RE: Our Wiki just got hijacked

From: Popkin, Laird (WMG Corp) <"Popkin,>
Date: Tue Jun 29 2004 - 13:07:48 CDT

The revision history is:

        Revision 23 . . June 29, 2004 11:00 am by Dqm [Restore vandalized
        Revision 22 . . June 29, 2004 10:38 am by Ekennedyx
        Revision 21 . . June 29, 2004 8:11 am by []

So at 8:11 AM the wiki home page became a casino ad. At 10:38 one of us
deleted the ad, leaving the page blank. At 11:00 two of us (smile) restored
the original page.

As for the issue of the wiki being our documentation, and the risk of it
being defaced, I can see three easy options:

1) Leave it as is.
2) Add HTTP authentication to the web server, so we'd have a (shared)
username and password used to access the site. This would block reading as
well as posting.
3) We move to a more sophisticated Wiki system that provides for logging in,
access control over authoring, etc. For example, there's a Wiki module for
Drupal that works quite nicely; if you'd like I can set it up on our Drupal
site for people to evaluate. It basically looks just like a Wiki with Drupal
sidebars. :-)

- LP

-----Original Message-----
[]On Behalf Of Arthur
Sent: Tuesday, June 29, 2004 1:29 PM
Subject: Re: [voting-project] Our Wiki just got hijacked

At 1:16 PM -0400 6/29/04, David Mertz wrote:
>>>A Wiki is closer to a discussion list than it is to formal publication.
>On Jun 29, 2004, at 12:56 PM, Arthur Keller wrote:
>>Others may not make that distinction. I'd prefer if we had a login
>>system. Simple passwords will do.
>What others?! People who don't know what a Wiki is?

The typical person looking at our materials.

>If you're worried about it, add a note to the HomePage that says "A
>Wiki is more like a discussion list than it is like a formal
>publication"... that way anyone who goes there will know that fact.
>>The danger is not merely vandalism, it is someone changing our text
>>in a way that we don't notice and changes our meaning. That's the
>>greater risk.
>Just look at the change history. There's nothing subtle there: it
>gives you explicit diffs between versions, with colors and
>highlights pointing out what's changed. Looking at a colorized
>diff, it's pretty darn hard to miss it if a change gives the wrong
>meaning. It doesn't make a whit of difference whether that wrong
>meaning is malicious or careless, or just represents a
>misunderstanding by an OVCer... if it's wrong, make it better!

I don't understand the social problem of having registered users and
passwords. It avoids vandalism, and let's us know who wants to

>I definitely DO NOT want to create an ANTI-WIKI that masquerades as a Wiki.

Who's talking about an Anti-Wiki? I'm talking about controlled
authorship. We don't allow merely anyone to post to our mailing list
(and we've stopped quite a few Nigerian spams that way), and there
aren't calls to allow anyone.

I think people should introduce themselves to a community before
contributing. Having strangers edit our discussions, for good or
evil intent, is not a requirement of a Wiki. Rather, I want a
discussion amongst a community, to which others can join.

For the record, how long did it take until the vandalism was
discovered and restored?

Best regards,

Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Wed Jun 30 23:17:26 2004

This archive was generated by hypermail 2.1.8 : Wed Jun 30 2004 - 23:17:30 CDT