[FFmpeg-devel] List of Codecs, Containers, etc.
Mike Melanson
mike
Tue Jun 26 08:23:41 CEST 2007
[missed this email regarding the Wiki while I was on vacation...]
Michael Niedermayer wrote:
>> One second you're totally paranoid about security, the next you're
>> upset because the wiki has even minimal security measures in place.
>> I just don't get it.
>
> being _unable_ to create an account to edit is not minimal security
> its maximal inconvenience
> this is BOFH design or to say it differently security by simply switching
> the system off or pulling the plug, it sure is giving you some security
> but there is that little disadvantge of making the system unuseable in the
> process
Maybe you're not familiar with the whole Wiki paradigm. It turns nearly
any network security model on its head since Wiki was apparently
conceived by a bunch of starry-eyed utopians who believe that all people
are innately good and only wish to create community and spread knowledge.
I do not need to tell you that this does not work in the real world.
> the goal should be to make a system as secure as possible with the least
> inconvenience to its users, not to make a system as secure as possible with
> the least amount of work for the admin and while completely ignoring the
> consequences for the users of the system
As I indicated, the wide-open Wiki paradigm is silly on the wide-open
internet. The opposite, the closed-off Wiki is almost as ridiculous,
except that most people in our group already have accounts. Right now,
we're investigating better trade-offs.
> also you can stop automated scrips trivially and a spammer working manually
> will not be stoped by having to contact mike to get an account. he wont
> even be stoped from getting a second or third account after he spammed the
> site and got his previous account banned ...
A huge problem is that MediaWiki is notoriously lacking in access
control features. Generally, the access modes are either "wide open" or
"exclusive membership" (and you have to hack PHP code to change modes).
We're down-rev a few major versions on the MediaWiki software so it is
entirely possible that they have improved some stuff. If only I had time
to upgrade. (To further exacerbate the problem, MediaWiki releases a new
major version ever quarter whether it makes sense or not, and it's all
documented in -- you guessed it -- Wiki format.)
To review-- the current MediaWiki software that we use allows a
malicious user to do an extraordinary amount of damage very quickly and
it is very tedious and time-consuming to repair the damage. That's why
we had to impose such serious access control, until the situation improves.
--
-Mike Melanson
More information about the ffmpeg-devel
mailing list