Wikipedia:Bots/Requests for approval/TawkerbotTorA

The following discussion is an archived debate. Please do not modify it. Subsequent comments should be made in a new section. The result of the discussion was Request Expired.

[edit] TawkerbotTorA

tasks • contribs • count • logs • page moves • block user • block log • flag log • flag bot

Operator: Tawker — written by Werdna

Automatic or Manually Assisted: Automatic

Programming Language(s): C#

Function Summary: Standardising blocks of Tor open proxies to anonymous only with account creation disabled

Edit period(s) (e.g. Continuous, daily, one time run): Weekly

Edit rate requested: 12 blocks per minute

Already has a bot flag (Y/N): N

Function Details: See Wikipedia:Requests for adminship/TawkerbotTorA

[edit] Discussion

See Wikipedia:Requests for adminship/TawkerbotTorA

Ok, it's not editing, it's blocking. I'll let someone else make a post saying it's approved, being the judge and applicant at the same time doesn't work too well. If nobody else feels like posting approved - there :) -- Tawker 06:02, 5 October 2006 (UTC)

Just one question, can the bot be stopped by other admins if it starts malfunctioning? (since blocking the bot would not prevent it to block others) --WinHunter ^(talk) 06:37, 5 October 2006 (UTC)

It's more so a script, I just liked calling it a bot. It's a little application that I manually run and if a talk page message comes up saying its screwed up I just click a little button and close it. Not something that runs 24/7 like TB2 -- Tawker 12:59, 5 October 2006 (UTC)

• I think RFA is premature, as we haven't determined consensus for this bot here yet, or had any testing. Also I'm a little confused on who the operator of this is, the RFA appears to be from someone else? — xaosflux ^Talk 12:36, 5 October 2006 (UTC)

It has been tested in a sandbox wiki which is pretty much the same enviroment as en.wp. For obvious reasons it wasn't trested directly on en.wp :) -- Tawker 12:59, 5 October 2006 (UTC)

I am the author of the bot, Tawker is the operator. —The preceding unsigned comment was added by Werdna (talk • contribs) 13:08, 5 October 2006 (UTC)

• Biggest concern right now, how will the externally managed lists be validated before blocks are placed (or will they not?) — xaosflux ^Talk 12:36, 5 October 2006 (UTC)

  The external lists are managed by the Tor people themselves. I don't understand why we need to validate it, given that it's the list used by Tor clients to find an exit node. — Werdna talk criticism 13:08, 5 October 2006 (UTC)

• A concern is being raised by several editors in the RfA that they are worried that once an adminbot exists it will be used for purposes other than the ones for which it was approved. I would request that the approval of the bot is only for its currently stated function, and that any future change in functionality be accompanied by a new RfA (preferably under a different username), as a condition on approval; the 'requests to add a new function to a bot' proces should not apply in this case. Can I have any such assurances? --ais523 13:53, 5 October 2006 (UTC)

This is common sense/current convention. Don't worry about the scare tactics our friends on RfA like to use. — Werdna talk criticism 13:56, 5 October 2006 (UTC)

Pretty much it's a core group of people who think that I have some sort of hidden adgenda regarding bots. Something like this technically could be run on a user account but that breaks my belief that automated actions should not be done on human accounts and hence a seperate account exists. Some of the names are the exact same people who opposed Tawkerbot2 just as strongly and now I think there'd be more than a couple complaints if TB2 was turned off. As for a new feature (say adding open proxy blocking to the list) a proposal on RFA and going through the same procedure before running the code is the best way to do it I think. -- Tawker 17:32, 5 October 2006 (UTC)

Actually lemme clarify on that one step further. Pretty much the only thing that would make sense for TBTA would be to add open proxy detection and blocking (and if that were the case it would require an seperate RfA even if a new flag isn't being set) - any other tasks would require a new account and flag -- Tawker 18:05, 5 October 2006 (UTC)

Any additional features for this bot would have to be approved by another RfA. That is only reasonable. A bot with admin flags needs community consensus, not just enough from the bot community. -- RM 12:20, 6 October 2006 (UTC)

• I am not familiar with how the Tor list is maintained, so I want to ask that if it is possible for an average user to manipulate the list? (i.e. add any IP as tor node to the list so as to make the bot ban someone) --WinHunter ^(talk) 13:56, 5 October 2006 (UTC)

  No. — Werdna talk criticism 13:58, 5 October 2006 (UTC)

  No.? The bot code published so far does not appear to validate the authenticity of this externally managed list at all, nor the authenticity of the site. Additionally nothing has spoken to the concerns as to the accuracy of the list, in affect whoever owns, or pwns, that external web page would cause this bot to start blocking editors, would it not? (While ALL discussion is welcome here, answers from the operator are pretty much a de facto requirement) — xaosflux ^Talk 02:32, 7 October 2006 (UTC)

Important: please list the safeguards installed for allowing this bot to be stopped. One things that is required is that it should test page editing to check if it is blocked. If so, it will stop. This is important to that any sysop that sees it going bad and blocks it is actually able to stop it, rather than requiring some obsure method.Voice-of-All 16:53, 5 October 2006 (UTC)

It can be stopped currently with a checkpage. Block detection is under consideration (as in, methods for detecting blocks are.) — Werdna talk criticism 17:21, 5 October 2006 (UTC)

Pleased do so for the reasons above. This is pretty high priority.Voice-of-All 22:58, 6 October 2006 (UTC)

As this bot is scheduled to be automatic, please state how this admin enabled (as request) bot will be secured from account compromise, and what if any monitoring will be in place to ensure that the operators are notified in the event of account compromise. Normally a compromised account is fairly evident to the owner, as they can't login or have things not attribututed to them. If this is monitored, how often will it be? — xaosflux ^Talk 22:05, 5 October 2006 (UTC)

The password is stored in my head which is pretty secure I thnink. My exact IP and network address are dynamic and unknown, and is protected by a double firewall. I'm going to login to this one at least once a week to ensure that it's running ok (and to clear the new messages thingie.) IMHO the bot account is less likely to be compromised than my regular account, it's login cookie doesn't get transmitted nearly as often. Otherwise the heaven only knows how many inactive sysop accounts, we don't know if they've been compromised or not (perhaps it's time for a removal of rights of inactive users with automatic re-assignment upon request or something) -- Tawker 15:31, 6 October 2006 (UTC)

• Have you consulted with the folks at meta:Proxy_blocking regarding being able to have the existing system take care of blocking these? — xaosflux ^Talk 01:41, 6 October 2006 (UTC)

• Serious concern: http://tor.noreply.org/robots.txt disallows anyone from anything, if I read it correctly. Are you planning to breach the robots.txt exclusion on the site? --ais523 16:30, 6 October 2006 (UTC)

• If necessary. — Werdna talk criticism 17:33, 6 October 2006 (UTC)

• It could be argued that since the URL of the page in question is known, robots.txt is irrelevant, since the bot is not spidering, per se. 164.11.204.56 21:47, 11 October 2006 (UTC)

• Block rate concern: The current requested block rate is 12 per min, so if the bot is run for ten minutes it'd create 120 entries and would completely flood both Special:log/block and Special:Ipblocklist with no measures to hide those entries. Would it be better to lower the rate so that while the bot is running, other admins and users can still use both lists? --WinHunter ^(talk) 14:13, 7 October 2006 (UTC)

  Botflagged bots do not appear in RC or the block log. — Werdna talk criticism 02:04, 12 October 2006 (UTC)

  The parent question didn't say anything about RC, and as for the logs, where are you getting this from, we dont acutally have any accounts with BOTH sysop and BOT flags to demonstrate this. — xaosflux ^Talk 03:21, 12 October 2006 (UTC)

  And if they don't how do you monitor them, is there a &bot=1 orsomething argument for the log file? — xaosflux ^Talk 03:21, 12 October 2006 (UTC)

  I tested it myself on my own wiki. Yes, blocks from sysopped bots do not appear in the in Recent Changes. My apologies, they do, in fact, appear in the logs. However, we can slow it down to say one edit every minute, or even every ten minutes, if this is desired. — Werdna talk criticism 04:24, 12 October 2006 (UTC)

The request for adminship on this bot was just closed by Taxman with no consensus. — Werdna talk criticism 13:14, 12 October 2006 (UTC)

I don't see this as a major hurdle. Many of the concerns can be dealt with. -- RM 15:58, 12 October 2006 (UTC)

[edit] Post RFA Discussion

The RFA for this did not succeed. Takwer, what do you want to do with this request now? Some options I can see would be: A)Revamp this request to make this a bot request to create a page of bot links that can utilized by any admin, perhaps as a subpage of WP:OP and cordinate with that project. B)Revist the issues of the bot request that contributed to opposes on the RFA. C)Nothing, let this request expire. — xaosflux ^Talk 17:05, 12 October 2006 (UTC)

Well, I'm sure the admins had good intentions but realistically, there isn't much chance that it's going to be done manually (look at WP:OP and the backlog half the time on a much smaller scale (which ironically is users clicking on a script and hitting block - pretty much the same thing that humans are proposing to do) and Copyvio's... lot of people have offered to help... not a lot of progress).

That being said I think bots w/ privs do have a purpose and use but We do need a clear policy on bots w/ elevated access as the recent RfAr's has indicated. Bots are running w/ sysop access unapproved on normal user accounts - it's something we need a clear policy on because right now, we don't know what on earth the bots are doing. The technical concerns (yours included) are pretty easily addressable. While eventually we will apply a MW extension to do the task, this is almost more about establishing conditions in which bots can run w/ elevated access . Bots can help us out a LOT here (take a look at what TB has done for vandalism fighting), we're trying to build an encyclopedia here. 1FA was run thru the crapper because people were not writing... people could be writing if they were not spending their time on machine doable tasks.

Another major task that we could easily do by bot is the OP situation. Once a month check the indef blocked open proxies to see if they are still open, if not unblock.

In short, we need a set of guidelines. We shouldn't close the door on something that can help us without giving it a shot. The fact is, Wikipedia is growing and we only have so much manpower, we need help. -- Tawker 17:48, 12 October 2006 (UTC)

• Expiration Warning-This request will be moved to expired requests in 5 days if a refactored proposal is not presented. — xaosflux ^Talk 01:14, 25 October 2006 (UTC)

Request Expired. — xaosflux ^Talk 16:52, 30 October 2006 (UTC)

The above discussion is preserved as an archive of the debate. Please do not modify it. Subsequent comments should be made in a new section.