[Cz-tech] Bots and privileges

[dan nessett]

OK. When you have finished your research and have some more relevant information, it would be very useful to post it on cz-tech. That way, it is archived for later reference.

--- On Sat, 1/16/10, Daniel Mietchen <daniel.mietchen at googlemail.com> wrote:

> From: Daniel Mietchen <daniel.mietchen at googlemail.com>
> Subject: Re: [Cz-tech] Bots and privileges
> To: "dan nessett" <dnessett at yahoo.com>
> Cc: cz-tech at mail.citizendium.org
> Date: Saturday, January 16, 2010, 3:32 PM
> Thanks to Dan for starting this
> thread.
> 
> I had a look at
> http://en.wikipedia.org/wiki/Wikipedia:Rollback_feature
> and think it
> comes close to what we need, but it is not an exact hit.
> For instance,
> it does not cover situations which involve the creation of
> a page. I
> am looking around for alternatives - there is a
> revertbot.py script,
> for instance, but I have not had a closer look at it yet.
> 
> In any case, I think it is best to postpone decisions about
> automated
> editing with sysop rights until we have a bot manager. At
> the moment,
> I am just investigating the technical aspects behind this.
> 
> On Mon, Jan 11, 2010 at 6:46 PM, dan nessett <dnessett at yahoo.com>
> wrote:
> > I am moving what started out as a private conversation
> about bots and the privileges they require to the cz-tech
> mailing list. Daniel Mietchen has expressed an interest in
> running some bots on the CZ test wiki to demonstrate they
> are sufficiently tested to run on the live wiki. There is a
> concern that a buggy bot might corrupt a lot of pages on the
> wiki, requiring a great deal of manual work to restore them
> to their original state. Consequently, the policy
> discussions so far have placed a requirement on bots that
> there is an automated way to roll-back their changes.
> >
> > I asked a contact I have, Happy-melon (obviously a
> pseudonym), who has experience with wiki management and
> development to comment on this issue. His response is below.
> He mentions the existence of a 'rollback' permission that
> might suit the requirements we have for bot activity. In
> order to make progress on this issue, I suggest the
> following.
> >
> > Since Daniel is the one who wishes to pursue bot
> activity, it is really his responsibility to do the research
> necessary to understand how the 'rollback' permission works
> and explain it to the rest of us. He also should formulate a
> testing plan for his bots that convinces others that they
> have sufficient rollback capability so their actions can be
> neutralized.
> >
> > Dan
> >
> > --- On Mon, 1/11/10, Happy-melon <happy-melon at live.com>
> wrote:
> >
> >> From: Happy-melon <happy-melon at live.com>
> >> Subject: Re: A question about bots
> >> To: "dan nessett" <dnessett at yahoo.com>
> >> Date: Monday, January 11, 2010, 3:20 AM
> >> There's nothing a bot can do to
> >> "irreversibly corrupt the database", any more than
> a normal
> >> user.  The only abilities bots have is the
> capacity to
> >> make a very large number of edits very rapidly;
> the
> >> permissions given to the 'bot' group just hides
> this flood
> >> from RecentChanges and newmessages, and excludes
> them from
> >> various rate limiters and throttles.  The only
> >> acknowledged dangers from a rogue *sysop* account
> are using
> >> the 'editinterface'/'edituserjs' rights to run
> compromising
> >> JavaScript on readers' browsers, and using
> >> 'delete'/'move'/'undelete' to merge the page
> histories of
> >> important articles.  The latter is not
> irreversible,
> >> it's just incredibly time-consuming to unpick.
> >>
> >> I assume you're familiar with the mapping between
> actions
> >> --> permissions --> groups --> users that
> comprises
> >> the MediaWiki rights structure.  I don't see why
> the
> >> bot would need any permissions other than
> 'rollback', which
> >> can be assigned separately from the sysop group as
> is done
> >> on enwiki.  You can assign the 'rollback'
> permission
> >> (which allows holders to rollback) to a
> 'rollbacker' group
> >> ($wgGroupPermissions['rollbacker']['rollback'] =
> true;) and
> >> then assign that group to the bot account.  The
> bot
> >> *owner* may indeed require 'move'/'delete'
> permissions to
> >> properly test the bot.  From above, the only
> genuinely
> >> 'dangerous' permissions are 'editinterface',
> 'edituserjs'
> >> and 'undelete'; if you don't trust the user not to
> go on a
> >> spree, *and* you have pages on the wiki that are
> worth
> >> protecting (which I would doubt if it's a test
> wiki, unless
> >> it's using the same database as the main site),
> you may wish
> >> to create a 'sysop-lite' without these
> permissions.
> >>
> >> Hope this helps,
> >>
> >> --HM
> >>
> >>
> --------------------------------------------------
> >> From: "dan nessett" <dnessett at yahoo.com>
> >> Sent: Monday, January 11, 2010 1:54 AM
> >> To: "Happy-melon" <happy-melon at live.com>
> >> Subject: A question about bots
> >>
> >> > -HM-
> >> >
> >> > We now have a test wiki up and running on CZ
> >> (test.citizendium.org). One of our users has
> requested sysop
> >> privileges on it so he can develop bots that have
> a
> >> roll-back capability. This requires the bots to
> have page
> >> move and delete privileges.
> >> >
> >> > What is your experience with bots having
> sysop
> >> privileges? Is this normal? If so, what sort of
> measures are
> >> normally put in place to protect the wiki from
> bots
> >> irreversibly corrupting the wiki page db?
> >> >
> >> > Dan
> >> >
> >> >
> >> >
> >> >
> >>
> >>
> >>
> >>
> >
> >
> >
> > _______________________________________________
> > Cz-tech mailing list
> > Cz-tech at mail.citizendium.org
> > http://mail.citizendium.org/mailman/listinfo/cz-tech
> >
> 
> 
> 
> -- 
> http://www.google.com/profiles/daniel.mietchen
>