Re: [Wikitech-l] Why there is no authentication mechanism for desktop applications
Hello, Le mercredi 11 février 2015, 16:59:45 Petr Bena a écrit : We have OAuth for browser based programs. But nothing for desktop applications that are being used by users. (Like AWB etc). It sounds pretty simple to me, so why we don't have anything like that? The reason currently given at https://www.mediawiki.org/wiki/OAuth/For_Developers#Intended_Users is: … not… Desktop applications (the Consumer Secret needs to be secret!) -- Guillaume Paumier ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] GPL upgrading to version 3
On Tue, Feb 10, 2015 at 8:48 PM, Tyler Romeo tylerro...@gmail.com wrote: What is more important: allowing as many people to use our libraries as possible, or protecting against our libraries from being used in proprietary software. For me, allowing as many people to use our libraries as possible. Bryan -- Bryan Davis Wikimedia Foundationbd...@wikimedia.org [[m:User:BDavis_(WMF)]] Sr Software EngineerBoise, ID USA irc: bd808v:415.839.6885 x6855 ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] GPL upgrading to version 3
On Wed, Feb 11, 2015 at 10:55 AM, Tyler Romeo tylerro...@gmail.com wrote: On February 11, 2015 at 11:49:15, Bryan Davis (bd...@wikimedia.org) wrote: On Tue, Feb 10, 2015 at 8:48 PM, Tyler Romeo tylerro...@gmail.com wrote: What is more important: allowing as many people to use our libraries as possible, or protecting against our libraries from being used in proprietary software. For me, allowing as many people to use our libraries as possible. For the sake of the discussion, why? For me, the advantages outweigh the disadvantages. The advantage of getting more companies to use our libraries is that (maybe) they will contribute back, similar to what Apple does with LLVM. However, on the other side of the same coin, we are allowing the possibility that companies will *not* contribute back, and instead keep their improvements to themselves (to be clear, I am not implying malicious intent). My vanity site sums up my general opinion: My professional career and the Internet in general are possible because of free and open-source software. I’ve been designing, building and hosting websites and web-based applications personally and professionally since 1994 using predominantly free operating systems, compilers, interpreters, application servers and editors. Without countless hours of work by anonymous strangers, my career, lifestyle and hobbies would not be possible. There’s no direct way I can repay all of those to whom I’m indebted. The best thing I can do is share some of the things I’ve made in the same spirit. I hope you can find something useful in my work. If you do, you can repay me by sharing what you can with others. I write code to solve problems (and sometimes to entertain myself). If the problems I have are problems other people have then they are welcome to use my code. Its great when someone finds my problems engaging enough that they reciprocate by giving back patches that improve the solution for me as well, but creating a community and forcing reciprocal engagement is not my goal. Honestly I have no fears or qualms about code that I write being used in a commercial product. I worked as a commercial software developer for something like 18 years. All of the things I built during that time were in some way or another enabled by FOSS software. FOSS software helped me buy my first house and pay for my first real vacation. I also tried to be a good citizen of the open source community by upstreaming my little bug fixes and an occasional feature, but I did so of my own free will and not because of forced contracts. Bryan -- Bryan Davis Wikimedia Foundationbd...@wikimedia.org [[m:User:BDavis_(WMF)]] Sr Software EngineerBoise, ID USA irc: bd808v:415.839.6885 x6855 ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Why there is no authentication mechanism for desktop applications
On Wednesday, February 11, 2015, Guillaume Paumier gpaum...@wikimedia.org wrote: Hello, Le mercredi 11 février 2015, 16:59:45 Petr Bena a écrit : We have OAuth for browser based programs. But nothing for desktop applications that are being used by users. (Like AWB etc). It sounds pretty simple to me, so why we don't have anything like that? The reason currently given at https://www.mediawiki.org/wiki/OAuth/For_Developers#Intended_Users is: ... not... Desktop applications (the Consumer Secret needs to be secret!) That's why we don't use OAuth for these (see my last email on that too). We can shift our threat model to change this, but it comes at a cost (vandalism can't be blocked at the app-level, we have to require https for more pieces of the protocol, etc). Petr's current request sounds a little more like google's per-application passwords, except they are also limited in what rights they can use. Petr, I'm assuming you wouldn't want to do an OAuth-like signature on each request, but instead use it to login, then use the session cookie for future requests? Or were you thinking signed api calls like with OAuth? -- Guillaume Paumier ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org javascript:; https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Why there is no authentication mechanism for desktop applications
From developer point of view session looks much more easy to implement than signed api calls. I wouldn't even need to change the code of application for it to work. On Wed, Feb 11, 2015 at 6:43 PM, Chris Steipp cste...@wikimedia.org wrote: On Wednesday, February 11, 2015, Guillaume Paumier gpaum...@wikimedia.org wrote: Hello, Le mercredi 11 février 2015, 16:59:45 Petr Bena a écrit : We have OAuth for browser based programs. But nothing for desktop applications that are being used by users. (Like AWB etc). It sounds pretty simple to me, so why we don't have anything like that? The reason currently given at https://www.mediawiki.org/wiki/OAuth/For_Developers#Intended_Users is: ... not... Desktop applications (the Consumer Secret needs to be secret!) That's why we don't use OAuth for these (see my last email on that too). We can shift our threat model to change this, but it comes at a cost (vandalism can't be blocked at the app-level, we have to require https for more pieces of the protocol, etc). Petr's current request sounds a little more like google's per-application passwords, except they are also limited in what rights they can use. Petr, I'm assuming you wouldn't want to do an OAuth-like signature on each request, but instead use it to login, then use the session cookie for future requests? Or were you thinking signed api calls like with OAuth? -- Guillaume Paumier ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org javascript:; https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] GPL upgrading to version 3
On Tue, Feb 10, 2015 at 10:48 PM, Tyler Romeo tylerro...@gmail.com wrote: I’m still not entirely convinced that the GPLv2 allows more licenses than the v3. GPL v2+ is a superset of GPL v3. I don't know why you find that so hard to understand. [...] I do not think it is possible to add Apache code into MediaWiki core and still allow licensing MediaWiki under both the v2 and the v3. Yes, that is the case. Accepting Apache code into core should be treated the same as accepting GPL v3-only code into core. Both significantly restrict the licensing of the combined work. --scott ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] GPL upgrading to version 3
On February 11, 2015 at 11:49:15, Bryan Davis (bd...@wikimedia.org) wrote: On Tue, Feb 10, 2015 at 8:48 PM, Tyler Romeo tylerro...@gmail.com wrote: What is more important: allowing as many people to use our libraries as possible, or protecting against our libraries from being used in proprietary software. For me, allowing as many people to use our libraries as possible. For the sake of the discussion, why? For me, the advantages outweigh the disadvantages. The advantage of getting more companies to use our libraries is that (maybe) they will contribute back, similar to what Apple does with LLVM. However, on the other side of the same coin, we are allowing the possibility that companies will *not* contribute back, and instead keep their improvements to themselves (to be clear, I am not implying malicious intent). -- Tyler Romeo 0x405D34A7C86B42DF signature.asc Description: Message signed with OpenPGP using AMPGpg ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] GPL upgrading to version 3
On February 11, 2015 at 12:53:54, C. Scott Ananian (canan...@wikimedia.org) wrote: On Tue, Feb 10, 2015 at 10:48 PM, Tyler Romeo tylerro...@gmail.com wrote: I’m still not entirely convinced that the GPLv2 allows more licenses than the v3. GPL v2+ is a superset of GPL v3. I don't know why you find that so hard to understand. Well, if you read your own email... [...] I do not think it is possible to add Apache code into MediaWiki core and still allow licensing MediaWiki under both the v2 and the v3. Yes, that is the case. Accepting Apache code into core should be treated the same as accepting GPL v3-only code into core. Both significantly restrict the licensing of the combined work. --scott Like I’ve been saying, GPLv2 and GPLv3 are separate licenses, and thus cannot be combined. You are using one or the other. GPLv2+ is not a superset. And, as a result, since MediaWiki is licensed under the v2+ rather than v3, we cannot accept Apache-licensed code into core. I’m not sure how you see this as being more restrictive, considering it actually reduces the number of licenses that are compatible with core, and thus reduces the number of libraries we can add into core. As of right now, we cannot bring Apache-licensed third party libraries into core. However, if we upgrade to v3, we can. (And, as an addendum, since most GPLv2 works are licensed like MediaWiki is, “GPLv2 or any later version”, upgrading MediaWiki to v3 will not stop us from using most GPLv2 libraries anyway.) -- Tyler Romeo 0x405D34A7C86B42DF signature.asc Description: Message signed with OpenPGP using AMPGpg ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] [Engineering] Scrum of Scrums notes 2015-02-11
On Wed, Feb 11, 2015 at 2:01 PM, Dan Andreescu dandree...@wikimedia.org wrote: https://www.mediawiki.org/wiki/Scrum_of_scrums/2015-02-11 If anyone with better wiki kung fu than me could take a look and figure out why the table of contents is not rendering on that page like it does on all the other [1] ones, I would appreciate it. Most of the page was inside an unclosed ref tag, so the parser didn't see it as having enough sections to trigger automatic display of the TOC. It was barely noticeable just looking at the page thanks to the feature of just blindly shoving an unformatted references/ at the bottom of the page if there are undisplayed refs. -- Brad Jorsch (Anomie) Software Engineer Wikimedia Foundation ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] [Engineering] Scrum of Scrums notes 2015-02-11
Both pages you linked have a table of contents for me. Dan On 11 February 2015 at 11:01, Dan Andreescu dandree...@wikimedia.org wrote: https://www.mediawiki.org/wiki/Scrum_of_scrums/2015-02-11 If anyone with better wiki kung fu than me could take a look and figure out why the table of contents is not rendering on that page like it does on all the other [1] ones, I would appreciate it. [1] https://www.mediawiki.org/wiki/Scrum_of_scrums/2015-02-04 ___ Engineering mailing list engineer...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/engineering -- Dan Garry Associate Product Manager, Mobile Apps Wikimedia Foundation ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] Scrum of Scrums notes 2015-02-11
https://www.mediawiki.org/wiki/Scrum_of_scrums/2015-02-11 If anyone with better wiki kung fu than me could take a look and figure out why the table of contents is not rendering on that page like it does on all the other [1] ones, I would appreciate it. [1] https://www.mediawiki.org/wiki/Scrum_of_scrums/2015-02-04 ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] GPL upgrading to version 3
On Wed, Feb 11, 2015 at 1:00 PM, Tyler Romeo tylerro...@gmail.com wrote: And, as a result, since MediaWiki is licensed under the v2+ rather than v3, we cannot accept Apache-licensed code into core. We cannot. But our users can. And our users can also combine with GPL v2-only code. The set of acceptable core licenses is thus *more* restrictive (GPL v2+ and those licenses compatible with it) so that our users have *more* freedom (license combined works under GPLv2, GPLv3, AGPL (maybe), etc). That's how it works. It's not hard. --scott ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Why there is no authentication mechanism for desktop applications
I know this and that is why I started this thread :) On Wed, Feb 11, 2015 at 5:17 PM, Guillaume Paumier gpaum...@wikimedia.org wrote: Hello, Le mercredi 11 février 2015, 16:59:45 Petr Bena a écrit : We have OAuth for browser based programs. But nothing for desktop applications that are being used by users. (Like AWB etc). It sounds pretty simple to me, so why we don't have anything like that? The reason currently given at https://www.mediawiki.org/wiki/OAuth/For_Developers#Intended_Users is: … not… Desktop applications (the Consumer Secret needs to be secret!) -- Guillaume Paumier ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] Why there is no authentication mechanism for desktop applications
Hi, We have OAuth for browser based programs. But nothing for desktop applications that are being used by users. (Like AWB etc). These applications now have to ask for password, which is kind of safe given that they are open source and running on computer of the user, so at some point giving them password is as much insecure as giving it to your we browser, but still, I believe that there could be slightly better security model in use, that would make it safe to provide password to a program that was compiled by anyone and that can be potentially unsafe. Let's take this sample model similar to OAuth: * User would have extra panel in preferences, where they could generate access tokens. * For each token user could specify what application would have access to. Generated tokens would be given to application instead of login and password and the application could use them to login into mediawiki. Users could revoke the tokens in anytime effectively invalidating any tokens that potential hacker could steal using that 3rd application. It sounds pretty simple to me, so why we don't have anything like that? ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
On Wed, Feb 11, 2015 at 5:07 AM, This, that and the other at.li...@live.com.au wrote: How does a user prove that they're using a particular tool a way that can't be faked? Something like OAuth comes to mind. All edits made via an OAuth consumer are already tagged with a unique tag, and I would assume that it is not possible to falsely represent an OAuth consumer. This is usually correct-- right now we discourage what Auth2 calls public consumers. Apps where the shared secret we setup with the app owner can't really be considered private, e.g., it's embedded in code that is actually running on the end user's device, either a native application or a rich javascript application. But it's really just a discouragement, and we leave it up to the app owner if they want to setup things like IP whitelisting, for IP's that are allowed to use their secret. I've been thinking that we might implement a flag to mark some apps as public (Petr has been wanting to use it for huggle since the beginning), but taking the opposite approach and flagging some as known private, where we've verified the owner is intending to keep the secret private, and we've limited it's use to a very small number of IP's, might make more sense. Then we could flag the ones where this assumption holds. I'm not sure whether this could work for common tools like AWB or Twinkle, though: * I don't know whether OAuth works for client-side downloadable programs like AWB. * JavaScript tools edit as the user from the user's browser, and as such, OAuth is not relevant to them. In any case, anything they do (like adding a specific string to edit summaries, adding a tag to their edits, or the like) can be easily spoofed or faked by a tech-savvy user. So like I said, it's just by peer pressure right now. If anyone has strong opinions about it, let me know. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
First of all, this is why I am discussing it here, to avoid having multiple people work on same thing. Abuses: I would consider this to be more like something like minor edit for which you also don't need a permission. People who deal with vandals probably shouldn't filter out users based on things like minor edit or tool edit, but rather on reputation, like huggle does. This is basically just going to be useful for regular wikipedia users who just want to filter out automated edits. For example in RFA you are required to have some non-automated edit count. This would make it easier to figure out things like this. You would be able to easily filter out edits you are not interested in. I can't think of a better use for this, but maybe there would be some. Not sure if it worked for AWB, Twinkle or Huggle: I don't know twinkle, but as far as I know both AWB and huggle are using API's to interact with mediawiki. Huggle 3 is using ONLY api, unless for regular, single page rendering. So if there was option in API's for this (that is what I actually propose here) tools could just add some parameter to API's url and that would flag the edit as tool edit. It would be optional. If this is only going to work for OAuth based tools, then it wouldn't work for non browser based tools. On Wed, Feb 11, 2015 at 2:07 PM, This, that and the other at.li...@live.com.au wrote: Chris Grant wrote in message news:caf_zkbp-abgzgcy4lqqvbtxur-2tjo8opmbwxtrosfvihuc...@mail.gmail.com... On 11 Feb 2015 17:57, Petr Bena benap...@gmail.com wrote: As I said, I belive that any registered user should be able to use, with no need for permissions as I see no way to abuse it. If anyone can use it, wouldn't the smarter vandals just use it to avoid the RC patrollers? How does a user prove that they're using a particular tool a way that can't be faked? Something like OAuth comes to mind. All edits made via an OAuth consumer are already tagged with a unique tag, and I would assume that it is not possible to falsely represent an OAuth consumer. I'm not sure whether this could work for common tools like AWB or Twinkle, though: * I don't know whether OAuth works for client-side downloadable programs like AWB. * JavaScript tools edit as the user from the user's browser, and as such, OAuth is not relevant to them. In any case, anything they do (like adding a specific string to edit summaries, adding a tag to their edits, or the like) can be easily spoofed or faked by a tech-savvy user. Before change tagging could be used as a way to *filter out* particular tool edits (as opposed to being simply a way of identifying revisions that satisfy some criterion) the RC tag filter would need to be improved. (I'm not pretending that change tagging is the only solution for Petr's tool edits idea: I just think it is the most likely candidate for implementing something like this.) TTO ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
This is true but I don't understand why we can't have something like OAuth for applications. I don't think it should be something complex. User would just generate some token in mediawiki interface that would be some long string which they would give to application, which would then login to mediawiki using this string instead of username + password combination. This would be probably more secure than giving a password to it. This is probably worth of separate wikitech thread. Regarding the original topic: I think that this tag ability would be useful but only as long as regular users can use these tags to filter out selected edits from recent changes and similar. Otherwise it would be only useful for tech people. On Wed, Feb 11, 2015 at 2:59 PM, Ricordisamoa ricordisa...@openmailbox.org wrote: Il 11/02/2015 14:07, This, that and the other ha scritto: Chris Grant wrote in message news:caf_zkbp-abgzgcy4lqqvbtxur-2tjo8opmbwxtrosfvihuc...@mail.gmail.com... On 11 Feb 2015 17:57, Petr Bena benap...@gmail.com wrote: As I said, I belive that any registered user should be able to use, with no need for permissions as I see no way to abuse it. If anyone can use it, wouldn't the smarter vandals just use it to avoid the RC patrollers? How does a user prove that they're using a particular tool a way that can't be faked? Something like OAuth comes to mind. All edits made via an OAuth consumer are already tagged with a unique tag, and I would assume that it is not possible to falsely represent an OAuth consumer. I'm not sure whether this could work for common tools like AWB or Twinkle, though: * I don't know whether OAuth works for client-side downloadable programs like AWB. AFAIK the OAuth extension cannot work for them by design, see https://www.mediawiki.org/wiki/OAuth/For_Developers#Intended_Users. * JavaScript tools edit as the user from the user's browser, and as such, OAuth is not relevant to them. In any case, anything they do (like adding a specific string to edit summaries, adding a tag to their edits, or the like) can be easily spoofed or faked by a tech-savvy user. Before change tagging could be used as a way to *filter out* particular tool edits (as opposed to being simply a way of identifying revisions that satisfy some criterion) the RC tag filter would need to be improved. (I'm not pretending that change tagging is the only solution for Petr's tool edits idea: I just think it is the most likely candidate for implementing something like this.) TTO ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
Il 11/02/2015 14:07, This, that and the other ha scritto: Chris Grant wrote in message news:caf_zkbp-abgzgcy4lqqvbtxur-2tjo8opmbwxtrosfvihuc...@mail.gmail.com... On 11 Feb 2015 17:57, Petr Bena benap...@gmail.com wrote: As I said, I belive that any registered user should be able to use, with no need for permissions as I see no way to abuse it. If anyone can use it, wouldn't the smarter vandals just use it to avoid the RC patrollers? How does a user prove that they're using a particular tool a way that can't be faked? Something like OAuth comes to mind. All edits made via an OAuth consumer are already tagged with a unique tag, and I would assume that it is not possible to falsely represent an OAuth consumer. I'm not sure whether this could work for common tools like AWB or Twinkle, though: * I don't know whether OAuth works for client-side downloadable programs like AWB. AFAIK the OAuth extension cannot work for them by design, see https://www.mediawiki.org/wiki/OAuth/For_Developers#Intended_Users. * JavaScript tools edit as the user from the user's browser, and as such, OAuth is not relevant to them. In any case, anything they do (like adding a specific string to edit summaries, adding a tag to their edits, or the like) can be easily spoofed or faked by a tech-savvy user. Before change tagging could be used as a way to *filter out* particular tool edits (as opposed to being simply a way of identifying revisions that satisfy some criterion) the RC tag filter would need to be improved. (I'm not pretending that change tagging is the only solution for Petr's tool edits idea: I just think it is the most likely candidate for implementing something like this.) TTO ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
Please excuse the combined replies. On Wed, Feb 11, 2015 at 4:10 AM, Pine W wiki.p...@gmail.com wrote: Definitely worth discussing. For ENWP, I suggest bringing this up on VP:T. Probably better to host the discussion on Meta, since it affects all wikis. Then you could advertise it on enwiki and other major wikis. On Wed, Feb 11, 2015 at 4:57 AM, Petr Bena benap...@gmail.com wrote: As I said, I belive that any registered user should be able to use, with no need for permissions as I see no way to abuse it. Well, there's marking edits as tool invalidly to the point where people can't filter these tool edits without missing vandalism. Bot flag gives you higher api limits which can be abused, I note you're conflating the 'bot' right (which is what allows for marking an edit as 'bot', and generally forces it for web UI edits) with the 'bot' group that includes several other rights. On Wed, Feb 11, 2015 at 5:19 AM, Tim Landscheidt t...@tim-landscheidt.de wrote: But I think it would be nice to add an option to the API to attach tags to edits if they are contained in a whitelist (so an editor cannot tag his edits as hhvm himself, but only for example as tool edit). TTO is working on that, with me as the main reviewer. https://gerrit.wikimedia.org/r/#/c/188543/ -- Brad Jorsch (Anomie) Software Engineer Wikimedia Foundation ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
I believe that majority of users will not like to have to ask for some extra permissions in order to use some feature and so they will not ask for them and not use it. So in case this tool edit flag was restricted to some special permissions, users would keep using automated tools and their edits wouldn't be flagged at all. This is a reason why I think there shouldn't really be any restriction. I don't think we have many vandals out there who are able to damage wikipedia using API. There may be some, like 1 out of 10 000. But I doubt that it really would be a real problem. I am basically fine with anything that would be possible to be used by tools (eg. it needs interface in API's) and that isn't restricted to some group permissions. People who have permissions to use tools on wikis, should be able to flag their edits as tool edits. On Wed, Feb 11, 2015 at 4:35 PM, Brad Jorsch (Anomie) bjor...@wikimedia.org wrote: Please excuse the combined replies. On Wed, Feb 11, 2015 at 4:10 AM, Pine W wiki.p...@gmail.com wrote: Definitely worth discussing. For ENWP, I suggest bringing this up on VP:T. Probably better to host the discussion on Meta, since it affects all wikis. Then you could advertise it on enwiki and other major wikis. On Wed, Feb 11, 2015 at 4:57 AM, Petr Bena benap...@gmail.com wrote: As I said, I belive that any registered user should be able to use, with no need for permissions as I see no way to abuse it. Well, there's marking edits as tool invalidly to the point where people can't filter these tool edits without missing vandalism. Bot flag gives you higher api limits which can be abused, I note you're conflating the 'bot' right (which is what allows for marking an edit as 'bot', and generally forces it for web UI edits) with the 'bot' group that includes several other rights. On Wed, Feb 11, 2015 at 5:19 AM, Tim Landscheidt t...@tim-landscheidt.de wrote: But I think it would be nice to add an option to the API to attach tags to edits if they are contained in a whitelist (so an editor cannot tag his edits as hhvm himself, but only for example as tool edit). TTO is working on that, with me as the main reviewer. https://gerrit.wikimedia.org/r/#/c/188543/ -- Brad Jorsch (Anomie) Software Engineer Wikimedia Foundation ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] GPL upgrading to version 3
On 2015-02-11 10:06 AM, C. Scott Ananian wrote: On Wed, Feb 11, 2015 at 1:00 PM, Tyler Romeo tylerro...@gmail.com wrote: And, as a result, since MediaWiki is licensed under the v2+ rather than v3, we cannot accept Apache-licensed code into core. We cannot. But our users can. And our users can also combine with GPL v2-only code. The set of acceptable core licenses is thus *more* restrictive (GPL v2+ and those licenses compatible with it) so that our users have *more* freedom (license combined works under GPLv2, GPLv3, AGPL (maybe), etc). That's how it works. It's not hard. --scott I know at least one Apache licensed library that would be really good to have in core (see https://www.mediawiki.org/wiki/Requests_for_comment/Change_LESS_compilation_library). So I'm a little more concerned about our ability to put Apache licensed code into core than a distributor's ability to bundle MediaWiki with GPLv2-only code. ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/] ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] GPL upgrading to version 3
On February 11, 2015 at 15:32:00, Ryan Lane (rlan...@gmail.com) wrote: Companies don't need to give back with GPL either, even if they make mods. They only need to do so if they distribute. There's lots of Apache2 projects that have a very large amount of contribution, so maybe this would happen, but I doubt it. Not having to maintain your own fork is a really strong motivator for most companies. This is true. I guess it’s just a result of the sort of mixture of two arguments: whether to upgrade to v3, and whether to change to AGPL. In the latter, argument, even then companies are not required to give back, but one could argue that they are almost forced to since they must offer source code to all end-users anyway. -- Tyler Romeo 0x405D34A7C86B42DF signature.asc Description: Message signed with OpenPGP using AMPGpg ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] GPL upgrading to version 3
On Wed, Feb 11, 2015 at 9:55 AM, Tyler Romeo tylerro...@gmail.com wrote: On February 11, 2015 at 11:49:15, Bryan Davis (bd...@wikimedia.org) wrote: On Tue, Feb 10, 2015 at 8:48 PM, Tyler Romeo tylerro...@gmail.com wrote: What is more important: allowing as many people to use our libraries as possible, or protecting against our libraries from being used in proprietary software. For me, allowing as many people to use our libraries as possible. For the sake of the discussion, why? For me, the advantages outweigh the disadvantages. The advantage of getting more companies to use our libraries is that (maybe) they will contribute back, similar to what Apple does with LLVM. However, on the other side of the same coin, we are allowing the possibility that companies will *not* contribute back, and instead keep their improvements to themselves (to be clear, I am not implying malicious intent). Companies don't need to give back with GPL either, even if they make mods. They only need to do so if they distribute. There's lots of Apache2 projects that have a very large amount of contribution, so maybe this would happen, but I doubt it. Not having to maintain your own fork is a really strong motivator for most companies. - Ryan ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] OOjs UI 0.7.0 release
*OOjs UI 0.7.0* has been released today. It will be in MW from 1.25wmf18+. We've tried hard to avoid breaking changes when possible, but occasionally they will happen. The last time there were breaking changes in a release was 2014-12-16 (wmf13), 137 OOjs UI commits ago. *Breaking changes since last release:* - [BREAKING CHANGE] Remove window isolation (Trevor Parscal) Window isolation is a feature we introduced to solve certain problems in VisualEditor a while back. It essentially places the content of a window inside an iframe. We've since made improvements to VisualEditor to no longer need this, and are happy to finally be able to remove this rather problematic part of OOjs UI. We are not aware of anyone using this feature, so it should have no effect on code in production. We are also trying to make it easier on users of the library to stay up to date more proactively by publicizing deprecations for at least one release cycle before a related breaking change occurs. *Deprecated changes since last major release:* - DEPRECATION: GridLayout should no longer be used, instead use MenuLayout (Bartosz Dziewoński) GridLayout is a 2D proportional grid container that turned out to be difficult to have features we didn't need and lacked many we did need. The only uses of GridLayout have been removed, and we are planning to remove it in an upcoming release. The shiny new MenuLayout is a much simpler solution, providing a 2-pane split layout that is better suited to the needs we actually have. - DEPRECATION: LookupInputWidget should no longer be used, instead use LookupElement (Bartosz Dziewoński) In response to some feedback about using LookupInputWidget being complex and inflexible, we've changed strategies and are now providing lookup behavior through a mixin called LookupElement. Also, I'd especially like to thank the volunteers and early-adopters who contributed to this release. - C. Scott Ananian - Derk-Jan Hartman - Ricordisamoa - eranroz If you have any further questions or need help dealing with deprecations, please let me know. General library documentation is available at mediawiki.org https://www.mediawiki.org/wiki/OOjs_UI and generated code-level documentation at doc.mediawiki.org https://doc.wikimedia.org/oojs-ui/master/#!/api. - Trevor ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
I'm still thinking about this. A designated tool flag that (1) is assigned to trusted users as a userright like autopatrol and (2) could be used for multi-edit rollbacks as well as other semiautomated edits, could be quite useful for both watchlist screening and recent changes screening. The flag could be assigned automatically for semi-automated edits from those users who have autopatrol, reviewer, or rollbacker rights, and also assigned as a standalone right. Pine ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
Hoi, What does this have to do with English Wikipedia ? It is useful everywhere.. Why limit the scope ? Thanks, GerardM On 11 February 2015 at 10:33, Petr Bena benap...@gmail.com wrote: Yes, the question is however, if this passed consensus on english wikipedia and I made a patch for mediawiki, assuming code would be correct would it be merged to core of mediawiki or is there any other requirement? Does it actually even need to pass consensus on wikipedia? I think this would be useful for other wikis as well. We already have bot flag and most of smaller wikis have no bots. On Wed, Feb 11, 2015 at 10:10 AM, Pine W wiki.p...@gmail.com wrote: Definitely worth discussing. For ENWP, I suggest bringing this up on VP:T. Thanks, Pine On Feb 11, 2015 12:45 AM, Petr Bena benap...@gmail.com wrote: Hi, I think I proposed this once but I forgot the outcome. I would like to implement a new feature called tool edit it would be pretty much the same as bot edit but with following differences: -- Every registered user would be able to flag edit as tool edit (bot needs special user group) -- The flag wouldn't be intended for use by robots, but regular users who used some automated tool in order to make the edit -- Users could optionally mark any edit as tool edit through API only The rationale is pretty clear: there is a number of tools, like AWB and many others that produce incredible amounts of edits every day. They are spamming recent changes page - https://en.wikipedia.org/wiki/Special:RecentChanges can't be filtered out and most of regular users are not interested in them. This would make it possible to filter them out and it would also make it easier to figure out how many real edits some user has made, compared to automated edits made by tools. Is it worth implementing? I think yes, but not so sure. Thanks ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
Yes, the question is however, if this passed consensus on english wikipedia and I made a patch for mediawiki, assuming code would be correct would it be merged to core of mediawiki or is there any other requirement? Does it actually even need to pass consensus on wikipedia? I think this would be useful for other wikis as well. We already have bot flag and most of smaller wikis have no bots. On Wed, Feb 11, 2015 at 10:10 AM, Pine W wiki.p...@gmail.com wrote: Definitely worth discussing. For ENWP, I suggest bringing this up on VP:T. Thanks, Pine On Feb 11, 2015 12:45 AM, Petr Bena benap...@gmail.com wrote: Hi, I think I proposed this once but I forgot the outcome. I would like to implement a new feature called tool edit it would be pretty much the same as bot edit but with following differences: -- Every registered user would be able to flag edit as tool edit (bot needs special user group) -- The flag wouldn't be intended for use by robots, but regular users who used some automated tool in order to make the edit -- Users could optionally mark any edit as tool edit through API only The rationale is pretty clear: there is a number of tools, like AWB and many others that produce incredible amounts of edits every day. They are spamming recent changes page - https://en.wikipedia.org/wiki/Special:RecentChanges can't be filtered out and most of regular users are not interested in them. This would make it possible to filter them out and it would also make it easier to figure out how many real edits some user has made, compared to automated edits made by tools. Is it worth implementing? I think yes, but not so sure. Thanks ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
Definitely worth discussing. For ENWP, I suggest bringing this up on VP:T. Thanks, Pine On Feb 11, 2015 12:45 AM, Petr Bena benap...@gmail.com wrote: Hi, I think I proposed this once but I forgot the outcome. I would like to implement a new feature called tool edit it would be pretty much the same as bot edit but with following differences: -- Every registered user would be able to flag edit as tool edit (bot needs special user group) -- The flag wouldn't be intended for use by robots, but regular users who used some automated tool in order to make the edit -- Users could optionally mark any edit as tool edit through API only The rationale is pretty clear: there is a number of tools, like AWB and many others that produce incredible amounts of edits every day. They are spamming recent changes page - https://en.wikipedia.org/wiki/Special:RecentChanges can't be filtered out and most of regular users are not interested in them. This would make it possible to filter them out and it would also make it easier to figure out how many real edits some user has made, compared to automated edits made by tools. Is it worth implementing? I think yes, but not so sure. Thanks ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
It's relevant for all projects and languages. I haven't done it in a while, but I had my periods of massive AWB editing, and other RC patrollers rightly complained about it and asked me to do such things with a bot account. thinkingoutloudThe question is, how would it be different from the usual bot accounts. Last time I checked, AWB worked through a browser control and not through API (though again, it was a while ago). And which users will have a permission to use it? Some trusted users? Autoconfirmed? AWB has its own permissions system based on wiki pages, so maybe this could be discarded of a new tool edit permission./thinkingoutloud -- Amir Elisha Aharoni · אָמִיר אֱלִישָׁע אַהֲרוֹנִי http://aharoni.wordpress.com “We're living in pieces, I want to live in peace.” – T. Moore 2015-02-11 11:10 GMT+02:00 Pine W wiki.p...@gmail.com: Definitely worth discussing. For ENWP, I suggest bringing this up on VP:T. Thanks, Pine On Feb 11, 2015 12:45 AM, Petr Bena benap...@gmail.com wrote: Hi, I think I proposed this once but I forgot the outcome. I would like to implement a new feature called tool edit it would be pretty much the same as bot edit but with following differences: -- Every registered user would be able to flag edit as tool edit (bot needs special user group) -- The flag wouldn't be intended for use by robots, but regular users who used some automated tool in order to make the edit -- Users could optionally mark any edit as tool edit through API only The rationale is pretty clear: there is a number of tools, like AWB and many others that produce incredible amounts of edits every day. They are spamming recent changes page - https://en.wikipedia.org/wiki/Special:RecentChanges can't be filtered out and most of regular users are not interested in them. This would make it possible to filter them out and it would also make it easier to figure out how many real edits some user has made, compared to automated edits made by tools. Is it worth implementing? I think yes, but not so sure. Thanks ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
As I said, I belive that any registered user should be able to use, with no need for permissions as I see no way to abuse it. Bot flag gives you higher api limits which can be abused, but this would just work to make it easier for users to hide out your edits. The permission could be individually changed though per wiki if users wanted to have it restricted. The difference from bot flag is that bots are robots, not users, you probably want to keep them separated. Giving bot flag to a regular user is probably not a best idea. On Wed, Feb 11, 2015 at 10:39 AM, Amir E. Aharoni amir.ahar...@mail.huji.ac.il wrote: It's relevant for all projects and languages. I haven't done it in a while, but I had my periods of massive AWB editing, and other RC patrollers rightly complained about it and asked me to do such things with a bot account. thinkingoutloudThe question is, how would it be different from the usual bot accounts. Last time I checked, AWB worked through a browser control and not through API (though again, it was a while ago). And which users will have a permission to use it? Some trusted users? Autoconfirmed? AWB has its own permissions system based on wiki pages, so maybe this could be discarded of a new tool edit permission./thinkingoutloud -- Amir Elisha Aharoni · אָמִיר אֱלִישָׁע אַהֲרוֹנִי http://aharoni.wordpress.com “We're living in pieces, I want to live in peace.” – T. Moore 2015-02-11 11:10 GMT+02:00 Pine W wiki.p...@gmail.com: Definitely worth discussing. For ENWP, I suggest bringing this up on VP:T. Thanks, Pine On Feb 11, 2015 12:45 AM, Petr Bena benap...@gmail.com wrote: Hi, I think I proposed this once but I forgot the outcome. I would like to implement a new feature called tool edit it would be pretty much the same as bot edit but with following differences: -- Every registered user would be able to flag edit as tool edit (bot needs special user group) -- The flag wouldn't be intended for use by robots, but regular users who used some automated tool in order to make the edit -- Users could optionally mark any edit as tool edit through API only The rationale is pretty clear: there is a number of tools, like AWB and many others that produce incredible amounts of edits every day. They are spamming recent changes page - https://en.wikipedia.org/wiki/Special:RecentChanges can't be filtered out and most of regular users are not interested in them. This would make it possible to filter them out and it would also make it easier to figure out how many real edits some user has made, compared to automated edits made by tools. Is it worth implementing? I think yes, but not so sure. Thanks ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
Petr Bena benap...@gmail.com wrote: [...] The rationale is pretty clear: there is a number of tools, like AWB and many others that produce incredible amounts of edits every day. They are spamming recent changes page - https://en.wikipedia.org/wiki/Special:RecentChanges can't be filtered out and most of regular users are not interested in them. This would make it possible to filter them out and it would also make it easier to figure out how many real edits some user has made, compared to automated edits made by tools. Is it worth implementing? I think yes, but not so sure. My assumption is that if someone floods recent changes, there is a high probability that all of those edits are mi- nor in nature. But I think it would be nice to add an option to the API to attach tags to edits if they are contained in a whitelist (so an editor cannot tag his edits as hhvm himself, but only for example as tool edit). Tim ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
On 11 Feb 2015 17:57, Petr Bena benap...@gmail.com wrote: As I said, I belive that any registered user should be able to use, with no need for permissions as I see no way to abuse it. If anyone can use it, wouldn't the smarter vandals just use it to avoid the RC patrollers? -Chris ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] New feature: tool edit
Hi, I think I proposed this once but I forgot the outcome. I would like to implement a new feature called tool edit it would be pretty much the same as bot edit but with following differences: -- Every registered user would be able to flag edit as tool edit (bot needs special user group) -- The flag wouldn't be intended for use by robots, but regular users who used some automated tool in order to make the edit -- Users could optionally mark any edit as tool edit through API only The rationale is pretty clear: there is a number of tools, like AWB and many others that produce incredible amounts of edits every day. They are spamming recent changes page - https://en.wikipedia.org/wiki/Special:RecentChanges can't be filtered out and most of regular users are not interested in them. This would make it possible to filter them out and it would also make it easier to figure out how many real edits some user has made, compared to automated edits made by tools. Is it worth implementing? I think yes, but not so sure. Thanks ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
On 11 February 2015 at 09:33, Petr Bena benap...@gmail.com wrote: Yes, the question is however, if this passed consensus on english wikipedia and I made a patch for mediawiki, assuming code would be correct would it be merged to core of mediawiki or is there any other requirement? Does it actually even need to pass consensus on wikipedia? I think this would be useful for other wikis as well. We already have bot flag and most of smaller wikis have no bots. No, absolutely not. MediaWiki is entirely independent. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
It's funny, it just so happens that Anomie and I are working on something [1] right now, based on the existing change tagging infrastructure, which is quite similar to what you are asking for, and with much the same purpose in mind. There have been discussions at [2] and [3] relating to this topic, both of which contain eerily similar ideas and questions to some of the messages in this thread. It just goes to show that great minds think alike... TTO -- [1] https://gerrit.wikimedia.org/r/#/c/188543/ [2] https://en.wikipedia.org/wiki/Wikipedia:Village_pump_(proposals)/Archive_117#Bot_tagging_of_edits [3] https://phabricator.wikimedia.org/T20670 Petr Bena wrote in message news:CA+4EQ5fO=tom0-gnau1iimtht1ozaczlvv+8-um0c9qqx7e...@mail.gmail.com... Hi, I think I proposed this once but I forgot the outcome. I would like to implement a new feature called tool edit it would be pretty much the same as bot edit but with following differences: -- Every registered user would be able to flag edit as tool edit (bot needs special user group) -- The flag wouldn't be intended for use by robots, but regular users who used some automated tool in order to make the edit -- Users could optionally mark any edit as tool edit through API only The rationale is pretty clear: there is a number of tools, like AWB and many others that produce incredible amounts of edits every day. They are spamming recent changes page - https://en.wikipedia.org/wiki/Special:RecentChanges can't be filtered out and most of regular users are not interested in them. This would make it possible to filter them out and it would also make it easier to figure out how many real edits some user has made, compared to automated edits made by tools. Is it worth implementing? I think yes, but not so sure. Thanks ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
Keep in mind that it isn't always easy to tell 'tool' and 'bot' edits apart. Several scripts can perform actions whose degree of automation varies widely. For my part, I make most of my semi-automated edits using my bot's account, but many users also have separate 'flood' accounts for use with Wikidata Game https://tools.wmflabs.org/wikidata-game/ and similar tools. Il 11/02/2015 09:45, Petr Bena ha scritto: Hi, I think I proposed this once but I forgot the outcome. I would like to implement a new feature called tool edit it would be pretty much the same as bot edit but with following differences: -- Every registered user would be able to flag edit as tool edit (bot needs special user group) -- The flag wouldn't be intended for use by robots, but regular users who used some automated tool in order to make the edit -- Users could optionally mark any edit as tool edit through API only The rationale is pretty clear: there is a number of tools, like AWB and many others that produce incredible amounts of edits every day. They are spamming recent changes page - https://en.wikipedia.org/wiki/Special:RecentChanges can't be filtered out and most of regular users are not interested in them. This would make it possible to filter them out and it would also make it easier to figure out how many real edits some user has made, compared to automated edits made by tools. Is it worth implementing? I think yes, but not so sure. Thanks ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
Chris Grant wrote in message news:caf_zkbp-abgzgcy4lqqvbtxur-2tjo8opmbwxtrosfvihuc...@mail.gmail.com... On 11 Feb 2015 17:57, Petr Bena benap...@gmail.com wrote: As I said, I belive that any registered user should be able to use, with no need for permissions as I see no way to abuse it. If anyone can use it, wouldn't the smarter vandals just use it to avoid the RC patrollers? How does a user prove that they're using a particular tool a way that can't be faked? Something like OAuth comes to mind. All edits made via an OAuth consumer are already tagged with a unique tag, and I would assume that it is not possible to falsely represent an OAuth consumer. I'm not sure whether this could work for common tools like AWB or Twinkle, though: * I don't know whether OAuth works for client-side downloadable programs like AWB. * JavaScript tools edit as the user from the user's browser, and as such, OAuth is not relevant to them. In any case, anything they do (like adding a specific string to edit summaries, adding a tag to their edits, or the like) can be easily spoofed or faked by a tech-savvy user. Before change tagging could be used as a way to *filter out* particular tool edits (as opposed to being simply a way of identifying revisions that satisfy some criterion) the RC tag filter would need to be improved. (I'm not pretending that change tagging is the only solution for Petr's tool edits idea: I just think it is the most likely candidate for implementing something like this.) TTO ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
Hi Petr, Petr Bena schreef op 11-2-2015 om 7:50: I believe that majority of users will not like to have to ask for some extra permissions in order to use some feature and so they will not ask for them and not use it. Don't break your head over this. 1. We build this tool edit feature (or not). The ability to use it is a userright (https://en.wikipedia.org/wiki/Special:ListGroupRights) 2. We have each wiki figure out if they want to add this right to an existing group (autoconfirmed users?) or to create a new one I think this would be a very nice feature. Wikidata recentchanges (https://www.wikidata.org/wiki/Special:RecentChanges) is currently completely unusable because of automatic edits. Maarten ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
Maarten's thinking works well with my train of thought also. What would it take to implement a new tool edit flag userright, associated filters for recent changes and watchlists, and automatic applications of the flag to uses of rollback, AWB, etc when the user of those tools has the right to the tool edit flag? Pine On Feb 11, 2015 10:01 PM, Maarten Dammers maar...@mdammers.nl wrote: Hi Petr, Petr Bena schreef op 11-2-2015 om 7:50: I believe that majority of users will not like to have to ask for some extra permissions in order to use some feature and so they will not ask for them and not use it. Don't break your head over this. 1. We build this tool edit feature (or not). The ability to use it is a userright (https://en.wikipedia.org/wiki/Special:ListGroupRights) 2. We have each wiki figure out if they want to add this right to an existing group (autoconfirmed users?) or to create a new one I think this would be a very nice feature. Wikidata recentchanges ( https://www.wikidata.org/wiki/Special:RecentChanges) is currently completely unusable because of automatic edits. Maarten ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New feature: tool edit
Alex Monk wrote: On 11 February 2015 at 09:33, Petr Bena benap...@gmail.com wrote: Yes, the question is however, if this passed consensus on english wikipedia and I made a patch for mediawiki, assuming code would be correct would it be merged to core of mediawiki or is there any other requirement? Does it actually even need to pass consensus on wikipedia? I think this would be useful for other wikis as well. We already have bot flag and most of smaller wikis have no bots. No, absolutely not. MediaWiki is entirely independent. MediaWiki serves as the platform of Wikipedia. And changes to MediaWiki must keep compatibility with Wikipedia, for now and indefinitely. So I wouldn't say MediaWiki is entirely independent. :-) MZMcBride ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
