Kevin;

Having managed a few public message boards myself I agree that the problem
won't be stopped by simply locking individual accounts or even entire
domains from the Swikis, but limiting them to list members would in effect
lock out everyone who either chooses not to join the list or has not yet
figured out how to do so.  The first group includes many potentially
valuable contributors who simply don't want the Squeak list's volume, the
second includes almost every potential new Squeaker.

Further, since joining the list from a "throwaway account" is just as easy
as using such an account to deface a Swiki, tying the two together would add
little security and might bring hooligans onto the list who until now have
been satisfied with just defacing a web page here and there.

Perhaps an answer could be found in a combination approach -- rather than
making edits instantly "live," keep them out of view until approved by
anyone with the current password, which could be sent with each month's list
subscriber "reminder" message, the first of which (if I recall correctly)
arrives the month AFTER someone joins the list (in contrast to the "new
member welcome message").  The same information could be sent to
non-members, including teachers and others who might not have time to
participate in the dev list but would be qualified (and willing) to deal
with the approval process.

If that were done, then list members would have full use of the Swikis after
a few days or weeks on the list, and would share the task of seeing that
inappropriate changes didn't make it into public view.  Qualified Swiki
users who are not list members would also have access.  Casual vandals would
be unlikely to sit through a few days or weeks of messages in hopes of
picking up the "password of the month," while useful uploads or edits would
wait only as long as it took the next list member / password holder to visit
and decide.

The main fly in the ointment is that some pages aren't visited as regularly
as others; the answer to that might be to generate an email notice either to
the list or an assigned "page editor" if something is left unapproved for
some set length of time, perhaps 72 hours or less.

I think this would offer the best balance between the "open" spirit of the
Swikis and the necessity of keeping some degree of order.

Gary Fisher


----- Original Message -----
From: "Kevin Fisher" <kgf at golden.net>
To: <squeak-dev at lists.squeakfoundation.org>
Sent: Wednesday, July 24, 2002 6:21 PM
Subject: Re: More Swiki damage by socp-b.scsnet.com


> Not to be a cynic here (well, I guess it's unavoidable having been a
sysadmin :)
> but simply locking out the IP may not put an end to it.  After all, AOL
> throwaway accounts are pretty much free in every cereal box these days.
>
> It doesn't seem to me that the vandal in question is going to stop anytime
> soon, either...someone fixes the swiki, and he wrecks it the next day.
>
> Is there any realistic way to allow swiki access based upon membership
> to this mailing list?  Ideally, we'd be the ones changing it the most.
>
>
> On Wed, Jul 24, 2002 at 01:27:34PM -0700, Ned Konz wrote:
> > This time it locked the page after damaging it:
> > http://minnow.cc.gatech.edu/squeak/393
> >
> > Isn't there some way to lock out this IP?
> >
> > --
> > Ned Konz
> > http://bike-nomad.com
> > GPG key ID: BEEA7EFE
> >
> >
>