Renameuser right for administrators on Wikimedia wikis

classic Classic list List threaded Threaded
28 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Renameuser right for administrators on Wikimedia wikis

MZMcBride
Hello --

Given that the Renameuser extension now uses the job queue for renames
involving over 10,000 edits (and thus no longer locking the site for large
renames), is there any technical reason not to give administrators the
renameuser right?

And, if there are no technical prohibitions, is this something that would
require per-project voting or would switching it across all Wikimedia wikis
be acceptable?

Thanks!

MZMcBride
[hidden email]



_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Brion Vibber-3
MZMcBride wrote:
> Given that the Renameuser extension now uses the job queue for renames
> involving over 10,000 edits (and thus no longer locking the site for large
> renames), is there any technical reason not to give administrators the
> renameuser right?

Renaming a user who doesn't expect it would be very disruptive. This
isn't something we'd really want to give out to every sysop.

I'd much rather see a sensible system for self-renames (with decent
throttling, checks, etc)

-- brion

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Chris Down-2
Self-renaming would be great so long as appropriate logging was introduced
alongside the functionality. I don't think the main rename log should be
used, as at the end of the day these new usernames are not being endorsed to
be appropriate by a 'crat.

But yeah, sounds good.

- Chris

On Fri, Apr 3, 2009 at 10:30 AM, Brion Vibber <[hidden email]> wrote:

> MZMcBride wrote:
> > Given that the Renameuser extension now uses the job queue for renames
> > involving over 10,000 edits (and thus no longer locking the site for
> large
> > renames), is there any technical reason not to give administrators the
> > renameuser right?
>
> Renaming a user who doesn't expect it would be very disruptive. This
> isn't something we'd really want to give out to every sysop.
>
> I'd much rather see a sensible system for self-renames (with decent
> throttling, checks, etc)
>
> -- brion
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Platonides
In reply to this post by Brion Vibber-3
Brion Vibber wrote:

> MZMcBride wrote:
>> Given that the Renameuser extension now uses the job queue for renames
>> involving over 10,000 edits (and thus no longer locking the site for large
>> renames), is there any technical reason not to give administrators the
>> renameuser right?
>
> Renaming a user who doesn't expect it would be very disruptive. This
> isn't something we'd really want to give out to every sysop.
>
> I'd much rather see a sensible system for self-renames (with decent
> throttling, checks, etc)
>
> -- brion

And manual approval. 'niceuser' suddenly renaming itself to "Brion is a
***" is not good. And bureaucrats being throttled so it can't be
unrenamed worse. (And worst if it's a legitimate account which has been
compromised)


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Andrew Garrett-4
On Sat, Apr 4, 2009 at 1:14 AM, Platonides <[hidden email]> wrote:

> Brion Vibber wrote:
>> I'd much rather see a sensible system for self-renames (with decent
>> throttling, checks, etc)
>>
>> -- brion
>
> And manual approval. 'niceuser' suddenly renaming itself to "Brion is a
> ***" is not good. And bureaucrats being throttled so it can't be
> unrenamed worse. (And worst if it's a legitimate account which has been
> compromised)

Suggestions for throttling are of course only for self-renaming.

That rename is no more disruptive than some pagemoves with the same
text, except, I suppose, that they would require a bureaucrat to
reverse.

--
Andrew Garrett

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Robert Rohde
In reply to this post by Brion Vibber-3
On Fri, Apr 3, 2009 at 2:30 AM, Brion Vibber <[hidden email]> wrote:

> MZMcBride wrote:
>> Given that the Renameuser extension now uses the job queue for renames
>> involving over 10,000 edits (and thus no longer locking the site for large
>> renames), is there any technical reason not to give administrators the
>> renameuser right?
>
> Renaming a user who doesn't expect it would be very disruptive. This
> isn't something we'd really want to give out to every sysop.
>
> I'd much rather see a sensible system for self-renames (with decent
> throttling, checks, etc)

I believe the immediate motivation for MZMcBride's request is actually
a discussion on enwiki that there weren't enough trusted individuals
to forcibly rename accounts containing sensitive information in their
username.  If that is the goal, then a self-renaming function would
not address it.

To be honest, I don't really understand why one would use renaming
over revision delete to hide bad account names, but some ArbCom
members and similarly highly placed persons have stated that there are
circumstances where renaming is currently preferred over revision
delete.

-Robert Rohde

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Robert Rohde
On Fri, Apr 3, 2009 at 8:47 AM, Robert Rohde <[hidden email]> wrote:

> On Fri, Apr 3, 2009 at 2:30 AM, Brion Vibber <[hidden email]> wrote:
>> MZMcBride wrote:
>>> Given that the Renameuser extension now uses the job queue for renames
>>> involving over 10,000 edits (and thus no longer locking the site for large
>>> renames), is there any technical reason not to give administrators the
>>> renameuser right?
>>
>> Renaming a user who doesn't expect it would be very disruptive. This
>> isn't something we'd really want to give out to every sysop.
>>
>> I'd much rather see a sensible system for self-renames (with decent
>> throttling, checks, etc)
>
> I believe the immediate motivation for MZMcBride's request is actually
> a discussion on enwiki that there weren't enough trusted individuals
> to forcibly rename accounts containing sensitive information in their
> username.  If that is the goal, then a self-renaming function would
> not address it.
>
> To be honest, I don't really understand why one would use renaming
> over revision delete to hide bad account names, but some ArbCom
> members and similarly highly placed persons have stated that there are
> circumstances where renaming is currently preferred over revision
> delete.

That said, I'm also not sure why we couldn't trust sysops with this.
Assuming the limitation is not technical (i.e. the servers won't
explode) and renames are undoable (they are right?), then given a
well-formed policy on renaming I'm not sure why giving this to all
sysops would be particularly dangerous.

I certainly understand the segregation of checkuser and oversight, but
renaming has never struck me as belonging to the same category of
rights that need to be highly restricted.

-Robert Rohde

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Aryeh Gregor
On Fri, Apr 3, 2009 at 12:01 PM, Robert Rohde <[hidden email]> wrote:
> That said, I'm also not sure why we couldn't trust sysops with this.
> Assuming the limitation is not technical (i.e. the servers won't
> explode)

I think Domas might have objections if the number of renames suddenly
increased by a factor of 10, actually.  He's complained about them
before.  They have to update an awful lot of rows.

> and renames are undoable (they are right?)

In principle, yes.  Of course they can get stuck half-done, and if you
rename someone twice in quick succession I don't know what will happen
with the job queue.

Renaming is not currently a simple operation, because of our schema.
We encode the username all over the place.  If it were just in the
user table, renaming would be less of a big deal, since we'd change
one row plus maybe some stuff in RC.  But we have to change a ton of
rows in a ton of tables, almost all of which (for long-established
users) will be cold and so will be dug out from disk.  So we have to
defer things, so they can be in a half-finished state, so it's slow
and messy.

Also keep in mind that if someone is renamed without their knowledge,
they'll be unable to log into their account.  The error message will
only say that the user doesn't exist, or -- if a user is created with
the same name -- it will just tell them their password is wrong!
Forcible renames are scary for this reason as well.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Commit access

Jan Luca
Hello,

where can I ask for Commit access to Wikimedia SVN?

Viele Grüße
Jan Luca


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Commit access

Aryeh Gregor
On Fri, Apr 3, 2009 at 1:18 PM, Jan Luca <[hidden email]> wrote:
> where can I ask for Commit access to Wikimedia SVN?

This is an okay place.  You'll want to provide your public key,
desired commit name, and what you want to use the commit access for.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Alex Zaddach
In reply to this post by Andrew Garrett-4
Andrew Garrett wrote:
> That rename is no more disruptive than some pagemoves with the same
> text, except, I suppose, that they would require a bureaucrat to
> reverse.
>

Which would make it significantly more disruptive...

--
Alex (wikipedia:en:User:Mr.Z-man)

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Commit access

Jan Luca
In reply to this post by Aryeh Gregor
Hello,

Key: http://toolserver.org/~jan/files/SSH2-RSA.pub

Commit name: jan
Alternative: jan_luca

I will use my commit access for commit extensions. At the moment I create a
extensions for my poll-script on Wikimedia Toolserver.

Viele Grüße
Jan

-----Ursprüngliche Nachricht-----
Von: [hidden email]
[mailto:[hidden email]] Im Auftrag von Aryeh Gregor
Gesendet: Freitag, 3. April 2009 19:22
An: Wikimedia developers
Betreff: Re: [Wikitech-l] Commit access

On Fri, Apr 3, 2009 at 1:18 PM, Jan Luca <[hidden email]> wrote:
> where can I ask for Commit access to Wikimedia SVN?

This is an okay place.  You'll want to provide your public key,
desired commit name, and what you want to use the commit access for.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Platonides
In reply to this post by Aryeh Gregor
Aryeh Gregor wrote:
> Also keep in mind that if someone is renamed without their knowledge,
> they'll be unable to log into their account.  The error message will
> only say that the user doesn't exist, or -- if a user is created with
> the same name -- it will just tell them their password is wrong!
> Forcible renames are scary for this reason as well.

Any reason for not displaying an excerpt from the rename log for that
user on login failure, much like on editing deleted pages?


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

George William Herbert
In reply to this post by Aryeh Gregor
On Fri, Apr 3, 2009 at 9:51 AM, Aryeh Gregor
<[hidden email]<Simetrical%[hidden email]>
> wrote:

> On Fri, Apr 3, 2009 at 12:01 PM, Robert Rohde <[hidden email]> wrote:
> > That said, I'm also not sure why we couldn't trust sysops with this.
> > Assuming the limitation is not technical (i.e. the servers won't
> > explode)
>
> I think Domas might have objections if the number of renames suddenly
> increased by a factor of 10, actually.  He's complained about them
> before.  They have to update an awful lot of rows.
>
> > and renames are undoable (they are right?)
>
> In principle, yes.  Of course they can get stuck half-done, and if you
> rename someone twice in quick succession I don't know what will happen
> with the job queue.
>
> Renaming is not currently a simple operation, because of our schema.
> We encode the username all over the place.  If it were just in the
> user table, renaming would be less of a big deal, since we'd change
> one row plus maybe some stuff in RC.  But we have to change a ton of
> rows in a ton of tables, almost all of which (for long-established
> users) will be cold and so will be dug out from disk.  So we have to
> defer things, so they can be in a half-finished state, so it's slow
> and messy.
>
> Also keep in mind that if someone is renamed without their knowledge,
> they'll be unable to log into their account.  The error message will
> only say that the user doesn't exist, or -- if a user is created with
> the same name -- it will just tell them their password is wrong!
> Forcible renames are scary for this reason as well.


I agree that admins might not be necessarily trusted with permissions which
would screw up site operations.  We do no administrator ID verification, and
the length and breadth of high load website operations/architecture
experience is not a selection criteria.  Limiting it to people who
understand what effects it could have, and who are better known to the
community/foundation, seems sensible.

Any reason not to set this up as a new userright we can have Arbcom hand to
admins on request/review/background verification?

We already have them as a mechanism to extend admin rights to CU.  This is
less sensitive than that -  but we don't have any mechanism in place to
handle anything between "admins can add themselves to this" and CU right
now.

OTRS might sorta count there, but it's sideways of the on-wiki
administrative structure.


--
-george william herbert
[hidden email]
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Aryeh Gregor
In reply to this post by Platonides
On Fri, Apr 3, 2009 at 7:29 PM, Platonides <[hidden email]> wrote:
> Any reason for not displaying an excerpt from the rename log for that
> user on login failure, much like on editing deleted pages?

That would be a sensible idea.  In the overwhelming majority of cases,
either there'd be no rename entry or the login would succeed, so it
wouldn't be obtrusive.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Charlotte Webb
In reply to this post by George William Herbert
On Fri, Apr 3, 2009 at 6:06 PM, George Herbert <[hidden email]> wrote:
> I agree that admins might not be necessarily trusted with permissions which
> would screw up site operations.  We do no administrator ID verification, and
> the length and breadth of high load website operations/architecture
> experience is not a selection criteria.  Limiting it to people who
> understand what effects it could have, and who are better known to the
> community/foundation, seems sensible.
>
> Any reason not to set this up as a new userright we can have Arbcom hand to
> admins on request/review/background verification?

Uh, what's you're point?

Bureaucrats are not required to identify themselves and about half of
them do not, cf.:
http://en.wikipedia.org/wiki/Special:Listusers/bureaucrat
http://meta.wikimedia.org/wiki/Identification_noticeboard

I understand a couple of them are believed not to be legal adults either.

—C.W.
—C.W.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Charlotte Webb
In reply to this post by Platonides
On Fri, Apr 3, 2009 at 8:14 AM, Platonides <[hidden email]> wrote:
> And manual approval. 'niceuser' suddenly renaming itself to "Brion is a
> ***" is not good.

Well, neither is creating a brand-new account with that name and can't
do much about that except block the account(s), which is what would
happen in either case. Also in either case the account would be
forcibly renamed to something completely different if the name is too
offensive.

So what's the difference, the number of edits? Maybe you could let
regular admins rename the really common cases where some new user
misspelled their namesake pokémon, or forgot to capitalize their
surname, or included a swearword, etc. but require that serious
"bigrename" users (with, I don't know... 5,000–10,000 edits) have to
talk to a crat.

Seems like a reasonable compromise to me.

—C.W.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Aryeh Gregor
On Sun, Apr 5, 2009 at 9:49 AM, Charlotte Webb
<[hidden email]> wrote:
> So what's the difference, the number of edits? Maybe you could let
> regular admins rename the really common cases where some new user
> misspelled their namesake pokémon, or forgot to capitalize their
> surname, or included a swearword, etc. but require that serious
> "bigrename" users (with, I don't know... 5,000–10,000 edits) have to
> talk to a crat.
>
> Seems like a reasonable compromise to me.

There's still the "Why can't I log in anymore?" problem.  Sysops can
currently block people, but at least they're told that they blocked,
who blocked them, and why.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Renameuser right for administrators on Wikimedia wikis

Charlotte Webb
On Sun, Apr 5, 2009 at 8:35 AM, Aryeh Gregor
<[hidden email]> wrote:
> There's still the "Why can't I log in anymore?" problem.  Sysops can
> currently block people, but at least they're told that they blocked,
> who blocked them, and why.

Yeah that would arise when somebody has been renamed without
requesting it, but as far as I know all involuntarily renamed users
except for Trollderella have been indef-blocked vandal accounts (who
would have little to gain by still being able to log in, and whom we
wouldn't be particularly interested in helping). The one exceptional
case was part of the reason Uncle Ed was pressured to resign as
bureaucrat.

My point is this isn't something that happens very often now and I
doubt lowering the user-group requirement would make it happen much
more often. Either way it would be easy enough to revert and probably
still be considered grounds for summarily removing access.

In any case it might be helpful to provide a certain grace period
during which the old name still works on the login screen as a valid
alias, or possibly indefinitely unless there is a reason to for
another user to claim the old name (in cases of deliberate
impersonation or coincidental SUL conflicts, etc.)

—C.W.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Commit access

Jan Luca
In reply to this post by Jan Luca
Hello,

when will there a answer?

Gruß
Jan Luca

-----Ursprüngliche Nachricht-----
Von: [hidden email]
[mailto:[hidden email]] Im Auftrag von Jan Luca
Gesendet: Freitag, 3. April 2009 19:58
An: 'Wikimedia developers'
Betreff: Re: [Wikitech-l] Commit access

Hello,

Key: http://toolserver.org/~jan/files/SSH2-RSA.pub

Commit name: jan
Alternative: jan_luca

I will use my commit access for commit extensions. At the moment I create a
extensions for my poll-script on Wikimedia Toolserver.

Viele Grüße
Jan

-----Ursprüngliche Nachricht-----
Von: [hidden email]
[mailto:[hidden email]] Im Auftrag von Aryeh Gregor
Gesendet: Freitag, 3. April 2009 19:22
An: Wikimedia developers
Betreff: Re: [Wikitech-l] Commit access

On Fri, Apr 3, 2009 at 1:18 PM, Jan Luca <[hidden email]> wrote:
> where can I ask for Commit access to Wikimedia SVN?

This is an okay place.  You'll want to provide your public key,
desired commit name, and what you want to use the commit access for.

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
12