On 5/17/07, Brianna Laugher <brianna.laugher(a)gmail.com> wrote:
On 17/05/07, Bryan Tong Minh
<bryan.tongminh(a)gmail.com> wrote:
As you might, or might not know, I have been
quite busy with Flickr
lately, especially with [[User:FlickreviewR]]. I have written two
tools (or actually, one tool with two functions) with helps Commons
users with images for Flickr.
The first is a database of all images reviewed images from Flickr:
http://tools.wikimedia.de/~bryan/flickr/browse You can search on nsid,
username, photo_id, link, and Commons image. The database contains
over 28,000 images, which is over 70% of the total number of Flickr
images on Commons :) [1]
Whose username, Flickr or Commons? And if Commons is that reviewer or
uploader or what? What is nsid? No search I tried actually returned
any results. Bit more help, please?
Flickr. This part needs some help indeed.
Now the second
tool is really handy (imho ;P). It allows you to easily
upload images from Flickr:
If you find any security bug in
the upload part, the bot that performs the
uploads and to be blocked
is Flickr_upload_bot.
Magnus had a similar idea, a bot that performed transfers from (eg)
Wikipedia to Commons. I asked him to disable it...
I kind of have a problem with this is in that it allows essentially
anonymous uploads. At least in this case they are restricted to
images from flickr with suitable licenses, that is better than totally
anonymous, but still. What stops me putting the username 'Bryan' in
and putting up whatever irrelevant, offensive, invasive, stupid images
I can find on Flickr? oh... nothing.
It does. During the upload you will receive a
token, which you must
save to Commons. Then the bot will query Commons for the user who
editted this page. It will only upload if if the username that has
been given matches the username of the user who editted the page. So
unless you know my password, the bot will refuse uploading under my
name.
I think there's a good reason MediaWiki requires users to be logged in
before uploading, and I don't think we should use bots that circumvent
that requirement.
At the very least I think there should be a bot approval thing for
this bot, where we can discuss as a community if we want to allow this
kind of thing to happen.
It probably should. I will see whether everything works as expected,
and will submit an approval request, explaining the full details of
the security.
cheers
Brianna
user:pfctdayelise
Thank you for taking the time to think about this; I understand that
the fact that any user can give a bot instruction sounds all alarm
bells, but I think I have done enough to prevent massive unauthorized
uploads.
Bryan