Wikisource:News/2007-05-01/Technical report

Wikisource News
Wikisource News
Technical report
by Pathoschild, 01 May 2007

This is a compilation of technical news covering January to May 2007. See also a similar compilation of Wikimedia Foundation news and Wikisource news.

New password restrictions

edit

Due to a recent string of password cracking attacks on the English Wikipedia, several new password restrictions have been enforced. Four English Wikipedia administrator accounts were hijacked due to weak passwords; the hijacker used Tor proxies to hide his IP address while he used the accounts to delete the Main Page. All four were quickly desysop'd and blocked; only one was able to regain access after proving his identity and improving his password. A similar incident last year led to the disallowing of blank passwords.

  • Accounts whose passwords match the user names have been locked and cannot be logged in to until their email is reset from the login form. Users who did not confirm an email address will need to prove their identity to developers, possibly be linking it to an established account with a confirmed email address on another wiki or to a Wikimedia-cloaked IRC account in #wikimedia-tech. Users without a confirmed email address who cannot prove their identity will permanently lose their account.
  • If incorrect information is entered at the login form, a CAPTCHA image must be correctly answered in the next attempt.
  • Password attacks were performed by the developers against administrator accounts on several projects to find and lock down accounts with weak passwords.
  • Logging to detect password attacks, with automated blocks against known cracking attempts.
  • Automated password-strength checking when setting the password.

See also:

[1][2][3][4]

Hardware expanded

edit

280,000$US have been allocated to purchasing new server hardware. The upgrade should allow Wikimedia servers to adequately serve up to double the current traffic.[5][6]

New features

edit

Administrator actions

edit
  • Protection
    • When protecting a page, an expiry time can be set for unprotection.[7]
    • A new option called "cascade protection" will automatically protect any templates (or other pages) used in the current page. This feature was added to stop indirect vandalism of protected articles and the main page on the English Wikipedia.[8][9]
    • A minimum protection level of a namespace can now be defined by developers. The only namespace protected by default is the MediaWiki namespace, which is used in the site interface.[8]
  • When deleting a page, its deletion log is shown.[10]
  • When an administrator's rollback fails because another user already reverted, the error will show the parsed edit summary instead of plaintext (for example, "vandalism" instead of "[[WS:BP|vandalism]]").[11]
  • Edit patrolling is now logged.[7]

Special pages

edit

Various

edit
  • JavaScript
    • Tooltips and accesskey shortcuts are now defined by default, so there is no need to define them in MediaWiki:Common.js as has traditionally been required. Although it's still possible to edit the ta array in JavaScript, it is preferable to edit the relevant interface message such as MediaWiki:Tooltip-userpage.[8]
    • Two new JavaScript variables are defined per page load, wgAction and wgUserGroups.[14]
    • addPortletLink(), added to wikibits.js, allows the easy insertion of a new link in any of the "portlets" (including the sidebar, toolbox, personal user links, et cetera).[8]
  • The ImageMap extension has been enabled on all Wikimedia wikis. This extension allows users to create image maps (images with links mapped to certain points of the image). The feature is frequently used to link somewhere other than its description page.[8]
  • Revision sizes are now shown in in edit histories.[15]
  • A new magic word, {{DEFAULTSORT:}}, can be used to define the default sort key of a page instead of manually setting it for every category (see m:Magic words for usage).[16]
  • When a bureaucrat (Zhaladshar on this wiki) renames a user, they can check a box to automatically move all of the user's pages and subpages to the new name.[16]

Upcoming features

edit
  • Revision deleting for administrators is scheduled to go live when MediaWiki 1.10 is released. Screenshots show how the interface will look; oversight is now an extra option on the standard revision deletion form. It will also be possible to hide log entries and file revisions, and remove users from the user list.[17][13]

New external tools

edit

References

edit
  1. "New password restrictions" (Scriptorium, April 2007)
  2. "Account password restrictions changed" (Wikitech-l, April 2007)
  3. "Password security notes" (Wikitech-l, May 2007)
  4. "Four administrator accounts desysopped after hijacking, vandalism" (Wikipedia Signpost, 07 May 2007)
  5. Wikizine #66 (March 2007)
  6. "Board announces six resolutions" (Wikipedia Signpost, 26 March 2007)
  7. 7.0 7.1 7.2 "Bugs, Repairs, and Internal Operational News (Wikipedia Signpost, 29 January 2007)
  8. 8.0 8.1 8.2 8.3 8.4 "Bugs, Repairs, and Internal Operational News (Wikipedia Signpost, 15 January 2007)
  9. "Cascading protection feature added" (Wikipedia Signpost, 15 January 2007)
  10. "Bugs, Repairs, and Internal Operational News" (Wikipedia Signpost, 05 March 2007)
  11. 11.0 11.1 11.2 11.3 "Bugs, Repairs, and Internal Operational News" (Wikipedia Signpost, 02 April 2007)
  12. "Bugs, Repairs, and Internal Operational News" (09 April 2007)
  13. 13.0 13.1 "Bugs, Repairs, and Internal Operational News" (20 March 2007)
  14. "Bugs, Repairs, and Internal Operational News" (Wikipedia Signpost, 29 January 2007)
  15. "Bugs, Repairs, and Internal Operational News" (Wikipedia Signpost, 12 March 2007)
  16. 16.0 16.1 "Bugs, Repairs, and Internal Operational News" (Wikipedia Signpost, 02 January 2007)
  17. private Oversight-l announcement.
  18. Wikizine #69 (May 2007)
  19. Wikizine #68 (April 2007)