Erm

Found this page through ethereal. Shouldn't this be protected? -- froth ^{T C} 08:44, 14 December 2006 (UTC) reply

Nope. The program uses the last version created by a mod, so it doesn't matter if the page is vandalized. Plus, since not all mods are admins... Prodego ^talk 23:04, 14 December 2006 (UTC) reply

Oh, now it makes sense, thanks -- froth ^{T C} 23:33, 14 December 2006 (UTC) reply

Well, actually this page doesn't like being messed with, (and I edited it) and I hope I was right above, because if so I can fix it. Would you be willing to try something? Prodego ^talk 23:35, 14 December 2006 (UTC) reply

Sure -- froth ^{T C} 23:40, 14 December 2006 (UTC) reply

Ok here is the plan. The page is upset at my protecting the page, it must have messed up the encryption (must be based on revision info). Now if I make you a mod, then you remove me, then, if I am right above, the program will go back to the userlist before I edited, and we should be able to log in. Then you can use the mod tools (I will help you) to reload the list, and we can reverse what we did. If I am right... You will need to manually edit User:AmiDaniel/VP/Mods to do this. Prodego ^talk 23:43, 14 December 2006 (UTC) reply

Sounds good. I can't edit User:AmiDaniel/VP/Mods though, I'm not an administrator. Can you unprotect it first? -- froth ^{T C} 23:46, 14 December 2006 (UTC) reply

This also assumes I can even do anything to /Mods, which I don't know if I can. And I already unprotected it. Prodego ^talk 23:47, 14 December 2006 (UTC) reply

That's a good concern, although I don't remember it asking for the history of /Mods (but if it does you'll need the help of a different mod already on the list). You're off the list, I'm on -- froth ^{T C} 23:50, 14 December 2006 (UTC) reply

Can you log in now? I might not be able to log in to the mod tools since I'm not approved for VP -- froth ^{T C} 23:51, 14 December 2006 (UTC) reply

Remove me again, I may need to add you before you count. Prodego ^talk 23:53, 14 December 2006 (UTC) reply

Done -- froth ^{T C} 23:55, 14 December 2006 (UTC) reply

No luck, I guess (at least) one of the two assumptions above was wrong. I hope it is the second one, because if it is the first that is a serious flaw. Thanks for trying. Prodego ^talk 23:57, 14 December 2006 (UTC) reply

Re-add me to the mods list but do not remove yourself. If you do you may make both of us not on ;-). Prodego ^talk 23:58, 14 December 2006 (UTC) reply

All right done, but I think you're wrong- if what we did didn't work, then our edits make no difference to the mod list. why don't you try just unprotecting the /L page? -- froth ^{T C} 00:05, 15 December 2006 (UTC) reply

(after edit conflict) It must be the second one since it's the only way that works with a hardcoded authorized user (whoever maintains the mod list, the author of VP probably) and I know it doesn't look for a list of authorized users. Your first assumption must be correct, don't worry. I'll rv the mod list so there's no confusion when someone tries to add another mod -- froth ^{T C} 00:02, 15 December 2006 (UTC) reply

I have no idea how you could figure that out without the source code (unless the page called is an oldid), so you are way above me here. Thanks for your help, and remind me to approve you when AmiDaniel fixes it all. Prodego ^talk 00:07, 15 December 2006 (UTC) reply

I was using a network traffic analyzer (I linked to it above) to make sure the program doesn't call home and store my password on AmiDaniel's server. I believe what it does is:

1. Get the history of the /Mods page
2. Get the last revision made by AmiDaniel (the mods list is now in hand)
3. Get the history of the /L page
4. Get the last revision made by someone on the mods list
5. Decrypt that revision (the approved list is now in hand)
6. Check your username against the approved list

Since this is done through well-documented wikimedia functions it was easy to tell what was going on by just looking at the request URIs. By the way, thanks for the approve -- froth ^{T C} 00:16, 15 December 2006 (UTC) reply