[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: volunteer to do php patch for wikipedia?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: volunteer to do php patch for wikipedia?
From: Adam Langley <alangley@xxxxxxxxx>
Date: Thu, 26 May 2005 15:19:58 +0100
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Thu, 26 May 2005 10:19:20 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZA+snYT+E87ddIVQOkiIE6IY7dskQt/qBsF4r/ebDpy+XbOpUmyM4TWuTElK/NVKmFQcQ7jdGBhpnGtn1OAzi/uSWp3YmSjaGAuXJSkBSPVYWhtzi2Y/98ZUKIYG3gbvDI63gMxJjZWLq4MshI1P/FAQpe30rMjTWgG5yhYV0Oo=
In-reply-to: <20050526041649.GX29034@localhost.localdomain>
References: <20050526041649.GX29034@localhost.localdomain>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 5/26/05, Roger Dingledine <arma@xxxxxxx> wrote:
> Here's how I envision it working: there should be a db of IP sets (some
> contiguous blocks, some not) that Wikipedia keeps track of. Periodically
> (like every 15 minutes), all of these IPs should be unblocked. To make
> things saner for the admins, certain IP sets should have a flag that says
> if you block any IP in the set then you should block every IP in the set.

Patch 1/3 written, see if the current design makes sense to you, Roger:

table ipblockset:
  id
  name : string
  desc : string
  blocked : ipblock_id MAYBE NULL
  autoblock : boolean

table ipblockrange:
  set_id : ipblockset_id
  ipstart
  ipend
  friendlyname : string

So a set (e.g. "Tor") has an id and an optional reference to an
ipblock_id (ipblocks is an existing table in MediaWiki which has
"blocking user", "reason" etc). There are many ranges for each set and
each range is either a single ip address (ipstart == ipend) or a CIDR
range (where the CIDR string is kept in friendlyname for auditing).

So the blocking lookup goes like:
  * Is there an entry for this IP address/user in the old ipblocks
table? If so, do everything normally
  * otherwise, see if the ip address is in a known range
  * if so, lookup the set and see if it's linked to an ipblocks entry
  * if so, lookup that entry and carry on as if the ipaddress of that
has matched

If autoblock is true in a given set then creating a block which
matches a range for a set blocks the whole set. (and that set-wide
block expires at the same time as the normal block).

Dangers:
  * MediaWiki spreads blocks - so if a blocked user logs in from
another IP address that IP address is also blocked. Thus if you can
create a blocked user you can login from an IP address to get a whole
set blocked.
  * A range cannot be in multiple sets

AGL

-- 
Adam Langley                                      agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60

Follow-Ups:
- Re: volunteer to do php patch for wikipedia?
  - From: coderman

References:
- volunteer to do php patch for wikipedia?
  - From: Roger Dingledine

Prev by Author: Re: raise ulimit?
Next by Author: Re: the infamous JAP crash
Previous by thread: Re: Banned from Slashdot
Next by thread: Re: volunteer to do php patch for wikipedia?
Index(es):
- Author
- Thread