| Revision as of 22:19, 7 January 2007 editCyde (talk | contribs)28,155 editsNo edit summary← Previous edit | Revision as of 22:32, 7 January 2007 edit undoAmarkov (talk | contribs)11,154 edits →Someone please explain to me...: commentNext edit → | ||
| Line 26: | Line 26: | ||
| *It isn't all that hard to design a RNG algorithm such that determining the times from it without having direct access is too hard to be plausible. Video games have managed that for a while, I think that a bot can. -] <small><sup>]</sup><sub>]</sub></small> 22:06, 7 January 2007 (UTC) | *It isn't all that hard to design a RNG algorithm such that determining the times from it without having direct access is too hard to be plausible. Video games have managed that for a while, I think that a bot can. -] <small><sup>]</sup><sub>]</sub></small> 22:06, 7 January 2007 (UTC) | ||
| **I agree with Amarkov here ... any even somewhat decent implementation of a RNG would not allow anyone to predict its random numbers, even with access to the source. Besides, even if it was a simple timestamp RNG, on-wiki actions are only reported to the nearest second, whereas the script would be using a more fine-grained time seed than that. So there really would be no way to try to predict when it would run again. --] 22:19, 7 January 2007 (UTC) | **I agree with Amarkov here ... any even somewhat decent implementation of a RNG would not allow anyone to predict its random numbers, even with access to the source. Besides, even if it was a simple timestamp RNG, on-wiki actions are only reported to the nearest second, whereas the script would be using a more fine-grained time seed than that. So there really would be no way to try to predict when it would run again. --] 22:19, 7 January 2007 (UTC) | ||
| *I don't really think my point got across. If you wanted to build a vandalbot, you could do it from this, grabbing the unprotected pages... or you could just remove the checkpage requirement from AWB, set it on auto mode, and vandalize away. Much easier than introducing editing functionality to a bot that doesn't have it, and plus, as long as you have a user and user talk page, and are careful not to remove or add too much stuff, it won't look any more suspicious than any other AWB fix. While removing the checkpage requirement isn't a trivial matter, anyone who could turn this bot into a vandalbot could manage it. -] <small><sup>]</sup><sub>]</sub></small> 22:32, 7 January 2007 (UTC) | |||
| == Current status question == | == Current status question == | ||
Revision as of 22:32, 7 January 2007
Someone please explain to me...
Why can't the source code be revealed? AWB would require much less modification to be an effective vandalbot, and its source is freely available to anyone who cares. -Amarkov edits 18:18, 7 January 2007 (UTC)
- Not sure, I have read it and it seems to be safe releasing the source. HighInBC 18:26, 7 January 2007 (UTC)
If Dragons flight released the source, I would withdraw my opposition. My only significant beef is the needless secrecy. Cheers, ✎ Peter M Dodge ( Talk to Me • Neutrality Project ) 19:05, 7 January 2007 (UTC)
Dragons flight has stated (see comment under Oppose #1), "The code has been released to trusted members of the community for review, but it will not be made public. I feel the risk of people adapting certain functions to create powerful vandalbots is too great." Perhaps other users who have seen and reviewed the code can comment on this issue. This seems a plausible concern to me but an even bigger concern to me is that releasing the code would allow the vandals to try to reverse-engineer ways around it (compare WP:BEANS). Newyorkbrad 19:10, 7 January 2007 (UTC)
- There is no WP:BEANS here. This is nothing that couldn't be done with the freely and openly available pywikipedia framework. Cheers, ✎ Peter M Dodge ( Talk to Me • Neutrality Project ) 19:21, 7 January 2007 (UTC)
- I agree, pywikipedia framwork, the perl wikimedia module, or just plain html scripting can get the same results. The functions this bot performs are not difficult to reproduce. What's more, the code would not be able to perform admin functions on a non-admin account anyways, so it is really just the recursive unprotected template/image finder. If the bot is functioning, then this list of unprotected pages will not be a threat. I read the source, I see no reason to keep it a secret, but I respect the authors right to do so. HighInBC 19:28, 7 January 2007 (UTC)
- Earlier today, I was thinking the same thing as you, HighinBC, but I've realised the potential issue with releasing the code. I'm going to break WP:BEANS here (on the understanding that the code won't be released), in order to enlighten everyone. The simple matter is that the bot code could be changed to automatically vandalise every unprotected page, perhaps before the bot would be able to protect, and cause the vandalised page to be protected. This is a very serious possibility, allowing vandals to easily impose mass vandalism (esp image vandalism). I anyone thinks that this comment is severely WP:BEANS, blank it. Martinp23 20:03, 7 January 2007 (UTC)
- This could be easily done with ANY bot framework - including my own or perlwikipedia - so where's the specific risk? Please clarify. Cheers, ✎ Peter M Dodge ( Talk to Me • Neutrality Project ) 20:21, 7 January 2007 (UTC)
- We get it. The point is that we want to make it as hard as possible for people to do that. Would you like Tawker to release the source for AVB too? That would be incredibly stupid too. -Royalguard11(Talk·Desk·Review Me!) 20:36, 7 January 2007 (UTC)
- Peter, I'm sure that perlwikipedia doesn't allow you to find all unprotected pages/files linked from one, does it? Martinp23 20:41, 7 January 2007 (UTC)
- Actually, yeah, it does, thanks to the lovely patch the devs made to the transclusion list code. Shadow1 (talk) 22:11, 7 January 2007 (UTC)
- I can get every contribution an editor's made, every edit to an article by x users - getting all transclusions is trivial, since it's just a api.php hack. I appreciate the security concerns, but I feel they are unwarranted. Cheers, ✎ Peter M Dodge ( Talk to Me • Neutrality Project ) 20:53, 7 January 2007 (UTC)
- You can get the list of pages trancluded on one page using api.php?! Wow - I didn't know that (though I do use api.php a lot for my bots, I tend to stick to the same queries). Can you give me a link to show this (just out of interest)? Martinp23 21:30, 7 January 2007 (UTC)
- Peter, I'm sure that perlwikipedia doesn't allow you to find all unprotected pages/files linked from one, does it? Martinp23 20:41, 7 January 2007 (UTC)
- That is a really simple sub-routine to make for anyone capable of editing existing code. HighInBC 20:42, 7 January 2007 (UTC)
- I'm fairly certain that I could write a decent vandalbot in under 5 minutes with perlwikipedia, it's not like this sort of thing requires a rocket scientist </cliche>. Any fifth grader with a decent knowledge of Perl and a copy of the WWW::Mechanize module can write one. Shadow1 (talk) 22:11, 7 January 2007 (UTC)
- We get it. The point is that we want to make it as hard as possible for people to do that. Would you like Tawker to release the source for AVB too? That would be incredibly stupid too. -Royalguard11(Talk·Desk·Review Me!) 20:36, 7 January 2007 (UTC)
On thing that just came to my mind - Dragons flight noted on the BRFA that the bot would run on random times etc. to prevent the vandals from predicting its execution and racing to vandalism. I haven't seen the code yet, but this feature (or something similar) may well be the reason that the release of the source code would violate WP:BEANS. Миша13 22:01, 7 January 2007 (UTC)
- It isn't all that hard to design a RNG algorithm such that determining the times from it without having direct access is too hard to be plausible. Video games have managed that for a while, I think that a bot can. -Amarkov edits 22:06, 7 January 2007 (UTC)
- I agree with Amarkov here ... any even somewhat decent implementation of a RNG would not allow anyone to predict its random numbers, even with access to the source. Besides, even if it was a simple timestamp RNG, on-wiki actions are only reported to the nearest second, whereas the script would be using a more fine-grained time seed than that. So there really would be no way to try to predict when it would run again. --Cyde Weys 22:19, 7 January 2007 (UTC)
- I don't really think my point got across. If you wanted to build a vandalbot, you could do it from this, grabbing the unprotected pages... or you could just remove the checkpage requirement from AWB, set it on auto mode, and vandalize away. Much easier than introducing editing functionality to a bot that doesn't have it, and plus, as long as you have a user and user talk page, and are careful not to remove or add too much stuff, it won't look any more suspicious than any other AWB fix. While removing the checkpage requirement isn't a trivial matter, anyone who could turn this bot into a vandalbot could manage it. -Amarkov edits 22:32, 7 January 2007 (UTC)
Current status question
(cross-posted to bot approval page) With the RfA now pending, is ProtectionBot currently operating during the RfA period? I hope that it is, at least on an ongoing trial basis. Newyorkbrad 20:21, 7 January 2007 (UTC)
- A member of the BAG ended the trial after one day and instructed DF to shut down the bot here, and DF did as he requested, so no, it's not running. —bbatsell ¿? 20:30, 7 January 2007 (UTC)
Suggest continued trial operation during RfA period
If Dragons flight is willing I would like to see this bot continue operating on a trial basis during the RfA period, both so we have the benefit of its services during the next week and so that in the unlikely event of an issue arising the RfA !voters could consider it. Comments? Newyorkbrad 20:32, 7 January 2007 (UTC)