Updated 2012-08-29 14:03:06 by LkpPo

GPS: It appears that yet another page has been vandalised (see the telnet page). As the Tcl'ers Wiki has grown I've seen an increased amount of vandalism. Sadly the world is full of immature people. Usually I would say go to the source (which is the attacker), but with the current Internet and dynamic IP addresses anonymous attackers can reign.

I have talked with JCW in the past about this and his argument was that "stores have windows, but few people throw bricks through them." Unfortunately people often don't do the right thing because it's right (and makes it easier on people), but rather because they fear retribution.

Never run unknown code from the wiki without going over it. An attacker could modify a wonderful page created by someone trusted (such as RS) and make it delete your files.

a solution: code could be signed with privacy keys, but is it worth the time to implement this... -- ro

Maybe not, but having Tcl people sign eachother's GPG/PGP keys is not a bad at all. You guys at the meeting should try and do this, if possible - davidw.

trivial restores - this is my pick. I think logging in is a pain in the $#$@$ (sorta looks like perl, dont it? ;) It would be easy to make a few people helpers. These furry little friends would just do the restores. Its not that often that people vandalise - it might be a bad browser upload or some other technical problem - or just a rough day. So thats my vote, keep the wiki simple => easy to use => dont bog me down in features and logins! I would never have started using this wiki had it logins... you might take that at as a positive or a negative ;P -- ro

Personally, I don't mind logins for edits. Since browsers can keep track of username/passwords per website, it really is trivial. And once logged in, you're done until you quit your browser (which could be days). This is what Twiki.org uses. You can read all you like, but if you want to edit a page then you login. Adds about 5 seconds to the process, and like I said, only needs to be done once. - Marty Backe

ulis, 2002-09-19: Login is a 5s step before edit and it's ok for me. RS: ...if you remember your password, yes. I have so many passwords already that I'd prefer not to add another one. Also, the threshold for new users is considerably higher this way. I'd prefer open access as now, combined with easy restore (or the ability to step the version history)... and maybe a "Bayesian vandal filter"? ;-)

LV Note that we have a few helpers - it is just that most of us are here at the conference right now. Richard, did you restore the page in question ?

Ro The page was restored ;) RS is right. The threshold for new users is so low because of the simple nature of the pages, and because of the lack of logins.

I would like to speak out in favor of vandalism. In a limited form. I tried recently to remove some code that I posted here because after a great deal of analysis and reflection I determined it was just bad.

So I vandalised the page and put a note on it saying why I had revoked the code. Horrors! Back it came immediately!! -PSE

LOL - your bad code is now part of the Internet, brotha. Live with it!!! LOL --ro

Yah, like I always tell people, and then ignore my own advice:

"Just act like you're on the exercise yard at Joliet, and there's a big guy lifting weights, eyeing you and making kissing gestures with his lips"