Shadowbot2
DYK update check
editWould it be possible for the bot to search Template:Did you know/Next update and see if there are any unprotected templates in the text? Not the page itself, which is supposed to be unprotected. - BanyanTree 00:25, 28 December 2006 (UTC)
- Also it appears that something odd is going on with the bot. - BanyanTree 00:27, 28 December 2006 (UTC)
- Me again. Can the bot give a more descriptive edit summary, so admins know if there's a page in need of protection? Thanks, BanyanTree 01:13, 28 December 2006 (UTC)
- I'm going to bring up again the idea of emailing this list to certain whitelisted administrators whenever a template is found unprotected. Today, there was an unprotected template transcluded on to DYK, and I have a strong suspicion that the vandal (who placed a shock image) checked here to find out that there was an unprotected template. (The template name was extremely small and at the end of DYK, leading to my inclination and feeling that s/he looked at this page to find the vulnerability. In addition, this page has been widely "advertised", and I'm sure some clever vandals have already found it.) With emailing a certain number of whitelisted administrators (perhaps 10 or more?), multiple administrators who are familiar with Main Page images/templates would be alerted immediately and confidentially, and vandals would not be able to simply keep on checking this page to see when we've missed something. Would changing the bot to this implementation (emailing certain users through the
emailuser
function) be possible? If so, I would suggest changing it immediately. Thanks! Flcelloguy (A note?) 04:33, 28 December 2006 (UTC)- I'll second this. I actually had the same suspicion as Flcelloguy. I'd be happy to get these. Other likely candidates are the regulars at WP:ERRORS. If we create a protected subpage, would the bot be able to read usernames (let's say in bulletform) as a whitelist? I prefer it to be on wiki so admins can add or remove themselves as the fancy strikes them. Emails only when there is a problem, of course; it would be a pain to get 24 emails a day saying that nothing is happening. - BanyanTree 04:44, 28 December 2006 (UTC)
It would be very easy to do this sort of thing, and I suggested it in the first place because I was afraid something like this would happen. I'll start working on it straight away. Shadow1 (talk) 14:26, 28 December 2006 (UTC)
- Update: see User:Shadowbot2/Mailing list. Thanks again, Shadow1! Flcelloguy (A note?) 17:10, 28 December 2006 (UTC)
- No problem, glad I can help own some vandals! I should have the DYK scan before the next Main Page update. Shadow1 (talk) 17:19, 28 December 2006 (UTC)
E-mailing may be too slow.
editI'm on the E-mailing list, but I'm concerned that E-mailing may be too slow. Is it possible to notify any logged-in admins with an orange fluorescent pink box as if a new msg has been posted on the usertalk ? The link in the box can go to the template in need of protection. (I don't know any programming. Sorry if this is not do-able.) --PFHLai 17:43, 28 December 2006 (UTC)
- No, that's not possible to do, unless I were to have the bot post a note on each admin's talk page stating that it's sent them an email. Shadow1 (talk) 00:12, 29 December 2006 (UTC)
- That would seem to negate the benefits of the email system, as a vandal could just watch admins' pages and see when the bot makes an edit, turning it back into a race on who can react quicker. - BanyanTree 00:16, 29 December 2006 (UTC)
- IRC would solve this issue, but it would have to be a private channel for obvious reasons, and right now there seems to be some political issue with those – Gurch 11:25, 30 December 2006 (UTC)
- Just some. <pained grimace> - BanyanTree 15:58, 30 December 2006 (UTC)
- IRC would solve this issue, but it would have to be a private channel for obvious reasons, and right now there seems to be some political issue with those – Gurch 11:25, 30 December 2006 (UTC)
- That would seem to negate the benefits of the email system, as a vandal could just watch admins' pages and see when the bot makes an edit, turning it back into a race on who can react quicker. - BanyanTree 00:16, 29 December 2006 (UTC)
Contributions list
editWow. The contributions list has been cleared out. I guess it only ever wrote to the report page, which judging from the above has been deleted. Yup. E-mail only now, I guess? Carcharoth 18:54, 29 December 2006 (UTC)
- Yes, the bot is email-only now, since the vandal(s) seemed to use the report page for one of their attacks. Shadow1 (talk) 21:28, 29 December 2006 (UTC)
Making sure the admins on the list are active and the bot is working
editIs there a way to make sure that the admins on the mailing list for this bot are active? It would be the ultimate irony if in two years time, with everyone assuming the bot and signed up admins were dealing with things, that it was discovered that all the signed-up admins were inactive or had left. I suggest getting admins to renew their subscription (somehow) every few months or so. Maybe even getting the bot to look at their contributions list to see if they are still active and editing? Is this too difficult to implement? After that, the only thing that would go wrong is if the bot stopped working. That is now, to my mind, the most likely thing to happen. Is there any way to get alerts mailed if the bot stops working? Or is that going just a tad too far? Carcharoth 03:05, 30 December 2006 (UTC)
- I will remove myself if I go elsewhere. I would expect others to do the same (if they remember, of course) – Gurch 11:23, 30 December 2006 (UTC)
- The nice thing about having a public list is that it's pretty easy to check the contribs of the people who have signed up. I think it would be appropriate if inactive admins who forgot to remove themselves from the list were taken off and notified on their talk. - BanyanTree 15:58, 30 December 2006 (UTC)
I don't this would be terribly hard to implement, but I'd rather rely on the admins to remove themselves. Alternatively, we could just specify someone to periodically check the list and make sure everyone's alive and well. In addition to this, I periodically test the bot to make sure that it'll actually work as planned. Shadow1 (talk) 16:02, 30 December 2006 (UTC)
- My post above is a little vague, on second glance. I was envisioning, for example, someone noticing that "Hey, BanyanTree hasn't edited at all since winning the Ms. Universe pageant in an unexpected and seemingly impossible twist 9 months ago!", and asking here if anyone else thought I should be removed until I return. I agree that some sort of bot removal would not be a good solution. - BanyanTree 16:11, 30 December 2006 (UTC)
Problem
editFor some reason, I just got an e-mail saying that Wikipedia:Selected anniversaries/December 29 is unprotected. But it's December 30 , so that should not matter. Do you know what the issue is? -- tariqabjotu 05:02, 30 December 2006 (UTC)
- I had brought up the issue here prior to seeing this post; the bot had a similar problem earlier, before using the email version - it either wasn't viewing the most current version of the Main Page, failing to have purged its cache, or is reading off the list of automatically-transcluded templates, which hasn't updated either. I've reprotected the template now to stop the email alerts, but hopefully this will be fixed soon. Thanks! Flcelloguy (A note?) 05:11, 30 December 2006 (UTC)
- Yeah, I got the same email, as did presumably everyone on the list. It was sent at 05:00, 30 December 2006 (UTC), so indeed the lack of protection was not a problem – Gurch 11:23, 30 December 2006 (UTC)
The email was sent because I forgot to write in the code that would purge the Main Page. I had already written it into the bot framework the bot uses, but then I didn't remember to write it into Shadowbot2. I've fixed the problem; it should now properly purge the page cache before getting the list of templates. At least we know it works! Shadow1 (talk) 15:59, 30 December 2006 (UTC)
Malfunctioning?
editShadowbot2 just sent me an email urgently informing me that ALL the templates on the Main Page were unprotected. This would certainly be cause for concern, except they aren't.
The full list I got was:
[[User:Jmax-bot/FACount.js]] [[Wikipedia:Selected anniversaries/January 5]] [[Wikipedia:Today's featured article/January 5, 2007]] [[Template:*mp]] [[Template:Click]] [[Template:Did you know]] [[Template:In the news]] [[Template:MainPageInterwikis]] [[Template:Main Page banner]] [[Template:POTD protected]] [[Template:POTD protected/2007-01-05]] [[Template:SelAnnivFooter]] [[Template:TFAfooter]] [[Template:WikipediaOther]] [[Template:WikipediaSister]] [[Template:Wikipedialang]] [[Wikipedia:Selected anniversaries/January 6]] [[Wikipedia:Today's featured article/January 6, 2007]]
– Gurch 08:03, 5 January 2007 (UTC)
- I'll double-check the bot's scanning activities once I have access to its server, I'm on the road right now. Shadow1 (talk) 13:32, 5 January 2007 (UTC)
Suggestion
editCan your bot not display pages that end in .js or .css, it is my understanding these are protected due to their extension. An example of this is User:Jmax-bot/FACount.js which was on todays list. Great bot, takes not time at all to check. HighInBC (Need help? Ask me) 18:08, 6 January 2007 (UTC)
Thanks, that was fast. HighInBC (Need help? Ask me) 18:50, 6 January 2007 (UTC)
Some news
editFirst of all, yes, I know the bot just sent out an email. I've updated the protection status checking code to not rely on MediaWiki's 'page protected' text to determine if the page is protected.
Second, it appears that Shadowbot did not run properly for at least the past 3 days. Someone updated MediaWiki to show the protection status of templates in the transclusion list, which had the lovely side effect of completely screwing up the bot's functions. I've fixed the relevant code and run several (successful) tests; hopefully we'll stop getting these false alarms.
Third, I'm going to begin writing image-scanning code into the bot ASAP. It appears that some latest vandal attacks were caused by the shock images being inserted into unprotected images, rather than the templates themselves.
Finally, I'd like to mention the ProtectionBot. It appears that user Dragons flight has written a bot that is capable of automatically protecting templates that are vulnerable to attack. While I don't necessarily agree with the creation of this bot, nor with the fact that it needs the sysop flag set, if this bot does go into production use, I will still operate Shadowbot2 for redundancy, because I'm of the opinion that this bot will probably malfunction at some just like Shadowbot2 does.
I'd like to thank everyone for their patience in resolving these issues. Hopefully we'll be able to stop receiving false alarms and start working towards a more accurate Shadowbot2 that will solve these attacks once and for all. Shadow1 (talk) 18:43, 6 January 2007 (UTC)
- Also, please note that, as I will be taking semester finals within the next week, I will be very slow to respond to queries and will likely not be able to fix any problems encountered until finals are over on January 11.
Yes, I'm aware that two more false alarm emails were sent out today. The error was caused by the images being left in HTML comments, which the bot didn't filter out like it should have. I've corrected the issue since the emails were sent out. I think that should take care of any bugs remaining in the bot, but, knowing my programming skills, probably not ;) In any case, thanks for your continued patience! Shadow1 (talk) 02:36, 7 January 2007 (UTC)
- Good work, but it listed a page that is deleted. Hmm now that I think of it, it is still vulnerable to recreation, so I guess it should be reported if it is actually included on the main page. HighInBC (Need help? Ask me) 02:38, 7 January 2007 (UTC)
- The bot will only scan images that are in <includeonly> tags, or that appear in the template, but aren't in HTML comments, which is basically anything that will appear on the Main Page. Shadow1 (talk) 13:53, 7 January 2007 (UTC)
Last bug
editI know. It screwed up again. It was another problem with the server cache that I've fixed since the last email. This is the last bug. Shadow1 (talk) 00:57, 10 January 2007 (UTC)
Comments
editSome concerns have been raised on the ProtectionBot RfA, briefly, that Shadowbot2...
- ...emails rather than protects. Meh. As it should be.
- ...does not queue for unprotect. That would be nice, but, meh.
- ...does not check commons images. Yeah, good idea, but this hasn't been an issue.
- ...does not go into the featured article, only the main page itself. And we do try to protect it, but the article itself is usually unprotected, and the main page is certainly the priority here.
- ...does not find recursive templates. *** Now that probably should be fixed.
In particular, sub scan tries to decode the page contents into my $edit_page_contents, but then it does nothing with it (other than do look for the readonly flag ... which could have been done before decoding.) Did you mean to do something else here?
That said, this is really good stuff. Abu-Fool Danyal ibn Amir al-Makhiri 19:41, 10 January 2007 (UTC)
Live
editWell, after a large amount of bugs and other problems, I think that the bot is finally stable. Thanks to everyone for your continued patience! Shadow1 (talk) 00:11, 11 January 2007 (UTC)
Making inactive
editDue to the recent "cascading protection" feature that was added to MediaWiki by Werdna and Brion, I will be shutting the bot off today. This account may be used in the future for other tasks, but the new protection features render the bot obsolete. Thanks for everyone's support! Shadow1 (talk) 19:13, 20 January 2007 (UTC)
This is a automated to all bot operators
editPlease take a few moments and fill in the data for your bot on Wikipedia:Bots/Status Thank you Betacommand (talk • contribs • Bot) 19:47, 12 February 2007 (UTC)
Automated message to bot owners
editAs a result of discussion on the village pump and mailing list, bots are now allowed to edit up to 15 times per minute. The following is the new text regarding bot edit rates from Wikipedia:Bot Policy:
Until new bots are accepted they should wait 30-60 seconds between edits, so as to not clog the recent changes list and user watchlists. After being accepted and a bureaucrat has marked them as a bot, they can edit at a much faster pace. Bots doing non-urgent tasks should edit approximately once every ten seconds, while bots who would benefit from faster editing may edit approximately once every every four seconds.
Also, to eliminate the need to spam the bot talk pages, please add Wikipedia:Bot owners' noticeboard to your watchlist. Future messages which affect bot owners will be posted there. Thank you. --Mets501 05:01, 22 February 2007 (UTC)