Comment on Wikipedia in read-only mode following mass admin account compromise
TheTechnician27@lemmy.world 3 weeks ago
Oh, fuck, this is going to be interesting to read about. Just to clarify: it seems like this wasn’t just Wikipedia but Wikimedia generally. So that’s also e.g. Wiktionary, Wikimedia Commons, Wikidata, etc.
Takapapatapaka@tarte.nuage-libre.fr 3 weeks ago
Shameless copy/paste of the main info if anyone wants to catch a glimpse without going to reddit :
Summary of events:
Post from WMF staff member on Discord:
thebestaquaman@lemmy.world 3 weeks ago
To be fair I would assume that it’s better to trigger something like this during a security review when people are actively “online” and focused on security risks than at some other time.
SnotFlickerman@lemmy.blahaj.zone 3 weeks ago
Absolutely and it helped prove why they needed to do this security review to begin with as well as will teach them the nature of how this user script worked so they can put up guardrails for this specific type of attack. An unfortunate event but as long as they are using it to learn from and strengthen their security, overall it’s a good thing.
Gullible@sh.itjust.works 3 weeks ago
That’s hilarious, and I cannot imagine how stressed out that employee is.
db2@lemmy.world 3 weeks ago
After that kind of learning experience that employee needs a reprimand and a raise in that order. You can be that shit won’t happen twice! 😆
crandlecan@mander.xyz 3 weeks ago
You want even more Management?? 😨
mic_check_one_two@lemmy.dbzer0.com 2 weeks ago
We had an employee break procedure, make a dumb mistake, and cause ~$160k worth of damage to a mission-critical piece of infrastructure. It happened due to her own inattention and disregarding her checklist, at like 8PM. Basically, instead of doing steps A, B, C, and D, she went “eh I know what I’m doing,” jumped straight to step D, and suddenly heard very expensive noises. It required me and her supervisor to pull an overnight shift to get a bodged workaround in place, just to be ready for the next morning at 8AM. And even then, the gear was out of commission for about a month until we could get it fixed.
All in all, it was about $80k worth of equipment repairs, $40k in equipment rentals (to keep things running in the meantime), and about $40k in additional labor (we had to hire specialized contractors to fix the gear).
The employee 100% thought she was going to get fired when it happened. We were obviously angry and disappointed that she made such a dumb mistake, but we didn’t yell or chastise her. We simply told her to go ahead and clock out for the evening, and we’d deal with fixing things overnight. She tried to say she could stick around to help… But this was already at the end of her shift, she was obviously not in the right headspace to pull an overnight shift, and we were both too frustrated to have her around at the time. She was crying on her way out the door.
The supervisor decided to keep her on instead of firing her, for this exact reason. She didn’t get a raise, but she didn’t get fired either. She got reprimanded, but her supervisor was confident that she would never make the same dumb mistake again. And now her story is used as a cautionary tale to drive home the importance of following procedure when we’re training new hires.
nik9000@programming.dev 2 weeks ago
Back when I worked at the foundation there was a special permission that you couldn’t have unless you’d broke stuff super badly. To push new code you have to have one of those folks present. They were responsible for making sure there was a back out plan and ran the actual deploy script. Their ssh keys did the deploy.
I got this bit set after I took out search for Italian Wikipedia. And all none Wikipedias.
deacon@lemmy.world 3 weeks ago
Ironically it is comments like these that led to Reddit gold. But thank you kind stranger for saving me having to descend into The Depths for this.
TheTechnician27@lemmy.world 3 weeks ago
Danke. This should easily be fine for anyone who’s slightly-to-moderately interested; some of the nitty-gritty details like the edit diffs are excluded from this copy–paste for those who really know their stuff and want to learn more.
Jack@lemmy.ca 2 weeks ago
The NoScript extension in Firefox makes the web so much nicer. It turns out sites that don’t require JavaScript tend to made by vastly better humans than sites that do. More so for sites that require cross-site scripting and cookies to just show text.
Can’t search on google.com without allowing JavaScript, but it turns out Lite.DuckDuckGo does, and for me at least gives vastly better search results.
Wikipedia can be read and edited without allowing JavaScript, and I personally don’t like the crap that the scripts provide. It’s also usable without cookies, tho the idiotic UI options column on the right is a hassle without cookies.
mic_check_one_two@lemmy.dbzer0.com 2 weeks ago
That just means you prefer Bing search results. DDG simply proxies Bing Search and removes the tracking elements. So you’d get the same search results with Bing… Though Bing may sort those results differently, since they’d use tracking to push certain sponsored results to the top if they think you’d be more interested in them.
Sims@lemmy.ml 3 weeks ago
“The malicious script was created in 2023 to attack two Russian-language alternative wiki projects, Wikireality and Cyclopedia.”
So this was a US/Ukrainian attack on Russia that backfired ?? Weird ‘friendly fire’ situation…