Wikipedia:Administrators' noticeboard: Difference between revisions

1. If the protection cascades then we have an issue:

a) The existing small number interface admins will be responsible for all DYK, OTD, POTD, FA, FL updates. this is clearly not going to work, so:

b) We will have to make a bunch of new interface admins. Not a good idea, the whole idea of the role is to minimize the number of people with that kind of access.

2. If the protection does not cascade then it's not actually going to prevent a compromised admin account from vandalizing the main page, without specifying details, and in fact might make it harder slower to track down and resolve the problem.

I think rather than misuse the interface admin permission, which sounds like a neat idea in principle but a bad one when considering the detail, something else would need to be done. I am not in favour of uncoupling admin permissions, because we have a small pool of administrators anyway and adding further obstacles to admins who (for example) have never edited the main page but want to help when they see a backlog or an issue arise will silo things up even more and make things less flexible. I don't have the right solution, but I have concerns about the proposed one for the reasons above. Fish+Karate 09:56, 26 November 2018 (UTC)[reply]

• Support Non-essential admin area and page that generally requires minimal change. Restrict to those who actually need it. talk to !dave 14:48, 26 November 2018 (UTC)[reply]
• I have the same problems that Fish and karate has. Everything on the Main Page – DYK, ITN, all of it – is cascaded. We're about to make a very small group of people responsible for carrying out all the updates to the Main Page, If those people are prepared to do that, including updating DYK however often it has to be updated, I'm fine with it. If not, we either have to make more intadmins, which kind of defeats the purpose of having intadmins in the first place, or find another solution. Katie^talk 16:01, 26 November 2018 (UTC)[reply]
• Support - Per all supports and K6ka - FlightTime (open channel) 17:55, 26 November 2018 (UTC)[reply]
• Strong Oppose - For starters, this is not what the intadmin permission was intended for. And when one of those accounts becomes compromised (intadmin isn't a magic flag that makes your account unhackable), there will be even fewer around that can undo the damage. Additionally, Fish and karate makes a fantastic point about narrowing who can work on the main page. SQL^{Query me!} 18:08, 26 November 2018 (UTC)[reply]
• Oppose if we keep the cascading protection then you will need to be an interface admin to work on
  WP:ERRORS, etc. This massively restricts the pool of people who can work on those processes. The people who are interface admins were chosen for their technical skill at HTML/CSS/etc and don't necessarily have any interest in or ability to deal with those processes. We could appoint a load more interface admins to do this work, but that would rather defeat the point of the proposal. On the other hand if we turn cascading protection off then we make the whole of the main page much less secure, and even if we manage to manually protect everything transcluded on the main page I'm sure the attacker is capable of going after one of those pages instead. People I talk to about Wikipedia in real life usually have little or no idea that the main page even exists, I don't think it's a huge problem as advertised. Hut 8.5 18:34, 26 November 2018 (UTC)[reply
  ]
• Support if temporary. Should be reverted to be only admin when the compromised accounts are taken care of. Kirbanzo (talk) 19:12, 26 November 2018 (UTC)[reply]
• Oppose This creates more problems than it solves. I think Callanecc is on the right track with a modified PC. Crazynas ^t 19:47, 26 November 2018 (UTC)[reply]
• Support but via the already made EF. Optionally support int-admin to MP by way of the same backed protection system that prevents move/delete. — xaosflux ^Talk 20:49, 26 November 2018 (UTC)[reply]

  And if anyone wants to say but what about EFM issues - I think we should make EFM be along the same process as int-admin, including expiring it from admins that haven't actually used it in a while. — xaosflux ^Talk 20:52, 26 November 2018 (UTC)[reply]

  Agree on both counts. ~ Amory (u • t • c) 22:57, 26 November 2018 (UTC)[reply]

• Support would support this as a permanent measure --Tom (LT) (talk) 23:30, 26 November 2018 (UTC)[reply]
  • Support in principle, however oppose practically until the casacding issue described below is resolved. --Tom (LT) (talk) 00:49, 29 November 2018 (UTC)[reply]
• Oppose. Aside from the bits that I'm seeing below, about admins being able to edit the component content (or requiring interface-admin rights to edit pages like On This Day), remember that Jimbo's account was compromised two years ago and used to vandalise the Main Page. (Admin-only link, and someone appropriately uses rollback on that edit.) Even super-admin accounts with rights like interface admin or founder can be compromised, and when it requires super-admin rights to edit the Main Page, it will sometimes take a good deal longer to revert vandalism: it's easy to find an admin to revert vandalism to a protected page rather quickly, but finding an interface admin or a steward may take a good number of minutes. We mustn't pretend that interface admins, stewards, or founders are 100% immune from compromise, so we shouldn't imagine that restricting Main Page editing to them will prevent this kind of vandalism. Nyttend (talk) 00:54, 27 November 2018 (UTC)[reply]

  @

  two-factor authentication, and Jimbo probably uses 2FA (does anyone know this for sure?) ^Semi_Hypercube ✎ 13:36, 27 November 2018 (UTC)[reply

  ]

• Oppose. After reading this through, I'm unable to see a resolution to the cascading protection issue. I would support the main page being protected without cascading protection being applied, to slightly reduce the target for any potential vandals, but I doubt that would do much. I suspect the best option here would be to create a new user group and new protection level intended purely for the main page and its constituent elements. I would also support making 2FA mandatory for this group. Vanamonde (talk) 04:51, 27 November 2018 (UTC)[reply]
• Oppose, beyond the measures already taken. The cure is worse than the disease here; while I'd be willing to help out as an intadmin with maintaining the Main Page, there just aren't enough of us to go around, and increasing the numbers of intadmins to do off-mission stuff like this defeats the purpose of spinning intadmins off in the first place. Writ Keeper ⚇♔ 13:43, 27 November 2018 (UTC)[reply]
• Oppose (go PC) - the cascading issue is too major. Int-admins are, by design, a tiny group (they didn't even let in 4 trusted technical non-admins). Without cascading we don't really do anything. With it we'd need far more to cover everything, including blocking certain areas that were the main reason some admins actually joined up. Additionally, it seems bold of us to add such a job to the int-admin remit without at least half of them saying yes (this is a secondary concern). Getting an admin-only Pending Changes approach seems much better. Obviously more than 1 admin can have their account compromised but it should significantly reduce the frequency of issues. Nosebagbear (talk) 16:01, 27 November 2018 (UTC)[reply]

A note - an alternate mooted strategy of main-page admins (functionally granted on request, though presumably after a delay to stop immediate requests than vandalism) would seem less preferable because of a patient vandal to abuse. That said, it would also be an alternate potential method. Nosebagbear (talk)

• Oppose per Andrew D. Enterprisey (talk!) 20:23, 27 November 2018 (UTC)[reply]
• Oppose until someone comes up with a solution to the cascading problem and allow timely updates to ITN and DYK.-- Pawnkingthree (talk) 20:51, 27 November 2018 (UTC)[reply]
• Oppose - per my comments below - in essence, concerns about DYK and that the Main Page remains vulnerable thorough its various templates and that this is
  WP:CREEP. Best, Mifter (talk) 02:38, 28 November 2018 (UTC)[reply
  ]
• Split vote. I was almost swayed by the original proposal but L235 convinced me otherwise. If an admin account is compromised, we want it to be obvious. I strongly oppose cascading IAdmin protection of Main Page itself cascading IAdmin protection on Main Page, because that's exactly the opposite of what IAdmin is for: protect interface, don't protect content. We've finally managed to move WP:Geonotice to a space where all sysops can update content and now we want to stop admins updating content? No. I would weakly support non-cascading IAdmin protection of Main Page, with cascading standard full-protection (argh, full protection is no longer the highest level of protection) for things that are directly transcluded onto Main Page, considering that the Main Page itself is basically an interface container rather than content. Deryck C. 18:13, 28 November 2018 (UTC)[reply]
• Oppose abuse of the IAdmin right. There are many other ways for compromised admin accounts to disrupt Wikipedia while creating a large impact other than vandalizing the main page, protecting the main page is only going to encourage hackers to move to other areas. I agree with SQL's concern as well. feminist (talk) 02:53, 30 November 2018 (UTC)[reply]
• Neutral - permanently move the Main Page to Mediawiki namespace, but remove the cascading protection and manually template-protect the individual MP templates instead. Kamafa Delgato _(Lojbanist)^{Styrofoam is not made from kittens.} 23:58, 30 November 2018 (UTC)[reply]

How temporary?

There seems to be support for the measure above but several supports are predicated on it being temporary. Seems like it would be worthwhile to have some form of consensus of how long temporary is prior to any implementation. Best, Barkeep49 (talk) 06:08, 25 November 2018 (UTC)[reply]

That's a pretty good question, Barkeep49. I think it can be said for certain that this change would be reverted as soon as it's fairly certain the vandalism issue has been resolved and the editing restriction is no longer needed. It's difficult to predict this; we've only been working on it for 72 hours, and it's a long weekend for US WMF staff (who have been very responsive), so the investigation is in its very early stages. Once we have more experienced eyes looking at things, including those who have the knowledge to suggest other options or methods for addressing the issues we're seeing, it's possible that a different/less intrusive option will be identified. It's also possible that after we've tried this for a few days, we find out that it's not really working. There's also the possibility that it becomes necessary to consider a permanent solution, either because no other less intrusive means has been identified to prevent this kind of vandalism, or because the efforts at vandalism haven't abated. Would it be reasonable to suggest that, if it still seems necessary to keep editing of the main page very restricted by 7 January 2019, it would be time to have a further community discussion about what options are available? These situations often take a few weeks to resolve, and there will be some extended holiday breaks in the next six weeks, so early January feels right. I'd be happy to hear other suggestions. Risker (talk) 07:45, 25 November 2018 (UTC)[reply]

Yes, that sounds good. The problem with emergency/quick fixes to a crisis situation is not coming back to it once the urgency is gone. I think we have enough editors watching this to avoid that. And, incidentally, thanks for keeping us informed. ♦ J. Johnson (JJ) (talk) 00:39, 26 November 2018 (UTC)[reply]

• 07/01/19 seems a reasonable time - so long as it is agreed that the consensus appearing for this is not a consensus for a permanent introduction - i.e. if the problem hasn't been resolved or an alternate solution proposed, a new RfC must be introduced in January to retain this mechanism Nosebagbear (talk) 19:29, 26 November 2018 (UTC)[reply]

While there is some support for having this as a permanent fix, I don't believe anyone would accept that without further discussion. ♦ J. Johnson (JJ) (talk) 22:15, 26 November 2018 (UTC)[reply]

• As far as the EF goes, any arguments for not leaving indefinitely? For an analysis of 2018's MP edits see my notes at Wikipedia:Interface_administrators'_noticeboard#Int-Admin_Main_Page_Proposal. This part should not have any workload issues for int-admins. — xaosflux ^Talk 14:29, 28 November 2018 (UTC)[reply]

• People are identifying negatives, and there are things efforts are being put towards in the interim - like reducing the number of admin accounts that keep being compromised. Also you are making a functional assumption. Generally it is always better to trial something than require a majority to turn it off again. Nosebagbear (talk) 22:25, 28 November 2018 (UTC)[reply]

How long do we have to debate this before it's implemented?

This has nearly unanimous support and it's only a temporary change. What are we waiting for? Natureium (talk) 19:27, 25 November 2018 (UTC)[reply]

First, it has to be open for at least 24h, and possibly, since now it is a weekend, possibly longer. Then it needs to be closed by an uninvolved administrator. Then some technical issues need to be implemented, for which a fabricator ticket should be opened.--Ymblanter (talk) 19:32, 25 November 2018 (UTC)[reply]

Note: From the technical side - as an emergency measure I can implement it as soon as (if) you all agree that its the right thing to do (weekend or not). BWolff (WMF) (talk) 19:40, 25 November 2018 (UTC)[reply]

Great, this is good to know.--Ymblanter (talk) 19:45, 25 November 2018 (UTC)[reply]

@BWolff (WMF): can you clarify whether, if this is implemented, admins will still be edit pages transcluded onto the main page? -- zzuuzz ^(talk) 19:47, 25 November 2018 (UTC)[reply]

• Answers to some questions and statuses that keep coming up:
  1. We have already done something about edits to the Main Page.
  2. If a new "higher" protection level is applied and cascading protection is enabled, then all of the cascaded items will be protected at the new level. Tested at testwiki:Main Page2 and its template testwiki:Template:MPtemp1 using the "centralnotice" protection level
• — xaosflux ^Talk 20:18, 25 November 2018 (UTC)[reply]

  Thanks. So we're either going to need a bunch of new interface admins or check in with the existing ones. This needs to be done before implementation. -- zzuuzz ^(talk) 20:28, 25 November 2018 (UTC)[reply]

  @Zzuuzz: "A bunch of new interface admins" would be a step backwards in security. Would it be possible to create (yet) another protection level (call it "Main page protected"), and another user group ("Main page editors"), then quickly add the ITN/DYK/etc. regulars to that group? Suffusion of Yellow (talk) 20:33, 25 November 2018 (UTC)[reply]

  Also pinging @Xaosflux and BWolff (WMF): Suffusion of Yellow (talk) 20:46, 25 November 2018 (UTC)[reply]

  I don't disagree; I'd also point out that one of those admins in potential new user group was compromised 24 hours ago. I'd want to see 2FA compulsory for whatever is implemented, which I think needs a little more thought. -- zzuuzz ^(talk) 20:55, 25 November 2018 (UTC)[reply]

  Yes, all these things are possible. We don't have automated ways to require 2FA for a specific group, but its definitely possible given a list of people in a group to manually check which have 2FA enabled. BWolff (WMF) (talk) 21:12, 25 November 2018 (UTC)[reply]

• Does anyone know if the MediaWiki software could be changed so two protection levels could be applied simultaneously? (int-admin, non-cascading protection for just the Main Page, with full cascading protection for protecting transcluded templates) We've never had to deal with anything similar, since cascading protection with anything lower than full-protection is impossible and we haven't had a protection level higher than full-protection. With one infamous exception. ^Semi_Hypercube ✎ 02:18, 26 November 2018 (UTC)[reply]
• I fell that the language used here is too relaxed. A: If a new "higher" protection level is applied and cascading protection is enabled, then all of the cascaded items will be protected at the new level is only a definition of cascading. B: Tested at ... is only checking that cascading is correctly implemented. C: If this is implemented, will admins... is a question that should be answered by: the proposal is to enforce this and that, and the result for this_kind_of_people (should the proposal be applied) will be this and that while the result for that_kind_of_people will be this and that. A great advice about this kind of wording is RFC2119. Best regards. Pldx1 (talk) 10:56, 26 November 2018 (UTC)/ modified Pldx1 (talk) 11:00, 26 November 2018 (UTC)[reply]

• A note - while an early close probably would have been justified on, say, Sunday, there have been a fair number of recent opposes plus 3 conversions from support to oppose. I obviously have at least some bias (since almost all participants have cast a !vote I suppose that's fairly universal here) but would say it's worth leaving open at least another 48 hours to see if that's a sea change or a blip. Nosebagbear (talk) 16:19, 27 November 2018 (UTC)[reply]

Post (initial) closure

Clarification of the closure requested. I'm not seeing the mechanics of this finalized, especially in light of active discussions about them still taking place. — xaosflux ^Talk 03:29, 26 November 2018 (UTC)[reply]

This also seems a bit rushed. Regarding the 2FA notes for interface admins, WMF is going to deal with that for now under OFFICE rules. I'm also a bit concerned about greatly increasing the number of interface admins and forcing 2FA (via the OFFICE rule) on to people that want to maintain things like DYK and ITN can have negative impacts: (a) non-technical people with technical access (b) removal from editorial tasks for admins that can't or don't want 2FA at this time. — xaosflux ^Talk 03:35, 26 November 2018 (UTC)[reply]

• Closure review requested as this was a very early closure while discussion was still active. — xaosflux ^Talk 03:37, 26 November 2018 (UTC)[reply]
• Given the nature of the proposal concerning yet another security incident, third one in the last 60 days, and the near unanimous support after 24 hours of the proposal as worded, I felt it appropriate to expedite closing this proposal. If this is a mistaken thought, I will happily reverse the close.—CYBERPOWER (Around) 03:42, 26 November 2018 (UTC)[reply]

  I think the early responses here are enough to give credibility to what is going on with filter 943, but that's it so far. For example, do we really need User:DYKUpdateBot and its operator to also become 2FA required int-admins right now, every contributor to Template:In the news, etc? — xaosflux ^Talk 03:46, 26 November 2018 (UTC)[reply]

  Nevermind, I re-opened it again. If there is concern with this close, I'd rather just re-open it, as I'm headed to bed and don't want to leave it as is.—CYBERPOWER (Around) 03:48, 26 November 2018 (UTC)[reply]

• I'm probably harping on the point by now, but if this proposal results in more intadmins, we're doing it wrong. Either the existing intadmins need to take up all the main page responsibilities, or we need a new "Main Page Editor" right. I suspect maybe 1/10th of admins will even express an interest in this, so even without any 2FA requirement, this will do away with 90% of the attack surface. We can talk about requiring 2FA later. Suffusion of Yellow (talk) 04:10, 26 November 2018 (UTC)[reply]

Again I don't disagree, though it still wouldn't have prevented the latest attacks and it would have prevented any admins fixing it in a hurry. Another alternative, which I'd prefer, is a bespoke software solution similar to how admins can't delete or move the main page, without all the cascading issues. -- zzuuzz ^(talk) 05:34, 26 November 2018 (UTC)[reply]

Good point about the slower response, but I don't see evidence that Esanchez7587 or Garzo had ever edited anything MP-transcluded, so it would have prevented 2 of the 3 latest attacks. Suffusion of Yellow (talk) 05:57, 26 November 2018 (UTC)[reply]

I've now had some coffeee and a chance to think this through a bit, and I can see how this could work without a software change. We already have a number of main pages lying around which cascade-protect the main page content. I don't properly know how the system works, so someone will need to confirm, and we'll probably want more. So then we basically remove the cascade from the main main page, and apply the new protection level to the main page only without cascade. This would leave the main page content editable by sysops, which doesn't really provide any benefit. So we once again return to the question of how to protect the main page content whilst keeping it updateable without making security actually worse. -- zzuuzz ^(talk) 10:18, 26 November 2018 (UTC)[reply]

I think at this point, the most likely feasible idea should be a new protection level roughly based on what

2FA. And with this protection level, we can safely apply the cascading and simultaneously allow all admins to edit the Mainpage and its templates normally. And the vandal's edit... will surely be caught waiting to be "approved"–Ammarpad (talk) 13:27, 26 November 2018 (UTC)[reply

]

You're basically describing a version of WP:pending changes. Is it feasible to implement an admin-only version of that? ‑‑ElHef (Meep?) 15:05, 26 November 2018 (UTC)[reply]

Indeed I am. If you know the basic framework of

PC2 you'll know this is feasible, though I don't know how simple or hard that implementing it will be. –Ammarpad (talk) 15:53, 26 November 2018 (UTC)[reply

]

• Q: How many of the (currently 13) human interface administrators stand ready to take up the workload that will be created? –xeno^talk 19:22, 26 November 2018 (UTC)[reply]

  @

  Main page or certain included templates (via edit requests). I know I don't want to do things like manage the "content" (e.g. placing the Featured Article, updating DYK, updating ITN, etc). — xaosflux ^Talk 20:31, 26 November 2018 (UTC)[reply

  ]

  FWIW the current EF is already enforcing that. — xaosflux ^Talk 20:32, 26 November 2018 (UTC)[reply]

  Xeno, I will answer any edit request that comes by.—CYBERPOWER (Chat) 20:58, 26 November 2018 (UTC)[reply]

• @Cyberpower678: (and anyone else who believes IntAdmins will be able to handle all main page content): With respect, you're greatly underestimating the number of tweaks made to the main page every day. There have been 40 edits to the various main page sections in the last week alone: most of these are fixes or clarifications of some kind, that need to be made fairly quickly. Many of these are also not quick tweaks but require assessing consensus, at ERRORS or ITN/C or WT:DYK or elsewhere. I suspect that if the 13 IntAdmins are the only ones able to make these changes, we're going to have some trouble. Vanamonde (talk) 04:37, 27 November 2018 (UTC) Resigning to fix ping. Vanamonde (talk) 20:45, 27 November 2018 (UTC)[reply]
• You would also need to grant additional permissions to the DYK update bot, as mentioned above, which might have some technical hurdles and also comes with the discussion of if we want to have a bot with interface access. Such a plan also would have to look at protecting the DYK queues which could be edited a minute before the bot switches DYK. In general with this proposal, I understand and agree with the goal of increasing security but highly doubt that this would a) remain temporary, and b) stop the issue without major collateral damage. We are a wiki, and with a project our size and the number of admins we have, there will always be an attack vector. I'm active in Main Page and DYK work when I am around, but fully acknowledge I come and go. There was a period for months when I promoted almost every queue to be sent off to the Main Page, and while I'd like to think my fellow DYK admins and editors find my, currently somewhat sporadic, work helpful, I doubt I would be granted a new "main page" right or interface editor with my current activity level. I am also concerned that the interface editor right seems to be being expanded beyond its original intent to a new class/level of administrator instead of just a technical safeguard. This is a game of whack-a-mole, as we lock down attack vectors, attackers will move further up the chain. The next logical steps for an attacker are the MediaWiki interface generally, scripts to mass perform an admin action, going after an interface administrator directly, etc. We need to win 100% of the time to prevent an attack, an attacker need only "win" once in unlimited attempts to get through. While we should absolutely reduce the attack surface, increase security, password requirements, etc., mathematically it is clear what happens in the long run. I am also concerned that if we concentrate major, time sensitive, responsibilities from our approximately 500 active admins (any one of whom can jump in) to a group of just over a dozen interface admins that things will be delayed, and we will almost certainly burn out users - not to mention potentially drive away trusted users who work in this area. Best, Mifter (talk) 02:38, 28 November 2018 (UTC)[reply]

Cascading

One of the three main oppose reasons is the cascading issue - I thought it worth splitting out the issue of discussing whether this Int-Protect would cause knock on protection to be implemented, if those qualified to discuss such could answer. Nosebagbear (talk) 20:24, 26 November 2018 (UTC)[reply]

I'm not exactly following your question @Nosebagbear:. In the current software if "cascading" protection is applied whatever level is applied also gets applied to everything transcluded. — xaosflux ^Talk 20:29, 26 November 2018 (UTC)[reply]

There is a query in the discussions above on whether all the constituent aspects of the Main Page (DYK etc) are going to have to have this int-protection (presumably enacted via cascade) for the main page to actually be safe. It is disputed, but I wouldn't say it is made precisely clear. Since the MP is primarily made up of a bunch of transclusions, presumably more than just the MP itself will need this protection level. Nosebagbear (talk) 20:37, 26 November 2018 (UTC)[reply]

This is answered in the section just above, and we have a choice: Without cascading protection, admins can still edit the content, so there aren't any real benefits to the new protection. Using cascading int-admin protection will greatly reduce the number of people able to edit ITN/DYK/OTD and other things which are regularly updated. Alongside this is a really bad idea - increase the number of int-admins. An alternative has been proposed which is to create a new user group, and a new cascading protection level, which only allows editing content displayed on the main page. No decisions have been made, and it's not always clear above exactly what people are agreeing to. The proposal itself contains this sentence, "almost all of the work is done in the background using templates — so the impact of this temporary measure is minimal", but with cascading protection that's simply not the case. -- zzuuzz ^(talk) 20:51, 26 November 2018 (UTC)[reply]

Wow, clarification is needed. Adding lots more intadmins to handle all details of what is transcluded on the main page would be very dubious. Further, some templates/modules are used frequently and often appear somewhere on the main page, and people would need an intadmin to update them. Johnuniq (talk) 00:49, 27 November 2018 (UTC)[reply]

Under

Discuss this at: Wikipedia talk:Arbitration Committee/Noticeboard#Level 1 desysop of Killiondude

For the arbitration committee, --Cameron₁₁₅₉₈ ^(Talk) 23:29, 24 November 2018 (UTC)[reply]

Return of tools

The Arbitration Committee has verified Killiondude is back in control of their account via multiple methods. Therefore the committee reinstates their administrative userright, which was previously removed by motion. The committee also urges them to enable

Supporting: KrakatoaKatie, Callanecc, Newyorkbrad, Premeditated Chaos, Worm That Turned, Opabinia Regalis, Mkdw, DeltaQuad.

For the Arbitration Committee, --

Discuss this at: Wikipedia talk:Arbitration Committee/Noticeboard#Return of tools

For the arbitration committee, --Cameron₁₁₅₉₈ ^(Talk) 23:29, 24 November 2018 (UTC)[reply]

Hi, in light of the recent publicised vandalism on Donald Trump (The Verge, Independent), we decided to replace the primary target of the vandalism, the infobox, with a fully protected template. This means that once the temporary full protection on the main article ends business as usual can continue. However, given the discussion had a relatively low level of participation, Ymblanter suggested I make a thread here.

Should we keep this template in the article (temporarily) or should we go back to having the infobox directly inside the article? Note that a compromised admin account could technically still vandalise the article, it would just mean they'd have to go through an extra step (that has significantly less watchers). @MelanieN, Enigmaman, Ymblanter, GreenC, Awilley, and DannyS712: Pinging those who were involved with the discussion at Talk:Donald Trump. Cheers, Anarchyte (talk | work) 09:13, 25 November 2018 (UTC)[reply]

@Anarchyte, MelanieN, Enigmaman, Ymblanter, GreenC, Awilley, and DannyS712: While I am in favour (obviously) of stopping the vandalism, wouldn't having it located on a page with a lot less watchers be even riskier? --TheSandDoctor ^Talk 09:55, 25 November 2018 (UTC)[reply]

In principle, it is correct that the template is watched by a far lower number of people, but as it is full protected, one needs another compromised admin account to vandalize it. So far all compromised admin accounts were discovered within minutes (though it still takes time to lock them). Page as it is now can be edited by extended confirmed users, and we have a plenty of extended confirmed accounts to compromise.--Ymblanter (talk) 10:06, 25 November 2018 (UTC)[reply]

• Me thinks this to be unnecessary; though the efforts are quite well thought-out and deserves praise:-). EFs can be easily exploited.∯WBG^converse 12:36, 25 November 2018 (UTC)[reply]

• This is fine as a temporary solution. The problem is that admin accounts have been compromised and the template will have far fewer watchers than the article. A solution that addresses the root cause is what we need long term. Compromised accounts have been editing the article and some related articles for more than two years. They are easily identified by their edit history. - MrX 🖋 14:17, 25 November 2018 (UTC)[reply]
• I actually think this is a fine idea and could be maintained indefinitely. The entire infobox has been subject to lots of discussion and is now in a consensus-defined condition - so that virtually all changes to the infobox nowadays get reverted. In other words there is no problem with keeping the infobox in a permanently locked state. We would just have to make sure that lots of us put the infobox template on our watchlists. -- MelanieN (talk) 14:27, 25 November 2018 (UTC)[reply]

I think that would be inconsistent with policy. I would strongly object to any article content that can only be edited by admins. Also, nothing prevents a compromised account from removing the template from the article, and restoring a vandalized version of the infobox. Something needs to be done about the cause. In other words, the compromised accounts.- MrX 🖋 14:33, 25 November 2018 (UTC)[reply]

• I support this idea for this article only for a period of time needed but not forever. It's not a grand sweeping slippery slope of top down control over Wikipedia content, but a pragmatic temporary solution for a single article under special circumstances. -- GreenC 15:42, 25 November 2018 (UTC)[reply]
• I support this as a temporary measure, but in the long(er) term suggest using an edit filter, as discussed on the talk page. This would allow constructive extended-confirmed editors (hopefully like myself) to edit the rest of the infobox, series, etc without needing to submit a protected-edit request. --DannyS712 (talk) 02:53, 26 November 2018 (UTC)[reply]

This has been created through by an undisclosed paid editor on Upwork. Jon posted at https://www.upwork.com/job/Wikipedia-Content-Editor_~0167379bb6e4c6a4e9/ — Preceding unsigned comment added by 189.188.64.111 (talk) 15:13, 25 November 2018 (UTC)[reply]

the things are wrong — Preceding unsigned comment added by Zhangliping (talk • contribs) 15:29, 25 November 2018 (UTC)[reply]

I am able to see this message on main page history without even logging in. Is there some issue with the Oversight privileges? https://drive.google.com/file/d/1xM9FCmBMGwW3Wb4x0nSFI6OOHwOYZHYj/view?usp=drivesdk — Preceding unsigned comment added by 125.63.125.251 (talk) 15:39, 25 November 2018 (UTC)[reply]

No, just something weird with a template not substing properly. Primefac (talk) 16:23, 25 November 2018 (UTC)[reply]

Additionally, those edits were not "oversighted" they were only "deleted", just seems like an odd template preview in mobile view. — xaosflux ^Talk 16:27, 25 November 2018 (UTC)[reply]

[13]

Courtesy pinging TheDragonFire (talk · contribs) although I must stress that this is not about them, as I suspect that there's a conflict of policy on this point, and at the very worst TDF made a good-faith mistake in carelessly not reading the messages they were blanking.

Catflap08 (talk · contribs) last week sent me an email that would have been somewhat offensive if it didn't consist of laughably silly request that I not accuse him of being a Malaysian IP that harassed me a little before that (I had actually only mentioned him to say it clearly wasn't him or anyone who had interacted with me before 2018, as it they seemed completely unaware of my conflict with Catflap), and a year or so ago he sent me a much longer, more abusive email, which fact I was unwilling to disclose at that time. After the more recent incident, I requested he not send me any more emails or I would request his email access be revoked, and a week later the page was blanked. Curiously, he does not have talk page access disabled, so he is perfectly free to blank his page himself if he thinks policy allows him to do so, so using the ticket system is ... well, weird. It looks like he knows he's misbehaving and so wants to trick other people into covering his tracks for him.

He's been evading his ban by editing while logged out, and his continued use of email clearly implies he does not intend to respect his SBAN, so I'm wondering what could be done about it at this point? Just remove talk and email access and leave a notice on the page asking other editors to be careful if they receive requests to "courtesy blank" the page?

Hijiri 88 (聖やや) 15:42, 25 November 2018 (UTC)[reply]

Users are

courtesy blanks of user talk pages to help users move on a little. If however, this user is continuing to cause disruption then by all means remove email access and SPI into oblivion. TheDragonFire (talk) 16:48, 25 November 2018 (UTC)[reply

]

it is very standard practice for OTRS to handle

courtesy blanks Okay, so that's the "conflict of policy" thing I mentioned above. Our policy on blocked editors is not that they are entirely free to remove messages they receive on their talk pages when those messages are appeal denials, and while that doesn't necessarily apply to non-admin, involved warnings about abuse of the email system, we must also bear in mind that Catflap is not just blocked, he is subject a site ban (those exact words were used) and so is no longer considered to be a member of the English Wikipedia community, so standard practice when it comes to editors editing their own user pages also doesn't necessarily still apply. And yeah, Catflap has most definitely been abusing his continued permission to use email, was probably abusing the ticket system given that he still has talk page access enabled, and has been actively evading his ban apparently whenever he feels the urge to do so, so ... yeah, I think email access, and probably also talk if he's gonna continue using the ticket system, also needs to be withdrawn in this case. Hijiri 88 (聖やや) 00:42, 26 November 2018 (UTC)[reply

]

The guideline only relates to what the editors themselves may do, not what we may do. In any case it's irrelevant here because Catflap08 did not have anything on their page which couldn't be removed (unless it was removed before). There's definitely nothing in the guidelines which apply to warnings about misuse of the email system whether from admins or anyone else. Those can be removed at any time, just as with any other warnings.

Also I think it's clear from many previous discussions that our blanking policy still applies no matter whether editors are cbanned or whatever else. No matter how atrocious an editor's behaviour is, we do not punish them by leaving around unnecessary content. We only keep stuff we've determined we should keep for reasons of administrative efficiency, tracking misbehaviour etc.

I don't see any evidence of abuse of the ticket system. The fact that talk page access remains doesn't mean they are forbidden from using the ticket system to ask for stuff to be removed from their talk page especially if they are unclear on what they may do. Anyone who has dealt with this before knows there's a lot of confusion about what editors may remove from their talk page and when, and your own comment seems to support this. In fact this case seems even more confusing since IIRC they are still ibanned from interacting with you and while it seems a moot point while they are cbanned, they could have had apprehension about removing content you posted.

I do agree from your description they have misused email and there's already justification for removal and it definitely should be remove if it continues. While I'm not completely opposed to removal of talk page access especially since they have been socking plus misusing email so are unlikely to be able to file an appeal anytime soon, but there also doesn't seem to be any real reason to do so since it doesn't seem like they've misused access. I mean they didn't even blank like they were allowed to but instead asked for it via a ticket.

Nil Einne (talk) 09:27, 26 November 2018 (UTC)[reply]

@Nil Einne: It's peripheral, but no, Catflap08 is not technically banned from interacting with me, except insofar as interacting with me on-wiki or by means of inappropriate use of the email function could be considered a violation of his site ban. And he knows this, because his last logged-in edit was to remove a message from me, specifically informing him of the discussion on this noticeboard to remove our IBAN. So good-faith apprehension about removing a message from me would not explain the use of OTRS. Hijiri 88 (聖やや) 16:15, 26 November 2018 (UTC)[reply]

I would personally suggest that moving (calmly I might add) off-wiki after being sanctioned shows more restraint than most banned users have. Either way, if someone really wants to unblank their talk page then go right ahead, but I think it's needless grave dancing. King of Hearts or Oshwah, if you consider it prudent please flip Catflap08's TPA and email bits, and we can all have ourselves a beverage of our choice. Cheers. TheDragonFire (talk) 11:14, 26 November 2018 (UTC)[reply]

FWIW, I suggested talk access be removed not because I think Catflap08 has been abusing his talk page privileges (how could he, when he hasn't used them in 20 months?) but because he is already acting like it has been removed. I can take that or leave it. The email thing, though ... well, I received a forwarded email from User:Sturmgewehr88 back in April 2015 that was essentially a coy, passive-aggressive forerunner to what became Catflap's recurring "Hijiri 88 and Sturmgewehr 88 are both neo-Nazis" schtick (out of context, which is how it was originally received, we both agreed it looked like weird but benign tomfoolery, but given how he later harped on about our Nazi-like usernames in public it was clearly meant as a threat), the harassing message he sent me in July 2017, and the above-mentioned email from last week, combined with the fact that he was almost definitely using email to violate our IBAN by proxy back when it was still in place ... I can't honestly think of any reason why his email access would still be enabled. Hijiri 88 (聖やや) 16:06, 26 November 2018 (UTC)[reply]

I'm happy to restore remove the user's talk page access if others believe it to be necessary - just let me know. :-) ~Oshwah~^{(talk) (contribs)} 23:43, 26 November 2018 (UTC)[reply]

@Oshwah: There seems to be a misunderstanding. Cetflap08 already has talk page access enabled, but used the OTRS system for some reason that is difficult to take in good faith due to his block evasion and abuse of the email service. I'm fine with him maintaining talk access as long as he's not abusing it -- and I recognize that acting like he already doesn't have it is not in itself an abuse -- but he probably should have email disabled. Hijiri 88 (聖やや) 00:11, 27 November 2018 (UTC)[reply]

Sorry, I used the wrong word in my response - fixed. I'll be more clear in my response here: If he's not abusing talk page access directly, then we should leave it alone. OTRS has the ability to handle issues of abuse if it's deemed to be necessary (like removing email access) - I'll leave that for them to do. If the community has any concerns or reasons why talk page access should be revoked, let me know. I apologize for my ambiguity earlier. :-) ~Oshwah~^{(talk) (contribs)} 00:16, 27 November 2018 (UTC)[reply]

• Hzh overall edit count - 88,527 edits, most edited articles are American Idol, History of Tottenham Hotspur F.C., List of American Idol alumni album sales in the United States, Pipa, List of American Idol alumni single sales in the United States, etc. Pop culture and sports.
• Hzh's editsat Talk:Sci-Hub 183 since Oct 16, per page editing stats, is #1 contributor there, followed by me and Guy.
• article contribs (only 3, which were edit-warring against another editor and me over "fraudulent" with respect to Sci-Hub's use of other people's credentials.

prior discussions

• User:JzG -- thread opened by Hzh 16 November; closed 17 November as "content dispute"
• Talk:Sci-Hub#RfC_on_word_usage RFC posted by Hzh, withdrawn after only a little bit of fuss, as being not-neutral
• RSN posting by Hzh
• warning from me about making misrepresentations on the talk page
• last warning from me about making misrepresentations.

The content dispute is about how to describe a) how Sci-Hub obtains credentials and b) how Sci-Hub uses credentials it obtains. (Briefly, Sci-Hub obtains (through various means) legitimate user names and passwords, and presents them to libraries, misrepresenting itself as the person to whom the credentials were granted, in order to get access to paywalled content, which it then stores on its servers).

Per the stats above, this posting is about Hzh's behavior at Talk:Sci-Hub. It is not about the content dispute. They have

• a)
  WP:BLUDGEONed
  the talk page (the 183 edits);
• b) continually misrepresented what other editors are saying and what sources say (see two warnings above for examples; I can provide more -- this has been incredibly frustrating); and
• c) has always said "not this" or "not that" and never helped propose comprehensive content summarizing what the sources actually say about how the site obtains credentials (e.g diff, diff; and
• d) in their "not this" comments, consistently
  • (i) criticized the content of the sources (e.g here with opening ground-shifting snark and here, and here) and
  • (ii) demanded that content quotes the sources, instead of summarizing them (e.,g diff, diff) and
  • (iii) constantly ground-shifting, making it impossible to move forward and resolve issues (snark diff above, see also diff, diff (what does that comment even mean?), diff bringing up other issues about "dangers" which this RfC proposal was not addressing - ARGH).

If you try to review the talk page, you will find that almost every section is derailed, mostly by Hzh. We have not made progress resolving the issues after more than a month. Their very first comment argued strenuously that there is some actual difference between "piracy" and illegal copyright infringement. That is pretty much how it has gone since then. Guy has said to them many times that WP is not a place to RGW or where we can act as though law is not what it is, first gently and then with increasing clarity. (this is what prompted Hzh's ANI filing). To show the depth of the RGW/IDHT here, in this diff they compared copyright law to laws making homosexuality illegal. That is about as close to the Godwin's law as one can get without going there.

This has been the definition of tendentious behavior at a talk page, and is wasting everyone's time. I am not sure what the most appropriate solution is, but some kind of restriction seems appropriate, so that we can get work done. Jytdog (talk) 02:58, 26 November 2018 (UTC)[reply]

• This shit again? Remind me again why Hzh wasn't TBANned after the last ANI? Hijiri 88 (聖やや) 04:43, 26 November 2018 (UTC)[reply]
• Reply I think it should be noted that this ANI came about after I requested opinions on RSN on a source given by Jytdog to support the content he added - [14]. He said I had misrepresented the source - Another misrepresentation, and made two demands to change. For the first demand, as I explained, it was his own confusion of "review process" with editorship (the two things are different for publication of research papers), but although many would consider the review process to be essential, it is not that an important point on the question of the validity of this particular source to waste time arguing over, I struck off the wording. However I refused to accede to his second demand, at which point he decided that I had been disruptive and that an ANI is necessary. Note also that the RSN came about only because I had questioned the source in a number of places (it was also questioned by another editor Smartse [15]), but Jytdog indicated that he would not reply to me on the source because I did not discuss it at the section he wanted it discussed - [16]. This I duly did, [17], but he chose not to reply, at which point I took the issue to the RSN [18].

I'll address the issues involved as best as I can:

• The questions I raised in the Sci-Hub talk page are related to the basic policies of
  WP:NPOV. Allegations are stated as facts in the article, Where words like "allegedly" [19] or "publishers have alleged" [20] are found in the sources, they are ignored. I raised some of the issue at Talk:Sci-Hub#Problematic wordings
  .
• If it is necessary to summarise the sources, then the sources actually need to say what the content says. Words in the sources like "allegedly" should not be ignored, and accusation should not be stated as fact. In the case of the "black market", the validity of the Scholarly Kitchen source is being examined in the RSN, and the only valid source given did not use the word "black market", and it also did not offer any evidence for the claim. Although it is asserted that the content is well-sourced, when examined closely, the sources are problematic, for example the SK article in the RSN.
• I'm just one of a number of editors who objected to the way the word "illegal" is used (e.g.
  voice of Wikipedia [21], Guy Macon
  and others. The discussion on piracy is quite wide-ranging, and I would suggest that those who want to take a close look then should read the full discussion rather than address the specific here (although I won't mind discussing it here if others want to).
• The RfC was due to the claim that proofs are unnecessary for the claims made by Guy in the article [22]. Since this is a violation of Wikipedia policies on
  WP:V
  , it made it hard to phrase it in a way that does not tell us what the answer must be.
• As for the warnings, Jytdog issued a 3RR warning for the 2 reverts I made, but ignore the 2 reverts made by another who agreed with him [23][24]. He asked me to discuss when I was still discussing. He had actually decided to edit the article on the contested use of such words [25][26] just saying that he would not discuss further [27]. Other warnings appear to be his misunderstanding of what I wrote, and he appears to ignore my explanations. He warned about mispresentation (which appeared to his misundertandings), but misrepresented the source given (claiming that it better supported the content when that is not true) as well as what I did on the talk page e.g. You have never offered any content suggesting how to better summarize the sources, when I did in a few places, e.g. [28][29], one of which he even accepted [30].
• I have no idea where the charge of ground-shifting comes from since they refer to different things, for example. one is about his use of a self-published attack site [31], another is about the validity of the source Scholarly Kitchen (a blog established by Society for Scholarly Publishing, therefore an organisation with a conflict of interest), while a third is a discussion on the word "fraudulent" that is not supported by the sources used, including the SK one, etc. I'm not aware that you need to discuss only one topic in different discussions. I'm not sure what issue Jytdog has with the others since it is quite clear what I wrote, for example, I stated my concerns, and that we can go back to it later. Everything may become clearer when other issues get addressed, and the RfC may become simpler. I simply don't see how I could be derailing anything. As Jytdog himself later objected to Elephanthunter's proposal, his objection should not be taken as derailing the discussion, nor indeed in other parts where Guy has agreed with my suggstions but Jytdog had objected [32]. This is just part and parcel of a discussion.

It should be noted that many of the issues had been caused by edits by Jytdog. His behaviour has not been helpful in the discussing his edits, for example making trivial complaints about the word "darknet" I used, insisting that I used "black market" [33], then saying the two words have no important differences in meaning [34], then complained that I was too "literal" in demanding sources that support the wording [35] when the sources used don't mention "darknet" or "black market". The wording should be how he decides it to be, even when it is contested, for example the use of the word fraud and fraudulent I gave earlier - he stopped discussing [36] then made these edits [37][38].

As for the edit counts, since I started commenting on this talk page, I have made 95 signed comments (9 more are duplication by Jytdog as he wanted to reorganised the comments), Guy made 91 (11 more are duplications by Jytdog in the reorganisation), Jytdog made 77 (these are rough counts, but the true number should not be far off). I have a higher edit count as I tend to copyedit and adjust before anyone else has replied, which is acceptable practice per

WP:REDACT. If racking up edit counts because of copy-editing and adjustments before someone else has replied is not acceptable, then I apologise and will refrain from doing so again. The reason I did not make more edits to the article itself is because I thought they should be discussed properly first before they are added, and talk page is the place for discussion on contentious edits. Hzh (talk) 14:26, 26 November 2018 (UTC) (adjusted)Hzh (talk)[reply

]

To cut down on the number of edits due to copy editing and adjustments, try using 'Show preview' before you publish your changes. Preview can be used repeatedly until your edit looks the way you want it to. BlackcurrantTea (talk) 15:01, 26 November 2018 (UTC)[reply]

That is true, and I do use it, but I will use it more often. I guess I developed the habit to avoid edit conflict where a large edit sometimes becomes lost when saving, but I guess a wall of edits by one person can be off-putting to others, so I will try to cut it down next time. Hzh (talk) 15:20, 26 November 2018 (UTC)[reply]

What Hzh did there with "darknet" directly on point. They have been insisting on literal support for the negative ideas -- this has been a constant theme. So no, the exact word is not trivial to them at the talk page. So you see, they misrepresent things (now their own behavior) even here. Their post in general is full of distraction and ground-shifting. This is what we have been dealing with at the talk page. It is not about content. Jytdog (talk) 17:11, 26 November 2018 (UTC)[reply]

Hzh's comment entirely exemplifies the problem. See, for example, the comment on the word "illegal". The article changed to "piracy" (a term Sci-Hub apparently embraces), but for weeks afterwards, Hzh challenged use of the word illegal even on Talk on the basis that taking credentials to which you have no right, using them to download copyright material, and offering that copyright material free to download, is somehow not "illegal" in some corner of the world he has yet to actually identify. He also relentlessly opposes the use of the term computer fraud to describe the use of other people's credentials to take material from publishers' servers, mainly because it contains the word "fraud" and in Hzh's mind Sci-Hub are brave mavericks, not crooks. The possibility that one can be both at the same time, as pretty much every single sources says Sci-Hub is, does not seem to be a valid argument to him. Guy (Help!) 17:59, 26 November 2018 (UTC)[reply]

It seems like you are arguing you should be able to use any word just because it is the talk page, whether it is correct or not. For example you insisted all over the talk page that copyright infringement is theft, just a few here - [39][40][41], when the US Supreme Court has already specifically ruled that this is not so in the Dowling v. United States (1985) case. Perhaps if you are more careful with your wordings, others wouldn't challenged you, or are you arguing that you shouldn't be challenged in your assertions and say anything you want in the talk page? Hzh (talk) 23:29, 26 November 2018 (UTC)[reply]

• Comment I'm involved, but this is just an ordinary content dispute and I see no need for administrative action. SmartSE (talk) 17:28, 26 November 2018 (UTC)[reply]

I believe we could have worked out this content dispute a long time ago, if it weren't for Hzh's behavior. Jytdog (talk) 17:42, 26 November 2018 (UTC)[reply]

• TBAN please. Hzh is basically sealioning and has been for weeks. Guy (Help!) 17:51, 26 November 2018 (UTC)[reply]

• @JzG: - What should be the scope of the TBAN? Beyond My Ken (talk) 22:30, 26 November 2018 (UTC)[reply]

Thus far I have seen the issue only at Sci-Hub, though presumably we'd also have to include Alexandra Elbakyan. There's been none of the pointy removals of links to Elsevier or addition of other dubious "free" links that we saw with other users. Guy (Help!) 23:47, 26 November 2018 (UTC)[reply]

• I don't remember how I originally found the article. I came back to it because Guy invited me to on my talk. I helped negotiate the "piracy compromise" IIRC. I tried to come back to it a couple times, but the discussion was so disjointed and exceedingly difficult to make sense of, it just crossed my eyes and I went on and did something else instead.

Umm...Hzh is incessant at editing their own comments. So any raw edit count is pretty misleading as an argument for bludgeoning. From what I can tell, they've not been super congenial on the talk, but neither has everyone else. There's walls of text here and there for sure, but they don't all belong to Hzh, nor the longest of them as far as I can tell. There is likely a good argument to be had that, when using controversial terms,

we need to stick closely to what the sources say

. It is perfectly possible that Hzh is only slightly sympathetic and is being wrongly characterized as (to borrow a phrase) "a fanboy". Which that phrase is not terribly helpful even if true. I don't like the idea that if "I have friends and you don't, and you're civil, then you're sealioning". That's not always the case. I tend to agree that this is a content dispute and repeated efforts by the more noticeboard-savvy-side to file noticeboard complaints is probably less evidence of a problem, and more evidence that the more noticeboard-savvy-side has tried repeatedly to seek sanctions and has failed.

I've worked with and disagreed with both Jyt and Guy. And I admit to just not caring enough about SciHub to invest that much personal time. But it's hard to see this as more than a content dispute. GMG^talk 00:31, 27 November 2018 (UTC)[reply]

• Sbelknap (talk · contribs · deleted contribs · logs · filter log · block user · block log)

Sbelknap is currently topic-banned "from all articles, pages, and discussions involving finasteride, dutasteride, or sexual health,

• Support in the spirit of the
  a return to the previous form will likely result in more extensive sanctions. ——SerialNumber54129 17:19, 26 November 2018 (UTC)[reply
  ]
• Am posting a notice of this at
  WT:MED.. Jytdog (talk) 18:05, 26 November 2018 (UTC)[reply
  ]
• I don't think so. This was just over 6 months ago and his editing was egregious, vanity spamming and pushing a POV that he hoped to elevate from its current fringe position by popularising it through Wikipedia. Guy (Help!) 23:55, 26 November 2018 (UTC)[reply]
• Oppose at this time. In May, I described Sbelknap as a "bullheaded editor claiming some special level of expertise as justification to push their own point of view". Before lifting the topic ban, I want to see convincing evidence that this editor has abandoned bullheadedness and POV pushing. Cullen³²⁸ Let's discuss it 01:23, 27 November 2018 (UTC)[reply]
• oppose per Cullen --Ozzie10aaaa (talk) 10:17, 27 November 2018 (UTC)[reply]
• Oppose the important part of
  WP:SO is not merely the six month wait, it's the convincing evidence that they have changed and improved. Absent clear evidence of that, the standard offer is not automatic, and I'm going to have to agree with Cullen on this. If we don't have evidence anything has changed, we have to presume they will continue. --Jayron32 17:36, 27 November 2018 (UTC)[reply
  ]
• Oppose What Jayron said, basically. No evidence of intent to do differently, then no change in the status quo. Courcelles (talk) 17:40, 27 November 2018 (UTC)[reply]
• Oppose - Also per Cullen328. - FlightTime (open channel) 17:49, 27 November 2018 (UTC)[reply]
• weak oppose - I like to assume good faith, but an appeal after six months is premature without substantial evidence of a change in behaviour. I might support an appeal in the future, e.g., after 12 months, if there are no further incidents of concern.--Literaturegeek | T@1k? 17:57, 27 November 2018 (UTC)[reply]

I have made every effort to comply with the topic ban. The topic ban did not provide much detail, so I interpreted it as covering topics related to the ICD-10 schema for sexual dysfunction. (Shortly after the topic ban, I suggested to Doc James that he add a meta-analysis to the testosterone article, but then learned that even posting a suggestion on a talk page on a banned topic might be considered a violation of the topic ban, so I haven't done that again.) I have made more than 1,000 edits since the topic ban; I believe nearly all of these would be considered constructive by any objective standard. I have also resurrected a redirected stub for the Dietary Guidelines for Americans wikipedia article - expanding this into a decent article, and engaged in productive collaboration with numerous editors on multiple topics. (For example, chlortalidone, Long-term effects of alcohol consumption, metformin, amoxicillin, chloramphenicol, Ford Taurus, moose, and others). The question you all are asked to answer is this: does six months of diligent effort as a wikipedia editor, with many productive contributions, constitute evidence of improvement as an editor? Sbelknap (talk) 21:38, 27 November 2018 (UTC)[reply]

• Weak oppose Well Sbelknap is getting better, they still regularly forget to sign their talk posts. And still provide undue weight to specific positions. So not ready yet for a very controversial topic area. Would recommend they try again in another six months. Doc James (talk · contribs · email) 23:14, 27 November 2018 (UTC)[reply]
• Support per Serial Number 54129's reasoning. We actually need subject-matter professionals, working in the topics they know well. I think the opposers are asking to prove a negative. The editor hasn't been in "bullheaded editor claiming some special level of expertise as justification to push their own point of view" trouble since the T-ban (that I know of). Utter temperamental perfection isn't something we demand of people, and what is or isn't due weight in medicine is a hotly argued topic (see
  diffed fault I see here, but a subjective, loosey-goosey feeling, like not quite a full pound of flesh has been extracted yet. Finally, many first-time topic bans are only for 1-3 months; 6 months seems like a reasonable timespan to appeal one, by someone who's not some asshat here to convince the world that [insert religion here] is the one true way, or blithely running toward a site-ban due to aggressively promoting some company or product. PS: forgetting to sign posts, and other such trivia, has nothing to do with the matter.  — SMcCandlish ☏ ¢ 😼  01:53, 28 November 2018 (UTC)[reply
  ]
• weak oppose Sbelknap believes very strongly in evidence-based medicine (EBM) (like a lot of members of WPMED) but (like a lot of members of WPMED) can take that too far into advocacy; overriding descriptions of medical practice and guideline recommendations with his best reading as an expert of the evidence. That tendency, along with their passion about the finasteride class of drugs, is what led to the TBAN. What I have been looking for is self-moderation of the EBM advocacy and self-awareness about it. There have been two incidents since the TBAN was put in place where this arose - on the alcohol stuff that led to the ANI (it wasn't horrible but very present) and recently at metformin (where it was very present; this has been managed without dramaboard). With that underlying issue not self-managed yet, unTBANing would put us in the nearly the same bucket we were in before at finasteride. So not yet. There has been improvement, but not yet. Jytdog (talk) 22:33, 29 November 2018 (UTC)[reply]

People watching this page might be interested in looking through the specific category at m:Community Wishlist Survey 2019/Admins and patrollers. At the moment, the most popular proposal that is specifically admin-related is m:Community Wishlist Survey 2019/Admins and patrollers/Create an integrated anti-spam/vandalism tool.

For the newer folks: Voting is open for approximately another four days. The Community Wishlist uses straight approval voting (i.e., "oppose votes" are pointless). Vote for as many proposals as you want. The top 10 vote-getters will be addressed by the devs. There is a ===Discussion=== section on each proposal, and that's the best place to report any concerns or document particular use cases. WhatamIdoing (talk) 19:47, 26 November 2018 (UTC)[reply]

@

Iridescent 23:12, 26 November 2018 (UTC)[reply

]

Sigh, is there any chance of old wishes becoming fulfilled? I wished back in 2016 that you would fix the "hiding" bug (link) (The phabr ticket is from 2007 (!))...but, frankly, it looks as if the task is just shuffled from one incompetent developer to another. Huldra (talk) 23:27, 26 November 2018 (UTC)[reply]

Personally, I use old lists to see what would be nice to work on. The Community Tech team doesn't look at them, though, so wishes that aren't taken on by the team must be resubmitted each voting period until they are. Enterprisey (talk!) 00:34, 27 November 2018 (UTC)[reply]

Iridescent, the oppose vote (the vote itself, rather than any comments that follow it) is pointless. Informative comments about why the proposal is a bad idea (or how it must not infringe upon a particular non-obvious process, etc.), however, can be extremely helpful.

CommTech's promise is to "address" the top 10 vote-getters. Usually, if the "addressing" is going to involve words like "the PM says you'll implement that only over his dead body", then the proposal is removed before the voting stage. But in the general case, there is a gap between "addressing" and "implementing", and I hear (although I've not bothered to check) that one or two wishes most years end up not getting implemented (e.g., if the proposal is significantly more complicated than initially estimated).

Huldra, maybe next year we should all band together and try to push that one to the top. I think these last couple of years have shown that the first-place position goes to the organized. As it stands now, I don't think that any admin-specific proposals are likely to win. WhatamIdoing (talk) 01:46, 27 November 2018 (UTC)[reply]

WhatamIdoing, well that bug isn't really admin-specific, it is the reason I miss out major vandalism, as changes do not come up on my watch list if there has been a bot editing after the vandalism.(You can, eg first vandalise, then at the same time add a cn template....a bot will come along in minutes and add the date to the cn template, and presto: your vandalism does not come up on peoples watch lists...) And I am totally, utterly disgusted by the incompetence of the WMF developers, who haven't managed to fix this major bug in over a decade. To be blunt: I have given up asking for anything from the WMF developers. Huldra (talk) 22:26, 27 November 2018 (UTC)[reply]

• Frankie0607 (talk · contribs · count · logs · page moves · block log)
• JDiPierro (talk · contribs · count · logs · page moves · block log)

These users were indefinitely blocked as a compromised account, their rollback rights have to be removed. --

• • Why? --Floquenbeam (talk) 01:29, 27 November 2018 (UTC)[reply]
    • Yeah, I was kind of wondering. Now, I get that rollback was abused by whoever compromised the account; however, the account is globally locked and can't to anything at all at this point. Since the original owner does not appear to have attached an email address, it is very unlikely the true owner would be able to regain access to the account, so the global lock is (in all likelihood) permanent. Removing the permission won't have an impact on the account.
      B dash, is there some other reason to do this? Maybe we're missing something. On the other hand, I have no opposition to stripping any compromised accounts down to "confirmed user". Risker (talk) 01:36, 27 November 2018 (UTC)[reply
      ]
      • No, just for security concern, regards. --
        talk) 01:43, 27 November 2018 (UTC)[reply
        ]
        • If they do somehow regain control of the account (and it's unlocked), they would need to be given back rollback, taking up a bit of time that would have otherwise been saved. Currently, they can't do anything with it since they can't login. I don't see a reason to remove the permissions. Vermont (talk) 01:48, 27 November 2018 (UTC)[reply]

The accounts are globally locked, meaning that login and authentication abilities for them are completely cut off and across all WMF sites and projects... they're essentially completely dead accounts and 100% inaccessible and unusable by anyone. Hence, there's no need to remove the user permissions from these accounts (see this section of Wikipedia:User access levels for the typical norm regarding this situation). If a Steward decides that unlocking the accounts are appropriate, it's because they have checked, verified, and are satisfied that the rightful owners have regained access to them. ~Oshwah~^{(talk) (contribs)} 08:34, 27 November 2018 (UTC)[reply]

Well technically, as the footnote you linked says, it's because we had an RfC about this, which confirmed that there's no reason to remove perms like this in situations like this. Stewards don't make enWiki policy. ~ Amory (u • t • c) 12:15, 27 November 2018 (UTC)[reply]

Per T150826, admins and crats can no longer unblock themselves, unless they placed the block initially. SQL^{Query me!} 02:42, 27 November 2018 (UTC)[reply]

• It should be noted for the record that this change was unilaterally and globally implemented by a few WMF devs who were aware of an ongoing discussion at
  WP:VPP, and arbitrarily decided to ignore it. Thanks WMF!  Swarm  talk  03:22, 27 November 2018 (UTC)[reply
  ]

  Discussion link SQL^{Query me!} 03:31, 27 November 2018 (UTC)[reply]

@Swarm: It certainly makes a change from the self-same WMF devs generally ignoring and then taking months to implement community decisions :D ACPERM, anyone...? ——SerialNumber54129 08:42, 27 November 2018 (UTC)[reply]

Minor correction. Years, not months. --Jayron32 17:27, 27 November 2018 (UTC)[reply]

Counterexample:

Community making a decision: Wikipedia:Village pump (policy)/RfC: Wikimedia referrer policy

Closing comments for above RfC: "From the below discussion, there seems to be a consensus for Question 5 (As far as possible/practical, should referrer information contain no information? (silent referrer))." and "The majority seem to favour prioritising user privacy over assisting external sites."

WMF Ignoring the consensus of the community: Wikipedia talk:Village pump (policy)/RfC: Wikimedia referrer policy#Response to RFC.

I'm just saying. --Guy Macon (talk) 14:30, 27 November 2018 (UTC)[reply]

• On the whole, I'm mostly unconcerned about this. I voted the other way in the discussion, but I can also see where recent compromises to site security may have pushed the devs hand to move faster than the community would have otherwise. The self-block exemption removes most of my objections anyways (my only block was an accidental self-block that I reversed a few seconds later. It's not that hard to do when you have multiple tabs open and click the block button with the wrong tab open...), and it allows us to more quickly respond when another compromised admin account goes rogue. I'd rather it didn't have to come to this, but wishing we didn't live in a world where this was probably necessary doesn't bring that world into existence. --Jayron32 17:32, 27 November 2018 (UTC)[reply]
• Hopefully there is also a block rate limitation, so that out-of-control blockers can be limited in their damage. Perhaps one block per minute is acceptable. Graeme Bartlett (talk) 22:15, 27 November 2018 (UTC)[reply]

@Graeme Bartlett: Checkusers often block many accounts (easily 20+) in a single click from the CU interface.-- Jezebel's Ponyo^{bons mots} 22:27, 27 November 2018 (UTC)[reply]

In that case we may need a limit of say 100 per hour. Graeme Bartlett (talk) 23:24, 27 November 2018 (UTC)[reply]

Or 10 admins per hour... :) --Floquenbeam (talk) 23:42, 27 November 2018 (UTC)[reply]

That would do! Graeme Bartlett (talk) 02:08, 28 November 2018 (UTC)[reply]

This has been proposed in the phabricator ticket, i.e. introducing a rate limit on blocking only when blocking users who may block. ~ Amory (u • t • c) 03:02, 28 November 2018 (UTC)[reply]

• Theoretically, couldn't someone compromise an admin account and then block all the other admins, and essentially destroy the site? I mean, the odds are pretty low, but...
  💸 12:58, 28 November 2018 (UTC)[reply
  ]

• Such a situation can be fixed by some kind of "Super user" that I am sure exists. --DBigXrayᗙ 13:20, 28 November 2018 (UTC)[reply]

It is technically possible to wipe out Wikipedia via a compromised account - until the Stewards nail them. A few years back this happened on a site I helped run - a retired admin who we forgot to desysop properly took exception to a post, deleted two admin accounts, wiped the discussion boards and Twitter feed, and blocked anyone from posting. Fortunately, I had root access to the server and backups :-) Ritchie333 ^{(talk) (cont)} 13:34, 28 November 2018 (UTC)[reply]

• This is basically exactly, to-the-letter the thought I posted here, so either the dev(s) who implemented this had the exact same thought or happened to read what I said. If it's the latter I apologize for sowing the seed, I obviously intended the proposal to be discussed first, even though the net result isn't necessarily something I disagree with.
  ✉ 19:18, 30 November 2018 (UTC)[reply
  ]

I have had an off-wiki request from Elisa.rolle (talk · contribs), who was blocked indefinitely in August and does not want to return, saying she would like to delete all of the articles she has created. The motivation for this is several of her articles, such as Thomas Francis McCaffry have been nominated for AfD by Dlthewave, including claims of copyright violations by Justlettersandnumbers, and (without trying to prejudice the result) seem destined to be closed as "delete". She appears to have lost confidence in any of her work, and would rather put it on her own website where Wikipedia policies don't affect her. I'm not saying this is a good or a bad thing, just reporting what I think's going on.

As a basic rule of thumb, Elisa's creations can be found at Wikipedia:Contributor copyright investigations/Elisa.rolle. I'm hesitant to go through the lot and delete them per G7 / G12 (if the latter applies) as I believe this would be controversial. So I'd like to ask the community what options we've got. Ritchie333 ^{(talk) (cont)} 11:32, 28 November 2018 (UTC)[reply]

I am afraid we need to open a CCI, which will probably take forever since this is I guess the most backlogged area of Wikipedia.--Ymblanter (talk) 11:38, 28 November 2018 (UTC)[reply]

A CCI has been open since March; I linked to it above. Ritchie333 ^{(talk) (cont)} 11:38, 28 November 2018 (UTC)[reply]

I see, indeed. Well, then we have to go through it and G7 delete what it could be deleted, and remove copyvio where it could be removed.--Ymblanter (talk) 11:54, 28 November 2018 (UTC)[reply]

• The usual rules for
  G7 should apply, "If requested in good faith and provided that the only substantial content of the page was added by its author." Andrew D. (talk) 11:49, 28 November 2018 (UTC)[reply
  ]

(

WP:G7, If requested in good faith and provided that the only substantial content of the page was added by its author; but, with the amount of time that's passed, the latter seems unlikely. In fact, I might question whether even the former applies. ——SerialNumber54129 11:55, 28 November 2018 (UTC)[reply

]

The specific request I got read as follows : "I do not want to save the articles, as you may have notice, I have copied all the articles about LGBT people on my own website, that yes, has already started to appear before Wikipedia in specific "queer" searches. Actually I would prefer for my article on Wikipedia to be ALL deleted, but I cannot do that." I would prefer to get a consensus that it's a legitimate good faith G7 request, and not simply a reaction against being indefinitely blocked. Ritchie333 ^{(talk) (cont)} 11:53, 28 November 2018 (UTC)[reply]

Thanks for this; unfortunately, the request clearly fails the made in good faith requirement then. ——SerialNumber54129 12:10, 28 November 2018 (UTC)[reply]

Well, it's either good faith to stop us spending time at AfD or CCI, or it's bad faith because she wants to delete her work in order to compete with Wikipedia. Ritchie333 ^{(talk) (cont)} 12:19, 28 November 2018 (UTC)[reply]

I've had some dealings with this editor, and my guess is that it's the latter. Beyond My Ken (talk) 12:40, 28 November 2018 (UTC)[reply]

I suspect that you're absolutely correct, BMK. ——SerialNumber54129 12:48, 28 November 2018 (UTC)[reply]