Question for you all.

Virtually nothing lasting, at least not by virtue of the admin bit. To the extent that there's a danger of Wikipedia being sabotaged by apparently "good" users, it's by virtue of those users' trusted status more so than on account of their admin tools; people tend not to scrutinize established editors' edits as closely as new users' and I.P.s', so a rogue admin (or otherwise trusted) account could probably get away with huge amounts of subtle and damaging vandalism (Siegenthaler X a whole bunch, if you wanted to go the BLP route).

But what are you going to do with the admin tools that's going to hurt Wikipedia any more than causing a brief flurry of drama, some clean up work, and the involvement of a steward? I can't think of a thing.

Is this like the How much wood could a woodchuck chuck if a woodchuck could chuck wood? question?

It really depends. Someone with bots could cause a lot of damage. For example, had Betacommand gone rogue with access to an admin account, he could have done some serious damage, I think. Particularly if he'd done so during a slow period when most of those with the power to stop him were sleeping, giving him a bit more time.

Of course, pretty much any damage could be repaired. It would just take time, and there would be a ton of bitching about it.

Quite a bit if they knew what they were doing and were competent enough.

Well, I guess it depends on what you mean by "damage"; that stuff would be a huge pain in the ass (especially the page history merge, which hadn't occurred to me), but not profoundly "damaging". To me, "damaging" stuff would be that which further undermines the site's credibility and/or causes media scandals. Moreover, the course of action I described would wind up being a still bigger pain in the ass than anything MZMcBride suggests, at least if it was carried on long enough, since you'd have to look through an account's entire contribution history looking for nefariousness.

Hey, Karmafist is back! I think he might be mad at me for not promoting his election campaign in a publicly-visible forum... (did you at least win?)

Anyway, don't use the admin account for hacking purposes - that's kind of short-sighted, isn't it? Use it to gain access to admins-only IRC channels and mailing lists, then selectively leak the contents to the appropriate entities. Also, aggressively close AfD's in favor of BLP subjects who want out of WP (there won't be all that many, actually, despite the impression one gets from reading WR on a regular basis). And apply the Right to Vanish as liberally as possible, of course.

And don't unblock any IP ranges, either... we all saw what happened when someone did that.

Not much that isn't reversible.



Grawp should have taken this into account had his plan to get adminship with that Senator Palpatine account succeeded.

I think another question could be how much damage can you do as a bureaucrat? They can promote and demote admins. You could desysop everybody and be the only game in town.




....or can you?

They can't desysop anyone. The most "powerful" would be a steward.

Even the page history merge thing wouldn't be a huge problem; all it would take would be "Brion, could you please revert these two article histories to the previous versions from the backup?". The real damage from a rogue admin wouldn't be the "physical" damage of deleting articles etc but the psychological impact they could cause. If someone were to run a script to block every editor to have posted on WP:ANI, WT:RFA and User talk:Jimbo Wales in the last two weeks with a "you have been blocked for disruption and incivility" summary, for example, the ensuing lulz would be epic. (Hmmm…)

Nope - Bureaucrats can only promote, not demote.

ahhh. Then someone could rise to the ranks of a steward and do some real damage.

A "hacker" can do as much damage with an admin account as any other admin. Speedy deletion of useful articles on obscure topics, blocks of useful but unpopular contributors, IP blocks which cause lots of collateral damage, protection of the wrong version, etc.

You make it sound like an average day on Wikipedia.

OK. This means we have nothing to fear.

Exactly. Business as usual.

I think we might be focusing on the wrong clause in the phrase "hacker with an admin account." I'm not advocating anything here mind you and the intrusion might have real consequences, not just intra-mmorpg penalties. On the few occasions I've ever had any conversation with anyone who might be called a hacker or even a "hacktivist" they seem to have naive and favorable opinions of WP. But social criticism, beyond the joy of a wrench in the works, does not appear to be their strong suit.

I think you may well be right. It's difficult to see what additional damage a hacker might be able to cause to that already being caused by the present admin crew.

Quite. My essay only covered software "bugs" that should be addressed at some point. However, you're quite right that far more damage is possible using subtle means rather than, say, deleting the Main Page.

That's what I never understood about vandals like Grawp, et al. The inappropriate page moves are trivial to spot and revert (hell, we have bots and software that do it with ease nowadays). It's the more subtle vandalism that's far more harmful and far harder to detect and revert.

For example, imagine an "innocent" user moving all titles that contain hyphens to titles containing en or em dashes. If you work slowly enough or on articles with few people paying attention to them, you can create a goddamn mess before someone notices and has to revert all of it. And, hey, you were just trying to help out, so there will be no punishment.

"Trying to help" shouldn't be an excuse. Darnit, actually helping isn't.

Here you have a complete confession of sneaky vandalism:

Opinoso "justifies" his vandalism at White Brazilians

See, he makes quite clear that he thinks that the figures in the article are inflated; if they were true, his "everybody knows there aren't 90 million White Brazilians" would be false. But as he cannot produce a source stating a smaller number of White Brazilians, he is glad to introduce absurd figures to the article, as long as they help him to substantiate his claim that most White Brazilians are not of Portuguese descent.

And Wikipedia protects this uncivil and lying arsehole, and his lies, against actual knowledge. Why?

Because Wikipedia is not about truth, but about verifiability. As long as your lies are sourced, they are protected against anything, including sourced truth.

Luís Henrique

I suppose you could do some quite considerable damage to the admin account, if someone hacked it. From the simple plain messy, "We are not giving you back your sysop flags until you prove you have control of your account" to a far more insidious "You have been editing this article for some time now, and were in dispute with the other editor very recently, and you expect us to believe that someone else used your account to block that editor and revert all their recent edits and it wasn't you losing your temper? It would be better for everyone if you simply told the truth..."

If there were a pattern of admins suddenly flipping out, followed by cries of "I wuz hackz" then it would backfire - but hacking a couple of sysops that form part of a particular interest group could mean a shift in the balance of power either locally or across the community.

Why?

O rly? I think if you ask Brion about this he'll say the last successful full history backup (database dump) was at least a year and a half ago and that since October he's stopped even trying to produce one.

They have Tomas working on this. Really large tables and such, it's no easy task to get all of the information to dump correctly and efficiently. And it used to be that one bad title or error would cause the entire dump process to stop until someone noticed.

As far as I can see, a dump finished in March for en.wiki, though I've always found the entire process confusing so perhaps not.

No, the 2009-03-06 dump doesn't include the file "pages-meta-history.xml.bz2" which is the one would contains the text of old revisions.

"The big one" hasn't been attempted since the backup dated 2008-10-08 which was finally laid to rest on 2009-01-29 (at which point the dump process claimed not to be failing but was clearly making no progress).

O rly? Do they back up articles individually? I know they didn't on so-and-so's test wiki a while back, I forget whose, where they would give sysop/'crat access to anyone who asked. The theory being any block/deletion/whatever could be easily undone. To my delight, the 'crats worked like on Wikimedia wikis, and couldn't desysop.

From there it was just a matter of asking for the sysop flag and gleefully moving as many pages as I could to the same title and deleting each in the process to shuffle all their revisions together. I had to periodically unblock myself to move pages but other than that there was nothing a non-steward could do. The place had to be completely restored from backup.

If Wikipedia articles really can be restored individually than that would ruin most of the long-term fun. But that's not how it worked when I last tried this.

Also you probably wouldn't get as far along on Wikipedia, since you'd have admins pouring in to block you. That's why you'd have to choose just a few pages and make it count.