Please add your wiki, and join our community. Note: WikiIndex is not a wiki hosting service.
(please log-in to bypass the anti-spam Captcha and remove this heading notice)
User talk:Nx: Difference between revisions
No edit summary |
(reply to Nx) |
||
(40 intermediate revisions by 5 users not shown) | |||
Line 3: | Line 3: | ||
::Is that a question for the general public? I'm finding it difficult to relate to your apparent sense of entitlement. Do you feel that you should enjoy privileges here which others should not? [[User:Lumenos|Lumenos]] 05:04, 4 September 2009 (EDT) | ::Is that a question for the general public? I'm finding it difficult to relate to your apparent sense of entitlement. Do you feel that you should enjoy privileges here which others should not? [[User:Lumenos|Lumenos]] 05:04, 4 September 2009 (EDT) | ||
::Or do you feel that due to your possibly superior knowledge of computers (or the number or dedication of your allies), that this enables you more control of this wiki, than the administration? [[User:Lumenos|Lumenos]] 05:04, 4 September 2009 (EDT) | ::Or do you feel that due to your possibly superior knowledge of computers (or the number or dedication of your allies), that this enables you more control of this wiki, than the administration? [[User:Lumenos|Lumenos]] 05:04, 4 September 2009 (EDT) | ||
:::No, it's just an observation based on Proxima's behaviour. [[User:Nx|Nx]] 06:19, 4 September 2009 (EDT) | |||
::::Must you gentlemen be so abrasive? [[User:Lumenos|Lumenos]] 06:59, 4 September 2009 (EDT) | |||
==Hacking skills== | ==Hacking skills== | ||
Line 10: | Line 12: | ||
There were a few things that you claimed to be able to do [[User_talk:Phantom_Hoover#Hiya_old_buddy|here]]. [[User:Lumenos|Lumenos]] 05:07, 4 September 2009 (EDT) | There were a few things that you claimed to be able to do [[User_talk:Phantom_Hoover#Hiya_old_buddy|here]]. [[User:Lumenos|Lumenos]] 05:07, 4 September 2009 (EDT) | ||
== | :Look at the code in [http://www.mediawiki.org/wiki/Extension:Whos_online Extension:Whosonline]. It says "DELETE from $tblname WHERE username = '$username' OR timestamp < '$old' ". With a username like [[User:Robert' OR username like '%' -- aaa|Robert' OR username like '%' -- aaa]], this code becomes "DELETE from $tblname WHERE username = 'Robert' OR username like '%' -- aaa' OR timestamp < '$old' ". The problem is that the ' in the username is not handled correctly, and when passed to sql it is interpreted as the end of the username, and the rest of the username is interpreted as sql. The -- is a comment marker, it tells sql to disregard everything after that. In this case, it deletes every entry from the "online" table, so whosonline will show noone online. One way to cause harm would be: "DELETE from $tblname WHERE username = 'Robert'; drop table pages -- aaa' OR timestamp < '$old' ", which would delete all content on this wiki, but fortunately you cannot execute two sql queries with this command (the ; signals the end of the first query, and drop table pages is the second query). It would be possible to execute a subquery, and insert the result of the subquery into the username, to get some private information from the database. However mysql does not use the standard sql string concatenation operator ||, so that can't be done. The other option would be to get a numerical value, e.g. the token, because you can add together numbers. For example, I could manipulate whosonline so that instead of the real username, it displays '1' + (subquery returning number) - '1', so I could get your token, change my cookies manually, and I would be logged in as User:Lumenos. The only thing preventing me from doing that is that underscores (_) are used for field names in the user table (user_token, user_name), and those are converted to spaces in usernames when creating accounts, so the sql query doesn't work. | ||
:I don't know of a way to crash RationalWiki. All our custom extensions use the database functions provided by mediawiki (unlike whosonline, which accesses the database directly), and those are safeguarded against stuff like this. Of course there can be unknown vulnerabilities in either our custom code or mediawiki. [[User:Nx|Nx]] 06:18, 4 September 2009 (EDT) | |||
::Uuuh.... thanks. Let me see if I have an interpreter. [[User:Lumenos|Lumenos]] 06:35, 4 September 2009 (EDT) | |||
:::WP has an article on this sort of attack at [http://en.wikipedia.org/wiki/SQL_injection]. [[User:Phantom Hoover|Phantom Hoover]] 08:33, 4 September 2009 (EDT) | |||
You said you emailed | ==Active bureaucrats == | ||
You said you emailed Mr. Ernst, is he still around? [[User:Lumenos|Lumenos]] 05:18, 4 September 2009 (EDT) | |||
:One of the admins I emailed replied, and said they were not active any more, and did not want to get involved. I think it was him. [[User:Nx|Nx]] 06:19, 4 September 2009 (EDT) | |||
::Oh yeah, you said you emailed Mr. Stanton, also. [[User:Lumenos|Lumenos]] 07:37, 4 September 2009 (EDT) | |||
==Did you notice...== | |||
10:29, 4 September 2009 Nx (Talk | contribs) (81 bytes) (Undid revision 70431 by Lumenos (talk) don't edit other's user page) | |||
:Phantom Hoovers edit on the [[Lumeniki]] article? [[User:Lumenos|Lumenos]] 06:32, 4 September 2009 (EDT) | |||
::So? Why does it matter? Lumeniki is not your user page, it can be edited by anyone. Well, unless you become a power abusive sysop like Proxima. [[User:Nx|Nx]] 06:33, 4 September 2009 (EDT) | |||
:::I'm not sure you and [[MarkDilley]] share the same conventions. You might notice [[WikiIndex:Policies_and_Guidelines#Notes_to_editors_of_this_page|his edits on the policy page]]. [[User:Lumenos|Lumenos]] 06:44, 4 September 2009 (EDT) | |||
:::I thought that Phantom's user page contained nothing very valuable (but perhaps a rather lame inside joke) and so I redirected to [his talk page]. Is that so wrong? [[User:Lumenos|Lumenos]] 06:47, 4 September 2009 (EDT) | |||
::::I don't know what Mark Dilley's opinion is, but at both RationalWiki and Wikipedia, editing other people's user pages without their permission is frowned upon. [[User:Nx|Nx]] 06:54, 4 September 2009 (EDT) | |||
:::::Thanks for the source. Wikipedia is quite important isn't it... ;-) [[User:Lumenos|Lumenos]] 07:01, 4 September 2009 (EDT) | |||
::::::You shouldn't edit other people's user pages for the same reason you shouldn't start rearranging someone's living room when they invite you in their house. It's not "Wikipedia does it this way, so we must do it the same way too", it's common courtesy. [[User:Nx|Nx]] 07:14, 4 September 2009 (EDT) | |||
:::::::I gotcha. But we all buddies here you know. You guys know how to fix a little thing, if it's your living room or wiki or whatever. We may be able to write whatever policy we want. (I'm including you when I say "we".) Why not regard user pages just like the wiki articles? That they are to describe the person in the "perception of consensus"? [[User:Lumenos|Lumenos]] 07:24, 4 September 2009 (EDT) | |||
::::::::(ec) If "we" are going to make policy (which I don't think we should - are "we" taking over this wiki now?), I would oppose such a move. [[User:Nx|Nx]] 07:38, 4 September 2009 (EDT) | |||
:::::::::You are not for taking over this wiki? That's news to me. How would you oppose it? [[User:Lumenos|Lumenos]] 07:42, 4 September 2009 (EDT) | |||
::::::::::How would I oppose it? Well, you said "we" includes me too. Therefore, I assumed I'd have a vote in what this new policy would be, and I would oppose turning user pages into community property. [[User:Nx|Nx]] 07:55, 4 September 2009 (EDT) | |||
:::::::::::Should wiki articles be community property? [[User:Lumenos|Lumenos]] 07:58, 4 September 2009 (EDT) | |||
::::::::::::Yes. [[User:Nx|Nx]] 08:08, 4 September 2009 (EDT) | |||
:::::::::::::Is there any way to judge whether some smaller group is dominating the perception being presented in an article? [[User:Lumenos|Lumenos]] 08:17, 4 September 2009 (EDT) | |||
::::::::Why do you oppose making policies? You obviously have certain standards you want others to respect. [[User:Lumenos|Lumenos]] 08:29, 4 September 2009 (EDT) | |||
:::::::::I don't oppose making policies. I don't believe however that you are in charge here. [[User:Nx|Nx]] 08:31, 4 September 2009 (EDT) | |||
::::::::::Of course I am not in charge. Who is? [[User:Lumenos|Lumenos]] 08:43, 4 September 2009 (EDT) | |||
::::::::When I say "we" I'm including anyone who is reading this and wants to help establish mutually agreed standards, if possible. [[User:Lumenos|Lumenos]] 07:45, 4 September 2009 (EDT) | |||
== Thanks == | |||
For saying [http://www.wikiindex.org/index.php?title=User_talk%3ALumenos&diff=70530&oldid=70529 this]. | |||
Do you use UESP? I'd always assumed I'd find cross-wiki coincidence at some point, but there doesn't seem to be much around. [[User:Michaeldsuarez|Michaeldsuarez]] is the only name I recognise (UESP / aSK, here and others). [[User:Rpeh|rpeh]] 04:19, 6 September 2009 (EDT) | |||
:I do and I have an account there, but have never edited (I created it before you had the new user log, so it doesn't show up anywhere). I'm really impressed by the amount and quality of content there. Nice work. [[User:Nx|Nx]] 04:40, 6 September 2009 (EDT) | |||
:: Thank you again :) [[User:Rpeh|rpeh]] 04:48, 6 September 2009 (EDT) | |||
:::Note that he wouldn't have had the opportunity to say that if I hadn't been such a cyberstalker/troll whateva. [[User:Lumenos|Lumenos]] 06:36, 6 September 2009 (EDT) | |||
== RationalWiki moved to talk page. == | |||
I'm over on Dilley's page talking trash, cause that is what I think also, but I didn't really see that coming. I thought you were being fairly civil. I feel kinda bad even though I find the article/(talk page) more informative, myself. (Most people don't like "articles" that look like I would like.) It seemed like you were trying to make peace and you even added a criticism. And someone had the bright solution to add the service outage notice link on the top of the article, when I brought that out to talk. I don't know how the article should look. You put so much work into it, arguing with me. I just feel bad about this now. [[User:Lumenos|Lumenos]] 17:01, 6 September 2009 (EDT) | |||
And you gave "us" some good advice on updating that extension. Thanks for that. For what it is worth. :-( [[User:Lumenos|Lumenos]] 16:56, 6 September 2009 (EDT) | |||
== You can trust Nx... == | |||
...he apologized and admitted to wandalizing. I would post a quote but he doesn't like that anymore. It was on his user page last I checked. I love everybody. Let's build a campfire. I'm probably going to bed now so don't expect no more "feedings" ya hobgoblin. [[User:Lumenos|Lumenos]] 07:28, 10 September 2009 (EDT) | |||
I want proper sources for the [[Lumeniki]] article. <del>You're user page is no longer a red link. Do you mind if I redirect [[Nx]] to there now? (Pssst, just think of how the cyborg stalkings will be thwarted.) [[User:Lumenos|Lumenos]] 12:09, 10 September 2009 (EDT) | |||
:Umm you sound like you might be done editing here so I will go ahead and do it. [[User:Lumenos|Lumenos]] 14:19, 10 September 2009 (EDT)</del> | |||
::Changed it to redirect here instead. [[User:Lumenos|Lumenos]] 20:31, 11 September 2009 (EDT) | |||
Nx, don't go! Don't leave me all alone with these lunatics! We could work it out, man. [[User:Lumenos|Lumenos]] 14:24, 10 September 2009 (EDT) | |||
''Then I got wikilawyered by a concern troll whose only joy in life seems to be arguing the exact opposite of everything I say.'' ~~ Nx | |||
: :-( I didn't understand why you and Huw wanted the other wikis deleted from the article and why someone removed the source from the quote. It looked suspicious. I'm sorry. I should have addressed your reasons first, but that became difficult especially when the article and the talk page, are the same page. But now I agree that your version is how those section should be, at the present time. [[User:Lumenos|Lumenos]] 20:31, 11 September 2009 (EDT) | |||
:You said the wikilawyering was changing the section title from "see also" to "similar wikis" or something? [[User:Lumenos|Lumenos]] 20:31, 11 September 2009 (EDT) | |||
:You know, I may not be a very good judge of when something is really upsetting or annoying you, or if we are just playing a game. [[User:Lumenos|Lumenos]] 20:31, 11 September 2009 (EDT) | |||
I miss Nx, but I feel his spirit lives on in the IP address. [[User:Lumenos|Lumenos]] 20:31, 11 September 2009 (EDT) | |||
== This place is insane. == | |||
Redirecting user: pages to the mainspace? [[User:Huw Powell|Huw Powell]] 20:06, 10 September 2009 (EDT) |
Latest revision as of 00:31, 12 September 2009
I'm blocking you for removing content from pages. You knew this is a blocking offense because you saw Phantom Hoover's talk page. Proxima Centauri 15:34, 23 August 2009 (EDT)
- You really are a pathetic, childish idiot, aren't you? Phantom Hoover 15:45, 23 August 2009 (EDT)
- Is that a question for the general public? I'm finding it difficult to relate to your apparent sense of entitlement. Do you feel that you should enjoy privileges here which others should not? Lumenos 05:04, 4 September 2009 (EDT)
- Or do you feel that due to your possibly superior knowledge of computers (or the number or dedication of your allies), that this enables you more control of this wiki, than the administration? Lumenos 05:04, 4 September 2009 (EDT)
Hacking skills[edit]
I would be most delighted, if you might share with us (or me privately) any of your hacking skills. Could you say for example, crash the RationalWiki server? Lumenos 05:04, 4 September 2009 (EDT)
There were a few things that you claimed to be able to do here. Lumenos 05:07, 4 September 2009 (EDT)
- Look at the code in Extension:Whosonline. It says "DELETE from $tblname WHERE username = '$username' OR timestamp < '$old' ". With a username like Robert' OR username like '%' -- aaa, this code becomes "DELETE from $tblname WHERE username = 'Robert' OR username like '%' -- aaa' OR timestamp < '$old' ". The problem is that the ' in the username is not handled correctly, and when passed to sql it is interpreted as the end of the username, and the rest of the username is interpreted as sql. The -- is a comment marker, it tells sql to disregard everything after that. In this case, it deletes every entry from the "online" table, so whosonline will show noone online. One way to cause harm would be: "DELETE from $tblname WHERE username = 'Robert'; drop table pages -- aaa' OR timestamp < '$old' ", which would delete all content on this wiki, but fortunately you cannot execute two sql queries with this command (the ; signals the end of the first query, and drop table pages is the second query). It would be possible to execute a subquery, and insert the result of the subquery into the username, to get some private information from the database. However mysql does not use the standard sql string concatenation operator ||, so that can't be done. The other option would be to get a numerical value, e.g. the token, because you can add together numbers. For example, I could manipulate whosonline so that instead of the real username, it displays '1' + (subquery returning number) - '1', so I could get your token, change my cookies manually, and I would be logged in as User:Lumenos. The only thing preventing me from doing that is that underscores (_) are used for field names in the user table (user_token, user_name), and those are converted to spaces in usernames when creating accounts, so the sql query doesn't work.
- I don't know of a way to crash RationalWiki. All our custom extensions use the database functions provided by mediawiki (unlike whosonline, which accesses the database directly), and those are safeguarded against stuff like this. Of course there can be unknown vulnerabilities in either our custom code or mediawiki. Nx 06:18, 4 September 2009 (EDT)
- Uuuh.... thanks. Let me see if I have an interpreter. Lumenos 06:35, 4 September 2009 (EDT)
- WP has an article on this sort of attack at [1]. Phantom Hoover 08:33, 4 September 2009 (EDT)
- Uuuh.... thanks. Let me see if I have an interpreter. Lumenos 06:35, 4 September 2009 (EDT)
Active bureaucrats[edit]
You said you emailed Mr. Ernst, is he still around? Lumenos 05:18, 4 September 2009 (EDT)
- One of the admins I emailed replied, and said they were not active any more, and did not want to get involved. I think it was him. Nx 06:19, 4 September 2009 (EDT)
- Oh yeah, you said you emailed Mr. Stanton, also. Lumenos 07:37, 4 September 2009 (EDT)
Did you notice...[edit]
10:29, 4 September 2009 Nx (Talk | contribs) (81 bytes) (Undid revision 70431 by Lumenos (talk) don't edit other's user page)
- Phantom Hoovers edit on the Lumeniki article? Lumenos 06:32, 4 September 2009 (EDT)
- So? Why does it matter? Lumeniki is not your user page, it can be edited by anyone. Well, unless you become a power abusive sysop like Proxima. Nx 06:33, 4 September 2009 (EDT)
- I'm not sure you and MarkDilley share the same conventions. You might notice his edits on the policy page. Lumenos 06:44, 4 September 2009 (EDT)
- I thought that Phantom's user page contained nothing very valuable (but perhaps a rather lame inside joke) and so I redirected to [his talk page]. Is that so wrong? Lumenos 06:47, 4 September 2009 (EDT)
- I don't know what Mark Dilley's opinion is, but at both RationalWiki and Wikipedia, editing other people's user pages without their permission is frowned upon. Nx 06:54, 4 September 2009 (EDT)
- Thanks for the source. Wikipedia is quite important isn't it... ;-) Lumenos 07:01, 4 September 2009 (EDT)
- You shouldn't edit other people's user pages for the same reason you shouldn't start rearranging someone's living room when they invite you in their house. It's not "Wikipedia does it this way, so we must do it the same way too", it's common courtesy. Nx 07:14, 4 September 2009 (EDT)
- I gotcha. But we all buddies here you know. You guys know how to fix a little thing, if it's your living room or wiki or whatever. We may be able to write whatever policy we want. (I'm including you when I say "we".) Why not regard user pages just like the wiki articles? That they are to describe the person in the "perception of consensus"? Lumenos 07:24, 4 September 2009 (EDT)
- (ec) If "we" are going to make policy (which I don't think we should - are "we" taking over this wiki now?), I would oppose such a move. Nx 07:38, 4 September 2009 (EDT)
- You are not for taking over this wiki? That's news to me. How would you oppose it? Lumenos 07:42, 4 September 2009 (EDT)
- How would I oppose it? Well, you said "we" includes me too. Therefore, I assumed I'd have a vote in what this new policy would be, and I would oppose turning user pages into community property. Nx 07:55, 4 September 2009 (EDT)
- You are not for taking over this wiki? That's news to me. How would you oppose it? Lumenos 07:42, 4 September 2009 (EDT)
- Why do you oppose making policies? You obviously have certain standards you want others to respect. Lumenos 08:29, 4 September 2009 (EDT)
- When I say "we" I'm including anyone who is reading this and wants to help establish mutually agreed standards, if possible. Lumenos 07:45, 4 September 2009 (EDT)
- (ec) If "we" are going to make policy (which I don't think we should - are "we" taking over this wiki now?), I would oppose such a move. Nx 07:38, 4 September 2009 (EDT)
- I gotcha. But we all buddies here you know. You guys know how to fix a little thing, if it's your living room or wiki or whatever. We may be able to write whatever policy we want. (I'm including you when I say "we".) Why not regard user pages just like the wiki articles? That they are to describe the person in the "perception of consensus"? Lumenos 07:24, 4 September 2009 (EDT)
- You shouldn't edit other people's user pages for the same reason you shouldn't start rearranging someone's living room when they invite you in their house. It's not "Wikipedia does it this way, so we must do it the same way too", it's common courtesy. Nx 07:14, 4 September 2009 (EDT)
- Thanks for the source. Wikipedia is quite important isn't it... ;-) Lumenos 07:01, 4 September 2009 (EDT)
- I don't know what Mark Dilley's opinion is, but at both RationalWiki and Wikipedia, editing other people's user pages without their permission is frowned upon. Nx 06:54, 4 September 2009 (EDT)
- So? Why does it matter? Lumeniki is not your user page, it can be edited by anyone. Well, unless you become a power abusive sysop like Proxima. Nx 06:33, 4 September 2009 (EDT)
Thanks[edit]
For saying this.
Do you use UESP? I'd always assumed I'd find cross-wiki coincidence at some point, but there doesn't seem to be much around. Michaeldsuarez is the only name I recognise (UESP / aSK, here and others). rpeh 04:19, 6 September 2009 (EDT)
- I do and I have an account there, but have never edited (I created it before you had the new user log, so it doesn't show up anywhere). I'm really impressed by the amount and quality of content there. Nice work. Nx 04:40, 6 September 2009 (EDT)
RationalWiki moved to talk page.[edit]
I'm over on Dilley's page talking trash, cause that is what I think also, but I didn't really see that coming. I thought you were being fairly civil. I feel kinda bad even though I find the article/(talk page) more informative, myself. (Most people don't like "articles" that look like I would like.) It seemed like you were trying to make peace and you even added a criticism. And someone had the bright solution to add the service outage notice link on the top of the article, when I brought that out to talk. I don't know how the article should look. You put so much work into it, arguing with me. I just feel bad about this now. Lumenos 17:01, 6 September 2009 (EDT)
And you gave "us" some good advice on updating that extension. Thanks for that. For what it is worth. :-( Lumenos 16:56, 6 September 2009 (EDT)
You can trust Nx...[edit]
...he apologized and admitted to wandalizing. I would post a quote but he doesn't like that anymore. It was on his user page last I checked. I love everybody. Let's build a campfire. I'm probably going to bed now so don't expect no more "feedings" ya hobgoblin. Lumenos 07:28, 10 September 2009 (EDT)
I want proper sources for the Lumeniki article. You're user page is no longer a red link. Do you mind if I redirect Nx to there now? (Pssst, just think of how the cyborg stalkings will be thwarted.) Lumenos 12:09, 10 September 2009 (EDT)
- Umm you sound like you might be done editing here so I will go ahead and do it. Lumenos 14:19, 10 September 2009 (EDT)
- Changed it to redirect here instead. Lumenos 20:31, 11 September 2009 (EDT)
Nx, don't go! Don't leave me all alone with these lunatics! We could work it out, man. Lumenos 14:24, 10 September 2009 (EDT)
Then I got wikilawyered by a concern troll whose only joy in life seems to be arguing the exact opposite of everything I say. ~~ Nx
- :-( I didn't understand why you and Huw wanted the other wikis deleted from the article and why someone removed the source from the quote. It looked suspicious. I'm sorry. I should have addressed your reasons first, but that became difficult especially when the article and the talk page, are the same page. But now I agree that your version is how those section should be, at the present time. Lumenos 20:31, 11 September 2009 (EDT)
- You said the wikilawyering was changing the section title from "see also" to "similar wikis" or something? Lumenos 20:31, 11 September 2009 (EDT)
- You know, I may not be a very good judge of when something is really upsetting or annoying you, or if we are just playing a game. Lumenos 20:31, 11 September 2009 (EDT)
I miss Nx, but I feel his spirit lives on in the IP address. Lumenos 20:31, 11 September 2009 (EDT)
This place is insane.[edit]
Redirecting user: pages to the mainspace? Huw Powell 20:06, 10 September 2009 (EDT)