This Wiki Has Issues

Over the past few weeks looking over the RecentChanges page, I noticed my name showing up as the editor of several pages that I never edited.

This is a great Wiki feature, not a bug; true bugs are noted in WikiWikiBugs.

Oh, it is more of an issue then, as it shows pages that I never edited. There are about 100 pages showing up today as if a Bot is running through with a cookie that is mapping to my name.

{This is less likely a 'bug' than it is a consciously chosen security flaw. There is nothing preventing GrammarVandal, after all, from using your name to sign pages... he simply needs to drop anyone's name into http:wikiOptions and presto-chango, he's anyone. And it annoys me, too. Dreadfully. As a note, it seems GV's motivation for doing this is part of his attempt to dodge the shark... by using your name, at the very least, it makes things difficult on the sharkbot, who cannot readily distinguish your edits from his. Recommended action is to remove your cookie name and simply use your IP and signature. -- someone pretending to be GrammarVandal.}

Oh, but could it be "bot" might have obtained my cookie? I don't see how the GrammarVandal human person could edit 50-100 pages in a few minutes... I can see how a bot could. Thanks for pointing me to the GrammarVandal page because I hadn't seen it yet. I did delete my cookie and use my IP address for a while, but the problem is I saw my name come up even with deleting my cookie and just using my IP. So I set my cookie again to try and counteract the problem but that didn't work as I guess the cookie is not bound to a single IP address. Damn. How to partly improve this security flaw is to bind the cookie to only one IP address at a time, or use sessions.

I took a screenshot of the issue... The day of the screenshot is March 23, at about 12:05 PM Mountain Time.

Yep. The GrammarVandal sometimes spoofs UserNames, perhaps sometimes using a bot. You appear to have caught the Vandal before it got around to editing DevilsAdvocate, CodeKing, ItsTimeToDumpCeeSyntax.

[As the author of the SharkBot, I can confirm that the edits attributed to you belong to GrammarVandal. He's been spoofing your UserName and a dozen or so others in a futile attempt to dodge the SharkBot. At best, it only delays the inevitable reversion. I can set it to "chomp" him immediately but prefer not to do so due to a slightly increased risk of false positives. It's doubtful he uses a bot to produce his edits, either; it's more likely he fires up a series of browser instances and/or tabs and saves them in relatively quick succession. I would recommend that you turn off your UserName cookie, because if you make a contribution, and GrammarVandal subsequently edits it using your UserName, both edits will be merged into a single edit in RecentChanges. If the SharkBot reverts that edit, your contribution will be lost.] -- DaveVoorhis

Some of my edits have been lost already I think.. I saw a few missing things. WikiSucks ;) This is discouraging.

[Haven't you noticed that the intention of Wiki is that it has no security? The suggestions above are not official policy.]

Security is implemented through the bots like Armchair... hypocrisy and denial is as follows: "we are not securing the wiki! We are... we are... just... battling the security with non-securities! After-securities that repair the wiki after its already been.. unsecured!". Think about preventing the cause instead of treating the symptoms... The Wiki idea was great back in the day when the internet was not popular, but they are broken now. I'm seriously about to leave this wiki, as outlined in the GrammarVandal page. I say this as a wiki author myself, no longer so interested in the idea any more. It just doesn't work... sorry.

[As you say, that's not security. Wiki works well; insecurity is one of its aims, whereas robotic "repair" is not.]

Maybe the purpose of GrammarVandal is so we can improve security, just as I sometimes see people cracking software to supposedly improve the software. Can someone disable the cookie feature so that just IP addresses are shown in the RecentChanges.. since that "feature" is essentially broken? I like your bot, Dave, but it also deleted a few of my works.

You're really not keeping up, are you. This wiki is the original, the very first. It was a great idea and it worked really well, until people stopped treating it as a community, and started to behave sociopathically. Those people have decided that since there is no security, they can do whatever they want. This includes spoofing UserNames to get their edits piggy-backed onto yours, making double edits from different IP addresses, and other anti-social techniques.

Yes, more security would fix the problem, but this code is old, and the owner is busy. This wiki's code won't get fixed, security won't get retro-fitted, this wiki will continue to have problems. Yes, that's bad news, but it's simply the way it is. GetOverIt.

Lots of material here is really interesting and useful, and some people work hard to try to reduce the effects of the sociopaths, incompetent and occasional WikiPuppy. You can choose to contribute new material, help keep the place clean, read without contibuting, or leave. Your choice.

Nope, sorry. I'll just hack into the server and repair the bug myself. HaHaOnlySerious

See also: ThatsNotaBugItsaFeature (a bad one, that is)

EditText of this page (last edited May 23, 2008) or FindPage with title or text search