Steward requests/Global permissions
This is not a vote and any active Wikimedia editor may participate in the discussion.
Global rollback and global interface editor requests require no fewer than 5 days of discussion while abuse filter helper and maintainer requests require no fewer than 7 days. Global renamer and global sysop requests require no fewer than 2 weeks of discussion. For requests that are unlikely to pass under any circumstances, they may be closed by a steward without further discussion (after a reasonable amount of input).
Quick navigation:Cross-wiki requests |
---|
Meta-Wiki requests |
Requests for global rollback permissions
| Please be sure to follow the instructions below:
Requests for global sysop permissions
| Please be sure to follow the instructions below:
Global sysop for WhitePhosphorus
- Global user: WhitePhosphorus (edits (alt) • CA • global groups • crossactivity • verify 2FA)
- Not ending before 12 December 2019 16:44 UTC
Hi. I would like to request for global sysop toolkits to help deal with the spambots and vandals, and do some interface maintenance as well on small wikis.
I have been serving as interface admin and sysop on both zhwiki and zhwikibooks since 2017, which are typical large and small wikis respectively, from that I gained adequate experience mainly on anti-vandalism, abusefilter, templates and interface editing. I'm also a sysop of zhwikiversity but more focus on fighting against occasionally appearing LTAs there. I carried out a lot anti-vandalism work globally especially after obtained global rollback permission on Oct. 2019, with the aid of various handy tools like SWViewer and TwinkleGlobal. You can find me on cvn, gs and stewards IRC channels too.
My language knowledge generally covers Chinese and several of its dialects/variants (besides English for communication), and I live in UTC+8 timezone now (may change in future but will still make up a significant proportion). Thus, I hope I could supply the GS team with more diversity.
I have already enabled 2FA since I'm a local interface admin. Regards, WhitePhosphorus (talk) 16:44, 28 November 2019 (UTC)
- Strong support Yes!-MrJaroslavik (talk) 20:52, 28 November 2019 (UTC)
- Strong support We need more active and competent GS to counter attacks by LTAs! Keep up the good work! Masum Reza☎ 22:51, 28 November 2019 (UTC)
- Support --Novak Watchmen (talk) 06:17, 29 November 2019 (UTC)
- Support -- CptViraj (📧) 08:39, 29 November 2019 (UTC)
- Strong support --大诺史 (Talk/留言/토론/Discussion) 08:49, 29 November 2019 (UTC)
- Support Obviously capable, with a caveat that if you need to edit interface, that may be out of the traditional scope of GS which is to deal with clear crosswiki vandals and it will be better to apply the Global Interface Editor group as well. Thanks for serving. --Camouflaged Mirage (talk) 13:33, 29 November 2019 (UTC)
- Thanks for the admonition, I know the scope and would like to handle some GS wiki interface related requests in SRM (e.g. this and this one) if elected, and will leave it to local IAs if there are active ones. In general, I'd like to serve as a backup IA on small wikis and be called on necessary, but don't have a specific task to deal with so not going to run for GIE yet :) --WhitePhosphorus (talk) 13:52, 29 November 2019 (UTC)
- Support Vermont (talk) 15:09, 29 November 2019 (UTC)
- Support. —Sgd. Hasley 16:27, 29 November 2019 (UTC)
- Support per Vermont. -- Несмир Кудилович (разговор) 20:33, 29 November 2019 (UTC)
- Support --Rschen7754 20:34, 29 November 2019 (UTC)
- Support--eldarado ✉ 20:53, 29 November 2019 (UTC)
- Strong support --94rain Talk 08:13, 30 November 2019 (UTC)
- Support --Esteban16 (talk) 12:50, 30 November 2019 (UTC)
- Support – Ajraddatz (talk) 15:01, 30 November 2019 (UTC)
- Support competent and trusted. ‐‐1997kB (talk) 04:33, 1 December 2019 (UTC)
- Support --BRP ever 04:36, 1 December 2019 (UTC)
- Support Valid use case, looks fine to my eyes. Leaderboard (talk) 16:38, 1 December 2019 (UTC)
- Support — Tulsi Bhagat (contribs | talk) 03:32, 2 December 2019 (UTC)
- Strong support ~riley (talk) 03:35, 2 December 2019 (UTC)
- Strong support -J. Ansari Talk 09:00, 2 December 2019 (UTC)
- Support--Turkmen talk 11:57, 2 December 2019 (UTC)
- Support Trusted --Geonuch (talk) 04:11, 3 December 2019 (UTC)
- Support Jianhui67 talk★contribs 11:21, 4 December 2019 (UTC)
- Support No red flags, trusted. --Kostas20142 (talk) 20:24, 4 December 2019 (UTC)
- Support(o´ω`o)و盯白磷--Zyksnowy (talk) 15:35, 5 December 2019 (UTC)
- Support – Ammarpad (talk) 18:38, 5 December 2019 (UTC)
- Support -FASTILY 03:14, 6 December 2019 (UTC)
- Support sysop on significant project. Global sysop is not a big deal at all, so should be granted on request when there is a potential use and trust has been established in the primary language group. TonyBallioni (talk) 23:09, 7 December 2019 (UTC)
- Thank you for your helping. --Sotiale (talk) 14:19, 8 December 2019 (UTC)
- @Sotiale: I take it you support this candidate? Masum Reza☎ 14:31, 8 December 2019 (UTC)
- Of course, my opinion is in favor. Stewards can know my opinion without {{s}} template. --Sotiale (talk) 14:39, 8 December 2019 (UTC)
- @Sotiale: I take it you support this candidate? Masum Reza☎ 14:31, 8 December 2019 (UTC)
Requests for global rename permissions
Steward requests/Global permissions/Global renamers
Requests for global IP block exemption
| Please be sure to follow the instructions below:
Global IP block exempt for IP Range of WikiLoop Battlefield
- Global user: [[User:|]] (edits (alt) • CA • global groups • crossactivity • verify 2FA)
Statement
I am a developer, and we are building a counter-vandalism tool called WikiLoop Battlefield, and here is its source code. We recently start to roll out Oauth login and in-place revert feature. When we move our test from localhost to our dev and canary(staging) environment, we noticed that we received the following error.
{ "error": { "code": "globalblocking-ipblocked-range", "info": "'''Your IP address is in a range which has been blocked on all wikis.''' The block was made by [//meta.wikimedia.org/wiki/User:Jon_Kolbert Jon Kolbert] (meta.wikimedia.org). The reason given is ''[[NOP|Open Proxy]]: Webhost: Contact [[m:Special:Contact/stewards|stewards]] if you are affected ''. * Start of block: 2019-07-23T12:01:56 * Expiration of block: 2021-01-23T11:01:56 You can contact [//meta.wikimedia.org/wiki/User:Jon_Kolbert Jon Kolbert] to discuss the block. You cannot use the \"Email this user\" feature unless a valid email address is specified in your [[Special:Preferences|account preferences]] and you have not been blocked from using it. Your current IP address is 3.86.232.24, and the blocked range is 3.86.0.0/16. Please include all above details in any queries you make.", "*": "See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes." }, "servedby": "mw1346" }
We host our server on Heroku, does it mean that the IP address of heroku is being blocked globally for MediaWiki API? Can we apply to be whitelisted for our legit use-case?
Thank you!
Responses
- @Xinbenlv: Heroku is a shared host, and Wikimedia discourages hosting service in third-party shared hosts (it may host VPN or reverse proxy, which can hide users' IP address). You should either:
- Move the project to Toolforge (recommended) or Cloud VPS
- Create a edit service in Toolforge similar to toollabs:widar, and invoke the service (you must use GET or JSONP, Cloud does not support POST from third-party service) in the project (not recommended, this may have security issues)
--GZWDer (talk) 18:41, 17 October 2019 (UTC)
- @GZWDer: thank you.
- First sorry I just noticed I didn't use the template (which doesn't apply to IP range extemption for al IPs), I updated it.
- Second, here we are building an app that requires a user to login with Oauth. We only conduct edit on-behalf of loged-in users and their username will show up.
- 3rdly, with respect to your suggestion, We've considered porting the project to Toolforge but we are waiting for the Toolforge to support modern Kubernates https://phabricator.wikimedia.org/T214513.
- It is not particularly feasible for all users to rely on IP addresses because as many of people who submit for permissions here, IP addresses are only largely available in USA and a few developed countries who took part in early Internet infrastructure development discussions. Many other countries they have to rely on NAT that shares limited IP addresses. Our app hope to expand to all language locales to help users with counter-vandalism efforts. If we block IP addresses, it will reduce the access of these users from Non-USA/developed countries who would like to help.
- In summary, can we apply for unblocking any IP addresses if we have allowed users to identify themselves with login? Thank you!
Xinbenlv (talk) 21:21, 17 October 2019 (UTC)
- all, I don't know who to send this argument to... Xinbenlv (talk) 10:36, 25 October 2019 (UTC)
- I start a discussion en:User:Xinbenlv/Propose:Allow_Login_Users_By_Default_When_IP_Range_Blocked
- There is a block configurations to let logged in users edit while on blocked IP: However we usually do not allow it on NOP blocks. We cannot let anyone using your tool be exempt from the block, this is a software restrictions. There's just no way to do that. And since we are not going to unblock AWS — thus Heroku — I think your only bet is to follow GZWDer's advice. — regards, Revi 07:54, 4 November 2019 (UTC)
- @-revi:, @GZWDer: thanks for answering. How about the following solutions sound to admins?
- if we use certain way to crypt-sign a request from our app's server, can you grant app-specific exception for this use-case? (rather than unblocking all IP-addresses but unblockgin all users who have signed in and use our app)?
- if we managed to find a fixed IP address, can you unblock individual IP address of the one that we use for our webapp?
- Xinbenlv (talk) 22:37, 4 November 2019 (UTC)
- @-revi:, @GZWDer: thanks for answering. How about the following solutions sound to admins?
- #1: There's no such feature(tm) to do so. #2: I think I can do that, with two conditions: You notify us when you stop your project (thus releasing the IP to the shared pool) and you absolutely always require authentication. — regards, Revi 04:40, 5 November 2019 (UTC)
- @-revi: thank you! Yes. We are likely to use at most 3 IP addresses at this moment:
- 35.222.141.110 for dev
- 34.67.56.51 for canary (staging)
- 34.69.252.115 for prod
- and I agree to both terms: we will absolutely require authentication(in fact you can just allow only login users to edit from these IP addresses) and we will notify you when we stop project and release the IP to the shared pool. (once the Toolforge support mount on Root or custom domain, or we are approved for WMF Cloud VPS)
- Xinbenlv (talk) 06:13, 5 November 2019 (UTC)
- Note individual IPs can not be globally whitelisted (phab:T42439). They can only be whitelisted locally.--GZWDer (talk) 19:58, 5 November 2019 (UTC)
- @GZWDer:, thank you!
- Do I understand it correctly that both the global and local needs to unblock the IP for any IP address to be used? While I will work on applying for individual local wiki's IP whitelist approve, can I ask why individual IPs can not be globally whitelisted? In particular, is it a policy or a technical reason?
- If it's a policy, I'd argument by fixing the static IP, it's no longer an Open Proxy since being reserved and occupied by an application, a random internet user cannot use it. Given that we promise that we only authenticate users, it's a fixed set of users (only registered Wikipedian users) rather than open to public.
- If it's a technical issue, I'd argument previously we are blocking IP range IP1 to IP3, now if we have a static IP2 to unblock, you can block [IP1, IP2), (IP2, IP3]
- Dear global admins, what do you think? Thank you!
- Xinbenlv (talk) 21:35, 5 November 2019 (UTC)
- Please let me know if there are other information you would love me to provide accompanying this application Xinbenlv (talk) 22:49, 7 November 2019 (UTC)
- It's a technical reason. We simply cannot globally whitelist individual IP addresses, even if we wanted to. Trijnsteltalk 23:06, 9 November 2019 (UTC)
- @Trijnstel: thank you for your answer. Can you help me understand how that is not technically possible? I suggested that you can unblock [IP1, IP2), (IP2, IP3] instead of the range [IP1,IP3]? Or what are alternatives if you could kindly suggest? Xinbenlv (talk) 02:54, 10 November 2019 (UTC)
- It's a technical reason. We simply cannot globally whitelist individual IP addresses, even if we wanted to. Trijnsteltalk 23:06, 9 November 2019 (UTC)
- @-revi: thank you! Yes. We are likely to use at most 3 IP addresses at this moment:
- @RonaldB: What can you tell me about the IP address 3.86.232.24? Currently the whole /16 IP range has been blocked and I don't think it's possible/desired to unblock a part of it, but perhaps you can advice? Trijnsteltalk 18:47, 10 November 2019 (UTC)
- @RonaldB:, @Trijnstel:, @GZWDer:, @-revi:, thank you, do I understand it correctly that you are helping us to find the technical solutions because there is no other concerns in the policy aspects right? If there are policy concern, could we discuss policy concern in the meanwhile? Xinbenlv (talk) 00:41, 15 November 2019 (UTC)
- @Trijnstel:, the range 3.0.0.0/9 (and that includes 3.86.232.24) belongs to Amazon AWS (not the shop, but the server hosting part of that corporation). That is a very large range and I'm pretty sure that there are thousands of much smaller ranges included, altogether used for cloud hosting/services. On nlwiki I don't block the whole /9, but when I notice abuse and suspect a VPN behind that, I block a /16 within that /9 range. Not sure, but something similar might have happened in this case as well. - Rgds RonaldB (talk) 00:50, 25 November 2019 (UTC)
Global IP block exempt for 荣智浩
- Global user: 荣智浩 (edits (alt) • CA • global groups • crossactivity • verify 2FA)
<我是中国大陆用户,需要解锁全域IP>,谢谢, --荣智浩 (talk) 12:11, 14 November 2019 (UTC)
- @荣智浩::请使用英文!并说明你需要使用Global IP Block Exemption的必要性。(Please use English! And explain the need for you to use Global IP Block Exemption.)--舞月書生(JoyeZhang)👉☎️👈 ♪My Heart Will Go On 16:17, 14 November 2019 (UTC)
你确认你遇到的是全域封禁吗?你在commoms上也遇到过这种现象吗?如果没有的话,我建议你在中文维基本地申请IP封禁豁免。另外你需要用英语解释你遇到的情况。—Techyan(Talk) 06:01, 15 November 2019 (UTC)
- @荣智浩:Are you sure your IP address have been global block? Maybe provide your IP address to confirm will be better. --Streetdeck (Talk) 09:38, 18 November 2019 (UTC)
Global IP block exempt for Horzagger
- Global user: Horzagger (edits (alt) • CA • global groups • crossactivity • verify 2FA)
Hello, I am a nomad worker around the world and I very often connect on the Net with unsecured connections, then I prefer to use a VPN, and I use Tor in some regions of the world. I need to be allowed to connect with my VPN and with Tor on Wikipedia. (I have sign up on fr.wikipedia with my VPN, and I want to participate on several wikis of the Wikimedia Foundation). Thanks, --Horzagger (talk) 03:36, 5 December 2019 (UTC)
Global IP block exempt for Iphoneuser88
- Global user: Iphoneuser88 (edits (alt) • CA • global groups • crossactivity • verify 2FA)
<I live in China. I can not edit many wikipedia because firewall>, thanks, --Iphoneuser88 (talk) 18:12, 6 December 2019 (UTC)
Global IP block exempt for Lab06 N
- Global user: Lab06 N (edits (alt) • CA • global groups • crossactivity • verify 2FA)
I am from mainland China and need to use a proxy, thanks. --Lab06 N (talk) 07:40, 8 December 2019 (UTC)
Global IP block exempt for Hindusanatandharma
- Global user: Hindusanatandharma (edits (alt) • CA • global groups • crossactivity • verify 2FA)
I am new in here,I cant save or edit anything. Please dont what I was done any wrong. Please help me to edit. thanks, --Hindusanatandharma (talk) 14:09, 9 December 2019 (UTC)
Requests for 2 Factor Auth tester permissions
Please be sure to follow the instructions below:
|
2FA Tester for chitta
- Global user: chitta (edits (alt) • CA • global groups • crossactivity • verify 2FA)
I have read the Help Page. Seeing increased password resets on my account.
2FA Tester for Atehrani999
- Global user: Atehrani999 (edits (alt) • CA • global groups • crossactivity • verify 2FA)
Requested for added security, thanks, --Atehrani999 (talk) 21:23, 6 December 2019 (UTC)
- @Atehrani999: Have you read the documentation? Ruslik (talk) 18:42, 7 December 2019 (UTC)
2FA Tester for Centrixx
- Global user: Centrixx (edits (alt) • CA • global groups • crossactivity • verify 2FA)
Hello, I'm trying to enable 2FA wherever I can and have read the help page, thanks, --Centrixx (talk) 19:08, 8 December 2019 (UTC)
Requests for other global permissions
Please be sure to follow the instructions below:
|
remove global OTRS member for Yann
- Global user: Yann (edits (alt) • CA • global groups • crossactivity • verify 2FA)
Thanks, --Krd 17:05, 9 December 2019 (UTC)
See also
- User groups — Information on user groups
- Global rights log — Log of global permissions changes
- Archives
General requests for: help from a Meta sysop or bureaucrat · deletion (speedy deletions: local · multilingual) · URL blacklisting · new languages · interwiki map
Personal requests for: username changes · permissions (global) · bot status · adminship on Meta · CheckUser information (local) · local administrator help
Cooperation requests for: comments (local) (global) · translation