User talk:AmiDaniel/VP/L
Latest comment: 17 years ago by Froth
Erm
editFound this page through ethereal. Shouldn't this be protected? --frothT C 08:44, 14 December 2006 (UTC)
- Nope. The program uses the last version created by a mod, so it doesn't matter if the page is vandalized. Plus, since not all mods are admins... Prodego talk 23:04, 14 December 2006 (UTC)
- Oh, now it makes sense, thanks --frothT C 23:33, 14 December 2006 (UTC)
- Well, actually this page doesn't like being messed with, (and I edited it) and I hope I was right above, because if so I can fix it. Would you be willing to try something? Prodego talk 23:35, 14 December 2006 (UTC)
- Ok here is the plan. The page is upset at my protecting the page, it must have messed up the encryption (must be based on revision info). Now if I make you a mod, then you remove me, then, if I am right above, the program will go back to the userlist before I edited, and we should be able to log in. Then you can use the mod tools (I will help you) to reload the list, and we can reverse what we did. If I am right... You will need to manually edit User:AmiDaniel/VP/Mods to do this. Prodego talk 23:43, 14 December 2006 (UTC)
- Sounds good. I can't edit User:AmiDaniel/VP/Mods though, I'm not an administrator. Can you unprotect it first? --frothT C 23:46, 14 December 2006 (UTC)
- This also assumes I can even do anything to /Mods, which I don't know if I can. And I already unprotected it. Prodego talk 23:47, 14 December 2006 (UTC)
- That's a good concern, although I don't remember it asking for the history of /Mods (but if it does you'll need the help of a different mod already on the list). You're off the list, I'm on --frothT C 23:50, 14 December 2006 (UTC)
- Can you log in now? I might not be able to log in to the mod tools since I'm not approved for VP --frothT C 23:51, 14 December 2006 (UTC)
- Remove me again, I may need to add you before you count. Prodego talk 23:53, 14 December 2006 (UTC)
- No luck, I guess (at least) one of the two assumptions above was wrong. I hope it is the second one, because if it is the first that is a serious flaw. Thanks for trying. Prodego talk 23:57, 14 December 2006 (UTC)
- Re-add me to the mods list but do not remove yourself. If you do you may make both of us not on ;-). Prodego talk 23:58, 14 December 2006 (UTC)
- All right done, but I think you're wrong- if what we did didn't work, then our edits make no difference to the mod list. why don't you try just unprotecting the /L page? --frothT C 00:05, 15 December 2006 (UTC)
- Re-add me to the mods list but do not remove yourself. If you do you may make both of us not on ;-). Prodego talk 23:58, 14 December 2006 (UTC)
(after edit conflict) It must be the second one since it's the only way that works with a hardcoded authorized user (whoever maintains the mod list, the author of VP probably) and I know it doesn't look for a list of authorized users. Your first assumption must be correct, don't worry. I'll rv the mod list so there's no confusion when someone tries to add another mod --frothT C 00:02, 15 December 2006 (UTC)
- I have no idea how you could figure that out without the source code (unless the page called is an oldid), so you are way above me here. Thanks for your help, and remind me to approve you when AmiDaniel fixes it all. Prodego talk 00:07, 15 December 2006 (UTC)
- I was using a network traffic analyzer (I linked to it above) to make sure the program doesn't call home and store my password on AmiDaniel's server. I believe what it does is:
- Get the history of the /Mods page
- Get the last revision made by AmiDaniel (the mods list is now in hand)
- Get the history of the /L page
- Get the last revision made by someone on the mods list
- Decrypt that revision (the approved list is now in hand)
- Check your username against the approved list
- Since this is done through well-documented wikimedia functions it was easy to tell what was going on by just looking at the request URIs. By the way, thanks for the approve --frothT C 00:16, 15 December 2006 (UTC)