Nope. The program uses the last version created by a mod, so it doesn't matter if the page is vandalized. Plus, since not all mods are admins...
Prodegotalk23:04, 14 December 2006 (UTC)reply
Well, actually this page doesn't like being messed with, (and I edited it) and I hope I was right above, because if so I can fix it. Would you be willing to try something?
Prodegotalk23:35, 14 December 2006 (UTC)reply
Ok here is the plan. The page is upset at my protecting the page, it must have messed up the encryption (must be based on revision info). Now if I make you a mod, then you remove me, then, if I am right above, the program will go back to the userlist before I edited, and we should be able to log in. Then you can use the mod tools (I will help you) to reload the list, and we can reverse what we did. If I am right... You will need to manually edit
User:AmiDaniel/VP/Mods to do this.
Prodegotalk23:43, 14 December 2006 (UTC)reply
That's a good concern, although I don't remember it asking for the history of /Mods (but if it does you'll need the help of a different mod already on the list). You're off the list, I'm on --
frothTC23:50, 14 December 2006 (UTC)reply
No luck, I guess (at least) one of the two assumptions above was wrong. I hope it is the second one, because if it is the first that is a serious flaw. Thanks for trying.
Prodegotalk23:57, 14 December 2006 (UTC)reply
All right done, but I think you're wrong- if what we did didn't work, then our edits make no difference to the mod list. why don't you try just unprotecting the /L page? --
frothTC00:05, 15 December 2006 (UTC)reply
(after edit conflict) It must be the second one since it's the only way that works with a hardcoded authorized user (whoever maintains the mod list, the author of VP probably) and I know it doesn't look for a list of authorized users. Your first assumption must be correct, don't worry. I'll rv the mod list so there's no confusion when someone tries to add another mod --
frothTC00:02, 15 December 2006 (UTC)reply
I have no idea how you could figure that out without the source code (unless the page called is an oldid), so you are way above me here. Thanks for your help, and remind me to approve you when AmiDaniel fixes it all.
Prodegotalk00:07, 15 December 2006 (UTC)reply
I was using a network traffic analyzer (I linked to it above) to make sure the program doesn't call home and store my password on AmiDaniel's server. I believe what it does is:
Get the history of the /Mods page
Get the last revision made by AmiDaniel (the mods list is now in hand)
Get the history of the /L page
Get the last revision made by someone on the mods list
Decrypt that revision (the approved list is now in hand)
Check your username against the approved list
Since this is done through well-documented wikimedia functions it was easy to tell what was going on by just looking at the request URIs. By the way, thanks for the approve --
frothTC00:16, 15 December 2006 (UTC)reply
Nope. The program uses the last version created by a mod, so it doesn't matter if the page is vandalized. Plus, since not all mods are admins...
Prodegotalk23:04, 14 December 2006 (UTC)reply
Well, actually this page doesn't like being messed with, (and I edited it) and I hope I was right above, because if so I can fix it. Would you be willing to try something?
Prodegotalk23:35, 14 December 2006 (UTC)reply
Ok here is the plan. The page is upset at my protecting the page, it must have messed up the encryption (must be based on revision info). Now if I make you a mod, then you remove me, then, if I am right above, the program will go back to the userlist before I edited, and we should be able to log in. Then you can use the mod tools (I will help you) to reload the list, and we can reverse what we did. If I am right... You will need to manually edit
User:AmiDaniel/VP/Mods to do this.
Prodegotalk23:43, 14 December 2006 (UTC)reply
That's a good concern, although I don't remember it asking for the history of /Mods (but if it does you'll need the help of a different mod already on the list). You're off the list, I'm on --
frothTC23:50, 14 December 2006 (UTC)reply
No luck, I guess (at least) one of the two assumptions above was wrong. I hope it is the second one, because if it is the first that is a serious flaw. Thanks for trying.
Prodegotalk23:57, 14 December 2006 (UTC)reply
All right done, but I think you're wrong- if what we did didn't work, then our edits make no difference to the mod list. why don't you try just unprotecting the /L page? --
frothTC00:05, 15 December 2006 (UTC)reply
(after edit conflict) It must be the second one since it's the only way that works with a hardcoded authorized user (whoever maintains the mod list, the author of VP probably) and I know it doesn't look for a list of authorized users. Your first assumption must be correct, don't worry. I'll rv the mod list so there's no confusion when someone tries to add another mod --
frothTC00:02, 15 December 2006 (UTC)reply
I have no idea how you could figure that out without the source code (unless the page called is an oldid), so you are way above me here. Thanks for your help, and remind me to approve you when AmiDaniel fixes it all.
Prodegotalk00:07, 15 December 2006 (UTC)reply
I was using a network traffic analyzer (I linked to it above) to make sure the program doesn't call home and store my password on AmiDaniel's server. I believe what it does is:
Get the history of the /Mods page
Get the last revision made by AmiDaniel (the mods list is now in hand)
Get the history of the /L page
Get the last revision made by someone on the mods list
Decrypt that revision (the approved list is now in hand)
Check your username against the approved list
Since this is done through well-documented wikimedia functions it was easy to tell what was going on by just looking at the request URIs. By the way, thanks for the approve --
frothTC00:16, 15 December 2006 (UTC)reply