[Maybe Spam] Re: Swiki vandalized

Frank Shearar Frank.Shearar at rnid.org.uk
Thu Jan 27 15:40:08 UTC 2005


Dave Hylands <dhylands at gmail.com> wrote:

> > Oh, that actually makes me wonder about something else. One 
> might be only an Apprentice in the community (a new Squeaker, 
> in other words) but a keen WikiGnome. We might want this new 
> Gnome to have major rights as part of his (proven) wiki 
> maintaining, while limiting his rights to, for instance, push 
> changesets to the update stream (because he hasn't learned 
> the Squeak idioms, for instance).
> 
> If somebody is a good WikiGnome and can't control themselves in regard
> to pushing changesets, then they don't deserve to be a WikiGnome.

That doesn't follow. Say you're very skilled with proofreading and editing, with only a cursory knowledge of Smalltalk. Thus, you're eminently qualified to WikiGnome, but don't have a grasp of the community coding standards, and thus shouldn't (yet) be allowed to push changesets to the update stream.

_I_ sure as heck am not conversant enough with Squeak to try push changesets to the update stream (in general) even if I could.

What I'm driving at (and several people have talked about this recently) is you can use reputation servers to automatically control access to certain privileges. These privileges might be editing the wiki, they might be changing the update stream server.

> Just because you have a priviledge doesn't mean you'll abuse it. You
> need to give people a bit more credit.

The point of security mechanisms is not to prevent good people from damaging common property. It's to prevent BAD people from damaging common property. I just need to ride the Tube here in London, or witness a bot attack or vandalised pages on the swiki to know that there ARE people who abuse their privileges. Sure, not many, and none of them members of our wonderful community. Point is, given the chance, there are people who will abuse their privileges. It's almost human nature.

_I_ believe wikis should be as open as possible, even to the extent of allowing abuse. Having said that, if the community at large feels that the Swiki needs protection, then I want to be a part of the process that decides who can do what.

As I've said before, I'm more than happy to WikiGnome, fixing up bot attacks. My only beef with the Swiki's security or lack thereof is that vandals can lock pages and thus prevent WikiGnomes from repairing the damage. That really messes up a WikiGnome's day.

> I also feel that there is a tendency to dream up scenarios that may
> never happen and then design ways to deal with them. Deal with the
> exceptions and odd cases when they occur.

In general, I agree with you. I'm a very big fan of test-driven development and XP-like processes. Security does not work like that.

I should really have changed my mail's subject, as I'm really talking about using reputation servers to control privileges, not just about bots vandalising the Swiki.

> You could also have two levels of "Apprentice", one lowest level which
> you acquire by just existing (i.e. automatic) and the next level
> requires asking. Only people with Apprentice-II or higher would be
> allowed to edit the wiki.

SqueakPeople has Observer, Apprentice, Journeyer, Master. You automatically gain Observer status by virtue of registering your account (and we can consider people without accounts as being logged in as the Observer "anonymous". You gain Apprentice status when an Apprentice or higher thinks you're an Apprentice (via certifying you). Roughly, and probably inaccurately. http://people.squeakfoundation.org/trust-metric.html has the details for SqueakPeople, and the system looks quite neat.

Which quite handily fulfils the scheme you proposed :)

frank


*******************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to
whom they are addressed. Any views or opinions expressed
are solely those of the author and do not necessarily represent
RNID policy.
If you are not the intended recipient you are advised that any
use, dissemination, forwarding, printing or copying of this
email is strictly prohibited.
If you have received this email in error please notify the RNID
Helpdesk by telephone on: +44 (0) 207 296 8282.
The Royal National Institute for Deaf People
Registered Office 19*23 Featherstone Street
London EC1Y 8SL No. 454169 (England)
Registered Charity No. 207720
********************************************************************




More information about the Squeak-dev mailing list