Update problems

Jump to navigation Jump to search

Update problems

I've got the following major issues:

  • In LiquidThreads, when I type a reply the spinning loading icon never goes away, and the shortcuts at the top never load.
  • When I try to edit the RoboRumble/Participants page it tells me that the server did not receive some of the message and that I should confirm the edits, but it shows me an empty box instead of all the participants data.

These behaviours are seen on both Firefox 21 b6 and Chrome 26.0. I've cleared cache and done a hard reload in both.

Is anybody seeing these?

Skilgannon (talk)20:42, 9 May 2013

Yeah, LiquidThreads spinners all over the place for me. I haven't tried editing the participants list but that seems pretty high priority. Hrm..

Voidious (talk)20:43, 9 May 2013

I'm definitely noticing the first problem. I haven't yet tried editing the participants page.

Sheldor (talk)21:28, 9 May 2013

We seem to be getting a lot of user registrations, did the update break some of the blockers?

Chase00:17, 10 May 2013

Yeah, Rednaxela had some custom things in that got broken. He's working on it now.

Skilgannon (talk)02:24, 10 May 2013

Yeah, the update removed the Math extension which used to be part of the core of MediaWiki, but got moved into an extension. This broke some pages, and also broke the extra math question I added in added to the reCaptcha check. (Besides the extra math question, my modifications also included a "same IP address as received the captcha must solve it" check, which based on server logs was very effective)

Due to the error that was happening on the new user creation page, Voidious reverted back to the traditional reCaptcha extension temporarily, which let that flood of bots register.

Gladly, the custom extension I added which disallows accounts less than 24 hours old inserting external links was still intact after the upgrade, and appears to have foiled those spambots.

Also, I've now reinstalled the Math extension, both fixing some wiki pages and making my modified captcha checker work again, so all should be well now :)

Rednaxela (talk)02:45, 10 May 2013

Good to know. On that point though, I still think KittenAuth/Asirra would be a good auth system (and has nothing to do with me liking kittens, honest).

Chase03:48, 10 May 2013

Asirra was mentioned in some emails that went around. I don't think Asirra is fundamentally any better than reCaptcha for the main problem. I suspect there's a high probability that rather than pure computer-based bots, the reCaptcha system was being broken by a Mechanical Turk style system that farmed the captcha breaking task out to humans. From what I understand that is common these days. Asirra is equally vulnerable to that technique. Assuming that is the case, the reason my modifications help, would be that rather than preventing the captcha-breaking itself, they make it incompatible with some automation systems used to farm out captcha breaking. I have nothing against using Asirra if people want to switch it to that instead of reCaptcha, but at least in theory I doubt Asirra vs reCaptcha makes much of a difference.

Rednaxela (talk)04:35, 10 May 2013

Well fair, I do know Asirra is much more difficult to break then reCaptcha for computers. It might also be easier for humans to do as well ( a few clicks instead of the need to type). It could replace the two captcha systems with one (math+reCaptcha with Asirra).

But I am not going to push the topic if no one else thinks it is a good idea. I do not know the compatibility or reliability of the system, and there is always the ever present "don't fix what isn't broken" mantra as well.

Chase13:14, 10 May 2013

I'd prefer math+Asirra over just Asirra, because I'm pretty sure simply making the system on this wiki slightly unique, can break a significant subset of ageneric wiki-spamming setups. It's not like we're in the situation of wikipedia or other large sites where people would modify their spam tools specifically for this site.

Rednaxela (talk)14:04, 10 May 2013

I'm also pro-Asirra, but also content to leave our current setup if it's working.

I don't know if it's machines or people cracking the captchas. I know there exist people cracking captchas, but I'm not sure if we're a high profile enough target to make that worth while. I use Asirra on the BerryBots wiki and it's completely shut down any spammy registrations. (I think I was getting ~1 a day before that.)

Voidious (talk)16:50, 10 May 2013

From what I hear, the people-cracking of captchas are usually done by embedding the captcha from another site into a site for warez or porn, then the customers solve them to 'prove they are human' or whatever without realising they are facilitating spam.

I'd also rather do something custom, simply because it means that automated tools will never be able to crack it if they haven't been designed for it. It's only a matter of time before Asirra is cracked and we have revolutionary advances in object recognition =)

Skilgannon (talk)16:55, 10 May 2013

The cool thing about technological arms races is that from a participant's perspective, all progress is relative and temporary, but from an outsider's perspective, they can actually advance all of humanity.

Sheldor (talk)17:48, 10 May 2013

Are you? I didn't know you were using it on the BerryBots Wiki.

I would still like to see if it by itself can completely mitigate the spam here on the wiki by itself (if only because I am curious now).

Chase21:50, 10 May 2013

If you want, I would be okay with trying a switch to just Asirra for account registration, so long as we keep the UrlStopper extension to block external links from brand-new users. That way no damage can be caused. I could also set up UrlStopper to log events when it is triggered, to confirm whether random user names that registered try to spam. I'm feeling like behavior-based filtering like UrlStopper is really much more effective than "figure out if you're a human" systems can ever be anyway.

Rednaxela (talk)22:57, 10 May 2013

I agree. I would never recommend removing that safeguard. Since it has the added benefit of stopping human spammers.

Chase23:42, 10 May 2013

Well, impatient human spammers anyway.

Rednaxela (talk)23:50, 10 May 2013

Is there another kind?

Chase23:58, 10 May 2013

A quick update regarding the RoboRumble/Participants issue: I've confirmed it's definitely related to the total size of the page. I see the error if I click preview there normally, but I don't see the error if I delete half the content of the text box before hitting preview. I don't know why it only started happening after the update though, or what a good fix would be.

Rednaxela (talk)03:25, 10 May 2013

Participants issue is fixed, but the spinners persist!

Skilgannon (talk)09:51, 10 May 2013

Testing to see if the infinite spinning icon is fixed...

Rednaxela (talk)01:53, 11 May 2013

Yep! It's now fixed!

When the infinite spinning icon thing was happening, I checked in the browser for javascript errors. Sure enough, there was an "ext.WikiEditor" error. I looked around, and tried installing the WikiEditor extension, and it fixed the infinite spinning circle issue. It seems that the version of LiquidThreads we got in the update depends on the WikiEditor extension.

Rednaxela (talk)01:55, 11 May 2013