Wikipedia:Administrators' noticeboard/Archive305

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Noticeboard archives


Tagging categories for deletion[edit]

My apologies if this is a wrong venue. Could a friendly bot owner please tag the categories in this list, User:Number 57/Elections/Categories, in total about 9000 categories? If the list has a line [[:Category:Foo]] to [[:Category:Foo1]], it means that Category:Foo gets a template {{subst:Cfr-speedy|Foo1}}, similar to the top category in the list. Courtesy pinging @Number 57:. For the background, see Wikipedia:Categories for discussion/Speedy#Current requests and User talk:Ymblanter#Speedy CfD. Thanks a lot.--Ymblanter (talk) 08:11, 10 December 2018 (UTC)

Ymblanter, try WP:BOTREQ? Galobtter (pingó mió) 13:57, 10 December 2018 (UTC)
Not sure if @BrownHairedGirl: could help with AWB? I know she took part in the outcome of the RfC on the page moves. Lugnuts Fire Walk with Me 13:58, 10 December 2018 (UTC)
Thanks for the ping, @Lugnuts.
I have an AWB module for such things. I'll take a look at @Ymblanter's list and see if it fits. --BrownHairedGirl (talk) • (contribs) 14:05, 10 December 2018 (UTC)
No prob (I hope). Will do. --BrownHairedGirl (talk) • (contribs) 14:08, 10 December 2018 (UTC)
Great, thanks a lot to all involved. I will also try to remember about BOTREQ for the next time (strange that I read Wikipedia:Bots and could not find a link).--Ymblanter (talk) 14:13, 10 December 2018 (UTC)
OK. Test edits successful([1], [2], [3]), so now I will do the rest. --BrownHairedGirl (talk) • (contribs) 14:41, 10 December 2018 (UTC)
Thanks BHG! Lugnuts Fire Walk with Me 17:25, 10 December 2018 (UTC)

@Number 57, Ymblanter, and Lugnuts: Done. --BrownHairedGirl (talk) • (contribs) 19:25, 10 December 2018 (UTC)

Great, thanks.--Ymblanter (talk) 19:29, 10 December 2018 (UTC)

Request to lift topic ban[edit]

The topic ban for Sharkslayer87 regarding caste related topics is lifted. Fish+Karate 13:17, 14 December 2018 (UTC)
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Hi, I was topic banned on 1 May 2018 for being aggressive on caste related topics. Since then, I have been a good contributor without involving in any arguments and I have made good contributions in other areas. I request you to life the topic ban on me and I promise I will not repeat my previous behavior. Sharkslayer87 (talk) 13:23, 10 December 2018 (UTC)

  • Support- I don't see any violations of the ban in your contributions, but quite a lot of productive edits. And you didn't get upset even when the ban prevented you from objecting to a PROD placed on an article you'd started. That counts for a bit in my view. Unless someone can show issues since your 24 hour block in May, I support lifting the ban. Reyk YO! 17:35, 10 December 2018 (UTC)
  • Support. Looks to me like the topic ban was placed back in May and then immediately breached. That's disappointing, but what lead me to vote to support here, was your reaction once blocked. Back in May, you stepped back, reconsidered your approach, and changed your editing. This bodes very well for you, and I'm happy to see you've been fairly active since then. Unless anyone shows you've significantly breached your topic ban since then (and it does not appear you have, when I looked), I support lifting the ban. --Yamla (talk) 19:40, 10 December 2018 (UTC)
  • A ping to Bishonen since she imposed the topic ban. Galobtter (pingó mió) 12:14, 11 December 2018 (UTC)
  • Comment. As I said on 1 May, I topic banned the user for "relentless caste promotion and misuse of sources". Their first appeal of the ban, on the same day, was very unpromising, with the kinds of attacks on Sitush that caste warriors typically make.[4] I feel this current appeal is a little vague, and would like to ask Sharkslayer87 to concretely explain what types of sources they would use in this area going forward. With a good answer to this question, I would agree with lifting the ban. Pinging @Sitush: too. Bishonen | talk 16:48, 11 December 2018 (UTC).
    • Reply I believe I took my ban in a positive manner and I changed my editing habits. I have been doing productive edits and have never been involved in any wars since the ban. I have apologized to other editors in case of any mistakes on my part. I did not resort to any wars since my ban and that can be verified from my edit history. I have read WP:RS thoroughly and I will not compromise on any rules set by wikipedia and continue to be a good editor. Sharkslayer87 (talk) 17:13, 11 December 2018 (UTC)
      • You're not answering my question. No more generalities, please. Please concretely explain what types of sources you would use in this area going forward. Give examples of a source you would use, and a source you would not use, and say why. Do you know the page User:Sitush/Common, which is about caste sources? Do you intend to follow the section [5], or do you have any criticism of it? Bishonen | talk 17:31, 11 December 2018 (UTC).
        • I would use sources that comply with WP:RS. I would not use sources like Gyan which are not considered reliable by wikipedia. I would also not use sources from British Raj era which are deemed unreliable. I will use only sources that comply with WP:RS. I know about User:Sitush/Common. I intend to follow it and I don't have any criticism of it. Sharkslayer87 (talk) 17:39, 11 December 2018 (UTC)
        • An example of a source I would use is, it should be reliable. The author should have decent citations. I will avoid using self published sources. I will avoid primary sources. These are a few examples. Thanks Sharkslayer87 (talk) 17:56, 11 December 2018 (UTC)
          • Thank you. I support lifting the ban. Bishonen | talk 01:37, 12 December 2018 (UTC).

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.


School blocks are normal. Nothing to do here. TonyBallioni (talk) 20:22, 11 December 2018 (UTC)
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Hello admins. This IP address is my community college's IP that is assigned to computers throughout the campus. A year ago, there was an edit war between two different users and I have to admit, a six month block is unfair. I asked another admin and he declined the unblock. In August 2018, just another (only one) unconstructive edit was made resulting in a year long block. I consider this unfair. I hope there can be feedback about this IP since I don't want another declined unblock request. I also feel that admins are discriminators who don't care about their editors (unless they are administrators), and I ask you for help. This makes me a user who is nicer than admins in general.

I'm asking for it to be unblocked because there were no warnings given after the block expired. There should have been warnings. And I put in discrimination because of reading on WP:ANI and other admins' talk pages, I have to agree with the editor. Everyone has the right to edit but my college's IP address is not allowed to just for one edit. I haven't been that active and won't be until there is an "admin reform". I notice a lot of admins violating WP:CIVIL and they have done that for years. Some admins are never friendly. And they lie, too; there have been constructive editors on that IP address, including one who restored warnings, some other user just removes them when they pop up. There has also been constructive minor edits from that IP.

Also, I read on WP:ANI (archived) and Gizmodo that some administrators are just plain bad, so bad that it makes some editors want to do self-harm. I don't know why you don't take care of administrators being so rude. They use such a strong tone to hurt someone. Why do you not take care of that? They might have done something but stop biting them. There are multiple policies taking care of this. And some editors complain about admins not following them. I don't want to see an editor commit suicide just because of the incivility of administrators. Do something! Pinging other admins such as @Acroterion, Doug Weller, Drmies, Floquenbeam, GeneralizationsAreBad, Only, Primefac, Ritchie333, TonyBallioni, and Widr: I'm just listing examples, but calling every admin out. Reported users may do something wrong, but can't we all learn to get along? This is why we can't have nice things. Dolfinz1972 (talk) 18:47, 11 December 2018 (UTC)

See this. GABgab 18:50, 11 December 2018 (UTC)
The discrimination is not towards a group of people but to innocent editors who seemingly did not get enough chances of warnings. Sometimes a block may be unnecessary but the warnings and blocks are often unjustified. The complaining is mostly on #7 of the revision. Dolfinz1972 (talk) 18:54, 11 December 2018 (UTC)
Do not ping me any more just to make sure I read your incoherent rant. --Floquenbeam (talk) 18:56, 11 December 2018 (UTC)
See, I'm referring to this kind of incivility. Calling it a rant? Really? Come on, you know better. I reported you to WP:ANI. Dolfinz1972 (talk) 18:57, 11 December 2018 (UTC)
Hmm Dolfinz1972 why do you ping me? Am I good or bad, in your book? Srsly, your long missive doesn't make very strong points. Sure, some of us are assholes, but Floquenbeam's alright, and vandalism from schools remains a serious problem. Don't know about the self-harm--I do know there's plenty of admins who've torn out all their hair by now trying to deal with vandalism of many kinds. And this suicide and discrimination stuff: if you want to be taken seriously, take things seriously. Thank you, Drmies (talk) 19:03, 11 December 2018 (UTC)
@Drmies:, you're fine, but I don't agree about Floquenbeam, calling it a rant was disrespectful af. That's why I started this discussion. Dolfinz1972 (talk) 19:04, 11 December 2018 (UTC)
I appreciate that. Drmies (talk) 19:05, 11 December 2018 (UTC)
@Dolfinz1972: This isn't unusual; be glad it isn't a longer block. My school IP (which I will not link for privacy reasons) is currently subject to a 2-year block, with varying other blocks since 2015. The pattern in which school blocks are applied is not consistent with standard AGF, and it never has been; it's probably a good idea to accept that and move on. -A lainsane (Channel 2) 19:06, 11 December 2018 (UTC)
@A lad insane: Okay, but I am also complaining about how admins treat non-admins. Dolfinz1972 (talk) 19:11, 11 December 2018 (UTC)
@Dolfinz1972: I have no comment on that matter; I rarely interact with admins. -A lainsane (Channel 2) 19:15, 11 December 2018 (UTC)
I'd say it's pretty rare for school vandals to read talk pages. Or to be deterred by warnings. In any case they can create an account and edit. Doug Weller talk 19:35, 11 December 2018 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

I found this had been hatted when I eventually decided to stick my oar in; well, shoot me. Disgruntled reports that there are bad admins here are also normal. But I think we should consider treating tertiary education institutions, including community colleges, differently from elementary schools when weighing whether and for how long to block rather than lumping them all together under "school blocks". Yngvadottir (talk) 20:31, 11 December 2018 (UTC)

Agree. Some distinction should be made when blocking secondary schools and colleges. Miniapolis 22:54, 11 December 2018 (UTC)
Yngvadottir, I see wildly different block lengths for schools. I cannot, really, decide which ones should be blocked for how long and on what basis. I'm starting to not block for extended periods of time anymore. Ha, I noticed, while I was doing "article improvement" on the elevator, that Materialscientist had blocked my campus for six months--and going through the range I suppose he had good enough reason to do so. At the same time, it might be a good idea for us admins to get together and throw all of our reasons and arguments on the table and decide on some guidance/guidelines. Drmies (talk) 04:20, 12 December 2018 (UTC)
Why, and how, should we make blocks different for schools and colleges?
IP blocking is a very mild restriction. It still permits account creation. Account creation should only be locked if that in turn has become a problem. If the difference is that the pupils are older and wiser, then that should lead to less vandalism. If it didn't, then we still have the same preventative need. I see no reason to relax any blocking policy here, on either schools or colleges. Andy Dingley (talk) 17:01, 12 December 2018 (UTC)

Contact details[edit]

Vanquished by PMC. TheDragonFire (talk) 08:18, 13 December 2018 (UTC) (non-admin closure)
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Could an Admin please delete and revdel Draft:ALOK RAJ THAKUR. Thanks, JMHamo (talk) 09:28, 12 December 2018 (UTC)

I've deleted it, but it's best not to highlight such things on such a widely read notice board as this, as it says in the big pink box when you edit this page. You should find an active admin and ask them privately, or email the oversight team. Boing! said Zebedee (talk) 09:31, 12 December 2018 (UTC)
I have now also emailed the oversight team to request suppression. Boing! said Zebedee (talk) 09:34, 12 December 2018 (UTC)
 Done OS'd. ♠PMC(talk) 09:42, 12 December 2018 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

TNT's Retirement[edit]

Closing as per Tony - I hope TNT is okay but we should respect their decision. NAC. –Davey2010Talk 21:06, 11 December 2018 (UTC)
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Anyone know what's going on here? -Ad Orientem (talk) 20:22, 11 December 2018 (UTC)

@Ad Orientem: This would suggest it's just a personal matter. General Ization Talk 20:24, 11 December 2018 (UTC)
Hopefully, this "retirement" is only temporary. We have been loosing far too many top notch editors. Though I am sympathetic to the demands of the real world and the amount of fertilizer that we have to deal with here. It can make one want to walk away at times. -Ad Orientem (talk) 20:26, 11 December 2018 (UTC)
Ad Orientem, agreed, TNT is a significant asset to the project. Lately, I don't think we show enough appreciation here for those who are truly helpful in whatever way they are, and instead tend to focus too much on when mistakes are made. Home Lander (talk) 20:35, 11 December 2018 (UTC)
  • While I am sad to see this, I think it is best that we respect TNT’s decision here. If he comes back ever, I will be very happy, but part of respecting him as a person is letting him leave quietly. TonyBallioni (talk) 21:03, 11 December 2018 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Deletion of diff[edit]

actioned Legacypac (talk) 05:00, 13 December 2018 (UTC)
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

In not entirely sure where to put this, but can this edit be deleted? I don't care about any edits after this that show that this edit was made but I didn't realise that adding this information was actually illegal and I don't want to be liable for anything.  Nixinova  T  C  19:39, 12 December 2018 (UTC)

 Done -- zzuuzz (talk) 19:43, 12 December 2018 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Arbitration motion regarding The Rambling Man[edit]

The Arbitration Committee has resolved by motion that the The Rambling Man arbitration case be amended as follows:

In remedy 4, "The Rambling Man prohibited", the first paragraph is amended to read:
The Rambling Man (talk · contribs) is prohibited from posting speculation about the motivations of editors or reflections on their general competence.

and the third paragraph is amended to read:

If however, in the opinion of an uninvolved administrator, The Rambling Man does engage in prohibited conduct, he may be blocked for up to 48 hours. If, in the opinion of the enforcing administrator, a longer block, or other sanction, is warranted a request is to be filed at WP:ARCA.

A note will be added at the top of the Enforcement section highlighting the special enforcement requirements of remedy 4.

The following is added as a remedy to the case:

9) The Rambling Man (talk · contribs) is topic banned from making any edit about, and from editing any page relating to, the Did You Know? process. This topic ban does not apply to User:The Rambling Man/ERRORS and its talk page or to articles linked from DYK hooks or captions (these may be at any stage of the DYK process).

The following provisions are added in the Enforcement section of the case:

1) Where an arbitration enforcement request to enforce a sanction imposed in this case against The Rambling Man has remained open for more than three days and there is no clear consensus among uninvolved administrators, the request is to be referred to the Arbitration Committee at WP:ARCA.
2) Appeals of any arbitration enforcement sanctions imposed on The Rambling Man that enforce a remedy in this case may only be directed to the Arbitration Committee at WP:ARCA. The Rambling Man may appeal by email to the Committee if he prefers. This provision overrides the appeals procedure in the standard provision above.

For the Arbitration Committee,--Cameron11598 (Talk) 21:05, 13 December 2018 (UTC)

Discuss this at: Wikipedia talk:Arbitration Committee/Noticeboard#Arbitration motion regarding The Rambling Man

Bradv appointed trainee clerk[edit]

The arbitration clerks are pleased to welcome Bradv (talk · contribs) to the clerk team as a trainee!

The arbitration clerk team is often in need of new members, and any editor who would like to join the clerk team is welcome to apply by email to

For the Arbitration Committee, Kevin (aka L235 · t · c) 22:31, 13 December 2018 (UTC)

Discuss this at: Wikipedia talk:Arbitration Committee/Noticeboard#Bradv appointed trainee clerk

Amendment to the standard provision for appeals and modifications[edit]

The Arbitration Committee has resolved by motion that:

The following text is added to the "Modifications by administrators" section of the standard provision on appeals and modifications:
Administrators are free to modify sanctions placed by former administrators – that is, editors who do not have the administrator permission enabled (due to a temporary or permanent relinquishment or desysop) – without regard to the requirements of this section. If an administrator modifies a sanction placed by a former administrator, the administrator who made the modification becomes the "enforcing administrator". If a former administrator regains the tools, the provisions of this section again apply to their unmodified enforcement actions.
For clarity, this change applies to all current uses of standard provision, including in closed cases.

For the Arbitration Committee, Bradv🍁 02:12, 14 December 2018 (UTC)

Discuss this at: Wikipedia talk:Arbitration Committee/Noticeboard#Amendment to the standard provision for appeals and modifications

Talk:Neil deGrasse Tyson#Request for comment (RfC)[edit]

This is a request to review the close by User:Objective3000 at Talk:Neil deGrasse Tyson#Request for comment (RfC) to determine whether the closing process was appropriate.

  • The closure was not made by an uninvolved editor, but rather by an editor that was inextricably involved in the previous discussion. The talk page reveals that the closing editor was repeatedly and strenuously opposed to inclusion of the material, invoking arguments that are not part of WP policy (e.g., "impact on career") and attempting to establish a different editorial standard for this biography, which is why the RfC was opened in the first place.
  • The closure on this sensitive topic may have been premature (opened 17:35, 5 December 2018, closed less than 60 hours later 01:36, 8 December 2018).
  • Although the outcome of the RfC is correct (material must be included per WP BLP policy and per consensus), the closer added substantial editorial comments that do not seem to represent the consensus nor to provide a reasonable summation of the discussion.
  • Despite extensive discussion about reasonable and appropriate wording for inclusion in the biography, the closing editor continues to insist on further discussion at the talk page before inclusion of the material and states "Arguments against any addition can still continue."

Thank you. Serpentine noodle (talk) 22:54, 8 December 2018 (UTC)

So reopen it. I said in my edit summary that I wouldn't mind. But, there is only consensus to include -- not on language and that must now be discussed. O3000 (talk) 23:02, 8 December 2018 (UTC)
The talk page reveals that the closing editor was repeatedly and strenuously opposed to inclusion of the material... Actually, this is kinda funny. Filer claims I was "repeatedly and strenuously opposed to inclusion", and yet I closed for inclusion.Face-smile.svg O3000 (talk) 00:57, 9 December 2018 (UTC)
@Serpentine noodle and Objective3000: I've moved this discussion from WP:RFCL to WP:AN, as this is the proper venue to challenge a closure under Wikipedia:Closing discussions § Challenging other closures. — Newslinger talk 06:51, 9 December 2018 (UTC)
  • Endorse close - I haven't looked into the NdGT situation, so I don't know how I would have !voted, but it's perfectly clear that O3000's close was a correct evaluation of the consensus of the RfC. Maybe a minnow to O3000 for closing while involved (even though they closed against their own opinion, it would probably have been best to leave it to someone else, who would have inevitably closed it in the same way.) Beyond My Ken (talk) 08:12, 9 December 2018 (UTC)
  • Comment The close seems reasonable to me although IMO it was probably a mistake to make an involved close even if it was against the editor's initial opinion. There was no point leaving it open anymore, it doesn't seem likely consensus will developed against the inclusion and the complainant isn't arguing for that anyway. There's no way that RFC was ever going to develop consensus for a wording, it wasn't structured for that. It would indeed be better to concentrate on developing an acceptable wording. People are still free to support or oppose any specific wording. Of course any oppose for some suggested inclusion solely because the editor opposes inclusion of any mention is not going to count for much since we just established consensus for inclusion although if done reasonably it's not likely to lead to a block or topic ban.. Nil Einne (talk) 12:34, 9 December 2018 (UTC)
  • Close was fine. There was an overwhelming, uncontroversial consensus that you yourself are not disputing. The user was technically involved, but there's no case being made that they had a COI that unfairly influenced the close, in fact, you're saying that the user argued against the closing consensus they formalized. The close was quick, but it was seemingly a WP:SNOW situation anyways. You say the "editor continues to insist on further discussion", but they're not wrong there. The RfC simply asked "should it be included?" More discussion to hammer out the details is obviously needed. A 60-hour up or down decision is not going to be the end all, be all of discussions. Also, WP:CLOSECHALLENGE instructs you to bring concerns to closers if you have any issues, and only bring it here if you're at an impasse. It doesn't look like you've made any effort to raise any issues with the closer. WP:IAR, WP:NOTBUREAU, WP:5P5 are all fundamental principles here, and this is a prime example of those principles being exercised correctly. There's nothing controversial here. Move on.  Swarm  {talk}  15:43, 9 December 2018 (UTC)
@ResultingConstant: has reopened this RfC with an accusation of WP:GAME. O3000 (talk) 14:45, 11 December 2018 (UTC)
@Objective3000: Although I agree with the WP:SNOW situation of the prior close, objections were raised by @A Quest For Knowledge: saying "Any text added to the article without consensus will be reverted. I suggest that for those who are in favor of adding this to the article begin by addressing the arguments against inclusion first" and "RFCs generally run 30 days and are usually closed by someone uninvolved in RfC. Neither of these were followed so that makes the close out of process.". Additionally @Masem: said "Yes, agreed the RS is there, just up in the air in whether inclusion is needed at this time" - but this is ambiguous as to if he is discussing inclusion of the content at all, or inclusion of a particular point. the WP:GAME in this thread is pervasive and obvious, policy standards are being created from the void, goalposts repeatedly moved, and sources being repeatedly obtusely misinterpreted to protect someone from exceptionally well sourced content. The objectors objections were well founded when this was nothing but a blog. It isn't that way anymore. ResultingConstant (talk) 15:30, 11 December 2018 (UTC)
My comment was related to the use of a BuzzfeedNews article (someone said it wasn't an RS, I pointed out BFN is good, BF alone is not), but still had skeptism if the 4th person in the BFN article was needed to be included. (I am broadly against any inclusion at this time, but wasn't looking to overturn the RFC that supported some type of inclusion). --Masem (t) 15:34, 11 December 2018 (UTC)
None of what you say is grounds for reopening the RfC. And your continued claims of WP:GAME amount to WP:BATTLEFIELD behavior. Please stop with the odd accusations against other editors and concentrate on consensus for the text. O3000 (talk) 15:40, 11 December 2018 (UTC)
  • As I said on the talk page, RfCs usually run for 30 days and are closed by an uninvolved editor. The close was out-of-process as neither of these things happened. A Quest For Knowledge (talk) 16:44, 11 December 2018 (UTC)
And, as you can see, that was discussed here and the close affirmed. The reopen is a waste of editor time. O3000 (talk) 17:23, 11 December 2018 (UTC)

New Zealand English and macrons[edit]

On the New Zealand Wikipedians' notice board, there is endless discussion going on about whether or not to use macrons for words of Māori origin. Even the country's largest newspaper, The New Zealand Herald, has written an article about the affair (see media notice on top of the page). Macrons have been discussed at length in two separate entries (1 and 2) and to me, there is now consensus but that there are two editors who are in an opposite camp. I'm not sure that us Kiwis can resolve this ourselves and maybe it needs uninvolved parties to come along and analyse for us what's been discussed and what can be concluded. Of course this isn't a formal RFC and you may conclude that such a formal step is needed. Either way, it would be good to get some outside assistance on the matter. This page isn't on my watchlist so please ping me if you'd like further input from me on discussions here. Schwede66 17:24, 11 December 2018 (UTC)

Pages in Category:AfC submissions declined as copyright violations[edit]

Am I missing something, or all drafts in that category must be speedy deleted as copyright violations? There are several dozen drafts there, I have seen some a month old, and apparently it is customary to decline AfC as copyright violations without rolling the copyvio back and asking for speedy or revision-deletion? Please tell me there is something I am missing here.--Ymblanter (talk) 19:07, 4 December 2018 (UTC)

Yes you are missing that many copyvio declines get speedy deleted but some get cleaned and the record of the copyvio decline stays on the live page and then in the category. The other case is occasionally pages are declined for minor copyvio with a request to reword. Anyone is welcome to work that category and help AfC out. Legacypac (talk) 19:12, 4 December 2018 (UTC)
I did not check all of them but the couple I checked seemed to have major copyvio issues which have not been in any way addressed.--Ymblanter (talk) 19:19, 4 December 2018 (UTC)
If they are clearly copyright violations, and there is no prior clean version to revert to, they should be deleted per WP:G12. Otherwise, if a page has been AfC declined because of a copyvio and the page has subsequently been cleaned, they should end up in Category:AfC submissions cleaned of copyright violations. So where's the breakdown: is it a tagging issue or are we not cleaning up copyvios? (I don't have time to investigate today but this does seem to be an important thing to figure out) Ivanvector (Talk/Edits) 15:51, 5 December 2018 (UTC)
I guess the related question is: are AfC reviewers identifying copyright violations but not doing anything about it other than declining? We can't host copyvios in draft space either. Ivanvector (Talk/Edits) 15:52, 5 December 2018 (UTC)
Indeed, my impression from a very limited sample is that some AfC reviewers decline submissions as copyvio but do not follow up either by CSDing the draft or by cleaning the copyvio and asking for revision deletion.--Ymblanter (talk) 16:08, 5 December 2018 (UTC)
I forgot that I have also seen cases where the text was free but not attributed. Whereas this is technically copyvio, it can be easily fixed by attributing the text.--Ymblanter (talk) 16:08, 5 December 2018 (UTC)
Good point. I'm not an expert in this - is a revision which contains material copied from a free source without attribution also a G12/RD1 copyvio? Or do we just supply the attribution in a subsequent edit and move on? Ivanvector (Talk/Edits) 16:15, 5 December 2018 (UTC)
The best practice is to provide attribution in a minor edit.--Ymblanter (talk) 16:52, 5 December 2018 (UTC)

Who knows exactly. The AfCH script has a box to check to also G12 the page and a place to fill in the source copied from. It's an optional thing in the script and like everything, there is some range of practice among reviewers. Similarly last I looked there were 3000+ advertising declines, sampling of which suggests 90% are G11 worthy. AfC stops a lot of inappropriate pages and anyone willing to help delete them is encouraged to help. Legacypac (talk) 17:18, 5 December 2018 (UTC)

I am not here to accuse AfC reviewers in anything, I think most of them are doing an excellent job. However, there is a difference between G11 and G12. It is strictly speaking illegal to keep copyright violations in the project in any form, be it articles, drafts, userpages or talk pages. For the advertisement, well, it is of course not good that we have a lot of drafts which are just advertisement, but it is not illegal to host them, and also revisions containing advertisement do not get revision-deleted. If there is a systemic problem at the side of the reviewers (which I am still not sure about) we probably need to discuss what is the best way to modify the process to make sure copyright violations do not stay in drafts for a long time.--Ymblanter (talk) 17:46, 5 December 2018 (UTC)
We all agree copyvio should be deleted, the question is at what urgency. Thousands of other declined but not yet deleted AfC pages are likely copyvio but declined for other simplier to assess reasons. There are also thousands of undiscovered copyvio pages at Wikipedia:WikiProject Abandoned Drafts/Stale drafts The ones in this AfC category will be swept away in 6 months or so regardless and are at least tagged as copyvio already. Legacypac (talk) 18:23, 5 December 2018 (UTC)
It looks like indeed we have different perspectives on the question how soon copyvio must be deleted after it has been discovered, and it would be good to have more opinions, but unfortunately this topic so far did not attract too much attention.--Ymblanter (talk) 12:07, 7 December 2018 (UTC)
I tag for deletion 100% of the time, but the script makes it optional and the cat exists with pages so evidently there is a range of opinion and practice. Legacypac (talk) 18:19, 7 December 2018 (UTC)
  • I decline a massive number (proportionately to my AfC work) of CV drafts because I use ORES to specifically look for them. In about 85% of these cases I speedy it. In the other 15% I clean it. In 1 case I declined then decided I wasn't sufficiently sure in a complicated case so I sent it to the appropriate board for consideration. Since they're deliberately sought out I sort of fall in the "immediate" category by default, and I think I would back that position in any case. As to how much effort should be expended on making other AfC reviewers act on copyvio more rapidly (beyond declining), I'm unsure. Nosebagbear (talk) 19:59, 11 December 2018 (UTC)
    • 99% of the copyvios that I find in drafts are entire pages with no other salvageable content. As soon as I find one, it gets tagged for speedy, and usually, if the draft has been submitted, I'll also take the time to decline it so it leaves the usual schpeel on the user's talk page. In my opinion, tagging for speedy is most important; then if the draft has been submitted, I'll decline it. Home Lander (talk) 20:17, 11 December 2018 (UTC)

UTRS downtime[edit]

Due to T204565, there will be required downtime for UTRS between Dec 15 20h00 UTC and Dec 16 05h00 UTC. The database will be locked and the interface will be shut down or not responding during this time. I will post here once the downtime is complete. — Preceding unsigned comment added by DeltaQuad (talkcontribs) 08:22, 15 December 2018 (UTC)

This is now complete. -- Amanda (aka DQ) 04:58, 16 December 2018 (UTC)

Help request for page move from Autonomous cruise control system to Adaptive cruise control[edit]

WP:RM started on users's behalves. --Izno (talk) 03:00, 17 December 2018 (UTC)
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Help request for page move from Autonomous cruise control system to Adaptive cruise control. See for more info.   Thanks, Daniel.Cardenas (talk) 01:28, 17 December 2018 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Porny spammy[edit]

There've been a few tonight; User:Desmond09Y is the most recent one I've seen. Maybe some of you with some technical skills can have a look. I blocked one earlier, and so did Materialscientist. Drmies (talk) 04:53, 12 December 2018 (UTC)

Probably a spam bot. NinjaRobotPirate (talk) 08:18, 12 December 2018 (UTC)
Here's another one, User talk:BruceCochrane42, just blocked by Materialscientist. Can we filter out the underlying URLs? Drmies (talk) 18:34, 12 December 2018 (UTC)

Can someone reach out to User:Anthony E. Lahmann and/or sort through his edits?[edit]

We have a new user who is making a bunch of edits that are not making sense to me. Perhaps he needs some mentoring. I have gone through some of his edits and undone some of the more obviously unhelpful ones, and have left messages on his talk page, but I will not have time tonight or tomorrow to investigate further or follow up with him. Can someone who's good with new users please help? 28bytes (talk) 00:28, 12 December 2018 (UTC)

@28bytes: I have just been working through some of them right now. A very unusual suite of edits for a newly registered user, and their recent post to the Teahouse about page protection being akin to vandalism has successfully drawn attention to them. They are suggestive of someone who has obviously edited before, presumably under another IP address and, whilst I'm currently trying to assume good faith, I am finding a few of them somewhat disruptive. I was going to reply on the WP:TH page, but will place something on their talk page instead. Nick Moyes (talk) 00:41, 12 December 2018 (UTC)
 Done Nick Moyes (talk) 01:19, 12 December 2018 (UTC)
(edit conflict) @28bytes: Indeed, multiple edits are disruptive, particularly redirects like this which I reverted. This creation spawned me to think they might have edited over at Simple, but their account is not registered there. Home Lander (talk) 01:21, 12 December 2018 (UTC)
@Home Lander: Under that username, this person has only ever edited and made one swiftly-reverted edit at it. wiki. See here. Nick Moyes (talk) 13:46, 12 December 2018 (UTC)
He has now created a new account, User:Anthony Lahmann (edit | talk | history | links | watch | logs), and starting up with similar edits. ~ GB fan 21:22, 12 December 2018 (UTC)

I've ifdef blocked both accounts as obvious socks and WP:NOTHERE -- RoySmith (talk) 21:52, 12 December 2018 (UTC)

(edit conflict) Both accounts blocked by RoySmith and I tagged them accordingly. Home Lander (talk) 21:56, 12 December 2018 (UTC)

Thanks everyone for taking a look and acting accordingly. I had hoped we could establish a dialog with him, but if he's going to just hop to a new account and make the same sorts of edits rather than responding to anyone's legitimate concerns, a block was inevitable. 28bytes (talk) 22:52, 12 December 2018 (UTC)

Policy on schoolblocks?[edit]

Per Wikipedia:Administrators' noticeboard#Complaints, we probably need to discuss current practices and see whether we need a policy on what is the duration of schoolblocks.--Ymblanter (talk) 16:51, 12 December 2018 (UTC)

I personally, if I block an IP for vandalism (and for this, vandalism must be persistent, not just one edit), I add the talk page to my watchlist. If I see other user posting vandalism warnings, I check the contributions, and if I see IP has no constructive contributions, I progressively block up to a year, and then for a year. I never check whether this is a school or not. Possibly other users have better practices than mine.--Ymblanter (talk) 16:51, 12 December 2018 (UTC)
I look at the block history of the IP and the edits. If there is a substantial pattern of vandal edits and blocks, I will escalate to the next longest length of time in the block, especially if the edits are on the heels of a block being lifted. With almost all of the blocks not having Account Creation turned off, this still gives an avenue for legitimate edits, through an account. RickinBaltimore (talk) 17:09, 12 December 2018 (UTC)
My practices reflect the above. I will, first, check to see if the IP address belongs to an obvious educational institution, but even if it doesn't if there is a pattern of frequent vandalism with no intervening good edits, I block (allowing for account creation) with progressively longer blocks. --Jayron32 17:32, 12 December 2018 (UTC)
I personally don't dogmatically always progressively increase block lengths, and am not always particularly impressed when this is done. Actually I'm not impressed when any admin behaviour is based on previous admin behaviour. If there's been, say 2 edits in the last 2 years, then I might block for a day or two. If they soon return then they'll soon be blocked again. If a school is always problematic then I don't see a problem with blocks lasting several years. I'll often stop account creation, having seen many checkusers adjust many schoolblocks in the past. But related, I think you need to distinguish different types of school IP. Elementary schools are just going to be stupid when the kids are around but you can probably actually allow account creation. Some secondary schools are usually well behaved apart from one or two idiots who will be caught and punished. Others are just obviously places of eternal anarchy. So no automatic increases for me - take a look at the evidence as a whole. -- zzuuzz (talk) 18:04, 12 December 2018 (UTC)
Pile on here. I don't automatically increase the block length either. I try for the shortest period that will stop the disruption. Particularly in April or May, when the school term is likely to end in North America, I'll only block for a month or two because there's no point in having an IP blocked that won't be used until August or September. However, if there's disruption coming in short order off a six-month block, with a block log as long as my arm, I'll block for a year. Katietalk 22:17, 12 December 2018 (UTC)
Wikipedia:Administrators' noticeboard#Complaints is not a reason to consider anything about policy. You had users edit warring through the same IP with one of the user's asking for it to be blocked. 1 That doesn't fit the normal situations. It was also an anonblock and the complainant had an account but was choosing not to use it. He doesn't make more than a handful of edits per week and nearly none of it is academic in nature. He had no real need so he can edit as anon from home or use his account at the school. The pretense of schools having a different status would be based on academic edits which does not apply here. That complaint is not the impetus for policy changes. Deny the drama.
 — Berean Hunter (talk) 01:33, 13 December 2018 (UTC)

Proposing a temporary measure to assist in protecting the Main Page[edit]

Discussion seems to have tapered off, with the last comment (excepting a request for closure) posted 4 days ago. While there was a great deal of initial enthusiasm for the proposal to limit Main Page editing to Interface Administrators, almost all comments since the end of November have been in opposition. I am therefore closing this as "no consensus for this change." 28bytes (talk) 06:30, 14 December 2018 (UTC)
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

As many Wikipedians have noticed, several accounts have recently been compromised. Three of these compromised accounts have been administrator accounts, and all three compromised admin accounts focused on vandalizing the Main Page, the public face of the project. The most recent compromised administrator account is that of a highly active administrator. I am part of the team investigating this series of events, along with stewards, other checkusers, and WMF Security and Trust & Safety staff. There are several actions taking place in the background, mainly for security and/or privacy requirements, that will not be discussed in this thread.

One proposed temporary measure to mitigate the damage being caused by this vandal is to restrict editing of the Main Page to administrators who also hold Interface Administrator permissions. There is rarely a need to edit the Main Page itself — almost all of the work is done in the background using templates — so the impact of this temporary measure is minimal.

As noted, this is intended to be a temporary measure that will give both the community and the investigating team some "breathing space" to focus on the vandal rather than the impact of the vandalism. It was suggested that we bring this change to the community for discussion prior to implementing it. Does anyone have any feedback on this proposal? Thanks for your participation. Risker (talk) 21:30, 24 November 2018 (UTC)

Is it technically possible? The Main Page itself may not need many edits but the templates transcluded on it which are cascade protected are a different matter. Jo-Jo Eumerus (talk, contributions) 21:32, 24 November 2018 (UTC)
Yes. Adding a protection level is relatively trivial to do in the MediaWiki back-end. Just needs consensus. -- Ajraddatz (talk) 21:35, 24 November 2018 (UTC)
Yes. This can be done by private filter from what I’ve been told. TonyBallioni (talk) 21:36, 24 November 2018 (UTC)
Sorry, I wasn't clear: Is this possible without all the templates transcluded on it also becoming it-protected? Because that would be hefty collateral damage. Jo-Jo Eumerus (talk, contributions) 21:51, 24 November 2018 (UTC)
@Jo-Jo Eumerus: what @TonyBallioni: said been added. — xaosflux Talk 00:00, 25 November 2018 (UTC)


  • Support enough is enough. TonyBallioni (talk) 21:36, 24 November 2018 (UTC)
  • Support. Take this c**t down. —Jeremy v^_^v Bori! 21:37, 24 November 2018 (UTC)
  • Support could be done in MediaWiki, or possibly with an edit filter. --Rschen7754 21:41, 24 November 2018 (UTC)
  • As the front page of the site, the Main Page is arguably an interface page in spirit. Reasonable protection mechanism. ~ Amory (utc) 21:41, 24 November 2018 (UTC)
  • Support - and once this current outbreak has died down, an RfC should be run to make this change permanent. Beyond My Ken (talk) 21:42, 24 November 2018 (UTC)
  • Yup, filter please - TNT 💖 21:43, 24 November 2018 (UTC)
  • (edit conflict)x4 Support No need for this nonsense. (Please make sure there are some intadmins checking out the errors page every once in a while.) Natureium (talk) 21:44, 24 November 2018 (UTC)
  • Support, even with an option of protecting other higly visible pages such as Donald Trump for a short time.--Ymblanter (talk) 21:45, 24 November 2018 (UTC)
    This was already done earlier. Killiondude's account compromise rendered it useless. —Jeremy v^_^v Bori! 21:47, 24 November 2018 (UTC)
    Exactly my point. I mean moving these pages into mediawiki namespace so that only interface admins can edit.--Ymblanter (talk) 22:05, 24 November 2018 (UTC)
    @Ymblanter: sysops can edit MediaWiki pages already. The only pages restricted to interface admins are cascading style sheets and javascript pages. — xaosflux Talk 22:09, 24 November 2018 (UTC)
    Thanks, and as an interface admin on three projects I should have thought well before writing this. Anyway, my point is that the main page can be protected such that only interface admins can edit it (e.g. by adding a new protection level), then other highly visible pages can only get similar protection for a short time.--Ymblanter (talk) 22:16, 24 November 2018 (UTC)
    Striken the option. In view of the office action requiring TFA for all interface admins, it is absolutely not ok if only users who can afford a smartphone (or at least a laptop) will be able to edit articles such as Donald Trump.--Ymblanter (talk) 21:04, 26 November 2018 (UTC)
  • Yes, but I'd like to hear that the cascading protection issues have been fully considered. -- zzuuzz (talk) 21:50, 24 November 2018 (UTC)
    Oppose (temporary position), it's clear from some of the objections that the cascade issue hasn't been fully considered, and that this will either prevent updates to the main page or won't be at all effective. -- zzuuzz (talk) 10:44, 26 November 2018 (UTC)
  • Support I support all reasonable measures to protect the encyclopedia against this vile attack and similar incidents in the future. Cullen328 Let's discuss it 21:51, 24 November 2018 (UTC)
  • Oppose per WP:CREEP. This is not what the interface admin right was introduced for and the talk of this measure being temporary is already being subverted above. So far as I can see, the recent incidents have been handled just fine, with no significant impact or press coverage. The main page says that Wikipedia is "the free encyclopedia that anyone can edit". Limiting access to a tiny handful of people is blatantly contrary to this fundamental principle. Andrew D. (talk) 21:56, 24 November 2018 (UTC)
    • It's already restricted to only admins. How is restricting access to intadmins "blatantly contrary to this fundamental principle" if limiting it to admins isn't? Natureium (talk) 22:22, 24 November 2018 (UTC)
      • Andrew, please. I'm glad you have an opinion on everything, but that these very incidents happened means things are not "just fine". Drmies (talk) 01:41, 25 November 2018 (UTC)
  • At least temporarily some additional WP:BEANS controls have been added, these are far from perfect but may help and should not be in the way of daily workflow. — xaosflux Talk 22:00, 24 November 2018 (UTC)
  • Support Seriously Andrew, "the free encyclopedia that anyone can edit" does not mean "continually replace Donald Trump's article with a picture of an ejeculating penis". I think just about anyone knows that. Ritchie333 (talk) (cont) 22:17, 24 November 2018 (UTC)
  • Support I disagree with Andrew Davidson's comment. The Main Page already isn't editable by 99.999999999999% of the world's population; what will restricting access even further do anything more to the fact that the Main Page already doesn't fit with the whole "anyone can edit" philosophy? As for how the incidents have been handled, you may very well commend our team of stewards for acting quickly to stop further disruption, but in the case of admin accounts getting compromised it seems to be a better solution to prevent such events from happening in the first place rather than having an "oopsies" moment when the Main Page is replaced with Commons porn, even if it's reverted within ten seconds. —k6ka 🍁 (Talk · Contributions) 22:26, 24 November 2018 (UTC)
  • Support – fairly obvious, really. SNOW-close, please. Bradv 22:32, 24 November 2018 (UTC)
  • Support, but let's not let "I need to edit the Main Page" become a new reason to hand out intadmin rights. What the attacker could do with an intadmin account is much, much worse, and I'd like to keep the number of such accounts as low as possible. Suffusion of Yellow (talk) 22:34, 24 November 2018 (UTC)
    Didn't really think this one through. I'd oppose but I don't know how to explain my rationale without getting BEANsy. Suffusion of Yellow (talk) 07:17, 26 November 2018 (UTC)
  • Support solely for the main page; I agree with the comments that due to the nature of transclusions, that page is already similar to an interface page (and assume that transcluded pages would not be affected). I don't think this will be effective for other pages; rationale withheld per WP:BEANS. power~enwiki (π, ν) 22:35, 24 November 2018 (UTC)
    • There seems to be some discussion that this would also affect transcluded pages. In that case, I'd only support if it was a separate permission from INTADMIN. Ideally, it would be a permission that could be given to trusted non-admins, specifically The Rambling Man. power~enwiki (π, ν) 17:41, 26 November 2018 (UTC)
  • Support. Regardless of what the best approach should be, there are times when one has to use whatever tool is at hand, and build better tools later. Perhaps we should start looking at a scheme of progressive protection where "anybody" can edit at the bottom of the pyramid, but increasing experience and trust are required to move up to vital or more developed pages.
As a side note, I have long thought that "the free encyclopedia that anyone can edit" – which isn't even true – should be changed to "the collaborative free encyclopedia", emphasising working together. ♦ J. Johnson (JJ) (talk) 22:38, 24 November 2018 (UTC)
I could be wrong, but I don't believe that the WMF uses that tag line anymore. Beyond My Ken (talk) 23:03, 24 November 2018 (UTC)
Wrong! Beyond My Ken (talk) 01:38, 25 November 2018 (UTC)
  • Support (x10,000). Porn on the main page by compromised accounts is a severe problem. We have active interface admins and as others have mentioned, the main page itself doesn't need editing frequently, so I think this would clearly do more good than it would harm. But is there a way to protect a page with cascading protection at a certain level, but then have a higher local protection level? If it isn't possible, then I definitely would not support intadmin-protecting all pages transcluded onto the main page.--SkyGazer 512 Oh no, what did I do this time? 22:41, 24 November 2018 (UTC)
    We've done that now, but it is more of a speed-bump than a road-block. — xaosflux Talk 23:13, 24 November 2018 (UTC)
  • Support I've been an admin for 11 years, and never needed to edit it (well, apart from this evening, and someone even beat me to that by fractions of a second, so thanks for that). Black Kite (talk) 23:50, 24 November 2018 (UTC)
  • Support temporarily as proposed for the Main Page. -- KTC (talk) 00:31, 25 November 2018 (UTC)
  • Support as a temporary measure (but how would this work? A new form of protection, since this isn't in the MediaWiki namespace?) SemiHypercube 00:41, 25 November 2018 (UTC)
    Also, I don't think using an edit filter will be completely effective, not saying the weakness per you-know-what, but one could figure out what it is. SemiHypercube 17:08, 25 November 2018 (UTC)
  • Support The attacker is doing us a favor by highlighting the weaknesses. They will move on to the next weak link but protecting the main page is obviously required. Re "how would this work?": developers can do anything and they will quickly fix the problem. Johnuniq (talk) 01:35, 25 November 2018 (UTC)
  • Support, since I just got back from dealing with this guy. GABgab 01:52, 25 November 2018 (UTC)
  • Support - I wouldn't dare to touch it, anyway. Jauerbackdude?/dude. 01:55, 25 November 2018 (UTC)
  • Support I wouldn't mind if this is a permanent change; the Main Page itself doesn't need editing very often. funplussmart (talk) 05:00, 25 November 2018 (UTC)
  • Support  temporary measure. Orientls (talk) 05:00, 25 November 2018 (UTC)
    Support, Sensible measure. Ammarpad (talk) 05:53, 25 November 2018 (UTC)
  • Oppose Upon further reflection, I understand this will not solve the problem without cascading and with cascading, it creates bigger problem. –Ammarpad (talk) 12:32, 26 November 2018 (UTC)
  • Support as if I'm reading this right, only the actual Main Page will receive this additional protection, not T:DYK etc. I'd be willing to support this as a permanent change, too. Anarchyte (talk | work) 06:36, 25 November 2018 (UTC)
  • Weak support I think Andrew's comment is being wrongly ignored as the discussion above seems to be the creation of a new level of page protection which I do not think should exist or be used on this project except for this specific instance. I do not think having or applying IAdmin protection to anything except javascript pages is something that I would ever want, and the only reason I would be in favor of this is because of the recent security concerns. I do not think we should ever have a protection level that restricts editing to 14 people. For comparison, twice as many people are in the staff group (a little over 30), allowing them to edit superprotected pages, than are IAdmins on enwiki. The admonition against WP:CREEP should be taken more seriously and the temporary nature of this use emphasized. Wugapodes [thɑk] [ˈkan.ˌʧɹɪbz] 07:38, 25 November 2018 (UTC)
    • My weak support has now become Oppose given a lot of the subsequent discussion. Jimbo's account has been compromised before, IAdmins can be compromised, and restricting editing to these few people, while more likely to prevent abuse, will make resolving any actual abuse more difficult. I'd rather greater risk but quicker response than less risk and slower response. I also think this whole thing has turned into a catch-22. I'm opposed to cascading protection for the Main Page, since it would turn IAdmin into something it was never supposed to be, but not cascade protecting the main page would result in the vandals moving on to the templates themselves. I really think this is just generally a bad idea the more I think about it. Wugapodes [thɑk] [ˈkan.ˌʧɹɪbz] 01:05, 27 November 2018 (UTC)
  • Comment I have been busy so I'm not up to play. I'm not opposed to the idea although I'm not sure this will help a great deal from what's been said. I appreciate per BEAN etc that maybe details can't be discussed for this very reason so maybe there can be no clarification. But I don't think what I'm saying here is likely to be reveal anything not already obvious to prying eyes. It sounds like the plan is to still allow admins to make changes to the templates without requiring an interface admin to approve them. In that case, it seems like the vandal will just move on to vandalising the templates. I mean they're probably already working out what to do. While I appreciate they have been directly editing the main page so far, they haven't had a reason not to. And while trying passwords from previous leaks (which I assume is probably what's happening) is not really that technically demanding if you only have a few to try, it seems unlikely to me anyone capable of this won't figure it out fairly fast. Again maybe no comment can be offered, but is it believed the templates can somehow be protected against this vandalism in ways the actually main page can't? Nil Einne (talk) 10:38, 25 November 2018 (UTC)
  • Weak support only until a stronger solution is determined. The attacker (or an attacker, maybe not this one) has already demonstrated they can compromise 2FA-enabled accounts. Restricting access to intadmins reduces our security exposure, but will just focus the attacks on a different class of user. Ivanvector (Talk/Edits) 21:19, 25 November 2018 (UTC)
    • Wait which 2FA account got hacked? I hope what you're saying isn't true, it would mean that even 2FA isn't enough to stop the attack. funplussmart (talk) 21:23, 25 November 2018 (UTC)
    I don't know which accounts specifically. 2FA is a good solution but it's not perfect. Ivanvector (Talk/Edits) 21:34, 25 November 2018 (UTC)
    Hi, none of the accounts compromised in this attack had 2FA. We currently believe all compromises in this attack were due to people using the same password on other websites which presumably got hacked. 2FA is of course not a magic bullet - it won't fix every security problem (e.g. If someone steals your computer well logged in, 2FA is not going to stop that. If you add malicious Javascript to your special:mypage/common.js, 2FA can't stop that) but 2FA would have stopped this attack if the admins in question had enabled it. I strongly encourage all admins to enable 2FA. BWolff (WMF) (talk) 22:49, 25 November 2018 (UTC)
  • No, come on. Really? I'd much rather have compromised admin accounts announcing themselves to us by editing the main page than do other things. As it is, I don't think this is worth anywhere near the community time or consternation we have all spent on this. Kevin (aka L235 · t · c) 06:07, 26 November 2018 (UTC)
    • ^^^This. Compromised admin accounts used to be immediately detectable to every other logged-in admin on the site back when they announced themselves by making "Main Page" go red on every page. Now that it isn't deleteable because of the same sort of technical measure being proposed here, they have to "settle" for goatseing it. Some improvement. The last thing we want to do is make them settle for one of the couple dozen ways you can cause real and/or irreversible harm with a sysop bit. —Cryptic 11:11, 26 November 2018 (UTC)
  • Oppose int-admin cascading protection, but I do support a MediaWiki imposed int-admin protection to the Main Page itself, and perhaps a few others, as is the status-quo with filter 943. The filter was an emergency measure. Using interface admin isn't really the right way to go. I agree with others below that there shouldn't be non-technical people in the technical user group. We either need a new user group, or only int-admin protect the main page itself, and not the pages transcluded on it. Better yet, phab:T210192#4771932, phab:T150826 and phab:T150576. Sorry if I misled anyone MusikAnimal talk 06:45, 26 November 2018 (UTC)
  • Support until other security measures can be implemented or the vandalism subsides. GorillaWarfare (talk) 06:37, 26 November 2018 (UTC)
  • Oppose in contrast to the discussion about removing the unblockself permission this would create a real problem if one of the accounts with interface-editor were to be compromised, it would leave us with little means to reverse their actions. For this to work it would also need to be cascading protection as otherwise something could just be added to a page transcluded to the main page, that severely restricts the number of people who can put anything on the main page. Fix that by adding more people to the usergroup and we're back where we started. We should be looking at a technical solution to solve the problem, maybe some sort of double confirmation by two admins to put things on the main page (similar to pending changes in a way, but without auto accept). Callanecc (talkcontribslogs) 06:49, 26 November 2018 (UTC)
    @Callanecc:. It seems to me you're opposing based on wrong assumption that: the protection must propagate (cascade) to all transcluded pages, DYK, ITN etc... thereby limiting placing items to only less than 10? techadmins. But from what I understand that's not what will happen. Only the "Mainpage" will be protected with this above-admin level, this will be done via MediaWiki backend and question of "how" is beyond the scope of this discussion. What's is just needed is the consensus. –Ammarpad (talk) 07:23, 26 November 2018 (UTC)
    Thanks for asking Ammarpad, my point was that the only way for protection like this to be effective would be to protect transclusions at the same level. I'm opposed to protecting the transclusions so also to protecting the main page in this way. However, maybe something like pending changes for admins to edit the main page (or transcluded pages) where it required two admins to make a change (one to initiate and one to approve) would be a good solution. In the meantime the status quo should prevail so that we can more easily deal with any further compromised accounts. Callanecc (talkcontribslogs) 09:14, 26 November 2018 (UTC)
    The notion of there being less ways to revert vandalism is one of the only reasons I'm partially reconsidering my support vote. However, I do think that if we have a mandatory 2FA enabled intadmin account hacked, we have more on our hands than just the main page being changed, and the person behind these attacks know this. Unless they just want to make a statement for publicity, they can do a lot worse (which is why intadmin exists in the first place). Anarchyte (talk | work) 10:58, 26 November 2018 (UTC)
    Anarchyte, There are a number of ways a 2FA-secured account can become compromised - and while I won't list them all here, physical theft of device (most likely a phone or chromebook/laptop) would be the first one that would come to mind for me. SQLQuery me! 01:12, 27 November 2018 (UTC)
    @SQL: I'm aware. I'm saying that given WMF Office has now forced all intadmins to enable 2FA, if they get hacked we have something bigger on our hands. An intadmin can do real damage and I'm sure that's what a hacker would do with one, unless they only want to change the main page for publicity. An admin account can do a lot but we can no longer truly break the site. Anarchyte (talk | work) 07:03, 27 November 2018 (UTC)
  • I'm not "opposing" but I would just like to ensure this is thought through fully before being implemented.
1. If the protection cascades then we have an issue:
a) The existing small number interface admins will be responsible for all DYK, OTD, POTD, FA, FL updates. this is clearly not going to work, so:
b) We will have to make a bunch of new interface admins. Not a good idea, the whole idea of the role is to minimize the number of people with that kind of access.
2. If the protection does not cascade then it's not actually going to prevent a compromised admin account from vandalizing the main page, without specifying details, and in fact might make it harder slower to track down and resolve the problem.
I think rather than misuse the interface admin permission, which sounds like a neat idea in principle but a bad one when considering the detail, something else would need to be done. I am not in favour of uncoupling admin permissions, because we have a small pool of administrators anyway and adding further obstacles to admins who (for example) have never edited the main page but want to help when they see a backlog or an issue arise will silo things up even more and make things less flexible. I don't have the right solution, but I have concerns about the proposed one for the reasons above. Fish+Karate 09:56, 26 November 2018 (UTC)
  • Support Non-essential admin area and page that generally requires minimal change. Restrict to those who actually need it. talk to !dave 14:48, 26 November 2018 (UTC)
  • I have the same problems that Fish and karate has. Everything on the Main Page – DYK, ITN, all of it – is cascaded. We're about to make a very small group of people responsible for carrying out all the updates to the Main Page, If those people are prepared to do that, including updating DYK however often it has to be updated, I'm fine with it. If not, we either have to make more intadmins, which kind of defeats the purpose of having intadmins in the first place, or find another solution. Katietalk 16:01, 26 November 2018 (UTC)
  • Support - Per all supports and K6ka - FlightTime (open channel) 17:55, 26 November 2018 (UTC)
  • Strong Oppose - For starters, this is not what the intadmin permission was intended for. And when one of those accounts becomes compromised (intadmin isn't a magic flag that makes your account unhackable), there will be even fewer around that can undo the damage. Additionally, Fish and karate makes a fantastic point about narrowing who can work on the main page. SQLQuery me! 18:08, 26 November 2018 (UTC)
  • Oppose if we keep the cascading protection then you will need to be an interface admin to work on WP:DYK, WP:ITN/C, WP:ERRORS, etc. This massively restricts the pool of people who can work on those processes. The people who are interface admins were chosen for their technical skill at HTML/CSS/etc and don't necessarily have any interest in or ability to deal with those processes. We could appoint a load more interface admins to do this work, but that would rather defeat the point of the proposal. On the other hand if we turn cascading protection off then we make the whole of the main page much less secure, and even if we manage to manually protect everything transcluded on the main page I'm sure the attacker is capable of going after one of those pages instead. People I talk to about Wikipedia in real life usually have little or no idea that the main page even exists, I don't think it's a huge problem as advertised. Hut 8.5 18:34, 26 November 2018 (UTC)
  • Support if temporary. Should be reverted to be only admin when the compromised accounts are taken care of. Kirbanzo (talk) 19:12, 26 November 2018 (UTC)
  • Oppose This creates more problems than it solves. I think Callanecc is on the right track with a modified PC. Crazynas t 19:47, 26 November 2018 (UTC)
  • Support but via the already made EF. Optionally support int-admin to MP by way of the same backed protection system that prevents move/delete. — xaosflux Talk 20:49, 26 November 2018 (UTC)
    And if anyone wants to say but what about EFM issues - I think we should make EFM be along the same process as int-admin, including expiring it from admins that haven't actually used it in a while. — xaosflux Talk 20:52, 26 November 2018 (UTC)
    Agree on both counts. ~ Amory (utc) 22:57, 26 November 2018 (UTC)
  • Support would support this as a permanent measure --Tom (LT) (talk) 23:30, 26 November 2018 (UTC)
    • Support in principle, however oppose practically until the casacding issue described below is resolved. --Tom (LT) (talk) 00:49, 29 November 2018 (UTC)
  • Oppose. Aside from the bits that I'm seeing below, about admins being able to edit the component content (or requiring interface-admin rights to edit pages like On This Day), remember that Jimbo's account was compromised two years ago and used to vandalise the Main Page. (Admin-only link, and someone appropriately uses rollback on that edit.) Even super-admin accounts with rights like interface admin or founder can be compromised, and when it requires super-admin rights to edit the Main Page, it will sometimes take a good deal longer to revert vandalism: it's easy to find an admin to revert vandalism to a protected page rather quickly, but finding an interface admin or a steward may take a good number of minutes. We mustn't pretend that interface admins, stewards, or founders are 100% immune from compromise, so we shouldn't imagine that restricting Main Page editing to them will prevent this kind of vandalism. Nyttend (talk) 00:54, 27 November 2018 (UTC)
    @Nyttend: Though "super-admin" accounts like int-admin and founder are much less likely to be compromised, since int-admins are required by the WMF to use two-factor authentication, and Jimbo probably uses 2FA (does anyone know this for sure?) SemiHypercube 13:36, 27 November 2018 (UTC)
  • Oppose. After reading this through, I'm unable to see a resolution to the cascading protection issue. I would support the main page being protected without cascading protection being applied, to slightly reduce the target for any potential vandals, but I doubt that would do much. I suspect the best option here would be to create a new user group and new protection level intended purely for the main page and its constituent elements. I would also support making 2FA mandatory for this group. Vanamonde (talk) 04:51, 27 November 2018 (UTC)
  • Oppose, beyond the measures already taken. The cure is worse than the disease here; while I'd be willing to help out as an intadmin with maintaining the Main Page, there just aren't enough of us to go around, and increasing the numbers of intadmins to do off-mission stuff like this defeats the purpose of spinning intadmins off in the first place. Writ Keeper  13:43, 27 November 2018 (UTC)
  • Oppose (go PC) - the cascading issue is too major. Int-admins are, by design, a tiny group (they didn't even let in 4 trusted technical non-admins). Without cascading we don't really do anything. With it we'd need far more to cover everything, including blocking certain areas that were the main reason some admins actually joined up. Additionally, it seems bold of us to add such a job to the int-admin remit without at least half of them saying yes (this is a secondary concern). Getting an admin-only Pending Changes approach seems much better. Obviously more than 1 admin can have their account compromised but it should significantly reduce the frequency of issues. Nosebagbear (talk) 16:01, 27 November 2018 (UTC)
A note - an alternate mooted strategy of main-page admins (functionally granted on request, though presumably after a delay to stop immediate requests than vandalism) would seem less preferable because of a patient vandal to abuse. That said, it would also be an alternate potential method. Nosebagbear (talk)
  • Oppose per Andrew D. Enterprisey (talk!) 20:23, 27 November 2018 (UTC)
  • Oppose until someone comes up with a solution to the cascading problem and allow timely updates to ITN and DYK.-- Pawnkingthree (talk) 20:51, 27 November 2018 (UTC)
  • Oppose - per my comments below - in essence, concerns about DYK and that the Main Page remains vulnerable thorough its various templates and that this is WP:CREEP. Best, Mifter (talk) 02:38, 28 November 2018 (UTC)
  • Split vote. I was almost swayed by the original proposal but L235 convinced me otherwise. If an admin account is compromised, we want it to be obvious. I strongly oppose cascading IAdmin protection of Main Page itself cascading IAdmin protection on Main Page, because that's exactly the opposite of what IAdmin is for: protect interface, don't protect content. We've finally managed to move WP:Geonotice to a space where all sysops can update content and now we want to stop admins updating content? No. I would weakly support non-cascading IAdmin protection of Main Page, with cascading standard full-protection (argh, full protection is no longer the highest level of protection) for things that are directly transcluded onto Main Page, considering that the Main Page itself is basically an interface container rather than content. Deryck C. 18:13, 28 November 2018 (UTC)
  • Oppose abuse of the IAdmin right. There are many other ways for compromised admin accounts to disrupt Wikipedia while creating a large impact other than vandalizing the main page, protecting the main page is only going to encourage hackers to move to other areas. I agree with SQL's concern as well. feminist (talk) 02:53, 30 November 2018 (UTC)
  • Neutral - permanently move the Main Page to Mediawiki namespace, but remove the cascading protection and manually template-protect the individual MP templates instead. Kamafa Delgato (Lojbanist)Styrofoam is not made from kittens. 23:58, 30 November 2018 (UTC)
    Lojbanist, Why would we move the main page to the mediawiki namespace? SQLQuery me! 01:25, 1 December 2018 (UTC)
  • Oppose vandalism would shift to transcluded templates. Protecting the main page won’t stop ompromised accounts. Stephen 05:53, 1 December 2018 (UTC)
  • Oppose. Without cascading, protection would be toothless and they could just vandalize the transcluded templates. With cascading, well, that's totally not what the interface admin role was designed for. -- King of ♠ 06:17, 3 December 2018 (UTC)
  • Oppose. Yet another slippery slope eroding WP:EDIT. If even admins are not allowed to fix problems or improve content in certain pages of Wikipedia, who will be denied editing next? jni (delete)...just not interested 06:44, 3 December 2018 (UTC)
  • Oppose - If transcluded pages are also protected, it makes fixing WP:ERRORS impossible. If they aren't transcluded, compromised admin accounts will simply abuse those. O Still Small Voice of Clam (formerly Optimist on the run) 13:58, 3 December 2018 (UTC)
  • Oppose the hacking of the compromised accounts was carried out by someone who new how a) Wikipedia works to a certain extent and b) is "fluent" enough with computers that they were able to hack several accounts. Just protecting the Main Page will just make potential vandals, who have hacked into a administrator account, focus their vandalism over to the templates and subpages (which in this proposal won't have the protection the Main Page would). Although protecting the Main Page is a good idea in theory, to implement the idea properly and to stop vandals who can hack accounts, these templates and subpages would need IAdmin protection too. This limits updating the Main Page in its entirety to IAdmins and IAdmins are limited in numbers. Many admins who maintain the Main Page (and would want to continue to) would also need to apply for IAdmin permissions, which is something which requires an admin to use 2FA before the right is granted (which for several admins is infeasible per comments by admins in this RfC on admin inactivity).
In short, I in theory support the idea of IAdmin protection for the Main Page, but for this to be effective subpages and included templates need to be also, which stops non-IAdmin admins maintaining the Main Page. Dreamy Jazz 🎷 talk to me | my contributions 22:26, 3 December 2018 (UTC)
  • Oppose – people are bringing up a lot of good points here, especially those about the proposed changes making the number of people who can fix these problems as they pop up even smaller. Sadly opposing. cymru.lass (talkcontribs) 03:04, 4 December 2018 (UTC)
  • Oppose – If it doesn't cascade to templates, all the templates can get hit instead. It's unclear to me that's much better. If it does cascade to templates then it blocks routine work. However more significantly, we're assuming a case where an admin account is compromised. Under that assumption, the proposal merely diverts them to do something less obvious. It sucks if the main page gets hit, but it's going to be spotted rapidly, it will be reverted rapidly, and the compromised account will be immediately identified. The actual impact of the main page being hit is just some brief annoyance/embarrassment/offensiveness. Are we really sure it would be preferable if we divert a compromised admin account to be abused in some other manner? Alsee (talk) 04:30, 8 December 2018 (UTC)
  • Oppose per above. Not a good solution, especially since vandalism can, and will shift to the transcluded templates. -FASTILY 08:35, 10 December 2018 (UTC)

How temporary?[edit]

There seems to be support for the measure above but several supports are predicated on it being temporary. Seems like it would be worthwhile to have some form of consensus of how long temporary is prior to any implementation. Best, Barkeep49 (talk) 06:08, 25 November 2018 (UTC)

That's a pretty good question, Barkeep49. I think it can be said for certain that this change would be reverted as soon as it's fairly certain the vandalism issue has been resolved and the editing restriction is no longer needed. It's difficult to predict this; we've only been working on it for 72 hours, and it's a long weekend for US WMF staff (who have been very responsive), so the investigation is in its very early stages. Once we have more experienced eyes looking at things, including those who have the knowledge to suggest other options or methods for addressing the issues we're seeing, it's possible that a different/less intrusive option will be identified. It's also possible that after we've tried this for a few days, we find out that it's not really working. There's also the possibility that it becomes necessary to consider a permanent solution, either because no other less intrusive means has been identified to prevent this kind of vandalism, or because the efforts at vandalism haven't abated. Would it be reasonable to suggest that, if it still seems necessary to keep editing of the main page very restricted by 7 January 2019, it would be time to have a further community discussion about what options are available? These situations often take a few weeks to resolve, and there will be some extended holiday breaks in the next six weeks, so early January feels right. I'd be happy to hear other suggestions. Risker (talk) 07:45, 25 November 2018 (UTC)
Yes, that sounds good. The problem with emergency/quick fixes to a crisis situation is not coming back to it once the urgency is gone. I think we have enough editors watching this to avoid that. And, incidentally, thanks for keeping us informed. ♦ J. Johnson (JJ) (talk) 00:39, 26 November 2018 (UTC)
  • 07/01/19 seems a reasonable time - so long as it is agreed that the consensus appearing for this is not a consensus for a permanent introduction - i.e. if the problem hasn't been resolved or an alternate solution proposed, a new RfC must be introduced in January to retain this mechanism Nosebagbear (talk) 19:29, 26 November 2018 (UTC)
While there is some support for having this as a permanent fix, I don't believe anyone would accept that without further discussion. ♦ J. Johnson (JJ) (talk) 22:15, 26 November 2018 (UTC)
  • People are identifying negatives, and there are things efforts are being put towards in the interim - like reducing the number of admin accounts that keep being compromised. Also you are making a functional assumption. Generally it is always better to trial something than require a majority to turn it off again. Nosebagbear (talk) 22:25, 28 November 2018 (UTC)

How long do we have to debate this before it's implemented?[edit]

This has nearly unanimous support and it's only a temporary change. What are we waiting for? Natureium (talk) 19:27, 25 November 2018 (UTC)

First, it has to be open for at least 24h, and possibly, since now it is a weekend, possibly longer. Then it needs to be closed by an uninvolved administrator. Then some technical issues need to be implemented, for which a fabricator ticket should be opened.--Ymblanter (talk) 19:32, 25 November 2018 (UTC)
Note: From the technical side - as an emergency measure I can implement it as soon as (if) you all agree that its the right thing to do (weekend or not). BWolff (WMF) (talk) 19:40, 25 November 2018 (UTC)
Great, this is good to know.--Ymblanter (talk) 19:45, 25 November 2018 (UTC)
@BWolff (WMF): can you clarify whether, if this is implemented, admins will still be edit pages transcluded onto the main page? -- zzuuzz (talk) 19:47, 25 November 2018 (UTC)
  • Answers to some questions and statuses that keep coming up:
    1. We have already done something about edits to the Main Page.
    2. If a new "higher" protection level is applied and cascading protection is enabled, then all of the cascaded items will be protected at the new level. Tested at testwiki:Main Page2 and its template testwiki:Template:MPtemp1 using the "centralnotice" protection level
  • xaosflux Talk 20:18, 25 November 2018 (UTC)
    Thanks. So we're either going to need a bunch of new interface admins or check in with the existing ones. This needs to be done before implementation. -- zzuuzz (talk) 20:28, 25 November 2018 (UTC)
    @Zzuuzz: "A bunch of new interface admins" would be a step backwards in security. Would it be possible to create (yet) another protection level (call it "Main page protected"), and another user group ("Main page editors"), then quickly add the ITN/DYK/etc. regulars to that group? Suffusion of Yellow (talk) 20:33, 25 November 2018 (UTC)
    Also pinging @Xaosflux and BWolff (WMF): Suffusion of Yellow (talk) 20:46, 25 November 2018 (UTC)
    I don't disagree; I'd also point out that one of those admins in potential new user group was compromised 24 hours ago. I'd want to see 2FA compulsory for whatever is implemented, which I think needs a little more thought. -- zzuuzz (talk) 20:55, 25 November 2018 (UTC)
    Yes, all these things are possible. We don't have automated ways to require 2FA for a specific group, but its definitely possible given a list of people in a group to manually check which have 2FA enabled. BWolff (WMF) (talk) 21:12, 25 November 2018 (UTC)
  • Does anyone know if the MediaWiki software could be changed so two protection levels could be applied simultaneously? (int-admin, non-cascading protection for just the Main Page, with full cascading protection for protecting transcluded templates) We've never had to deal with anything similar, since cascading protection with anything lower than full-protection is impossible and we haven't had a protection level higher than full-protection. With one infamous exception. SemiHypercube 02:18, 26 November 2018 (UTC)
  • I fell that the language used here is too relaxed. A: If a new "higher" protection level is applied and cascading protection is enabled, then all of the cascaded items will be protected at the new level is only a definition of cascading. B: Tested at ... is only checking that cascading is correctly implemented. C: If this is implemented, will admins... is a question that should be answered by: the proposal is to enforce this and that, and the result for this_kind_of_people (should the proposal be applied) will be this and that while the result for that_kind_of_people will be this and that. A great advice about this kind of wording is RFC2119. Best regards. Pldx1 (talk) 10:56, 26 November 2018 (UTC)/ modified Pldx1 (talk) 11:00, 26 November 2018 (UTC)

  • A note - while an early close probably would have been justified on, say, Sunday, there have been a fair number of recent opposes plus 3 conversions from support to oppose. I obviously have at least some bias (since almost all participants have cast a !vote I suppose that's fairly universal here) but would say it's worth leaving open at least another 48 hours to see if that's a sea change or a blip. Nosebagbear (talk) 16:19, 27 November 2018 (UTC)

Post (initial) closure[edit]

Clarification of the closure requested. I'm not seeing the mechanics of this finalized, especially in light of active discussions about them still taking place. — xaosflux Talk 03:29, 26 November 2018 (UTC)

This also seems a bit rushed. Regarding the 2FA notes for interface admins, WMF is going to deal with that for now under OFFICE rules. I'm also a bit concerned about greatly increasing the number of interface admins and forcing 2FA (via the OFFICE rule) on to people that want to maintain things like DYK and ITN can have negative impacts: (a) non-technical people with technical access (b) removal from editorial tasks for admins that can't or don't want 2FA at this time. — xaosflux Talk 03:35, 26 November 2018 (UTC)
  • Closure review requested as this was a very early closure while discussion was still active. — xaosflux Talk 03:37, 26 November 2018 (UTC)
  • Given the nature of the proposal concerning yet another security incident, third one in the last 60 days, and the near unanimous support after 24 hours of the proposal as worded, I felt it appropriate to expedite closing this proposal. If this is a mistaken thought, I will happily reverse the close.—CYBERPOWER (Around) 03:42, 26 November 2018 (UTC)
    I think the early responses here are enough to give credibility to what is going on with filter 943, but that's it so far. For example, do we really need User:DYKUpdateBot and its operator to also become 2FA required int-admins right now, every contributor to Template:In the news, etc? — xaosflux Talk 03:46, 26 November 2018 (UTC)
    Nevermind, I re-opened it again. If there is concern with this close, I'd rather just re-open it, as I'm headed to bed and don't want to leave it as is.—CYBERPOWER (Around) 03:48, 26 November 2018 (UTC)
  • I'm probably harping on the point by now, but if this proposal results in more intadmins, we're doing it wrong. Either the existing intadmins need to take up all the main page responsibilities, or we need a new "Main Page Editor" right. I suspect maybe 1/10th of admins will even express an interest in this, so even without any 2FA requirement, this will do away with 90% of the attack surface. We can talk about requiring 2FA later. Suffusion of Yellow (talk) 04:10, 26 November 2018 (UTC)
Again I don't disagree, though it still wouldn't have prevented the latest attacks and it would have prevented any admins fixing it in a hurry. Another alternative, which I'd prefer, is a bespoke software solution similar to how admins can't delete or move the main page, without all the cascading issues. -- zzuuzz (talk) 05:34, 26 November 2018 (UTC)
Good point about the slower response, but I don't see evidence that Esanchez7587 or Garzo had ever edited anything MP-transcluded, so it would have prevented 2 of the 3 latest attacks. Suffusion of Yellow (talk) 05:57, 26 November 2018 (UTC)
I've now had some coffeee and a chance to think this through a bit, and I can see how this could work without a software change. We already have a number of main pages lying around which cascade-protect the main page content. I don't properly know how the system works, so someone will need to confirm, and we'll probably want more. So then we basically remove the cascade from the main main page, and apply the new protection level to the main page only without cascade. This would leave the main page content editable by sysops, which doesn't really provide any benefit. So we once again return to the question of how to protect the main page content whilst keeping it updateable without making security actually worse. -- zzuuzz (talk) 10:18, 26 November 2018 (UTC)
I think at this point, the most likely feasible idea should be a new protection level roughly based on what Callanecc said above. All edits to Mainpage directly and templates it pulls from (ITN, DYK...) should be subjected to four eyes principle; that means they must be approved by another admin before going live. It will be very hard and unlikely for a vandal to get two different admin accounts solely to bypass this restriction. Its efficacy will be the same as if all admins enabled 2FA. And with this protection level, we can safely apply the cascading and simultaneously allow all admins to edit the Mainpage and its templates normally. And the vandal's edit... will surely be caught waiting to be "approved"–Ammarpad (talk) 13:27, 26 November 2018 (UTC)
You're basically describing a version of WP:pending changes. Is it feasible to implement an admin-only version of that? ‑‑ElHef (Meep?) 15:05, 26 November 2018 (UTC)
Indeed I am. If you know the basic framework of PC2 you'll know this is feasible, though I don't know how simple or hard that implementing it will be. –Ammarpad (talk) 15:53, 26 November 2018 (UTC)
  • Q: How many of the (currently 13) human interface administrators stand ready to take up the workload that will be created? –xenotalk 19:22, 26 November 2018 (UTC)
    @Xeno: as an int-admin I think its safe to say most of us would have no issue dealing with formatting of the wikitext on Main page or certain included templates (via edit requests). I know I don't want to do things like manage the "content" (e.g. placing the Featured Article, updating DYK, updating ITN, etc). — xaosflux Talk 20:31, 26 November 2018 (UTC)
    FWIW the current EF is already enforcing that. — xaosflux Talk 20:32, 26 November 2018 (UTC)
    Xeno, I will answer any edit request that comes by.—CYBERPOWER (Chat) 20:58, 26 November 2018 (UTC)
  • @Cyberpower678: (and anyone else who believes IntAdmins will be able to handle all main page content): With respect, you're greatly underestimating the number of tweaks made to the main page every day. There have been 40 edits to the various main page sections in the last week alone: most of these are fixes or clarifications of some kind, that need to be made fairly quickly. Many of these are also not quick tweaks but require assessing consensus, at ERRORS or ITN/C or WT:DYK or elsewhere. I suspect that if the 13 IntAdmins are the only ones able to make these changes, we're going to have some trouble. Vanamonde (talk) 04:37, 27 November 2018 (UTC) Resigning to fix ping. Vanamonde (talk) 20:45, 27 November 2018 (UTC)
  • You would also need to grant additional permissions to the DYK update bot, as mentioned above, which might have some technical hurdles and also comes with the discussion of if we want to have a bot with interface access. Such a plan also would have to look at protecting the DYK queues which could be edited a minute before the bot switches DYK. In general with this proposal, I understand and agree with the goal of increasing security but highly doubt that this would a) remain temporary, and b) stop the issue without major collateral damage. We are a wiki, and with a project our size and the number of admins we have, there will always be an attack vector. I'm active in Main Page and DYK work when I am around, but fully acknowledge I come and go. There was a period for months when I promoted almost every queue to be sent off to the Main Page, and while I'd like to think my fellow DYK admins and editors find my, currently somewhat sporadic, work helpful, I doubt I would be granted a new "main page" right or interface editor with my current activity level. I am also concerned that the interface editor right seems to be being expanded beyond its original intent to a new class/level of administrator instead of just a technical safeguard. This is a game of whack-a-mole, as we lock down attack vectors, attackers will move further up the chain. The next logical steps for an attacker are the MediaWiki interface generally, scripts to mass perform an admin action, going after an interface administrator directly, etc. We need to win 100% of the time to prevent an attack, an attacker need only "win" once in unlimited attempts to get through. While we should absolutely reduce the attack surface, increase security, password requirements, etc., mathematically it is clear what happens in the long run. I am also concerned that if we concentrate major, time sensitive, responsibilities from our approximately 500 active admins (any one of whom can jump in) to a group of just over a dozen interface admins that things will be delayed, and we will almost certainly burn out users - not to mention potentially drive away trusted users who work in this area. Best, Mifter (talk) 02:38, 28 November 2018 (UTC)


One of the three main oppose reasons is the cascading issue - I thought it worth splitting out the issue of discussing whether this Int-Protect would cause knock on protection to be implemented, if those qualified to discuss such could answer. Nosebagbear (talk) 20:24, 26 November 2018 (UTC)

I'm not exactly following your question @Nosebagbear:. In the current software if "cascading" protection is applied whatever level is applied also gets applied to everything transcluded. — xaosflux Talk 20:29, 26 November 2018 (UTC)
There is a query in the discussions above on whether all the constituent aspects of the Main Page (DYK etc) are going to have to have this int-protection (presumably enacted via cascade) for the main page to actually be safe. It is disputed, but I wouldn't say it is made precisely clear. Since the MP is primarily made up of a bunch of transclusions, presumably more than just the MP itself will need this protection level. Nosebagbear (talk) 20:37, 26 November 2018 (UTC)
This is answered in the section just above, and we have a choice: Without cascading protection, admins can still edit the content, so there aren't any real benefits to the new protection. Using cascading int-admin protection will greatly reduce the number of people able to edit ITN/DYK/OTD and other things which are regularly updated. Alongside this is a really bad idea - increase the number of int-admins. An alternative has been proposed which is to create a new user group, and a new cascading protection level, which only allows editing content displayed on the main page. No decisions have been made, and it's not always clear above exactly what people are agreeing to. The proposal itself contains this sentence, "almost all of the work is done in the background using templates — so the impact of this temporary measure is minimal", but with cascading protection that's simply not the case. -- zzuuzz (talk) 20:51, 26 November 2018 (UTC)
Wow, clarification is needed. Adding lots more intadmins to handle all details of what is transcluded on the main page would be very dubious. Further, some templates/modules are used frequently and often appear somewhere on the main page, and people would need an intadmin to update them. Johnuniq (talk) 00:49, 27 November 2018 (UTC)


Could an uninvolved admin please formally close this? Thanks.--Ymblanter (talk) 08:09, 13 December 2018 (UTC)

 Done. 28bytes (talk) 06:30, 14 December 2018 (UTC)

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Seraphim System mass deletion[edit]

Thread stale, pages that needed restoring have been restored, no other actions being taken. Fish+Karate 12:28, 17 December 2018 (UTC)
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Just a heads up, it appears that Seraphim System is rage quitting, and in doing so, she is requesting the mass deletion of all her articles per WP:G7. Many of these requests were already tagged and/or actioned by CSD patrollers before her self-block, and she has requested that the deletions be completed. While I'm not sure her intent is "malice" per se, I would argue that these requests should be declined and the actioned ones overturned, as there is a 'good faith' clause in the CSD that would seem to have the intent of preventing incidents such as this. Regardless, I think the community should determine whether this mass deletion attempt is appropriate or not.  Swarm  {talk}  01:52, 11 December 2018 (UTC)

I think it is highly inappropriate and selfish, and an escalation of the WP:PRAM they immediately displayed above (take away my page-mover right and I quit [6]). As I said on Swarm's talkpage, the fact that Seraphim System consequently CSDed all of their own articles out of sheer spite, not caring that they might be useful to readers, is further evidence that the user has a major attitude problem. I recommend halting the process somehow, and allowing anyone to request a WP:REFUND of any of the already deleted articles. Softlavender (talk) 02:12, 11 December 2018 (UTC)
[edit conflict] I've undeleted several of them: two because they had significant edits from other users (thus they didn't qualify for G7 in the first place), and the rest with a citation to this section. I've intentionally left several others deleted, because I question the notability of the subjects; they're cited to blogs, places like YouTube, and primary sources, and (unlike several of the undeleted pages) they're ordinary biographies, not geo-governmental entities or individuals passing WP:POLITICIAN. Nyttend (talk) 02:25, 11 December 2018 (UTC)
  • I'd be inclined to call this request "in good faith", and allow any deletions that otherwise meet the G7 criteria. (after e/c: I'd assumed the admins who already deleted some checked that SS was the only significant contributor, I see from Nyttend above that isn't accurate, and those were correctly undeleted). If someone wants to recreate the articles, they can. If there is not a consensus for this approach, I'd settle for not characterizing it as "spite" or "bad faith" or "rage quit". --Floquenbeam (