[Cz-tech] Fw: Re: A question about bots

Daniel Mietchen daniel.mietchen at googlemail.com
Sat Jan 16 17:34:35 CST 2010 

Thanks for this one, too.

On Mon, Jan 11, 2010 at 7:02 PM, dan nessett <dnessett at yahoo.com> wrote:
> Here is some more helpful information about bots from Happy-melon.
>
> Dan
>
> --- On Mon, 1/11/10, Happy-melon <happy-melon at live.com> wrote:
>
>> From: Happy-melon <happy-melon at live.com>
>> Subject: Re: A question about bots
>> To: "dan nessett" <dnessett at yahoo.com>
>> Date: Monday, January 11, 2010, 9:23 AM
>> A malfunctioning bot is really no
>> different to a vandal, and the Wikimedia projects have
>> developed some seriously powerful tools for dealing with
>> vandals :-D  You might want to look at the Nuke
>> extension, which allows one-click deletion of all pages
>> created by a particular user; and there are anti-vandal
>> scripts that allow one-click reversion of all outstanding
>> edits. However, there's really no substitute for writing and
>> carefully testing effective and conservative bot code in the
>> first place.
>>
>> Sure, go ahead.
>>
>> --HM
>>
>> --------------------------------------------------
>> From: "dan nessett" <dnessett at yahoo.com>
>> Sent: Monday, January 11, 2010 5:17 PM
>> To: "Happy-melon" <happy-melon at live.com>
>> Subject: Re: A question about bots
>>
>> > Thanks -HM-.
>> >
>> > I realize that bots can't do anything that a human
>> user can do, but since they can do them at an accelerated
>> rate, they can cause a lot of damage in a short period of
>> time. My concern is not that something would be done
>> maliciously, but that the bot would have a bug that causes a
>> lot of damage that a sysops would have to correct manually.
>> We are really thin on people who could fix up mistakes of
>> this kind and their time is somewhat limited.
>> >
>> > Thanks for the info on the rollback permission. I
>> would like to share this with others. May I forward you
>> email to our tech mailing list?
>> >
>> > Dan
>> >
>> > --- On Mon, 1/11/10, Happy-melon <happy-melon at live.com>
>> wrote:
>> >
>> >> From: Happy-melon <happy-melon at live.com>
>> >> Subject: Re: A question about bots
>> >> To: "dan nessett" <dnessett at yahoo.com>
>> >> Date: Monday, January 11, 2010, 3:20 AM
>> >> There's nothing a bot can do to
>> >> "irreversibly corrupt the database", any more than
>> a normal
>> >> user.  The only abilities bots have is the
>> capacity to
>> >> make a very large number of edits very rapidly;
>> the
>> >> permissions given to the 'bot' group just hides
>> this flood
>> >> from RecentChanges and newmessages, and excludes
>> them from
>> >> various rate limiters and throttles.  The
>> only
>> >> acknowledged dangers from a rogue *sysop* account
>> are using
>> >> the 'editinterface'/'edituserjs' rights to run
>> compromising
>> >> JavaScript on readers' browsers, and using
>> >> 'delete'/'move'/'undelete' to merge the page
>> histories of
>> >> important articles.  The latter is not
>> irreversible,
>> >> it's just incredibly time-consuming to unpick.
>> >>
>> >> I assume you're familiar with the mapping between
>> actions
>> >> --> permissions --> groups --> users that
>> comprises
>> >> the MediaWiki rights structure.  I don't see
>> why the
>> >> bot would need any permissions other than
>> 'rollback', which
>> >> can be assigned separately from the sysop group as
>> is done
>> >> on enwiki.  You can assign the 'rollback'
>> permission
>> >> (which allows holders to rollback) to a
>> 'rollbacker' group
>> >> ($wgGroupPermissions['rollbacker']['rollback'] =
>> true;) and
>> >> then assign that group to the bot account.
>> The bot
>> >> *owner* may indeed require 'move'/'delete'
>> permissions to
>> >> properly test the bot.  From above, the only
>> genuinely
>> >> 'dangerous' permissions are 'editinterface',
>> 'edituserjs'
>> >> and 'undelete'; if you don't trust the user not to
>> go on a
>> >> spree, *and* you have pages on the wiki that are
>> worth
>> >> protecting (which I would doubt if it's a test
>> wiki, unless
>> >> it's using the same database as the main site),
>> you may wish
>> >> to create a 'sysop-lite' without these
>> permissions.
>> >>
>> >> Hope this helps,
>> >>
>> >> --HM
>> >>
>> >>
>> --------------------------------------------------
>> >> From: "dan nessett" <dnessett at yahoo.com>
>> >> Sent: Monday, January 11, 2010 1:54 AM
>> >> To: "Happy-melon" <happy-melon at live.com>
>> >> Subject: A question about bots
>> >>
>> >> > -HM-
>> >> >
>> >> > We now have a test wiki up and running on CZ
>> >> (test.citizendium.org). One of our users has
>> requested sysop
>> >> privileges on it so he can develop bots that have
>> a
>> >> roll-back capability. This requires the bots to
>> have page
>> >> move and delete privileges.
>> >> >
>> >> > What is your experience with bots having
>> sysop
>> >> privileges? Is this normal? If so, what sort of
>> measures are
>> >> normally put in place to protect the wiki from
>> bots
>> >> irreversibly corrupting the wiki page db?
>> >> >
>> >> > Dan
>>
>>
>>
>
>
>
> _______________________________________________
> Cz-tech mailing list
> Cz-tech at mail.citizendium.org
> http://mail.citizendium.org/mailman/listinfo/cz-tech
>



-- 
http://www.google.com/profiles/daniel.mietchen

More information about the Cz-tech mailing list