[Wikitech-l] Yeah, let's botspam Wikipedia. I'm sure that'll work out just fine.
What could possibly go wrong? http://www.blackhatworld.com/blackhat-seo/black-hat-seo-tools/115582-wikipedia-linking-tool.html If your life is suffering from inadequate levels of stupid (I know! Whose doesn't?), that looks like just the forum for you to get a topup from. - d. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] (no subject)
Mike.lifeguard wrote: >> Simple matter of coding, then? :-) > > This sort of thing would hekp with some of or external antispam tools. > Currently we rely on parsing edits manually to see when links are added > - some realtime and machine-readable format for notifications of such > edits would be great. > > -Mike File a bug? This probably depends on bug 17450 and should block 16599. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> A while back I ran clamav against all 'executable' looking external links >> and found one nasty file. It would be really nice if the mechanism that >> updates externalinks table spat out a running log of external link additions >> and removals that we could hook an ongoing scanner into. > > > Simple matter of coding, then? :-) This sort of thing would hekp with some of or external antispam tools. Currently we rely on parsing edits manually to see when links are added - - some realtime and machine-readable format for notifications of such edits would be great. - -Mike -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqi5QgACgkQst0AR/DaKHuxVQCglYidNlbvwkEmFELrK9IJm4Oy gvMAn05SP3jmptvGif0GGA5xM518Mq/t =BEi7 -END PGP SIGNATURE- ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Not allowing certain external link types?
2009/9/5 Platonides : > David Gerard, how did you get the link to threatexpert.com? The behavior > of 01cd53443e3e7a7453a85a58191558c7 is one from malware, but the > submission being on 21 July 2009 makes me doubt that it really is that > the file. I Googled for a description of the malware's name. > VirusTotal analysis show the result as clean, but if it was an > inoffensive PoC written on the IT department, why did they use a packer? I'm not sure if anyone has contacted Jornada to check his bona fides as yet. - d. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Not allowing certain external link types?
David Gerard wrote: > As I noted, in this case the link actually went to a download page, > not directly to the .exe. He still got five people to download it. Having people download it is not harmful per se. How many of them were for reviewing it? I read the talk page and have the impulse of downloading it to see what it really was, since they link to two different analysis, supposedly of the linked file, but with different hashes. David Gerard, how did you get the link to threatexpert.com? The behavior of 01cd53443e3e7a7453a85a58191558c7 is one from malware, but the submission being on 21 July 2009 makes me doubt that it really is that the file. VirusTotal analysis show the result as clean, but if it was an inoffensive PoC written on the IT department, why did they use a packer? ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] Version control on Windows (was Wikipedia iPhone app official page?)
2009/9/5 Dmitriy Sintsov : > * Marco Schuster [Sat, 5 Sep 2009 >> If Windows had a decent command line / shell (has its suckyness > improved >> for >> Win7?), I bet that TortoiseSVN had far less downloads... it simply is >> the >> only way to make SVN usable on Windows. > Old Windows Shell will be replaced by this one: > http://en.wikipedia.org/wiki/Windows_PowerShell > But I've read long time ago that usability of Windows Shells is limited > not just because the syntax is weak, but, what's more important, process > startup delay is much longer than in Linux, thus, calling of lots of > external console programs to perform complex actions would be much > slower at the same machine. My own scripts (eg mediawiki video sitemap > generator seem to prove that) Yes. Cygwin has the same problem: it can take *ages* for a process to be forked from the command line. Running ./configure on software in Cygwin is *way* slower than on Linux. Creating processes on Windows is a heavyweight thing however you do it, it appears. - d. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Not allowing certain external link types?
2009/9/5 Gregory Maxwell : > On Sat, Sep 5, 2009 at 4:28 PM, David Gerard wrote: >> Although his actions were IMO dickish, he has some point: is there any >> reason to allow .exe links on WMF sites? Is there a clean method to >> disable them? Is this a bad idea for any reason? What should default >> settings be in MediaWiki itself? etc., etc. > http://markmail.org/message/6zsebtdrahmwzs3s > What once was rubbish is no more? :) *cough* I do like your note from then: > A while back I ran clamav against all 'executable' looking external links and > found one nasty file. It would be really nice if the mechanism that updates > externalinks table spat out a running log of external link additions and > removals that we could hook an ongoing scanner into. Simple matter of coding, then? :-) - d. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Not allowing certain external link types?
2009/9/5 Thomas Dalton : > The relevant edits have been oversighted so I can't tell what kind of > URLs they were. If they were like "www.foo.com/bar.exe" then we can > easily stop them by not parsing URLs that end ".exe". It was on Rapidshare. It was of the form: http://xxx123.rapidshare.de/123456789/InnocentToxicWaste.exe - so it didn't link directly to the file itself, even - but to the page about the file. > There will be > some false positives (eg. http://en.wikipedia.org/wiki/.exe although > that is only a redirect, so no real harm), I forgot about that. Given that exes could be on *any* sort of page, any collateral damage suggests this is a pointless bit of security theatre ... > but it shouldn't involve > more than a slight change to 1 or 2 lines of code, unless I'm missing > something. Something more advanced that would actually block > executables, rather than just things with an exe extension would > require actually following the link, which is probably too slow to be > practical (it would have to be done on rendering, rather than saving, > otherwise you can just change what is at the other end of the link > after saving the page). As I noted, in this case the link actually went to a download page, not directly to the .exe. He still got five people to download it. > Is there any great risk here, though? Modern browsers won't run such > an executable (at least not without big scary warnings which, of > course, we never just blindly click through). *cough* - d. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Not allowing certain external link types?
On Sat, Sep 5, 2009 at 4:28 PM, David Gerard wrote: > Although his actions were IMO dickish, he has some point: is there any > reason to allow .exe links on WMF sites? Is there a clean method to > disable them? Is this a bad idea for any reason? What should default > settings be in MediaWiki itself? etc., etc. http://markmail.org/message/6zsebtdrahmwzs3s What once was rubbish is no more? :) ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Not allowing certain external link types?
2009/9/5 David Gerard : > See this talk page: > > http://en.wikipedia.org/wiki/User_talk:189.148.6.25 > > The poster purports to be a journalist experimenting with putting > toxic links on Wikipedia to see who will follow them. > > Although his actions were IMO dickish, he has some point: is there any > reason to allow .exe links on WMF sites? Is there a clean method to > disable them? Is this a bad idea for any reason? What should default > settings be in MediaWiki itself? etc., etc. The relevant edits have been oversighted so I can't tell what kind of URLs they were. If they were like "www.foo.com/bar.exe" then we can easily stop them by not parsing URLs that end ".exe". There will be some false positives (eg. http://en.wikipedia.org/wiki/.exe although that is only a redirect, so no real harm), but it shouldn't involve more than a slight change to 1 or 2 lines of code, unless I'm missing something. Something more advanced that would actually block executables, rather than just things with an exe extension would require actually following the link, which is probably too slow to be practical (it would have to be done on rendering, rather than saving, otherwise you can just change what is at the other end of the link after saving the page). Is there any great risk here, though? Modern browsers won't run such an executable (at least not without big scary warnings which, of course, we never just blindly click through). ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Not allowing certain external link types?
it would be as simple as adding \.exe\s to the meta spam blacklist On 9/5/09, David Gerard wrote: > See this talk page: > > http://en.wikipedia.org/wiki/User_talk:189.148.6.25 > > The poster purports to be a journalist experimenting with putting > toxic links on Wikipedia to see who will follow them. > > Although his actions were IMO dickish, he has some point: is there any > reason to allow .exe links on WMF sites? Is there a clean method to > disable them? Is this a bad idea for any reason? What should default > settings be in MediaWiki itself? etc., etc. > > > - d. > > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] Not allowing certain external link types?
See this talk page: http://en.wikipedia.org/wiki/User_talk:189.148.6.25 The poster purports to be a journalist experimenting with putting toxic links on Wikipedia to see who will follow them. Although his actions were IMO dickish, he has some point: is there any reason to allow .exe links on WMF sites? Is there a clean method to disable them? Is this a bad idea for any reason? What should default settings be in MediaWiki itself? etc., etc. - d. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] SQL
2009/9/5 Helder Geovane Gomes de Lima : > But I don't know what to use in the SQL instead of the "WHAT?". > Does anybody knows what should it be? > You should probably use "ORDER BY page_namespace, page_title" there, which will sort by namespace, then by title. Roan Kattouw (Catrope) ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] SQL
Hello! I was looking at this code http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/intersection/DynamicPageList.php?view=markup and trying to figure out how to change this piece of code if ('lastedit' == $sOrderMethod) $sSqlWhere .= ' ORDER BY page_touched '; else $sSqlWhere .= ' ORDER BY c1.cl_timestamp '; $sSqlWhere .= $sSqlOrder; in such way that the extension could order the list alphabetically. I imagine it would be a simple change, like this: switch ($sOrderMethod) { case 'lastedit': $sSqlWhere .= ' ORDER BY page_touched '; break; case 'alphabetical': $sSqlWhere .= ' ORDER BY WHAT? '; break; case 'categoryadd': default: $sSqlWhere .= ' ORDER BY c1.cl_timestamp '; break; } But I don't know what to use in the SQL instead of the "WHAT?". Does anybody knows what should it be? Thanks in advance! Helder ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] __TOC__ handling
Dmitriy Sintsov wrote: > I remember that when I've been parsed the page, some javascript was > insterted into it to generate the TOC. > Perhaps that code would help: > skins/common/prefs.js > // generate toc from prefs form, fold sections > // XXX: needs testing on IE/Mac and safari > // more comments to follow > function tabbedprefs() { > ... > > > this is taken from 1.14.1 > > Dmitriy Javascript is only used for collapsation. The TOC is generated by PHP, as you can test by browsing the page with javascript disabled. The main TOC handling is at includes/parser/parser.php on function formatHeadings ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] __TOC__ handling
Thanks. I took a quick look, that seems to be a good place to start understanding it. On Fri, Sep 4, 2009 at 11:33 PM, Dmitriy Sintsov wrote: > * George Herbert [Fri, 4 Sep 2009 20:03:03 > -0700]: >> I'm not at all familiar with the magic words handling stuff; I have a >> desire to be able to hide lower level headings absolutely (toclimit-3 >> for example) so I can use level 5 or 6 headings for a particular UI >> purpose without them showing up in the TOC. >> >> According to a response on >> > https://secure.wikimedia.org/wikipedia/en/wiki/Template_talk:TOClimit#What_am_I_doing_wrong.3F >> the effect is actually relative (i.e., a level 6 header directly >> under a level 1 header counts as "2 deep" not 6) rather than absolute. >> Wanting to see what's under the hood I downloaded 1.15.1 and started >> wandering around trying to figure out the magic words parsing and am >> immediately confused. >> >> I know PHP acceptably well but this particular set of stuff is not >> giving me a good place to start figuring out the TOC formatting. I >> looked in ImagePage.php and at MediaWiki:Common.css and am not seeing >> where to start particularly - just grepping for "TOC" in * and >> following stuff down from there didn't help much so far. >> >> Where do I need to start looking to understand how the TOC is actually >> produced? >> > I remember that when I've been parsed the page, some javascript was > insterted into it to generate the TOC. > Perhaps that code would help: > skins/common/prefs.js > // generate toc from prefs form, fold sections > // XXX: needs testing on IE/Mac and safari > // more comments to follow > function tabbedprefs() { > ... > > > this is taken from 1.14.1 > > Dmitriy > > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > -- -george william herbert george.herb...@gmail.com ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l