commenting on this issue. '''<font color="navy">]</font>''' ''(<font color="green">]</font>)'' 19:06, 9 December 2010 (UTC)
**Probably just not caught up with their email yet, I suspect: "not voting" doesn't mean "abstain". We usually post once there's a super-majority supporting and latecomers can modify the page to cast their vote later. &nbsp;] <sup>]</sup> 19:12, 9 December 2010 (UTC)
***Correct. The discussion firmed around this statement in the last few days, in a time period I was mostly away from Misplaced Pages. I support the statement. ] (]) 20:11, 9 December 2010 (UTC)
****Ditto, I supported and support. ] (]) 23:03, 10 December 2010 (UTC)

This 'Review ' is not impressive: 'A banned user attempted to gain access ... there is no evidence that any materials were successfully retrieved'. But is there evidence they logged in or evidence they didn't login? I get the idea they could of logged in but your not aware of it yet. Wiki security is like something out of back to the future.

Suggest the following requirements are given to the technical team asap:
*Anyone logging into the arbitration wiki site are logged in a file with the IP and username. That login information is made easily viewable for a period of around 72 hours to other ARB members in some form when they are logged in. This will enable all Arb members to see if there has been a login security breach.
*Double login is done. Normally this is via Apache htaccess or equivalent. This is standard practice on most forums and sites on the net.
*Login is done to a none public URL known only to the few that use it i.e https://secure.wikimedia.org/some/random/place/1234/speciallogin. Making the url obscure reduces the changes of anyone unauthorized attempting to login.
Regards, ] <sup>(])</sup> 19:49, 9 December 2010 (UTC)
:Do you have any information that such steps are not already taken? <small><span style="padding:2px;border:1px solid #000000">]&nbsp;&#124;&nbsp;]</span></small> 20:32, 9 December 2010 (UTC)

:I'm not too happy about "The Committee notes that it would have been significantly more appropriate for concerns about any security flaws to have been brought to our attention privately for remedy rather than pointing them out prominently on-wiki and potentially bringing them to the attention of thousands of people." Sunlight is the best disinfectant. The lack of imagination which allowed the flaws to continue for so long needs pointing out publicly. ] (]) 23:48, 9 December 2010 (UTC)
::What he said. I find it distasteful in the extreme that ArbCom would say that we should hide things; that sort of information ''needs'' to be publicly known, both because of the data which ArbCom has access to and on the general principle that known security flaws are ''rapidly fixed'' security flaws. →&nbsp;]&nbsp;]<small>&nbsp;23:54, 9 December 2010 (UTC)</small>
::::Well get used to it! Misplaced Pages is about to enter a new dark age, you've seen the last of openness for a very long time. I would alao love to know how Shell Kinny and NYB come to be voting on this, in the top secret and sinister emails sent to me last week from Knight Largo I was assured she and the other candidates were excluded from the the enquiry. One cannot beleive a single word these people say. Would you like me to publish the emails here? <small><span style="border:1px solid black;padding:1px;">]</span></small> 23:58, 9 December 2010 (UTC)
:::Well, there are ways and ways. If you find a security weakness that concerns you and you want it fixed, point it out quietly to those maintaining it and let them fix it. Don't post the weakness publicly (see ]). If you find a security weakness that concern you, and you want to cause maximum drama, then adopt the opposite policy.--] 00:03, 10 December 2010 (UTC)
::If you want to hear lies and cover up on wiki do things quietly. <small><span style="border:1px solid black;padding:1px;">]</span></small> 00:05, 10 December 2010 (UTC)
::::For once I find myself agreeing with Scott. If you find a security vulnerability, inform privately the people responsible for it, let them fix it, and, once it is fixed, feel free to make all the noise you want. That's just common sense. If you find a security loophole in Windows (or Mac OS X, or whatever), it is not a good idea to announce it to the world while Microsoft (or Apple) work on a fix because unscrupulous people would have abused god-knows-how-many computers in the mean time. You let them fix it first, then you can talk about it all you want. ] (]) 00:54, 10 December 2010 (UTC)
:::::Absolutely. What you're describing is called ]. ] (]) 01:09, 10 December 2010 (UTC)
From Kinight largo to Giano: "''I am writing on behalf of the Arbitration Committee regarding the recent unauthorized access to the private Arbitration Committee wiki. Those Arbitrators running for election are not privy to this email or the discussion concerning this matter as it is being discussed on our "B" mailing list. Please either respond to the "B" mailing list CC'd on this email or to me directly.''" Isn't that amzing, yet they managed to vote on it! <small><span style="border:1px solid black;padding:1px;">]</span></small> 00:08, 10 December 2010 (UTC)
:Access to the secondary list, and its archives, was restored when the voting closed and nothing could affect the results anymore. The final wording of the motion was put for voting (on the main list, even) ''after'' that. The point of using the secondary list was to prevent any influence on the ''election'' since you were also a candidate, not because candidates suddenly became incapable of voting rationally on an issue of security. &mdash;&nbsp;]&nbsp;<sup>]</sup> 00:18, 10 December 2010 (UTC)
* Of course it was. <small><span style="border:1px solid black;padding:1px;">]</span></small> 00:20, 10 December 2010 (UTC)
::Oh yeah, I just love this "''There is no evidence that GiacomoReturned successfully retrieved any materials from the wiki.''" maliciously implying I "''tried unsuccesfully''" well next time the arbs are too stupid to spot there own gaping holes in security, I will just let then stay wide open. <small><span style="border:1px solid black;padding:1px;">]</span></small> 00:27, 10 December 2010 (UTC)
:::Oh, stop it with the grandstanding already! Thank you for making us take a second look at our security, so that we could notice ''an entirely different and unrelated problem than that which you imagined existed'' during the exercise. You are not a savior, you simply attempted to posture during an election. You pretend much, imply a great deal, but it's all so much smoke. You are carefree with throwing "lie" and "liar" around but, in the end, the grapes are only sour in your own imagination. &mdash;&nbsp;]&nbsp;<sup>]</sup> 00:33, 10 December 2010 (UTC)
::::Just a moment - this is a very important; <u>Do you have evidence that GiacomoReturned attempted to retrieve material or otherwise gain access to the wiki?</u> If you have such evidence, why is GR posting here? Such acts of deliberate hacking must surely be countered with a sanction! If you have no evidence, then I '''''strongly suggest''''' that you reword that announcement to reflect that you found no evidence contrary to to GiacomoReturned noting he did not and was not attempting to access the wiki. I do not think the Arbitration Committee needs to be found to be apparently casting aspersions upon another contributor, especially since it is they who discovered and announced possible security breaches. I am not impressed, either, by the tone of the response. If you do not enjoy being made to look incompetent, try not to repeat the mistake in acknowledging the lapse. ] (]) 13:53, 10 December 2010 (UTC)
:::::Of course we have evidence that Giano tried to access the wiki; the system logs quite clearly show him attempting to log in using several arbitrators' accounts, some repeatedly.
:::::Now, we don't have any evidence that Giano ''successfully'' gained access to the wiki using any of the accounts in question, or that his attempts to do so were directly related to the ones made by a certain banned user around the same time; and that's why we have not imposed any sanctions in the matter. We are, in other words, choosing to assume good faith regarding Giano's motives and treat the incident as an investigation of potential security weaknesses gone awry. If you know of any reasons why we should consider it in a different light, please let us know privately. ]&nbsp;<sup>]]&nbsp;]]</sup> 14:17, 10 December 2010 (UTC)
::::::and how do you know it? because I told you - plastering it on the Arbcom Page! Using the password "123456789" - that's your's is it? repeatedly yes, i could not beleive the names I was seeing as account holders! Shame you did not see them first!Do you even know all the names? Did your bloody enquiry even look at that? looking at all those names, no wonder Jimbo was so angry with me last week. <small><span style="border:1px solid black;padding:1px;">]</span></small> 14:22, 10 December 2010 (UTC)
:::::::Considering that some of the accounts you tried repeatedly belong to a ''current'' arbitrator, I'm not sure why you would be so surprised; but that's neither here nor there. Personally, I don't believe that you had any nefarious motives in doing what you did—as I said above, I think you were trying to investigate a potential security weakness, and may have been a bit overly enthusiastic in trying different things—but, given the timing of your actions relative to those taken by other users, it was necessary for us to investigate the matter, if only to clear you of any wrongdoing. ]&nbsp;<sup>]]&nbsp;]]</sup> 14:26, 10 December 2010 (UTC)
:::::I don't want to be "cleared" by you, I would not trust you and your colleagues to run a piss up in a brewerey! <small><span style="border:1px solid black;padding:1px;">]</span></small> 14:40, 10 December 2010 (UTC)
::::::::You do know how to test for false positives, don't you? When determining the properties of an unknown you test the properties of a known - thus you test how a security function reacts to an attempt by an approved party, and see if there is a different reaction to that to a party that should not be approved. In this case, some former arbs got the same response as current arbs (that the password was not recognised while the username was) and others different - that the username was not recognised. I did the same test, but only with ex arbs account names, and got the same results as Giacomo. I did not think to also test the response for accounts of current arbs, but Giano did. However, I am smart enough to recognise a simple false positive test - which talent seems to be absent within the Committee. ] (]) 21:06, 10 December 2010 (UTC)

::Oh posture during an election - is it? I have another word for the activities of the last week, but I don't think now is quite the right time to dish it up. You need to put ypur house in order. <small><span style="border:1px solid black;padding:1px;">]</span></small> 00:36, 10 December 2010 (UTC)
:::Oh, and on a substantive matter, how else than "tried unsuccessfully to retrieve material from the wiki" would you describe trying username and password combinations, and constructing URLs to hypothetical pages to see if/what you can get from them? &mdash;&nbsp;]&nbsp;<sup>]</sup> 00:46, 10 December 2010 (UTC)
::::I dunno about Giano, but "attempted felony computer trespass" comes to mind... Seriously, Giano, that's no different than seeing a Kwikset lock on an important door, and attempting to pick it ostensibly so you can crow about the poor security. It's still attempting to commit a crime, no matter what your motive, unless you have preexisting permission to do so. ] (]) 01:02, 10 December 2010 (UTC)
:::::Don't we have a policy against calling people criminals? BLP maybe? Or NPA? Or don't they apply when you want to libel Giano? ] (]) 01:13, 10 December 2010 (UTC)
:::::::::No, they clearly don't apply. This is a bloody good start for a new Arb and it does not bode well! <small><span style="border:1px solid black;padding:1px;">]</span></small> 12:22, 10 December 2010 (UTC)
::::::I have no knowledge of what he did or did not do. He described a scenario, which may have been true or hyperbole, and I explained my understanding of the legal consequneces, including another scenario to illustrate the point. I'm neither a lawyer nor a law enforcement officer. I entirely agree it would be inappropriate to accuse Giano of a crime, but likewise it is inappropriate to excuse or minimize the severity of attempting to bypass a username/password challenge to gain access to a computer. ] applies. ] (]) 02:04, 10 December 2010 (UTC)
:::::::One of the more disruptive essays littering wikipedia, far too often used, as here, to excuse a poor choice of language. One of the reasons WP:CIVIL is pretty much a dead letter is the repeated use (or at least tacit approval) of personal attacks and BLP vios by various admins, arbs, and sole-co-founders. ] (]) 02:26, 10 December 2010 (UTC)

Let's try to deescalate this discussion significantly and promptly. The point being made in this paragraph of the committee statement is that if there ''had'' been a very serious gap in the arbwiki security as was originally suggested, publicizing this fact would have allowed malicious persons to access confidential data on the arbwiki before we had an opportunity to work with developers to identify and correct those gaps. It was entirely appropriate for Giano to inform us that a security problem appeared to exist (and indeed, his post did lead us to identify the deficiences we have noted and to address them), and his doing so served a valuable purpose that is appreciated. Our concern is that posting as much detail about the security issues as he did on-wiki could have allowed ''other'' persons than Giano&mdash;including banned users and other persons hostile to Misplaced Pages or some of its contributors&mdash;to obtain access to the information as well, utilizing the bugs in whose general direction he was pointing. This is what we are suggesting should be avoided if any data security issues&mdash;hopefully not involving the Arbitration Committee next time&mdash;are identified in the future. ] (]) 01:10, 10 December 2010 (UTC)
::Rubbish! you have tried to shoot the messenger for reporting in public. God knows what you would have done if I had been stupid enought to tell you in private. In the intersts of self-preservation, I advise all to keep all dealings with the arbcom as public as possible, and as for JC Clemens veiled legal threats, well we all know how wikipedia treats those, don't we - or do we? <small><span style="border:1px solid black;padding:1px;">]</span></small> 07:26, 10 December 2010 (UTC)
:::Good to know that you're back to your old self again now that the election's over. --]|] 07:44, 10 December 2010 (UTC)

:ArbCom is full of political tools given technical tools. Somebody ought to address that at some point. --] (]) 08:28, 10 December 2010 (UTC)

The longer I have thought about this the angrier I have become and I have been pretty angry over the last couple of weeks over their failure to attend to security and the way they have been treating me about it. Here is an Arbcom holding an enquiry into whether I managed to get into its Wiki, when it should be holding an enquiry into its own incompetence. The only excuse I can even invent for them, is that as Brad, as a candidate, was ignorant of what the rest of them were up to last week, but even he has been so foolish as to put his name to this enquiry. It is not an enquiry it is a feeble and transparent attempt to shift blame anywhere, but where it squarely belongs—with the Arbcom and its developers.

For God knows how long it has held information on many of us, which it does not permit us to see, and clearly did not need which it has then kept it an insecure wiki. When this is pointed out to them, do we have apologies or admissions of responsibility? No, we have have supercilious comments from Coren and his Arbcom cronies and a new Arb, eager to make new friends, making veiled legal threats, and of course, Scot Mac famed only for his “this is no news” comments when Abs and overnighters were caught trying to oversight/cover up one of their friends strange edits during an election.

It’s 100% clear from the intimidating emails and questions which the Arbs were emailing to me last week that they have not a clue who has been in and out of that Wiki. Last week, we were told it was impossible to delete information, now suddenly there is rightly a huge bonfire of the material held there. I know of editors with concerns who have disclosed all manner of private information to this Arbcom and now we see the respect with which they have treated it. I hope to God no-one has got in there and found any of it, but what are we getting from this incompetent crowd? “we have no evidence that ex Arbs actually accessed, and all have now been fully disabled” They don’t bloody know! And do we have an apology or indeed any sign of remorse? – do we hell! We have patronising “run along and play children, the Arbs know best” type comments. We have “Giano should have told us secretly, then no one would know how careless we have been.” I will not be made the scapegoat for this, and the rest of you should be wondering why that has even been tried. <small><span style="border:1px solid black;padding:1px;">]</span></small> 14:09, 10 December 2010 (UTC)

:The arrogant "Arbs know best and allowing the community to know what they get up to" attitude has time and again caused Arbcom to shoot itself in the foot and undermine themselves. We do seem spectacularly good at electing people with a complete lack of good-faith in the community, and a complete inability to see just how daft they look. ] (]) 14:14, 10 December 2010 (UTC)
:(edit conflict; to Giano:) Obviously the goal is that there should be no security flaws of any kind surrounding confidential information, whether in the hands of the Arbitration Committee or anyone else. To the extent any flaws exist, it is entirely right that they must be identified and fixed. The point is that if there had in fact been a gaping hole in the security as you first feared, as opposed to lesser (but still significant) issues as turned out to be the case, there are any number of persons less scrupulous than yourself who might have sought to exploit it. In such event, let there be no doubt that the primary fault would lie with actions of the malevolent person in exploiting the security gap, and another primary fault would lie with the original existence of the security gap to begin with&mdash;but how would you have felt about your own role in leading the malevolent person to it? ] (]) 14:20, 10 December 2010 (UTC)
:::had you bothered Brad to read the information gathered by your merrymen last week, you would know that that was quite the reverse of the situation! Which is why it is such a major breach! <small><span style="border:1px solid black;padding:1px;">]</span></small> 14:29, 10 December 2010 (UTC)

(ec x ??) I am also deeply unimpressed with the fact that this statement seems (whether by accident or design) to adopt a wording that paints Giano in an unnecessarily negative light. I realise that he can be an outspoken critic but he does have valid reasons for preferring public discussions; that might be unfortunate from ArbCom's perspective but that isn't a basis for declaring that he was wrong to raise his concerns publicly. I am disappointed that no Arb feels the need to distance themselves from the comments of current-arb Coren and future-arb Jclemens, which appear consistent with a hostile attitude towards the Giano as the person who brought the issues to light. ] (]) 14:22, 10 December 2010 (UTC)
:This is not about Giano, or any other individual; this is about finding the right balance between drawing attention to security issues (so that they will be dealt with) and not publicizing such issues until they can be attended to (for the reasons I have discussed a little higher in this thread). ] is overcited, but if you discover an unprotected image on the main page, is it better to post on ANI that "THERE IS AN UNPROTECTED IMAGE ON THE MAIN PAGE THAT IS A PRIME CANDIDATE FOR TEMPLATE VANDALISM!!!!" or is it better to quietly ask an administrator to protect the image? It's the same principle, really, except at a higher level. (As for Giano's individual role, an irony is that I've never bought into the necessity of the identification requirement for arbitrators, and if it weren't for the contretemps over Giano's not wanting to identify and the consequences it would have for his access to information, Giano would very possibly be an arbitrator-elect himself right now.) ] (]) 14:29, 10 December 2010 (UTC)
::On no he bloody would not because he has seen what happens when you put a good apple into a box of rotten apples, that's why I was determined to stay out of the box! <small><span style="border:1px solid black;padding:1px;">]</span></small> 14:31, 10 December 2010 (UTC)
:::Brad, the balance you mention is influenced by whether one trusts how ArbCom would respond to being told confidentially. Given Coren's comment and Kirril's comments that Giano needed clearing and the harshly worded "There is no evidence that GiacomoReturned successfully retrieved any materials from the wiki", I can understand his decision to raise the issues publicly. By the way, what would have been so bad about saying "The investigation notes there was evidence consistent with Giano's statements that he probed security vulnerabilities but did not breach the security of the arb-wiki"? It seems a fairer formulation. As for Giano as an arb-elect, Jimbo's actions strongly suggest to me that Giano wouldn't have been appointed had he had your level of support, Brad... which just shows we still have serious governance issues to sort out someday. ] (]) 14:46, 10 December 2010 (UTC)

::Brad, what will Arbcom do to reassure editors that despite their previous incompetence, they are now to be trusted to maintain appropriate levels of security? ] (]) 14:33, 10 December 2010 (UTC)
:::Well, I'm not the person with any relevant technical expertise, but among other things we've been talking directly with developers about security aspects of the arbwiki and addressing all the potential vulnerabilities that anyone has been able to think of. Some of the more technically minded arbitrators might want to jump in here with their comments; and we have a new crop of arbitrators joining us in a couple of weeks, some of whom may have some more ideas for additional steps we could potentially take, if there are any. ] (]) 14:44, 10 December 2010 (UTC)

After reading all this, I'm a little taken aback that the statement does not explicitly thank Giano for helping identify the security weaknesses. Whether he should have done it privately or publicly, the point is that because of his, made clearly in good faith, actions arbcom identified a set of security flaws and corrected them. Where's the thank you? The current statement reads a little like a grudging exoneration of a criminal (though I'm sure that is unintentional). (Also, it might be useful to consider adding some background information to statements of this sort so that readers can contextualize it. The original posting made no sense to me and, presumably to others, who were unaware of the issue.) --] (]) 14:40, 10 December 2010 (UTC)
:This statement is about the situation and not about any individual. I believe some arbitrators did express appreciation to Giano at the time he first raised the issue. Your last comment is well-taken; we need to remember that just because ''we'' have been looking carefully at an issue over a period of days doesn't mean that anyone else has it in mind at a given time. ] (]) 14:46, 10 December 2010 (UTC)
::Adding background information would have made it too obvious that Arbcom was only acting because Giano had spoken up. Of course, not adding the information just confused some and made Arbcom look small in the eyes of others. ] (]) 14:52, 10 December 2010 (UTC)
:::*Oh yeah, one other small thing our noble Arbs have not told you: I told the Risker (and Coren is conveniently forgetting) almost 24 hours before I posted it on Wiki I even tell Malleus so. I only posted it here when I realised the revolting way they were going to handle this. So you see the arcom is not being quite as straight as they say! <small><span style="border:1px solid black;padding:1px;">]</span></small> 17:38, 10 December 2010 (UTC)
:::::I wondered how long it would take you to blame me for this, Giano. When you communicated to me, I made you extremely well aware that I was addressing major Real World issues, was unable to resolve the matter myself at the time you contacted me (less than 12 hours before you posted onwiki) and that I would draw your concerns to the attentions of others - which I did; at least one other arbitrator and a developer were already reviewing the situation when you posted onwiki, a fact of which I made you aware. I am genuinely disappointed in the brinksmanship you are showing here. I am terribly sorry that you have such a strong need to "win" that you'll condemn people for putting serious real life matters ahead of satisfying your demands that they *personally* and immediately "fix" something. You were taken seriously, your report was passed on to others in a better position to review and resolve, and you were informed of that. ] (]) 17:54, 10 December 2010 (UTC)
*I am sorry, but this is what happens when you start a culture of blame, as you have tried to do to me. This was an important security lapse, you are one of many Arbs - delegate! Or are you the only one capable of looking into such matters? This farce of an enquiry absolved the arbcom and blamed the messneger, so don't you dare accuse me of aportioning blame. <small><span style="border:1px solid black;padding:1px;">]</span></small> 18:06, 10 December 2010 (UTC)
::Excuse me, I *did* "delegate". That what you considered a problem was not solved immediately to your personal satisfaction changed nothing; your concerns were being addressed. As it turns out, the thing you insisted was the problem, actually wasn't a problem at all; the accounts that you thought were accessible were not. Everyone took your concerns seriously. And we did not stop our investigation after *your* concerns were satisfied, we continued to examine other possibilities, and found other things that could be improved. ] (]) 18:17, 10 December 2010 (UTC)

*(ec)I have to say, it does like like Arbs are just about the most ungrateful bunch of so-and-sos about. Have we reverted to the OM-debacle era of incompetence and self-serving? You're all just angry that you've been shewn up (yet again), and particularly angry that it's been done by the editor Jimbo (and most of you) would most like to get rid of - trouble is of course, that at least half of you behave just as badly as he does at his worst, but few of you contribute as well as he does at his best. Pull yourselves together, stop shooting the messenger, and start acting like people with a clue. Could you have said "The committee would like to thank Giano for discovering this failure and bringing it to our attention"? Of course not, you just couldn't resist putting the boot in - and making yourselves look much worse as a result. I had thought that the current crop were above the spoilt brat behaviour of past incarnations, but clearly I was wrong. ] (]) 18:08, 10 December 2010 (UTC)
:*I don't think Giacomo should be demeaned for going up and knocking on the door in an investigative manner as he did, I mean , who wouldn't? Just walking away without knocking, well, it would be rude. Perhaps it could be added to the report that no bad faith was found in his actions and also noted that the committee are grateful for his bringing it to their attention. ] (]) 18:10, 10 December 2010 (UTC)
*Shameful announcement from a shameful group.--] (]) 18:20, 10 December 2010 (UTC)
:::I would just love to know who drafted that shameful statement before they all queued up to sign it, mind you it's not exactly stretching my brain to guess who. If I had not posted on wiki after having given them a working day to sort it, I would be banned by now - and the rest of you told God knows what! <small><span style="border:1px solid black;padding:1px;">]</span></small> 18:30, 10 December 2010 (UTC)
::::Bah, your plotlines are weakening and your charaterization is cardboard thin. Wake me up when you get to the action scenes. Once you've elaborated it to the point where you expertly evade the black helicopters of our secret police force through a daring car chase through the busy Paris streets; it might have gotten entertaining. &mdash;&nbsp;]&nbsp;<sup>]</sup> 18:56, 10 December 2010 (UTC)
::Oh dear poor Coren - you missed the action - it took place amonth or so ago - while you were asleep. <small><span style="border:1px solid black;padding:1px;">]</span></small> 19:00, 10 December 2010 (UTC)

:::::Coren, Why did ArbCom mention Giano at all? Simple take out the mention of his name and say "there is no evidence anybody gained improper access to the ArbWiki." That's all that needed to be said. The backhanded attack on Giano is outrageous. I also knocked on the door. Why are you all going after him and not me? ] <sup>]</sup> 19:02, 10 December 2010 (UTC)
:::::Yea, I went there and immediately knocked on the door also. ] (]) 19:03, 10 December 2010 (UTC)
::::::I agree with Jehochman. I am surprised and disappointed to see a respectable Committeeman take such a ''dismissive'' tone toward the legitimate concerns of the Community. Giacomo has realistic concerns about the accusatory and unappreciative tone of the Committee Statement; a kindly and apologetic response would be more appropriate. I am concerned that the Committeemen are jaded toward this user and therefore are not dealing with him in the proper manner. —&nbsp;] 19:04, 10 December 2010 (UTC)
:::::Jehochman: It was not our intent to attack Giano. You will note that at least three arbitrators who passed the statement have publicly thanked him for drawing it to our intention (although in a less-than-ideal manner). We only wanted to convey that nobody had actually attained access as far as we could tell, and Giano's discussion of "secret files on individual editors" should not be read to mean that he had actually ''accessed'' any "secret files." Some users mistakenly believed that Giano had "hacked in," and we wanted to specifically clarify that it was not true.
:::::I agree that your wording might have worked better, but we wanted to issue a timely statement&mdash;which, after all, Giano had requested. ] '']'' 20:44, 10 December 2010 (UTC)
::::::Somebody changed the wording, totally out of process, and in violation of all local, national, and intergalactic wiki policy. Nevertheless, I suggest letting it be, for the sake of peace and harmony. ] <sup>]</sup> 20:48, 10 December 2010 (UTC)
:::::::When the broken-hearted people living in the world agree... ] '']'' 20:59, 10 December 2010 (UTC)
::Oh don't worry about me, Coren is building up to one of his usual "''Giano's paranoid''" moments next. I usually indulge him a little at this stage, it makes him feel less ridicuous. That he's managed to take the rest of the Arbcom with him this time is concerning really, I suppose. <small><span style="border:1px solid black;padding:1px;">]</span></small> 19:20, 10 December 2010 (UTC)

<div style="border-style:solid; border-color:Red; background-color:white; border-width:3px; text-align:left; padding:9px;" class="plainlinks">]
Dear Reader, ] <sup>]</sup> has given you some ]. Popcorn is crunchy goodness, and is wonderfully delicious!

Be sure to grab some before reading this conversation.<br />
{{clear}}
</div><!-- Template:Popcorn -->

Right - I can't see anything more useful coming from this thread. Tempers are getting frayed and I think we all need to move on before tempers get more frayed. I can see how it developed ''(sigh)'' and I think we just need to all leave this thread alone for a little while. ] (] '''·''' ]) 20:38, 10 December 2010 (UTC)
:May be true, but trying to conceal it under a hat with a dismissive summary is highly ianppropriate.--] (]) 20:41, 10 December 2010 (UTC)
::Perhaps arbs would consider rewording the statement along the lines suggested in this discussion - thank giano, explain circumstances, etc. That would defuse this in a flash. --] (]) 20:49, 10 December 2010 (UTC)
:::Already been done. Per ]. ] <sup>]</sup> 20:51, 10 December 2010 (UTC)
::::No more jibe against Giano, but no thanks to him either. It's striking the kind of warfare that was required to remove the jibe. ] (]) 20:54, 10 December 2010 (UTC)
:::Several arbitrators ''did'' thank Giano. Sheesh. ] '']'' 20:56, 10 December 2010 (UTC)
::::"Arbcom" though did not. Quite the opposite.--] (]) 20:58, 10 December 2010 (UTC)
:::::(ec) There are no thanks recorded on the announcement page. ] (]) 21:00, 10 December 2010 (UTC)
::::::(multiple ecs)There is a difference between a public thanks and a private thanks. And, trust me, for someone who doesn't know what's going on, and i'm sure that was not intended, the original announcement made it appear as if giano was maliciously attempting to break into where he's not supposed to go. The new statement reads much better but it would be nice if there was a thank you to giano, jehochman and anyone else who helped point toward security flaws. A bit of graciousness goes a long way. --] (]) 21:04, 10 December 2010 (UTC)
:::::::No need to thank me. I'm just glad I wasn't banned. ] <sup>]</sup> 21:06, 10 December 2010 (UTC)
::::::He was ''publicly'' thanked by at least three arbitrators. The intent of the bullet point was to specifically repudiate the myth that Giano "hacked in" (see my longer comment above to Jehochman). ] '']'' 21:14, 10 December 2010 (UTC)
*Regardless of how infelicitous the original statement might have been (something which is debatable but probably shouldn't be), the fact of the matter is that the arbitrators signed one specific statement and not a modified version of it. One cannot retroactively alter the record like that. &mdash;&nbsp;]&nbsp;<sup>]</sup> 21:02, 10 December 2010 (UTC)
::EC:- ::I see nothing changed; it remains a calculated and inflammatory insult. <small><span style="border:1px solid black;padding:1px;">]</span></small> 21:03, 10 December 2010 (UTC)
:::Indeed, until they retract the insult, somebody else editing the announcement does not cure your grievance. ] <sup>]</sup> 21:06, 10 December 2010 (UTC)
::::The insulting reference to Giano has been reinstated. ] (]) 21:09, 10 December 2010 (UTC)
:(EC's) How about you all go back and revote on one that isn't morally bankrupt?--] (]) 21:07, 10 December 2010 (UTC)
::::::Whatever the intent, and I can't believe that there was anything malicious behind the statement, it is fairly obvious that many editors believe that the reference to giano was inappropriate and conveyed an incorrect impression. Appearances are generally 90% of things, and it may not be a bad idea to reword the statement (or for individual arbs to reconsider their votes). --] (]) 21:21, 10 December 2010 (UTC)
**You've done nothing but inflame and insult people continually recently. You are in no place to demand satisfaction. The hypocrisy here is outstanding as usual. You tried to stir drama by inferring that certain ex-arbs still had access. It might have been a real concern, but you were wrong. Now, rather than let it rest, you are clutching at straws to keep up the tension. As I've said, at one time the tenacity and campaigning was perhaps admirable, now it has slipped into childish and narcissistic trolling. It is beginning to bore. No doubt I will now be abused for calling it as it obviously is.--] 21:11, 10 December 2010 (UTC) --] 21:45, 10 December 2010 (UTC)
***RegentsPark has been very civil lately. Are you sure this comment is in the right place? ] <sup>]</sup> 21:27, 10 December 2010 (UTC)
****Apologies. I fixed my indent (added a few extra to be on the safe side). Still, it does now appear that Scott is responding to coren and I don't think that's his intention. --] (]) 21:34, 10 December 2010 (UTC)

*Hold on. GiacomoReturned posted here on 26 November that he had made attempts to enter the arbwiki; at that time he neither confirmed nor denied that he had gained access. Why is it that Arbcom confirming what Giano says himself, that he did not gain access, is an insult? ] (]) 21:37, 10 December 2010 (UTC)
**The announcement is without any context. It says that giano was trying to get access to arbwiki. All that may be true but without any note that giano himself brought this to the attention of arbs this puts giano in a very poor light. Breaking and entering is criminal behavior. Now, apparently, his motives were pure. Why not just thank him, inform everyone that the reason for all this is because he thoughtfully pointed to a security flaw, that you found a different flaw but wouldn't have done so without his intervention, and be done with it. Those are, after all, the facts - aren't they? --] (]) 21:47, 10 December 2010 (UTC)
:::*The ambiguity and "double entendre" of the phrasing. The reference that you should have been told privately, when you were told privatly. The fact that the aportioning of blame is appareant and one sided. The fact you accept no responsibility yourselves and the fact no one now beleives a word you say - I know the names of '''all''' the former Arbs and others who had access untill last week, why don't you publish them? Ask them to deny they had access (I don't doubt they will) - an interesting collection with one common denominator. I'm not bothering with you any longer Risker, you and your cronies here are disgraced and floundering wildly to save yourselves. <small><span style="border:1px solid black;padding:1px;">]</span></small> 21:54, 10 December 2010 (UTC)
::::*"former Arbs and others who had access untill last week" that is a very serious allegation. If it isn't true, it would appear to be libellous. It would appear to mean that all the arbs who signed the motion were lying, and all should be banned. Giano - can you substantiate that allegation?--] 21:59, 10 December 2010 (UTC)
::::::*Oh if it makes you happier "potential" accesss. Did they or didn't they? That's the question. You see Scott, the Arbcom doesn't know.<small><span style="border:1px solid black;padding:1px;">]</span></small> 22:02, 10 December 2010 (UTC)
::::::::*as you know, that's an entirely different thing. What you are saying is that you have proof (what?) that arbcom's statement is, in fact, correct.--] 22:04, 10 December 2010 (UTC)
::I am saying that I think it would be a good idea if the Arbcom screwed up their findings, drafted a new piece of paper, gave it some greater consideration and then signed it. That would defuse the situation and allow us all to go to bed. <small><span style="border:1px solid black;padding:1px;">]</span></small> 22:07, 10 December 2010 (UTC)
{{User:Scott MacDonald/JFK}} Appropriate userbox supplied.--] 22:15, 10 December 2010 (UTC)
<br clear=all/>

=== Section break ===

Oh, a substantive point was raised somewhere up there in the middle: "Why did ArbCom mention Giano at all?" The reason is simple. At the time we got a hold of a sysadmin who could inspect the server logs (which is just a bit before Giano made his public post), there were exactly two persons who had made failed attempts to access the ArbCom wiki, over a period a little more than and hour and a half long. One is a banned user, and the other is Giano. ''Giano is the only one to have made an on-wiki claim of having tried to log in on that wiki'', and we felt it important to note that he had not, in fact, accessed anything.<p>It's entirely possible that more people might have tried the same thing ''after'' Giano made his public statement; I doubt it's useful to request that a sysadmin again inspects the logs just to be able to confirm that "other editor X also tried and did not get in". &mdash;&nbsp;]&nbsp;<sup>]</sup> 00:00, 11 December 2010 (UTC)

:Before someone jumps in and turns Coren's statement right above me into saying "They're just trying to get Giano", I think I should point out that the reason that we are not redumping the logs on a regular basis to determine if someone's trying to access it, the method that Giano and the banned user found to "access" the arbcom wiki only worked to give a "ping" that there was a page on whatever they plugged into the URL (so if they put Foo in the proper place in the URL, but wasn't logged in, they'd get a login response, confirming there was a page Foo), but they did not get any information as to what that page entailed.

:As I understand from the discussions the Committee had with developers, the hole that allowed Giano to get that "ping" back has been patched, and that in these discussions, we are looking at additional methods to make sure that the data remains secure. I wish Giano had contacted one of the Arbs he has a warmer relationship with (and before anyone scoffs, I know of several arbs who Giano contacts and talks with every so often, including myself) with before going public with the fact there was a potential security hole. As it was, if the method WAS a full breach, a banned user who specializes in off-site harassment of editors would have all the privacy-related information that was on the ArbCom wiki. So.. Giano DID find an area that needed looking at, and as a result there is active, ongoing work between the Committee and the developers to make the information on the ArbCom-wiki more secure, and for that I will publicly thank him. However, the method of disclosure of this breach and the discussion that followed was much less then optimal. ] (]) 00:19, 11 December 2010 (UTC)

Ya'll need to step back & take a break folks. Howabout a 6 months intermission? ] (]) 01:09, 11 December 2010 (UTC)

::I just don't understand what benefit you derive from personalizing the incident. But more than that, the phrasing is awful. Read the section as though you were completely unfamiliar with the topic. Giano isn't even introduced before you say "There is no evidence that successfully retrieved any materials from the wiki." Maybe it's just my jaded view at this whole Misplaced Pages circus, but it has a very "]" kind of feeling.
::You all really ought to consider changing it. There's nothing wrong with copy-editing. It's the wiki way. --] (]) 01:22, 11 December 2010 (UTC)
:::Do you mind if I copy-edit this statement, but leave your signature? ] (]) 02:53, 11 December 2010 (UTC)

:::MZMcBride makes a valid point here. We should have noted that this statement was made in response to a post where Giano ''asked for an official comment''. We provided an official comment, but should we have run that official comment past Giano first before publishing it? Maybe, but the reason for publishing this was because Giano himself said ''''''. Well, we provided that. Should we have run the draft past the community first? The incoming arbitrators will be able to review the entire sets of discussion that took place on these matters, and judge for themselves. ] (]) 03:04, 11 December 2010 (UTC) <small>I've now added . ] (]) 03:11, 11 December 2010 (UTC)</small>
:::The note does clarify matters. Supported. &mdash;&nbsp;]&nbsp;<sup>]</sup> 04:53, 11 December 2010 (UTC)

<small>I may find myself without internet for the next few days, so rather than wait if the situation will be resolved, as appears to be the case, I will comment now:</small> Ideally, Arbcom would lead by example. That's not always possible, but at least Arbcom should not undermine its own rulings by collectively and vigorously breaking their spirit. I see enormous tension between the following two official Arbcom pronouncements:
{{blockquotetop}}
It is unacceptable for an editor to routinely accuse others of misbehavior without reasonable cause in an attempt to besmirch their reputations. Concerns, if they cannot be resolved directly with the other users involved, should be brought up in the appropriate forums with evidence, if at all.
----
* There is no evidence that GiacomoReturned successfully retrieved any materials from the wiki.
* A banned user attempted to gain access around the same time that GiacomoReturned did; again, there is no evidence that any materials were successfully retrieved.
{{blockquotebottom}}
This must be fixed. I see this as part of a general pattern of Arbcom not communicating effectively. I hope that the new Arbcom will
# take measures to minimise the likelihood of such communication disasters in the future, and
# develop strategies for mitigating, rather than aggravating, them when they become apparent. E.g. Arbcom pronouncements could be run by uninvolved third parties whose job it is to completely rephrase them, so that problems in the wording can be identified before it becomes official.
And there should be an ethos that the ''idea'' of an Arbcom pronouncement counts, not its wording. If the words don't describe the idea effectively, so that, e.g., Arbs disagree about the meaning of the words, then the wording is defective and this must be admitted and addressed. ] ] 23:13, 11 December 2010 (UTC)
:A few points to make here:
:*''"Arbcom pronouncements could be run by uninvolved third parties whose job it is to completely rephrase them, so that problems in the wording can be identified before it becomes official."'' This isn't a bad idea, actually. But part of the problem comes from the siege mentality that can be provoked when there is a public outcry in response to a statement like this. It makes ArbCom more likely to issue bland statements that have been 'tested' first - do you really want things to go down that route?
:*What happened here was that Giano made a hue and cry about arbwiki security and demanded an official statement. The committee (which includes me) discussed and voted on an official response that was initially quite short and was then expanded to provide details we thought would help explain things somewhat, but seems to have had the opposite effect. Part of the statement was based on correspondence and evidence that is not public. There were attempts to communicate with Giano that didn't really get very far. We concluded (not unreasonably, in my opinion) that Giano (despite appearances based on what he had said) hadn't actually seen what he said he had seen (or was being imprecise about what he had seen), and had merely been poking around trying to see what was there (like many other people have been). However, there was a distinct possibility here, given the (admittedly circumstantial) evidence we had before us, that our conclusions could have been completely different.
:*Maybe the statement should have said ''"we asked Giano about this, but his responses were unhelpful"'' - would that have been any better? My view on this is quite simple. If Giano had corresponded with us in private about this, instead of going public at the time he did, and tried to be more helpful when we contacted him, rather than being angry half the time, the necessary changes would still have taken place, and any public statement would not have been so controversial. There are examples of other people raising matters with us that get resolved without any hue and cry, so it can be done. But the approach of angrily demanding an official comment, and then angrily decrying the official comment, doesn't really work.
:*With hindsight, though, a copy of the statement should have been sent to Giano first as a courtesy, not to let him change it, but to allow him to raise objections for consideration.
:For what it is worth, Giano has my thanks (belatedly) for raising this entire matter, since it did indirectly alert us to some matters of account security needed to be addressed, and led to a shake-up of how the arbwiki is handled. ] (]) 04:04, 12 December 2010 (UTC)

::I have internet for a few minutes, so just a quick response to one aspect: "whose job it is to completely rephrase them" -- I see I wasn't clear. The idea is that someone completely rephrases your pronouncement, possibly using more frank language for what they think you wanted to say, and then you compare to see whether it is what you meant, and perhaps adapt your wording if it isn't. In this case a possible result would have been "Giano tried to break into the Arbcom wiki but failed, so there is no reason for concern." Obviously the idea of such tests would not have occurred to me if I did not have the impression that you have been a bit careless. It was most obvious with the climate change topic bans. They contained wording that was read as purely ornamental by some and as severely restricting the scope of the bans by others. At first I thought this was deliberate, but when it became apparent that the Arbs themselves disagree about the scope of the bans I decided that the real problem is different levels of reading comprehension between Arbs. ] ] 09:48, 13 December 2010 (UTC)
:::What you describe isn't restricted to arbitrators. It's a widely known and researched phenomenon. Different people take different meanings from the same words. This is governed as much by how the readers themselves use the word/s as how the writer does (cf. idiolect and lexicon); the social and/or professional context/s in which they use them or see/hear them used; what meaning the reader wants the words to have; which meaning of multiple meanings apply (most words have more than one); whether the reader takes the primary or seconday meaning of the word; whether the word has a special contextualised meaning; whether the word has a literal meaning as well as an extended metaphorical one (concrete v. abstract) and so forth. I'm not sure if there's a simple answer. &nbsp;] <sup>]</sup> 10:47, 13 December 2010 (UTC)
::::Exactly. ], ], ] should all be blue-links. Maybe a warning should be attached to all ArbCom announcements - ''"this may not mean what you think it does - if there are several ways to interpret this statement, please ask for clarification rather than assume your interpretation is correct"''. Obviously the language used should be as clear and precise as possible, and we should strive to phrase things as unambiguously as possible, but that isn't always the case and sometimes is not obvious to those drafting such statements, and when it isn't, asking and then waiting for clarification is better than possibly running with an incorrect interpretation. ] (]) 11:11, 13 December 2010 (UTC)
:::::Indeed, and - while we're at it - ]; the phenomenon of people taking/making the interpretation most favourable to their position and discounting any other. &nbsp;] <sup>]</sup> 11:19, 13 December 2010 (UTC)
::*I must be alone here in crediting the Arbcom with the ability to speak and write English. They wrote a statement, and are now backtracking on it because they rightly realise it has caused a backlash against them. They would have found me a great deal more forthcoming and amenable to their enquiry if they had approached me with goodwill and an open mind. As it was, I had an accusatory and blunt couple of emails making all manner of inisinuations from Knight Largo and veiled warnings from Risker. I am prepared now to say no more about this; I hope they have been taught a valuable lesson. Now let this be the end of it. <small><span style="border:1px solid black;padding:1px;">]</span></small> 08:56, 14 December 2010 (UTC)
:::''They would have found me a great deal more forthcoming and amenable to their enquiry if they had approached me with goodwill and an open mind.'' I'm not sure that statement is capable of supporting the irony inherent in it. --] (]) 15:25, 14 December 2010 (UTC)
::::Let's take a breather. ] (]) 15:39, 14 December 2010 (UTC)

Latest revision as of 18:10, 25 December 2024

Shortcuts
What this page is for:
This page is for discussion of formal announcements by the Committee, including clarification of the specifics of notices.
What this page is not for:
To request arbitration, see Misplaced Pages:Arbitration/Requests. For information on the Committee, see Misplaced Pages:Arbitration Committee. To report a violation of a Committee decision, see Misplaced Pages:Arbitration/Requests/Enforcement.

Archives

Index 1, 2, 3, 4, 5, 6, 7, 8, 9, 10
11, 12, 13, 14, 15, 16, 17, 18, 19, 20
21, 22, 23, 24, 25, 26, 27, 28, 29, 30
31, 32, 33, 34, 35, 36, 37, 38, 39, 40
41, 42, 43, 44, 45, 46, 47, 48, 49, 50
51, 52



This page has archives. Sections older than 10 days may be automatically archived by Lowercase sigmabot III.
Misplaced Pages Arbitration
Open proceedings
Active sanctions
Arbitration Committee
Audit
Track related changes

Behaviour on this page: This page is for discussing announcements relating to the Arbitration Committee. Editors commenting here are required to act with appropriate decorum. While grievances, complaints, or criticism of arbitration decisions are frequently posted here, you are expected to present them without being rude or hostile. Comments that are uncivil may be removed without warning. Personal attacks against other users, including arbitrators or the clerks, will be met with sanctions.