(full transcript)

Seth got really toasty right back...
00:14 < SethFinkelstein> Ms. Gardner, excuse me - given the amount of attack and bona-fide libel I've endured from WIKIMEDIA PEOPLE - including several attempts to intimidate me or retaliate over critical coverage - I have ZERO sympathy for your feelings of being irritated over these sorts of questions :-(

And the people most likely to lie about something, are the people themselves, i.e. Jimmy's birthdate.

Anyway, it's such a silly forum. It might have worked for a while (*) because so few people knew and cared about it, but probably thanks in large part to Greg it has now gotten a somewhat larger profile, and the mess begins.

Reminds me of Wikipedia.

(*) Sort of. Looking at the transcripts, it was still pretty messy.

IRC was hopeless back in the 1990s nothing has improved it. Garbled babble by brainless twits.

You have to feel a little sorry for Seth, trying again and again to ask about the Q2 Consulting contract, only to be ignored each time. I think we can definitively conclude that the Q2 contract was pure cronyism, but we can hardly blame Sue Gardner for avoiding the question - what's she supposed to say when confronted with it? "I'm sorry, that was poor judgement on our part"?

She can't say that, because that almost has to be followed with "but we won't do it again," and it's fairly clear that they will do it again, because they're part of Wikipedia and hey, the rules don't apply to them. What's more, it's important that at least some of the money goes to a good cause, and therefore it can't go to Wikipedia.

Still, the obvious avoidance of the question does suggest that the contract was worth more than they let on! At this point I'd have to guess $10,000, maybe even a little more than that.

As for Mr. Privatemusings, it seemed like he was trying to point out that having certain porn images (the definitely-illegal ones) remain "on the servers" after being "oversighted" might put them all in legal jeopardy, even though only the developers and people with steward and/or oversight rights can still see them. In that case, I suspect most people actually would think those restrictions are adequate, particularly since they've taken some steps to ensure that users with those access rights are over 18.

At the same time, I personally don't see why they don't delete them completely - I'm assuming here that if they've been doing that, Sue would say so. There may even be some reason for keeping them that's related to law-enforcement requirements in some way, but I seriously doubt that.

Yup, she's gotta be careful what she says unless or until the board comes up with a working policy about it, which if they have any sense they'll do rather than have even stinkier shit hit the fan next time.

The files can be deleted by someone with shell access, but (for obvious reasons) that's a very small group that generally has bigger problems. Thus the problem is that you'd need an actual professional to do it (and one that can do so without breaking the database).

Without saying this is why they do it, I can see valid grounds for keeping them; that way if it ever does go to court, they have a record of exactly who uploaded what, and when, and what action was taken to stop that particular user doing it again.

log a twit with a brain into IRC, encourage the twit to make comments in real time, off the top of their heads, and you might as well have lobotomized them, unless they are very, very unusual.

One of the biggest problems with Wikipedia is that way too much of the core, when something pops onto ANI, act as if they were twits logged into IRC.

By the time that someone who actually thinks about an issue, perhaps researches it, makes a comment, a "consensus" of twits has already appeared. I saw this again and again.... the only sensible comment is lost in the flood. Unless the one commenting is really popular and has plenty of friends who *then* go to ANI.

The structure was a disaster from the beginning. ANI should have been administrative 911 asking for a neutral admin to *investigate*. That admin would take the "call" and would then be a focus for people "advising." On the admin's talk page or on related talk pages. The admin would ask for help if needed.

Like real administrators and real police. Imagine what it would be like if you called 911 and this happened:

Caller: Help! My ex-husband is breaking down the door!

Voice 1: Why?

Voice 2: If you weren't such a bitch, he wouldn't be angry.

Caller: Please, send the police!

Voice 3: Read our pamphlet on resolving disputes.

Voice 1: The caller hung up. Discussion closed. People should not call 911 if they won't stay on the line and respond to our reasonable questions and suggestions. We have blocked the phone of the Caller, who made a Legal Threat.

That's not exactly true.

File uploads themselves are not stored within the database but within the ~/w/images/ directory of the server, in sub-folders according to the leading hex-digits of the md5 hash of file name. Deleted/"suppressed" images are stored under ~/w/images/deleted/ and in sub-folders according to the leading digits of the sha1 hash (as written non-standardly in base-36, don't ask) of the full file-system path at which they were previously stored.

As these remain individual files, deleting troublesome images from a wiki-server does not affect the integrity of the database, or any other aspect of the database. The worst results are an apache 404 error if you try to load the image directly (which looks like this) and an imagemagick 404 if you try to thumbnail a deleted image (which looks like this). Deleting them is not really rocket science either, only a matter of finding the correct server directory based on the middle parts of the image url.

The database itself is blind to image content, so the sql kung-fu would only be necessary if you had to make a wiki (i.e. its database) lose all recollection of hosting a specific file-name (the text of which by itself is less likely to incriminate).

The database isn't blind to file content. It stores an SHA1 hash of the file contents in two different tables, indexed even, so that it can detect exact duplicate uploads and warn users about them.

There is also the filearchive table that stores all sorts of information about deleted media.

The broader point that you can delete a file without damaging the database is valid. I have some quibbles with a few other points you made, but I'm too lazy to point them out.

You're right, I phrased that wrong. I meant to convey that one cannot determine the content of an image by examining the database, thus could not establish that Something_bad.jpg actually contained something bad after it has been deleted from the file-system. Also I forgot about the anti-goatse filter, but until it goes tineye on us it's easy to circumvent.

Right. We should explain for the benefit of non-techies that "SHA1 hash" (SHA = Secure Hash Algorithm) is basically a means of representing a collection of bytes, of any size (such as an image file) in a little code-string that can fit into a set number of characters (in this case, 160 characters) so that it can be stored in a fixed-length database field and indexed for quick lookups (when checking for duplications). It only takes one teensy-weensy change to an image - one pixel can do it - to change that string when it's encoded, so various folks (like the people behind Tineye) have been working on a means of determining image-similarity by analyzing the actual image data, comparing actual pixel patterns, and so on. MediaWiki (AFAIK) has nothing like that in place, but to their credit, the folks at Commons do seem to be able to keep on top of this fairly well. I mean, if it weren't for them, there would probably be about 50,000 close-ups of penises instead of just one or two thousand.

Anyway, the point here, as I see it, is that the WP (and Commons) folks don't need additional special means of removing images like that completely from the servers, they need better procedures for getting rid of legally-dubious images in general. To worry about the existence of the files on the servers after they've been hidden (from all but a few WP'ers) is a bit like deciding to operate on the patient's broken pinky finger instead of dealing with the fact that his ribcage has been crushed by a 16-ton weight... or you know, some such analogy.

What has gotten into Seth? He's like a dog with a bone on this one!

OMG!

Anyway, their stonewalling on this clearly suggests something is rotten. He's absolutely right to pursue it - in fact, my suggestion at this point would be for someone (Seth being an obvious candidate) to actually do the competitive bidding process for them, after the fact. In other words, contact a few market-survey consultants, not necessarily in major markets, and find out what their bids would have been for such a project, given the results already produced by Q2.

My own guess earlier of (roughly) $10K may be completely off-base. TBH, I have no real basis for it other than an IT-industry-centric idea of how small/midsize consulting firms operate in general. But I can't imagine anyone paying more than $20K for that survey, and I suspect there are legitimate companies who would do it for $5K or less.

Or fixing a broken pinky while a bunch of guys wearing masks are hitting his ribcage with 2 foot lead dildos?

That's evil primarily due to Rule 34.

It's also interesting that Sue is asking sort of obliquely that the Foundation-l mailing list not be used to announce publication of the weekly Signpost.

Actually, anything posted to the announcement list will also be forwarded to foundation-l. See this post. So people can subscribe to announce-l for the important stuff while ignoring foundation-l.