#mageia-doc log

19:32:02 <papoteur> #startmeeting
19:32:02 <Inigo_Montoya> Meeting started Mon Sep  4 19:32:02 2017 UTC.  The chair is papoteur. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:32:02 <Inigo_Montoya> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:32:22 <papoteur> [21:31] ‎<‎stormi‎>‎ I obtained bureaucrat rights, gave them to neoclust and am about to give them to you and lebarhon
19:32:58 <papoteur> #topic wiki credentials
19:33:09 <lebarhon> what are these rights about ?
19:33:29 <papoteur> stormi: for me, the question is to know how new users can get credentials
19:34:05 <stormi> bureaucrat is the right to give other users more rights
19:34:33 <stormi> I just made you bureaucrats so you can now give admin rights to people you trust
19:34:36 <papoteur> it's a good start
19:34:52 <stormi> Make sure to never give the bureaucrat rights to someone else, though
19:35:23 <lebarhon> We have to decide what trusty means
19:35:25 <stormi> #info bureaucrat rights given to docteam leaders so they can appoint trusted team members administrators
19:35:44 <stormi> It is you to decide, but not too many people if possible :)
19:36:46 <lebarhon> Do we need bureaucrat rights to write into the wiki?
19:37:07 <stormi> No, why would you?
19:37:26 <stormi> bureaucrat just means you can manage rights
19:37:40 <stormi> Any user can write into the wiki
19:37:49 <stormi> For now
19:38:04 <papoteur> stormi: and new users?
19:38:31 <stormi> marja disabled account creation for new users but that's temporary
19:38:56 <lebarhon> So, nothing changed
19:39:15 <papoteur> stormi: but if we restore automatic rights, how do we stop spammers?
19:39:53 <stormi> well, I'd like to tell what I did, first, but you've not let me finish. The bureaucrat rights are not the only thing.
19:40:23 <stormi> As team leaders you probably already have read https://www.mediawiki.org/wiki/Manual:Combating_spam
19:40:25 <papoteur> :)
19:40:54 <papoteur> sorry, not yet
19:41:00 <stormi> I activated 3 extensions listed there that can help us in the following days.
19:41:07 <stormi> (well, it's an interesting read)
19:41:27 <stormi> First extension that has been activated: Nuke
19:41:31 <lebarhon> I can't understand most of it :(
19:42:40 <stormi> Wiki admins like you can go to https://wiki.mageia.org/en/Special:Nuke and mass delete pages based on IP or user
19:42:54 <stormi> Be extremely careful with this tool, though
19:43:31 <papoteur> OK
19:43:33 <lebarhon> good point but we would prefer not to need it
19:44:00 <stormi> Second extension: TitleBlacklist
19:44:31 <papoteur> stormi: is there a confirmation step, with list of prevised deletions?
19:44:52 <stormi> papoteur: I don't know, but the extension's documentation on mediawiki.org probably tells
19:46:03 <stormi> Documentation for Nuke: https://www.mediawiki.org/wiki/Extension:Nuke
19:46:59 <stormi> Documentation for TitleBlacklist: https://www.mediawiki.org/wiki/Extension:TitleBlacklist
19:47:26 <stormi> The way it works: it forbids the creation of new pages that match the blacklist regexps
19:49:19 <stormi> Those regexps, we simply have to add them to a special wiki page: https://wiki.mageia.org/en/MediaWiki:Titleblacklist
19:49:57 <stormi> There's also a whitelist to allow specific pages to be created even when blocked by the blacklist: https://wiki.mageia.org/en/MediaWiki:Titlewhitelist
19:50:32 <stormi> Here's an example of a blacklist: https://www.mediawiki.org/wiki/MediaWiki:Titleblacklist
19:51:05 <stormi> The reason why I chose those extensions is simply because they were already on the servers (part of mediawiki standard distribution), but not active
19:51:40 <lebarhon> All that doesn't prevent spam, the spammer has only to choose the title
19:51:50 <stormi> Third extension, similar: SpamBlacklist. https://www.mediawiki.org/wiki/Extension:SpamBlacklist
19:52:30 <stormi> But this one only blocks URLs.
19:53:58 <papoteur> stormi: ?
19:54:22 <papoteur> what does mean block URLs
19:54:25 <papoteur> ?
19:54:45 <stormi> lebarhon: Well I spend my entired saturday afternoon on mediawiki and neoclust gave some of his time to help me too so if your only comments are "this is not enough", well first I know it already and secondly I'd rather play the newest Zelda that the postman brought today.
19:55:24 <stormi> papoteur: it means that for each URL added to a page, it will forbid it if it's blacklisted
19:56:04 <lebarhon> I thought it would be more simple to give credentials manually
19:56:22 <lebarhon> we have one or two newcomers a month
19:56:45 <lebarhon> it would be less work for you too
19:57:16 <papoteur> stormi: I'm very happy that we have a new sysadmin to work on our tools, be sure we appreciate your effort.
19:58:31 <papoteur> we try only to figure out how these extension can be good for us.
20:00:38 <stormi> The title blacklist would probably allow to stop the last spam attack we got, since it was probably from a bot given the number of pages
20:01:19 <stormi> but it's not 100% efficient, far from it
20:02:28 <papoteur> At least, for now, we have tools for counter-attack.
20:02:48 <lebarhon> what is the problem to give credentials manually?
20:02:54 <stormi> I don't feel we get enough spam attacks to warrant resorting to manual rights management, but if it is your team's decision that you want this solution to fight spam, they I'll try to implement it.
20:03:22 <stormi> Technically, there's no problem except that it needs some work
20:03:34 <stormi> Like any change
20:03:46 <lebarhon> Good to know it is possible
20:05:26 <lebarhon> Do we have to fill the lists?
20:05:30 <papoteur> What I think is go a try with these tools for now.
20:07:04 <lebarhon> To have the best tools, we need the best lists, I think (blacklist and whitelist)
20:08:01 <stormi> We can use lists that are available on the net, but to be honest what I thought is we could target first the very kind of spam we are receiving.
20:08:29 <stormi> If I remember correctly, we only get a few spammers each year
20:08:55 <lebarhon> a few attacks but a lot of different users
20:09:09 <stormi> What I'm more worried of, though, is about spammers that would not just add pages but change all the existing pages. We have no tool to fight this at the moment.
20:09:23 <stormi> So we still have to improve things.
20:10:17 <stormi> I think we should read https://www.mediawiki.org/wiki/Manual:Combating_vandalism and https://www.mediawiki.org/wiki/Manual:Combating_spam and choose the appropriate solutions for the future
20:10:28 <papoteur> does Nuke delete only page, or just modifications?
20:10:38 <stormi> only pages if I understand correctly
20:10:51 <stormi> so perfect for the last attack but not for every kind of attack
20:11:06 <papoteur> hmm
20:12:40 <marja> stormi: thx for all your work!  Which ip addresses did last attack come from?
20:12:46 <papoteur> stormi: what do think about the hypothesis that we deliver right on demand?
20:12:53 <stormi> marja: I don't know :)
20:13:16 <marja> stormi: np
20:13:55 <stormi> papoteur: it is not my preferred option but I'm not against if it is considered the best solution and it does not prevent user contribution
20:14:33 <papoteur> What would needed ?
20:15:26 <papoteur> *be
20:17:52 <stormi> I suppose we need to create a new user group in mediawiki, move existing users to it, and then let bureaucrats give rights to new users on-demand (but "bureaucrat" is a dangerous right so only some people can be allowed to give rights to others) + add, I don't know how for now, a message when a user tries to edit a page, redirecting them to the forum thread (or threads, one per language?)
20:22:33 <papoteur> OK.
20:23:28 <stormi> But maybe mediawiki's online doc will give a better way of achieving on-demand rights attribution
20:23:58 <papoteur> lebarhon: do you mean that we can give a try with the 3 tools stormi activated?
20:24:01 <marja> yeah, I haven't really read it yet, either
20:24:38 <marja> lebarhon: if it goes wrong, we can disable auto-account-creation again
20:25:05 <lebarhon> of course, now we have them we must to use them
20:25:53 <stormi> nobody forces anybody to use them :)
20:27:13 <lebarhon> they aren't the tools I would have chosen (not sure if it is correct) but we can't always redo things again
20:28:47 <lebarhon> We must have a look on this and think about it
20:28:54 <stormi> lebarhon: as I said, they were already installed so I just activated them waiting for better
20:29:35 <marja> it's good to try them, it might be enough and else we'll find out what's missing and needs to be added or done differently
20:29:51 <papoteur> Thus a go or a wait?
20:29:54 <marja> go
20:30:04 <lebarhon> go
20:30:28 <papoteur> OK, go.
20:30:33 <marja> :-)
20:31:15 <stormi> Then maybe we should populate the title blacklist with words from the recent spam wave
20:31:17 <papoteur> I propose to stop now.
20:32:07 <stormi> From what I see, just "microsoft" could be a good start
20:32:08 <marja> stormi: so not yet enable auto-account-creation until that's done?
20:32:13 <papoteur> stormi: I have them
20:32:37 <papoteur> I think phone number could be a good filter.
20:33:03 <stormi> hmm, the problem is the blacklist page is public so in a way we'd still publish the phone number :)
20:33:10 <stormi> or maybe it's not public actually
20:33:32 * marja hopes it isn't
20:33:47 <stormi> Ok, it is public :)
20:34:10 <stormi> But we probably can make it private
20:35:15 <papoteur> sorry, Connection problem.
20:35:23 <marja> stormi: and we don't need any phone numbers in a title, so blacklist any long numbers in titles
20:35:33 <marja> papoteur: np
20:36:42 <papoteur> However, I have to leave.
20:37:02 <lebarhon> do we have a new meeting on thursday?
20:37:02 <stormi> marja: I blacklisted microsoft: https://wiki.mageia.org/en/MediaWiki:Titleblacklist
20:37:08 <stormi> papoteur: good night
20:37:36 <lebarhon> papoteur: think to end the meeting
20:37:37 <marja> stormi: great
20:37:42 <papoteur> lebarhon: I'm not availble.
20:38:01 <marja> papoteur: can you end the meeting, please
20:38:13 <papoteur> #endmeeting