Board Thread:General Discussion/@comment-24739709-20151026190758/@comment-26402117-20151102235916

Ciencia Al Poder wrote:

Do your words imply the cause is bad coding practices from wikia developers? Because if the ability to edit mediawiki messages was not the problem, there should be no reason to lock them.

No, I appreciate that the loss of features is an inconvenience - it was my implication that these holes didn't exist until someone made them. An exploit must be developed, people don't lose their data and security in events independent of a willing human agent who has their own motivations for attacking the domain and worming their way in.

The staff have cited the whole Mediawiki namespace (Mediawiki being the wiki software of Wikimedia not Wikia - which uses a modded version with more updates incoming) being a potential security risk fall 2015 on CC before initiating this onslaught of changes and that's the reason for a lot of the changes we're seeing now. Hence why this feature has to go. I'm willing to wait until we get Mediawiki back. I asked a staff member this on the thread:

Speedit wrote:

Hey Kirkburn, a question for you.

Why did Wikia not shut down the MediaWiki namespace function completely (deleting the namespace in essence)? With all the work Wikia has done and is still doing just to clean it up, this sounded like a real possibility during the summer. We may have ended up losing some features, but it would have pretty much jammed any potential security hole shut - forever.

Another possibility would have been making it read-only permanently. Just wanted to make sure people understand - this would have been a real possibility with all the issues it's caused.

This is the answer I got, and it was a damn good one:

Kirkburn wrote:

Speedit: Essentially, because the vast majority of the customizations are quite reasonable :) We want to try and find a balance between good security practices and continuing to allow each community to make their own choices and show individuality. All these tweaks are an ongoing process, of course.

I'm patient and I'm cool with something being rolled out if it's for my ultimate benefit. Just the other day, I came inches of having all my bank and contact details being released after a breach on my ISP's website (the hacker was arrested and the data dump was seized) - security is not a joke and the work of the Wikia staff is pre-emptive in this case with Verbatim.

 Speedit   ♞    talk   contribs  23:59, November 2, 2015 (UTC)