Shortcuts: WS:RfC, WS:RFC, WS:R

Wikispecies:Requests for Comment

From Wikispecies
Jump to navigation Jump to search

Welcome to Requests for Comment. This space is for any conversations that might require the opinions of the community to decide policy or the application of policy. Start a new conversation. For general conversation, see Wikispecies:Village Pump.

Post a comment

If you use the title box, you don't need to put a title in the message body.

Archive
Archive


New user group for editing sitewide CSS and JavaScripts

Dear fellow Wikispecians, please note that in order to improve the security of our readers and editors, permission handling for editing CSS and JavaScript ("JS") pages has changed throughout Wikimedia. These are pages like MediaWiki:Common.css and MediaWiki:Vector.js which contain code that is executed in the browsers of users of the site.

One of the changes includes the creation of a new user group called Interface administrators (interface-admin). Starting two weeks from now, only members of this group will be able edit CSS/JS pages that they do not own (that is, any page ending with .css or .js that is either in the MediaWiki: namespace or is another user's user subpage). You can learn more about the motivation behind the change here.

We need to realize that this is a potentially dangerous permission to hand out; a malicious user or a hacker taking over the account of a careless interface-admin can abuse it in far worse ways than "standard" admin permissions could be abused. Therefore this permission should only be assigned to users who really need it, who are trusted by the community, and who follow common basic password and computer security practices – and preferably also use two-factor authentication when logging in to Wikispecies (which by the way is a good idea regardless of user rights).

I'm not at all sure we actually need any interface-admin's on Wikispecies, but if we want to they can be added the same way as new administrators are appointed, i.e. by Wikimedia stewards or our own Wikispecies bureaucrats (not by admins). It's important to remember that our local bureaucrats can only assign this user right to a user, but not revoke it. Hence we will require the help of a Wikimedia steward to remove a user from this user group, if need be. Here are some details, and a proposal:

The WMF has decided that the following will take place on August 27, 2018
  • The ability to change .js and .css pages is removed from administrators and bureaucrats
  • Instead, a new group of interface-admin will be created
  • The reason is increased security

We need a plan for how we intend to handle this. Here's my proposal.

Proposal
  • Neither administrators nor bureaucrats should automatically become interface administrators
  • No bureaucrat should assign himself to the interface-admin user goup
  • If an administrator needs to edit JavaScript- or CSS files he should ask a bureaucrat about this on Wikispecies Administrators: Requests for adminship. Since this privilege entails a security risk, a request for interface adminship should not lead to a public poll.
  • When assessing whether a person is to be authorized, the bureaucrat should take the following into account:
    • Has the person shown technical skills involving JavaScript and CSS?
    • Has the person proven responsible?
    • Most often it isn't necessary to edit JavaScripts or CSS files on a frequent basis. Therefore it is likely that the assignment of the privilege should be time-limited, after which it will be automatically revoked by the software
    • If uncertain, the bureaucrat is invited to ask other trusted users for their opinion
  • Interface administrators should consider the following:
    • Use a good, unique password for your account. Using two-factor authentication for logins is highly recommended. (This can be set globally using Special:Preferences. However be careful to read up on the details first, or you might be unable to at all login to Wikimedia later on. A simple password reset wont help if you are locked out, and due to security related technical limitations the Wikimedia staff may not be able to help you if that's the case.)
    • Never copy-paste JavaScript or CSS code that you do not understand
    • Never include anything from an external URL (such as fonts, images) as it violates Wikimedia's policies
    • If you leave Wikispecies, ask a bureaucrat to revoke your interface administrator user rights

Tommy Kronkvist (talk), 04:22, 14 August 2018 (UTC).

Discussion:

  • Oppose high barriers to entry I agree that editing the site CSS and JS can be pretty devastating but I don't see the problem with allowing admins and bureaucrats to have the right as we've never experienced a problem with it. I've tooled around with it in the past couple of years and so has User:Pigsonthewing and unless I'm mistaken, it's never lead to anything disastrous. —Justin (koavf)TCM 06:11, 14 August 2018 (UTC)
I get your point and to some degree also agree with you (as I most often do, btw). However I suspect that rather few people understand how badly this user right might be misused. Meta-Wiki lists some of the problems that can occur. Here's an excerpt from the above mentioned "motivation behind the change"-link:
"By editing pages such as Common.js interface-editors can instantly execute code on the machines of our millions of readers and thousands of editors. By sending malicious code to readers/editors, one can basically do anything: phish passwords or credit card numbers, redirect monetary donations, deanonymize editors, make edits in another editors' name, trick people into installing malware, send spam, orchestrate DDoS attacks against third-party sites, etc.
Unlike other dangerous powers (e.g. CheckUser) which cannot be monetized, this is a lucrative target for an attacker. Recently we have seen someone abuse their privileges to run bitcoin miners on visitors' machines; there are far worse things that are attractive to any attacker looking for some easy income. The damage is not limited to a single wiki. Due to Wikimedia wikis all using a single global login system, an exploit on one wiki can be used to take over admin accounts on any other wiki and extend the attack further. Thus, rogue admins and hackers stealing admin accounts present a serious threat, and we should do what we can to reduce it. It's a small miracle no major incident has happened so far, even though admin accounts are stolen regularly; we need to reduce our reliance on miracles.
At the same time, Wikimedia communities' ability to shape the workings of their sites is extremely valuable and should be preserved."
Because of the above I think that at the very least any assignment to the interface-admin user group should be time-limited. One of the reasons for this is that after August 27, edits to JavaScript- and CSS files in the MediaWiki namespace can't be reverted by "ordinary" admins or bureaucrats. They can only be reverted by interface-admins, and we certainly don't want any lengthy "edit wars" between a couple of interface-admins reverting each others edits, recurrently changing site-wide code and layout in the process. –Tommy Kronkvist (talk), 23:44, 14 August 2018 (UTC).
I support a time-limited assignment, given temporarily by a bureaucrat. I think I may be among the few who updated such files in the past, when noone else seemed concearned, but I welcome a higher security in those matters, and agree that different changes should reflect a higher security demand, so noone just change relevant files on their own wish, like I used to do in the past. Dan Koehl (talk) 09:08, 15 August 2018 (UTC)
  • Symbol oppose vote.svg Oppose I think this proposal is somewhat exaggerated in the case of administrators/bureaucrats (maybe these rules would apply better for the case of normal users), it would be strange to think that any of us could insert, intentionally or maliciously, spam or destroy the CSS/JS pages of Wikispecies (unless your account was compromised). We should be able to rely on our sound judgment and that administrators or bureaucrats are sufficiently aware of the security measures and risks involved in the permission. For example, in Commons all administrators can obtain permission on request from bureaucrats without having to go through a vote; here maybe we could do that with the current administrators, and for the future that the candidates be put to a vote, but without so many requirements (suffice it to have a secure account and maybe, that you have at least 6 months as administrator [like the bureaucrats on Meta]). Regards. —AlvaroMolina ( - ) 16:50, 15 August 2018 (UTC)
In the strictest sense there are only two Wikispecies-specific requirements stated in the above proposal, namely that (after the 27th of August): "no admin or bureaucrat should automatically be assigned to the interface admin group", and that "no bureaucrat should assign him/herself to the interface-admin user group". The third requirement ("If an administrator needs to edit JavaScript- or CSS files he should ask a bureaucrat on the 'Requests for adminship' page") is in effect a Wikimedia global requirement and nothing we can decide locally for Wikispecies, since on all Wikimedia sister projects only bureaucrats can assign a user to this particular user group. Admins can't.
As for Commons and admins being "promoted" to the interface-admin user group without having to go through a vote: yes, you're right. However again, one must remember that there is a huge difference in user level capabilities between admins and interface-admins, and perhaps not even all bureaucrats know this. First of all, a "regular" admin in a wiki project can't really do anything outside of that specific wiki project. This is not true for interface-admins. For example an interface-admin on any wiki project can instantly and automatically make all visitors on all Wikimedia sister projects start to send spam and/or set off a DDoS attack towards for example the United Nations, the Central Bank of Russia‎, or the FBI. Yes: all who even visits any of the currently 882 Wikimedia projects are affected, even if they've never made a single edit (registered or not). Considering that all together the different Wikipedia, Commons, Wikispecies, Wikivoyage etc. sites have several millions of visitors every day, this is potentially a huge security risk.
Lastly I wish to remind everyone that after August 27 only interface-admins will be able to edit JavaScript and CSS files in the Wikimedia namespace. Our admins and bureaucrats will not. This is a global Wikimedia decision we can't change locally here at Wikispecies. We can only decide whether we want interface-admins or not, and if so, how to assign them. And after they're assigned we can't take them away. –Tommy Kronkvist (talk), 11:38, 16 August 2018 (UTC).
Symbol oppose vote.svg Oppose Apologies I have been at a conference. Hence unavailable last few days. I agree with @AlvaroMolina: that this is probably a little overboard. When this came up I asked what advice Meta had and the response was not as exclusive as this. That basically said that account security, ability to do this and experience were basically the main issues. Above it has been suggested that a time limited access to this user right be considered. I can see this being appropriate, since I would suspect anyone wanting it legitimately has a single objective in mind anyway. This could all be negotiated between the user and our current admins etc at the time. Then given accordingly if deemed appropriate. Not really a formal vote just a discussion and a decision. Maybe it would be better to develop a policy of what we expect from people wanting this in terms of their account security, demonstrated experience etc, and outline of what they are attempting to do. Then any applicant can provide the information we need when asking and we can all just decide based on this. Keeping it a semi informal process with a few checks. Cheers Scott Thomson (Faendalimas) talk 23:27, 16 August 2018 (UTC)
As for formal votes I already in my first draft above propose that "Since this privilege entails a security risk, a request for interface adminship should not lead to a public poll", so no argues there. :-)
We will need a formal Wikispecies:Interface administrators page listed in Category:Wikispecies user access levels (analogous to Wikispecies:Administrators, Wikispecies:Checkusers and Wikispecies:Oversighters etc.) so that users can find information about the policy and at any given time check a list of current interface administrators. The user group itself has already been created globally and may henceforth be populated by our bureaucrats so in theory our interface-admin page could be created right away, but I guess there's no real point in doing so before we have an agreed upon policy? –Tommy Kronkvist (talk), 12:42, 17 August 2018 (UTC).
Btw here's the current proposal for the equivalent policy at English Wikipedia: Interface administrators. (As noted on the page local enWP bureaucrats have the ability to not only assign but also remove users from the interface-admin (and admin) user groups. At present this ability is not a part of the toolset available to our bureaucrats; see Special:ListGroupRights.) –Tommy Kronkvist (talk), 00:14, 18 August 2018 (UTC).
That is a fair point. Considering the potential risks for this type of user right, at present our only option to stop someone abusing it would be to block them and request assistance from a Steward. Maybe before we assign any of these the capacity to remove this right immediately should be considered. As we can for bots with admin rights. I am hopeful such an issue could be avoided by careful decisions on who to give it to, but things can go wrong. Cheers Scott Thomson (Faendalimas) talk 01:00, 18 August 2018 (UTC)
Agreed, however the process of granting bureaucrats the technical ability to remove admin flags isn't altogether trivial: see for example RFC: Granting bureaucrats the ability to remove the admin flag and RFC: Bureaucrat removal of adminship policy at enWP. Also, since only interface-admins are allowed to edit CSS and (more importantly) JS files (in Wikimedia: namespace) I guess that implies only interface-admins can revert them as well. Not 100% sure about that though, but it seems logical. –Tommy Kronkvist (talk), 02:00, 18 August 2018 (UTC).

┌─────────────────────────────────┘
So, if we all agree that assigning this user right should be time limited, how long do you guys feel we should consider a good "standard" period of time? A week, a month, a year? –Tommy Kronkvist (talk), 20:28, 23 August 2018 (UTC).

1 year or more seems like a prudent and reasonable time. —AlvaroMolina ( - ) 16:05, 24 August 2018 (UTC)
Symbol support vote.svg Support, agree with Alvaro, 1 year (or more) sounds reasonable. Dan Koehl (talk) 10:17, 8 September 2018 (UTC)

@Tommy Kronkvist, AlvaroMolina, Faendalimas:, It seems this discussion somehow never resulted in a clear direction in regard to some sort of community consensus and similair. While this discussion may be actualized, I boldly created the page Wikispecies:Interface administrators, a user box, and would like to suggest that we elect at least one Interface admin. Dan Koehl (talk) 10:37, 30 September 2018 (UTC)

Thanks @Dan Koehl: This issue has been on my agenda for some time, but I haven't really got around to do it (my computer is still acting up somewhat). However now that you've created the Interface admin page I would like to be as bold as to nominate myself. I had an issue just the other day when I needed to edit a JS file (regarding localization of the GUI, since I'm also a Translation admin) but all that work had to be paused since I can't edit the script files. –Tommy Kronkvist (talk), 16:12, 30 September 2018 (UTC).
Very good @Tommy Kronkvist:! we havnt really managed to gat around the corner with this issue, and the question is, how can we proceed? Shall we announce a nomination on Requests for adminship and let users vote, or apply some easier method? Will anyone care, so far, there was very little feedback on this. what is the next step? Dan Koehl (talk) 19:30, 30 September 2018 (UTC)
@AlvaroMolina, Dan Koehl, Faendalimas, Koavf: In my opinion the first step of this last (?) part of the process is to finalize and above all formalize the Wikispecies:Interface administrators page in a way that as many users as possible are comfortable with. The version created by you is good and covers most of the bases, but we need to add stuff about the more technical details. When this particular user right is granted it comes hand-in-hand with a potentially very powerful toolbox. Therefore I think the interface-admin page should be exceptionally crisp and clear when informing about the one year time-limit (which of course can be extended), how to file a formal complaint against an interface-admin, how the process of demoting an interface-admin works (including links to Wikimedia Stewards), and so forth. Thereafter announcing the nominations of the first interface-admins on Requests for adminship is not a bad idea, however we should consider adding a "Requests for adminship" section to the actual interface-admin page itself rather than use the "standard" admin page. All future interface-admin requests are likely to be made on the interface-admin page and eventually also end up in an archive, and keeping all of the requests in the same archive is a lot more translucent and makes it a lot easier for the community to investigate what's been going on. –Tommy Kronkvist (talk), 23:29, 30 September 2018 (UTC).
Agreed that language around what this user right is should be completed before the process surrounding it is finalized. —Justin (koavf)TCM 01:15, 1 October 2018 (UTC)
For my part, I think that for a point of order, it would be good if the requests were made on the Wikispecies:Interface administrators and not in the Wikispecies:Administrators page, since then it can give rise to confusion. Given that Tommy Kronkvist has been involved in this topic more than all of us, it could be good that it was responsible for adapting the page to suit the consensus that has been reached here and adapts to the other pages of the project. Regards. —AlvaroMolina ( - ) 02:28, 1 October 2018 (UTC)
Very good, it seems we are heading somewhere with this issue. I have made some changes to the new page Wikispecies:Interface administrators, please add anything relevant, so it gets clearer and more precise in its description, and like Alvaro write; adapting the page to suit the consensus that has been reached here and adapts to the other pages of the project. Dan Koehl (talk) 06:25, 1 October 2018 (UTC)

┌─────────────────────────────────┘
I've made some changes to Wikispecies:Interface administrators (diff.) as well. –Tommy Kronkvist (talk), 13:10, 3 October 2018 (UTC).

@AlvaroMolina, Dan Koehl, Faendalimas, Koavf, Pigsonthewing: Using the Admin noticeboard as model, I've created Wikispecies:Interface administrators' Noticeboard (and the accompanying {{IAnheader}} template) and added links to it on the Interface administrators page. Please have a look at both the noticeboard and the template and chisel out any oddities you may find in the code. –Tommy Kronkvist (talk), 22:21, 4 October 2018 (UTC).

Vernacular names

Should the names in the == Vertacular names == section be spelled correctly, that is, according to the spelling of the language to which they are assigned?-Rosičák (talk) 10:54, 7 October 2018 (UTC)

Because of the doubts, I tried to rationalize and match the sources to present the current help.

Vernacular names

čeština: medvěd malajský[1]
dansk: malajbjørn[2]
Deutsch: Malaienbär[3]
English: Sun Bear[4]
español: oso malayo[5]
français: ours malais[6]
italiano: orso malese[7]
lietuvių: malajinis lokys[8]
magyar: maláj medve[9]
Nederlands: Maleise beer[10]
norsk: malayabjørn[11]
polski: biruang malajski, niedźwiedź malajski[12]
русский: солнечный медведь, медовый медведь, бируанг[13]
slovenščina: sončni medved[14]
  1. https://www.biolib.cz/cz/formsearch/?action=execute&searcharea=1&string=medv%C4%9Bd+malajsk%C3%BD
  2. http://denstoredanske.dk/Special:Tags?tag=malajbj%c3%b8rn
  3. https://www.geo.de/geolino/tierlexikon/510-rtkl-tierlexikon-malaienbaer
  4. https://www.nationalgeographic.com/animals/mammals/s/sun-bear/
  5. https://sostenibilidad.semana.com/medio-ambiente/articulo/oso-malayo-el-mas-pequeno-del-mundo-amenazado-por-el-comercio-de-bilis/36161
  6. https://www.especes-menacees.fr/dossiers/ours/ours-malais/
  7. http://www.meteoweb.eu/2017/02/animali-ripreso-orso-malese-nelle-foreste-del-myanmar/855637/
  8. https://www.etaplius.lt/malajinis-lokys-indonezijoje-uzpuole-sutuoktinius
  9. https://444.hu/2017/01/18/csontsovany-malaj-medvek-konyorognek-etelert-egy-indoneziai-allatkertben
  10. https://www.ouwehand.nl/nl/ontdekken/maleise-beer
  11. https://www.naturfakta.no/dyr/?id=1573
  12. https://www.ekologia.pl/wiedza/zwierzeta/biruang-malajski
  13. http://terramia.ru/photo/malajskij-medved/
  14. http://193.2.71.42/medvedi/?option=com_content&view=article&id=66&Itemid=83&lang=&fontstyle=f-larger

Research

  • Symbol support vote.svg Support Names should be written correctly.--Rosičák (talk) 10:54, 7 October 2018 (UTC)
  • Symbol support vote.svg Support Names should be written correctly e. g. should distinguish gramatically correct german (de) first capital (majuscule) and many other languages gramatically correct first small letter (minuscule). Visitors should not be misleaded. --Kusurija (talk) 18:54, 8 October 2018 (UTC)
  • Symbol support vote.svg Support Remember though in UK English Vernacular Names are usually capitalised. Sun Bear not sun bear. Andyboorman (talk) 19:02, 8 October 2018 (UTC)
@Andyboorman:Bingo! So who knows perfect english, should distinguish between cases as Sun Bear and bear or daisy (not Bear or Daisy) (if these are correct - I'm not so good in english). --Kusurija (talk) 19:27, 8 October 2018 (UTC)P. S.: cf. „A ‚sun bear‘ photographed at Miller Park Zoo“--Kusurija (talk) 19:37, 8 October 2018 (UTC)
  • Symbol support vote.svg Support Unless someone can provide a relevant motivation for the opposite. Dan Koehl (talk) 19:38, 8 October 2018 (UTC)
  • Symbol support vote.svg Support --Franz Xaver (talk) 20:48, 8 October 2018 (UTC)

Comments

  •  Comment: In English, first letters of names should be capitalised, as that's what most formal lists do (e.g. IOC, BSBI, MSW, etc.). In all languages, the list should use title case: capitalise the first letter, if that language uses capitals in the title at the start of a page. These are index lists, not text in the middle of a sentence. Also the reminder: VN is not an important part of Wikispecies; stick to one name per language - here is not the place for long lists of often obsolete or rarely used colloquial names. The name listed should be scientifically accurate - we should not be misleading readers with inaccurate names - and preferably the name used in official national lists (unless that conflicts with scientific evidence). Thus, in the list above, e.g. Russian should be Малайский медведь, not "солнечный медведь, медовый медведь, бируанг" - MPF (talk) 09:21, 10 October 2018 (UTC)
  •  Comment: ...thank you MPF. Orchi (talk) 17:25, 10 October 2018 (UTC)
  •  Comment: ...Whats is meant by scientific accuracy? For example, Wollemia nobilis is known, in English, by the vernacular Wollemi pine, but is not a pine (see the Discussion Page for an attempt by over zealous pedantry to over-rule common sense). Rock roses are Cistus or Helianthemum, not Rosa and then there is the Japanese Umbrella pine - the list goes on. As MPF states it is not that important, but using the most familiar VN for a language is crucial, even if the plant is not botanically a daisy, flax, rose, pine or whatever. There is also a good reason for not insisting on one VN only, for example UK and US VNs can be different and no one culture should have precedence. Andyboorman (talk) 17:51, 10 October 2018 (UTC)
    •  Comment: Language 'us' or 'en-us' for American language is certainly needed; it has been added to the language list at Commons, but not yet here (or at wikidata). Cistus is Rock-rose, hyphenated, to show it isn't a rose. And no, we should not be promoting the misidentification of Wollemia as a pine - this sort of Trumpist fake news needs to be eliminated, not promoted. Facts First, please. - MPF (talk) 19:43, 10 October 2018 (UTC)
      •  Comment:You can not impose your own opinions as "facts" - that is core Trumpism. The world is there as it is and not as you would want to make it. It is factual that the RHS in the UK call Cistus × purpureus Purple-flowered rock rose, the Australians treasure their Wollemi pine and the Kiwi name for Phormium is New Zealand flax. It is unscientific to consign a whole discipline of historic and vernacular knowledge to the dust-bin. WS reflects taxonomy not create it and the same should be for VN. Andyboorman (talk) 20:30, 10 October 2018 (UTC)
        •  Comment: it is not my own opinions. Wollemia is not Pinus; demonstrable scientific fact - do a DNA comparison. Since it is not a pine, it should not be called a pine. To do so is a lie. - MPF (talk) 21:20, 10 October 2018 (UTC)
          •  Comment: DNA is one source of evidence and local cultures another, both are undeniable and factual. This is getting so silly - a VN is a common name used by a particular language group or culture and is never a lie. To deny them its use is cultural fascism. I will not convince you nor you me - please close this as unresolved, but do not interfere with well meaning contributions that have their own justifications, as this causes bad feelings and can be a deterrent to contributions - see Wollemia Discussion page. Andyboorman (talk) 08:12, 11 October 2018 (UTC)
            •  Comment: Local cultures are not scientific; Wikispecies is scientific. Incorrect names may have a place being listed in the wikipedias for those cultures, but not here. And what you say about 'not interfering with well-meaning contributions' works both ways. If you are going to keep reimposing misleading and inaccurate names, that too is a deterrent to contributions. - MPF (talk) 07:06, 12 October 2018 (UTC)
  •  Comment: ...if available to use the name of the article name of the respective country. What about a new abbreviation for: en (american) as for "de" and "de switzerland" = gsw? Orchi (talk) 18:47, 10 October 2018 (UTC)
  •  Comment: Thank you for the comments above. Perhaps we may be inappropriate, outdated or overcome names to refer to this Genus species.--Rosičák (talk) 03:14, 11 October 2018 (UTC)