The Wikipedia Review: A forum for discussion and criticism of Wikipedia
Wikipedia Review Op-Ed Pages

Welcome, Guest! ( Log In | Register )

2 Pages V  1 2 >  
Reply to this topicStart new topic
> Hilarious security theater, My god, the dumb, it burns...
Vigilant
post Fri 8th July 2011, 7:26pm
Post #1


Senior Member
****

Group: Contributors
Posts: 307
Joined: Fri 24th Oct 2008, 2:04am
Member No.: 8,684

WP user page - talk
check - contribs



From here:
Security theater

"By this time, I think every arbitrator has wiped their hard drives and reinstalled their systems (or if they haven't, they should have, Jehochman is right that even top-of-the-line security software can miss things), so even a thorough forensic inspection of everyone's computer would be pointless."

Risker is so wrong on this, it's barely believable.

What has happened is that, if the leaker is a current ARBCOM member, they have buried all evidence (and even the possibility discussion) of of whomever was the real leaker.

"Oh no, I formatted my drive as Risker reccomended! No need to look here..."

One would think, that a group whose only product/project is an online database on a set of clustered servers would have true security professionals on staff before letting community volunteers have access, apparently unrestricted, to sensitive personal data.

Look at Sony, who was lax with hard security, and the extreme beatings that were administered in the press and blogs for their failure to safeguard customer data.

Shameful wikimedia foundation, just shameful.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
EricBarbour
post Fri 8th July 2011, 8:10pm
Post #2


blah
*********

Group: Regulars
Posts: 5,919
Joined: Mon 25th Feb 2008, 2:31am
Member No.: 5,066

WP user page - talk
check - contribs



That's how Arbcom rolls. That's how they've always rolled, apparently. Risker is just following in the footsteps of fellow liars and bullshitters.

It goes right back to the first Arbcom, installed by The Glorious Wales Himself, specifically to "settle disputes". They ended up spending far more time backpedaling, prevaricating, wikilawyering, and covering each other's asses than they actually did "settling disputes". If you don't believe me, look at their first-ever "decision". And in those early days, they at least got to the point quickly.

Go and look at any past decision, after 2005 especially. You see talk, talk, talk. Followed by a long list of votes on what Wikipedia is/isn't, what Wikipedia editors should do, what Arbcom is supposed to do (ha ha!), and assorted drivel. Which is bizarre, by the standards of most "courts of law" or similar adjudicative organizations--they typically don't put their reason for existing to a vote, on every bloody decision.

Then, if you're lucky, at the bottom of all that crap, you might find a "decision" somewhere. (A lot of Arb decisions just died and were closed, because someone gave up. No one has done a full exploration of the results of Arbcom decisions, yet. I bet that's partly because they would be embarrassed by the resulting revelations.)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Zoloft
post Fri 8th July 2011, 8:11pm
Post #3


May we all find solace in our dreams.
******

Group: Regulars
Posts: 1,332
Joined: Fri 15th Jan 2010, 11:08pm
From: Erewhon
Member No.: 16,621



I will quote Will BeBack here without further comment:
QUOTE

Wikipedia Review Tarpit

There may be another "confidential" archive containing personal or derogatory information about Wikipedia editors: the Wikipedia Review Tarpit, the 300 Club, and other confidential areas. It could be a problem waiting to happen, and one which would affect many of the same people as has the ArbCom leak. Perhaps people with accounts in both places who are concerned about respecting the privacy and human dignity of others could make similar efforts there. For example, it'd be helpful if admins there make sure that there isn't excessively personal information about editors in the confidential archives. Will Beback 02:24, 5 July 2011 (UTC)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
EricBarbour
post Fri 8th July 2011, 8:21pm
Post #4


blah
*********

Group: Regulars
Posts: 5,919
Joined: Mon 25th Feb 2008, 2:31am
Member No.: 5,066

WP user page - talk
check - contribs



QUOTE
There may be another "confidential" archive containing personal or derogatory information about Wikipedia editors: the Wikipedia Review Tarpit, the 300 Club, and other confidential areas. It could be a problem waiting to happen, and one which would affect many of the same people as has the ArbCom leak. Perhaps people with accounts in both places who are concerned about respecting the privacy and human dignity of others could make similar efforts there. For example, it'd be helpful if admins there make sure that there isn't excessively personal information about editors in the confidential archives. Will Beback 02:24, 5 July 2011 (UTC)

Yes, there is another confidential area, Mr. McWhiney.

Wouldn't you like to know what's going on in there, Mr. McWhiney.

Since when have you ever given a damn about "human dignity", Mr. McWhiney?
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Ottava
post Fri 8th July 2011, 8:24pm
Post #5


Über Pokemon
********

Group: Contributors
Posts: 2,917
Joined: Thu 31st Jul 2008, 6:35pm
Member No.: 7,328

WP user page - talk
check - contribs



Something in the first post got me thinking: what is to keep the leaker from, say, dropping little hints to an Arbitrator that they might not like in order to try and get the paranoid to mob attack that individual? It would seem a perfect win - 1. expose ArbCom secrets, 2. embarrass the WMF, 3. get rid of an Arb, and 4. make everyone so paranoid that they are no longer able to operate effectively.

We don't really know the motivation behind getting the information or exposing it. The only way for the Arbitrators to combat the above would be to take a position of "who cares if it was exposed" and preempt future releases by putting up some info from the major cases not yet released. That would take the thunder out of a leaker. Instead, they seem to be falling into a situation that the first paragraph could take advantage of and really hurt some people.

This post has been edited by Ottava: Fri 8th July 2011, 8:24pm
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Herschelkrustofsky
post Fri 8th July 2011, 8:27pm
Post #6


Member
*********

Group: Members
Posts: 5,199
Joined: Tue 18th Apr 2006, 12:05pm
From: Kalifornia
Member No.: 130

WP user page - talk
check - contribs



QUOTE(EricBarbour @ Fri 8th July 2011, 1:21pm) *

QUOTE
There may be another "confidential" archive containing personal or derogatory information about Wikipedia editors: the Wikipedia Review Tarpit, the 300 Club, and other confidential areas. It could be a problem waiting to happen, and one which would affect many of the same people as has the ArbCom leak. Perhaps people with accounts in both places who are concerned about respecting the privacy and human dignity of others could make similar efforts there. For example, it'd be helpful if admins there make sure that there isn't excessively personal information about editors in the confidential archives. Will Beback 02:24, 5 July 2011 (UTC)

Yes, there is another confidential area, Mr. McWhiney.

Wouldn't you like to know what's going on in there, Mr. McWhiney.

Since when have you ever given a damn about "human dignity", Mr. McWhiney?


A more interesting question might be how Mr. McWhiney knows about the 300 Club. The simplest answer would be that he has an account here with over 300 posts. Or a buddy that does.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
SpiderAndWeb
post Fri 8th July 2011, 8:36pm
Post #7


Junior Member
**

Group: Contributors
Posts: 56
Joined: Tue 28th Jun 2011, 5:02pm
Member No.: 58,319



Is it *that* hard to pull up the server logs and check which arbitrator username/password was used to pull the mailing list archives??
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
the fieryangel
post Fri 8th July 2011, 8:46pm
Post #8


the Internet Review Corporation is watching you...
********

Group: Regulars
Posts: 2,990
Joined: Tue 21st Nov 2006, 9:49pm
From: It's all in your mind anyway...
Member No.: 577



QUOTE(SpiderAndWeb @ Fri 8th July 2011, 8:36pm) *

Is it *that* hard to pull up the server logs and check which arbitrator username/password was used to pull the mailing list archives??


Apparently, yes.

Unbelievable as it may seem, they ARE as incompetent as we had imagined...
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Sololol
post Fri 8th July 2011, 8:57pm
Post #9


Bell the Cat
***

Group: Contributors
Posts: 193
Joined: Sun 10th Apr 2011, 6:32am
Member No.: 50,538

WP user page - talk
check - contribs



QUOTE(Ottava @ Fri 8th July 2011, 4:24pm) *

Something in the first post got me thinking: what is to keep the leaker from, say, dropping little hints to an Arbitrator that they might not like in order to try and get the paranoid to mob attack that individual? It would seem a perfect win - 1. expose ArbCom secrets, 2. embarrass the WMF, 3. get rid of an Arb, and 4. make everyone so paranoid that they are no longer able to operate effectively.

Good point, nothing is stopping them. They(or someone pretending to be them) may have tried/be trying to do this. I doubt Malice would bother as he doesn't seem interested in targeting a particular Arb. If he were he could easily paste together or even fabricate outrageous evidence.

QUOTE(the fieryangel @ Fri 8th July 2011, 4:46pm) *

Apparently, yes.

Unbelievable as it may seem, they ARE as incompetent as we had imagined...

I can only assume there were too many people accessing the archive to narrow down the candidates. Or they know whose account grabbed the archive but are keeping quiet to avoid further embarrassment. If I were the Arb who passed it to Malice I'd claim to my fellow Arbs I was hacked and ask them to keep quiet about it. If I were the other Arbs I'd engineer the leaker's resignation for other reasons to prevent more drama.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
EricBarbour
post Fri 8th July 2011, 9:03pm
Post #10


blah
*********

Group: Regulars
Posts: 5,919
Joined: Mon 25th Feb 2008, 2:31am
Member No.: 5,066

WP user page - talk
check - contribs



QUOTE(Herschelkrustofsky @ Fri 8th July 2011, 1:27pm) *
A more interesting question might be how Mr. McWhiney knows about the 300 Club. The simplest answer would be that he has an account here with over 300 posts. Or a buddy that does.

General consensus last year was that Matt Bisanz was leaking it to them. Probably a couple of other people doing it too.

QUOTE(Sololol @ Fri 8th July 2011, 1:57pm) *
If I were the Arb who passed it to Malice I'd claim to my fellow Arbs I was hacked and ask them to keep quiet about it. If I were the other Arbs I'd engineer the leaker's resignation for other reasons to prevent more drama.

Which points directly at Iridescent, again. I suspect that's a dry well (but don't quote me)....

This post has been edited by EricBarbour: Fri 8th July 2011, 9:04pm
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Vigilant
post Sat 9th July 2011, 8:19am
Post #11


Senior Member
****

Group: Contributors
Posts: 307
Joined: Fri 24th Oct 2008, 2:04am
Member No.: 8,684

WP user page - talk
check - contribs



QUOTE(Ottava @ Fri 8th July 2011, 8:24pm) *

Something in the first post got me thinking: what is to keep the leaker from, say, dropping little hints to an Arbitrator that they might not like in order to try and get the paranoid to mob attack that individual? It would seem a perfect win - 1. expose ArbCom secrets, 2. embarrass the WMF, 3. get rid of an Arb, and 4. make everyone so paranoid that they are no longer able to operate effectively.

We don't really know the motivation behind getting the information or exposing it. The only way for the Arbitrators to combat the above would be to take a position of "who cares if it was exposed" and preempt future releases by putting up some info from the major cases not yet released. That would take the thunder out of a leaker. Instead, they seem to be falling into a situation that the first paragraph could take advantage of and really hurt some people.


Far too elaborate for reality.

Only someone with an overdeveloped sense of paranoia would come up with such a convoluted reasoning.

Am I getting through here?

Go write your dissertation.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
cyofee
post Sat 9th July 2011, 9:39am
Post #12


Senior Member
****

Group: Regulars
Posts: 329
Joined: Sat 4th Aug 2007, 12:54pm
Member No.: 2,233



QUOTE(Herschelkrustofsky @ Fri 8th July 2011, 10:27pm) *

A more interesting question might be how Mr. McWhiney knows about the 300 Club. The simplest answer would be that he has an account here with over 300 posts. Or a buddy that does.


I don't have the eponymous 300 posts nor any friends here but I've known of the 300 club for quite some time. I always thought it was almost public knowledge, along with the fact that there supposedly aren't any smoking guns hidden there.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
radek
post Sat 9th July 2011, 10:10am
Post #13


Über Member
*****

Group: Regulars
Posts: 699
Joined: Sat 28th Nov 2009, 10:40pm
Member No.: 15,651

WP user page - talk
check - contribs



QUOTE

It goes right back to the first Arbcom, installed by The Glorious Wales Himself, specifically to "settle disputes". They ended up spending far more time backpedaling, prevaricating, wikilawyering, and covering each other's asses than they actually did "settling disputes". If you don't believe me, look at their first-ever "decision". And in those early days, they at least got to the point quickly.


Heh. Now there are 3RR requests that are longer than that.

Also interesting that this was a "Alternative Medicine" case. Seven years later...
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Bielle
post Sat 9th July 2011, 4:31pm
Post #14


Neophyte


Group: Contributors
Posts: 17
Joined: Mon 27th Jun 2011, 6:07am
Member No.: 58,227

WP user page - talk
check - contribs



QUOTE(cyofee @ Sat 9th July 2011, 9:39am) *

I don't have the eponymous 300 posts nor any friends here but I've known of the 300 club for quite some time. I always thought it was almost public knowledge, along with the fact that there supposedly aren't any smoking guns hidden there.


You do now have 300 posts. tongue.gif
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
gomi
post Sat 9th July 2011, 5:57pm
Post #15


Member
********

Group: Members
Posts: 3,022
Joined: Fri 17th Nov 2006, 6:38pm
Member No.: 565



QUOTE(Bielle @ Sat 9th July 2011, 9:31am) *
QUOTE(cyofee @ Sat 9th July 2011, 9:39am) *
I don't have the eponymous 300 posts nor any friends here but I've known of the 300 club for quite some time. I always thought it was almost public knowledge, along with the fact that there supposedly aren't any smoking guns hidden there.
You do now have 300 posts. tongue.gif

Merely having made 300 posts here on the Review has not for some time been sufficient for access to certain more restricted areas of the forum. One also must be trustworthy, loyal, helpful, friendly, courteous, kind, obedient, cheerful, thrifty, brave, clean, and reverent. biggrin.gif
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
powercorrupts
post Sat 9th July 2011, 6:24pm
Post #16


.
*****

Group: Contributors
Posts: 716
Joined: Fri 27th Jun 2008, 10:27pm
Member No.: 6,776



QUOTE(gomi @ Sat 9th July 2011, 6:57pm) *

QUOTE(Bielle @ Sat 9th July 2011, 9:31am) *
QUOTE(cyofee @ Sat 9th July 2011, 9:39am) *
I don't have the eponymous 300 posts nor any friends here but I've known of the 300 club for quite some time. I always thought it was almost public knowledge, along with the fact that there supposedly aren't any smoking guns hidden there.
You do now have 300 posts. tongue.gif

Merely having made 300 posts here on the Review has not for some time been sufficient for access to certain more restricted areas of the forum. One also must be trustworthy, loyal, helpful, friendly, courteous, kind, obedient, cheerful, thrifty, brave, clean, and reverent. biggrin.gif


I wondered why I never got an invite to this 'exclusive club' Poetlister kindly pointed out to me via email ("I see you've not been invited"). Before then I must admit I'd never heard of it. It doesn't impress me though, so yak.gif
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
gomi
post Sat 9th July 2011, 6:27pm
Post #17


Member
********

Group: Members
Posts: 3,022
Joined: Fri 17th Nov 2006, 6:38pm
Member No.: 565



QUOTE(powercorrupts @ Sat 9th July 2011, 11:24am) *
I wondered why I never got an invite to this 'exclusive club' Poetlister kindly pointed out to me via email ("I see you've not been invited"). Before then I must admit I'd never heard of it. It doesn't impress me though, so yak.gif

Yes, Poetlister is quite keen to get a peek in there, which was one of the proximate causes for the change in policy.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
powercorrupts
post Sat 9th July 2011, 6:54pm
Post #18


.
*****

Group: Contributors
Posts: 716
Joined: Fri 27th Jun 2008, 10:27pm
Member No.: 6,776



QUOTE(gomi @ Sat 9th July 2011, 7:27pm) *

QUOTE(powercorrupts @ Sat 9th July 2011, 11:24am) *
I wondered why I never got an invite to this 'exclusive club' Poetlister kindly pointed out to me via email ("I see you've not been invited"). Before then I must admit I'd never heard of it. It doesn't impress me though, so yak.gif

Yes, Poetlister is quite keen to get a peek in there, which was one of the proximate causes for the change in policy.


If I knew or thought more about it I'd have asked "how did you know?"! Pretty lax of me really - I was trying to suss him with various questions but managed to miss that one. There was a couple of emails in January though for some reason I gave him/her the benefit of the doubt and chatted as anyone would. Whatever anyone says, at that point I personally see what he did as the beginnings of genuine criminal behaviour, because he used that to try and get more personally 'involved' as another person, and it briefly worked. He became a lot less guarded though and tripped over himself pretty quickly - he sent me the picture of the girl a few months after to try and get back on track. I find it just amazing that people can excuse behaviour like that.

As for his accounts, do you have any idea who the 300 club one is? (presumably the older known ones by him are blocked). Actually - what is your policy on socking here? I can understand why most people are entitled to a WR account, as much as anything so you know who they are. But someone like PL is just never going to be able to stop himself from creating socks for one reason or other (which of course is why Abd is so ignorant on the matter).
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
gomi
post Sat 9th July 2011, 7:10pm
Post #19


Member
********

Group: Members
Posts: 3,022
Joined: Fri 17th Nov 2006, 6:38pm
Member No.: 565



QUOTE(powercorrupts @ Sat 9th July 2011, 11:54am) *
Actually - what is your policy on socking here? I can understand why most people are entitled to a WR account, as much as anything so you know who they are.

Further discussion of this should probably go into WRR, but we strongly discourage multiple accounts, but we have very limited resources to actively prevent them. This is why we generally do not allow account creation from "free-mail" services like AOL, Yahoo, and Gmail. Multiple accounts do tend to be passively detected by the membership. We don't use the term "sock puppet" for our members, as a rule.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
It's the blimp, Frank
post Sat 9th July 2011, 7:16pm
Post #20


Über Member
*****

Group: Regulars
Posts: 734
Joined: Mon 27th Mar 2006, 3:54pm
Member No.: 82



Has there ever been a serious problem with multiple accounts here, other than PoetGuy?
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

2 Pages V  1 2 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

-   Lo-Fi Version Time is now: 22nd 7 17, 2:32am