RE: The wiki has been hacked yet again 8/17/2004

From: Popkin, Laird (WMG Corp) <"Popkin,>
Date: Thu Aug 19 2004 - 10:13:03 CDT

If we're going to add authentication and permissions to authoring the Wiki,
there are far easier ways to do it. Specifically, we use the Drupal site
(http://gyaku.pair.com/~vote/drupal/) that's been set up for ages, and
install the Wiki module. Drupal provides for registration, login, roles,
permissions, etc., so we could easily make the Wiki pages visible to all
visitors, and editable only by approved authors. This requires no coding,
etc., just some simple setup (and copying text from one site to the other).
If people think it's worthwhile, I can take care of this tonight.

- LP

-----Original Message-----
From: owner-voting-project@afterburner.sonic.net
[mailto:owner-voting-project@afterburner.sonic.net]On Behalf Of David
Mertz
Sent: Wednesday, August 18, 2004 9:41 PM
To: voting-project@lists.sonic.net
Subject: Re: [voting-project] The wiki has been hacked yet again
8/17/2004

On Aug 18, 2004, at 8:46 PM, Nathan L. Adams wrote:
> I'll stir the pot a little then.
> Not having some sort of authentication on the wiki is just plain silly.

OK... I guess I'm annoyed enough by fixing it that I'm OK with someone
adding -very unobtrusive- permissions.

Here's an idea: We whitelist IP addresses of people who want to read or
modify the Wiki. To get on the whitelist, you have to pass some sort
of authentication procedure; but once you do that, your IP address is
automatically approved. Some people connect from multiple IP
addresses, of course, but the authentication should be easy enough to
not be prohibitive to do a few times (not right after one another, but
on a few different days, say--e.g. once at home, then once at work).

An authentication might be something like a graphic of a few wavy
letters that you need to type into a box (I assume everyone has seen
that sort of thing). Something a robot can't do, in other words (all
of our vandals are most certainly robots)--but not anything where we
specifically choose whom we like and dislike on ideological criteria.
Or an alternate test might be a quiz of VERY basic OVC knowledge.
Like: "What is the last name of any one of the OVC board members?"
Again, vandalbot proof (but also requires *slight* concrete knowledge
of what the Wiki is for).

If anyone wants to make this happen, write me privately. I can give
you shell access to the gnosis.python-hosting.com account. You'll
presumably need to know a -little- bit of Python, since that's what the
Wiki is written in. Adding my suggested test wouldn't take much
programming, methinks.

P.S. I kinda wonder if the upsurge in vandalism is related to our
recent RSS syndication. No criticism of Joe for his wonderful job with
this. But getting on an RSS feed advertises our presence in a way that
is not 100% good. But then, that's the mailing list, not the Wiki; so
they might well be unrelated.

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue Aug 31 23:17:16 2004

This archive was generated by hypermail 2.1.8 : Tue Aug 31 2004 - 23:17:23 CDT