R4 (new): Redirects in the file namespace (and no file links) that have the same name as a file or redirect at Commons are now covered under the new R4 criterion (discussion). This is {{db-redircom}}; the text is unchanged.
G13 (expanded): Userspace drafts containing only the default Article Wizard text are now covered under G13 along with other drafts (discussion). Such blank drafts are now eligible after six months rather than one year, and taggers continue to use {{db-blankdraft}}.
Members of the Bot Approvals Group (BAG) are now subject to an activity requirement. After two years without any bot-related activity (e.g. operating a bot, posting on a bot-related talk page), BAG members will be retired from BAG following a one-week notice.
Technical news
Starting on December 13, the Wikimedia Foundation security team implemented new password policy and requirements. Privileged accounts (administrators, bureaucrats, checkusers, oversighters, interface administrators, bots, edit filter managers/helpers, template editors, et al.) must have a password at least 10 characters in length. All accounts must have a password:
User accounts not meeting these requirements will be prompted to update their password accordingly. More information is available on MediaWiki.org.
Blocked administrators may now block the administrator that blocked them. This was done to mitigate the possibility that a compromised administrator account would block all other active administrators, complementing the removal of the ability to unblock oneself outside of self-imposed blocks. A request for comment is currently in progress to determine whether the blocking policy should be updated regarding this change.
{{Copyvio-revdel}} now has a link to open the history with the RevDel checkboxes already filled in.
Accounts continue to be compromised on a regular basis. Evidence shows this is entirely due to the accounts having the same password that was used on another website that suffered a data breach. If you have ever used your current password on any other website, you should change it immediately.
Around 22% of admins have enabled two-factor authentication, up from 20% in June 2018. If you haven't already enabled it, please consider doing so. Regardless of whether you use 2FA, please practice appropriate account security by ensuring your password is secure and unique to Wikimedia.
I have come across Draft:Spike Viper which is very clearly a collaborative effort, preumably orchestreated from another site (social media, gaming site, whatever) and, if it was a user page, would be speedily deleted as blatant not web-host. This is clearrly neither notable nor pertinent to Wikipedia and I would flag it for speedy deletion, if a suitable category presented itself. Any thoughts ? Many thanks VelellaVelella Talk 00:07, 6 January 2019 (UTC)[reply]
@Velella: you should reach out to the contributors first and double check if they're likely to actually be drafting something that will be submitted to Wikipedia, if not, then it'll have to be a Miscellany for Deletion nomination. Nick (talk) 00:19, 6 January 2019 (UTC)[reply]
A barnstar for you!
The Admin's Barnstar
Thank you for your assistance in handling the situation with the hoax articles. I was having a rough time trying to handle the user's disruptive behavior myself. Jalen D. Folf(talk)21:15, 27 January 2019 (UTC)[reply]
Administrators who are blocked have the technical ability to block the administrator who blocked their own account. A recent request for comment has amended the blocking policy to clarify that this ability should only be used in exceptional circumstances, such as account compromises, where there is a clear and immediate need.
A request for comment closed with a consensus in favor of deprecating The Sun as a permissible reference, and creating an edit filter to warn users who attempt to cite it.
Technical news
A discussion regarding an overhaul of the format and appearance of Wikipedia:Requests for page protection is in progress (permalink). The proposed changes will make it easier to create requests for those who are not using Twinkle. The workflow for administrators at this venue will largely be unchanged. Additionally, there are plans to archive requests similar to how it is done at WP:PERM, where historical records are kept so that prior requests can more easily be searched for.
A new IRC bot is available that allows you to subscribe to notifications when specific filters are tripped. This requires that your IRC handle be identified.
@Homeostasis07 and Red marquis: I'm sorry that deletion was required, but copyright policy takes precedence over any other deletion discussion. Consensus at XfD cannot be used to retain material which violates copyright and breaches our copyright policy. This was a page which Oshwah had already had to hide 223 revisions because of one single piece of content which was copied and pasted into the sandbox, there were subsequently seven other sources of the information which had been copied and pasted into the sandbox.[1][2][3][4][5][6][7] The way in which so many sources had been copied and pasted made it impossible to delete individual revisions of the page, in the way Oshwah had done. It would be useful if you would both please read our copyright violation policy before undertaking further edits to Wikipedia, so you can both make edits which we don't need to delete (none of us take pleasure in having to delete material in this way). Nick (talk) 09:36, 18 February 2019 (UTC)[reply]
Following discussions at the Bureaucrats' noticeboard and Wikipedia talk:Administrators, an earlier change to the restoration of adminship policy was reverted. If requested, bureaucrats will not restore administrator permissions removed due to inactivity if there have been five years without a logged administrator action; this "five year rule" does not apply to permissions removed voluntarily.
Technical news
A new tool is available to help determine if a given IP is an open proxy/VPN/webhost/compromised host.
Arbitration
The Arbitration Committee announced two new OTRS queues. Both are meant solely for cases involving private information; other cases will continue to be handled at the appropriate venues (e.g., WP:COIN or WP:SPI).
paid-en-wpwikipedia.org has been set up to receive private evidence related to abusive paid editing.
checkuser-en-wpwikipedia.org has been set up to receive private requests for CheckUser. For instance, requests for IP block exemption for anonymous proxy editing should now be sent to this address instead of the functionaries-en list.
...and so will be back with us after the one week block expires. May bear watching, as even while blocked, continued to post heavily on own Talk, and not at all clear if understands why upsetting so many editors. May resume offend/apologize cycle. David notMD (talk) 11:57, 9 March 2019 (UTC)[reply]
AN3
"keep Bbb23 happy" Your entire life should be dedicated to that sentiment. That summary gave me the biggest laugh I've had all weekend!--Bbb23 (talk) 23:36, 17 March 2019 (UTC)[reply]
Mail
Hello, Nick. Please check your email; you've got mail! It may take a few minutes from the time the email is sent for it to show up in your inbox. You can remove this notice at any time by removing the {{You've got mail}} or {{ygm}} template.
The Wikimedia Foundation's Community health initiative plans to design and build a new user reporting system to make it easier for people experiencing harassment and other forms of abuse to provide accurate information to the appropriate channel for action to be taken. Please see meta:Community health initiative/User reporting system consultation 2019 to provide your input on this idea.
Two more administrator accounts were compromised. Evidence has shown that these attacks, like previous incidents, were due to reusing a password that was used on another website that suffered a data breach. If you have ever used your current password on any other website, you should change it immediately. All admins are strongly encouraged to enable two-factor authentication, please consider doing so. Please always practice appropriate account security by ensuring your password is secure and unique to Wikimedia.
As a reminder, according to WP:NOQUORUM, administrators looking to close or relist an AfD should evaluate a nomination that has received few or no comments as if it were a proposed deletion (PROD) prior to determining whether it should be relisted.
@28bytes: not really, I was informed by a Simple Wikipedia admin that Fylbecatulous had passed away. There was some further discussion at [8] and [9] with the result that the account was globally locked by DerHexer. Nick (talk) 14:33, 12 April 2019 (UTC)[reply]
Recently, several Wikipedia admin accounts were compromised. The admin accounts were desysopped on an emergency basis. In the past, the Committee often resysopped admin accounts as a matter of course once the admin was back in control of their account. The committee has updated its guidelines. Admins may now be required to undergo a fresh Request for Adminship (RfA) after losing control of their account.
What do I need to do?
Only to follow the instructions in this message.
Check that your password is unique (not reused across sites).
Check that your password is strong (not simple or guessable).
Enable Two-factor authentication (2FA), if you can, to create a second hurdle for attackers.
How can I find out more about two-factor authentication (2FA)?
Administrator account security (Correction to Arbcom 2019 special circular)
ArbCom would like to apologise and correct our previous mass message in light of the response from the community.
Since November 2018, six administrator accounts have been compromised and temporarily desysopped. In an effort to help improve account security, our intention was to remind administrators of existing policies on account security — that they are required to "have strong passwords and follow appropriate personal security practices." We have updated our procedures to ensure that we enforce these policies more strictly in the future. The policies themselves have not changed. In particular, two-factor authentication remains an optional means of adding extra security to your account. The choice not to enable 2FA will not be considered when deciding to restore sysop privileges to administrator accounts that were compromised.
We are sorry for the wording of our previous message, which did not accurately convey this, and deeply regret the tone in which it was delivered.
XTools Admin Stats, a tool to list admins by administrative actions, has been revamped to support more types of log entries such as AbuseFilter changes. Two additional tools have been integrated into it as well: Steward Stats and Patroller Stats.
Arbitration
In response to the continuing compromise of administrator accounts, the Arbitration Committee passed a motion amending the procedures for return of permissions (diff). In such cases, the committee will review all available information to determine whether the administrator followed "appropriate personal security practices" before restoring permissions; administrators found failing to have adequately done so will not be resysopped automatically. All current administrators have been notified of this change.
Following a formal ratification process, the arbitration policy has been amended (diff). Specifically, the two-thirds majority required to remove or suspend an arbitrator now excludes (1) the arbitrator facing suspension or removal, and (2) any inactive arbitrator who does not respond within 30 days to attempts to solicit their feedback on the resolution through all known methods of communication.
The CSD feature of Twinkle now allows admins to notify page creators of deletion if the page had not been tagged. The default behavior matches that of tagging notifications, and replaces the ability to open the user talk page upon deletion. You can customize which criteria receive notifications in your Twinkle preferences: look for Notify page creator when deleting under these criteria.
Twinkle's d-batch (batch delete) feature now supports deleting subpages (and related redirects and talk pages) of each page. The pages will be listed first but use with caution! The und-batch (batch undelete) option can now also restore talk pages.
Miscellaneous
The previously discussed unblocking of IP addresses indefinitely-blocked before 2009 was approved and has taken place.
@Starship.paint: You're not asking for a clarification, you're harassing Rob. He cannot answer your question without either legitimising your line of questioning, which is entirely inappropriate both in this case and in any future cases, or making himself a target for idiots like you. You need to strike your moronic question, apologise to Rob, and ignore the Fram debacle for the foreseeable future. You've allowed your judgement to not just be clouded, but completely fucking drowned here, you're making yourself look like a fucking imbecile which is a tad unfortunate given some of your more sensible interventions previously. Nick (talk) 08:45, 26 June 2019 (UTC)[reply]
I meant I was asking stwalkerster for a clarification. I asked Rob a question, yes, I didn't mean to harass him at all. Your comment is so heated that it is hard to process. It appears that you are acutely aware of the consequences of my question. Could you elaborate on either legitimising your line of questioning, which is entirely inappropriate both in this case and in any future cases, or making himself a target for idiots like you? starship.paint (talk)09:00, 26 June 2019 (UTC)[reply]
I have struck the question, but without further explanation from you, I have not learnt much other than something along the lines of 'I'm stupid, an idiot, a fucking imbecile and a harasser'. I have decided not to disengage since I am still updating the summary. starship.paint (talk)09:30, 26 June 2019 (UTC)[reply]
In the hope it provides some education - you should not be asking anybody whether or not they have reported a user to WMF, the reasons why any one user may report any other user to WMF are many and varied, but could include some extremely serious legal issues, deeply problematic behaviour not readily apparent on-wiki (particularly to non-administrators, non-oversighters and/or non-checkusers) or other issues which may be connected to real-life events, and are otherwise entirely unconnected to on-wiki conduct. If Rob replies, whether or not he reported Fram to WMF, you legitimise the act of uninformed idiots demanding answers from anybody they perceive (most likely wrongly) to have been responsible for a WMF ban or sanction. If Rob chooses not to reply, he's only ever going to be accused of avoiding the question and will be presumed guilty by the uninformed. I don't know how much clearer I can be, but there is nothing Rob can do here, your question puts him in an impossible situation. Stwalkerster explained at quite some length and I don't really know how I can make his already clear response to your clearer, but what I will add, totally separate to the Fram case, is the act of victim blaming, which is ultimately what your question boils down to, is wholly inappropriate and in some cases, probably not in Fram's, but potentially in future cases, could result in a risk to privacy and in very limited circumstances, a danger to life. If we have events where someone is outed as a homosexual because of a witch-hunt much like the one you were trying to start on Rob's talk page today, in certain countries, the results would be unimaginable. Nick (talk) 10:31, 26 June 2019 (UTC)[reply]
Thank you Nick, I understand much more about the ramifications from your latest explanation, which I did not know before. I must say my question was not intended to victim-blame. I will apologize to Rob. starship.paint (talk)11:44, 26 June 2019 (UTC)[reply]
In a related matter, the account throttle has been restored to six creations per day as the mitigation activity completed.
The scope of CSD criterion G8 has been tightened such that the only redirects that it now applies to are those which target non-existent pages.
The scope of CSD criterion G14 has been expanded slightly to include orphan "Foo (disambiguation)" redirects that target pages that are not disambiguation pages or pages that perform a disambiguation-like function (such as set index articles or lists).
The Wikimedia Foundation's Community health initiative plans to design and build a new user reporting system to make it easier for people experiencing harassment and other forms of abuse to provide accurate information to the appropriate channel for action to be taken. Community feedback is invited.
Miscellaneous
In February 2019, the Wikimedia Foundation (WMF) changed its office actions policy to include temporary and project-specific bans. The WMF exercised this new ability for the first time on the English Wikipedia on 10 June 2019 to temporarily ban and desysop Fram. This action has resulted in significant community discussion, a request for arbitration (permalink), and, either directly or indirectly, the resignations of numerous administrators and functionaries. The WMF Board of Trustees is aware of the situation, and discussions continue on a statement and a way forward. The Arbitration Committee has sent an open letter to the WMF Board.
Following a research project on masking IP addresses, the Foundation is starting a new project to improve the privacy of IP editors. The result of this project may significantly change administrative and counter-vandalism workflows. The project is in the very early stages of discussions and there is no concrete plan yet. Admins and the broader community are encouraged to leave feedback on the talk page.
Since the introduction of temporary user rights, it is becoming more usual to accord the New Page Reviewer right on a probationary period of 3 to 6 months in the first instance. This avoids rights removal for inactivity at a later stage and enables a review of their work before according the right on a permanent basis.
Hi Nick--hope you can help me with a query. I've uploaded other folks' photos to Commons before, accompanied by an email from the copyright holder, and they were accepted. I liked that, because I don't want to tell people who know nothing about that technical stuff but want to donate their images that they should go to this or that link on Commons, fill this out, choose this license, etc. I think that was done through OTRS at the time, but I'm not sure. Can we still do that? Is there a procedure? Is there maybe a template for what such an email message should contain? Thanks, Drmies (talk) 14:03, 8 August 2019 (UTC)[reply]
@Drmies: I've not worked on OTRS for quite a number of years now, but that's exactly how I would have handled permission tickets in the past. I know that some OTRS members will not accept permissions that have been directed via a third person, expecting the copyright holder to upload files directly themselves. If the copyright holder can't manage this, sometimes OTRS agents will accept files being e-mailed together with the permissions. Nick (talk) 21:31, 13 August 2019 (UTC)[reply]
Drmies, It doesn't matter who uploads the file, but the email must come from the copyright holder or their legal representative directly. If someone wants a photo uploaded, they can send it along with a standard release to photosubmissionwikimedia.org. If you're going to upload the file or it is already uploaded, the permission should go to permissions-commonswikimedia.org for commons files (with the same release text). The interactive release generator can also be used to generate release text. It is important to make sure that the email identifies the image that is being released with the URL. --AntiCompositeNumber (talk) 20:51, 14 August 2019 (UTC)[reply]
That's helpful, though still complicated. I think that's workable, though--I'll have a look at the standard release. Thanks. Drmies (talk) 23:41, 14 August 2019 (UTC)[reply]
AntiCompositeNumber, you don't have email enabled but I'd like to send you the email I got from the copyright owner. Nick, anytime you're bored with this, tell me, but it's nice to have a bunch of comments from different people in one place. Thanks for indulging us, and for the delicious pastries you serve. You're a fine host. Drmies (talk) 14:50, 20 August 2019 (UTC)[reply]
Drmies we can't accept forwarded permissions generally but they don't need to actually be the uploader, if it's already there, that's fine but they need to be the one to send the actual permission. Praxidicae (talk) 20:45, 14 August 2019 (UTC)[reply]
Listen
I honestly don't really care you think I should be blocked for CIR at this point. I'll always work with you and respect you as an editor. All I ask is you use the correct pronouns for referring to me. Can you please amend your statement to reflect this? –MJL‐Talk‐☖18:19, 19 August 2019 (UTC)[reply]
@MJL: I hope that meets your requirements, though you've not specified what pronouns you would prefer here or on your user page, so I've had to guess. Nick (talk) 18:26, 19 August 2019 (UTC)[reply]
thank you for the ping. Check my user page again, section More User boxes, and click show. Also, Ched I changed my name to make easier for people to get it (and privacy reasons). You may notice that MJL is not exactly a gendered username. –MJL‐Talk‐☖19:06, 19 August 2019 (UTC)[reply]
Saw your comment here. Do you think if they were confined to working on things in their userspace (say articles) for a period of time, and somehow did show they'd improved their behaviour, you think down the road they might be able to have such conditions relaxed? (e.g. be allowed to edit mainspace). I take your point on about them having showed no evidence they're willing to take direction from past experience, so this might allow them to show they can, perhaps.StevenCrossinHelp resolve disputes!09:24, 20 August 2019 (UTC)[reply]
@Steve Crossin: I don't honestly know. If I'm being brutally honest, I'd prefer DarkFrog stays away until they can edit in exactly the same way as any other editor - no topic ban, no other sanctions, no restrictions. I don't know if/when that will occur, I just don't think we're at that stage quite yet, from the behaviour I've seen relatively recently. Nick (talk) 09:54, 20 August 2019 (UTC)[reply]
Fair enough. Maybe I'm being too optimistic, but I've worked with editors like this before, and they turned things around. From all I can see, I think they perhaps do maybe realise if they were given a chance, squandering it would likely leave them perma-banned. If they were to get unblocked and screwed up again, I'd be one of the first to haul them to ANI/ArbCom. Appreciate that the community does see this editor as a time sink, but if they're willing to stick to user space and edit away at articles until further notice, then I don't see how a lot of harm could be done. StevenCrossinHelp resolve disputes!10:29, 20 August 2019 (UTC)[reply]
Editors using the mobile website on Wikipedia can opt-in to new advanced features via your settings page. This will give access to more interface links, special pages, and tools.
The advanced version of the edit review pages (recent changes, watchlist, and related changes) now includes two new filters. These filters are for "All contents" and "All discussions". They will filter the view to just those namespaces.
A global request for comment is in progress regarding whether a user group should be created that could modify edit filters across all public Wikimedia wikis.
Following a discussion, a new criterion for speedy category renaming was added: C2F: One eponymous article, which applies if the category contains only an eponymous article or media file, provided that the category has not otherwise been emptied shortly before the nomination. The default outcome is an upmerge to the parent categories.
Technical news
As previously noted, tighter password requirements for Administrators were put in place last year. Wikipedia should now alert you if your password is less than 10 characters long and thus too short.
A survey to improve the community consultation outreach process
Hello!
The Wikimedia Foundation is seeking to improve the community consultation outreach process for Foundation policies, and we are interested in why you didn't participate in a recent consultation that followed a community discussion you’ve been part of.
Please fill out this short survey to help us improve our community consultation process for the future. It should only take about three minutes.
The privacy policy for this survey is here. This survey is a one-off request from us related to this unique topic.
The Arbitration Committee is the panel of editors responsible for conducting the Wikipedia arbitration process. It has the authority to impose binding solutions to disputes between editors, primarily for serious conduct disputes the community has been unable to resolve. This includes the authority to impose site bans, topic bans, editing restrictions, and other measures needed to maintain our editing environment. The arbitration policy describes the Committee's roles and responsibilities in greater detail.
An RfC on the administrator resysop criteria was closed. 18 proposals have been summarised with a variety of supported and opposed statements. The inactivity grace period within which a new request for adminship is not required has been reduced from three years to two. Additionally, Bureaucrats are permitted to use their discretion when returning administrator rights.
A request for comment asks whether partial blocks should be enabled on the English Wikipedia. If enabled, this functionality would allow administrators to block users from editing specific pages or namespaces, rather than the entire site.
A proposal asks whether admins who don't use their tools for a significant period of time (e.g. five years) should have the toolset procedurally removed.
The fourth case on Palestine-Israel articles was closed. The case consolidated all previous remedies under one heading, which should make them easier to understand, apply, and enforce. In particular, the distinction between "primary articles" and "related content" has been clarified, with the former being the entire set of articles whose topic relates to the Arab-Israeli conflict, broadly interpreted rather than reasonably construed.
.jpg)
