Re: [pydotorg-www] Vandalism/spam on wiki.python.org: changes to default permissions
On 31.05.2014 22:49, M.-A. Lemburg wrote: Hello, in recent weeks, the Python Wiki has seen an increasing amount of spam and vandalism: https://wiki.python.org/moin/RecentChanges?max_days=60 Since the textchas we've been using apparently no longer serve their intended purposes, I've now pulled the plug and disabled editing permissions for new users: https://wiki.python.org/moin/FrontPage (see Editing pages) I've added a new user group called NewUsersGroup, which does get editing rights, but we'll have to manage this manually and new users who want to receive editing rights will have to write to this mailing list to be added to the group. FYI: I've renamed the group page to EditorsGroup. That's a better fit for what we intend to use it for. If people show a good track record they can then be moved on to the TrustedEditorsGroup, which removes the need to enter textchas. I'm sorry for having to take this step, but the level of spam and (more importantly) vandalism we've been getting is too high to keep the wiki as open as it used to be. Please regard the above step as emergency action. I'm more than open to discussing alternative approaches to the situation, since I don't like this step myself. PS: I've only applied the new configuration to the Python wiki. We may also have to take this step for the Jython wiki. Thanks, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jun 03 2014) Python Projects, Consulting and Support ... http://www.egenix.com/ mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/ 2014-05-28: Released mxODBC.Connect 2.1.0 ... http://egenix.com/go56 2014-07-02: Python Meeting Duesseldorf ... 29 days to go : Try our mxODBC.Connect Python Database Interface for free ! :: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ ___ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www
Re: [pydotorg-www] Vandalism/spam on wiki.python.org: changes to default permissions
On Tue, Jun 3, 2014 at 9:05 PM, M.-A. Lemburg m...@egenix.com wrote: FYI: I've renamed the group page to EditorsGroup. That's a better fit for what we intend to use it for. If people show a good track record they can then be moved on to the TrustedEditorsGroup, which removes the need to enter textchas. I hope this works out well. It'll reduce the drive-by contributions (no matter how good you are at empowering people who ask, the very fact that they have to ask is a turn-off), but all that does is back down the main boast of a wiki - most web sites have a LOT more hoops to jump through before random readers can edit. If this does reduce spam significantly, it might be possible to eliminate textchas altogether; just put people straight into TrustedEditorsGroup, and depend on the spammers being uninterested in actually waiting for promotion (and probably being obvious anyway). As we've seen, the determined spammers aren't put off by them for long. Good luck! ChrisA ___ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www
Re: [pydotorg-www] Vandalism/spam on wiki.python.org: changes to default permissions
On 03.06.2014 14:06, Chris Angelico wrote: On Tue, Jun 3, 2014 at 9:05 PM, M.-A. Lemburg m...@egenix.com wrote: FYI: I've renamed the group page to EditorsGroup. That's a better fit for what we intend to use it for. If people show a good track record they can then be moved on to the TrustedEditorsGroup, which removes the need to enter textchas. I hope this works out well. It'll reduce the drive-by contributions (no matter how good you are at empowering people who ask, the very fact that they have to ask is a turn-off), but all that does is back down the main boast of a wiki - most web sites have a LOT more hoops to jump through before random readers can edit. Looking at the changelog of the wiki, most people who edit pages on the wiki are regular editors. If this does reduce spam significantly, it might be possible to eliminate textchas altogether; just put people straight into TrustedEditorsGroup, and depend on the spammers being uninterested in actually waiting for promotion (and probably being obvious anyway). As we've seen, the determined spammers aren't put off by them for long. Yep. I think we should have a policy to add people who we know directly to the TrustedEditorsGroup. Makes life a tad easier for them. We might even proactively add them to that list by looking through the recent changes log: https://wiki.python.org/moin/RecentChanges Hmm, I'll do that now... -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jun 03 2014) Python Projects, Consulting and Support ... http://www.egenix.com/ mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/ 2014-05-28: Released mxODBC.Connect 2.1.0 ... http://egenix.com/go56 2014-07-02: Python Meeting Duesseldorf ... 29 days to go : Try our mxODBC.Connect Python Database Interface for free ! :: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ ___ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www
Re: [pydotorg-www] Vandalism/spam on wiki.python.org: changes to default permissions
On 01.06.2014 05:48, Barry Warsaw wrote: On May 31, 2014, at 10:49 PM, M.-A. Lemburg wrote: I've added a new user group called NewUsersGroup, which does get editing rights, but we'll have to manage this manually and new users who want to receive editing rights will have to write to this mailing list to be added to the group. TBH, we've been doing this on the Mailman wiki for years now. Of course, we don't have as high a contributor rate as the Python wiki, and I wish I didn't have to take that step, but it *has* reduced the spam rate to nearly zero. I'm sure there's been a cost in drive-by contributions, but we do get occasional requests for write permissions and it's trivial to add folks to the editors group. Thanks for the experience report. I guess I'll rename the group to EditorsGroup today, that's a better fit than NewUsersGroup. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jun 02 2014) Python Projects, Consulting and Support ... http://www.egenix.com/ mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/ 2014-05-28: Released mxODBC.Connect 2.1.0 ... http://egenix.com/go56 2014-07-02: Python Meeting Duesseldorf ... 30 days to go : Try our mxODBC.Connect Python Database Interface for free ! :: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ ___ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www
Re: [pydotorg-www] Vandalism/spam on wiki.python.org: changes to default permissions
On Sun, Jun 1, 2014 at 9:53 PM, Paul Boddie p...@boddie.org.uk wrote: On Sunday 1. June 2014 19.55.44 anatoly techtonik wrote: On Sun, Jun 1, 2014 at 6:48 AM, Barry Warsaw ba...@python.org wrote: On May 31, 2014, at 10:49 PM, M.-A. Lemburg wrote: I've added a new user group called NewUsersGroup, which does get editing rights, but we'll have to manage this manually and new users who want to receive editing rights will have to write to this mailing list to be added to the group. TBH, we've been doing this on the Mailman wiki for years now. Of course, we don't have as high a contributor rate as the Python wiki, and I wish I didn't have to take that step, but it *has* reduced the spam rate to nearly zero. I'm sure there's been a cost in drive-by contributions, but we do get occasional requests for write permissions and it's trivial to add folks to the editors group. Do you have stats about decline in contributions thank to this measure? You can get the stats about a decline in contributions by just looking at how many spam edits were taking place during any given period and how many there will be for a corresponding period in future. But for serious contributions, of course there are no statistics: the measure has been in place for a matter of hours. You need to count non-reverted edits before and after the certain date. That's all. And am curious about Mailman - it is clear that for w.p.o there is no stats yet. I'm not entirely sure what measures Confluence had for spam prevention before the Mailman Wiki made a similar move, but I would imagine that there weren't very many given the amount of spam I saw in the site content for that wiki. Didn't know Mailman chose proprietary software for the wiki. From what I can see, this didn't stop committed contributors from improving that site. Being alone contributor is not fun either. Is the competence debt in MoinMoin is so big nowadays that there is no Moderation Queue plugin for new users? There are people working on MoinMoin, so I suggest you ask in their IRC channel: #moin on Freenode, if I'm not mistaken. Alternatively, you could look on the Moin site for extensions and find at least two for moderation, one of which I wrote a while back and is actually in use on a site for a project that I believe you have dealt with in the past (and maybe still have some dealings with). It's entirely possible that you have no idea they're using my extension for moderation at all and yet have edited that site. I found only one - http://moinmo.in/ActionMarket/ApproveChanges - it looks good except that Moderation Queue will be more useful if it is global and visible by anyone. More people will be aware of it and it could be crowdsourced. But here's the disagreement: some people think that the barrier to editing public Internet sites should be low and yet magically repel defacement; others think that getting serious contributors to demonstrate their commitment to making quality edits isn't that hard and that they actually won't mind doing so (because they are, after all, committed). Experience shows that magically repelling defacement of Internet sites, whilst somewhat possible with some interesting measures that could be implemented for Moin, is a bit like announcing a generously catered party for one's closest friends in the most public and open way possible, not assigning some rather persuasive people to the venue entrance, and then somehow avoiding random vandals and hooligans from inviting themselves in and trashing the place. The cost of defacement should be higher than a cost of revert. If defacement edits are not indexed, there is no motivation to write bots for it. Meanwhile, some of us have better things to do with our time than to muck out public Internet resources so that lazy people and vandals can use them at their own convenience. I still think that the problem with wasted time is a software problem. -- anatoly t. ___ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www
Re: [pydotorg-www] Vandalism/spam on wiki.python.org: changes to default permissions
On Saturday 31. May 2014 22.49.58 M.-A. Lemburg wrote: Hello, in recent weeks, the Python Wiki has seen an increasing amount of spam and vandalism: https://wiki.python.org/moin/RecentChanges?max_days=60 Since the textchas we've been using apparently no longer serve their intended purposes, I've now pulled the plug and disabled editing permissions for new users: https://wiki.python.org/moin/FrontPage (see Editing pages) I've added a new user group called NewUsersGroup, which does get editing rights, but we'll have to manage this manually and new users who want to receive editing rights will have to write to this mailing list to be added to the group. Thanks for doing this! I imagine that this will have very little impact on serious contributors. Certainly, anyone wanting to edit the pages will need an account, but they should be able to manage their credentials using OpenID and not have to remember another password for the site. I'm sorry for having to take this step, but the level of spam and (more importantly) vandalism we've been getting is too high to keep the wiki as open as it used to be. Please regard the above step as emergency action. I'm more than open to discussing alternative approaches to the situation, since I don't like this step myself. PS: I've only applied the new configuration to the Python wiki. We may also have to take this step for the Jython wiki. I think I've made my position on this quite clear before. We can certainly implement measures similar to those used by other Web applications, but this requires an investment in the development of functionality that has been rather difficult to justify doing until now (speaking personally). For anyone motivated enough, just looking at Wordpress and MediaWiki extensions for anti- spam should provide enough to go on, however. Meanwhile, in contrast to many sites where highly restrictive policies prevail - indeed, how many sites have disabled editing entirely due to spam? - the available forms of registration and editing approval for MoinMoin are rather benign, in my opinion. In any case, thanks for taking this step and also for cleaning up some of the recent spam. I for one appreciate this! Paul ___ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www
Re: [pydotorg-www] Vandalism/spam on wiki.python.org: changes to default permissions
On May 31, 2014, at 10:49 PM, M.-A. Lemburg wrote: I've added a new user group called NewUsersGroup, which does get editing rights, but we'll have to manage this manually and new users who want to receive editing rights will have to write to this mailing list to be added to the group. TBH, we've been doing this on the Mailman wiki for years now. Of course, we don't have as high a contributor rate as the Python wiki, and I wish I didn't have to take that step, but it *has* reduced the spam rate to nearly zero. I'm sure there's been a cost in drive-by contributions, but we do get occasional requests for write permissions and it's trivial to add folks to the editors group. -Barry ___ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www