User talk:ClueBot Commons

From Wikipedia, the free encyclopedia
  (Redirected from User talk:ClueBot NG)
Jump to: navigation, search
This user is NOT a human
This is the combined talk page for ClueBot NG and ClueBot III. These users are automated computer programs and are not humans. Please be aware that bots cannot think like a human and cannot operate outside of their programming. Messages you leave on this talk page will not be answered by a bot – either a bot operator or another human will answer you.
ClueBot NG Links!
Report False Positives • Review edits for the dataset (currently broken) • Frequently Asked Questions
False Positives
If you believe that ClueBot NG has made a mistake, please follow the directions in the warning it gave or click here. Please do not report them here. It takes less time to report them to the correct location, and we can handle it more effectively if reported in the correct location.
Purpose of this Page
This page is for comments on or questions about the ClueBots.

The current status of ClueBot NG is: Running
The current status of ClueBot III is: Running
Praise should go on the praise page. Barnstars and other awards should go on the awards page.
Use the "new section" button at the top of this page to add a new section. Use the [edit] link above each section to edit that section.
This page is automatically archived by ClueBot III.
The ClueBots' owner or someone else who knows the answer to your question will reply on this page.

ClueBots
ClueBot NG/Anti-vandalism · ClueBot/Anti-vandalism · ClueBot II/ClueBot Script
Crystal Clear action run.png
ClueBot III/Archive · ClueBot VI/WP:CHUU Clerk  · Talk
Cobi/Owner // Talk
Navy binoculars.jpg Beware! This user's talk page is monitored by talk page watchers. Some of them even talk back.

neutrality[edit]

A club posts comments on wikipedia yet an individual cannot how is that remaining neutral? only allow factual comments so how does one go about providing evidence that posts made are factual. By not allowing me to prove this how is that remaining neutral Sallybegood (talk) 21:37, 13 January 2016 (UTC)

You prove facts by citing reliable sources. You have been inserting commentary into encyclopedia articles instead. SQLQuery me! 21:48, 13 January 2016 (UTC)
Please read the messages at the top of this page. You're in the wrong place. —k6ka 🍁 (Talk · Contributions) 00:52, 14 January 2016 (UTC)

MD5 vs. SHA256[edit]

I notice that ClueBot III calculates the key for archiving to something other than a subpage using MD5. Lowercase sigmabot III also did this until recently. However, MD5 has known security flaws. Earlier this month, Σ, as part of another change, updated Lowercase sigmabot III to use the much stronger SHA256 instead of MD5. Can the same be done here when the maintainers get a chance? jcgoble3 (talk) 01:27, 14 January 2016 (UTC)

Be aware that he will escalate this critical security issue to BAG as needed. Σσς(Sigma) 01:55, 14 January 2016 (UTC)
Why are you speaking for him? SQLQuery me! 01:59, 14 January 2016 (UTC)
Simply a heads up based on prior observations, as he previously approached me with the same request. Would communication not be accelerated, were the full conditions laid out at the start? Σσς(Sigma) 02:04, 14 January 2016 (UTC)
Just looks strange is all I guess. Up to sigma already, eh? SQLQuery me! 02:19, 14 January 2016 (UTC)
I'll get to it at some point. However, it is primarily in place to prevent against accidental misconfiguration targetting other pages. As this is rarely a useful thing to do, it supports keys to allow it to do so. Collision attacks against MD5 are getting much easier, but the effort needed, combined with the limited size of user-provided input (the source page name) to target a specific victim page, along with the fact that the bot reports what page it is archiving from, and the revision history, allow for very easy reversion of such a vandalistic edit, followed by blocking. Furthermore, since the source page would likely be a senseless page title, if the source page were deleted and creation of that page were blocked, then they would have to generate a new collision.
It just seems like a lot of effort to go through to edit a page by proxy that is at most semi-protected, for very little gain, and is very easy for any user to fix, and any admin to block the user abusing the bot. But, yes, like I said, I will get to it, but I don't consider it anything more than a low security risk, especially since pre-image attacks are still very difficult against MD5. -- Cobi(t|c|b) 02:55, 14 January 2016 (UTC)
Glad to see you're still around, Cobi! I agree that it really isn't a critical security issue any more than "the encyclopedia anyone can edit" is. SQLQuery me! 02:59, 14 January 2016 (UTC)
@SQL: I agree entirely. I did my best to convey in my own addition the urgency that was present in the request that I received. Whether it is more correctly read as sarcasm is not something I consciously considered in the writing of that.
Best, Σσς(Sigma) 03:08, 14 January 2016 (UTC)
To clarify Sigma's comments, I recently approached him privately regarding a more serious issue with his archive bot. That specific issue is not present in ClueBot III. The issue of upgrading from MD5 was a secondary issue that I suggested he change at the same time since he would have to generate new keys anyway. I do not see MD5 an urgent matter. BAG was only brought in on Sigma's bot because of the first, more serious bug; the matter of MD5 would not be worth raising the matter with BAG. It's simply a suggestion, not something serious enough for me to actively pursue like the other issue. jcgoble3 (talk) 03:51, 14 January 2016 (UTC)
Retrieved from "https://en.wikipedia.org/w/index.php?title=User_talk:ClueBot_Commons&oldid=699736447"