On 18/09/09 11:26, David Earl wrote: > On 18/09/2009 10:53, Tom Hughes wrote: >> On 18/09/09 10:33, David Earl wrote: >> >>> ***PLEASE*** PULL THE PLUG ON HIM! >> >> I have repeatedly stated that I am not prepared to block people on my >> own. Get the DWG to order him blocked and I will happily do so. > > How? How does the clamour that's been made over three months actually > get turned into action?
As far as I can tell Liam123 was first referred to the DWG on 7th August. Our next meeting was on 25th August and I assume the case was discussed there although I'm having a hard time finding any record of it - most likely somebody was tasked to send him a direct email. The next DWG meeting is next week when I expect it will be discussed again and a decision made on what action to take. Yes we know this is slow, which is why we are working on setting up a ticketing system to allow more work to be done between meetings and why there is work being done to allow more fine grained blocking of users so that temporary suspensions and things can be used while detailed investigation is done. Right now the only things we have are sledgehammers so we have to be careful about how we use them. > Is there a general email address for the members (who I can see on the > wiki, and that you are one of), or do I have to get the email addresses > for each member individually - it doesn't say on the wiki how to make > contact, though obviously I recognise all the names. The address of the DWG is clearly listed on the vandalism page in the wiki although it doesn't currently seem to be on the DWG page for some reason. > Re IP addresses, it depends on how he is connected - mine for example > never changes so long as I am using the same Mac address to connect. It > is cited on the DWG page as one course of action, and I think it would > be more effective than banning the account, as we'll likely lose track > of him. Well bully for you. Now if the entire world is using the same ISP as you then everything will be fine. IP blocks are fragile in a number of ways, both because of the tendency for users to move IP and because they have to be manually configured on each server and therefore have a high chance of getting lost over time. User blocks are much more robust because they act at the rails level by changing the user's record in the database. They are definitely the first choice at the moment. > It is trivial to get hold of the IP address - every HTTP request carries > it, though a serious hacker would forge or suppress it, I doubt he's > doing that - if he was not just playing, he'd be using multiple accounts. I'm not a complete muppet thank you. I know full well that every HTTP request has an IP address associated with it. The problem is working out which HTTP requests are his! The web server access logs do not record the authenticated user for each request for the very simple reason that the web server has no idea as that is a rails level issue. The rails logs also do not log the user details, although they probably could be made to. It would be on a separate line to the IP address however which makes pulling them out much harder. Tom -- Tom Hughes (t...@compton.nu) http://www.compton.nu/ _______________________________________________ Talk-GB mailing list Talk-GB@openstreetmap.org http://lists.openstreetmap.org/listinfo/talk-gb
