[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: volunteer to do php patch for wikipedia?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: volunteer to do php patch for wikipedia?
- From: Adam Langley <alangley@xxxxxxxxx>
- Date: Thu, 26 May 2005 15:19:58 +0100
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Thu, 26 May 2005 10:19:20 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZA+snYT+E87ddIVQOkiIE6IY7dskQt/qBsF4r/ebDpy+XbOpUmyM4TWuTElK/NVKmFQcQ7jdGBhpnGtn1OAzi/uSWp3YmSjaGAuXJSkBSPVYWhtzi2Y/98ZUKIYG3gbvDI63gMxJjZWLq4MshI1P/FAQpe30rMjTWgG5yhYV0Oo=
- In-reply-to: <20050526041649.GX29034@localhost.localdomain>
- References: <20050526041649.GX29034@localhost.localdomain>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On 5/26/05, Roger Dingledine <arma@xxxxxxx> wrote:
> Here's how I envision it working: there should be a db of IP sets (some
> contiguous blocks, some not) that Wikipedia keeps track of. Periodically
> (like every 15 minutes), all of these IPs should be unblocked. To make
> things saner for the admins, certain IP sets should have a flag that says
> if you block any IP in the set then you should block every IP in the set.
Patch 1/3 written, see if the current design makes sense to you, Roger:
table ipblockset:
id
name : string
desc : string
blocked : ipblock_id MAYBE NULL
autoblock : boolean
table ipblockrange:
set_id : ipblockset_id
ipstart
ipend
friendlyname : string
So a set (e.g. "Tor") has an id and an optional reference to an
ipblock_id (ipblocks is an existing table in MediaWiki which has
"blocking user", "reason" etc). There are many ranges for each set and
each range is either a single ip address (ipstart == ipend) or a CIDR
range (where the CIDR string is kept in friendlyname for auditing).
So the blocking lookup goes like:
* Is there an entry for this IP address/user in the old ipblocks
table? If so, do everything normally
* otherwise, see if the ip address is in a known range
* if so, lookup the set and see if it's linked to an ipblocks entry
* if so, lookup that entry and carry on as if the ipaddress of that
has matched
If autoblock is true in a given set then creating a block which
matches a range for a set blocks the whole set. (and that set-wide
block expires at the same time as the normal block).
Dangers:
* MediaWiki spreads blocks - so if a blocked user logs in from
another IP address that IP address is also blocked. Thus if you can
create a blocked user you can login from an IP address to get a whole
set blocked.
* A range cannot be in multiple sets
AGL
--
Adam Langley agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org (+44) (0)7906 332512
PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60