Is there any chance StringFunctions will get implemented on Wikimedia wikis?
In the near future? At Wiktionary, we could use that stuff to work around
some very ugly code we have at the moment.
Cheers,
Wildrick
http://en.wiktionary.org/wiki/User:Vildricianus
Hi,
Does not have administration in the WikiPT list because current admin
disappeared. The e-mail also is disactivated and only has an
administration e-mail. The Wiki-Pt did not oppose me to manage the
list [1]. Could include me?
[1]
http://pt.wikipedia.org/wiki/Wikipedia:Esplanada/geral#Lista_de_discussão
Cheers,
Leonardo Gregianin.
Hi All,
There is a Cross-Site-Scripting user-specified arbitrary JavaScript and HTML injection vulnerability in MediaWiki.
This differs from the XSS vuln noted earlier this month, but the basic concept is the same: malicious data is injected into a
specific value which is not sanitized / escaped before being echoed back to the user's browser.
Please note that MediaWiki 1.6 (current stable) does NOT appear to be affected. However current SVN and the live Wikipedia are
affected by this vulnerability.
No extension need to be installed, and the user does not need to be logged in.
Proof-of-Concept details have been emailed to Brion / Tim / Rob Church; These details will be released to the public on
http://nickj.org/MediaWiki after a suitable delay.
All the best,
Nick.
Jimbo:
> It would be nice to track that number over time... are we becoming
"younger" as a community, "older" as a community?
> Staying about the same? Are old-timers sticking around longer than they
used to, or jumping ship faster?
> There are also a whole set of related questions.
You know I was just thinking to do something similar for mailling lists. Are
people active on a certain list for a long time etc.
I will put the above questions on my wikistats todo list.
First need to focus on unicode update for EasyTimeline which has been in the
queue for way too long.
Erik Zachte
While we're at it, a way of doing colour replacements either at
transclusion time, or permanently, would be really handy for certain
maps created by people with, um, dubious colour preferences :)
Here's an example:
http://en.wikipedia.org/wiki/List_of_European_Union_member_states_by_politi…
Strangely, there doesn't seem to have been any unified colour set
adopted across English Wikipedia, but if one day such a thing was
adopted, it would be handy to be able to transclude maps from Commons,
respecting the colour preferences of each Wikipedia.
It would be a bit chunky for a [[Image:...]] command, but could
technically be done that way:
[[Image:foo.jpg|substcol:128,255,128:0,128,0|substcol:255,255,255:128,0,255]].
Steve
An automated run of parserTests.php showed the following failures:
Running test Table security: embedded pipes (http://mail.wikipedia.org/pipermail/wikitech-l/2006-April/034637.html)... FAILED!
Running test Link containing double-single-quotes '' (bug 4598)... FAILED!
Running test message transform: <noinclude> in transcluded template (bug 4926)... FAILED!
Running test message transform: <onlyinclude> in transcluded template (bug 4926)... FAILED!
Running test BUG 1887, part 2: A <math> with a thumbnail- math enabled... FAILED!
Running test Language converter: output gets cut off unexpectedly (bug 5757)... FAILED!
Running test HTML bullet list, unclosed tags (bug 5497)... FAILED!
Running test HTML ordered list, unclosed tags (bug 5497)... FAILED!
Running test HTML nested bullet list, open tags (bug 5497)... FAILED!
Running test HTML nested ordered list, open tags (bug 5497)... FAILED!
Running test Parsing optional HTML elements (Bug 6171)... FAILED!
Running test Inline HTML vs wiki block nesting... FAILED!
Running test Mixing markup for italics and bold... FAILED!
Passed 394 of 407 tests (96.81%) FAILED!
Hello,
I want to discuss a problem that we face on CS Wikipedia. There is
relatively frequent abuse of sockpuppets, especially for ban elusion. It
is also a subject of currently running arbitration case on cswiki between
me (sysop) and a vandal that creates hundreds user accounts and (aside to
useful edits!) disrupts Wikipedia various ways. It is such an extensive
phenomenon that editors often feel sneaking suspicion against almost all
newbies. That's very bad for a wiki project. There is a common rule, that
all rules and sanctions apply to *persons* and not user accounts.
However, it's often very difficult to reliably identify the person on the
other end of the wire, when the persons makes some steps to hide. One way
to improve the identification is the new CheckUser interface that we
extensively use. God bless developers for that. However, it has no effect
when the user hides behind an open proxy server. That leads us to the rule
that forbids using open proxy for editing and allows sysops to block such
IPs permanently. So much to the reasons why we need to proceed mass IP
blocking. Now lets consider how could we do it.
According to several publicly available lists, there are about 20 (maybe
30) thousands such IP addresses. We have about 15 sysops. Not all sysops
are active, not all are interested in this issue, not all have enough
technical skills. This means that some sysop(s) has to perform thousands
of IP blocks. More on that, consider that the sysop should examine each
such address whether it is open on some port or not. It is a
time-consuming and traffic-generating operation which is considered
abusive by some providers. These are the reasons why we decided to use a
robot to do the job quickly and not to check each address. It simply reads
given lists from web, compares them to special:ipblocklist and blocks the
rest.
Initially I developed and run the robot under my sysop account. It blocked
about 500 IPs per night. The blocks were time limited (random interval)
since there was no real check that the address is open. So if some proxy
would close and disappear from the lists, the block would automatically
expire. If not, the next run of the robot would block it again. Later we
have improved it by creating a special account for the robot and setting
him bot and sysop flags. That hided the blocks from RC page and that
allowed us to use the robot through all day, not only at night when nobody
edits. The same thing we did succesfully on cs Wikisource.
http://cs.wikipedia.org/wiki/Wikipedie:N%C3%A1st%C4%9Bnka_spr%C3%A1vc%C5%AF…http://cs.wikipedia.org/wiki/Wikipedista:Proxybot
(pages in Czech)
We are sure that it made the vandal's life more difficult. That was our
goal. Some of the IP checks on sockpuppets shown open proxy addresses that
were blocked closely before the checks. Well done.
However, it has some disadvantages.
1) The biggest one is that setting the bot flag cleans the RC page but
doesn't clean the block logs. The robot messes them up so much that they
become nearly unusable.
2) So many blocked IPs lead to harder server-side checks performed on each
edit of the wiki.
3) Some "innocent" IPs may get blocked.
4) The bot and sysop flag should not be combined. It's probably only a bug
in MediaWiki that allowed us to do it. When you try to set bot flag to
sysop account, the software objects. When you do it in reverse order
(first the bot flag, than sysop) it succeeds. See
http://cs.wikisource.org/wiki/Special:Listusers/bot
that it is possible.
5) Time-limited blocks lead to repeating the same actions and in long time
scale it requires hundereds of block each night. This can be avoided by
infinite blocks.
In april, Anthere removed the sysop flag from Proxybot on cswiki.
http://meta.wikimedia.org/wiki/Requests_for_permissions/Archive_2006/May#De…
I stoped it immediately, today it is not running even on Wikisource. Most
of the IPs are blocked, some others get blocked indefinitely by a sysop's
hand from time to time. But most of them are blocked for a finite period.
http://cs.wikipedia.org/wiki/Special:Ipblocklist
Currently, the problems with vandals continue, but we are able to manage
them. What we're afraid of is the time when the blocks expire. Let's find
a better solution. For example integrating a list of open proxies directly
into the Wikimedia servers instead of blocking by sysops would be a way to
deal with it.
Thanks for any advice!
--
Vojtech Hala (aka Egg), MFF UK, Prague
Our old central workhorse server Zwinger developed disk errors tonight and is
now offline awaiting repair or replacement.
The only user-visible disruption that I'm aware of is that our Ganglia
load-reporting graphs are temporarily offline. DNS failover appears to have
worked fine, and another server has been pulled over for that duty.
Though various services have been spun off over time, Zwinger's been a central
part of our cluster for nearly two and a half years. Let's all wish him luck for
his surgery.
(Zwinger was named for http://en.wikipedia.org/wiki/Theodor_Zwinger )
-- brion vibber (brion @ pobox.com)
An automated run of parserTests.php showed the following failures:
Running test Table security: embedded pipes (http://mail.wikipedia.org/pipermail/wikitech-l/2006-April/034637.html)... FAILED!
Running test Link containing double-single-quotes '' (bug 4598)... FAILED!
Running test message transform: <noinclude> in transcluded template (bug 4926)... FAILED!
Running test message transform: <onlyinclude> in transcluded template (bug 4926)... FAILED!
Running test BUG 1887, part 2: A <math> with a thumbnail- math enabled... FAILED!
Running test Language converter: output gets cut off unexpectedly (bug 5757)... FAILED!
Running test HTML bullet list, unclosed tags (bug 5497)... FAILED!
Running test HTML ordered list, unclosed tags (bug 5497)... FAILED!
Running test HTML nested bullet list, open tags (bug 5497)... FAILED!
Running test HTML nested ordered list, open tags (bug 5497)... FAILED!
Running test Parsing optional HTML elements (Bug 6171)... FAILED!
Running test Inline HTML vs wiki block nesting... FAILED!
Running test Mixing markup for italics and bold... FAILED!
Passed 394 of 407 tests (96.81%) FAILED!
Sorry, my fault ... it works - of course it must be '
Ciao, Sabine
-------- Original-Nachricht --------
Betreff: '' again ...
Datum: Mon, 26 Jun 2006 00:05:38 +0200
Von: Sabine Cretella <sabine_cretella(a)yahoo.it>
An: Wikimedia developers <wikitech-l(a)wikimedia.org>
Well, up to some days ago a link like the following worked:
[[Categoria:Storia d#&39;#&39;e canzone napulitane]]
Now it does not work anymore ...
Was there something changed in the software?
I need that double '' in some way ...
Thanks, Sabine
Chiacchiera con i tuoi amici in tempo reale!
http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com