headers
Gregory Maxwell | 1 Feb 01:53
Picon

Re: Any protection against pages full of 1-px images?

On Jan 31, 2008 6:39 PM, George Herbert <george.herbert@...> wrote:
[snip]
> Is there anything that can or should be done ahead of time, at the
> site operations level or developer level, to try and keep the presumed
> end-case massive DOS attack on the systems from succeeding?
[snip]

DOS attempts against the site are frequent but because the normal
traffic load is so high they are almost always insignificant.  When
they are detected at all it is usually by complete accident, and not
because they had any real effect.

Not that the someone couldn't do it... just that the fact that someone
is trying is uninteresting.  The really serious DOS attacks tend to
show up in places where there is a profit motive, ... which there
wouldn't be against Wikimedia.  Generally we're better off denying the
attention of making noise about their feeble attempts. ;)

On the other hand, killing more obviously rubbish edits serves
purposes beyond DOS avoidance.
Permalink | Reply | 1 comment |
headers
Kimon Berlin (gribeco | 1 Feb 03:12

Re: Any protection against pages full of 1-px images?

George Herbert wrote:
> We have a pattern abuser showing up on English Wikipedia, creating
> page after page full of 1-pixel versions of random images from
> throughout the site.  This appears to be a slow ramp-up to a larger
> denial of service attack on the image servers for en.wp.
>
> The pattern is easy to spot, once they do it, but "easy" in this case
> is normal reaction time of admins / alert users, most of whom haven't
> seen the pattern up close to know what's going on.
>
> Is there anything that can or should be done ahead of time, at the
> site operations level or developer level, to try and keep the presumed
> end-case massive DOS attack on the systems from succeeding?
>
> They're telegraphing their actions out pretty obviously, practicing
> for what I strongly suspect is coming.  But I don't know that we can,
> with in-wiki tools, find them / block them out effectively enough...
>
>
>   
Can you post some snippets? I'd like to see how easy the patterns would 
be to detect using regexes; if so I can just add these to my anti-vandal 
bot on frwiki...
Thanks,
Kimon/Gribeco
Permalink | Reply | 1 comment |
headers
George Herbert | 1 Feb 03:27
Picon
Gravatar

Re: Any protection against pages full of 1-px images?

Look through:
http://en.wikipedia.org/wiki/Special:DeletedContributions/Ffddd

-george

On Jan 31, 2008 6:12 PM, Kimon Berlin (gribeco)
<gribeco@...> wrote:
>
> George Herbert wrote:
> > We have a pattern abuser showing up on English Wikipedia, creating
> > page after page full of 1-pixel versions of random images from
> > throughout the site.  This appears to be a slow ramp-up to a larger
> > denial of service attack on the image servers for en.wp.
> >
> > The pattern is easy to spot, once they do it, but "easy" in this case
> > is normal reaction time of admins / alert users, most of whom haven't
> > seen the pattern up close to know what's going on.
> >
> > Is there anything that can or should be done ahead of time, at the
> > site operations level or developer level, to try and keep the presumed
> > end-case massive DOS attack on the systems from succeeding?
> >
> > They're telegraphing their actions out pretty obviously, practicing
> > for what I strongly suspect is coming.  But I don't know that we can,
> > with in-wiki tools, find them / block them out effectively enough...
> >
> >
> >
> Can you post some snippets? I'd like to see how easy the patterns would
> be to detect using regexes; if so I can just add these to my anti-vandal
(Continue reading)

Permalink | Reply | 0 comments |
headers
Steve Bennett | 1 Feb 04:12
Picon

Re: Suggested tweak to parser.php

On 2/1/08, Jim Wilson <wilson.jim.r@...> wrote:
> In that example, there are non-whitespace characters between the two
> colons, whereas in my example, it was just whitespace.
>
> So I guess my question is, why should newline be special?  That is,
> why would these two examples render differently:
>
> ;Term: : Definition
>
> ;Term:
> : Definition

It's hard for me to argue "why" because personally I think the
;term:definition syntax is pretty crappy. It's the sort of cutesy
minimalist syntax that was in vogue when wikis were first invented,
but no one would dream of it now. I (and perhaps many people) tend to
look at it like this:

;term

(translates into a DT wrapped in a DL)

:definition

(translates into a DD wrapped in a DL)

;term
:definition

(translates as above, except that they're wrapped in the same DL, much
(Continue reading)

Permalink | Reply | 0 comments |
headers
Aaron Schulz | 1 Feb 04:30
Picon
Favicon

Re: [MediaWiki-CVS] SVN: [30352] trunk/extensions


It would be committed right now if someone had time to review it. That is the bottleneck.

-Aaron Schulz

> Date: Thu, 31 Jan 2008 17:31:47 -0500
> From: Simetrical+wikilist@...
> To: wikitech-l@...
> Subject: Re: [Wikitech-l] [MediaWiki-CVS] SVN: [30352] trunk/extensions
> 
> On Jan 31, 2008 1:35 PM,  <vasilvv@...> wrote:
> > Oversight will be deprecated by rev_deleted system as soon as it will be
> >    ready for productional usage.
> 
> Maybe, but
> 
> 1) That's not what the OBSOLETE notice says, so I assume that wasn't
> the intent, and that this was an error.
> 
> 2) rev_deleted is not ready for production use or, at least, is not
> enabled on any Wikimedia site, last I checked (not counting testwiki).
>  It is certainly not obsolete until the new feature is at least
> possible to use.
> 
> On Jan 31, 2008 4:31 PM, David Gerard <dgerard@...> wrote:
> > Any idea when that will be?
> 
> With the new developers coming in this year, I'm optimistic that a
> bunch of eternally pending projects will get completed.  But as far as
> I'm aware there's still no schedule on anything, and probably won't be
(Continue reading)

Permalink | Reply | 1 comment |
headers
Simetrical | 1 Feb 04:41
Picon

Re: [MediaWiki-CVS] SVN: [30352] trunk/extensions

On Jan 31, 2008 10:30 PM, Aaron Schulz <jschulz_4587@...> wrote:
> It would be committed right now if someone had time to review it. That is the bottleneck.

And if we get more paid developers to take the load off Brion, maybe
he'll have time to review it.  Or will hire another senior developer
with time to review it.  I assume that any reviewer would have *some*
issues with it, though, that would need to be fixed.  It's rather too
large a project to not have any flaws be found on review.
Permalink | Reply | 0 comments |
headers
Tim Starling | 1 Feb 05:00
Picon

Re: Any protection against pages full of 1-px images?

George Herbert wrote:
> We have a pattern abuser showing up on English Wikipedia, creating
> page after page full of 1-pixel versions of random images from
> throughout the site.  This appears to be a slow ramp-up to a larger
> denial of service attack on the image servers for en.wp.
> 
> The pattern is easy to spot, once they do it, but "easy" in this case
> is normal reaction time of admins / alert users, most of whom haven't
> seen the pattern up close to know what's going on.
> 
> Is there anything that can or should be done ahead of time, at the
> site operations level or developer level, to try and keep the presumed
> end-case massive DOS attack on the systems from succeeding?
> 
> They're telegraphing their actions out pretty obviously, practicing
> for what I strongly suspect is coming.  But I don't know that we can,
> with in-wiki tools, find them / block them out effectively enough...

Thanks for the report, we'll keep an eye on it. I don't think there's any 
urgent need for action, and I don't think there's a need to advertise his 
actions and thus give him more satisfaction than he deserves.

-- Tim Starling
Permalink | Reply | 0 comments |
headers
vasilvv | 1 Feb 05:12
Picon

Re: Case-insensitive OpenSearch extension

Brion Vibber writes:
> We currently have the built-in AJAX search disabled on Wikimedia sites 
> in part because the UI is a bit unusual
What's wrong with it?
--VasilievVV
Permalink | Reply | 1 comment |
headers
Brion Vibber | 1 Feb 05:33
Picon
Gravatar

Re: Case-insensitive OpenSearch extension

On Jan 31, 2008, at 20:12, vasilvv@... wrote:

> Brion Vibber writes:
>> We currently have the built-in AJAX search disabled on Wikimedia  
>> sites
>> in part because the UI is a bit unusual
> What's wrong with it?

It takes over the entire content area. This isn't expected behavior  
(unlike similar tools which use drop-downs), is visually disjoint from  
the input box, and by disrupting the rest of the page it harms basic  
usability (for example if you're typing something you're reading out  
of the page -- oops it's gone)

-- brion
Permalink | Reply | 0 comments |
headers
Huji | 1 Feb 09:14
Picon
Gravatar

Re: Library to filter HTML

Searching Google for html strippers for python gives me lots of useful
results, most of them being based on regular expreissions. What else do you
want? (You can of course expand the regexp pattern to include wiki tags)

Huji

On 1/31/08, Felipe Ortega <glimmer_phoenix <at> yahoo.es> wrote:
>
> Hi all.
>
> I'm adding some tweaks to the WikiXRay parser of meta-history dumps. I now
> extract internal, external links, and so on, but I'd also like to extract
> the plain text (without HTML code and, possibly, also filtering wiki tags).
>
> Does anyone nows a good python library to do that? I believe there should
> be something out there, as there exist bots and crawlers automating the data
> extraction process from one wiki to other.
>
> Thanks in advance for your comments.
>
> Felipe.
>
> ---------------------------------
>
> ¿Con Mascota por primera vez? - Sé un mejor Amigo
> Entra en Yahoo! Respuestas.
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l <at> lists.wikimedia.org
(Continue reading)

Permalink | Reply | 2 comments |

Gmane