Need your input on a policy impacting gadgets and UserJS edit

Dear interface administrator,

This is Samuel from the Security team and I hope my message finds you well.

There is an ongoing discussion on a proposed policy governing the use of external resources in gadgets and UserJS. The proposed Third-party resources policy aims at making the UserJS and Gadgets landscape a bit safer by encouraging best practices around external resources. After an initial non-public conversation with a small number of interface admins and staff, we've launched a much larger, public consultation to get a wider pool of feedback for improving the policy proposal. Based on the ideas received so far, the proposed policy now includes some of the risks related to user scripts and gadgets loading third-party resources, best practices for gadgets and UserJS developers, and exemptions requirements such as code transparency and inspectability.

As an interface administrator, your feedback and suggestions are warmly welcome until July 17, 2023 on the policy talk page.

Have a great day!

Samuel (WMF), on behalf of the Foundation's Security team 12:08, 10 July 2023 (UTC)Reply

Questions regarding COIBot/LiWa3 edit

Hi Beetstra!

I have some questions/bug reports regarding COIBot/LiWa3 and I hope that you (or Billinghurst) could help me:

  1. Are link additions monitored after a report is generated manually (poke, IRC, Talk:SBL) and if so for how long?
  2. LiWa3 does not seem to record zhwiki link additions at all anymore. Is that a bug or is there another reason?
  3. COIBot did not seem to seem to find any URL additions for subdomains after my monitor azurefd.net ... command (azurefd.net is now SBLed). A bug?
  4. COIBot does not generate a report forexregulatory.com if I ask it to via IRC or en:User:COIBot/Poke (Diff). whoadded forexregulatory.com does returning additions. I tried a couple of times. I have the same problem with vz99vi.me.

I have read that COIBot and LiWa3 are written in Perl. I have some experience with Perl from a long time ago and would be willing to help in case of bugs. Count Count (talk) 13:37, 8 August 2023 (UTC)Reply

@Count Count Hi, some answers:
1) links poked on reporting pages get ‘monitored’ until s.o. removes them (in the report you can see they were reported before). This is defined in the settings on COIBot’s meta settings page. The /poke page is to just get a report, those are not recorded as we needed a mechanism to get report or refresh reports just to see if they are worth reporting. Irc command also does not get recorded (and is rather anonymous so people do not see you are looking at ‘their’ links - also intentional).
2) nope, no reason, may be a bug or a page coding issue.
3) not sure what you mean here.
4) The Report save routine does time out or overload sometimes (that also avoids that it hangs on e.g. youtube.com). Links that are ‘not counted’ or whitelisted on LiWa3 also do not get saved - if they are on those lists the reports would not make sense anyway.
Help is welcome, my time is very limited. Warning though, the coding is bad. Billinghurst, a couple of others or me can give you access. Dirk Beetstra T C (en: U, T) 04:20, 15 August 2023 (UTC)Reply

COIBot failing to report on metawiki and enWP edit

Hi. I see that we are not getting reports written to metawiki and enWP for over a day. Seems to be running fine in IRC. That connectivity piece always defeats me, though I will see what I can shake. Though I am not near connectivity for the bots, so it may be a little while. — billinghurst sDrewth 21:08, 7 September 2023 (UTC)Reply

@Billinghurst: I would be willing to have a look if you or Beetstra can give me access (see above). LDAP/Toolforge user name is Count Count as well. Count Count (talk) 06:49, 8 September 2023 (UTC)Reply

Notice of removal of adminship (October 2023) edit

Hello Beetstra,

I regret to inform you that pursuant to Meta:Administrators/Removal (inactivity), and since you have not made at least 10 edits in the last six months, your administrator and associated permissions have been removed from your account. Please see Meta:Administrators/Removal (inactivity)/October 2023 for details.

Kind regards, —MarcoAurelio (talk) 12:23, 3 October 2023 (UTC)Reply

@MarcoAurelio I know it is the rule, but this will hinder the sbl script and bot maintenance (their settings are protected). Dirk Beetstra T C (en: U, T) 04:18, 4 October 2023 (UTC)Reply
It's indeed unfortunate, and the result of an obsolete policy IMHO. I've been trying to persuade the community to get rid of automatic removal or tweak it to apply only on cases of absolute inactivity, but so far people seem happy with the status quo (see the two sections at Meta talk:Administrators/Removal (inactivity) for details). Would interface adminship be enough to be able to edit/manage the blacklists and the bot settings? That permission only requires making 10 edits anywhere each 6 months. Another option would be to apply for an indefinite limited adminship with or without Interface Adminship for blacklists and COIBot management such as the one we approved here. Best regards, —MarcoAurelio (talk) 10:11, 4 October 2023 (UTC)Reply
@MarcoAurelio, I am rather inactive at the moment so it was predictable. I agree that the policy is crude, but I see the other side of it as well (would have liked a question before at the least so I could respond).
The interface adminship is for the blacklist gadget, but as I am not an admin I will not use that now and not think of improvements or bugs anyway. Adminship for bot settings and blacklisting itself is annoying not to have but I would need to keep it up anyway. Lets see how things evolve with my availability. Dirk Beetstra T C (en: U, T) 04:21, 8 October 2023 (UTC)Reply

Beetstra. An ugly gerrymander way around this roadblock is to remove the protection, and write a very tight abusefilter that solely focuses on the settings page by username and by role. (user Beestra | role administrator). I hate doing it as the rules of the wiki should be intelligent enough to allow a central coordinating wiki to centrally coordinate but instead we have this rule around administrators needing to edit to retain rights.  — billinghurst sDrewth 22:30, 30 October 2023 (UTC)Reply

COIBot logged out of meta +++ edit

For the past week plus, the report data are being generated (according to IRC), though unable to be written to meta. IRC has been saying that COIBot is trying to login and write to Meta, though it has been saying that for many many weeks so not a good measure. I have never successfully managed to work out how to get meta login to work.  — billinghurst sDrewth 21:31, 29 November 2023 (UTC)Reply

Just came to report this myself, still going on DannyS712 (talk) 19:31, 11 December 2023 (UTC)Reply