Wikipedia:Administrators' noticeboard: Difference between revisions

Welcome – post issues of interest to administrators.

Shortcuts WP:AN WP:ANB For urgent incidents and chronic, intractable behavioral problems, use Wikipedia:Administrators' noticeboard/Incidents. If you are new, try the Wikipedia:Teahouse instead. Do not report breaches of personal information on this highly visible page – instead use Wikipedia:Requests for oversight. For administrative backlogs add {{Admin backlog}} to the backlogged page; post here only if urgent. Do not post requests for page protection, deletion requests, or block requests here. Just want an admin? Contact a recently active admin directly. When you start a discussion about an editor, you must leave a notice on their talk page. Pinging is not enough. You may use {{subst:AN-notice}} ~~~~ to do so. Sections inactive for over three days are archived by Lowercase sigmabot III.(archives, search) Start a new discussion

Template:Active editnotice

This page has an administrative backlog that requires the attention of willing administrators. Please replace this notice with {{no admin backlog}} when the backlog is cleared.

"WP:CR" redirects here. You may be looking for Wikipedia:Cleanup resources, Wikipedia:Categorizing redirects, Wikipedia:Copyrights, Wikipedia:Competence is required, Wikipedia:Dispute resolution and Wikipedia:Content removal.

"WP:ANC" redirects here. You may be looking for Wikipedia:Assume no clue.

You may want to increment {{Archive basics}} to |counter= 38 as Wikipedia:Closure requests/Archive 37 is larger than the recommended 150Kb.

Archives

Index no archives yet (create)

This page has archives. Sections older than 6 days may be automatically archived by Lowercase sigmabot III when more than 3 sections are present.

Shortcuts

• WP:CR
• WP:RFCL
• WP:ANRFC

Use the closure requests noticeboard to ask an uninvolved editor to assess, summarize, and formally close a Wikipedia discussion. Do so when consensus appears unclear, it is a contentious issue, or where there are wiki-wide implications (e.g. any change to our policies or guidelines).

Do not list discussions where consensus is clear. If you feel the need to close them, do it yourself.

Move on – do not wait for someone to state the obvious. In some cases, it is appropriate to close a discussion with a clear outcome early to save our time.

Do not post here to rush the closure. Also, only do so when the discussion has stabilised.

On the other hand, if the discussion has much activity and the outcome isn't very obvious, you should let it play out by itself. We want issues to be discussed well. Do not continue the discussion here.

There is no fixed length for a formal request for comment (RfC). Typically 7 days is a minimum, and after 30 days the discussion is ripe for closure. The best way to tell is when there is little or no activity in the discussion, or further activity is unlikely to change its result.

When the discussion is ready to be closed and the outcome is not obvious, you can submit a brief and neutrally worded request for closure.

Include a link to the discussion itself and the {{Initiated}} template at the beginning of the request. A helper script can make listing easier. Move discussions go in the 'other types' section.

Any uninvolved editor may close most discussions, so long as they are prepared to discuss and justify their closing rationale.

Closing discussions carries responsibility, doubly so if the area is contentious. You should be familiar with all policies and guidelines that could apply to the given discussion (consult your draft closure at the discussions for discussion page if unsure). Be prepared to fully answer questions about the closure or the underlying policies, and to provide advice about where to discuss any remaining concerns that editors may have.

Non-admins can close most discussions. Admins may not overturn your non-admin closures just because you are not an admin, and this is not normally in itself a problem at reviews. Still, there are caveats. You may not close discussions as an unregistered user, or where implementing the closure would need tools or edit permissions you do not have access to. Articles for deletion and move discussion processes have more rules for non-admins to follow.

Technical instructions for closers

Please append {{Doing}} to the discussion's entry you are closing so that no one duplicates your effort. When finished, replace it with {{Close}} or {{Done}} and an optional note, and consider sending a {{Ping}} to the editor who placed the request. Where a formal closure is not needed, reply with {{Not done}}. After addressing a request, please mark the {{Initiated}} template with |done=yes. ClueBot III will automatically archive requests marked with {{Already done}}, {{Close}}, {{Done}} {{Not done}}, and {{Resolved}}.

If you want to formally challenge and appeal the closure, do not start the discussion here. Instead follow advice at WP:CLOSECHALLENGE.

Other areas tracking old discussions

• Wikipedia:Requested moves#Elapsed listings
• Wikipedia:Articles for deletion/Old
• Wikipedia:Redirects for discussion
• Wikipedia:Categories for discussion/Awaiting closure
• Wikipedia:Templates for discussion#Old discussions
• Wikipedia:Miscellany for deletion#Old business
• Wikipedia:Proposed mergers/Log
• Wikipedia:Proposed article splits

Administrative discussions

Wikipedia:Administrators'_noticeboard/IncidentArchive1156#Boomerang_topic_ban_proposal_for_User:Hcsrctu

(Initiated 46 days ago on 9 May 2024) Ratnahastin (talk) 03:35, 28 May 2024 (UTC)

{{not done}} Ratnahastin; ANI reports that have been archived will not be closed. ~~ AirshipJungleman29 (talk) 14:06, 9 June 2024 (UTC)

Restored the request because AirshipJungleman 29 has refused to clarify his above misleading response.[1] Ratnahastin (talk) 04:15, 18 June 2024 (UTC)

Wikipedia:Administrators' noticeboard/Incidents#Riposte97: time sink

(Initiated 2 days ago on 22 June 2024) Obvious consensus has formed for a community imposed topic ban from "Indigenous peoples of North America, broadly construed". Admin close required. TarnishedPath^talk 09:49, 24 June 2024 (UTC)

Place new administrative discussions above this line using a level 3 heading

Requests for comment

Talk:Brothers of Italy#RfC on neo-fascism in info box 3 (Effectively option 4 from RfC2)

(Initiated 77 days ago on 8 April 2024) Clear consensus for change but not what to change to. I've handled this RfC very badly imo. User:Alexanderkowal — Preceding undated comment added 11:50, 1 May 2024 (UTC)

 Comment: The RfC tag was removed the same day it was started. This should be closed as a discussion, not an RfC. voorts (talk/contributions) 22:03, 18 May 2024 (UTC)

Talk:Mukokuseki#RfC on using the wording "stereotypically Western characteristics" in the lead

(Initiated 74 days ago on 11 April 2024) ☆SuperNinja2☆ TALK! 09:41, 21 May 2024 (UTC)

See Talk:Mukokuseki#Close Plz 5/21/2024 Orchastrattor (talk) 20:34, 21 May 2024 (UTC)

Talk:Climate_change#RFC:_Food_and_health_section

(Initiated 68 days ago on 17 April 2024) This was part of DRN process (Wikipedia:Dispute_resolution_noticeboard/Archive_245#Climate_change). It is ready to be closed [2] [3]. Bogazicili (talk) 18:39, 11 June 2024 (UTC)

RFA2024, Phase II discussions

Hi! Closers are requested for the following three discussion:

• (Initiated 53 days ago on 2 May 2024) Administrator recall
• (Initiated 50 days ago on 5 May 2024) Designated RfA monitors
• (Initiated 50 days ago on 5 May 2024) Reminder of civility norms at RfA

Many thanks in advance! theleekycauldron (talk • she/her) 04:27, 17 June 2024 (UTC)

If re-requesting closure at WP:AN isn't necessary, then how about different various closers for cerain section(s)? I don't mind one or two closers for one part or another or more. --George Ho (talk) 17:39, 18 June 2024 (UTC)

Wikipedia:Reliable sources/Noticeboard/Archive 440#RfC: RFE/RL

(Initiated 48 days ago on 7 May 2024) Archived Request for Comment. 73.219.238.21 (talk) 23:32, 4 June 2024 (UTC)

Wikipedia talk:WikiProject Weather#Discussion -- New Proposal for layout of Tornadoes of YYYY articles

(Initiated 45 days ago on 10 May 2024) RFC outcome is fairly clear (very clear majority consensus), however, a non WikiProject Weather person should close it. I was the RFC proposer, so I am classified too involved to close. There were three “points” in the RFC, and editors supported/opposed the points individually. Point one and three had 3-to-1 consensus’ and point two had a 2-to-1 consensus. Just need a non WP:Weather person to do the closure. The Weather Event Writer (Talk Page) 14:39, 13 June 2024 (UTC)

Talk:Yasuke#RfC:_Should_the_view_that_Yasuke_was_a_samurai_be_added_to_the_article

(Initiated 33 days ago on 21 May 2024) It's a bit buried in a header designed to group similar discussions together (because there have been so many of them). I would like to request an experienced or admin closer, as this page has had a lot of new or WP:SPA accounts on it recently, so some more advanced weighting of the consensus here may be necessary. Loki (talk) 21:57, 22 June 2024 (UTC)

Wikipedia:Requests for adminship/2024 review/Phase II/Discussion-only period#Early close

(Initiated 24 days ago on 31 May 2024) Since it's an injunctive discussion, I was hoping someone could step in and close after I withdrew my own. Thanks! theleekycauldron (talk • she/her) 07:26, 18 June 2024 (UTC)

Talk:Greta Gerwig#Order of occupation in the lead

(Initiated 22 days ago on 2 June 2024) No new !votes in over a week. The RfC creator is claiming a no consensus outcome and I'm not sure I agree, but I am involved. ––FormalDude (talk) 06:08, 24 June 2024 (UTC)

 Done Chetsford (talk) 07:01, 24 June 2024 (UTC)

Place new discussions concerning RfCs above this line using a level 3 heading

Deletion discussions

XFD backlog

V	Mar	Apr	May	Jun	Total
CfD	0	0	14	44	58
TfD	0	0	0	1	1
MfD	0	0	0	0	0
FfD	0	0	0	0	0
RfD	0	0	9	15	24
AfD	0	0	0	0	0

Place new discussions concerning XfDs above this line using a level 3 heading

Other types of closing requests

Talk:Anti-Normanism#Requested move 22 May 2024

(Initiated 33 days ago on 22 May 2024). Should be closed by an uninvolved admin.--Berig (talk) 07:47, 16 June 2024 (UTC)

Hi @Berig, does it really need an admin? Tom B (talk) 04:58, 19 June 2024 (UTC)

No, that is true. However, as an involved admin and the discussion having been quite lengthy and contentious, I thought it could be appropriate.--Berig (talk) 05:04, 19 June 2024 (UTC)

After looking at it, I can see why an admin was requested, Tom B (talk) 14:52, 20 June 2024 (UTC)

Wikipedia:Village_pump_(policy)#Notifying_Wikiprojects_and_WP:CANVASS

(Initiated 27 days ago on 28 May 2024) Latest comment: 3 days ago, 79 comments, 37 people in discussion. Closing statement may be helpful for future discussions. Gråbergs Gråa Sång (talk) 10:29, 11 June 2024 (UTC)

Talk:Srebrenica massacre#Requested_move_2_June_2024

(Initiated 22 days ago on 2 June 2024), then relisted 10 June, Tom B (talk) 09:51, 17 June 2024 (UTC)

Wikipedia:Reliable sources/Noticeboard#Dani Cavallaro

(Initiated 20 days ago on 4 June 2024) A formal closure would be helpful to solidify consensus for future reference. Thanks! —TechnoSquirrel69 (sigh) 15:42, 16 June 2024 (UTC)

Place new discussions concerning other types of closing requests above this line using a level 3 heading

Pages recently put under extended-confirmed protection

Report

Pages recently put under extended confirmed protection (30 out of 7892 total) (Purge) WATCH Page Protected Expiry Type Summary Admin Punjab 2024-06-24 19:56 2024-12-24 19:56 edit Persistent disruptive editing: Regular semi-protection ineffective, persistent block evasion and additions of poorly sourced material. Yamaguchi先生 Battle of Lachin 2024-06-24 19:54 indefinite edit,move WP:GS/AA enforcement Firefangledfeathers Draft:Taron Andreasyan 2024-06-24 19:04 indefinite edit,move Created in violation of WP:GS/AA's extended-confirmed restriction. Any EC user should feel free to assume responsibility for this content and move it back to mainspace. Firefangledfeathers Koli Dance 2024-06-23 18:05 indefinite edit,move Persistent sock puppetry; see Wikipedia:Sockpuppet investigations/Thakor Sumant Sinhji Jhala Abecedare Bapaiya 2024-06-23 18:00 indefinite edit,move Persistent sock puppetry; see Wikipedia:Sockpuppet investigations/Thakor Sumant Sinhji Jhala Abecedare Template:Talk Header 2024-06-23 18:00 indefinite edit,move High-risk template or module: 2528 transclusions (more info) MusikBot II Template:Lowercasetitle 2024-06-23 18:00 indefinite edit,move High-risk template or module: 2502 transclusions (more info) MusikBot II All Eyez on Me 2024-06-23 13:21 2024-09-23 09:04 edit,move Persistent sockpuppetry: restoring original protection; if it was semi-protection, I'd have extended the duration. Not sure about extended-confirmed protection being needed. ToBeFree Anisha Singh 2024-06-23 08:21 indefinite create Repeatedly recreated Newslinger June 2024 Al-Mawasi refugee camp attack 2024-06-23 02:27 indefinite edit,move Contentious topic restriction: per RFPP and ARBPIA Daniel Case Omer Bartov 2024-06-22 21:25 indefinite edit,move Contentious topic restriction: per RFPP and ARBPIA Daniel Case Module:ConvertIB 2024-06-22 18:00 indefinite edit,move High-risk template or module: 4766 transclusions (more info) MusikBot II Tsav 9 2024-06-22 06:18 indefinite edit,move Contentious topic restriction: WP:ARBPIA Ymblanter Extrajudicial killings in the Gaza Strip 2024-06-22 03:02 indefinite edit,move Arbitration enforcement; requested at WP:RfPP Ad Orientem Hari Makaji Naik 2024-06-22 01:14 2024-12-22 01:14 edit,move Community sanctions enforcement: WP:CASTE aspects El C Template talk:Hangon 2024-06-21 22:46 indefinite create Repeatedly recreated SuperMarioMan Claudette Hubbard 2024-06-21 21:43 indefinite edit,move Persistent disruptive editing: per RFPP Daniel Case Bilad al-Sham 2024-06-21 21:34 indefinite edit,move Contentious topic restriction: per RFPP and ARBPIA Daniel Case Na Baligh Afraad 2024-06-21 20:44 indefinite create Repeatedly recreated A7 article: request at WP:RFPP Ymblanter The Kashmir Files 2024-06-21 19:22 2025-06-21 19:22 edit,move Persistent disruptive editing: As per previously Black Kite Yellow Card Financial 2024-06-21 17:37 indefinite create Repeatedly recreated Joe Roe Draft:Yellow Card Financial 2024-06-21 17:37 indefinite create Repeatedly recreated Joe Roe M3DS Academy 2024-06-21 17:19 indefinite create Repeatedly recreated Joe Roe Draft:M3DS Academy 2024-06-21 17:19 indefinite create Repeatedly recreated Joe Roe Thorat Koli 2024-06-21 16:05 indefinite create Repeatedly recreated; see Wikipedia:Sockpuppet investigations/Thakor Sumant Sinhji Jhala Abecedare Kolis 2024-06-21 02:24 indefinite edit,move Persistent sock puppetry; see Wikipedia:Sockpuppet_investigations/Thakor_Sumant_Sinhji_Jhala Abecedare OTR-21 Tochka 2024-06-20 20:31 indefinite edit,move Community sanctions enforcement: per RFPP and WP:RUSUKR Daniel Case Kyiv strikes (2022–present) 2024-06-20 20:26 indefinite edit,move Community sanctions enforcement: per RFPP and WP:RUSUKR Daniel Case Mykolaiv strikes (2022–present) 2024-06-20 20:22 indefinite edit,move Community sanctions enforcement: per RFPP and WP:RUSUKR Daniel Case Kherson strikes (2022–present) 2024-06-20 20:18 indefinite edit,move Community sanctions enforcement: per RFPP and WP:RUSUKR Daniel Case

Religion in... statistics vandalism

Just raising this here in case anyone recognises it as a returning vandal, and to ask for others to help keep an eye on things. On the 20th November I noticed 83.51.5.88 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log) falsifying cited stats in "Religion in..." articles. Today I noticed an identical edit to one of the articles by 46.6.190.64 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log). IPs are both Spanish. DuncanHill (talk) 15:53, 22 November 2018 (UTC)

This is continuing today, latest IP is 83.51.5.206 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log) DuncanHill (talk) 18:22, 26 November 2018 (UTC)

Also 85.192.74.246 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log). DuncanHill (talk) 18:26, 26 November 2018 (UTC)

Blocked 83.51.5.206 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log) for 31 hours. 85.192.74.246 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log) hasn't edited for several hours, I do not see a block serving any purpose at this point. Vanamonde (talk) 18:36, 26 November 2018 (UTC)

A new editor, Scgonzalez (talk · contribs · deleted contribs · logs · filter log · block user · block log) has now started making similar edits. I have given them an initial warning, and shall advise them of this thread. DuncanHill (talk) 09:23, 28 November 2018 (UTC)

They are up to a Level 4 Warning now, and have made no attempt to respond to warnings. DuncanHill (talk) 17:17, 28 November 2018 (UTC)

• And now 83.51.1.103 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log). @Ponyo:. DuncanHill (talk) 21:55, 30 November 2018 (UTC)

Got it.-- Jezebel's Ponyo^{bons mots} 21:59, 30 November 2018 (UTC)

Also note I reblocked Scgonzalez indef. It sometimes makes it easier to request blocks on related IPs via AIV if there is an obvious named account that has been blocked indefinitely, even if it's not the master.-- Jezebel's Ponyo^{bons mots} 22:06, 30 November 2018 (UTC)

Thank you. I've got a nagging feeling at the back of my mind that there was something very like this a while ago - perhaps years - but really can't put my finger on it. DuncanHill (talk) 22:09, 30 November 2018 (UTC)

• 88.17.37.57 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log) @Ponyo:. DuncanHill (talk) 10:02, 1 December 2018 (UTC)
• 88.18.43.18 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log) at it too. Reported to AIV DuncanHill (talk) 15:11, 2 December 2018 (UTC)

This is clearly a determined, long-term vandal. The vandalism is subtle - unless one checks figures against the sources it is not obvious from reading the article. Any thoughts on how better to deal with it? Would a range block be appropriate? DuncanHill (talk) 15:11, 2 December 2018 (UTC)

Unfortunately a single rangeblock isn't possible and the IPs used are so variable that even a series of smaller range blocks would likely be ineffective. It may be a case where we either need to start using liberal semi-protection, or alternatively WP:RBI.-- Jezebel's Ponyo^{bons mots} 19:31, 3 December 2018 (UTC)

• Still at it. 88.4.152.6 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log). Reported as block evasion at ANI. DuncanHill (talk) 21:56, 4 December 2018 (UTC)

Got it.-- Jezebel's Ponyo^{bons mots} 22:01, 4 December 2018 (UTC)

Proposing a temporary measure to assist in protecting the Main Page

As many Wikipedians have noticed, several accounts have recently been compromised. Three of these compromised accounts have been administrator accounts, and all three compromised admin accounts focused on vandalizing the Main Page, the public face of the project. The most recent compromised administrator account is that of a highly active administrator. I am part of the team investigating this series of events, along with stewards, other checkusers, and WMF Security and Trust & Safety staff. There are several actions taking place in the background, mainly for security and/or privacy requirements, that will not be discussed in this thread.

One proposed temporary measure to mitigate the damage being caused by this vandal is to restrict editing of the Main Page to administrators who also hold Interface Administrator permissions. There is rarely a need to edit the Main Page itself — almost all of the work is done in the background using templates — so the impact of this temporary measure is minimal.

As noted, this is intended to be a temporary measure that will give both the community and the investigating team some "breathing space" to focus on the vandal rather than the impact of the vandalism. It was suggested that we bring this change to the community for discussion prior to implementing it. Does anyone have any feedback on this proposal? Thanks for your participation. Risker (talk) 21:30, 24 November 2018 (UTC)

Is it technically possible? The Main Page itself may not need many edits but the templates transcluded on it which are cascade protected are a different matter. Jo-Jo Eumerus (talk, contributions) 21:32, 24 November 2018 (UTC)

Yes. Adding a protection level is relatively trivial to do in the MediaWiki back-end. Just needs consensus. -- Ajraddatz (talk) 21:35, 24 November 2018 (UTC)

Yes. This can be done by private filter from what I’ve been told. TonyBallioni (talk) 21:36, 24 November 2018 (UTC)

Sorry, I wasn't clear: Is this possible without all the templates transcluded on it also becoming it-protected? Because that would be hefty collateral damage. Jo-Jo Eumerus (talk, contributions) 21:51, 24 November 2018 (UTC)

@Jo-Jo Eumerus: what @TonyBallioni: said been added. — xaosflux ^Talk 00:00, 25 November 2018 (UTC)

Survey

• Support enough is enough. TonyBallioni (talk) 21:36, 24 November 2018 (UTC)
• Support. Take this c**t down. —Jeremy v^_^v ^Bori! 21:37, 24 November 2018 (UTC)
• Support could be done in MediaWiki, or possibly with an edit filter. --Rschen7754 21:41, 24 November 2018 (UTC)
• As the front page of the site, the Main Page is arguably an interface page in spirit. Reasonable protection mechanism. ~ Amory (u • t • c) 21:41, 24 November 2018 (UTC)
• Support - and once this current outbreak has died down, an RfC should be run to make this change permanent. Beyond My Ken (talk) 21:42, 24 November 2018 (UTC)
• Yup, filter please - TNT ^💖 21:43, 24 November 2018 (UTC)
• (edit conflict)x4 Support No need for this nonsense. (Please make sure there are some intadmins checking out the errors page every once in a while.) Natureium (talk) 21:44, 24 November 2018 (UTC)
• Support, even with an option of protecting other higly visible pages such as Donald Trump for a short time.--Ymblanter (talk) 21:45, 24 November 2018 (UTC)

  This was already done earlier. Killiondude's account compromise rendered it useless. —Jeremy v^_^v ^Bori! 21:47, 24 November 2018 (UTC)

  Exactly my point. I mean moving these pages into mediawiki namespace so that only interface admins can edit.--Ymblanter (talk) 22:05, 24 November 2018 (UTC)

  @Ymblanter: sysops can edit MediaWiki pages already. The only pages restricted to interface admins are cascading style sheets and javascript pages. — xaosflux ^Talk 22:09, 24 November 2018 (UTC)

  Thanks, and as an interface admin on three projects I should have thought well before writing this. Anyway, my point is that the main page can be protected such that only interface admins can edit it (e.g. by adding a new protection level), then other highly visible pages can only get similar protection for a short time.--Ymblanter (talk) 22:16, 24 November 2018 (UTC)

  Striken the option. In view of the office action requiring TFA for all interface admins, it is absolutely not ok if only users who can afford a smartphone (or at least a laptop) will be able to edit articles such as Donald Trump.--Ymblanter (talk) 21:04, 26 November 2018 (UTC)

• Yes, but I'd like to hear that the cascading protection issues have been fully considered. -- zzuuzz ^(talk) 21:50, 24 November 2018 (UTC)

  Oppose (temporary position), it's clear from some of the objections that the cascade issue hasn't been fully considered, and that this will either prevent updates to the main page or won't be at all effective. -- zzuuzz ^(talk) 10:44, 26 November 2018 (UTC)

• Support I support all reasonable measures to protect the encyclopedia against this vile attack and similar incidents in the future. Cullen³²⁸ Let's discuss it 21:51, 24 November 2018 (UTC)
• Oppose per WP:CREEP. This is not what the interface admin right was introduced for and the talk of this measure being temporary is already being subverted above. So far as I can see, the recent incidents have been handled just fine, with no significant impact or press coverage. The main page says that Wikipedia is "the free encyclopedia that anyone can edit". Limiting access to a tiny handful of people is blatantly contrary to this fundamental principle. Andrew D. (talk) 21:56, 24 November 2018 (UTC)
  • It's already restricted to only admins. How is restricting access to intadmins "blatantly contrary to this fundamental principle" if limiting it to admins isn't? Natureium (talk) 22:22, 24 November 2018 (UTC)
    • Andrew, please. I'm glad you have an opinion on everything, but that these very incidents happened means things are not "just fine". Drmies (talk) 01:41, 25 November 2018 (UTC)
• At least temporarily some additional WP:BEANS controls have been added, these are far from perfect but may help and should not be in the way of daily workflow. — xaosflux ^Talk 22:00, 24 November 2018 (UTC)
• Support Seriously Andrew, "the free encyclopedia that anyone can edit" does not mean "continually replace Donald Trump's article with a picture of an ejeculating penis". I think just about anyone knows that. Ritchie333 ^{(talk) (cont)} 22:17, 24 November 2018 (UTC)
• Support I disagree with Andrew Davidson's comment. The Main Page already isn't editable by 99.999999999999% of the world's population; what will restricting access even further do anything more to the fact that the Main Page already doesn't fit with the whole "anyone can edit" philosophy? As for how the incidents have been handled, you may very well commend our team of stewards for acting quickly to stop further disruption, but in the case of admin accounts getting compromised it seems to be a better solution to prevent such events from happening in the first place rather than having an "oopsies" moment when the Main Page is replaced with Commons porn, even if it's reverted within ten seconds. —k6ka 🍁 (Talk · Contributions) 22:26, 24 November 2018 (UTC)
• Support – fairly obvious, really. SNOW-close, please. Bradv 22:32, 24 November 2018 (UTC)
• Support, but let's not let "I need to edit the Main Page" become a new reason to hand out intadmin rights. What the attacker could do with an intadmin account is much, much worse, and I'd like to keep the number of such accounts as low as possible. Suffusion of Yellow (talk) 22:34, 24 November 2018 (UTC)

  Didn't really think this one through. I'd oppose but I don't know how to explain my rationale without getting BEANsy. Suffusion of Yellow (talk) 07:17, 26 November 2018 (UTC)

• Support solely for the main page; I agree with the comments that due to the nature of transclusions, that page is already similar to an interface page (and assume that transcluded pages would not be affected). I don't think this will be effective for other pages; rationale withheld per WP:BEANS. power~enwiki (π, ν) 22:35, 24 November 2018 (UTC)
  • There seems to be some discussion that this would also affect transcluded pages. In that case, I'd only support if it was a separate permission from INTADMIN. Ideally, it would be a permission that could be given to trusted non-admins, specifically The Rambling Man. power~enwiki (π, ν) 17:41, 26 November 2018 (UTC)

• Support. Regardless of what the best approach should be, there are times when one has to use whatever tool is at hand, and build better tools later. Perhaps we should start looking at a scheme of progressive protection where "anybody" can edit at the bottom of the pyramid, but increasing experience and trust are required to move up to vital or more developed pages.

As a side note, I have long thought that "the free encyclopedia that anyone can edit" – which isn't even true – should be changed to "the collaborative free encyclopedia", emphasising working together. ♦ J. Johnson (JJ) (talk) 22:38, 24 November 2018 (UTC)

I could be wrong, but I don't believe that the WMF uses that tag line anymore. Beyond My Ken (talk) 23:03, 24 November 2018 (UTC)

Wrong! Beyond My Ken (talk) 01:38, 25 November 2018 (UTC)

• Support (x10,000). Porn on the main page by compromised accounts is a severe problem. We have active interface admins and as others have mentioned, the main page itself doesn't need editing frequently, so I think this would clearly do more good than it would harm. But is there a way to protect a page with cascading protection at a certain level, but then have a higher local protection level? If it isn't possible, then I definitely would not support intadmin-protecting all pages transcluded onto the main page.--SkyGazer 512 ^{Oh no, what did I do this time?} 22:41, 24 November 2018 (UTC)

  We've done that now, but it is more of a speed-bump than a road-block. — xaosflux ^Talk 23:13, 24 November 2018 (UTC)

• Support I've been an admin for 11 years, and never needed to edit it (well, apart from this evening, and someone even beat me to that by fractions of a second, so thanks for that). Black Kite (talk) 23:50, 24 November 2018 (UTC)

• Oh yeah and... an inability for an admin to unblock themselves would be useful as well. Black Kite (talk) 23:52, 24 November 2018 (UTC)

  @Black Kite: You may want to check out this proposal I made at VPR. ^Semi_Hypercube ✎ 00:58, 25 November 2018 (UTC)

• Support temporarily as proposed for the Main Page. -- KTC (talk) 00:31, 25 November 2018 (UTC)
• Support as a temporary measure (but how would this work? A new form of protection, since this isn't in the MediaWiki namespace?) ^Semi_Hypercube ✎ 00:41, 25 November 2018 (UTC)

  Also, I don't think using an edit filter will be completely effective, not saying the weakness per you-know-what, but one could figure out what it is. ^Semi_Hypercube ✎ 17:08, 25 November 2018 (UTC)

• Support The attacker is doing us a favor by highlighting the weaknesses. They will move on to the next weak link but protecting the main page is obviously required. Re "how would this work?": developers can do anything and they will quickly fix the problem. Johnuniq (talk) 01:35, 25 November 2018 (UTC)
• Support, since I just got back from dealing with this guy. GAB^gab 01:52, 25 November 2018 (UTC)
• Support - I wouldn't dare to touch it, anyway. Jauerback^dude?/_dude. 01:55, 25 November 2018 (UTC)
• Support I wouldn't mind if this is a permanent change; the Main Page itself doesn't need editing very often. funplussmart (talk) 05:00, 25 November 2018 (UTC)
• Support  temporary measure. Orientls (talk) 05:00, 25 November 2018 (UTC)

  Support, Sensible measure. –Ammarpad (talk) 05:53, 25 November 2018 (UTC)

• Oppose Upon further reflection, I understand this will not solve the problem without cascading and with cascading, it creates bigger problem. –Ammarpad (talk) 12:32, 26 November 2018 (UTC)
• Support as if I'm reading this right, only the actual Main Page will receive this additional protection, not T:DYK etc. I'd be willing to support this as a permanent change, too. Anarchyte (talk | work) 06:36, 25 November 2018 (UTC)
• Weak support I think Andrew's comment is being wrongly ignored as the discussion above seems to be the creation of a new level of page protection which I do not think should exist or be used on this project except for this specific instance. I do not think having or applying IAdmin protection to anything except javascript pages is something that I would ever want, and the only reason I would be in favor of this is because of the recent security concerns. I do not think we should ever have a protection level that restricts editing to 14 people. For comparison, twice as many people are in the staff group (a little over 30), allowing them to edit superprotected pages, than are IAdmins on enwiki. The admonition against WP:CREEP should be taken more seriously and the temporary nature of this use emphasized. Wugapodes [t^hɑk] [ˈkan.ˌʧɹɪbz] 07:38, 25 November 2018 (UTC)
  • My weak support has now become Oppose given a lot of the subsequent discussion. Jimbo's account has been compromised before, IAdmins can be compromised, and restricting editing to these few people, while more likely to prevent abuse, will make resolving any actual abuse more difficult. I'd rather greater risk but quicker response than less risk and slower response. I also think this whole thing has turned into a catch-22. I'm opposed to cascading protection for the Main Page, since it would turn IAdmin into something it was never supposed to be, but not cascade protecting the main page would result in the vandals moving on to the templates themselves. I really think this is just generally a bad idea the more I think about it. Wugapodes [t^hɑk] [ˈkan.ˌʧɹɪbz] 01:05, 27 November 2018 (UTC)
• Comment I have been busy so I'm not up to play. I'm not opposed to the idea although I'm not sure this will help a great deal from what's been said. I appreciate per BEAN etc that maybe details can't be discussed for this very reason so maybe there can be no clarification. But I don't think what I'm saying here is likely to be reveal anything not already obvious to prying eyes. It sounds like the plan is to still allow admins to make changes to the templates without requiring an interface admin to approve them. In that case, it seems like the vandal will just move on to vandalising the templates. I mean they're probably already working out what to do. While I appreciate they have been directly editing the main page so far, they haven't had a reason not to. And while trying passwords from previous leaks (which I assume is probably what's happening) is not really that technically demanding if you only have a few to try, it seems unlikely to me anyone capable of this won't figure it out fairly fast. Again maybe no comment can be offered, but is it believed the templates can somehow be protected against this vandalism in ways the actually main page can't? Nil Einne (talk) 10:38, 25 November 2018 (UTC)
• Weak support only until a stronger solution is determined. The attacker (or an attacker, maybe not this one) has already demonstrated they can compromise 2FA-enabled accounts. Restricting access to intadmins reduces our security exposure, but will just focus the attacks on a different class of user. Ivanvector (^Talk/_Edits) 21:19, 25 November 2018 (UTC)
  • Wait which 2FA account got hacked? I hope what you're saying isn't true, it would mean that even 2FA isn't enough to stop the attack. funplussmart (talk) 21:23, 25 November 2018 (UTC)

  I don't know which accounts specifically. 2FA is a good solution but it's not perfect. Ivanvector (^Talk/_Edits) 21:34, 25 November 2018 (UTC)

  Hi, none of the accounts compromised in this attack had 2FA. We currently believe all compromises in this attack were due to people using the same password on other websites which presumably got hacked. 2FA is of course not a magic bullet - it won't fix every security problem (e.g. If someone steals your computer well logged in, 2FA is not going to stop that. If you add malicious Javascript to your special:mypage/common.js, 2FA can't stop that) but 2FA would have stopped this attack if the admins in question had enabled it. I strongly encourage all admins to enable 2FA. BWolff (WMF) (talk) 22:49, 25 November 2018 (UTC)

• No, come on. Really? I'd much rather have compromised admin accounts announcing themselves to us by editing the main page than do other things. As it is, I don't think this is worth anywhere near the community time or consternation we have all spent on this. Kevin (aka L235 · t · c) 06:07, 26 November 2018 (UTC)
  • ^^^This. Compromised admin accounts used to be immediately detectable to every other logged-in admin on the site back when they announced themselves by making "Main Page" go red on every page. Now that it isn't deleteable because of the same sort of technical measure being proposed here, they have to "settle" for goatseing it. Some improvement. The last thing we want to do is make them settle for one of the couple dozen ways you can cause real and/or irreversible harm with a sysop bit. —Cryptic 11:11, 26 November 2018 (UTC)
• Oppose int-admin cascading protection, but I do support a MediaWiki imposed int-admin protection to the Main Page itself, and perhaps a few others, as is the status-quo with filter 943. The filter was an emergency measure. Using interface admin isn't really the right way to go. I agree with others below that there shouldn't be non-technical people in the technical user group. We either need a new user group, or only int-admin protect the main page itself, and not the pages transcluded on it. Better yet, phab:T210192#4771932, phab:T150826 and phab:T150576. Sorry if I misled anyone — MusikAnimal ^talk 06:45, 26 November 2018 (UTC)
• Support until other security measures can be implemented or the vandalism subsides. GorillaWarfare (talk) 06:37, 26 November 2018 (UTC)
• Oppose in contrast to the discussion about removing the unblockself permission this would create a real problem if one of the accounts with interface-editor were to be compromised, it would leave us with little means to reverse their actions. For this to work it would also need to be cascading protection as otherwise something could just be added to a page transcluded to the main page, that severely restricts the number of people who can put anything on the main page. Fix that by adding more people to the usergroup and we're back where we started. We should be looking at a technical solution to solve the problem, maybe some sort of double confirmation by two admins to put things on the main page (similar to pending changes in a way, but without auto accept). Callanecc (talk • contribs • logs) 06:49, 26 November 2018 (UTC)

  @Callanecc:. It seems to me you're opposing based on wrong assumption that: the protection must propagate (cascade) to all transcluded pages, DYK, ITN etc... thereby limiting placing items to only less than 10? techadmins. But from what I understand that's not what will happen. Only the "Mainpage" will be protected with this above-admin level, this will be done via MediaWiki backend and question of "how" is beyond the scope of this discussion. What's is just needed is the consensus. –Ammarpad (talk) 07:23, 26 November 2018 (UTC)

  Thanks for asking Ammarpad, my point was that the only way for protection like this to be effective would be to protect transclusions at the same level. I'm opposed to protecting the transclusions so also to protecting the main page in this way. However, maybe something like pending changes for admins to edit the main page (or transcluded pages) where it required two admins to make a change (one to initiate and one to approve) would be a good solution. In the meantime the status quo should prevail so that we can more easily deal with any further compromised accounts. Callanecc (talk • contribs • logs) 09:14, 26 November 2018 (UTC)

  The notion of there being less ways to revert vandalism is one of the only reasons I'm partially reconsidering my support vote. However, I do think that if we have a mandatory 2FA enabled intadmin account hacked, we have more on our hands than just the main page being changed, and the person behind these attacks know this. Unless they just want to make a statement for publicity, they can do a lot worse (which is why intadmin exists in the first place). Anarchyte (talk | work) 10:58, 26 November 2018 (UTC)

  Anarchyte, There are a number of ways a 2FA-secured account can become compromised - and while I won't list them all here, physical theft of device (most likely a phone or chromebook/laptop) would be the first one that would come to mind for me. SQL^{Query me!} 01:12, 27 November 2018 (UTC)

  @SQL: I'm aware. I'm saying that given WMF Office has now forced all intadmins to enable 2FA, if they get hacked we have something bigger on our hands. An intadmin can do real damage and I'm sure that's what a hacker would do with one, unless they only want to change the main page for publicity. An admin account can do a lot but we can no longer truly break the site. Anarchyte (talk | work) 07:03, 27 November 2018 (UTC)

• I'm not "opposing" but I would just like to ensure this is thought through fully before being implemented.

1. If the protection cascades then we have an issue:

a) The existing small number interface admins will be responsible for all DYK, OTD, POTD, FA, FL updates. this is clearly not going to work, so:

b) We will have to make a bunch of new interface admins. Not a good idea, the whole idea of the role is to minimize the number of people with that kind of access.

2. If the protection does not cascade then it's not actually going to prevent a compromised admin account from vandalizing the main page, without specifying details, and in fact might make it harder slower to track down and resolve the problem.

I think rather than misuse the interface admin permission, which sounds like a neat idea in principle but a bad one when considering the detail, something else would need to be done. I am not in favour of uncoupling admin permissions, because we have a small pool of administrators anyway and adding further obstacles to admins who (for example) have never edited the main page but want to help when they see a backlog or an issue arise will silo things up even more and make things less flexible. I don't have the right solution, but I have concerns about the proposed one for the reasons above. Fish+Karate 09:56, 26 November 2018 (UTC)

• Support Non-essential admin area and page that generally requires minimal change. Restrict to those who actually need it. talk to !dave 14:48, 26 November 2018 (UTC)
• I have the same problems that Fish and karate has. Everything on the Main Page – DYK, ITN, all of it – is cascaded. We're about to make a very small group of people responsible for carrying out all the updates to the Main Page, If those people are prepared to do that, including updating DYK however often it has to be updated, I'm fine with it. If not, we either have to make more intadmins, which kind of defeats the purpose of having intadmins in the first place, or find another solution. Katie^talk 16:01, 26 November 2018 (UTC)
• Support - Per all supports and K6ka - FlightTime (open channel) 17:55, 26 November 2018 (UTC)
• Strong Oppose - For starters, this is not what the intadmin permission was intended for. And when one of those accounts becomes compromised (intadmin isn't a magic flag that makes your account unhackable), there will be even fewer around that can undo the damage. Additionally, Fish and karate makes a fantastic point about narrowing who can work on the main page. SQL^{Query me!} 18:08, 26 November 2018 (UTC)
• Oppose if we keep the cascading protection then you will need to be an interface admin to work on WP:DYK, WP:ITN/C, WP:ERRORS, etc. This massively restricts the pool of people who can work on those processes. The people who are interface admins were chosen for their technical skill at HTML/CSS/etc and don't necessarily have any interest in or ability to deal with those processes. We could appoint a load more interface admins to do this work, but that would rather defeat the point of the proposal. On the other hand if we turn cascading protection off then we make the whole of the main page much less secure, and even if we manage to manually protect everything transcluded on the main page I'm sure the attacker is capable of going after one of those pages instead. People I talk to about Wikipedia in real life usually have little or no idea that the main page even exists, I don't think it's a huge problem as advertised. Hut 8.5 18:34, 26 November 2018 (UTC)
• Support if temporary. Should be reverted to be only admin when the compromised accounts are taken care of. Kirbanzo (talk) 19:12, 26 November 2018 (UTC)
• Oppose This creates more problems than it solves. I think Callanecc is on the right track with a modified PC. Crazynas ^t 19:47, 26 November 2018 (UTC)
• Support but via the already made EF. Optionally support int-admin to MP by way of the same backed protection system that prevents move/delete. — xaosflux ^Talk 20:49, 26 November 2018 (UTC)

  And if anyone wants to say but what about EFM issues - I think we should make EFM be along the same process as int-admin, including expiring it from admins that haven't actually used it in a while. — xaosflux ^Talk 20:52, 26 November 2018 (UTC)

  Agree on both counts. ~ Amory (u • t • c) 22:57, 26 November 2018 (UTC)

• Support would support this as a permanent measure --Tom (LT) (talk) 23:30, 26 November 2018 (UTC)
  • Support in principle, however oppose practically until the casacding issue described below is resolved. --Tom (LT) (talk) 00:49, 29 November 2018 (UTC)
• Oppose. Aside from the bits that I'm seeing below, about admins being able to edit the component content (or requiring interface-admin rights to edit pages like On This Day), remember that Jimbo's account was compromised two years ago and used to vandalise the Main Page. (Admin-only link, and someone appropriately uses rollback on that edit.) Even super-admin accounts with rights like interface admin or founder can be compromised, and when it requires super-admin rights to edit the Main Page, it will sometimes take a good deal longer to revert vandalism: it's easy to find an admin to revert vandalism to a protected page rather quickly, but finding an interface admin or a steward may take a good number of minutes. We mustn't pretend that interface admins, stewards, or founders are 100% immune from compromise, so we shouldn't imagine that restricting Main Page editing to them will prevent this kind of vandalism. Nyttend (talk) 00:54, 27 November 2018 (UTC)

  @Nyttend: Though "super-admin" accounts like int-admin and founder are much less likely to be compromised, since int-admins are required by the WMF to use two-factor authentication, and Jimbo probably uses 2FA (does anyone know this for sure?) ^Semi_Hypercube ✎ 13:36, 27 November 2018 (UTC)

• Oppose. After reading this through, I'm unable to see a resolution to the cascading protection issue. I would support the main page being protected without cascading protection being applied, to slightly reduce the target for any potential vandals, but I doubt that would do much. I suspect the best option here would be to create a new user group and new protection level intended purely for the main page and its constituent elements. I would also support making 2FA mandatory for this group. Vanamonde (talk) 04:51, 27 November 2018 (UTC)
• Oppose, beyond the measures already taken. The cure is worse than the disease here; while I'd be willing to help out as an intadmin with maintaining the Main Page, there just aren't enough of us to go around, and increasing the numbers of intadmins to do off-mission stuff like this defeats the purpose of spinning intadmins off in the first place. Writ Keeper ⚇♔ 13:43, 27 November 2018 (UTC)
• Oppose (go PC) - the cascading issue is too major. Int-admins are, by design, a tiny group (they didn't even let in 4 trusted technical non-admins). Without cascading we don't really do anything. With it we'd need far more to cover everything, including blocking certain areas that were the main reason some admins actually joined up. Additionally, it seems bold of us to add such a job to the int-admin remit without at least half of them saying yes (this is a secondary concern). Getting an admin-only Pending Changes approach seems much better. Obviously more than 1 admin can have their account compromised but it should significantly reduce the frequency of issues. Nosebagbear (talk) 16:01, 27 November 2018 (UTC)

A note - an alternate mooted strategy of main-page admins (functionally granted on request, though presumably after a delay to stop immediate requests than vandalism) would seem less preferable because of a patient vandal to abuse. That said, it would also be an alternate potential method. Nosebagbear (talk)

• Oppose per Andrew D. Enterprisey (talk!) 20:23, 27 November 2018 (UTC)
• Oppose until someone comes up with a solution to the cascading problem and allow timely updates to ITN and DYK.-- Pawnkingthree (talk) 20:51, 27 November 2018 (UTC)
• Oppose - per my comments below - in essence, concerns about DYK and that the Main Page remains vulnerable thorough its various templates and that this is WP:CREEP. Best, Mifter (talk) 02:38, 28 November 2018 (UTC)
• Split vote. I was almost swayed by the original proposal but L235 convinced me otherwise. If an admin account is compromised, we want it to be obvious. I strongly oppose cascading IAdmin protection of Main Page itself cascading IAdmin protection on Main Page, because that's exactly the opposite of what IAdmin is for: protect interface, don't protect content. We've finally managed to move WP:Geonotice to a space where all sysops can update content and now we want to stop admins updating content? No. I would weakly support non-cascading IAdmin protection of Main Page, with cascading standard full-protection (argh, full protection is no longer the highest level of protection) for things that are directly transcluded onto Main Page, considering that the Main Page itself is basically an interface container rather than content. Deryck C. 18:13, 28 November 2018 (UTC)
• Oppose abuse of the IAdmin right. There are many other ways for compromised admin accounts to disrupt Wikipedia while creating a large impact other than vandalizing the main page, protecting the main page is only going to encourage hackers to move to other areas. I agree with SQL's concern as well. feminist (talk) 02:53, 30 November 2018 (UTC)
• Neutral - permanently move the Main Page to Mediawiki namespace, but remove the cascading protection and manually template-protect the individual MP templates instead. Kamafa Delgato _(Lojbanist)^{Styrofoam is not made from kittens.} 23:58, 30 November 2018 (UTC)

  Lojbanist, Why would we move the main page to the mediawiki namespace? SQL^{Query me!} 01:25, 1 December 2018 (UTC)

• Oppose vandalism would shift to transcluded templates. Protecting the main page won’t stop ompromised accounts. Stephen 05:53, 1 December 2018 (UTC)
• Oppose. Without cascading, protection would be toothless and they could just vandalize the transcluded templates. With cascading, well, that's totally not what the interface admin role was designed for. -- King of ♥ ♦ ♣ ♠ 06:17, 3 December 2018 (UTC)
• Oppose. Yet another slippery slope eroding WP:EDIT. If even admins are not allowed to fix problems or improve content in certain pages of Wikipedia, who will be denied editing next? jni ^(delete)_{...just not interested} 06:44, 3 December 2018 (UTC)
• Oppose - If transcluded pages are also protected, it makes fixing WP:ERRORS impossible. If they aren't transcluded, compromised admin accounts will simply abuse those. O Still Small Voice of Clam (formerly Optimist on the run) 13:58, 3 December 2018 (UTC)
• Oppose the hacking of the compromised accounts was carried out by someone who new how a) Wikipedia works to a certain extent and b) is "fluent" enough with computers that they were able to hack several accounts. Just protecting the Main Page will just make potential vandals, who have hacked into a administrator account, focus their vandalism over to the templates and subpages (which in this proposal won't have the protection the Main Page would). Although protecting the Main Page is a good idea in theory, to implement the idea properly and to stop vandals who can hack accounts, these templates and subpages would need IAdmin protection too. This limits updating the Main Page in its entirety to IAdmins and IAdmins are limited in numbers. Many admins who maintain the Main Page (and would want to continue to) would also need to apply for IAdmin permissions, which is something which requires an admin to use 2FA before the right is granted (which for several admins is infeasible per comments by admins in this RfC on admin inactivity).

In short, I in theory support the idea of IAdmin protection for the Main Page, but for this to be effective subpages and included templates need to be also, which stops non-IAdmin admins maintaining the Main Page. Dreamy Jazz 🎷 ^{talk to me | my contributions} 22:26, 3 December 2018 (UTC)

• Oppose – people are bringing up a lot of good points here, especially those about the proposed changes making the number of people who can fix these problems as they pop up even smaller. Sadly opposing. cymru.lass (talk • contribs) 03:04, 4 December 2018 (UTC)

How temporary?

There seems to be support for the measure above but several supports are predicated on it being temporary. Seems like it would be worthwhile to have some form of consensus of how long temporary is prior to any implementation. Best, Barkeep49 (talk) 06:08, 25 November 2018 (UTC)

That's a pretty good question, Barkeep49. I think it can be said for certain that this change would be reverted as soon as it's fairly certain the vandalism issue has been resolved and the editing restriction is no longer needed. It's difficult to predict this; we've only been working on it for 72 hours, and it's a long weekend for US WMF staff (who have been very responsive), so the investigation is in its very early stages. Once we have more experienced eyes looking at things, including those who have the knowledge to suggest other options or methods for addressing the issues we're seeing, it's possible that a different/less intrusive option will be identified. It's also possible that after we've tried this for a few days, we find out that it's not really working. There's also the possibility that it becomes necessary to consider a permanent solution, either because no other less intrusive means has been identified to prevent this kind of vandalism, or because the efforts at vandalism haven't abated. Would it be reasonable to suggest that, if it still seems necessary to keep editing of the main page very restricted by 7 January 2019, it would be time to have a further community discussion about what options are available? These situations often take a few weeks to resolve, and there will be some extended holiday breaks in the next six weeks, so early January feels right. I'd be happy to hear other suggestions. Risker (talk) 07:45, 25 November 2018 (UTC)

Yes, that sounds good. The problem with emergency/quick fixes to a crisis situation is not coming back to it once the urgency is gone. I think we have enough editors watching this to avoid that. And, incidentally, thanks for keeping us informed. ♦ J. Johnson (JJ) (talk) 00:39, 26 November 2018 (UTC)

• 07/01/19 seems a reasonable time - so long as it is agreed that the consensus appearing for this is not a consensus for a permanent introduction - i.e. if the problem hasn't been resolved or an alternate solution proposed, a new RfC must be introduced in January to retain this mechanism Nosebagbear (talk) 19:29, 26 November 2018 (UTC)

While there is some support for having this as a permanent fix, I don't believe anyone would accept that without further discussion. ♦ J. Johnson (JJ) (talk) 22:15, 26 November 2018 (UTC)

• As far as the EF goes, any arguments for not leaving indefinitely? For an analysis of 2018's MP edits see my notes at Wikipedia:Interface_administrators'_noticeboard#Int-Admin_Main_Page_Proposal. This part should not have any workload issues for int-admins. — xaosflux ^Talk 14:29, 28 November 2018 (UTC)

• People are identifying negatives, and there are things efforts are being put towards in the interim - like reducing the number of admin accounts that keep being compromised. Also you are making a functional assumption. Generally it is always better to trial something than require a majority to turn it off again. Nosebagbear (talk) 22:25, 28 November 2018 (UTC)

How long do we have to debate this before it's implemented?

This has nearly unanimous support and it's only a temporary change. What are we waiting for? Natureium (talk) 19:27, 25 November 2018 (UTC)

First, it has to be open for at least 24h, and possibly, since now it is a weekend, possibly longer. Then it needs to be closed by an uninvolved administrator. Then some technical issues need to be implemented, for which a fabricator ticket should be opened.--Ymblanter (talk) 19:32, 25 November 2018 (UTC)

Note: From the technical side - as an emergency measure I can implement it as soon as (if) you all agree that its the right thing to do (weekend or not). BWolff (WMF) (talk) 19:40, 25 November 2018 (UTC)

Great, this is good to know.--Ymblanter (talk) 19:45, 25 November 2018 (UTC)

@BWolff (WMF): can you clarify whether, if this is implemented, admins will still be edit pages transcluded onto the main page? -- zzuuzz ^(talk) 19:47, 25 November 2018 (UTC)

• Answers to some questions and statuses that keep coming up:
  1. We have already done something about edits to the Main Page.
  2. If a new "higher" protection level is applied and cascading protection is enabled, then all of the cascaded items will be protected at the new level. Tested at testwiki:Main Page2 and its template testwiki:Template:MPtemp1 using the "centralnotice" protection level
• — xaosflux ^Talk 20:18, 25 November 2018 (UTC)

  Thanks. So we're either going to need a bunch of new interface admins or check in with the existing ones. This needs to be done before implementation. -- zzuuzz ^(talk) 20:28, 25 November 2018 (UTC)

  @Zzuuzz: "A bunch of new interface admins" would be a step backwards in security. Would it be possible to create (yet) another protection level (call it "Main page protected"), and another user group ("Main page editors"), then quickly add the ITN/DYK/etc. regulars to that group? Suffusion of Yellow (talk) 20:33, 25 November 2018 (UTC)

  Also pinging @Xaosflux and BWolff (WMF): Suffusion of Yellow (talk) 20:46, 25 November 2018 (UTC)

  I don't disagree; I'd also point out that one of those admins in potential new user group was compromised 24 hours ago. I'd want to see 2FA compulsory for whatever is implemented, which I think needs a little more thought. -- zzuuzz ^(talk) 20:55, 25 November 2018 (UTC)

  Yes, all these things are possible. We don't have automated ways to require 2FA for a specific group, but its definitely possible given a list of people in a group to manually check which have 2FA enabled. BWolff (WMF) (talk) 21:12, 25 November 2018 (UTC)

• Does anyone know if the MediaWiki software could be changed so two protection levels could be applied simultaneously? (int-admin, non-cascading protection for just the Main Page, with full cascading protection for protecting transcluded templates) We've never had to deal with anything similar, since cascading protection with anything lower than full-protection is impossible and we haven't had a protection level higher than full-protection. With one infamous exception. ^Semi_Hypercube ✎ 02:18, 26 November 2018 (UTC)
• I fell that the language used here is too relaxed. A: If a new "higher" protection level is applied and cascading protection is enabled, then all of the cascaded items will be protected at the new level is only a definition of cascading. B: Tested at ... is only checking that cascading is correctly implemented. C: If this is implemented, will admins... is a question that should be answered by: the proposal is to enforce this and that, and the result for this_kind_of_people (should the proposal be applied) will be this and that while the result for that_kind_of_people will be this and that. A great advice about this kind of wording is RFC2119. Best regards. Pldx1 (talk) 10:56, 26 November 2018 (UTC)/ modified Pldx1 (talk) 11:00, 26 November 2018 (UTC)

• A note - while an early close probably would have been justified on, say, Sunday, there have been a fair number of recent opposes plus 3 conversions from support to oppose. I obviously have at least some bias (since almost all participants have cast a !vote I suppose that's fairly universal here) but would say it's worth leaving open at least another 48 hours to see if that's a sea change or a blip. Nosebagbear (talk) 16:19, 27 November 2018 (UTC)

Post (initial) closure

Clarification of the closure requested. I'm not seeing the mechanics of this finalized, especially in light of active discussions about them still taking place. — xaosflux ^Talk 03:29, 26 November 2018 (UTC)

This also seems a bit rushed. Regarding the 2FA notes for interface admins, WMF is going to deal with that for now under OFFICE rules. I'm also a bit concerned about greatly increasing the number of interface admins and forcing 2FA (via the OFFICE rule) on to people that want to maintain things like DYK and ITN can have negative impacts: (a) non-technical people with technical access (b) removal from editorial tasks for admins that can't or don't want 2FA at this time. — xaosflux ^Talk 03:35, 26 November 2018 (UTC)

• Closure review requested as this was a very early closure while discussion was still active. — xaosflux ^Talk 03:37, 26 November 2018 (UTC)
• Given the nature of the proposal concerning yet another security incident, third one in the last 60 days, and the near unanimous support after 24 hours of the proposal as worded, I felt it appropriate to expedite closing this proposal. If this is a mistaken thought, I will happily reverse the close.—CYBERPOWER (Around) 03:42, 26 November 2018 (UTC)

  I think the early responses here are enough to give credibility to what is going on with filter 943, but that's it so far. For example, do we really need User:DYKUpdateBot and its operator to also become 2FA required int-admins right now, every contributor to Template:In the news, etc? — xaosflux ^Talk 03:46, 26 November 2018 (UTC)

  Nevermind, I re-opened it again. If there is concern with this close, I'd rather just re-open it, as I'm headed to bed and don't want to leave it as is.—CYBERPOWER (Around) 03:48, 26 November 2018 (UTC)

• I'm probably harping on the point by now, but if this proposal results in more intadmins, we're doing it wrong. Either the existing intadmins need to take up all the main page responsibilities, or we need a new "Main Page Editor" right. I suspect maybe 1/10th of admins will even express an interest in this, so even without any 2FA requirement, this will do away with 90% of the attack surface. We can talk about requiring 2FA later. Suffusion of Yellow (talk) 04:10, 26 November 2018 (UTC)

Again I don't disagree, though it still wouldn't have prevented the latest attacks and it would have prevented any admins fixing it in a hurry. Another alternative, which I'd prefer, is a bespoke software solution similar to how admins can't delete or move the main page, without all the cascading issues. -- zzuuzz ^(talk) 05:34, 26 November 2018 (UTC)

Good point about the slower response, but I don't see evidence that Esanchez7587 or Garzo had ever edited anything MP-transcluded, so it would have prevented 2 of the 3 latest attacks. Suffusion of Yellow (talk) 05:57, 26 November 2018 (UTC)

I've now had some coffeee and a chance to think this through a bit, and I can see how this could work without a software change. We already have a number of main pages lying around which cascade-protect the main page content. I don't properly know how the system works, so someone will need to confirm, and we'll probably want more. So then we basically remove the cascade from the main main page, and apply the new protection level to the main page only without cascade. This would leave the main page content editable by sysops, which doesn't really provide any benefit. So we once again return to the question of how to protect the main page content whilst keeping it updateable without making security actually worse. -- zzuuzz ^(talk) 10:18, 26 November 2018 (UTC)

I think at this point, the most likely feasible idea should be a new protection level roughly based on what Callanecc said above. All edits to Mainpage directly and templates it pulls from (ITN, DYK...) should be subjected to four eyes principle; that means they must be approved by another admin before going live. It will be very hard and unlikely for a vandal to get two different admin accounts solely to bypass this restriction. Its efficacy will be the same as if all admins enabled 2FA. And with this protection level, we can safely apply the cascading and simultaneously allow all admins to edit the Mainpage and its templates normally. And the vandal's edit... will surely be caught waiting to be "approved"–Ammarpad (talk) 13:27, 26 November 2018 (UTC)

You're basically describing a version of WP:pending changes. Is it feasible to implement an admin-only version of that? ‑‑ElHef (Meep?) 15:05, 26 November 2018 (UTC)

Indeed I am. If you know the basic framework of PC2 you'll know this is feasible, though I don't know how simple or hard that implementing it will be. –Ammarpad (talk) 15:53, 26 November 2018 (UTC)

• Q: How many of the (currently 13) human interface administrators stand ready to take up the workload that will be created? –xeno^talk 19:22, 26 November 2018 (UTC)

  @Xeno: as an int-admin I think its safe to say most of us would have no issue dealing with formatting of the wikitext on Main page or certain included templates (via edit requests). I know I don't want to do things like manage the "content" (e.g. placing the Featured Article, updating DYK, updating ITN, etc). — xaosflux ^Talk 20:31, 26 November 2018 (UTC)

  FWIW the current EF is already enforcing that. — xaosflux ^Talk 20:32, 26 November 2018 (UTC)

  Xeno, I will answer any edit request that comes by.—CYBERPOWER (Chat) 20:58, 26 November 2018 (UTC)

• @Cyberpower678: (and anyone else who believes IntAdmins will be able to handle all main page content): With respect, you're greatly underestimating the number of tweaks made to the main page every day. There have been 40 edits to the various main page sections in the last week alone: most of these are fixes or clarifications of some kind, that need to be made fairly quickly. Many of these are also not quick tweaks but require assessing consensus, at ERRORS or ITN/C or WT:DYK or elsewhere. I suspect that if the 13 IntAdmins are the only ones able to make these changes, we're going to have some trouble. Vanamonde (talk) 04:37, 27 November 2018 (UTC) Resigning to fix ping. Vanamonde (talk) 20:45, 27 November 2018 (UTC)
• You would also need to grant additional permissions to the DYK update bot, as mentioned above, which might have some technical hurdles and also comes with the discussion of if we want to have a bot with interface access. Such a plan also would have to look at protecting the DYK queues which could be edited a minute before the bot switches DYK. In general with this proposal, I understand and agree with the goal of increasing security but highly doubt that this would a) remain temporary, and b) stop the issue without major collateral damage. We are a wiki, and with a project our size and the number of admins we have, there will always be an attack vector. I'm active in Main Page and DYK work when I am around, but fully acknowledge I come and go. There was a period for months when I promoted almost every queue to be sent off to the Main Page, and while I'd like to think my fellow DYK admins and editors find my, currently somewhat sporadic, work helpful, I doubt I would be granted a new "main page" right or interface editor with my current activity level. I am also concerned that the interface editor right seems to be being expanded beyond its original intent to a new class/level of administrator instead of just a technical safeguard. This is a game of whack-a-mole, as we lock down attack vectors, attackers will move further up the chain. The next logical steps for an attacker are the MediaWiki interface generally, scripts to mass perform an admin action, going after an interface administrator directly, etc. We need to win 100% of the time to prevent an attack, an attacker need only "win" once in unlimited attempts to get through. While we should absolutely reduce the attack surface, increase security, password requirements, etc., mathematically it is clear what happens in the long run. I am also concerned that if we concentrate major, time sensitive, responsibilities from our approximately 500 active admins (any one of whom can jump in) to a group of just over a dozen interface admins that things will be delayed, and we will almost certainly burn out users - not to mention potentially drive away trusted users who work in this area. Best, Mifter (talk) 02:38, 28 November 2018 (UTC)

Cascading

One of the three main oppose reasons is the cascading issue - I thought it worth splitting out the issue of discussing whether this Int-Protect would cause knock on protection to be implemented, if those qualified to discuss such could answer. Nosebagbear (talk) 20:24, 26 November 2018 (UTC)

I'm not exactly following your question @Nosebagbear:. In the current software if "cascading" protection is applied whatever level is applied also gets applied to everything transcluded. — xaosflux ^Talk 20:29, 26 November 2018 (UTC)

There is a query in the discussions above on whether all the constituent aspects of the Main Page (DYK etc) are going to have to have this int-protection (presumably enacted via cascade) for the main page to actually be safe. It is disputed, but I wouldn't say it is made precisely clear. Since the MP is primarily made up of a bunch of transclusions, presumably more than just the MP itself will need this protection level. Nosebagbear (talk) 20:37, 26 November 2018 (UTC)

This is answered in the section just above, and we have a choice: Without cascading protection, admins can still edit the content, so there aren't any real benefits to the new protection. Using cascading int-admin protection will greatly reduce the number of people able to edit ITN/DYK/OTD and other things which are regularly updated. Alongside this is a really bad idea - increase the number of int-admins. An alternative has been proposed which is to create a new user group, and a new cascading protection level, which only allows editing content displayed on the main page. No decisions have been made, and it's not always clear above exactly what people are agreeing to. The proposal itself contains this sentence, "almost all of the work is done in the background using templates — so the impact of this temporary measure is minimal", but with cascading protection that's simply not the case. -- zzuuzz ^(talk) 20:51, 26 November 2018 (UTC)

Wow, clarification is needed. Adding lots more intadmins to handle all details of what is transcluded on the main page would be very dubious. Further, some templates/modules are used frequently and often appear somewhere on the main page, and people would need an intadmin to update them. Johnuniq (talk) 00:49, 27 November 2018 (UTC)

Use of ticket system by site-banned user to get warning about abuse of email removed?

[4]

Courtesy pinging TheDragonFire (talk · contribs) although I must stress that this is not about them, as I suspect that there's a conflict of policy on this point, and at the very worst TDF made a good-faith mistake in carelessly not reading the messages they were blanking.

Catflap08 (talk · contribs) last week sent me an email that would have been somewhat offensive if it didn't consist of laughably silly request that I not accuse him of being a Malaysian IP that harassed me a little before that (I had actually only mentioned him to say it clearly wasn't him or anyone who had interacted with me before 2018, as it they seemed completely unaware of my conflict with Catflap), and a year or so ago he sent me a much longer, more abusive email, which fact I was unwilling to disclose at that time. After the more recent incident, I requested he not send me any more emails or I would request his email access be revoked, and a week later the page was blanked. Curiously, he does not have talk page access disabled, so he is perfectly free to blank his page himself if he thinks policy allows him to do so, so using the ticket system is ... well, weird. It looks like he knows he's misbehaving and so wants to trick other people into covering his tracks for him.

He's been evading his ban by editing while logged out, and his continued use of email clearly implies he does not intend to respect his SBAN, so I'm wondering what could be done about it at this point? Just remove talk and email access and leave a notice on the page asking other editors to be careful if they receive requests to "courtesy blank" the page?

Hijiri 88 (聖やや) 15:42, 25 November 2018 (UTC)

Users are entirely free to remove messages they receive on their talk pages, and it is very standard practice for OTRS to handle courtesy blanks of user talk pages to help users move on a little. If however, this user is continuing to cause disruption then by all means remove email access and SPI into oblivion. TheDragonFire (talk) 16:48, 25 November 2018 (UTC)

it is very standard practice for OTRS to handle courtesy blanks Okay, so that's the "conflict of policy" thing I mentioned above. Our policy on blocked editors is not that they are entirely free to remove messages they receive on their talk pages when those messages are appeal denials, and while that doesn't necessarily apply to non-admin, involved warnings about abuse of the email system, we must also bear in mind that Catflap is not just blocked, he is subject a site ban (those exact words were used) and so is no longer considered to be a member of the English Wikipedia community, so standard practice when it comes to editors editing their own user pages also doesn't necessarily still apply. And yeah, Catflap has most definitely been abusing his continued permission to use email, was probably abusing the ticket system given that he still has talk page access enabled, and has been actively evading his ban apparently whenever he feels the urge to do so, so ... yeah, I think email access, and probably also talk if he's gonna continue using the ticket system, also needs to be withdrawn in this case. Hijiri 88 (聖やや) 00:42, 26 November 2018 (UTC)

The guideline only relates to what the editors themselves may do, not what we may do. In any case it's irrelevant here because Catflap08 did not have anything on their page which couldn't be removed (unless it was removed before). There's definitely nothing in the guidelines which apply to warnings about misuse of the email system whether from admins or anyone else. Those can be removed at any time, just as with any other warnings.

Also I think it's clear from many previous discussions that our blanking policy still applies no matter whether editors are cbanned or whatever else. No matter how atrocious an editor's behaviour is, we do not punish them by leaving around unnecessary content. We only keep stuff we've determined we should keep for reasons of administrative efficiency, tracking misbehaviour etc.

I don't see any evidence of abuse of the ticket system. The fact that talk page access remains doesn't mean they are forbidden from using the ticket system to ask for stuff to be removed from their talk page especially if they are unclear on what they may do. Anyone who has dealt with this before knows there's a lot of confusion about what editors may remove from their talk page and when, and your own comment seems to support this. In fact this case seems even more confusing since IIRC they are still ibanned from interacting with you and while it seems a moot point while they are cbanned, they could have had apprehension about removing content you posted.

I do agree from your description they have misused email and there's already justification for removal and it definitely should be remove if it continues. While I'm not completely opposed to removal of talk page access especially since they have been socking plus misusing email so are unlikely to be able to file an appeal anytime soon, but there also doesn't seem to be any real reason to do so since it doesn't seem like they've misused access. I mean they didn't even blank like they were allowed to but instead asked for it via a ticket.

Nil Einne (talk) 09:27, 26 November 2018 (UTC)

@Nil Einne: It's peripheral, but no, Catflap08 is not technically banned from interacting with me, except insofar as interacting with me on-wiki or by means of inappropriate use of the email function could be considered a violation of his site ban. And he knows this, because his last logged-in edit was to remove a message from me, specifically informing him of the discussion on this noticeboard to remove our IBAN. So good-faith apprehension about removing a message from me would not explain the use of OTRS. Hijiri 88 (聖やや) 16:15, 26 November 2018 (UTC)

I would personally suggest that moving (calmly I might add) off-wiki after being sanctioned shows more restraint than most banned users have. Either way, if someone really wants to unblank their talk page then go right ahead, but I think it's needless grave dancing. King of Hearts or Oshwah, if you consider it prudent please flip Catflap08's TPA and email bits, and we can all have ourselves a beverage of our choice. Cheers. TheDragonFire (talk) 11:14, 26 November 2018 (UTC)

FWIW, I suggested talk access be removed not because I think Catflap08 has been abusing his talk page privileges (how could he, when he hasn't used them in 20 months?) but because he is already acting like it has been removed. I can take that or leave it. The email thing, though ... well, I received a forwarded email from User:Sturmgewehr88 back in April 2015 that was essentially a coy, passive-aggressive forerunner to what became Catflap's recurring "Hijiri 88 and Sturmgewehr 88 are both neo-Nazis" schtick (out of context, which is how it was originally received, we both agreed it looked like weird but benign tomfoolery, but given how he later harped on about our Nazi-like usernames in public it was clearly meant as a threat), the harassing message he sent me in July 2017, and the above-mentioned email from last week, combined with the fact that he was almost definitely using email to violate our IBAN by proxy back when it was still in place ... I can't honestly think of any reason why his email access would still be enabled. Hijiri 88 (聖やや) 16:06, 26 November 2018 (UTC)

I'm happy to restore remove the user's talk page access if others believe it to be necessary - just let me know. :-) ~Oshwah~^{(talk) (contribs)} 23:43, 26 November 2018 (UTC)

@Oshwah: There seems to be a misunderstanding. Cetflap08 already has talk page access enabled, but used the OTRS system for some reason that is difficult to take in good faith due to his block evasion and abuse of the email service. I'm fine with him maintaining talk access as long as he's not abusing it -- and I recognize that acting like he already doesn't have it is not in itself an abuse -- but he probably should have email disabled. Hijiri 88 (聖やや) 00:11, 27 November 2018 (UTC)

Sorry, I used the wrong word in my response - fixed. I'll be more clear in my response here: If he's not abusing talk page access directly, then we should leave it alone. OTRS has the ability to handle issues of abuse if it's deemed to be necessary (like removing email access) - I'll leave that for them to do. If the community has any concerns or reasons why talk page access should be revoked, let me know. I apologize for my ambiguity earlier. :-) ~Oshwah~^{(talk) (contribs)} 00:16, 27 November 2018 (UTC)

• @TheDragonFire: I've reverted your non-admin closure per WP:BADNAC, as you appeared to have missed the part where I asked for Catflap's email access to be removed because he's been using it to harass me. Whether I can prove that I "need" this because my mental and physical wellbeing has been damaged by my my interactions with him or I just "want" it because it would save me a bit of trouble every now and then is actually irrelevant because either one is a pretty small ask when the user is site-banned and shouldn't be using the email function for anything other than appealing his ban to begin with. Hijiri 88 (聖やや) 01:32, 2 December 2018 (UTC)

Topic ban appeal by Sbelknap

• Sbelknap (talk · contribs · deleted contribs · logs · filter log · block user · block log)

Sbelknap is currently topic-banned "from all articles, pages, and discussions involving finasteride, dutasteride, or sexual health, broadly construed" (per AN discussion). The user approached me a day or so ago requesting to lift the ban. I observed he had been editing and commenting on topics related in my view to sexual health, and asked to confirm he was sure he wanted to appeal to this noticeboard, noting possible adverse outcomes. In response, he explained that in his view my description of a ban on "sexual health" was vague, and so he presumed the scope of the ban based on a perfectly relevant technical criterion (you can see this conversation on my talk page); in a nutshell he interpreted "sexual health" as "sexual dysfunction", and then made every effort to abide by that restriction. I believe this misunderstanding to be genuine and in good faith: Sbelknap is a medical practitioner who has published research in this area, while I spent much of the last decade working for a sexual health education advocacy organization in an administrative capacity; it's natural that our interpretations of the broadness of "sexual health" would not align perfectly. At any rate, no other editors have seen reason to object to Sbelknap's many content contributions in the interim, as far as I can tell, except for one incident which he himself noted (again, see my talk page). As such I believe that Sbelknap has abided by the restriction in good faith (in that he has not deliberately tried to game the restriction, for example), thus I am presenting this appeal to the community without prejudice. Ivanvector (^Talk/_Edits) 16:58, 26 November 2018 (UTC)

• Support in the spirit of the standard offer and AGF, with the understanding that a return to the previous form will likely result in more extensive sanctions. ——SerialNumber54129 17:19, 26 November 2018 (UTC)
• Am posting a notice of this at WT:MED.. Jytdog (talk) 18:05, 26 November 2018 (UTC)
• I don't think so. This was just over 6 months ago and his editing was egregious, vanity spamming and pushing a POV that he hoped to elevate from its current fringe position by popularising it through Wikipedia. Guy (Help!) 23:55, 26 November 2018 (UTC)
• Oppose at this time. In May, I described Sbelknap as a "bullheaded editor claiming some special level of expertise as justification to push their own point of view". Before lifting the topic ban, I want to see convincing evidence that this editor has abandoned bullheadedness and POV pushing. Cullen³²⁸ Let's discuss it 01:23, 27 November 2018 (UTC)
• oppose per Cullen --Ozzie10aaaa (talk) 10:17, 27 November 2018 (UTC)
• Oppose the important part of WP:SO is not merely the six month wait, it's the convincing evidence that they have changed and improved. Absent clear evidence of that, the standard offer is not automatic, and I'm going to have to agree with Cullen on this. If we don't have evidence anything has changed, we have to presume they will continue. --Jayron32 17:36, 27 November 2018 (UTC)
• Oppose What Jayron said, basically. No evidence of intent to do differently, then no change in the status quo. Courcelles (talk) 17:40, 27 November 2018 (UTC)
• Oppose - Also per Cullen328. - FlightTime (open channel) 17:49, 27 November 2018 (UTC)
• weak oppose - I like to assume good faith, but an appeal after six months is premature without substantial evidence of a change in behaviour. I might support an appeal in the future, e.g., after 12 months, if there are no further incidents of concern.--Literaturegeek | T@1k? 17:57, 27 November 2018 (UTC)

I have made every effort to comply with the topic ban. The topic ban did not provide much detail, so I interpreted it as covering topics related to the ICD-10 schema for sexual dysfunction. (Shortly after the topic ban, I suggested to Doc James that he add a meta-analysis to the testosterone article, but then learned that even posting a suggestion on a talk page on a banned topic might be considered a violation of the topic ban, so I haven't done that again.) I have made more than 1,000 edits since the topic ban; I believe nearly all of these would be considered constructive by any objective standard. I have also resurrected a redirected stub for the Dietary Guidelines for Americans wikipedia article - expanding this into a decent article, and engaged in productive collaboration with numerous editors on multiple topics. (For example, chlortalidone, Long-term effects of alcohol consumption, metformin, amoxicillin, chloramphenicol, Ford Taurus, moose, and others). The question you all are asked to answer is this: does six months of diligent effort as a wikipedia editor, with many productive contributions, constitute evidence of improvement as an editor? Sbelknap (talk) 21:38, 27 November 2018 (UTC)

• Weak oppose Well Sbelknap is getting better, they still regularly forget to sign their talk posts. And still provide undue weight to specific positions. So not ready yet for a very controversial topic area. Would recommend they try again in another six months. Doc James (talk · contribs · email) 23:14, 27 November 2018 (UTC)
• Support per Serial Number 54129's reasoning. We actually need subject-matter professionals, working in the topics they know well. I think the opposers are asking to prove a negative. The editor hasn't been in "bullheaded editor claiming some special level of expertise as justification to push their own point of view" trouble since the T-ban (that I know of). Utter temperamental perfection isn't something we demand of people, and what is or isn't due weight in medicine is a hotly argued topic (see WT:MEDRS and its very long archives, and intense topic-by-topic debates about sourcing at topics like e-cigarettes, etc.). So there's not an objective, diffed fault I see here, but a subjective, loosey-goosey feeling, like not quite a full pound of flesh has been extracted yet. Finally, many first-time topic bans are only for 1-3 months; 6 months seems like a reasonable timespan to appeal one, by someone who's not some asshat here to convince the world that [insert religion here] is the one true way, or blithely running toward a site-ban due to aggressively promoting some company or product. PS: forgetting to sign posts, and other such trivia, has nothing to do with the matter.  — SMcCandlish ☏ ¢ 😼  01:53, 28 November 2018 (UTC)
• weak oppose Sbelknap believes very strongly in evidence-based medicine (EBM) (like a lot of members of WPMED) but (like a lot of members of WPMED) can take that too far into advocacy; overriding descriptions of medical practice and guideline recommendations with his best reading as an expert of the evidence. That tendency, along with their passion about the finasteride class of drugs, is what led to the TBAN. What I have been looking for is self-moderation of the EBM advocacy and self-awareness about it. There have been two incidents since the TBAN was put in place where this arose - on the alcohol stuff that led to the ANI (it wasn't horrible but very present) and recently at metformin (where it was very present; this has been managed without dramaboard). With that underlying issue not self-managed yet, unTBANing would put us in the nearly the same bucket we were in before at finasteride. So not yet. There has been improvement, but not yet. Jytdog (talk) 22:33, 29 November 2018 (UTC)

Community Wishlist

People watching this page might be interested in looking through the specific category at m:Community Wishlist Survey 2019/Admins and patrollers. At the moment, the most popular proposal that is specifically admin-related is m:Community Wishlist Survey 2019/Admins and patrollers/Create an integrated anti-spam/vandalism tool.

For the newer folks: Voting is open for approximately another four days. The Community Wishlist uses straight approval voting (i.e., "oppose votes" are pointless). Vote for as many proposals as you want. The top 10 vote-getters will be addressed by the devs. There is a ===Discussion=== section on each proposal, and that's the best place to report any concerns or document particular use cases. WhatamIdoing (talk) 19:47, 26 November 2018 (UTC)

@WhatamIdoing, to be more accurate "oppose votes aren't counted towards the total". They're not 'pointless', since opposing something with an explanation of why you think it's a bad idea can make other potential supporters reconsider, and also acts as a marker to the devs that "although this has made it into the top ten you should probably stop and consider whether we should really be doing this". (As you know, the wishlist survey is very much an advisory referendum rather than a binding vote; if the WMF are genuinely committed to implementing any proposal that made it into the top ten regardless of how bad an idea it is, give me half an hour on Reddit and I could assemble a binding consensus to replace the death star logo on every page with goatse.) ‑ Iridescent 23:12, 26 November 2018 (UTC)

Sigh, is there any chance of old wishes becoming fulfilled? I wished back in 2016 that you would fix the "hiding" bug (link) (The phabr ticket is from 2007 (!))...but, frankly, it looks as if the task is just shuffled from one incompetent developer to another. Huldra (talk) 23:27, 26 November 2018 (UTC)

Personally, I use old lists to see what would be nice to work on. The Community Tech team doesn't look at them, though, so wishes that aren't taken on by the team must be resubmitted each voting period until they are. Enterprisey (talk!) 00:34, 27 November 2018 (UTC)

Iridescent, the oppose vote (the vote itself, rather than any comments that follow it) is pointless. Informative comments about why the proposal is a bad idea (or how it must not infringe upon a particular non-obvious process, etc.), however, can be extremely helpful.

CommTech's promise is to "address" the top 10 vote-getters. Usually, if the "addressing" is going to involve words like "the PM says you'll implement that only over his dead body", then the proposal is removed before the voting stage. But in the general case, there is a gap between "addressing" and "implementing", and I hear (although I've not bothered to check) that one or two wishes most years end up not getting implemented (e.g., if the proposal is significantly more complicated than initially estimated).

Huldra, maybe next year we should all band together and try to push that one to the top. I think these last couple of years have shown that the first-place position goes to the organized. As it stands now, I don't think that any admin-specific proposals are likely to win. WhatamIdoing (talk) 01:46, 27 November 2018 (UTC)

WhatamIdoing, well that bug isn't really admin-specific, it is the reason I miss out major vandalism, as changes do not come up on my watch list if there has been a bot editing after the vandalism.(You can, eg first vandalise, then at the same time add a cn template....a bot will come along in minutes and add the date to the cn template, and presto: your vandalism does not come up on peoples watch lists...) And I am totally, utterly disgusted by the incompetence of the WMF developers, who haven't managed to fix this major bug in over a decade. To be blunt: I have given up asking for anything from the WMF developers. Huldra (talk) 22:26, 27 November 2018 (UTC)

It's not a "bug". Your personal watchlist settings are set to not show a page at all if the most recent edit was made by a bot. The watchlist is giving you exactly what you asked for. "Doing what you asked for" == "not a bug".

If you don't like what you're asking for, then you should change your settings. There are currently two different ways to see those "hidden" pages. The first is to always show bot edits, and most experienced editors do this. The second is to show all edits separately, which some editors strongly prefer (but not me!).

I really like the wishlist proposal (which is to provide a third method of seeing articles that have been edited most recently by a bot), but what we've got isn't a bug. WhatamIdoing (talk) 18:28, 3 December 2018 (UTC)

Ok, thank you, User:WhatamIdoing for that explanation; I didn't know. Alas, I have more than 7,500 articles on my "watch list"; (which normally works, as the vast majority of those articles are about little edited places in the Middle East). Alas, with that number of articles on my "watch list", it is completely unpractical to also see the bot edits. And it is really counterintuitive (at least to me!), that when I ask for bot edits to be ignored, I also "automatically" ask for the non–bot edits (before the bot edit) to be ignored. Why on earth would any editor want such a solution? (It might be easy to implement this for those who wrote the code....but I cannot see any reason why an editor would want such a solution: there is a reason why editors have been going on about this for more than a decade,) Huldra (talk) 20:36, 3 December 2018 (UTC)

I agree with you that it's a suboptimal design, which is why I'd like to see that third option implemented. (It's not just bots. If you hide minor edits, you lose everything before them, too. This means that if someone reverts part of the vandalism and marks the revision as minor, then you miss everything.)

I've been watching the wishlist for the last few years, and I think that the winning formula looks like marking your calendar for early October, at which point, you find out what the official schedule is, and start soliciting advice (on how to explain the problem) and interest in the communities (because if nobody else is interested, it's a waste of time). Without a month or so of legwork, I'm not sure that this problem will ever quite make it to the top of the wishlist. WhatamIdoing (talk) 16:20, 4 December 2018 (UTC)

Ok, User:WhatamIdoing, I have made a note for October 2019 (If I'm still around, then!). Huldra (talk) 21:31, 5 December 2018 (UTC)

Unblockself right removed on wikimedia wikis

Per T150826, admins and crats can no longer unblock themselves, unless they placed the block initially. SQL^{Query me!} 02:42, 27 November 2018 (UTC)

• It should be noted for the record that this change was unilaterally and globally implemented by a few WMF devs who were aware of an ongoing discussion at WP:VPP, and arbitrarily decided to ignore it. Thanks WMF!  Swarm  talk  03:22, 27 November 2018 (UTC)

  Discussion link SQL^{Query me!} 03:31, 27 November 2018 (UTC)

@Swarm: It certainly makes a change from the self-same WMF devs generally ignoring and then taking months to implement community decisions :D ACPERM, anyone...? ——SerialNumber54129 08:42, 27 November 2018 (UTC)

Minor correction. Years, not months. --Jayron32 17:27, 27 November 2018 (UTC)

Counterexample:

Community making a decision: Wikipedia:Village pump (policy)/RfC: Wikimedia referrer policy

Closing comments for above RfC: "From the below discussion, there seems to be a consensus for Question 5 (As far as possible/practical, should referrer information contain no information? (silent referrer))." and "The majority seem to favour prioritising user privacy over assisting external sites."

WMF Ignoring the consensus of the community: Wikipedia talk:Village pump (policy)/RfC: Wikimedia referrer policy#Response to RFC.

I'm just saying. --Guy Macon (talk) 14:30, 27 November 2018 (UTC)

• On the whole, I'm mostly unconcerned about this. I voted the other way in the discussion, but I can also see where recent compromises to site security may have pushed the devs hand to move faster than the community would have otherwise. The self-block exemption removes most of my objections anyways (my only block was an accidental self-block that I reversed a few seconds later. It's not that hard to do when you have multiple tabs open and click the block button with the wrong tab open...), and it allows us to more quickly respond when another compromised admin account goes rogue. I'd rather it didn't have to come to this, but wishing we didn't live in a world where this was probably necessary doesn't bring that world into existence. --Jayron32 17:32, 27 November 2018 (UTC)
• Hopefully there is also a block rate limitation, so that out-of-control blockers can be limited in their damage. Perhaps one block per minute is acceptable. Graeme Bartlett (talk) 22:15, 27 November 2018 (UTC)

@Graeme Bartlett: Checkusers often block many accounts (easily 20+) in a single click from the CU interface.-- Jezebel's Ponyo^{bons mots} 22:27, 27 November 2018 (UTC)

In that case we may need a limit of say 100 per hour. Graeme Bartlett (talk) 23:24, 27 November 2018 (UTC)

Or 10 admins per hour... :) --Floquenbeam (talk) 23:42, 27 November 2018 (UTC)

That would do! Graeme Bartlett (talk) 02:08, 28 November 2018 (UTC)

This has been proposed in the phabricator ticket, i.e. introducing a rate limit on blocking only when blocking users who may block. ~ Amory (u • t • c) 03:02, 28 November 2018 (UTC)

• Theoretically, couldn't someone compromise an admin account and then block all the other admins, and essentially destroy the site? I mean, the odds are pretty low, but...💵Money💵emoji💵^💸 12:58, 28 November 2018 (UTC)

• Such a situation can be fixed by some kind of "Super user" that I am sure exists. --DBigXrayᗙ 13:20, 28 November 2018 (UTC)

It is technically possible to wipe out Wikipedia via a compromised account - until the Stewards nail them. A few years back this happened on a site I helped run - a retired admin who we forgot to desysop properly took exception to a post, deleted two admin accounts, wiped the discussion boards and Twitter feed, and blocked anyone from posting. Fortunately, I had root access to the server and backups :-) Ritchie333 ^{(talk) (cont)} 13:34, 28 November 2018 (UTC)

• This is basically exactly, to-the-letter the thought I posted here, so either the dev(s) who implemented this had the exact same thought or happened to read what I said. If it's the latter I apologize for sowing the seed, I obviously intended the proposal to be discussed first, even though the net result isn't necessarily something I disagree with. Ben · Salvidrim! ✉ 19:18, 30 November 2018 (UTC)

Elisa Rolle's articles

Hi all,

I have had an off-wiki request from Elisa.rolle (talk · contribs), who was blocked indefinitely in August and does not want to return, saying she would like to delete all of the articles she has created. The motivation for this is several of her articles, such as Thomas Francis McCaffry have been nominated for AfD by Dlthewave, including claims of copyright violations by Justlettersandnumbers, and (without trying to prejudice the result) seem destined to be closed as "delete". She appears to have lost confidence in any of her work, and would rather put it on her own website where Wikipedia policies don't affect her. I'm not saying this is a good or a bad thing, just reporting what I think's going on.

As a basic rule of thumb, Elisa's creations can be found at Wikipedia:Contributor copyright investigations/Elisa.rolle. I'm hesitant to go through the lot and delete them per G7 / G12 (if the latter applies) as I believe this would be controversial. So I'd like to ask the community what options we've got. Ritchie333 ^{(talk) (cont)} 11:32, 28 November 2018 (UTC)

I am afraid we need to open a CCI, which will probably take forever since this is I guess the most backlogged area of Wikipedia.--Ymblanter (talk) 11:38, 28 November 2018 (UTC)

A CCI has been open since March; I linked to it above. Ritchie333 ^{(talk) (cont)} 11:38, 28 November 2018 (UTC)

I see, indeed. Well, then we have to go through it and G7 delete what it could be deleted, and remove copyvio where it could be removed.--Ymblanter (talk) 11:54, 28 November 2018 (UTC)

• The usual rules for G7 should apply, "If requested in good faith and provided that the only substantial content of the page was added by its author." Andrew D. (talk) 11:49, 28 November 2018 (UTC)

(edit conflict) We could delete her articles, per WP:G7, If requested in good faith and provided that the only substantial content of the page was added by its author; but, with the amount of time that's passed, the latter seems unlikely. In fact, I might question whether even the former applies. ——SerialNumber54129 11:55, 28 November 2018 (UTC)

The specific request I got read as follows : "I do not want to save the articles, as you may have notice, I have copied all the articles about LGBT people on my own website, that yes, has already started to appear before Wikipedia in specific "queer" searches. Actually I would prefer for my article on Wikipedia to be ALL deleted, but I cannot do that." I would prefer to get a consensus that it's a legitimate good faith G7 request, and not simply a reaction against being indefinitely blocked. Ritchie333 ^{(talk) (cont)} 11:53, 28 November 2018 (UTC)

Thanks for this; unfortunately, the request clearly fails the made in good faith requirement then. ——SerialNumber54129 12:10, 28 November 2018 (UTC)

Well, it's either good faith to stop us spending time at AfD or CCI, or it's bad faith because she wants to delete her work in order to compete with Wikipedia. Ritchie333 ^{(talk) (cont)} 12:19, 28 November 2018 (UTC)

I've had some dealings with this editor, and my guess is that it's the latter. Beyond My Ken (talk) 12:40, 28 November 2018 (UTC)

I suspect that you're absolutely correct, BMK. ——SerialNumber54129 12:48, 28 November 2018 (UTC)

I don't see that sour grapes can really be regarded as a good-faith motive, but I suggest that this request should be accepted as if it were. The CCI backlog is almost 90000 articles and growing steadily, and this is an opportunity to reduce it slightly. Given the extent of the problems with this editor's work (see the CCI or, e.g., Caroline Elizabeth Newcomb, entirely copy-pasted from the two non-free cited sources), all content written by her will anyway have to be removed; in articles with no substantive contributions from other editors, deletion is the most effective way of doing that. Justlettersandnumbers (talk) 12:50, 28 November 2018 (UTC)

• Oppose bulk deletion based on the request, on the face of it, absent any other reason for deletion. The editor released their contributions under CC BY-SA when she published them, and if she has now copied them to her own website then they are required for attribution. If they turn out to be copyright violations then nuke them, but it seems that requires investigation. Ivanvector (^Talk/_Edits) 14:47, 28 November 2018 (UTC)
• Support bulk deletion in spite of the bad-faith request. Commons has something called the precautionary principle, and something similar should start applying to mass copy-vio creators like this. Get rid of all of it, save a lot of hassle investigating, and what was truly notable and able to be sourced will eventually be re-created without the risk of a copyright-violating creator. Courcelles (talk) 14:52, 28 November 2018 (UTC)

Courcelles, we do already have a principle similar to the Commons one which can be applied in CCI investigations: presumptive removal. However, a concise and clear-cut general policy similar to the Commons one would save untold hours in copyright investigation and clean-up, and I've long wished we had such a thing. Justlettersandnumbers (talk) 15:39, 28 November 2018 (UTC)

The problem is that on Commons, it is easier to apply, since each photograph has only one uploader (if we do not count occasional derivatives). Therefore if copyvio is presumed, it gets deleted. Here, we have many authors, and it is uncommon to have a foundational copyvio or other serious problems in the article and still after many edits have a reasonable unproblematic page.--Ymblanter (talk) 17:35, 28 November 2018 (UTC)

I think this is one of those rare examples where WP:IAR applies. Regardless of if it's in bad faith, or process, this is a time where just dumping those articles is better for the project. — The Hand That Feeds You:^Bite 18:01, 28 November 2018 (UTC)

We do have a policy: Wikipedia:Copyright violations#Addressing contributors - "If contributors have been shown to have a history of extensive copyright violation, it may be assumed that all of their major contributions are likely to be copyright violations, and they may be removed indiscriminately". Maybe it could do with some clarification as to how and when it could be used? I usually use this for copyvio sockpuppeteers. Support presumptive removal. MER-C 03:15, 29 November 2018 (UTC)

I agree, nuke from orbit. Beyond My Ken (talk) 21:01, 1 December 2018 (UTC)

• I'll help with the CCI. 2000 substantive contributions will realistically take months of work, but I can make a bit of a dent in it at least. /wiae /tlk 00:07, 30 November 2018 (UTC)

Israel/Palestine Arbcom restrictions and the Balfour Declaration

According to the huge edit notice that comes up on Balfour Declaration editors of the page "must be signed into an account and have at least 500 edits and 30 days tenure". So how come an IP just edited it? Is the restriction not enforced technically in any way? DuncanHill (talk) 12:04, 28 November 2018 (UTC)

Balfour Declaration only had extended confirmed protection for the day it was the featured article (November 2, 2017). That edit notice is the standard WP:ARBPIA notice. No comment on why it doesn't have extended confirmed protection now. -Niceguyedc ^{Go Huskies!} 12:13, 28 November 2018 (UTC)

It has ECP now, indefinitely. Courcelles (talk) 14:40, 28 November 2018 (UTC)

@Courcelles: thanks for the protection, but please have in mind that according to the Arbcom decision all ARBPIA extended-confirmed protections must be logged here. I personally find this a pretty bad decision, which creates extra works for admins with no benefits, but, well, it exists and is compulsory for everybody.--Ymblanter (talk) 19:05, 30 November 2018 (UTC)

Also pinging @Doug Weller:, also thanks for the recent extended confirmed protection.--Ymblanter (talk) 19:08, 30 November 2018 (UTC)

Level 1 desysop of Orangemike

Under the Level 1 desysopping procedures the administrator permissions of Orangemike (talk · contribs · blocks · protections · deletions · page moves · rights · RfA) have been temporarily removed as a suspected compromised account.

Supporting: BU Rob13, Premeditated Chaos, Opabinia regalis, Mkdw

For the Arbitration Committee;

~ Rob₁₃^Talk 04:37, 29 November 2018 (UTC)

Discuss this at: Wikipedia talk:Arbitration Committee/Noticeboard#Level 1 desysop of Orangemike For the arbitration committee; --Cameron₁₁₅₉₈ ^(Talk) 04:58, 29 November 2018 (UTC)

• Holy shit! Mike is Good People, I hope he's OK. Guy (Help!) 23:53, 30 November 2018 (UTC)

Refdesks and deny

Wikipedia:Reference desk/Science is currently semi-protected. A clever template ({{pp}}) puts a look-at-me box at the top announcing that sock puppets have forced protection of the page until November 30, 2018 at 9:00 pm UTC. Doesn't that encourage the troll? Rather than WP:DENY, the banner announces the troll's success and gives them a handy time to mark on their calendar for when they should return. There must be a less exciting way to describe the situation. Why not remove the box and rely on the boring fact that non-autoconfirmed users will not see an edit link? People will be inconvenienced and some will be puzzled but with that reward there is no reason to expect the current situation to ever change. Regarding the protection, why not set it to infinite and have a convention among admins who patrol the area that someone will remove the protection at a suitable time—without making a public fuss? Johnuniq (talk) 08:39, 29 November 2018 (UTC)

I totally agree. Usually when I do small=yes the banner disappears, but it doesn't disappear in refdesk's case. Strange. Someone else can figure this out, but a larger banner to encourage ref desk troll to troll more is certainly unnecessary and counterproductive. Alex Shih (talk) 10:24, 29 November 2018 (UTC)

|small=yes was overridden from the master header of all refdesk subpages. –Ammarpad (talk) 10:50, 29 November 2018 (UTC)

Good catch, thanks. Now can we have a consensus to un-override small=yes from all refdesk pages, and indefinitely semi refdesk pages for a while? It looks like the refdesk troll will be with us for another while so let's think long term. Alex Shih (talk) 12:02, 29 November 2018 (UTC)

Agree with indef semi and agree the big banner congratulating the troll on getting what he wants is a bad idea. DuncanHill (talk) 12:11, 29 November 2018 (UTC)

I think the idea (in the past anyway) was that since the refdesks are places where new, often unregistered editors end up, it would be helpful for them to clearly see why they cannot edit. ~ Amory (u • t • c) 12:50, 29 November 2018 (UTC)

The it could just say vandalism, no need to mention sockpuppetry (which may well mean nothing to new users anyway). DuncanHill (talk) 12:53, 29 November 2018 (UTC)

Of course, long-term (or indefinite) semi-protection of the Ref Desks means admitting that the Ref Desks have entirely given up on being anything except a hangout for the 'regulars'. I guess we're okay with that. TenOfAllTrades(talk) 13:59, 29 November 2018 (UTC)

Or a few more admins could keep an eye on them and on RPP. Of course that's just pie in the sky thinking. But as long as it takes half an hour or morwe to get an admin response when the IP vandal is posting multiple times a minute (and reappearing immediately protection expires), and sinebot is preventing rollback, then long term semi is the least worst option. DuncanHill (talk) 14:06, 29 November 2018 (UTC)

I'm fairly sure it's trivial to disable sinebot if consensus is established on the talk page. Nil Einne (talk) 17:59, 29 November 2018 (UTC)

Reducing the banner at refdesks is a bad idea for the reason already mentioned - the newbies who are the target audience of refdesks do not know about reduced banners. I would recommend using {{pp-semi}} rather than {{pp-vand}} or {{pp-sock}}.--Ymblanter (talk) 12:59, 29 November 2018 (UTC)

OK that sounds reasonable. DuncanHill (talk) 14:10, 29 November 2018 (UTC)

Yeah I agree that we need the banner. Precisely which banner probably doesn't matter so much, although we have had people confused in the past about why the page was protected. I settled on pp-sock as the most informative banner which when no info was given on who the editor was probably didn't give them much recognition but am fine with a different banner. I suspect that the greatest recognition for the editor is the protection anyway, and these discussions like those on ANI or WT:RD second. Unfortunately their editing is bad enough I don't know what the alternative is. When we have these discussions, we could try not to get so angry at each other as happened here and at ANI as I suspect that is also giving this LTA far more than the banner ever is, but that's probably a forlorn hope.

BTW, as for the time thing, while it's fine to consider different ways of protecting the desks and unprotecting them, in relation to the time shown on the banner, let's remember this editor is using lots of different proxies (I think taken from a random anonymous proxy list) using ROT13 and a large variety of other means to get around edit filters and to post several times a minute, sometimes for up to 30 minutes at a stretch. They've been bothering the RD in one way of the other since 2010 or earlier. The chance they haven't figured out how to read a protection log without relying on banners is close to zero. Their scripts may even do it automatically. In other words, deny recognition sure. Giving the info the editor doesn't already know, almost no chance of that. The time will benefit true newbies but it won't benefit this editor other than in such much whatever recognition/sick pleasure it may give them. (And yes unfortunately these comments probably help that, but as I said earlier I'm not sure what the alternative is.)

Nil Einne (talk) 18:13, 29 November 2018 (UTC)

I assume someone has discussed this in the past, but why wouldn't pending changes work? Sure, it is a fairly high-traffic page, but many of the people who do visit it are autoconfirmed, and in addition it has several thousand watchers, including many admins and reviewers, so I doubt it would be much of a problem. LittlePuppers (talk) 04:12, 1 December 2018 (UTC)

What's going on here?

I'm not the only person who sees all of these completely benign edits oversighted, right? Is an admin/oversight account compromised or something?💵Money💵emoji💵^💸 16:40, 29 November 2018 (UTC)

If there is a lot of time between when problematic material is added, and when it removed, then every version between those times has to be oversighted. The non-oversighted material is all still here on the page, you just can't see the incremental additions. --Floquenbeam (talk) 16:44, 29 November 2018 (UTC)

I've always found it weird that we do this. Redacting diffs which are still represented in the text must surely breach the requirement for attribution, which is a key part of the licensing terms. As tough as it is, I'd have thought a full revert to the last good version is a necessity in this situation. Not that I'm an expert or anything, so perhaps I'm wrong.  — Amakuru (talk) 16:57, 29 November 2018 (UTC)

Content was reverted and oversighted after it had been sitting on the noticeboard for a good while. Reverting to the last good version would have rolled back 88 other edits. That's rather a lot of collateral damage. I guess Worm That Turned Could have rolled them back and then re-added them, but that's a bit bureaucratic, surely. Vanamonde (talk) 17:03, 29 November 2018 (UTC)

@Amakuru: Not really, no, because copyright law (and law in general) isn't that black and white. Generally speaking, CC licences say attribution "may be done in a manner reasonable to the means, medium, and context" which leaves a lot of room for interpretation, especially if keeping intermediate revisions may violate some other law. --Deskana (talk) 17:09, 29 November 2018 (UTC)

(edit conflict) From a copyright/attribution standpoint, the legal requirements are met by the existence of the names in the edit history which are still viewable by anyone (and the actual diffs are also viewable by individual oversighters who can specifically attribute content if called upon to do so). To use a real life example, if you go to any of the PediaPress books that reuse our content or make a book of an article yourself, what you will see is a simple list of every person who has edited the page. It will not list who added what. Doing this is sufficient for the terms of the license. TonyBallioni (talk) 17:10, 29 November 2018 (UTC)

FYI I started a discussion about a possible fix at Wikipedia talk:Oversight#Problems with the oversight tool. 28bytes (talk) 16:26, 30 November 2018 (UTC)

Password attack

The following discussion is closed. Please do not modify it. No further edits should be made to this discussion.

---

Just an FYI at this stage, just received a "There have been multiple failed attempts to log in to your account from a new device" message from Wikipedia. DuncanHill (talk) 17:55, 29 November 2018 (UTC)

DuncanHill, if you haven't changed your password recently/if you've ever used your password on a different website, I would recommend changing it to a strong password. If you do that, you shouldn't have to worry much about a compromise at this time. TonyBallioni (talk) 17:57, 29 November 2018 (UTC)

(Undone close. –Davey2010^Talk 18:32, 29 November 2018 (UTC))

I'm not entirely happy with the close. This may be related to the long term abuse at the RefDesks, given the timing and my recent edit history. DuncanHill (talk) 18:14, 29 November 2018 (UTC)

I mean, maybe? Also might be related to the large number of compromised accounts we've seen recently. But it doesn't really matter if it is or isn't; there's not really anything we can do about it, so there's not much to do in this section but close it. Writ Keeper ⚇♔ 18:18, 29 November 2018 (UTC)

DuncanHill, if you would like to enable 2FA as a non-admin, you can request a steward enable it at meta:Steward_requests/Global_permissions#Requests_for_other_global_permissions. The name of the permission is OATH tester. Regarding the ref desk troll, I'm not aware of them trying to compromise any accounts. As for the other account compromises, my advice above is true for everyone. TonyBallioni (talk) 18:21, 29 November 2018 (UTC)

(so many EC) I'm up to 54 attempts. There has been a recent spree targeting accounts including of admins which has affected the main page and elsewhere. I initially thought the login attempts were related to that but since you're also affected I suspect you may be right and this is related so said LTA. (Although it could still be something else e.g. large number of editors and coincidence or targeting recently active editors.) But at the same time there's not really much that can be done other than making sure you have a secure password. It may be useful to post on WTRD though and I'll do that. Nil Einne (talk) 18:22, 29 November 2018 (UTC)

My latest notification shows 1692 failed attempts in the last few minutes. And I'm up to about 30 notifications today. So yes if anyone's concerned request or enable 2FA. -- zzuuzz ^(talk) 18:25, 29 November 2018 (UTC)

...and for the love of all the gods, take care of your scratch codes Writ Keeper ⚇♔ 18:27, 29 November 2018 (UTC)

I've undone the close as seems stupid to leave it be, That being said I don't really see what AN can do about it ..... the refdesks could all be related but on the otherhand it may not be, ANyway reopened. –Davey2010^Talk 18:31, 29 November 2018 (UTC)

(ec)Thanks all, I was aware of the attacks on admins. I've had the occasional attempt over the years but never a spate like this. The timing, with the propose indef semi on the desks above, seemed suggestive to me. I do have a "number 1 fan" but his MO is to vandalise articles I've edited and post childish abuse, so I don't think it's him. Leaving the thread open gives us a chance of seeing if others are affected, and then perhaps to find a connexion. DuncanHill (talk) 18:36, 29 November 2018 (UTC)

Yeah I'm not sure of the details but I think the non admin accounts have been used to vandalise Donald Trump's page and other high visibility pages which are currently extended confirmed protected. Because of the way Siri and some other external software display wikipedia content, it can affect things even when people aren't directly personally visiting wikipedia. Nil Einne (talk) 18:47, 29 November 2018 (UTC)

• I just got that notice is as well. It's happened to me twice today, and has never happened before. I changed my password after the first attempt. It's pretty damn strong right now, and I'm also on 2FA. The first attack started about 2 hours ago, and lasted only 4-5 minutes. The second attack started 42 minutes ago, and is ongoing. As I am typing this, notices are refreshing every few seconds about the attack. Just FYI. --Jayron32 18:39, 29 November 2018 (UTC)

Just had the RefDesk troll on my Talkpage. DuncanHill (talk) 18:43, 29 November 2018 (UTC)

He hit Nil immediately after you. I'm just waiting for my turn. --Jayron32 18:53, 29 November 2018 (UTC)

We had a similar attack earlier this year, on one day then I got several hundred attempts which completely flooded my notification list.--Ymblanter (talk) 18:57, 29 November 2018 (UTC)

• Is there some way of throttling log in attempts? DuncanHill (talk) 18:54, 29 November 2018 (UTC)

Grafana graphs for those interested. Set to last year for context. ~ Amory (u • t • c) 18:55, 29 November 2018 (UTC)

I complained about the RefDesk troll and am now getting password attacks as well. So I guess yes it is that person . Dmcq (talk) 18:57, 29 November 2018 (UTC)

I've had a bunch of attempts just now as well and I'd have to dig to find the last time I took an admin action at the refdesk or the Donald Trump article. Doesn't mean it isn't related to those but could mean something else is up. Ian.thomson (talk) 19:03, 29 November 2018 (UTC)

If it is the same it might be interesting to see what overlap you have with their interest. For instance I see you removed a bunch of changes by an ip recently to Special Counsel investigation (2017–present) but the ip is not on an open proxy list so that doesn't count. I'll have a quick look to see if I spot anything real. Dmcq (talk) 19:13, 29 November 2018 (UTC)

So from what everyone is saying, this appears unrelated to the recent compromises in my opinion since it is a different MO. It might be the ref desk troll, but I'm not sure on that point. The behavior here seems to indicate it, but we also had a mass brute force attack this summer that people thought for a second was related to an ongoing arb case, but was actually just a general brute force attempt on Wikipedia accounts. It can be scary, but having a strong password is the most important thing you can do here. If people want 2FA, they can request it on meta at the link I provided above. TonyBallioni (talk) 19:00, 29 November 2018 (UTC)

If it is the RefDesk troll they will very possibly continue doing this for weeks and they will mount attacks from different ips using open proxies. The open proxies I've seen them using are all on public lists so could be closed automatically. I put a note at User_talk:Slakr#Proxy_list_probably_being_used_by_a_troll about this. Dmcq (talk) 19:04, 29 November 2018 (UTC)

The discussion above is closed. Please do not modify it. No further edits should be made to this discussion.

Multiple attempts to log on to my account

There have been over 400 attempts to log on to my Wikipedia account, and the number is growing as I speak.

They aren't going to succeed -- my passphrase consists of 256 random characters generated from a hardware random number generator -- but I thought that somebody might want to track the IP address being used and see if they have an account. --Guy Macon (talk) 19:19, 29 November 2018 (UTC)

Yup, see the section right above this one. Writ Keeper ⚇♔ 19:20, 29 November 2018 (UTC)

Just use "swordfish" as your password.[5] They will never guess that one. --Guy Macon (talk) 19:33, 29 November 2018 (UTC)

It took a lot of patience but I managed to type the entire script for that scene and gain access to Guy's account. Whether or not to include the knocks and count them individually or just as "[knocking]" threw me off. I'll set your password to the script of the 2001 movie "Swordfish". It's far more secure since no one will want to sit through it. Ian.thomson (talk) 19:47, 29 November 2018 (UTC)

I like that film. Gråbergs Gråa Sång (talk) 08:35, 30 November 2018 (UTC)

Does 2412 attempts sound like a lot? And what happens if I'm logged in - will attempts always fail? Has anyone ever reported a successful break in? Thanks. Martinevans123 (talk) 19:39, 29 November 2018 (UTC)

Martinevans123 recently there have been a few admins (mostly inactive) whose accounts were hacked and I have a memory that the same occurred many years ago. There have been other editor accounts compromised over the years though I couldn't give you any names due to dusty memory banks. I've had over 400 attempts today as well so they must be using some kind of computer program to generate these passwords. Several of the names above have dealt with the ref desk troll over the years so that it is likely the same person - or a copycat at any rate. MarnetteD|Talk 19:48, 29 November 2018 (UTC)

Nuts - messed up the ping so here it is again Martinevans123. MarnetteD|Talk 19:49, 29 November 2018 (UTC)

(edit conflict) How exactly does one see how many failed log in attempts there are? I've gotten several pings/emails but assume those represent multiple attempts. Ian.thomson (talk) 19:54, 29 November 2018 (UTC)

Curiously the Alert messages seem to change. Now all my alert messages just say "There have been multiple failed attempts to log into your account with a new device." But while it was actually happening (and I had up to six alerts in the unread stack), the top alert told me a total number. I have now just checked my emails and I have 48 - all with the same generic message, with no number. Martinevans123 (talk) 20:04, 29 November 2018 (UTC) p.s. thanks very much for the info User:MarnetteD.

You are welcomne M. I had the same experience with the alert ping. It first stated 408 attempts and then changed to the same multiple attempts message that I received as multiple emails. MarnetteD|Talk 20:10, 29 November 2018 (UTC)

[ec] Attempts will always fail unless they guess your password. If your password is listed on on our List of the most common passwords page, you have a problem. :) If you are following my advice at Wikipedia:Village pump (policy)#Macon's Principle you have no problem at all.

Realistically, they are most likely running a "most common passwords" list against a bunch of accounts, looking for the idiot who thought that "secret1" was a good idea.

Here is one list of the 1000 most popular passwords: https://www.passwordrandom.com/most-popular-passwords

-Guy Macon (talk) 20:10, 29 November 2018 (UTC)

Thanks, Guy that is all very useful. But I meant, if they did "guess" and they broke in, would I expect to be told? Are multiple sessions from different machines even possible? I'd guess the first thing they would do would be to change the password on this account. Would I not know they had done this until the next time I tried to log in? Thanks. Martinevans123 (talk) 20:28, 29 November 2018 (UTC)

I use multiple sessions all the time; I prefer editing text on the computer, and uploading photos from my phone. I'm logged into both simultaneously, and switching between them without logging out or back in. ~ ONUnicorn^{(Talk|Contribs)}problem solving 21:37, 29 November 2018 (UTC)

What's that laddie? You have a telephone that takes pictures??! What will they think of next! "dilly ding, dilly dong" 123 (talk) 21:43, 29 November 2018 (UTC)

@Martinevans123: Multiple sessions from different machines are possible. If they got into your account you'd find out from the compromised block notice. I strongly recommend establishing a committed ID using Template:Committed identity, in addition to whatever other precautions one would take. Ian.thomson (talk) 20:33, 29 November 2018 (UTC)

Thanks Ian. Forgive me being "Lord Dense of Thickness" here, but how does that "compromised block notice" get triggered? I imagined it had to be requested or added manually (not that I can recall seeing one very often). Martinevans123 (talk) 10:08, 30 November 2018 (UTC)

@Martinevans123: It's one of the regular templates for block notices. Compromised accounts can really only belong to upstanding(-ish) users and are invariably used for uncharacteristic vandalism or the occasional POV-pushing edit war. If someone was going to compromise accounts whose talk pages were covered in uw4 warnings and only use them to engage in apparently good-faith WP:GNOME-ish behavior, they could avoid detection indefinitely. Ian.thomson (talk) 15:25, 30 November 2018 (UTC)

Still struggling. That template is added by a person, who suspects a compromise, not by a machine which recognizes some kind of aberrant activity, yes? Martinevans123 (talk) 15:32, 30 November 2018 (UTC)

The blocks are carried out by an admin mostly based on behavioral evidence or possibly a CU. While the site knows if your account is being logged into from a new IP address, there is no automatic system to block such log ins (otherwise my account would have been constantly locked while I was using a VPN in China). Ian.thomson (talk) 15:44, 30 November 2018 (UTC)

Thanks. My only point was that if there is no odd activity, the invader could wait for months, or even years, before they changed the password and wreaked whatever havoc they saw fit. Only then might the account holder notice and alert an Admin. Martinevans123 (talk) 15:49, 30 November 2018 (UTC)

That's usually what happens with the POV-pushers. The only thing to really be done is make sure you have a unique and strong password and a committed identity. Ian.thomson (talk) 15:59, 30 November 2018 (UTC)

Strange, I haven't had one at all. ——SerialNumber54129 20:29, 29 November 2018 (UTC)

Hm, I wonder what that means... - TNT ^💖 20:35, 29 November 2018 (UTC)

Thanks TNT, I'll re-phrase to—err—"for some time", then :D ——SerialNumber54129 21:08, 29 November 2018 (UTC)

If it helps Serial Number 54129 you're not the only one :(, Would be interesting to know why not everyone on the project is targeted .... –Davey2010^Talk 20:37, 29 November 2018 (UTC)

• Re "Are multiple sessions from different machines even possible?", I'm almost always logged in from two different computers simultaneously. Boing! said Zebedee (talk) 20:53, 29 November 2018 (UTC)

@Boing! said Zebedee: Man, you got one of them computers from Wargames?! :) ——SerialNumber54129 21:06, 29 November 2018 (UTC)

Well, ain't that swell, cousin Zebediah. Over here at Clampett Mansion, me and Elly May, we got enough trouble just gettin' one of them lazy lappy tops to work! Martinevans123 (talk) 21:31, 29 November 2018 (UTC)

• I'm not sure there's a pattern to the attacks. I've gotten word that some non-admins are getting attacked as well. So it isn't just admin accounts. --Jayron32 21:12, 29 November 2018 (UTC)

• I can confirm that it isn't just admin accounts. My account is also getting hammered with thousands of logon attempts. --Guy Macon (talk) 04:23, 1 December 2018 (UTC)
• Me too. I'm not an admin, but i had 2268 failed attempts. If someone wanted to, they could check the victims for some commonality. Bubba73 ^{You talkin' to me?} 05:56, 1 December 2018 (UTC)

Yes I've had some thousands of attempts but they seem to have stopped. It is ridiculous that there seems to be no rate limiting on attempts. Some people will use stupid passwords, it isn't good enough to just say it's their own fault and not apply any brake on attempts. And is anyone told where the attempts come from so the ip can be blocked. And as far as the RefDesk is concerned are we going to block the open proxies in current lists of them on the web? A troll can just get a list of 17000 of them and set up a python job to troll Wikipedia and as far as I can see that is exactly what the RefDesk troll has done. Dmcq (talk) 23:33, 29 November 2018 (UTC)

If you don't mind me asking what is the refdesk troll even doing? It's bad enough to be revdel'd but I have no idea what they're actually attempting to do. --Tarage (talk) 01:48, 30 November 2018 (UTC)

There may be more than one refdesk troll but one of them keeps posting personal information about the family of someone who is recently deceased. --Guy Macon (talk) 01:59, 30 November 2018 (UTC)

(EC) There is IP based rate limiting. According to Wikipedia:Administrators' noticeboard/Archive298#Please help- who tried to break into my account? and my own quick tests, it's 5 attempts every 5 minutes, and 150 attempts in 2 days. Before the hard limit, a soft limit where CAPTCHAs are required will kick in. However any competent attacker has access to a large number of such resources. Assuming it is the LTA, we already know this. Remember also that our blocks don't directly affect login attempts. Any limit needs to balance the issue of shared IPs and non-open proxies against the risks to users, especially in an IPv4 address exhaustion world where CG-NAT etc are common. I'm assuming the foundation have a sensible treatment of IPv6 probably treating /64 similar to the way of a single IPv4 otherwise any mildly competent attacker basically has unlimited attempts without even requiring CAPTCHAs for almost no effort. I don't believe there is any rate limiting for accounts. Adding such a limit will basically allow DOSing someone i.e. preventing them from ever signing into their account. BTW with reference to the above comments, assuming that the attacker doesn't immediately change your password and/or email or simply start abusing, you can get notification by email of successful login attempts from unrecognised devices. If the attacker has access to anything which will make their login attempt from a recognised device you probably have big problems so this will basically tell your if someone does successfully compromise your account. It's on by default AFAIK, but you can check your notification settings to make sure. Nil Einne (talk) 02:13, 30 November 2018 (UTC)

I've had yet another ten or twenty thousand attempts I think so that rate limiting isn't working. It may be the rate limiting is per ip and so it would be broken by using open proxies like the RefDesk troll does. Dmcq (talk) 11:19, 30 November 2018 (UTC)

Along those lines, just a week or so ago I tried to log in while on a trip, using a different device. I got the PW wrong twice, I think, then it said that I had to wait 2 minutes to try again, or something like that. If someone is able to make thousands of attempts, they must have gotten around that. Bubba73 ^{You talkin' to me?} 06:01, 1 December 2018 (UTC)

The attacker gets around it by having a thousand computers with different IP addresses try to log on to your account. Permanent control of 1,000 infected Windows computers from all over the world costs $25. --Guy Macon (talk) 23:35, 3 December 2018 (UTC)

I've been wondering whether to say this or it's alarmism or beans but I figure by now it's probably fine. One thing to remember is that if this is a dedicated attack on a select group of editors, this could involve more than simple generic guessing (including compromised passwords and variations) which I'm assuming is what most other attackers have been doing. The attacker could use info they've gathered from what you've posted here or what you've posted elsewhere if it's connectable to your account here. (E.g. Your real name.) They could also analyse any passwords connected to you that have have been compromised in one of the many leaks looking for any patterns etc which probably won't be automatically picked up by a script. So if your account password is somewhat secure but not extremely so to a dedicated attacker, you might want to consider carefully whether it's time to change it. This also applies to any password for the email address that's connected to your account if it's guessable (including publicly posted). While not very likely (since it's the sort of thing which may attract the attention of authorities and also more difficult to do while leaving no trace or who you are), there's also the mild risk they may try to use these and social engineering to compromise your email by resetting its password or whatever. Admins of course should consider this is always a risk. (It's always a risk to any editor if you're unlucky or piss off some idiot, in this case it may have already happened.) Nil Einne (talk) 02:33, 30 November 2018 (UTC)

There have been many thousand attempts on my account, and I am not an admin. But if they had researched me in order to make better guesses, they would have found out about my my BitBabbler White TRNG[6] and the 256-character Wikipedia password it generated. --Guy Macon (talk) 23:15, 30 November 2018 (UTC)

So if anyone reading this uses the same password on Wikipedia and anywhere else, change your Wikipedia password to something unique now. --Guy Macon (talk) 05:09, 30 November 2018 (UTC)

True. But I've now had yet another 8000 attempts. They shouldn't be able to do that in the first place. It's no trouble to them at the moment but can cause trouble here. Dmcq (talk) 11:32, 30 November 2018 (UTC)

You are wrong. They should be able to do that in the first place. Assume for the sake of argument that our software limited your account to one logon attempt every 10 seconds. An attacker could buy some machines on a botnet (one vendor is currently selling complete control of 1,000 infected PCs for $25, 10,000 for $200) and set them to attempting to log on to your account a thousand times a second. So after one try, the next ten thousand logons would be rejected -- along with your ten attempts to log on like you normally do. So if implemented, logon rate limiting on your account allows anyone with $25 to lock you out of your account indefinitely. The only way to tell your ten attempts from the attackers 10,000 attempts is to allow each attempt to enter a password. Unless your password is guessable[7] the fact that you know it and the attacker doesn't is how Wikipedia tells your one legitimate logon attempt from the attacker's thousands of bogus logon attempts. --Guy Macon (talk) 23:15, 30 November 2018 (UTC)

and now yet another 7000. That's not rate limited. Dmcq (talk) 11:35, 30 November 2018 (UTC)

Yes, but anything that would stop that would allow the attacker to lock you out of your account. Think about it: If we set it up so your account would lock out people from attempting to log in after X failed attempts, they just need to hammer your account X times, and now they've prevented you from using it. It's like someone mailing you 500,000 letters per day, and you're asking "is there anyway I can fix my mailbox so they can't send these letters" No, there isn't. The ability of someone to execute attacks like this is limited only by their willingness and resources. All that you can do is have a good password so it won't be successful. --Jayron32 13:18, 30 November 2018 (UTC)

Who said anything about locking out after N attempts? Just introduce gradual delays as the number of failures increases. Once it's up to 5 seconds or so, the attacker's ability to exhaustively search is crippled, and the real user is inconvenienced hardly at all. Or does this approach have a flaw I'm unaware of? —Steve Summit (talk) 15:06, 30 November 2018 (UTC)

Yes, it has a flaw. An attacker could buy some machines on a botnet (one vendor is currently selling complete control of 1,000 infected PCs for $25, 10,000 for $200) and set them to attempting to log on to your account a thousand times a second. So when you go to log on it won't let you even try. Anyone with $25 can lock you out of your account indefinitely. --Guy Macon (talk) 23:15, 30 November 2018 (UTC)

Another way of doing it would be to allow a user to tie their account to a limited number of IPs and/or devices? Has that ever been possible? Or is it not permitted for other reasons? Maybe it's just technically too difficult. But a truly secure password (and possibly also a committed ID) looks like the best and most flexible solution, I guess. Thanks. Martinevans123 (talk) 13:33, 30 November 2018 (UTC)

I’m currently under an active attack - at least 45 and counting by the dozens as of writing. — Matthew Wong (at PMA), 13:37, 30 November 2018 (UTC)

And now I’m up to 546 attempts now. Should I report this to PMA, where I’m editing from? — Matthew Wong (at PMA), 13:40, 30 November 2018 (UTC)

Don't worry Matthew. Compared with Dmcq you seem to be getting off lightly. Just keep calm and follow official advice! Martinevans123 (talk) 13:42, 30 November 2018 (UTC) .....and make sure your password is a good one, of course.

Still ongoing, up to 6446 attempts currently. — Matthew Wong (at PMA), 13:52, 30 November 2018 (UTC)

and now 10476 attempts and at least 200 identical emails. — Matthew Wong (at PMA), 13:57, 30 November 2018 (UTC)

Wow, impressive. Getting into Dmcq territory now, I think. I'm intrigued to know what algorithm is being used. I wonder if the attempted passwords couldn't be made public somewhere. Martinevans123 (talk) 14:00, 30 November 2018 (UTC) .... except that I seem to recall we've have been here before.... and it's a logical impossibility for the system to record anything unless the password works? And yet it can (and does) record the IP?

So now my second attack in 24 hours has just begun. Is this mere coincidence? Martinevans123 (talk) 14:04, 30 November 2018 (UTC)

I’ve turned off my notifications and emails for attempted failed logins as they were getting annoying - I’ve still got emails enabled for password resets and actual logins - so far haven’t gotten any of those. — Matthew Wong (at PMA), 14:07, 30 November 2018 (UTC)

I notice you reverted and blocked a reference desk ip just before the attempts on your password started. The rate of attack looks like just a single machine. I hate to think what would happen if there was a proper attack by a professional. Yes there are problems with rate-limiting but I'm sure other places have better mitigations - after all Amazon for instance would have much more to lose from having its passwords cracked. Dmcq (talk) 14:20, 30 November 2018 (UTC)

They requested another password and Wikipedia has set up a temporary password that they could attack as well. And it is ten alpha or digits, about 50 bits so I don't think they'll have much joy with that either. ;-) Dmcq (talk) 14:34, 30 November 2018 (UTC)

Stupid Software There is NO justification for sending you 200 identical emails. The software should send you no more than one per hour, with a count of failed login attempts. Yes, I know that you can turn them off, but it is still stupid. Could someone please try to get the WMF from doing this? --Guy Macon (talk) 23:22, 30 November 2018 (UTC)

Not only that, but when you get an email saying regarding password resets, there should be a button to click to go "nope, not me, get rid of that temporary password now." The ones that I keep getting are a hundred thousand trillion of times easier to guess than my own (no, really). I do like that they tell me which IP was trying to log in to my account, it'd really be nice if we could see all the IPs that are trying to or have logged in to our own accounts. Ian.thomson (talk) 00:55, 2 December 2018 (UTC)

Agree, that we cannot report these attempts and disable the temp password is pretty poor. DuncanHill (talk) 01:45, 2 December 2018 (UTC)

• My account had 2286 failed attempts this morning. Bubba73 ^{You talkin' to me?} 05:51, 1 December 2018 (UTC)
• I'm yet to receive even a single attempt so they might be targeting random people. Does everyone receiving these attempts not have 2FA enabled? Perhaps that's the link. Anarchyte (talk | work) 06:15, 1 December 2018 (UTC)

I do for financial things but not for Wikipedia. Bubba73 ^{You talkin' to me?} 06:35, 1 December 2018 (UTC)

I posted on Jimbo's page about this issue yesterday. It started with 18 attempts but later it were more than 400. As I also posted there, I was wondering about the possibility of having many honeypot accounts with easy to guess passwords for every real account. One can set this up such that when logged into such a honeypot account the entire Wikipedia becomes your sandbox that is initialized to be the current state of Wikipedia. It then looks like all your edits are actually being made when in reality nothing goes through. Count Iblis (talk) 20:20, 1 December 2018 (UTC)

Ooooh, that's so incredibly crafty it's actually messing with my head!! Could they all get to shoot lifelike Jimbo hosts?? Martinevans123 (talk) 20:54, 1 December 2018 (UTC)

Count Iblis, Kinda like being shadowbanned on reddit - right? SQL^{Query me!} 01:40, 2 December 2018 (UTC)

In the last hour, I've had 2340 more failed login attempts. Bubba73 ^{You talkin' to me?} 04:44, 2 December 2018 (UTC)

I just want to clarify something. If you've edited the ref desks, or reverted the ref desk troll recently then you're probably going to get the notifications. If you haven't then you probably won't. This type of thing should have been throttled, and the devs are looking into fixes. Per BEANS, it is possible to throttle this kind of attack. -- zzuuzz ^(talk) 08:25, 2 December 2018 (UTC)

zzuuzz I have not edited refdesk for as long as I remember, and yet I am getting these notifications and mails. Yes, Throttling to several minutes/hours seems to be a good way to discourage such attacks. --DBigXrayᗙ 08:40, 2 December 2018 (UTC)

User:DBigXray, "Throttling to several minutes/hours" is a terrible idea. An attacker could buy some machines on a botnet (one vendor is currently selling complete control of 1,000 infected PCs for $25, 10,000 for $200) and set them to attempting to log on to your account a thousand times a second. So when you go to log on it won't let you even try. This is one of those security issues where there is an obvious solution that is actually worse than useless. If we throttle logon attempts, anyone with $25 can lock you out of your account indefinitely. --Guy Macon (talk) 16:59, 3 December 2018 (UTC)

It sounds to me like the attacker may be monitoring this thread and trying to guess the account passwords of people who post to it. That's in addition to RD posters (see the RD talk page). I agree that the WMF should be doing something about this. It's possible that they are and we're not hearing about it. 173.228.123.166 (talk) 09:10, 3 December 2018 (UTC)

Not just possible, probable. This happened back in May as well, and I suspect that what's happening now - the account compromises, the newer brute force attempts - are being done by the same person, or at the very least the compromises and new brute-force attempts are. Back then, they did stuff on the backend to try and thwart this, and given how close this is to that situation and the fact the account compromises are also happening, I'd be surprised if they weren't making adjustments on the fly to address this. —Jeremy v^_^v ^Bori! 09:16, 3 December 2018 (UTC)

For what it is worth, every single time that I have looked into the details of how the WMF does security (and I don't just depend on what is published; there are insiders who correspond with me in private on such issues) I find that they are doing everything right. They read the same security research papers I do, and every time I ask "are you doing X" I either find out that they started doing X many years ago or that they read a research paper I missed and are doing Y, which invariably turns out to be better than X. I have my problems with some other aspects of how the WMF does things (for example, the email notifications we are getting on this were set up by someone who is entirely without a clue) but the actual security measures -- the stuff that protects us from the attackers? Always top notch in my opinion. --Guy Macon (talk) 16:59, 3 December 2018 (UTC)

2FA update?

Going with this, has there been any progress on opening up 2FA access to non-admins so that this becomes a bit more futile? I'd be definitely up to beta-test it as a non-admin (I've switched to 2FA/fingerprint verification with everything possible), but I haven't really seen an update lately to opening it up beyond admins and WMF officials. It may be time to roll it out to more users, especially those who are affected as non-admins (I have not thankfully; the worst I've gotten is the 'at least you tried, you forgot your password' email 'hacking'). I did see that I can request it above, but it should be opened up a bit more. Nate • (chatter) 04:25, 30 November 2018 (UTC)

@Mrschimpf: it is in constant discussion, see also meta:Meta:Requests for comment/Enable 2FA on meta for all users - largest challenges are that if you screw it up at all there is no official recovery method, so you lose your account forever. There are some unofficial methods, but they may not yet be able to scale to the masses. You can opt in if you want at meta:SRGP. — xaosflux ^Talk 04:30, 30 November 2018 (UTC)

Thanks; just did so. Nate • (chatter) 04:31, 30 November 2018 (UTC)

Doesn't WP:Committed identity work for people who have their password broken? Dmcq (talk) 18:09, 30 November 2018 (UTC)

It helps prove that the account is yours, but that doesn't change the fact that you can't actually log into it--that still requires dev intervention. Writ Keeper ⚇♔ 18:10, 30 November 2018 (UTC)

Anyway I think we should be doing whatever large companies like Amazon do for most of their customers. They don't do two factor. Dmcq (talk) 18:13, 30 November 2018 (UTC)

er, Amazon does do two-factor. Alex Cohn (let's chat!) 01:11, 1 December 2018 (UTC)

Their implementation is quite different. It does not require any app or timer. You are sent a code to your email or phone that you registered with Amazon. And it uses cookies so you don't have to put in a code if you use the same device you last used. Much better than having to have some app. Dmcq (talk) 01:54, 1 December 2018 (UTC)

TOTP is a well-accepted standard. Many (most?) major websites have it. Facebook, Google, Twitter, Reddit etc. I don't understand why it can't just be enabled with a warning "hey if you lose this, you'll probably be locked out forever". I literally have over 50 accounts with 2fa and I've never been permanently locked out. Just my $0.02. Frood 03:37, 1 December 2018 (UTC)

@Dmcq: That method of 2FA is a whole lot less secure than using a separate app. The only way for a hacker to get your 2FA code without you publicising it or them having whatever it is that generates new codes is for them to know your secret key, which is generated every time you enable and disable it. That's stored on WMF servers, I assume. Email and SMS 2FA can be intercepted by ISPs, email providers, telcos, etc, meaning there are a lot more points that could be compromised. SMS 2FA codes can be gotten if someone steals your SIM card, too. 2FA code generators, like Google Authenticator are permanently offline and do not save its content when the device is backed up externally. Computer-based authenticators typically have the option to keep it hidden behind another password (effectively providing 3FA if someone accesses your PC). Anarchyte (talk | work) 06:10, 1 December 2018 (UTC)

If people want a system that is secure against the government and you think you need to provide that fine. What I'm talking about is a working system that is secure against most professional hackers trying to amass large numbers of accounts. That is what should be the general use case on Wikipedia and the special 2FA only for admins they go on about they can use for people who are especially paranoid or subject to special individual hacking by professionals. Dmcq (talk) 10:52, 1 December 2018 (UTC)

In my opinion, the WMF is dropping the ball on this one. Whether to enable 2FA should be my decision. I don't need a nanny who thinks he knows better than I do what is good for me. Go ahead and pile on the warnings. Make me type the sentence "Yes, I realize that I might be locked out forever", solve a capcha, and wait 24 hours if that's what makes you happy, but allow me to make the decision (which in my case would be "no"...) --Guy Macon (talk) 04:34, 1 December 2018 (UTC)

It has been claimed by one user at the VP that 2FA is less secure than using a strong password: that is logically impossible. 2FA is an additional security measure on top of using a strong password and only enhances security, though it can cause some inconvenience and increased chance of being locked out if not careful. Although some variants of 2FA are weaker than others, what is important (so important that the UK National Cyber Security Centre have it in big bold letters on their page about 2FA) is "any two-factor authentication is better than not having it at all.".

"The NCSC recommends that you set up 2FA on your 'important' accounts; these will typically be the 'high value' accounts that protect things that you really care about, and would cause the most harm to you if the passwords to access these accounts were stolen. You should also use it for your email, as criminals with access to your inbox can use it to reset passwords on your other accounts."

Whether you regard your wiki account as important is a personal decision, though the community may well decide that those with privileged accounts need the extra security. The current wiki implementation requires an authenticator smartphone app or program on your PC and this may be limiting for some users. An SMS option would enable those without smartphones who edit on multiple PCs/locations to have 2FA (the NCSC say "text messages are not the most secure type of 2FA, but still offer a huge advantage over not using any 2FA"). In practice, the bad guy trying to hack random (usually anonymous and globally distributed) admin accounts doesn't have the capability to intercept your SMS or steal your SIM, etc. SMS would require WMF to store your phone number, which some may not want. There is presumably a small cost to sending the SMS. -- Colin°^Talk 10:32, 3 December 2018 (UTC)

undo page move

I had moved Dave Long (American football) to Dave Long (American football, born 1944) in order to make way for Dave Long (American football, born 1998), but I feel I should undo the page move and make the new page at David Long (American football). Can someone undo the page move for me.-TonyTheTiger (T / C / WP:FOUR / WP:CHICAGO / WP:WAWARD) 00:39, 30 November 2018 (UTC)

@TonyTheTiger: I think this is not the correct place for this. I think you should move this request to Wikipedia:Move review which would look to be the right place, for the request that you are making. Just make sure you follow all the instructions and rules on that page. I hope all the best with your contesting of that page move. Aceing_Winter_Snows_Harsh_Cold (talk) 04:05, 30 November 2018 (UTC)

Aceing Winter Snows Harsh Cold this is not a contested move. I moved a page and less than an hour later I realized I had made a mistake. I am just trying to move it back to where it was previously stable for over 10 years. I'll put it up at WP:RM under uncontroversial technical requests.-TonyTheTiger (T / C / WP:FOUR / WP:CHICAGO / WP:WAWARD) 04:16, 30 November 2018 (UTC)

@TonyTheTiger:Just for my clarification, you were the one who performed the move, or was it someone else? If it was you then you could undo I think the way you did it before. But if it was someone else who did the move action it self, and you only requested it originally, then there must have been some sort of discussion over it. Any discussion over it then closed means that if you want to undo it, you have to contest against that discussion meaning Wikipedia:Move review. But, if you were the one doing the move action it self then I think you could do it at WP:RM. But, then again you can do the undo without asking if you originally did it without asking in the first place. Aceing_Winter_Snows_Harsh_Cold (talk) 04:30, 30 November 2018 (UTC)

I would not put pages for different people at David and Dave. I'd leave it the way it is. Legacypac (talk) 04:54, 30 November 2018 (UTC)

IP trying to reset password

• 189.51.98.118 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log) tried to reset my password today. This is associated with the thread above about multiple log in attempts, but I couldn't post there because of edit conflicts. DuncanHill (talk) 14:23, 30 November 2018 (UTC)

@DuncanHill: Here is a good advice when editing a page, section, or a talk page. If the edit is a single paragraph addition like yours above, copy your portion of the edit before hitting the publish button. If an edit conflict occurs, paste your intended edit at the correct place. Attempting to retype your edit on a very active page will almost always lead to another edit conflict. Question, when you were editing did you edit by section, or by the entire page? Aceing_Winter_Snows_Harsh_Cold (talk) 14:47, 30 November 2018 (UTC)

This is fairly standard even on dull days, and (as long as your email is secure) you can safely ignore the reset requests. If the IP is already blocked you can usually double-ignore them. -- zzuuzz ^(talk) 14:53, 30 November 2018 (UTC)

(multiple ec) Thanks for the advice Aceing, which I started giving out several years ago following a problem at ANI or here. Zzuzz, it's happened to me maybe once or twice in all the time I've been on Wikipedia, so not fairly standard! DuncanHill (talk) 14:56, 30 November 2018 (UTC)

There are one or two serial crackers who are (I'm guessing) going through alphabetically; seems that Ms and Ds are the target for today. It's not unheard of; just make sure you have a good password (change it to a good one if necessary or if you feel like it) and carry on. Writ Keeper ⚇♔ 14:59, 30 November 2018 (UTC)

It's the same person who has been doing the multiple log in attempts referred to above, and vandalising the RefDesks. That is why I wanted to put it there instead of in a separate thread. DuncanHill (talk) 15:04, 30 November 2018 (UTC)

@DuncanHill: Question. I looked at your user page and user page categories and see that you are not a Checkuser. My question, is how did you know it's the same exact person? Did you request a CU check, and that is how you found out? Aceing_Winter_Snows_Harsh_Cold (talk) 15:09, 30 November 2018 (UTC)

IPs are disclosed with password resets, and the IP's contribs kinds make it clear who's on the proxy, in addition to the behavioural coincidence. -- zzuuzz ^(talk) 15:14, 30 November 2018 (UTC)

1) No point pinging me, it gets lost in all the other notifications (see thread I referred to above) 2) Please stop editing your replies after posting them, it creates edit conflicts when I try to reply, 3) Strong behavioural evidence, including much that is no longer visible to you. See also the thread I referred to above. DuncanHill (talk) 15:15, 30 November 2018 (UTC)

Tarage

• Please see the Revisit Topic Ban discussion section below. Beyond My Ken (talk) 02:55, 4 December 2018 (UTC)

The following discussion is closed. Please do not modify it. No further edits should be made to this discussion.

---

I'd hoped to avoid this, but I've been disturbed by the aggressive and confrontational approach of Tarage at the AN/ANI boards for some time now. The latest was here, where he called another editor a "little snot". The editor was being problematic, yes, but did not deserve such a personal attack - and the matter was already being dealt with in a reasonable manner without needing Tarage to wade in and add insult. I gave Tarage a warning (I know about DTTR, but he's getting exasperating), and User: Legacypac also asked him to tone down his comments, but his response was to insist that his "little snot" thing was not a PA and I was talking "Absolute nonsense". He removed my warning with the edit summary "No, seriously, have someone else do this next time. Like I asked. Multiple times." He hasn't asked me multiple times, but it's clear that my approaches are having no effect.

Recently, Tarage had these ArbCom election comments removed and was asked to "Please keep comments constructive. Please keep in mind that editors are expected to conduct themselves according to in a decorum and with behavior expected by community standards."

Prior to that, he removed comments from Winkelvi's talk page (see history) when Winkelvi was clearly a bit stressed, appearing to try to order him around, and even edit warred over it. I warned him here (and I've only just today noticed his comment "Also I'd rather someone else handle this in the future. You've made it very clear you don't like me and are looking for a reason to block me so pardon me if I don't think you're the most impartial," which I think speaks of his response to critique of his aggressive approach - he can give it out, but he can't handle unfavourable feedback).

Earlier episodes involve crassly insensitive speculation over the mental health of someone who was asking for help - see here (which was after I had tried to explain the issue at ANI and had got nowhere), where you can see he just doesn't get why we should not do that sort of thing (I'm not linking to the actual comments or the ANI discussion itself out of respect to the person in question, but if you follow the dates you can find them).

I subsequently asked him to tone down his comments at ANI but got a negative response - see here. User:Alex Shih also judged some of Tarage's comments as inflammatory - and while User:MPants at work did opine that one specific issue was not inflammatory, he did suggest that Tarage "could have said that with a lot more tact" and that "You are quite confrontational at ANI, and while I don't think that's always a bad thing, it has the potential to inflame things".

Generally, looking over Tarage's comments at AN and ANI, they are frequently the most aggressive and the most confrontational of anyone's, often tend to offer the least by way of constructive input, and he frequently just proposes the severest sanction of anyone - I won't diff every one that I think is too aggressive, but regulars at ANI will surely know what I mean.

I also note that of Tarage's 3,849 total edits, 1,078 have been to ANI or AN. That's a full 28%, and way more than the 758 edits he's contributed to actual main space encyclopedia contributions. As a comparison, I think I'm a pretty frequent admin contributor to AN and ANI, but my "drama board" contribution amounts to a mere 4.7% of my edits.

What do I want here? I'm really not sure. In short, I think Tarage has a chronic record of making what is an unpleasantly confrontational forum even more unpleasant and confrontational, and it's pretty much on a constant drive-by basis. If you all think I'm being oversensitive and it's fine to be this aggressive (and, for example, call people little snots) then I'll take that on board and will just try to ignore him. But I don't think I am being oversensitive, and I really do think Tarage needs to tone down his aggression - and I'd be happy with just a consensus here that he should do that. (See topic ban proposal below. Boing! said Zebedee (talk) 16:54, 30 November 2018 (UTC)) Boing! said Zebedee (talk) 15:48, 30 November 2018 (UTC)

• This may not be a really useful comment, because I doubt there's a drama-free way to do anything about it, but it's on my mind so I'll make it anyway. I have recently been thinking more and more and more that there are roughly 1 dozen people (approx, I haven't counted, but in that range) that make AN/ANI much more dysfunctional, unpleasant, and actively harmful to the smooth operation of an encyclopedia-generating project. I'd like to see all of them topic banned from the two pages. Tarage is one of them. On the one hand, it seems odd, possibly unfair, to focus on just one of them, when there are arguably even less helpful ANI regulars than he is. On the other hand, perhaps we have to start somewhere? My problem isn't so much with an isolated "little snot" comment here and there (the person he was referring to was pretty much a little snot), but the relentless aggression and escalation that often does make things worse. I'm not looking to make AN or ANI a saccharin fairyland with rainbows and unicorns, but it needs to be a place where problems get solved. Right now, it's become "WP:AN/Votes for Punishment". Is the answer cutting one person out of the herd at at time? A dozen votes for banishment from AN/ANI? A (doomed) effort to come up with general rules of engagement? I honestly don't know. I do think something should be done. Not to prevent occasional "little snot" comments, but to make this a place where problems have a bigger chance of being solved, instead of blown up. --Floquenbeam (talk) 16:09, 30 November 2018 (UTC)

  Absolutely, yes, it's not the one "little snot" comment, it is as you put it "the relentless aggression and escalation." Would getting rid of the aggressors one at a time help? Not sure, but that approach seems to be working at the Ref Desks. Boing! said Zebedee (talk) 16:16, 30 November 2018 (UTC)

  • • After many failed attempts to impose rules, finally the RefDesks got much better (not all better, but much better) after the banning of a particularly troublesome user. --JBL (talk) 16:26, 30 November 2018 (UTC)

The little snot comment was a PA and he should have been sanctioned for it, but (for example) the arbcom comments were not just him alone. I think (and have made this point more then once) that he is just a symptom of a general decline in "soft" civility (and may in fact merely be reacting and making a point about that) (such as in the arbcom comments, "if an Candidate can be rude why not me?").Slatersteven (talk) 16:19, 30 November 2018 (UTC)

• I have long felt that Tarage's conduct at ANI is gratuitously obnoxious. I would favor a topic ban banning them from ANI with the usual exceptions. Blocking Tarage is a less attractive option, particularly given that we are now having this discussion. As for Floquenbeam's comments, although I am sympathetic to addressing the larger picture, I don't think it's practical. If there are other editors he has in mind, we should address them one by one.--Bbb23 (talk) 16:30, 30 November 2018 (UTC)
• There's one point I meant to make but forgot, and I've been reminded of it by Floquenbeam's comment about "relentless aggression and escalation." There might not be any individual contribution by Tarage that in itself would be enough for a sanction, and I think that might make it difficult to do anything about the problem. But his constant, relentless, low-to-mid-level aggression is, I think, very damaging to the functioning of the AN/ANI boards. And I think it needs to be stopped. Boing! said Zebedee (talk) 16:38, 30 November 2018 (UTC)
• @Boing! said Zebedee: There is an overall problem with the culture at admin noticeboards. They're full of trolling, incivility and harassment. But that's not unusual. The unusual part is that it's being sanctioned and encouraged by other editors and even administrators. That is a systematic problem.--v/r - TP 16:52, 30 November 2018 (UTC)

And that is what needs to be tackled, and I fail to see how targeting Tarage achieves this. Is he one of the users being supported by tame admins?Slatersteven (talk) 17:14, 30 November 2018 (UTC)

So, I'll have to disagree. We need to combat the culture AND deal with the worst offenders. This place needs to stop being treated as a game. These psuedonyms are real people and somewhere along the line we've forgotten that. And that needs to be fixed. Treating each other like we're real people is a culture issue and is on all of us. Being unnecessarily dickish is in the individuals, though.::v/r - TP 17:28, 30 November 2018 (UTC)

I would not support any sanction on this user. I think that somebody should ask him to restrict himself to one post per week on Dramah boards. I would be willing to bet a doggy biscuit that Tarage has no idea how obvious this behaviour is, and how it reflects badly on him. I write this because I understand T's motivation, and there but for the grace of wikispagmonster go I. -Roxy, the naughty dog. wooF 17:32, 30 November 2018 (UTC)

I agree with TP here. A culture is essentially the sum of its contributors, and targeting the individual contributors who damage the culture is a valid way of addressing it. Boing! said Zebedee (talk) 17:40, 30 November 2018 (UTC)

Except we are not, we are targeting one (who is not I think even the worst offender, at ANI right now we have discussions about how dickishness is OK "because we can do nothing about it". No it is not people like Targe who are damaging the culture. It is the users (and more so) the admins who will fetch up at an ANI and say "but there is nothing we can do" when a users is repeatedly obnoxious. He is not the cause he is a symptom, and you do not cure a cold by chopping of the nose. This is just "doing something" without actually tackling the underlying cause.Slatersteven (talk) 14:27, 2 December 2018 (UTC)

• I endorse Bbb23's observation as it matches mine. I've often noticed Tarage's unusual obnoxiousness in AN[I] discussions, in a sort of a "you probably shouldn't have said that" sort of way, but always when I'm distracted by whatever's actually going on in the thread. AN[I] are enough dramah without users being hostile for no reason. Ivanvector (^Talk/_Edits) 18:10, 30 November 2018 (UTC)

::Question to Admins reading this: Have any of you actually asked Tarage about this behaviour, and made constructive comment? Are we going towards a Snow decision for a sanction, without anybody saying, "Please stop, old chap, thanks." -Roxy, the naughty dog. wooF 18:44, 30 November 2018 (UTC)

Yes here is the most recent example [8] Legacypac (talk) 18:50, 30 November 2018 (UTC)

Roxy, yes, I have provided links above and have described my attempts. Boing! said Zebedee (talk) 19:01, 30 November 2018 (UTC)

So because I removed a message from Boing, who I have asked repeatedly not to constantly come and template me, they start an AN section on me? Is anyone else even remotely concerned by this? Am I not allowed to removed talk page messages anymore? "little snot" was my attempt to downplay my "hostile, agressive, or disparaging" behavior. I'm trying here. I think it's very disingenuous that Boing was the one to bring this. --Tarage (talk) 18:54, 30 November 2018 (UTC)

Also what's being ignored here are the attempts I have made to council users who I felt are worth trying to save. There was even one who I tried to help who ended up being a sock! There's another who was adding poor english to numerous articles. Please see User:Bishonen's talk page to see my long conversation with them. That folks are voting to throw me out without even hearing my side of things, considering this was launched while I was asleep, seems very symptomatic of the very thing people are criticizing me for. --Tarage (talk) 19:02, 30 November 2018 (UTC)

How on earth am I supposed to have any idea when you're asleep? Discussions like this go on around the clock and allow for people in all time zones. I'll be off to sleep in a couple of hours myself, but I won't complain that others are not allowed to talk about me when I'm in dreamland. Boing! said Zebedee (talk) 19:14, 30 November 2018 (UTC)

Tarage, just a few months ago you aggressively called for my removal as an admin because my logging off six hours after doing something was "cowardly", "undefensible" (sic), and that I was a "bad admin" ([9]). Maybe now you can empathize a little bit more about the unfairness of being criticized for not being available 24/7. Fish+Karate 11:29, 3 December 2018 (UTC)

https://en.wikipedia.org/w/index.php?title=User_talk:Tarage&oldid=871392139 So this is what happens. I make comments here trying to defend myself and my behavior and asking questions, and not only does it result in comments here (Which is fine, because obviously I'm reading this page and understand people are going to reply), but ALSO a message on my talk page with roughly the same thing. Saying that I am unaware and that I am posting nonsense. I don't understand how I am supposed to defend myself against this. I find it... telling that the same people who are claiming that I am toxic and harsh are being so to me. Even though I've asked Boing to have someone else comment on my behavior because I perceive an unfair bias against be due to the many threats to take me to ANI they have levied against me on my talk page, they continue to be the one to do so. And then if I act frustrated at this, it escalates to AN. I don't think this is fair. --Tarage (talk) 20:10, 30 November 2018 (UTC)

People are being toxic and harsh to you because they have been forced to to resolve many months or years of your toxic negative behaviour.--Literaturegeek | T@1k? 20:17, 30 November 2018 (UTC)

Years? I never had a problem beyond this last year. Again, I find it bemusing that the very same behavior I am being criticized for is okay to do to me and not criticize it. I just have to be silent. --Tarage (talk) 20:20, 30 November 2018 (UTC)

Twice more people have come to my talk page, including Legacypac who, just after TParis suggested not responding to me there, responds. And then power~enwiki comes in and starts in on me. I don't know what to do to make this stop. Why am I being attacked on multiple fronts? Why do I have to debate people on multiple pages? --Tarage (talk) 20:30, 30 November 2018 (UTC)

If you consider [10] to be hostile, I give up. power~enwiki (π, ν) 20:33, 30 November 2018 (UTC)

I didn't say yours was hostile. I never said that. I said I don't want to have to try to fight on two fronts. Also we have a history of not getting along, so I don't know why you are doing this. --Tarage (talk) 20:34, 30 November 2018 (UTC)

Also I thought we just had a referendum on the word "fuck" that it wasn't sanctionable. I feel like every time I try to say something someone else comes in to tell me that I'm wrong and not listening, so I guess I have to just stop trying to say anything and take whatever happens. I'm sorry I was hostile. I'm sorry I started sanction suggestions. I was only trying to help when I saw bad behavior. --Tarage (talk) 20:37, 30 November 2018 (UTC)

I know how this works. I've seen it a million times before. Anything further I say will be used to illustrate how I don't get it or I'm not listening or I'm bad for Wikipedia. It doesn't matter if I apologize. It doesn't matter if I say I'm confused because people have told me I'm doing a good job. It doesn't matter if I feel like the same group of people are launching at me over and over again. It just doesn't matter. No one ever changes their minds on AN or ANI except to be more harsh. You're with the clique until you're cast out. It's like highschool all over again, some of the worst years of my life. I'll just stop. I don't have any way to stand up for myself anymore. --Tarage (talk) 21:05, 30 November 2018 (UTC)

I've been a victim of the "trying to explain myself" being used as an example of not getting it; so I empathize. But, I've also seen you describe your own uncivil actions and then use a strawman to steer conversation off course. Something like "All I did was (very bad thing) and (somewhat good thing), and if (somewhat good thing) is bad then I'm sorry" kind of replies. You know what is wrong, you've stated as much, but then you use a strawman to poisen the discussion.

Also, I think you're the victim of a false sense of confidence because other ANI regulars, that I've hinted at, have egged you on. There are people here who are encouraging bad behavior - and that needs to stop. Those people have given you the idea that it's acceptable and that you're part of the "in-crowd" because of it. Those people need to knock it the fuck off. But that doesn't absolve you of being responsible for your own behavior.

Honestly, you're being played by them. They're egging you on to say the thing they want to say but know they shouldn't. But if you say it, it gets said and they aren't responsible for it. You're their pawn. You should be pissed at those egging you own.--v/r - TP 21:44, 30 November 2018 (UTC)

I said I was sorry. I said I understand. I said I am confused about the very issue that brought things here and what I am and am not allowed to do with my talk page without fear of repercussions. I said I am uncomfortable with so many people coming to my talk page and telling me how awful I am. I tried to explain why I was trying to do what I was doing and that I was only trying to help. I don't know what else I can do. It doesn't seem to matter. I can't even ask someone who has defended me to come say anything either. No one will speak on my behalf, even though so many have told me I was doing good. I give up. --Tarage (talk) 21:55, 30 November 2018 (UTC)

You might try to propose an alternate solution to a topic ban. One that offers the same assurances with less restrictions and less formality.--v/r - TP 21:57, 30 November 2018 (UTC)

I said I won't ever propose sactions against anyone else ever again. I won't ever remove anything from my talk page ever again. It doesn't matter. You say humbled, I say humiliated. Either way I doubt I'm going to be contributing much anymore. Like I said, this is like highschool. I have enough wrong with my life. --Tarage (talk) 22:05, 30 November 2018 (UTC)

The thing is, neither of those actions are themselves the problem. It's not what you're doing, it's how you're doing it. To take one example, picked at more or less random: the problem with this edit isn't what you're saying. Saying that the claims of people who aren't following community norms don't require particular scrutiny, which I take to be your meaning, isn't bad. Obviously not a universal sentiment, but it's pretty similar to WP:BANREVERT, which is of course policy, so it's not a bad thing to express. The problem is how you expressed it; talk shit, get hit is an unnecessarily hostile way of phrasing it. That one thing isn't bad enough to be worthy of sanctions on its own, not terribly close, honestly. But as a consistent pattern of expression, it's problematic, and I think it is representative of a pattern. That's what people want you to change, and just promising to stop suggesting sanctions or blanking talk page posts (which is a red herring, it's not really relevant) doesn't directly address the problem. Writ Keeper ⚇♔ 22:19, 30 November 2018 (UTC)

I realise it is hardly my place to comment on something here but i feel like i should regardless. I read on ANI from time to time and have of course also noticed Tarages comments. But people should not forget that this is an issue about a human being, regardless if right or wrong, and a situation like this is phsycologically demanding, even humiliating and hurtful. Something Tarage himself may have forgotten when commenting about other people at ANI in the past. Even if a person is clearly wrong, a treatment they view as hostile, as unfair, as ganging up on oneself and so on, is hard to take. Just like this is i imagine. Now, i fully realise that being harsh is necessary sometimes, but it can still be hard to take. If they have any desire to stay on Wikipedia, i am pretty sure this experience will change their outlook, no matter if there is a formal topic ban or not, because they now know how such a treatment, even if only perceived to be so, can feel like. I am not asking for leniency, but just ask to put yourself in his position right now, just as he may put himself in the position of other people before commenting in the future knowing how it can feel like. Sorry if this is out of line, but i thought this needed saying. 37.138.75.0 (talk) 23:07, 30 November 2018 (UTC)

37, that was well said. Boing! said Zebedee (talk) 08:24, 1 December 2018 (UTC)

The discussion above is closed. Please do not modify it. No further edits should be made to this discussion.

Propose topic ban

I Alanscottwalker (talk) 18:28, 4 December 2018 (UTC) have re-opened because of the extended discussion below and Sandstein's permission[11], also, so all comments on this will be considered, please close after whatever time is needed. Sandstein's earlier close was as follows:

Consensus for a ban is essentially unanimous. Three months looks like the maximum length that has consensus. Note that this is a topic ban, not a page ban, so Tarage is also prohibited from mentioning AN/I, referring to AN/I discussions, etc. This may or may not make sense, but you all explicitly wanted a topic ban, so that's what Tarage gets. Sandstein 17:59, 1 December 2018 (UTC)}}

In the light of early comments, I propose a topic ban on User:Tarage from the WP:AN and WP:ANI boards, with the exception that he can contribute to any discussion that involves him directly (and any other standard policy-based exception). The length of the ban and how soon it can be appealed I will leave to others to suggest. (I'm adding ths immediately before the topic ban support from User:SemiHypercube below, hope you don't mind, SemiHypercube) Boing! said Zebedee (talk) 16:50, 30 November 2018 (UTC)

(edit conflict)@Boing! said Zebedee: Don't mind at all, helps sort this discussion. ^Semi_Hypercube ✎ 16:53, 30 November 2018 (UTC)

• Weak support of topic ban from AN/ANI per WP:CIVILITY. Not sure if this needs to be temporary or indefinite, but one may be needed. ^Semi_Hypercube ✎ 16:42, 30 November 2018 (UTC)
• Support temporary TBAN of 1-3 months. There's definitely a problem here, and one that I don't see being solved without Tarage taking at least a month's vacation from these boards. If there's a different proposal that might do that, I'll reconsider. I don't think an indef tban of one editor will help matters. power~enwiki (π, ν) 17:01, 30 November 2018 (UTC)
• Support temporary TBAN of 3 months. The administrative noticeboards are important, and it's important to remove disruption that limits their effectiveness when people comment on contributors rather than content. A break from the dramah would do Tarage good. Sometimes it's good to get away from it for a while, and I think three months is a good refresher period. Jip Orlando (talk) 17:15, 30 November 2018 (UTC)
• Support Finally! Tarage always advocates for a site ban or whatever would be the harshest response and is very rude. If I see another knee-jerk "Boomerang!" on that board any time an editor posts about a problem, I'm gone as an IP editor. A totally negative presence and can even be demoralizing. Many of the regulars there are toxic, too. 204.130.226.100 (talk) 17:40, 30 November 2018 (UTC)
• Support after the nth aggressive comment was removed from a thread I closed I went to urge him to tone things down and found Boing had the same idea. He gave the wrong response! If this thread were about someone else Tarage likely would post an insult and propose an indef. A topic ban is a kind solution. Good for the soul to stay away from ANi anyway. I hope I'm not on the list of a dozen trouble makers :) Legacypac (talk) 18:03, 30 November 2018 (UTC)

It's the wrong response to remove things from your talk page? I was not aware I was not allowed to remove things from my talk page anymore. --Tarage (talk) 18:57, 30 November 2018 (UTC)

• Support Tarage's commentary on noticeboards often serves only to inflame already sensitive discussions where tempers can run high. I've openly expressed my antipathy towards his comments (i.e. in this discussion) and believe a topic ban would be beneficial to those who are reviewing cases on noticeboards with an eye to resolving the problems presented as opposed to ratcheting up the drama. There are a cadre of individuals who are far too preoccupied with the drama boards and feel that they need to pipe up with their opinion on the majority of discussions regardless of the soundness of their advice, but Tarage's participation often strays farther over the line of peanut gallery into outright disruption. -- Jezebel's Ponyo^{bons mots} 18:09, 30 November 2018 (UTC)

  Gosh, yes, I'd forgotten about that one - crass insensitivity of an appalling nature. Boing! said Zebedee (talk) 18:16, 30 November 2018 (UTC)

Have I commented on anyone's mental health or physical health since then? I've been trying. Thanks for punishing me for trying. I knew I'd never get a fair shake from you. --Tarage (talk) 18:58, 30 November 2018 (UTC)

• Support indefinite topic ban with the usual exceptions, and excepting that they may appeal to this board when their attitude has improved. Ivanvector (^Talk/_Edits) 18:10, 30 November 2018 (UTC)
• Support 'Avoid AN/I' is good wiki-folk wisdom and with numbers and participation like this, mandating seems the way to go. Alanscottwalker (talk) 18:23, 30 November 2018 (UTC)
• Support I've had a look through Tarage's recent edits to AN/ANI, or which there are an awful lot, and most of them have a tone which is overly hostile, aggressive, or disparaging. This isn't a great response to being questioned on the "indef the little snot" comment either. There are plenty of other places to contribute here. Hut 8.5 18:50, 30 November 2018 (UTC)

I honestly don't understand this. Am I or am I not allowed to remove messages from my talk page? Do you realize that I was unfairly BLOCKED the last time I removed one? And who unblocked me because they saw that it was nonsense? Boing. If there is a specific rule somewhere that says users aren't allowed to remove ANYTHING an admin posts, PLEASE show it to me, because I am honestly not aware of it. --Tarage (talk) 19:00, 30 November 2018 (UTC)

Oh come on Tarage, this is *not* about you removing stuff from your talk page! Boing! said Zebedee (talk) 19:06, 30 November 2018 (UTC)

Given the clueless responses, this restriction needs to be permanent. Legacypac (talk) 19:12, 30 November 2018 (UTC)

This is what I'm talking about. I'm not being afforded any good faith here. I said "I honestly don't understand this" and I mean it, and what I get back is statements that I'm clueless and should be restricted even more. I am, again, honestly asking the following: What is and is not okay for removing talk page messages? Am I allowed to comment about how I am upset about something in the edit comment? Do I need to be silent? Is there a page where I can find out what is and isn't allowed? Please, someone tell me in a way that isn't mocking me. --Tarage (talk) 20:05, 30 November 2018 (UTC)

I'm not the one from whom you might be asking for help, but I hope you will let me try to explain. The problem really is not your removal of my comments from your talk page or your edit summary. You were perfectly entitled to do both. But what that meant to me was that you were rejecting my personal overtures and that I had no alternative but to ask the community here at AN to look at the issues I wished to raise - you can't really demand that I don't raise them with you personally, but also don't raise the with anyone else at any other forum. The problem, which I have tried to raise with you several times but have been met with intransigence, is that your contributions at ANI have been overly aggressive for a long period. It seems that everyone who has commented so far agrees with that assessment, so you really have no grounds for thinking that it's just a personal issue of mine. And so far, you have said nothing to address my complaints of your chronic aggressive approach at ANI. Does that help explain what it is you don't understand? Anyway, I'm off to sleep shortly, so it's goodnight from me for now. Boing! said Zebedee (talk) 20:19, 30 November 2018 (UTC)

So I'm not allowed to "reject your personal overtures" because I feel you might be biased? I'm not allowed to ask that someone else interact with me? --Tarage (talk) 20:23, 30 November 2018 (UTC)

Again, this is the problem. I ask that you not interact with me, or go through someone else, and you flat out ignore that. Every single time. You have no respect for me or my wishes. Even here, when I clearly say "I don't want to interact with you", you are the first to reply. I have no ability to reject talking to you. --Tarage (talk) 20:25, 30 November 2018 (UTC)

I doubt you're still following this or that it will matter, but I want to try to clarify a couple of things. Yes, of course you have a right to reject my overtures and to ask for someone else to deal with the issue. That is exactly what is happening here - I am asking the community to examine my concerns, which is how Wikipedia's conflict resolution works. The fact that you believe I am biased against you is a good reason why I personally should not take any admin action, and I recognize and respect that. But it does not mean that I am therefore not allowed to raise my concerns elsewhere. You have the ability to reject talking to me directly, yes, by simply not doing so - but you do not have the right to reject my ability to ask the community to examine my concerns. Boing! said Zebedee (talk) 08:23, 1 December 2018 (UTC)

Where exactly did I criticise you for removing comments from your talk page? I didn't. The edit I linked to did not involve you removing a comment from your talk page. It was you responding to a concern from another editor that "little snot" was a personal attack by denying that it was a personal attack, when it pretty obviously is. That suggests to me that you can't recognise what is and is not a personal attack. Hut 8.5 21:22, 30 November 2018 (UTC)

• Support Floq's right, removing a few people from these noticeboards would not hurt them terribly and should certainly help discussions here. I'm afraid Tarage is one of those. Tarage, there's a lot of useful stuff to do outside of AN/I. Doug Weller talk 19:10, 30 November 2018 (UTC)
• Support indefinite topic ban per lack of clue during topic ban voting It is very harmful to the project if an editor is continually seeking the harshest punishment or restriction for others whilst themselves are engaging in bad potentially sanctionable behaviour. I think an long indefinite break from this topic area will also be of benefit to Tarage.--Literaturegeek | T@1k? 20:36, 30 November 2018 (UTC)
• Strong support I'm glad to see this discussion started, as I've been bothered by Tarage's behavior for a long time. His behavior at the noticeboard feels like that of a Buford Pusser wannabe, in which he shows up and immediately adopts a confrontational stance with users in which he is laying down the law. The vast majority of his comments at ANI can be boiled down to either some sort of version of "you must stop this now or be blocked" or "this whole conversation is stupid," both of which almost always inevitably escalate tensions and frequently redirect the conversation away from figuring out what the source of the dispute is to trading blows or voting on the ban that Tarage generally proposes right away. His participation in this thread is a great example of this behavior, and I was especially appalled at the fact that he leveled a fairly serious claim of an editor using racism accusations in order to win content disputes, and then explicitly refused [12] (with some additional rude dismissiveness thrown in for good measure when he re-edited his own comment) the user's astonished request that Tarage provide diffs to back up that claim. ANI is not a showdown where you draw a line in the sand and see who blinks first, and unnecessary aggression isn't needed at a place where tensions are usually already running high to start with. Grandpallama (talk) 20:07, 30 November 2018 (UTC)

Wanting editors to stop calling other editors racist is rude and dismissive? --Tarage (talk) 20:21, 30 November 2018 (UTC)

Alleging editors weaponize accusations of racism to win arguments requires evidence. Responding to a request for that evidence, by the accused editor, with rude and dismissive language should result in sanctions, correct. Also, I realized I needed to clarify: my vote would be for an indefinite topic ban, since the responses here indicate more than just a cooldown period of a few months is needed. Grandpallama (talk) 20:23, 30 November 2018 (UTC)

Both editors were calling the other editor racist in the thread. Back to back. I don't need evidence when they are doing it right there. That is why I suggested sanctions. Because I wanted it to stop. If my suggesting sanctions is a problem I won't ever do it again. I was only trying to help. --Tarage (talk) 20:26, 30 November 2018 (UTC)

I don't want to fully rehash a closed thread, but what was going on there wasn't as simple as two editors calling each other racist until you weighed in and described it as such. There was one editor who was using a lot of racially-charged language and racial taunting, which resulted in the other editor calling those views racist. Then you started weighing in, and while you may have been only trying to help, the result was gasoline on a fire. And an escalation of tensions that derailed the entire discussion, including whether or not the reported editor may have, in fact, been subtly inserting racist views (which a few of us were beginning to suspect) and whether or not the reported editor was fabricating sources to support those views, which Doug Weller may have uncovered. Grandpallama (talk) 20:54, 30 November 2018 (UTC)

• Support indefinite topic ban with a right to appeal in six months.--Bbb23 (talk) 21:02, 30 November 2018 (UTC)
• Support indefinite 3 month topic ban - The first 3 ANI diffs were enough to swing me here, His comments aren't helpful or even needed, I've had issues with his comments for quite some time so glad to see this has finally been brought up, Probably already noted above but the only exception to this ban should be if it involves their topicban. –Davey2010^Talk 21:08, 30 November 2018 (UTC)
• Ugh. This all feels very Reign of Terrorish; I know some people I don't think should be participating at AN/ANI (at least the way they normally do) are gleefully voting here. Does it bother anyone else that in trying to solve a general drive-by pile-on Votes for Banning problem, we've quickly jumped to an up-and-down vote for banning? I don't really relish a series of these. I hasten to add that I don't really have a better solution, and I suppose it could be a case of poetic justice, too. But in the future, I'd hope we stick to a more discussion-based persuasion (albeit with an implied threat of a topic ban if things don't go well). --Floquenbeam (talk) 21:49, 30 November 2018 (UTC)

(edit conflict)It appears that the torches and pitchforks have come out. I don't approve of an indefinite TBAN- I think that is overboard and draconian. I'm a fan of the limited TBANS- remove the temptation of getting involved in drama and if the disruption resumes after it expires, then talk about an indefinite TBAN. I certainly don't want to lose Tarage as a contributor. Jip Orlando (talk) 21:58, 30 November 2018 (UTC)

• Always the voice of reason.--v/r - TP 21:53, 30 November 2018 (UTC)
• I agree with your concern that we don't want this to just feel like someone is being crucified, but I also think the characterization that what's being addressed is a general drive-by pile-on Votes for Banning problem is not accurate. The problem is not in drive-by votes, and the proposal of bans is a lesser issue; Boing and other folks commenting have made it pretty clear that this is about rude and hostile drive-by comments that inflame, rather than extinguish, problems at ANI. Grandpallama (talk) 22:29, 30 November 2018 (UTC)

• Floquenbeam - You're more than welcome to start a new thread and have me topicbanned from AN/ANI!, I'm entitled to my opinions and I never expect anyone to agree with me, It's worth noting I comment on a wide range of things here and have on more than one occasion opposed blocks and bans against people .... I don't feel 3 or 6 month topicbans will work but like I said that's my opinion. –Davey2010^Talk 23:44, 30 November 2018 (UTC)

• (If your comment had absolutely nothing then please accept my sincere apologies, Looking through my contribs I've certainly been coming here a lot over the past few months so maybe I too am part of the problem....but as I said if your comment had nothing to do with me then I sincerely apologise. –Davey2010^Talk 13:15, 1 December 2018 (UTC))
• Davey2010-I also have no problem with Floquenbeam topic banning me from AN Main and ANI. A admin yesterday told me that I am only wasting my time here because I am new, but they still said it is up to me if I want to stay here. They told me that there is no rule that prevents new users from expressing their oppinions and views over a specific issue here. Aceing_Winter_Snows_Harsh_Cold (talk) 23:52, 30 November 2018 (UTC)

• Even though I am not a admin, I would like to say Support strongly. The way the users talk to others is very harsh or unwelcoming. The user should get topic banned from talking on any notice boards and talk pages(with the exception of their own talk page, just for appeals that is.) In a previous discussion where I talked about my opinion on the sanctions that should be put in place against KidAd, Taraje responded with an "attack phrase". On top of that he even showed on that response that he does not know the disiplanry norms of Wikipedia, where a user should never get a indef block immediately from just a week topic ban, unless of course the user is making extremely obscene or extremely harmful edits. This was not the case with KidAd. Also Taraje is making derogatory comments when replying to talk pages of other users, thus creating a hostile environment. Until, Taraje improves the way they talk to other users I suggest that they get topic banned from notice boards and talk pages of other users. Aceing_Winter_Snows_Harsh_Cold (talk) 22:07, 30 November 2018 (UTC)
• Support temporary topic ban As Writ Keeper said, it's not what's being done but how it's being done that's the issue. The dramahboards are toxic enough as it is. Miniapolis 23:01, 30 November 2018 (UTC)
• Support - Regretfully. I think Tarage is trying to help and often does, but inflammatory personal comments about people, including editors who deserve to be sanctioned for various reasons, are not helpful to the point of being mildly disruptive. I think a topic ban for 3-6 months should be sufficient to cement the idea that there are live people behind each username, and being kind is a low price to pay for a harmonious Wikipedia. - MrX 🖋 23:02, 30 November 2018 (UTC)
• Tarage is a symptom of the problem. While his comments may be more incivil than those typically made at ANI, they are of a comparable substance to the average. That's not a good thing. The entire process of being dragged before a public noticeboard to resolve a dispute and be evaluated by the regulars there, and in some cases mocked or joked about, is completely contrary to any best practices surrounding dispute resolution. I still remember how unpleasant it was the one time I was dragged to a noticeboard on Meta, and that was nearly eight years ago now. I support a 3-6 month topic ban for repeated incivil and inappropriate behaviour at ANI, and hope that it sends a broader message that better behaviour is expected in general at that location. I doubt it will, but one can hope. -- Ajraddatz (talk) 23:16, 30 November 2018 (UTC)
• Oppose per WP:BUTTERFLY and WP:22PRAIRIAL. AN/I has a problem. Tarage is part of the problem, not the whole of it, or, to put it another way, cutting off a branch will not cure the bleeding. The problem we face here is not snark (or even snot) from one editor, but, rather, our equivalent of the Augean stables: A broader approach needs to be taken. Possibly—probably certainly—along the lines that Floquenbeam has already mentioned. ——SerialNumber54129 09:33, 5 December 2018 (UTC)

Revisit Topic Ban discussion

Since the 24 hour open requirement in WP:CBAN was not correctly followed (see discussion below, and the new thread further down the page) I am opening a new discussion section for a minimum of 24 more hours in an attempt to make it right. I don't believe everyone needs to vote again, but this is an opportunity for additional comments and votes. If the overall consensus shifts an Admin can redo the paperwork. Legacypac (talk) 00:23, 4 December 2018 (UTC)

• Support per my comment here. Tarage's participation adds heat to a venue that suffers dearly from excessive heat. Attack dogs are not what ANI needs. I'd prefer indefinite ban from ANI, as I think Tarage would have changed his or her ways before this proposal if he or she were capable of doing so. But the next chance, should Tarage seek and be granted one, should be the last. ―Mandruss ☎ 03:15, 4 December 2018 (UTC)
• Oppose community ban. Tarage is one of the ANI board regulars, one who often calls for an indefinite block from the word "Go". But he's not the only editor who frequents ANI and looks for the weak gazelle in the pack, which is often new editors who don't know their way around a noticeboard but have just been told to go there to resolve disputes (usually a big mistake). In fact, I think telling brand new editors to file a complaint on ANI over a dispute with another editor is sending them on a suicide mission and should be stopped. They almost never get the resolution they are looking for and they usually find themselves becoming the target.

I think a short-term topic ban would be good for Tarage and for ANI but I don't think it will substantially alter the "gang-up on the inexperienced editor" atmosphere at ANI. My only thought is that if Tarage receives a limited topic ban for his adversarial behavior maybe others who frequent ANI to lay down the law will also back off, at least from the most egregious behavior. One can hope! Liz ^{Read! Talk!} 05:44, 4 December 2018 (UTC)

• Excuse me, but since you say that you think a "short-term topic ban" would be good, why are you !voting "oppose" here? A short-term topic ban is exactly what was being proposed. Nobody has proposed a full community ban. Fut.Perf. ☼ 12:09, 4 December 2018 (UTC)
• Yes, the close (now reopened) resulted in a 3-month topic ban from AN/ANI, and nobody has proposed anything more than that. Boing! said Zebedee (talk) 16:19, 4 December 2018 (UTC)

• I just did. See my reasoning below. -Guy Macon (talk) 17:46, 4 December 2018 (UTC)

I thought LegacyPac was talking about continuing a WP:CBAN discussion. The topic ban issue had already been settled so I was opposing a community ban. Sorry I got in late to the discussion so I was making a few comments about the entire process. Liz ^{Read! Talk!} 19:53, 4 December 2018 (UTC)

• Oppose community ban - I've gone over this a few times now and I think that there's a hasty tendency to condemn Tarage in a punitive manner, which is likely what has driven him off the project - whether or not it's temporary or permanent is immaterial. Frankly, very little of what he has said goes beyond the pale of the normal fare of incivility one sees on ANI on a day-to-day basis. I agree with Liz that a short-term topic ban would be a better solution. It would encourage Tarage to consider focusing his efforts on contributing to other areas of Wikipedia besides the aptly named "drama boards".--WaltCip (talk) 11:54, 4 December 2018 (UTC)
  • Same question as to Liz above; could you please clarify? Fut.Perf. ☼ 12:09, 4 December 2018 (UTC)
• Comment I already !voted before the original thread was closed. However, I just want to note that Tarage may have left the project forever. I'm not sure if there's any point (other than for process) for keeping this discussion open, since his "community topic ban" has, in a sense, become a "voluntary site ban". I think we should leave him alone, he wants to leave. ^Semi_Hypercube ✎ 12:21, 4 December 2018 (UTC)

He got pissed off about being restricted from two pages on the site and left. That is his decision not anyone elses. Legacypac (talk) 19:28, 4 December 2018 (UTC)

One-week retirements are a common occurrence, far more common in my experience than permanent retirements. There's a good essay about that somewhere, I forget where, part of the gist being: Don't do it, it's dumb and makes you look impulsive and foolish. My money is on a reappearance before Christmas. ―Mandruss ☎ 23:36, 4 December 2018 (UTC)

@Mandruss: I believe the essay you are talking about could be Wikipedia:Rage quit? ^Semi_Hypercube ✎ 12:25, 5 December 2018 (UTC)

@SemiHypercube: I don't think so. That's a humorous essay and I find it hard to see much humor in such things. More likely Wikipedia:Don't be high-maintenance#Frequent threats to leave. ―Mandruss ☎ 12:33, 5 December 2018 (UTC)

• Well this is a fine mess. If someone has an issue with the original close, the proper course of action would be to discuss with the closer (Sandstein) and/or request a close review as a separate discussion. Since the original close, we have at various times had four discussions open regarding procedural issues with the original, and tacking on an "additional comments" section to the original, still closed discussion just introduces a whole new set of procedural issues. Is this a close review or is it a continuation of the discussion? Should editors who have already commented repeat their comments or will that be taken as double-voting? Are we challenging the close or relitigating the ban? Tarage has every right to be upset about how this has played out, and none of us is helping that situation. Tarage has chosen to quit the project, but is free to appeal if they decide to come back, and there's nothing that needs to be urgently settled in the meantime. May I suggest, out of basic decency and respect for Tarage's dignity, we immediately cease all discussions related to this and let things be? Ivanvector (^Talk/_Edits) 15:37, 4 December 2018 (UTC)

See the close review linked from the top of this section. There was pretty strong support for (re)opening a discussion for process sake. No one needs to vote again or comment. This is just to let editors who did not get a chance to weigh in do that. Legacypac (talk) 17:02, 4 December 2018 (UTC)

Well, if that's how we're looking at it, the ban proposal has now been on this page and open to comments for four days. It doesn't look to me like consensus is drifting from the original result, particularly seeing how several of the comments in the "additional" section are objecting to a ban that was neither proposed nor enacted, and one of those is explicitly supporting the ban that was proposed. My point is just that it's all very confusing. Ivanvector (^Talk/_Edits) 17:48, 4 December 2018 (UTC)

I'm sorry if my comment made things more complicated and went off on a tangent. I'd cross it out but it sounds like the best move is to close this back down rather than keeping the discussion alive. And that is it for me. Liz ^{Read! Talk!} 20:23, 4 December 2018 (UTC)

• Question: Let's assume for the sake of argument that this proposal gets 5 !votes against a topic ban and 0 in favor. Does that count as 5 to 0 against, or do we add in the previous 16 !votes for a topic ban and 0 against? We did tell those 16 people not to !vote again... --Guy Macon (talk) 17:43, 4 December 2018 (UTC)

No all the earlier votes count. And now someone overrode the process I set up and reopened the entire closed discussion. Whatever, he is going to stay topic banned anyway. Legacypac (talk) 19:28, 4 December 2018 (UTC)

IMO it was better to just reopen the whole discussion in the first place. As you said, ultimately all the previous comments were going to have been considered in any evaluation of consensus at the end of it, and by only opening this sub discussion there's clearly been a lot of confusion since some people seem to think we're talking about something else when we're still just talking about the original topic ban proposal since it wasn't open for long enough. Nil Einne (talk) 10:16, 5 December 2018 (UTC)

• Support 6 month topic ban: I reject any arguments of the form "he said he was quitting so we there is no need for a topic ban". Editors often say they are quitting and then come back. Also, I think that 3 months is too short. It is pretty standard to ask disruptive editors to demonstrate that they can edit productively on other topics for 6 months, and I see no compelling reason to make an exemption this time. --Guy Macon (talk) 17:43, 4 December 2018 (UTC)
• Suggestion: There was some talk about identifying more AN/ANI editors who should be topic banned. Might I suggest the following instead: "Proposal: It is the consensus of the Wikipedia community that User:Example's behavior on AN/ANI is undesirable" with language explaining that this is purely advisory -- no actual sanctions -- and encouraging them to listen and change their ways. If they don't we can propose a topic ban later. "As one comment below said, "I think this is the first time User:Tarage has seen their behavior become the subject of an community discussion. Before this, it was one or two people." --Guy Macon (talk) 17:49, 4 December 2018 (UTC)

It seems best to warn/council problematic editors on their talkpage then bring it to AN for a wider discussion and possible action. How will an extended warning discussion help much? Tarage was told not to act this way multiple times by multiple editors. I disagree with the statement suggesting this was a surprise to them. He blew off anyone who told him to knock it off. Legacypac (talk) 19:24, 4 December 2018 (UTC)

To be fair, multiple editors can be and often are wrong. I've from time to time had a handful of editors tell me I was out of line, and my reaction was: "Twenty other editors are aware of my actions and you're the only ones complaining about them. Get a consensus and I'll defer to it." I've modified my !vote above accordingly. I just wish it didn't take years to reach the point of seeking a community consensus. ―Mandruss ☎ 00:07, 5 December 2018 (UTC)

• Oppose (...some confusion as to which is now the relevany section!) per WP:BUTTERFLY and WP:22PRAIRIAL. AN/I has a problem. Tarage is part of the problem, not the whole of it, or, to put it another way, cutting off a branch will not cure the bleeding. The problem we face here is not snark (or even snot) from one editor, but, rather, our equivalent of the Augean stables: A broader approach needs to be taken. Possibly—probably certainly—along the lines that Floquenbeam has already mentioned. ——SerialNumber54129 09:33, 5 December 2018 (UTC)
• Oppose. Tarage was a bit rude and aggressive to me once (link above, somewhere) and on many occasions very rude and aggressive to many others, but this is the first time his conduct on AN/ANI has formally been addressed. I would like to give him the chance to change his ways before going straight to a topic ban. Many of the things he does are very helpful and I would like us to be able to retain the positive parts of his contributions while ditching the negatives. Fish+Karate 10:42, 5 December 2018 (UTC)
• Comment I've already voted, so I'm just weighing in to say that I wish the community would stop obsessing over this one particular conversation. It seems like a perfect time when WP:IAR applies. Should the conversation have been left open longer? Yes. Was the conversation so controversial with a lack of clarity about the consensus such that the need to revisit it again (and discuss ad nauseam whether or not to revisit it) worth doing so, when the outcome was pretty clear to everyone involved? No. It was pretty clear from Tarage's "woe is me" reaction to everything and the fact that neither closing nor keeping open the discussion made him happy that all the continued commentary was doing was making more toxic a discussion about reducing toxicity. If Tarage were clamoring for more conversation, this reopen and ongoing conversation would make a lot more sense. In the absence of that, what are we doing, other than beating a dead horse at no one's particular request? The issue is decided, and Tarage can return and appeal the TBAN if he feels so driven. Grandpallama (talk) 15:09, 5 December 2018 (UTC)
• Comment. This new section has already been open for significantly longer than 24 hours - can someone please put us out of this misery? Boing! said Zebedee (talk) 18:00, 5 December 2018 (UTC)

Propose WP:TROUT

The following discussion is closed. Please do not modify it. No further edits should be made to this discussion.

---

I think this is the first time User:Tarage has seen their behavior become the subject of an community discussion. Before this, it was one or two people. Having seen none of their previous "supporters" show up to defend them, I wonder if this whole thing hasn't been a humbling experience. I propose we defer action for a few weeks, with a WP:TROUT to Tarang, and see if this thread changes their behavior without a topic ban.--v/r - TP 22:02, 30 November 2018 (UTC)

• Oppose - I usually do respect this course of action, but for one thing I don't think Tarage has taken any of this to heart (they are continuing to defend themselves), and then I was also reminded about the cancer patient comment which was atrocious; in retrospect I should have blocked them then. But here we are. A trout is definitely not good enough. Ivanvector (^Talk/_Edits) 22:26, 30 November 2018 (UTC)
• Oppose. He is still dramatic and temperamental and despite claiming to have left Wikipedia he appears to be refreshing his watchlist often because of removing the talkpage post from Zebedee three minutes after he made it, unless he got an email notification. He may well return to editing once he calms down and realises it is not as big a deal as he thinks. I do feel sorry for Tarage, he is clearly hurt, but life is about victories and losses and sometimes people fail in one area and excel in another, or they need a break to try again after reflecting. People are devastated when they get bad exam results, all their hard work down the toilet, but we can’t just give everybody a pass when they fail just to avoid hurt feelings. A trout won’t resolve this situation, I am afraid. We are a welcoming community and we would like to see him back on Wikipedia editing productively, just not on AN and AN/I for a while. He needs a break from there to reflect and learn before he can return.--Literaturegeek | T@1k? 09:58, 1 December 2018 (UTC)
• Support - this with a final warning that future disruptive behavior at ANI will result in the topic ban going into effect. I noticed at least two admins above commented that they had long felt and often noticed Tarage's obnoxiousness/obnoxious behavior at ANI, but yet they never blocked Tarage for it. Boing! said Zebedee warned Tarage three months ago about their behavior at ANI and when Tarage continued that behavior, they still weren't blocked. I don't know, I could be wrong, but lately it seems there is an unwillingness to block editors for disruptive/uncivil behavior, instead just letting it slide, making the editor feel comfortable and emboldened in continuing that behavior. Tarage's talk page is littered with comments about their uncivil behavior, but yet their block log shows only one block which was quickly undone. If admins can see that warnings aren't working, why aren't they blocking that editor, with escalating blocks as needed. This piling on just doesn't feel right to me, and I'm willing to give Tarage another chance to show that they have heard what the community is saying about their behavior, and take that on board to have a better attitude towards fellow editors. Isaidnoway (talk) 15:26, 1 December 2018 (UTC)
• Oppose the lack of previous blocks is not compelling because individual comments are not block worthy but the pattern is ban worthy. He has been asked to tone things down quite a few times and he blew that off. Legacypac (talk) 17:01, 1 December 2018 (UTC)

The discussion above is closed. Please do not modify it. No further edits should be made to this discussion.

Post exitum

The following discussion is closed. Please do not modify it. No further edits should be made to this discussion.

---

. . . and just like that, he's gone. I don't know if this is a good thing, or a bad thing, or what this says about him. No need to respond to this thread, I just want to put this out. ^Semi_Hypercube ✎ 00:44, 1 December 2018 (UTC)

It's a disappointing result, and one I'd hoped to avoid by closing (relatively) quickly with a summary intended to be empathetic, rather than continue seeing him get beat on for another 9+ hours. But it wasn't to be, I guess. Perhaps he'll come back after a break, realizing that it's actually quite nice not to have to spend time at AN and AN/I. 28bytes (talk) 01:21, 1 December 2018 (UTC)

I think it shows he can give it (lots) but he sure can’t take it (even once).--Literaturegeek | T@1k? 01:33, 1 December 2018 (UTC)

In keeping with my goal not to let him get beat on endlessly, I'm going to close this bit too. 28bytes (talk) 02:09, 1 December 2018 (UTC)

I appreciate why the discussion was closed, but there are good reasons why a community sanction is supposed to be discussed for 24 hours before it is enacted. The Wikipedia community is a global one and everyone should be allowed the chance to weigh in. Establishing consensus requires patience. isaacl (talk) 03:44, 1 December 2018 (UTC)

Five issues with this close - three are policy issues and two my opinion:

1. per WP:CBAN "Sanction discussions must be kept open for at least 24 hours to allow time for comments from a broad selection of community members." Other things in CBAN are suggestions and best practices but must is an imperative. While the intent of closing early is good, the result made things worse. The user feels slighted by the early close according to his talkpage post.

1. Not logged at Wikipedia:Editing restrictions per CBAN
2. No notification of the sanctioned party per CBAN
3. 3 months auto expiring does not appear to be a fair read of the discussion so far. A community appeal after 3 to 6 month would be a fairer read.
4. The close is missing to words "Topic Ban" or "Ban" or "Restriction". This discussion has shown absolute clarity is important, not only hints and suggestions. While I appreciate a soft approach, following conventions has its benefits too.

AN(I) represents a disproportionate amount of their edits, and appears to be a poor fit for their temperament/skill set. I really hope they can find enjoyment working in some other more positive parts of Wikipedia. Legacypac (talk) 04:48, 1 December 2018 (UTC)

• Since the discussion is closed I would note 2 important points IMHO about this discussion without going into the merits (or lack thereof) of the ban.

1. The discussion on sanctions on a regular editor, whether justified or not, deserve to remain open at least 24 hours. Especially since there was no on-going "personal attack spree" by the said editor. This sets a wrong precedent.
2. User:Floquenbeam in this comment pointed a problem here. If there is indeed an ongoing problem with the participation of some users, shouldn't that be pointed out and discussed, so that the behavior is rectified ? Or should everyone simply be a mute spectator of these actions. Admins who are aware of such behavior and still do nothing about it are in a way encouraging such behavior and it will not be surprising to see more and more editors thinking that this is ok and indulging in similar behavior. The method to single out one user and then hand out ban, will obviously seem unfair to them since a similar behavior of the group went unchecked. Hence it is no surprise to me that they felt being singled out and promptly retired. --DBigXrayᗙ 07:00, 1 December 2018 (UTC)

• While the close was done with the best of motives, policy does require that it be left open for a minimum 24 hours, and so I think it has to be reopened. As the one who started it I won't do it myself, but I ask that someone else please do so. Boing! said Zebedee (talk) 07:07, 1 December 2018 (UTC)

  Actually, no, I've reopened it myself as policy is clear (and I remember another recent one where a close was reversed for exactly the same reason). @28bytes: Thank you for trying to defuse things by your early close, but it has to stay open for the 24 hours. Boing! said Zebedee (talk) 07:22, 1 December 2018 (UTC)

  And please note I informed Tarage that I had reopened it as I felt that was necessary, so he does know. Boing! said Zebedee (talk) 07:28, 1 December 2018 (UTC)

• I haven't been online much, and didn't see Tarage's ping here. If I had, I would have posted sooner to confirm that he was being very helpful to a user with poor English on my page, like he said. Indeed Tarage had more patience with the Japanese user than I did. I'm very sorry to see him so upset; as several people have pointed out above, he's certainly not the only one to sometimes be thoughtless on AN/ANI. (And now the thread just fucking closed again. Well, I'm fucking sneaking in, that's all. Sorry.) Bishonen | talk 20:01, 1 December 2018 (UTC).

The discussion above is closed. Please do not modify it. No further edits should be made to this discussion.

Where to report IPs attempting to reset passwords?

Where is the best place to report IPs attempting to reset passwords, so that they can be blocked? If they have no edit history then AIV seems inappropriate. One can message individual admins, but that is dependent on the chosen ones being available at the time. Thanks, DuncanHill (talk) 16:53, 30 November 2018 (UTC)

I think only a global block will prevent an IP (even if locally blocked) from trying to reset an account's password. Can someone confirm or correct that assumption? 28bytes (talk) 17:35, 30 November 2018 (UTC)

Blocking an IP will not stop them from attempting to reset passwords, as far as I know. Maybe a steward could help you out? Stewards can be contacted through meta: meta:Stewards' noticeboard is for general questions of the Stewards, and meta:Steward requests for specific requests. --Jayron32 19:07, 30 November 2018 (UTC)

If I recall a discussion I had with Ajraddatz properly, only a global block of an IP prevents resets (if they are coming from multiple projects). I should point out that the only "harm" done by password resets is irritation. In "my" case the IPs were also known to belong to a globally locked LTA. Finally, the ability to make global blocks is limited by collateral damage and IP hopping. It's often not the best use of a steward's time.--Bbb23 (talk) 21:05, 30 November 2018 (UTC)

Unless I am missing something, one can only mark 25 notifications as read in a time, so that if someone has notifications enabled and gets 1000 notifications about the reset attempts, it takes quite some time to get rid of them (and useful notifications can get lost)--Ymblanter (talk) 21:23, 30 November 2018 (UTC)

True. DuncanHill (talk) 21:41, 30 November 2018 (UTC)

• I asked where I could report them to get them blocked. I didn't ask "how do I get them prevented from making password reset requests". I believe that IPs which deliberately try to disrupt Wikipedia should be blocked. I do not think that is a controversial or minority position. DuncanHill (talk) 21:12, 30 November 2018 (UTC)

The answer is 'blocking will not stop them resetting passwords so its a waste of time'. Even if someone was to block the IP locally, it would not be a perm block (as IPs are not blocked indef) and wouldnt stop the behaviour anyway. Blocks are to prevent disruption, blocking would not prevent this disruption. The advice 'ask a steward' is the most apt as they may be able to prevent it. Only in death does duty end (talk) 21:20, 30 November 2018 (UTC)

It would stop them engaging in other disruption. It may come as a surprise to some of you, but vandals and trolls do engage in a variety of disruptive behaviours, and in my experience today may try to reset passwords and also vandalise multiple articles. The sooner the block, the less the damage. DuncanHill (talk) 21:23, 30 November 2018 (UTC)

So you want the IP's blocked temporarily to prevent them from engaging in further hypothetical disruption? Which they wont even notice because blocking doesnt prevent them trying to reset passwords. It also wouldnt have much effect if they actually manage to compromise an account. Much like the stewards, Admins generally have more important things to do than play whack-a-mole where there is no actual disruption to the encyclopedia. See previous answers re 'contact the stewards'. Only in death does duty end (talk) 21:28, 30 November 2018 (UTC)

There is disruption (not least that mentioned above by Ymblanter), there is evidence that IPs which try to reset passwords also engage in other forms of vandalism (see my post earlier today). DuncanHill (talk) 21:39, 30 November 2018 (UTC)

See previous answer 'Contact the stewards'. I am not sure how many other ways I can say this. Stewards you contact yes? You, stewards, contact. Contactez les stewards.... Only in death does duty end (talk) 21:42, 30 November 2018 (UTC)

I'm not even sure if a global block would prevent the password reset requests. If you provide an IP that is actively being used to notify you, I'll check for collateral and give it a try. I also thought you could disable password reset notifications, but the only option I see in my preferences is to disable failed login attempt notifications. Have you checked if that works on password reset notifications as well? If not, maybe that option could be added in. There's a community wishlist proposal that would require both the username and correct email to be entered in order for a reset notification to be sent; hopefully that will be implemented at some point in the future if technically feasible. -- Ajraddatz (talk) 22:07, 30 November 2018 (UTC)

I don't understand the notification issue. I have wikipedia notifications for failed login attempts and everything else for which it's possible enabled but I received no on wikipedia notification when I tried to reset my password just now. I tried using a VPN which I'm pretty sure is not associated with my account a browser in private mode, still no on wikipedia notification. Reading the previous discussions it's not clear to me anyone is actually receiving on wikipedia notification for password resets. (Failed login attempts sure although the on wikipedia ones should be combined into one notification AFAIK albeit if you are active at the time you're likely to see them lots of times, and whatever the case you will received several emails if you have that active although again they should be easy to filter and better email systems will probably combine them into one thread.) I do receive password reset attempts by email but it's only possible to send one in a 24 hour period and also they should be easy to filter with most email systems, just don't forget you made the filter if you ever really have to set your password. Also blocking on en.wikipedia is useless isn't really true. For both issues, there are some additional complications, but I can't outline them per WP:BEANS. Email me or ask me to email you if you want to know details. Nil Einne (talk) 00:15, 1 December 2018 (UTC)

There's no on- or off-wiki notification for successful resets in my experience, only for reset requests. This is a serious weakness. DuncanHill (talk) 00:19, 1 December 2018 (UTC)

There are plans to deal with this in phab:T145952, by requiring more than only one identifier (the status quo) in the request field. –Ammarpad (talk) 06:47, 1 December 2018 (UTC)

You should've supported this. As I see, this is within top 10, so unless CommunityTech thinks this is flawed idea, they'll make it done by next year (hopefully). — regards, Revi 06:54, 1 December 2018 (UTC)

@Revi: Well, I did supported it, unless you're replying to all of us. Nonetheless, it's all OK since it's in the top 10. –Ammarpad (talk) 07:49, 1 December 2018 (UTC)

That seems to be a separate issue namely daily password reset emails are annoying. While IMO the solutions should be looked at, as I mentioned a simple interim solution for most editors would be to simply automatically filter the emails, just don't forget you set up the filter. Nil Einne (talk) 12:29, 1 December 2018 (UTC)

Well, it's the same issue (password reset by trolls) which caused the proposal. The daily is the volume of the trolls hitting people's password reset. — regards, Revi 13:41, 1 December 2018 (UTC)

Yes I should clarify that I meant the password reset email. You appear to be right there's no notification of a password reset/use of temporary password. I agree such notifications should be sent, also IMO for password changes.

That said, I don't it's actually that serious a weakness especially when off-wiki notifications can only be sent to the same email the password reset details are sent. (If notifications could be sent to a different email address or by SMS things might be a little different although I'm not sure how many will bother with such things.) Remember that the only real likely scenario someone could have successfully reset a password would be if they obtained access to your email account. But if someone has access to your email, then there's often no guarantee you will see any notification. It could easily be deleted or filtered by whoever obtained access to your email. I mean there is a chance you will notice this especially with push notification. And perhaps a fairly clueless attacker or someone simply fooling around e.g. if you left your email logged in somewhere, won't do this.

But for a slightly sophisticated attacker, I wouldn't count on email notifications to the same email they likely have access to as they were able to reset your password. I guess there are some scenarios where they may be able to reset your password without full access to your email account including flaws in the WMF's security, as well as MITM attacks on the email (whether DNS poisoning or getting between the WMF mail agent and the recipient mail agent) but the chance of these isn't likely to be very high.

As for on-wiki notifications, well again they will dismiss them so unless you often check out historic notifications or happen to have very good timing, you're not likely to know. More significantly I think there is already an indirect notification. From my quick testing, using the temporary password to reset the password will terminate any login sessions (as often happens for various reasons). Therefore you already get a defacto notification, when you found yourself logged out and are unable to login because your password is wrong. Assuming your notification isn't finding that your account is globally locked as compromised.

As said I do think notifications should be an option for both use of a temporary password and password changes. I simply don't think the absence is quite so serious. I had thought the 'login from unknown device' thing should also sort of tell you when someone has managed to successfully reset your password as you will receive a login notification. But I couldn't actually generate any of these notifications even when using different browsers and various VPN IPs. Maybe the VPN IPs were to similar or something, I'm not sure.

Nil Einne (talk) 12:29, 1 December 2018 (UTC)

DuncanHill there is a huge flood of these attacks going on (see above threads). At this point, reporting individual ones is probably not helpful. I'd like to hope that WMF security knows about it and is working on it. I can tell you that the dotcom sector suffers from the same issues (paradoxes around password recovery, etc.) and there aren't any really good solutions. I expect the devs are familiar with current trends but in the end we all just muddle through. 173.228.123.166 (talk) 09:37, 3 December 2018 (UTC)

List of Israeli settlements

The page List of Israeli settlements was recently created. Can an admin do the WP:ARBPIA paperwork? ECP is probably necessary, as well as endorsing the talk-page Discretionary Sanctions notice. power~enwiki (π, ν) 20:14, 30 November 2018 (UTC)

I extended-confirmed protected and logged the protection at the Arbitration enforcement page.--Ymblanter (talk) 20:24, 30 November 2018 (UTC)

Thanks. (it only occurred to me now that RFPP would have worked for this; oops) power~enwiki (π, ν) 20:27, 30 November 2018 (UTC)

@Power~enwiki: RFPP might have been better, but then I wouldn't have seen this and put up the editnotice ¯\_(ツ)_/¯ ∰Bellezzasolo✡ Discuss 04:33, 1 December 2018 (UTC)

More compromising

I'm pretty sure User talk:Chasenstark@gmail.com is a compromised account. And User:Nabo0o, blocked by Alexf. Question is whether we should fully protect or not; certainly I hope some admins will keep an eye out and block immediately. Drmies (talk) 16:33, 1 December 2018 (UTC)

• I see that zzuuzz is on the case. Good, then I can go to work. If anyone from the WMF is reading this, please give zzuuzz a raise, or put them on payroll if they're not already. Drmies (talk) 16:35, 1 December 2018 (UTC)

Locked out of precaution. — regards, Revi 16:38, 1 December 2018 (UTC)

User:-revi, I saw the note you placed on that Chasenstark talk page--thanks. This is the first time I've run into an obviously compromised account, so I appreciate the guidance. Drmies (talk) 16:57, 1 December 2018 (UTC)

I did just block another, so everyone please keep an eye out. I'm doing some cooking at the moment (mmmm), so my reactions are going to be a bit slow for a short while. -- zzuuzz ^(talk) 16:39, 1 December 2018 (UTC)

Are you, now. I'll gladly have your dinner for my lunch. Drmies (talk) 16:52, 1 December 2018 (UTC)

Page merge cleanup

Could someone please cleanup the attempted merging by Special:Contributions/2A02:C7D:B910:3D00:A5D8:C533:FB3C:B98F of Disney's Animated Storybook: The Lion King into Disney's Animated Storybook. Thanks. Home Lander (talk) 18:24, 1 December 2018 (UTC)

Bullying

The following discussion is closed. Please do not modify it. No further edits should be made to this discussion.

---

Does someone remember who that socker was who tried to create all kinds of meaningless bullying-related articles? User talk:Bigtime1234567890 is yet another one. Drmies (talk) 19:03, 1 December 2018 (UTC)

• Never mind--it was User:Brandon5015. Thanks. Drmies (talk) 19:04, 1 December 2018 (UTC)

The discussion above is closed. Please do not modify it. No further edits should be made to this discussion.

WP:RFPP proposals

There are currently two three proposals to change the general structure of the "Wikipedia:Requests for page protection" page:

• Create a proper archive
• Make it easier to request protection
• Do not require users to look up the protecting administrator

If you have always wanted to completely revamp what I personally believe to be a mess, now would be the time to do so. ~ ToBeFree (talk) 19:30, 1 December 2018 (UTC) (update: add third link, use HTML anchor ~ ToBeFree (talk) 19:44, 3 December 2018 (UTC))

Administrators' newsletter – December 2018

News and updates for administrators from the past month (November 2018).

Administrator changes

Al Ameer son • Randykitty • Spartaz

Boson • Daniel J. Leivick • Efe • Esanchez7587 • Fred Bauder • Garzo • Martijn Hoekstra • Orangemike

Interface administrator changes

Deryck Chan

Guideline and policy news

• Following a request for comment, the Mediation Committee is now closed and will no longer be accepting case requests.
• A request for comment is in progress to determine whether members of the Bot Approvals Group should satisfy activity requirements in order to remain in that role.
• A request for comment is in progress regarding whether to change the administrator inactivity policy, such that administrators "who have made no logged administrative actions for at least 12 months may be desysopped". Currently, the policy states that administrators "who have made neither edits nor administrative actions for at least 12 months may be desysopped".
• A proposal has been made to temporarily restrict editing of the Main Page to interface administrators in order to mitigate the impact of compromised accounts.

Technical news

• Administrators and bureaucrats can no longer unblock themselves unless they placed the block initially. This change has been implemented globally. See also this ongoing village pump discussion (permalink).
• To complement the aforementioned change, blocked administrators will soon have the ability to block the administrator that placed their block to mitigate the possibility of a compromised administrator account blocking all other active administrators.
• Since deployment of Partial blocks on Test Wikipedia, several bugs were identified. Most of them are now fixed. Administrators are encouraged to test the new deployment and report new bugs on Phabricator or leave feedback on the Project's talk page. You can request administrator access on the Test Wiki here.

Arbitration

• Voting in the 2018 Arbitration Committee Elections is open to eligible editors until Monday 23:59, 3 December 2018. Please review the candidates and, if you wish to do so, submit your choices on the voting page.

Miscellaneous

• In late November, an attacker compromised multiple accounts, including at least four administrator accounts, and used them to vandalize Wikipedia. If you have ever used your current password on any other website, you should change it immediately. Sharing the same password across multiple websites makes your account vulnerable, especially if your password was used on a website that suffered a data breach. As these incidents have shown, these concerns are not pure fantasies.
• Wikipedia policy requires administrators to have strong passwords. To further reinforce security, administrators should also consider enabling two-factor authentication. A committed identity can be used to verify that you are the true account owner in the event that your account is compromised and/or you are unable to log in.

Obituaries

• Shock Brigade Harvester Boris (Raymond Arritt) passed away on 14 November 2018. Boris joined Wikipedia as Raymond arritt on 8 May 2006 and was an administrator from 30 July 2007 to 2 June 2008.

---

• Discuss this newsletter
• Subscribe
• Archive

Sent by MediaWiki message delivery (talk) 03:37, 3 December 2018 (UTC)

Files for discussion backlog

Greetings, can someone take a look at the backlog in Wikipedia:Files for discussion#Old discussions? There are some old discussions which I am involved in so can't close. Jo-Jo Eumerus (talk, contributions) 07:10, 3 December 2018 (UTC)

A close please

The following discussion is closed. Please do not modify it. No further edits should be made to this discussion.

---

Can someone close Wikipedia:Administrators'_noticeboard#Appeal_my_1RR_restriction up at the top of this page please - it should be straightforward enough, I would do it but I've participated in the discussion. Cheers. Fish+Karate 09:32, 3 December 2018 (UTC)

 Done Vanamonde (talk) 16:19, 3 December 2018 (UTC)

The discussion above is closed. Please do not modify it. No further edits should be made to this discussion.

Lookin for a range block please

82.132.219.67 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log)

86.187.169.80 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log)

82.132.219.214 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log)

86.187.170.122 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log)

All of these IP's seem to have found fault with AlexTheWhovian over the past few days and all have been blocked or are blocked. The first was a couple of days ago and required RD of their edits. The other three were all today. Right now AlexTheWhovian's talk page is semi-protected but I can't see protecting every Dr, Who episode. So any chance of a range block here? CambridgeBayWeather, Uqaqtuq (talk), Sunasuttuq 18:11, 3 December 2018 (UTC)

• Looking... Courcelles (talk) 18:14, 3 December 2018 (UTC)
  • To do any good, it would have to be two separate range blocks, one on the 82.132.219.0/24 and another on the 86.187.170.0/22. And both have too high a collateral cost right now. I'm sorry to say. Courcelles (talk) 18:17, 3 December 2018 (UTC)

Thanks for checking. CambridgeBayWeather, Uqaqtuq (talk), Sunasuttuq 18:49, 3 December 2018 (UTC)

Courcelles, so, we'll have to stick to individual reports against the IPs and further hiding of revisions for the egregious personal attacks on every current Doctor Who episode article? -- Alex^TW 01:13, 4 December 2018 (UTC)

AlexTheWhovian, You could always employ protection, if the disruption warrants it. SQL^{Query me!} 01:21, 4 December 2018 (UTC)

Inadvertent violation of banning policy: what to do? (Tarage)

The following discussion is closed. Please do not modify it. No further edits should be made to this discussion.

---

Tarage (talk · contribs · deleted contribs · logs · filter log · block user · block log) claims "I don't even get the justice of having my case be open for more than 9 hours".[13] The case is question is here:[14]

Wikipedia:Banning policy says "Sanction discussions must be kept open for at least 24 hours to allow time for comments from a broad selection of community members." This is based upon Wikipedia talk:Banning policy/Archive 8#Proposal for mandatory minimum duration length for CBAN discussions. That RfC specifically addressed the case of a WP:SNOW close and the consensus was to not allow a snow close before 24 hours of discussion have occurred.

Please note that I did not comment in the topic ban discussion (I don't form an opinion on proposed sanctions unless I have extensively researched the edit history of all involved, and I have not done that in this case).

I did a count of the time the discussion was open and found that it was significantly longer than the 9 hours Tarage claims and significantly shorter that the required 24 hours.

Here is the timeline; feel free to check my math.

• 16:09, 30 November 2018 (UTC): Floquenbeam suggests topic ban. [15]
• 16:30, 30 November 2018 (UTC): Bbb23 suggests topic ban. [16]
• 16:42, 30 November 2018 (UTC): SemiHypercube suggests topic ban.[17]
• 16:50, 30 November 2018 (UTC): Boing! said Zebedee formally proposes topic ban. [18] (elapsed time 0:00)
• 00:19, 1 December 2018 (UTC): 28bytes closes three sections. [19] (elapsed time 7:29)
• 02:10, 1 December 2018 (UTC): 28bytes closes additional section. [20]
• 07:22, 1 December 2018 (UTC): Boing! said Zebedee uncloses. [21] (elapsed time 7:29)
• 18:00, 1 December 2018 (UTC): Sandstein recloses. [22] (elapsed time 18:07)

Total time discussion was open: eighteen hours and seven minutes

So should we:

• Do nothing?
• Re-open the topic ban discussion?
• Something else?

Before posting this I attempted to ask Tarage what his preference is, but his talk page is protected. Clearly he feels that he was wronged and that the discussion should have remained open. --Guy Macon (talk) 20:17, 3 December 2018 (UTC)

• I've boldly fixed the userlinks template, Guy Macon to point to the actual user I'm certain is the one you're talking about. Courcelles (talk) 20:22, 3 December 2018 (UTC)

• Thanks! Danm typoos! --Guy Macon (talk) 21:16, 3 December 2018 (UTC)

• I found this thread by chance; could you next time please notify the users involved? I'm sorry that I didn't notice that the total time elapsed was less than 24 h; that wasn't clear from the thread itself. I've no problem with somebody reopening the thread again to make more time elapse, if that's what's people here prefer, even if the outcome appears unlikely to change given the near-unanimous consensus. Sandstein 20:34, 3 December 2018 (UTC)

• Sorry about forgetting the notices. Note to self: next time. smoke crack after editing Wikipedia. I also didn't realize that we didn't give it 24 hours, and had to search the edit history and get out my calculator after seeing the "9 hours" claim. --Guy Macon (talk) 21:16, 3 December 2018 (UTC)

• IMO, let's do it by the book. re-open, leave it open for at least a full 24 hours from the time it is re-opened, and let Tarage defend themselves. Then assess consensus. Agree with Sandstein it wasn't obvious reading the discussion that it wasn't open for 24 hours. A note at the top of the section saying so would have been useful. Courcelles (talk) 20:37, 3 December 2018 (UTC)

• As I was the one who "violated the banning policy" by closing it early, I will explain again why I did so. The discussion was clearly upsetting to Tarage, people were making increasingly pointed comments about his presence on the noticeboards that he appeared to be taking very personally, and there was no sign whatsoever that the discussion was headed anywhere other than a consensus that he stay away from the noticeboards for a while. In short, leaving it open seemed cruel to Tarage with no benefit whatsoever to the encyclopedia. Had I known that Tarage would interpret my closure as an act of "injustice" rather than kindness I would have left it open. Hindsight is 20/20, I suppose. I'm truly sorry that he felt he was being treated unfairly as that was never my intent. I hope he returns to edit once the rawness of this episode has subsided a bit. 28bytes (talk) 20:38, 3 December 2018 (UTC)

• I would have made the same decision. Alas, the consensus of the RfC (which I just found out about by searching) was that we need to be cruel and leave it open 24 hours. Also, Tarage clearly wants to see a full 24 hours worth of comments telling him that his behavior is unacceptable. I don't understand why, though. Does he imagine that there will be a groundswell of support when the early comments were unanimous? --Guy Macon (talk) 21:16, 3 December 2018 (UTC)

• Re-open Due process is important. Jschnur (talk) 20:45, 3 December 2018 (UTC)
• Comment unless there are at least two editors who comment in this thread that they don't support the current remedy (a 3-month TBAN from AN/ANI) and want to re-start the discussion, there's no need to restart the discussion. Leaving this thread open for 24 hours (preferably 72 hours) is sufficient for the due process concerns, so long as community consensus is unanimous; we shouldn't re-open the previous thread (again!) just out of an excessive sense of jurisprudence. However, if there are multiple editors who support other remedies and want the thread re-opened, we probably should do so, with a separate section for new comments. power~enwiki (π, ν) 21:12, 3 December 2018 (UTC)

• Power-enwiki's comment makes more sense to me than re-opening the original. It's also in line with 28bytes' concerns about unnecessary pile-ons, since no-one needs to comment here in favor of the current result, only if they disagree with it. Leave this open for a couple or three days. Beyond My Ken (talk) 21:24, 3 December 2018 (UTC)

• Two counterarguments: First, someone who would definitely read and comment on a thread titled "Tarage" might not even bother reading a thread titled "Violation of banning policy: what to do?". Second, it is not at all clear that Tarage agrees that leaving this thread open for 24 hours is sufficient for the due process concerns. We should always give anyone facing sanctions a fair shake, but if at all possible we should also give them what they themselves consider to be a fair shake. --Guy Macon (talk) 21:25, 3 December 2018 (UTC)

Well, you already can reopen it according the people who closed it. So, if you think that is a good idea, go ahead. Alanscottwalker (talk) 21:31, 3 December 2018 (UTC)

Thanks, but I am good with asking the community what to do rather than assuming that I know what is best. --Guy Macon (talk)

I did not say assume. I noted it is a fact that the people who closed it already said anyone can reopen it, which is the standard way discussions are re-opened, anyone who thinks it is a good idea to re-open then does so. -- Alanscottwalker (talk) 22:23, 3 December 2018 (UTC)

• I objected to the first close as it was against policy, no matter how well intentioned. I assumed thhat the calculator had been used for the second close. This thread has been retitled to include the user's name. The master thread, but not the TBAN discussion, has been open much longer than 24 hours, so any last minute supporters couod have chimed in or reopened the TBAN discussion. The best way to remedy this situation is to leave this thread open for 72 hours. We can't really undo what has been done and revoting the whole things is only going to make the hurt worse. I can't imagine 25, 48 or 72 hours would have changed the end result. Legacypac (talk) 22:15, 3 December 2018 (UTC)
• (EC) I was wondering the same thing when I noticed the extended controversy. Somewhat of an aside but I think this does happen on occasion. I seem to recall another case where a discussion was closed prematurely, I pointed it out and it was reopened maybe after about an hour and then reclosed after about 24 hours from the beginning. While less of a violation and I don't think anyone cared in that case I wonder if it may be helpful to put a reminder in the closure rules to make sure you consider any premature closing time and/or for editors to note when reopening that discussion should be extended to meet the 24 hour requirement. In this case, I would normally say it's one of the genuine IAR and we should just let it be. But since Tarage is unhappy I suggest it will be best to reopen it for another minimum 24 hour stretch. I think most who are aware of the controversy will stay away unless they feel they have something to say which may change the outcome, but of course the discussion will be open so contributors are free to do what they want which is after all the point of an open discussion. It's probably the least worst option we can take here. Also I should say from what I saw I don't find fault with what anyone did. I don't think it was easy to predict how things would pan out and people did what they thought was, and in other cases would have been, best. Nil Einne (talk) 22:19, 3 December 2018 (UTC)
• Thanks for caring about process. ―Mandruss ☎ 22:37, 3 December 2018 (UTC)

I thought the CBAN 24 hour policy was for community bans only, not topic bans... Valeince (talk) 23:24, 3 December 2018 (UTC)

This topic ban is a community ban. "If an editor has proven to be repeatedly disruptive in one or more areas of Wikipedia, the community may engage in a discussion to impose a topic ban, interaction ban, site ban, or other editing restriction (which may include a limited-duration or indefinite block) " --WP:CBAN --Guy Macon (talk) 00:08, 4 December 2018 (UTC)

I've opened a new comment section right below the TBAN proposal. Left open a full 24 hours, that should fully satisfy the requirement and then some. That seems to meet the thrust of the comments here. Legacypac (talk) 00:27, 4 December 2018 (UTC)

• Folks, Tarage was clearly very upset about the outcome and has made it clear he doesn't want anything more to do with us (which I hope changes after he's had a little time, but that's the way it appears now), and I really don't think subjecting him to more of the same is going to help him in the slightest now. I can understand the reason for starting the new section, and maybe it's the best thing to do (though only for the sake of following the rules and making the ban legitimate), but I really don't think it's the best way to deal with Tarage's feelings now. Boing! said Zebedee (talk) 00:41, 4 December 2018 (UTC)
• I'll just add that yes, he did clearly say he was upset that the discussion was closed early, but he was so obviously upset that I don't think anything we did at the time would have been right by him. Boing! said Zebedee (talk) 00:44, 4 December 2018 (UTC)

I can't help his feelings. As a friend told me years ago, no one can make you happy or sad, only you can decide to be happy or not. I don't care if no one comments in the new section. At least we can say we all gave the topic the best chance we could given the unusual circumstances. Legacypac (talk) 00:52, 4 December 2018 (UTC)

@Boing! said Zebedee: To whatever degree I care about this, it isn't about Tarage's feelings. It's about Macon's opening reasoning, notably the consensus was to not allow a snow close before 24 hours of discussion have occurred. That hasn't been countered, so I'm accepting it at face value.
I generally avoid ANI but said this to Tarage awhile back. I happen to drop by AN now, 15 months later, only to see that exactly the problem I referred to is still an issue. So Tarage's feelings are not high on my priority list, sorry. ―Mandruss ☎ 01:32, 4 December 2018 (UTC)

I've been through tougher times on Wikipedia & survived. He'll survive, no matter the result. GoodDay (talk) 01:09, 4 December 2018 (UTC)

The discussion above is closed. Please do not modify it. No further edits should be made to this discussion.

New BAG nomination

I have put in my name for consideration of the Bot Approvals Group. Those interested in discussing the matter are invited to do so here. Thank you for your input. Primefac (talk) 00:42, 4 December 2018 (UTC)

User talk:Lara Robinson sucks!

Can an admin nuke User talk:Lara Robinson sucks! and deny the user talk page rights? This user is a sock of user:Jack Gaines spreading misinformation of Alan Jackson. Ten Pound Hammer • ^{(What did I screw up now?)} 02:02, 4 December 2018 (UTC)

 Done. Primefac (talk) 02:19, 4 December 2018 (UTC)

Close requested

The following discussion is closed. Please do not modify it. No further edits should be made to this discussion.

---

Would an admin close Wikipedia:Administrators' noticeboard/Incidents#Incivility, disruptive "dumping" in threads, and activism against notability guidelines by James500?

From James500 here:

I have experienced a deterioration in my health during and because of this ANI case. I must therefore protest at the use of DNUA to keep this thread open till at least the 3rd of January without regard for the effect this will have on me (and presumably the next step will be to extend that deadline ad infinitum). I can see no reason to assume this thread will be closed in a reasonable time or at all (the admins have already had more than a reasonable time), and it cannot remain open forever.

The thread has been open since 11 November 2018 and an WP:ANRFC close request was made 17 November 2018.

Thank you, Cunard (talk) 08:51, 4 December 2018 (UTC)

• Support- this has gone on long enough and is not accomplishing anything useful. Reyk _YO! 08:53, 4 December 2018 (UTC)
• Comment I think everyone wants the thread to be formally closed. It's not that anyone wants the thread to remain open but rather it's felt if it's allowed to be auto archived it won't ever receive a formal close. Nil Einne (talk) 09:11, 4 December 2018 (UTC)
• I have been asked to close the thread off-wiki, but must decline as I have argued with James before on something so would consider myself WP:INVOLVED. Ritchie333 ^{(talk) (cont)} 10:05, 4 December 2018 (UTC)
• I'll do it. Give me an hour to read through it all. Fish+Karate 10:38, 4 December 2018 (UTC)

  Didn't take an hour. It's long but there isn't much of a difference in opinion really.  Done Fish+Karate 10:58, 4 December 2018 (UTC)

The discussion above is closed. Please do not modify it. No further edits should be made to this discussion.

The Daily Mail

It appears that some people have decided that consensus of the Daily Mail decision was wrong and needs to be overturned. Interested parties may want to weigh in at the newly minted RFC. --Calton | Talk 13:14, 4 December 2018 (UTC)

Lest we forget:

• That Viral Story About a Japanese Man Crushed to Death by His Porn Collection is Totally Fake
• My Year Ripping Off the Web With the Daily Mail Online

My conclusion: Any use of The Daily Mail as a source has a high probability of linking to a copyright violation. --Guy Macon (talk) 16:55, 5 December 2018 (UTC)

That's nice... PackMecEng (talk) 17:08, 5 December 2018 (UTC)

Return of admin permissions for Orangemike

The Arbitration Committee has verified Orangemike (talk · contribs · blocks · protections · deletions · page moves · rights · RfA) is back in control of their account via multiple methods. The committee therefore reinstates their administrative user right, which was previously removed by motion. The committee also urges him to enable 2 factor authentication on his account.

Supporting: Euryalus, Opabinia regalis, RickinBaltimore, BU Rob13, Newyorkbrad, Mkdw, KrakatoaKatie

For the Arbitration Committee,

Katie^talk 17:49, 4 December 2018 (UTC)

Discuss this at: Wikipedia talk:Arbitration Committee/Noticeboard#Return of administrative rights for Orangemike

The Arbitration Committee has verified Orangemike (talk · contribs · blocks · protections · deletions · page moves · rights · RfA) is back in control of their account via multiple methods. The committee therefore reinstates their administrative user right, which was previously removed by motion. The committee also urges him to enable 2 factor authentication on his account.

Supporting: Euryalus, Opabinia regalis, RickinBaltimore, BU Rob13, Newyorkbrad, Mkdw, KrakatoaKatie

For the Arbitration Committee,

Katie^talk 17:43, 4 December 2018 (UTC)

Discuss this at: Wikipedia talk:Arbitration Committee/Noticeboard#Return of administrative rights for Orangemike

For the Arbitration Committee --Cameron₁₁₅₉₈ ^(Talk) 21:34, 4 December 2018 (UTC)

I've joined these sections. ∰Bellezzasolo✡ Discuss 22:04, 4 December 2018 (UTC)

Welcome back Orangemike. Welcome back Orangemike. Fish+Karate 10:34, 5 December 2018 (UTC)

Pages in Category:AfC submissions declined as copyright violations

Am I missing something, or all drafts in that category must be speedy deleted as copyright violations? There are several dozen drafts there, I have seen some a month old, and apparently it is customary to decline AfC as copyright violations without rolling the copyvio back and asking for speedy or revision-deletion? Please tell me there is something I am missing here.--Ymblanter (talk) 19:07, 4 December 2018 (UTC)

Yes you are missing that many copyvio declines get speedy deleted but some get cleaned and the record of the copyvio decline stays on the live page and then in the category. The other case is occasionally pages are declined for minor copyvio with a request to reword. Anyone is welcome to work that category and help AfC out. Legacypac (talk) 19:12, 4 December 2018 (UTC)

I did not check all of them but the couple I checked seemed to have major copyvio issues which have not been in any way addressed.--Ymblanter (talk) 19:19, 4 December 2018 (UTC)

If they are clearly copyright violations, and there is no prior clean version to revert to, they should be deleted per WP:G12. Otherwise, if a page has been AfC declined because of a copyvio and the page has subsequently been cleaned, they should end up in Category:AfC submissions cleaned of copyright violations. So where's the breakdown: is it a tagging issue or are we not cleaning up copyvios? (I don't have time to investigate today but this does seem to be an important thing to figure out) Ivanvector (^Talk/_Edits) 15:51, 5 December 2018 (UTC)

I guess the related question is: are AfC reviewers identifying copyright violations but not doing anything about it other than declining? We can't host copyvios in draft space either. Ivanvector (^Talk/_Edits) 15:52, 5 December 2018 (UTC)

Indeed, my impression from a very limited sample is that some AfC reviewers decline submissions as copyvio but do not follow up either by CSDing the draft or by cleaning the copyvio and asking for revision deletion.--Ymblanter (talk) 16:08, 5 December 2018 (UTC)

I forgot that I have also seen cases where the text was free but not attributed. Whereas this is technically copyvio, it can be easily fixed by attributing the text.--Ymblanter (talk) 16:08, 5 December 2018 (UTC)

Good point. I'm not an expert in this - is a revision which contains material copied from a free source without attribution also a G12/RD1 copyvio? Or do we just supply the attribution in a subsequent edit and move on? Ivanvector (^Talk/_Edits) 16:15, 5 December 2018 (UTC)

The best practice is to provide attribution in a minor edit.--Ymblanter (talk) 16:52, 5 December 2018 (UTC)

Who knows exactly. The AfCH script has a box to check to also G12 the page and a place to fill in the source copied from. It's an optional thing in the script and like everything, there is some range of practice among reviewers. Similarly last I looked there were 3000+ advertising declines, sampling of which suggests 90% are G11 worthy. AfC stops a lot of inappropriate pages and anyone willing to help delete them is encouraged to help. Legacypac (talk) 17:18, 5 December 2018 (UTC)

I am not here to accuse AfC reviewers in anything, I think most of them are doing an excellent job. However, there is a difference between G11 and G12. It is strictly speaking illegal to keep copyright violations in the project in any form, be it articles, drafts, userpages or talk pages. For the advertisement, well, it is of course not good that we have a lot of drafts which are just advertisement, but it is not illegal to host them, and also revisions containing advertisement do not get revision-deleted. If there is a systemic problem at the side of the reviewers (which I am still not sure about) we probably need to discuss what is the best way to modify the process to make sure copyright violations do not stay in drafts for a long time.--Ymblanter (talk) 17:46, 5 December 2018 (UTC)

We all agree copyvio should be deleted, the question is at what urgency. Thousands of other declined but not yet deleted AfC pages are likely copyvio but declined for other simplier to assess reasons. There are also thousands of undiscovered copyvio pages at Wikipedia:WikiProject Abandoned Drafts/Stale drafts The ones in this AfC category will be swept away in 6 months or so regardless and are at least tagged as copyvio already. Legacypac (talk) 18:23, 5 December 2018 (UTC)

Arbitration motion regarding Jytdog

The Arbitration Committee has resolved by motion that:

The request for arbitration was accepted, but the case will not be opened at this time in light of Jytdog's statement that he is retiring from Wikipedia and he disabled his access to his account. Jytdog may not resume editing, under any account name or IP, without notifying and obtaining permission from the Arbitration Committee

For the Arbitration Committee, --Cameron₁₁₅₉₈ ^(Talk) 16:41, 5 December 2018 (UTC)

Discuss this at: Wikipedia talk:Arbitration Committee/Noticeboard#Arbitration motion regarding Jytdog

To enforce this motion Jytdog has been blocked indefinitely by the Arbitration Committee. For the Arbitration Committee, --Cameron₁₁₅₉₈ ^(Talk) 16:41, 5 December 2018 (UTC)

Albania–Greece relations

Sorry if this is not the right place to bring this. The Albania–Greece relations article has had problems with warring/too many reverts lately. As not all the involved editors are discussing on the talk page but just reverting, could someone protect the article or do sth other that could help calm down the situation? The discussion on the talk page is long and the content dispute has become tiring. No matter in what version the article is protected, the important thing is to stop the reverting rally. Thanks, Ktrimi991 (talk) 22:05, 5 December 2018 (UTC)