Folks,
I have been neglecting to check the Wiki for spam and now that I did it
took me quite some time to remove lots of stupid crap (just a random
example of one type of hard to remove spam [1]). Spammer take advantage
of the Wiki not searching user talk pages when using the user's
contribution function and put stuff there instead of their main user
page. Maybe an update would also help (1.15.2 is a year old now).
While most type of that spam does not really hurt too much it does make
things look badly maintained. Should we step up the barrier to editing
by adding email authentication during account creation? Or will this
prevent the newbie from contributing?
The other option would be add Open ID or - better even - allow editing
with the regular OGSeo account (which I believe already includes email
authentication). What is the status of the CRM, although this might be a
separate thread.
Thought we might want to discuss this here before making and deleting
lots of tickets.
- --
Exploring Space, Time and Mind http://arnulf.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
The other option would be add Open ID or - better even - allow editing
with the regular OGSeo account (which I believe already includes email
authentication). What is the status of the CRM, although this might be a
separate thread.
Arnulf,
I will note that the form for creating OSGeo accounts does not include
email verification. It's main advantage has been that it is unique to
OSGeo and no one has bothers writing a robot specifically for us.
I believe efforts to switch to using OSGeo LDAP for wiki ids has fallen down
in the past trying to figure out how to map the existing ids.
Best regards,
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | Geospatial Programmer for Rent
While most type of that spam does not really hurt too much it does make
things look badly maintained. Should we step up the barrier to editing
by adding email authentication during account creation? Or will this
prevent the newbie from contributing?
Weird, I thought it was enabled, only to find that my definition of “authentication required” differed from mediawiki’s
I’m tempted to just turn it on but wonder how it will handle those who may be regular editors and not confirmed.
Want to try it?
Tyler
----- Original Message -----
From: Frank Warmerdam warmerdam@pobox.com
Date: Tuesday, April 19, 2011 7:33 am
Subject: Re: [SAC] Spam in Wiki
To: sac@lists.osgeo.org
On 11-04-19 09:08 AM, Seven (aka Arnulf) wrote:
The other option would be add Open ID or - better even - allow
editing>with the regular OGSeo account (which I believe already
includes email
authentication). What is the status of the CRM, although this
might be a
separate thread.
Arnulf,
I will note that the form for creating OSGeo accounts does not include
email verification. It’s main advantage has been that it
is unique to
OSGeo and no one has bothers writing a robot specifically for us.
I believe efforts to switch to using OSGeo LDAP for wiki ids has
fallen down
in the past trying to figure out how to map the existing ids.
I set the clouds in motion - turn up | Frank
Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush |
Geospatial Programmer for Rent
On Tue, Apr 19, 2011 at 11:09:27PM -0700, Hamish wrote:
while we're at it, https logins for the mediawiki would be nice,
especially if the LDAP password is considered to be used for
that in future.
fwiw, OSM has figured that one out for their mediawiki & we can
just ask them about it if we get stuck.
As someone already said before, the real difficulty would be mapping
the Wiki user names to OSGeo LDAP accounts. When we looked at this
issue a few years ago, the task already seemed almost impossible to
accomplish because people happily tend to use obscure nicknames
wherever possible ....
The technical part is easy compared to that,
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
On Tue, Apr 19, 2011 at 11:09:27PM -0700, Hamish wrote:
while we're at it, https logins for the mediawiki would be nice,
especially if the LDAP password is considered to be used for
that in future.
fwiw, OSM has figured that one out for their mediawiki & we can
just ask them about it if we get stuck.
As someone already said before, the real difficulty would be mapping
the Wiki user names to OSGeo LDAP accounts. When we looked at this
issue a few years ago, the task already seemed almost impossible to
accomplish because people happily tend to use obscure nicknames
wherever possible ....
The technical part is easy compared to that,
Cheers,
Martin.
I guess at one point we will just have to break things and some people
may have to use two ids for some time. No big harm. Yes, maybe some edit
statistics get lost but bexond that disruption should be fairly minimal.
The other option is to leave things as they are forever and in the long
run this seems to be causing more trouble.
+1 to ask OSM for help on this.
Cheers,
Arnulf.
- --
Exploring Space, Time and Mind http://arnulf.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
On Wed, Apr 20, 2011 at 10:56:41AM +0200, Seven (aka Arnulf) wrote:
Martin Spott wrote:
> As someone already said before, the real difficulty would be mapping
> the Wiki user names to OSGeo LDAP accounts. When we looked at this
> issue a few years ago, the task already seemed almost impossible to
> accomplish because people happily tend to use obscure nicknames
> wherever possible ....
>
> The technical part is easy compared to that,
I guess at one point we will just have to break things and some people
may have to use two ids for some time. No big harm. Yes, maybe some edit
statistics get lost but bexond that disruption should be fairly minimal.
The other option is to leave things as they are forever and in the long
run this seems to be causing more trouble.
I was just thinking of migrating the current OSGeo Wiki over to OSGeo
LDAP authentication this weekend. I'll create a test instance on
Saturday and if things are working as expected, then I'll merge the
config changes over to the main Wiki.
This would mean that _all_ of the current Wiki logins will become
invalidated instantaneously when the transition has completed. We
should add an appropriate notice to the Wiki login page - I might
require for support from a MediaWiki guru on this (not sure, we'll
see). As an additional feature I strongly propose to set up a separate,
secured page where former Wiki editors should announce their previous
Wiki login and the complementary OSGeo LDAP login so we can refer
previous edits to the new LDAP logins. Anyone ?
I'm _planning_ to purge unused Wiki logins (those who didn't do any
edits) from the current DB but I'm not entirely certain if that'll
succeed.
Objections ?
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
On Thu, Aug 18, 2011 at 04:50:55PM +0200, Martin Spott wrote:
I was just thinking of migrating the current OSGeo Wiki over to OSGeo
LDAP authentication this weekend. I'll create a test instance on
Saturday and if things are working as expected, then I'll merge the
config changes over to the main Wiki.
It took a while for me to figure that MediaWiki LDAP authentication
won't work without having LDAP support available in PHP - I simply
forgot to install the corresponding distro package
Four items worth noting:
1.) While the old "User" pages are not going to vanish, every user has
to take care for migrating the content of their user pages over to the
new Wiki user name. In most cases that's a copy-and-paste job - except
from those where you're inheriting a different user ID (see 3.). I
think we should lock the user pages against writing upon migration and
give every Wiki user the chance to copy their own user page into a
local text file.
2.) Usernames in edit histories are most certainly going to be messed
up - except from those people who were using the same account name on
OSGeo LDAP and the Wiki. We should have a special page so every Wiki
could tell us how to map their old Wiki user name to the LDAP login
(might help with user pages and preferences as well).
3.) User preferences: If your OSGeo LDAP account name was formerly
being used by a different person as Wiki login, you're going to inherit
their user preferences - might be a slightly delicate topic ....
4.) Should we establish LDAP groups in order to map Wiki "User Rights"
via the directory ? This would either mean to disable the usual user
rights management in the Wiki or to allow writing to the LDAP directory
from the Wiki - whereas I'm uncertain if we really want to allow the
latter one for security measures.
Have fun,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Tested my login, worked seamlessly. Good move!
Thanks.
----- Original message -----
On Thu, Aug 18, 2011 at 04:50:55PM +0200, Martin Spott wrote:
I was just thinking of migrating the current OSGeo Wiki over to OSGeo
LDAP authentication this weekend. I’ll create a test instance on
Saturday and if things are working as expected, then I’ll merge the
config changes over to the main Wiki.
It took a while for me to figure that MediaWiki LDAP authentication
won’t work without having LDAP support available in PHP - I simply
forgot to install the corresponding distro package
Four items worth noting:
1.) While the old “User” pages are not going to vanish, every user has
to take care for migrating the content of their user pages over to the
new Wiki user name. In most cases that’s a copy-and-paste job - except
from those where you’re inheriting a different user ID (see 3.). I
think we should lock the user pages against writing upon migration and
give every Wiki user the chance to copy their own user page into a
local text file.
2.) Usernames in edit histories are most certainly going to be messed
up - except from those people who were using the same account name on
OSGeo LDAP and the Wiki. We should have a special page so every Wiki
could tell us how to map their old Wiki user name to the LDAP login
(might help with user pages and preferences as well).
3.) User preferences: If your OSGeo LDAP account name was formerly
being used by a different person as Wiki login, you’re going to inherit
their user preferences - might be a slightly delicate topic …
4.) Should we establish LDAP groups in order to map Wiki “User Rights”
via the directory ? This would either mean to disable the usual user
rights management in the Wiki or to allow writing to the LDAP directory
from the Wiki - whereas I’m uncertain if we really want to allow the
latter one for security measures.
Have fun,
Martin.
Unix IS user friendly - it’s just selective about who its friends are
!
On Sat, Aug 20, 2011 at 05:45:07PM -0700, Tyler Mitchell (OSGeo) wrote:
Tested my login, worked seamlessly. Good move!
We'll see how it works out - just setting up a duplicate of the Wiki
and enabling LDAP authentication, thus the "technical" part of the game
was the low-hanging fruit. Now we'll have to find a solution for the
"social" part
You, being one of the 'early' OSGeo users, are most presumably using
the same account name on LDAP as on the Wiki. Therefore you should be
able to re-use your LDAP login on the Wiki quite seamlessly. My own
LDAP login instead maps to a different Wiki user - which looks almost
the same from a technical point of view but carries the implication
that my login is now being assigned to a different real name, user page
and preferences on the Wiki.
Now I'd like to read from those whose LDAP login had formerly not been
in use in any way on the Wiki.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Now I'd like to read from those whose LDAP login had
formerly not been in use in any way on the Wiki.
Hi,
my wiki account name had been 'FirstnameLastname' but my LDAP
name is just 'firstname'.
at https://wiki2.osgeo.org/ I get a Login error when I try my
LDAP name as it says there is no user by that name. Do I need to
create a new wiki account using my LDAP name, or should that
have happened automatically? If I do create a new wiki account
using my LDAP name, the create new acc't wiki page wants a
password. Will whatever I put for that be stored elsewhere/
nowhere and later be ignored? or will it override my LDAP pw?
I also get a login error when I try my old Wiki account name/pw
there, but I guess that's to be expected.
btw, to set up a wikimedia page auto-redirect, you clear the old
page and replace it with this:
#REDIRECT [[name of the target page]]
and put the content in the new target page. there is also a
maybe for safety you can leave the content in the old page and
anything after the #REDIRECT will be ignored?
maybe the above solution is scriptable?
when logged in there is also a "move" button (alt-m) at the top
to rename a page, leaving a redirect in its wake. maybe that
helps too?
cheers,
Hamish
ps- I just noticed a lot of spam in the recent history of the
Live_GIS_Disc page, I can spend half an hour manually deleting
it but how/where should we report users/IPs to be banned? aka is
it possible to undo all edits by that spam account with a single
action?
On Sat, Aug 20, 2011 at 07:45:17PM -0700, Hamish wrote:
at https://wiki2.osgeo.org/ I get a Login error when I try my
LDAP name as it says there is no user by that name. Do I need to
create a new wiki account using my LDAP name, or should that
have happened automatically?
That's supposed to happen automatically but I wasn't certain if it
really works this way. I'll have another look at it - thanks for
checking !
I also get a login error when I try my old Wiki account name/pw
there, but I guess that's to be expected.
Exactly - as written on thursday.
btw, to set up a wikimedia page auto-redirect, you clear the old
page and replace it with this:
#REDIRECT [[name of the target page]]
I think redirecting neither from nor to the old user pages is a good
idea because this is going to trouble us as soon as another person
starts using the same name (as the former Wiki login) for their LDAP
account - leading to name clashes in the Wiki.
Having an exact 1:1 mapping is the only viable solution in my eyes.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
On Sun, Aug 21, 2011 at 09:53:28AM +0200, Martin Spott wrote:
On Sat, Aug 20, 2011 at 07:45:17PM -0700, Hamish wrote:
> at https://wiki2.osgeo.org/ I get a Login error when I try my
> LDAP name as it says there is no user by that name. Do I need to
> create a new wiki account using my LDAP name, or should that
> have happened automatically?
That's supposed to happen automatically but I wasn't certain if it
really works this way. I'll have another look at it - thanks for
checking !
Ok, that might have been just a minor nit. Please check again - and,
while you're at it, see, if the preferences are filled in properly.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
On Sun, Aug 21, 2011 at 4:45 AM, Hamish <hamish_b@yahoo.com> wrote:
...
ps- I just noticed a lot of spam in the recent history of the
Live_GIS_Disc page, I can spend half an hour manually deleting
it but how/where should we report users/IPs to be banned? aka is
it possible to undo all edits by that spam account with a single
action?
Ok, that might have been just a minor nit. Please check again
ok, it works now, I can log in with my LDAP details without
needing to register a new acc't.
- and, while you're at it, see, if the preferences are
filled in properly.
what should "properly" mean? it does add me to the Users and
Autoconfirmed Users groups, knows my email acc't, and says that
my email addr was authenticated about the same time as I
successfully logged into wiki2.osgeo.org.
On Sun, Aug 21, 2011 at 12:52:10PM -0700, Hamish wrote:
Martin Spott wrote:
> Ok, that might have been just a minor nit. Please check again
ok, it works now, I can log in with my LDAP details without
needing to register a new acc't.
I simply forgot to disable a flag I had installed for early tests and
I'm glad that everything's now working as expected.
> - and, while you're at it, see, if the preferences are
> filled in properly.
what should "properly" mean? it does add me to the Users and
Autoconfirmed Users groups, knows my email acc't, and says that
my email addr was authenticated about the same time as I
successfully logged into wiki2.osgeo.org.
Excellent, thanks for testing !
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
I'm not sure if this is related to this same thread.
Mike Smith just reported to me now that he is unable to edit the OSGeo wiki all of a sudden (details below):
- his username: http://wiki.osgeo.org/wiki/User:Msmitherdc
- message received when trying to edit wiki: "Your user name or IP address has been blocked."
- from him "The block was made by Neteler. The reason given is Spamming links to external sites."
- Start of block: 20:14, 22 August 2011
Mike is part of the WMS Bechmarking team for FOSS4G and has made many edits ...not sure what happened. Can someone help him? (he lives in #foss4g on IRC as "mdsmith"...he is there now)
On Mon, Aug 29, 2011 at 3:48 PM, Jeff McKenna
<jmckenna@gatewaygeomatics.com> wrote:
I'm not sure if this is related to this same thread.
No, because below is the wiki...
Mike Smith just reported to me now that he is unable to edit the OSGeo wiki
all of a sudden (details below):
- his username: http://wiki.osgeo.org/wiki/User:Msmitherdc
- message received when trying to edit wiki: "Your user name or IP address
has been blocked."
- from him "The block was made by Neteler. The reason given is Spamming
links to external sites."
- Start of block: 20:14, 22 August 2011
Mike is part of the WMS Bechmarking team for FOSS4G and has made many edits
...not sure what happened. Can someone help him? (he lives in #foss4g on
IRC as "mdsmith"...he is there now)
I have simply unblocked him, everything should work ok again for him.
We REALLY need to implement something against the bot spammers.
Hi Markus, I'm tired of spam clean up too
I just installed and enabled the extension you mentioned. Can you have a poke around to see if it functions as desired?
I'll try it too, just thought a few eyes would be good to check it.
