Forum:Security of sysop accounts

From the RuneScape Wiki, the wiki for all things RuneScape
Jump to: navigation, search
Forums: Yew Grove > Security of sysop accounts
This page or section is an archive.
Please do not edit the contents of this page.
This thread was archived on 26 August 2015 by Liquidhelium.
Relevant previous discussions: 1, 2, 3, 4, 5

Over at [[w:c:freddy-fazbears-pizza|FNAF Wiki]], there's been a [[w:c:freddy-fazbears-pizza:Special:Contributions/DaNASCAT|spree of vandalism using a staff account]] while an admin added js that could have stolen the password of any account that logged in at that wiki. Combined with the recent spree of vandalism over of [[w:c:dev|Dev Wiki]] that caused disruption across wikia, it has become glaringly apparent that wikia is not as secure as we have apparently believed for so many years.

Whilst I'm sure Wikia will be having discussions internally about how best to handle these issues, I feel we should take a proactive approach in this matter. Therefore, I am proposing to desysop/'crat any user with more than 6 months of inactivity measured since their last edit. A full list of affected accounts can be seen below. As with Forum:Inactive bots, I'd like any future inactive accounts to have their rights removed per the successful closure of this forum (assuming this is indeed successful).

For those accounts that do have their rights removed, I think it's reasonable for them to be able to informally request the rights be returned if they choose. If one of them suddenly turned up now, no one would raise an eyebrow as we still trust their judgement despite years of inactivity. They would also still be eligible for cc ranks for cases where they are no longer active on the wiki but are active in game.

Inactive admins/bureaucrats
  1. User:Malestro
  2. User:Tesfan
  3. User:Tarikochi
  4. User:Avian Maid
  5. User:Cool Spy0
  6. User:Skill
  7. User:Ilyas
  8. User:Pointy
  9. User:Couchpotato99
  10. User:Hyenaste
  11. User:Chaoticar
  12. User:Butterman62
  13. User:Cflm001
  14. User:The evil dude
  15. User:Hurston
  16. User:Robert Horning
  17. User:Endasil
  18. User:Merovingian
  19. User:Vimescarrot
  20. User:Morian Smith
  21. User:Quarenon
  22. User:Megalodon99
  23. User:Evil yanks
  24. User:Huanghe63
  25. User:Laser Dragon
  26. User:X1011
  27. User:Wowbagger421
  28. User:Eucarya
  29. User:Tienjt0
  30. User:Frede173
  31. User:Emosworld
  32. User:Sentra246
  33. User:Kytti khat
  34. User:Psycho Robot
  35. User:Chicken7
  36. User:Degenret01
  37. User:Dechaineux
  38. User:Sacre Fi
  39. User:Oddlyoko
  40. User:Powers38
  41. User:Gangsterls
  42. User:Muzzy34
  43. User:Aburnett
  44. User:9the Enigma9
  45. User:Sir Revan125
  46. User:Chaos Monk
  47. User:Karlis
  48. User:Rwojy
  49. User:Chrislee33
  50. User:Syugecin
  51. User:Leevclarke
  52. User:Ruud10K
  53. User:Thebrains222
  54. User:Stelercus
  55. User:Stelercus
  56. User:Stelercus
  57. User:Stelercus
  58. User:Stelercus
  59. User:Azaz129 (edited once in 2 years to add {{retired}} to his user page)
  60. User:Suppa chuppa (volunteered below)


Support - as nom. cqm 00:25, 10 Aug 2015 (UTC) (UTC)

Support --Iiii I I I 00:36, August 10, 2015 (UTC)

Support - You missed User:Gaz Lloyd, User:Cook Me Plox, and User:Cqm. MolMan 00:43, August 10, 2015 (UTC)

Support - It's only fair this way. --クールネシトーク 00:45, August 10, 2015 (UTC)

Support - Star Talk ayy lmao ( ͡° ͜ʖ ͡°) 00:46, August 10, 2015 (UTC)

Comment - You probably don't want to run user-set scripts on any page that has a password field, because that's a recipe for disaster if anyone gets ahold of sysop credentials, making this very valuable for password harvesters. However, as of the Oasis skin, every single page on a wiki has a log in form with all site-wide scripts loaded. But you're not going to disable loading site-wide scripts on all pages because they all have a password field, because sysops want scripts to run on articles, and this solution is like hitting a nail with a nuclear bomb.

The only way to fix this issue of needing to trust sysops with site-wide JavaScript would be to return to the old behavior of having a 'log in' link that goes to the dedicated page for this, Special:Userlogin, and not load site-wide scripts on it. But Wikia would have to do this, not the administrators of the RuneScape Wiki.

 a proofreader ▸ 

00:55, August 10, 2015 (UTC)

I'd be very surprised if that's not already been discussed at Wikia. It appears Special:UserLogin does not run any site js unless you're logged in, which on Wikia does not have a password/username field. On Wikimedia it gives you the option of logging in to another account, but still won't load any site js. The entire security issue has arisen because of that form in the global nav. cqm 01:20, 10 Aug 2015 (UTC) (UTC)
Though even if they fix this tomorrow, I hope people don't think that's a reason to oppose. Since there's a lot of faith to be lost here after this incident. MolMan 01:32, August 10, 2015 (UTC)
FWIW, Special:UserLogin is the page I have had bookmarked in my browser for Wikia for a long time. I recommend it. --Saftzie (talk) 06:34, August 10, 2015 (UTC)
You make a good point for a different time and place. I disagree that we would be "hitting a nail with a nuclear bomb" due to the nature of modern security practices used by communities and corporations around the world. This proposal proves itself to become useful policy for the wiki. --クールネシトーク 01:55, August 10, 2015 (UTC)
It's certainly an additional layer of defense in case of a future security hole, but this one should get fixed Wikia-wide too. I am neither supporting nor opposing the proposal on the RuneScape Wiki.  a proofreader ▸  01:58, August 10, 2015 (UTC)
Thanks [A proofreader] --クールネシトーク 02:02, August 10, 2015 (UTC)
I think it's worth pointing out what the js added to that wiki occurred after a staff account was compromised. What the fall out of this incident might be is anyone's guess as the wiki-wide notifications wikia use are largely ignored, thus most users aren't going to reset their passwords. It's highly embarrassing for wikia who have made great strides in clearing up security weaknesses in their own code of late: there's very few system messages that don't have their output escaped before being shown to the user and there's been discussions of whether the verbatim tag should be removed due to how insecure it is. The switchinfobox improvements that Joey and I worked on a while back were ditched because we discovered it was weak to XSS due to how we used verbatim tags in it. cqm 07:45, 10 Aug 2015 (UTC) (UTC)
I've passed on the recommendation to remove the login form on the global nav as well as implementing 2 factor authentication for all accounts to staff. Hopefully something gets done about it soon. cqm 08:24, 10 Aug 2015 (UTC) (UTC)

Support - Screw this, how many times have we had this discussion? We have had our OWN problems with inactive sysop accounts being hacked. How many times and how many places does it have to happen in before people realize? I was present for two of the five linked threads and I supported them both. Per myself. sssSp7p.pngIjLCqFF.png 01:57, August 10, 2015 (UTC)

At least twice. I think. MolMan 01:58, August 10, 2015 (UTC)
The 2 examples I'm aware of are User:X1011 and User:Chicken7, that latter of which was compromised after someone got hold of password data that was hacked from a few years ago. cqm 07:45, 10 Aug 2015 (UTC) (UTC)
There was also Wowbagger a few years back, so that's 3 at least What I've done Ciphrius Kane Talk 07:54, August 10, 2015 (UTC)

Support - "For those accounts that do have their rights removed, I think it's reasonable for them to be able to request the rights be returned if they choose." - Onei. In other words no reason to oppose as even if you lose sysops because inactivity you get it back. Korasi's sword.png Archmage Elune  TalkHS Void knight deflector.png fetus is my son and I love him. 02:10, August 10, 2015 (UTC)

Support and how am I still a CU? - This is like a dream come true - I've been fighting for this for nearly four years (I'm very sad you didn't link my thread, Cam). Also I'm a bit surprised I didn't make the list, but I certainly wouldn't mind being added to it. I haven't done anything meaningful on the wiki in a very long time, and unfortunately, I don't really plan to become active again. It's a bit sad, but I've had a lot of fun during my ~3-4 years as an extremely active user, but the last year has made it abundantly clear that I won't really have that level of spare time again - at least not any time soon.

On another note... I just realized that I'm still have checkuser privileges. I can't remember the last time I even used it, but checking the log, apparently Wikia has checkuser'd my IP more recently than I've actualy gotten someone else's. It's been almost 1 year since I made use of the tool, and I think someone else should have it since I'm pretty much never around. Even if someone were to message me on my talk page, I likely wouldn't see it within the week. Suppa chuppa Talk 03:53, August 10, 2015 (UTC)

Hm, one name that seems conspicuously missing from that list is Azaz129. Any reason for that? Suppa chuppa Talk 03:56, August 10, 2015 (UTC)
He last edited 3 months ago What I've done Ciphrius Kane Talk 04:24, August 10, 2015 (UTC)
That shouldn't matter Suppa chuppa Talk 04:36, August 10, 2015 (UTC)
The criteria for this list is no edits in the past 6 months. If the criteria were amended to exclude edits to the User userspace he would be on the list What I've done Ciphrius Kane Talk 04:48, August 10, 2015 (UTC)
There's 9 that escaped the list due to minimal editing in the past 6 months:
  • Calebchiam (4 edits)
  • Clv309 (2 edits)
  • Haloolah123 (made 1 mainspace edit and numerous edits to his userpage, probably for tracking his hiscores)
  • Horsehead (2 edits)
  • Whiplash (1 edit to his userspace)
  • Hairr (2 edits)
  • Azaz129 (1 edit which consisted of adding {{retired}} to his user page)
  • Soldier 1033 (3 edits)
  • C Teng (3 edits, but if we use the likely closure date of this forum probably 0 edits)
I don't feel any of these users actually need sysop rights, but lack of use for their tools is a somewhat different issue to what I outlined above. Instead I was planning on messaging each of those users on their talk page to see if they'd voluntarily give up their rights under the conditions of this forum. cqm 07:45, 10 Aug 2015 (UTC) (UTC)
Added Azaz and Suppa to the list. cqm 08:24, 10 Aug 2015 (UTC) (UTC)
Christine is probably active enough to keep her rights; she's fairly active on IRC. MolMan 13:51, August 10, 2015 (UTC)

Support - wikia is not as secure as we have apparently believed for so many years - I have never believed they were "secure," which is a relative word for those who work in security btw. Previous proposals to de-sysop inactive accounts (which is widely recognized as an IT best practice) have been met with extreme outrage. This measure is long overdue. I know we are not Wikipedia, but Wikipedia's policy is 6 months of inactivity is an automatic de-sysop. If the account holder returns within 24 months of inactivity, they can get sysop back just by asking. If it's over 24 months, they have to go through RfA again. It's something to think about. --Saftzie (talk) 06:29, August 10, 2015 (UTC)

The grace period was something I considered, but as there's been only one case of a user re-appearing and continuing in their administrative role that I know of (Sacre Fi), I didn't feel it was really worth it. Of course, there are questions of whether someone who has been inactive for so long should have sysop rights and there have been numerous social and policy changes over the years. The standards of what a sysop should be have changed a lot over 10 years as you can see by the type of discussion in RfAs. cqm 07:45, 10 Aug 2015 (UTC) (UTC)
You need to come up with some sort of guidelines for returning if this were to pass. sssSp7p.pngIjLCqFF.png 07:59, August 10, 2015 (UTC)
I don't feel it's all that necessary, but Wikipedia's policy is definitely a sensible precaution. If further guidelines for returning has interest here I'm happy to draft another proposal for it once this is closed. cqm 08:24, 10 Aug 2015 (UTC) (UTC)
Well, at Wikipedia there's also a current policy discussion, which seems to be doomed to fail, that 1 edit in the past 6 months isn't enough. There's a proposal to raise the threshold. 10 edits per 6 months seems to have some support, but there's no real consensus, so I doubt anything will change. In the meantime, a criterion of 1 edit in 6 months is a reasonable place to start for us. --Saftzie (talk) 08:33, August 10, 2015 (UTC)

Support - Though there are 91 accounts with the sysop right on this wiki, I would have expected there to be more on that list. This is the best course of action following what has happened elsewhere on Wikia. I really hope Wikia does move forward with removing the login form on all pages like RuneScape's web team (#webMeat). After several discussions about the removal of inactive user rights, we should move forward with preventing something of a similar nature here. I agree with Saftzie for the inactivity requiring a new RfA for the length of time away from editing and/or the wiki itself. Unfortunately I think Special:ListUsers will show the last login even if it wasn't to this particular wiki. Ryan PM 07:10, August 10, 2015 (UTC)

It says my last login was July 7th. I don't think we should judge them based off that. <.< sssSp7p.pngIjLCqFF.png 07:29, August 10, 2015 (UTC)
Maybe that was the last time you logged in. Maybe every access of the wiki since then has used the "keep me logged in forever" feature. But, yeah, inactivity is "not editing," not "not logging in," anyway. --Saftzie (talk) 08:33, August 10, 2015 (UTC)
After thinking more about this, I am not sure this is the best approach to dealing with inactive users for security concerns where it is not one. I am therefor Neutral at this time. Ryan PM 10:29, August 10, 2015 (UTC)
It wasn't though. Last time I logged in was less than a week ago. sssSp7p.pngIjLCqFF.png 18:40, August 10, 2015 (UTC)

Neutral - The way the accounts on FNaF were compromised had to be active users in order for them to be affected, because it involved stealing cookies while using the site. It may be tidy to clean up the inactive sysops, but I just don't think it's worth the hassle.

However I Strongly Oppose the idea of returning inactive admins to make another RfA to be given their rights back, as I think it's unfair for them; they earned their privileges, being inactive doesn't really make them undeserving and not trustworthy. Ozank Cx 09:46, August 10, 2015 (UTC)

I never said they'd be required to have an RfA? I see I neglected to make the distinction between an informal request and the formal RfA process, which I've corrected, but I would have hoped rest of the paragraph made that clear. cqm 10:17, 10 Aug 2015 (UTC) (UTC)
That part wasn't aimed at the OP, it was from other points said on this thread (first mentioned by Saftzie from what I can tell). Ozank Cx 10:21, August 10, 2015 (UTC)
Ah, I see - sorry for any misunderstanding. Like I said, I don't see the need for the extra process, but I'd like to keep that discussion for another time depending on the outcome of this. cqm 10:24, 10 Aug 2015 (UTC) (UTC)
This proposal isn't meant as protection from that hacking incident, but moreso as protection from the ever so apparent fact that Wikia is not a very secure place. MolMan 13:56, August 10, 2015 (UTC)

Comment - Cook suggested the cut-off be raised to 1 year due to concerns of some users often coming back after 6 months and having contributions of note. This would effectively remove everyone on the above list from Sir Revan and below (it's in order of last edit date) and reduce the number of users affected to 44 not including Suppa or Azaz. As I pulled the time period used from Forum:Inactive bots, I don't have any concerns about increasing this limit as it's actual users we're now discussing. Does anyone have any objections to this modification? cqm 11:03, 10 Aug 2015 (UTC) (UTC)

Keep it at 6 months. I see we're sliding back into the outrage that it be removed at all. --Saftzie (talk) 14:39, August 10, 2015 (UTC)
I agree. Quest.png Gaz Lloyd 7:^]Events!99s 14:55, August 10, 2015 (UTC)
My reasoning is as follows: we have had 41 admins come back after a 6 month break and edit in some capacity. 41! Together, they've done about 4000 edits and a bunch of admin log actions. They've done non-trivial admin-related things after returning. By bumping it to 12 months, we only trim about 15% off the desysop list. But only 20 admins came back in any capacity after a 1 year break, and only one of them (rwojy) did anything of any consequence. At least historically, it seems to strike the right balance between desysopping everyone and keeping the potentially useful ones around. ʞooɔ 18:48, August 10, 2015 (UTC)
No matter what length of time we set for it, 24 months or infinity, to ask for privileges back, they can ask. --Saftzie (talk) 19:26, August 10, 2015 (UTC)
What purpose does asking for the rights back really serve? I see no particular reason why taking them away and giving them back on demand solves any more problems than just leaving the rights there. Further, this requires greater activity of our bureaucrats, which has been an issue over the last few years (and we've taken specific steps to limit the responsibilities of bureaucrats because of that). ʞooɔ 20:35, August 10, 2015 (UTC)
They have to prove they are who they say they are and not some random person who got access to unused credentials, which is the whole reason to de-sysop in the first place. --Saftzie (talk) 20:46, August 10, 2015 (UTC)
How do you suggest they prove their identity? ʞooɔ 22:20, August 10, 2015 (UTC)
Dick pics. MolMan 22:22, August 10, 2015 (UTC)
Okay, but the thing is we need earlier dick pics to compare to. So unless we require all admins to submit a dick pic upon successful RfA (which I'm not opposed to), we'll just have a bunch of extraneous dick pics. ʞooɔ 22:32, August 10, 2015 (UTC)
What about those admins who... lack the anatomy required for dick pics? What would you suggest for them? Small recharge gem.png AnselaJonla Slayer-icon.png 22:34, August 10, 2015 (UTC)
@Cook I don't think extraneous dick pics has ever been a bad thing.
@Ansela tits or gtfo MolMan 22:35, August 10, 2015 (UTC)
@Mol Tits, you say? Small recharge gem.png AnselaJonla Slayer-icon.png 22:40, August 10, 2015 (UTC)
Kidding aside, while proving someone is who they say they are is a nice idea in theory, how could we possibly implement such a thing? ʞooɔ 03:04, August 12, 2015 (UTC)
See the side comment below. --Saftzie (talk) 03:43, August 12, 2015 (UTC)
Again...interesting idea in theory, but you'll struggle mightily with adoption, not to mention that this would be irrelevant for the actual admins in question...ʞooɔ 04:55, August 12, 2015 (UTC)
Are you skeptical of implementation or adoption? You seem to be changing your criterion. --Saftzie (talk) 05:28, August 12, 2015 (UTC)
I think you misunderstand what I mean by implementation -- based on my reading of the signpost article, the act of setting up a system in which we could operate committed identity verification is trivial. However, the (seemingly obvious) concern is getting anyone to use it, particularly the admins that have been gone for months or years and thus wouldn't be in a position to verify a secret string, because they never set one when they were initially active and there was no ambiguity over their identity. Setting up a userbox and a note for RS:AR or something along those lines is not the hard part...the issue is that what you're proposing doesn't come close to solving the issue for the previous 40+ inactive admins. ʞooɔ 05:53, August 12, 2015 (UTC)
Is the only problem the currently inactive admins? Or is there the possibility that some admins will become inactive in the future? I think the latter. While it's true that some current and future admins may choose to be intransigent, it is a solution going forward which is, as you admit above, trivial to implement. --Saftzie (talk) 18:01, August 12, 2015 (UTC)

Support - if they've been gone for that long, then there's a chance they're not even still interested in RuneScape/the wiki any more. Small recharge gem.png AnselaJonla Slayer-icon.png 18:42, August 10, 2015 (UTC)

Side comment - Given some of the discussion at [[w:c:c:Thread:890734|Weekend Security Issues]], here's some food for thought from Wikipedia: Committed identity. I've been pondering the use of a GnuPG/PGP public key on my User: page for a while. I prefer that to using a hash. Once you give away the secret to the hash to prove your identity, it's useless. Plus if you give it away to the wrong person, like the hacker, it's worse than useless. --Saftzie (talk) 19:44, August 10, 2015 (UTC)

Wikipedia Wikipedia Wikipedia Signpost. MolMan 19:45, August 10, 2015 (UTC)
Yeah. Once for the keyword. Once for the namespace. Once for the article name. There really are 3 of them. --Saftzie (talk) 19:48, August 10, 2015 (UTC)

Support - Also committed identity YES PLEASE. User talk:ThePsionic.png: RS3 Inventory image of User talk:ThePsionic ThePsionic Special:Contributions/ThePsionic.png: RS3 Inventory image of Special:Contributions/ThePsionic 22:07, August 10, 2015 (UTC)

Support - svco4bY.png3Gf5N2F.png 03:42, August 12, 2015 (UTC)

Support - I had something that was unique to say, but Ansela said it already; who knows if they even care about the game anymore? 7kyt1iT.gif --WINE OF GOOD HEALTH (Actually Stinko) 12:09, August 12, 2015 (UTC)

Support - Although I'd lean towards a year of inactivity instead of 6 months, per Cook. 5-x Talk 13:57, August 12, 2015 (UTC)

Comment - I don't think inactivity time is as much of a problem as the sheer number of inactive (by any definition) sysops we have just lying around. I don't think we should let that issue distract us from determining the more important consensus. If we have to, I'd suggest eventually closing the thread with a cut-off of 1 year and bringing up the issue of different lengths of inactivity in another thread. Just because we really need these old accounts cleaned up ASAP. MolMan 14:04, August 12, 2015 (UTC)

Comment - I'm far too fabulous to have my adminship removed. Magic-icon.pngStelercusIlluminated Book of Balance.png 01:31, August 13, 2015 (UTC)

Then why are you listed 5 times in a row? MolMan 01:33, August 13, 2015 (UTC)
Your mother liked me that much. Magic-icon.pngStelercusIlluminated Book of Balance.png 01:49, August 13, 2015 (UTC)
No. She wanted me to have you. She just wants the best for her little molly-poo. MolMan 01:53, August 13, 2015 (UTC)

Comment - not specifically on the issue of inactive admins, but it is related to the security issues: Ducksoup arrived in Community Central Chat for the weekly Office Hours. I asked him about 2FA log in, https log in, and returning to the use of special:login:,O9EktmF,09FrJfj,AlR1OEA,pAs3Ch6 Small recharge gem.png AnselaJonla Slayer-icon.png 20:53, August 13, 2015 (UTC)

Wikia needs to stop trying to be so fucking clever and just do things correctly. MolMan 21:33, August 13, 2015 (UTC)
We (myself and another wikian) had a long debate with Rappy about 2FA in the Wikia skype conversation, where he summarily proved that Wikia's community managers don't know what the hell they're talking about. I hope that [the community managers and other staff concerned about 'recruitment rate'] don't influence the people who actually understand what they're talking about in the development area. Quest.png Gaz Lloyd 7:^]Events!99s 21:52, August 13, 2015 (UTC)

Comment A year minimum, should be 3 16px‎AtlandyBeer.png 23:20, August 15, 2015 (UTC)

A year or more - Six months is too short of a deactivation period and will cause disruptions. As I noted earlier on the thread, bumping it up to a year will reduce the probability of them coming back by a factor of 4 or 5, while only removing a few people from the inactive list. I would hope we try to avoid a situation where people have to regularly ask for the rights again, because without some method of verification (which is largely irrelevant for the current inactives), it's really just a nuisance that doesn't provide us extra security. ʞooɔ 03:16, August 16, 2015 (UTC)

Yeah, I think I agree. More than six months, at least; people take long wiki-breaks sometimes. Sure, you could always ask for your adminship back, but like Cook says, I can see how removing the adminship in the first place could be demotivating. The only reason I could see why six months would be appropriate is if more recently-used admin accounts are significantly more likely to be hacked for some reason. White partyhat old.png C Teng talk 02:02, August 17, 2015 (UTC)
Like the exact incident mentioned in the first sentence of the thread-opening statement? Quest.png Gaz Lloyd 7:^]Events!99s 02:10, August 17, 2015 (UTC)
I think the exact incident mentioned in the opening statement is irrelevant to this part of the discussion -- the people who were affected by that exploit were active that day. It did not do anything to inactive accounts, whether they were inactive for a week or five years. ʞooɔ 05:54, August 17, 2015 (UTC)
The risk of compromise exists for all accounts, active or inactive. The fact that this exploit targeted an active account is what's irrelevant. However, there is no benefit to inactive privileged accounts, only risk. The risk does not decrease with the length of inactivity. If anything, the cumulative risk increases. Therefore the globally recognized best practice for any IT operation is to revoke privileges of inactive accounts. --Saftzie (talk) 18:36, August 17, 2015 (UTC)
Yes, there's always a risk of compromise to any account. However, the specific incident that Gaz mentioned (which I was responding to directly) targeted only active accounts, due to the nature of the exploit. And saying that there's no benefit to inactive privileged accounts is misleading and wrong -- a significant portion of inactive admins do come back in some capacity later on, and we should endeavor to make their return as straightforward as possible. There is a middle ground and we might disagree on where that lies, but it's ornery to pretend that desysopping these inactive accounts doesn't cause some level of harm to the community. ʞooɔ 19:14, August 17, 2015 (UTC)
The fact that inactive sysop accounts aren't being used, pretty much by definition, means they're not doing any administration. Hence they are not contributing any benefit. --Saftzie (talk) 19:32, August 17, 2015 (UTC)
You're blurring the line between two very distinct definitions. ʞooɔ 19:42, August 17, 2015 (UTC)
I think I'm drawing a very sharp line. I think you're the one blurring things. The discussion for what constitutes good security practices here does not take place in a vacuum. Ever since Saltzer and Schroeder, the broad concepts of good security practices have been known truly globally. Yes, plenty of organizations try to ignore them or argue that they don't need good security practices because all their people are trusted. But choosing the right thing to do really is just as simple as taking the benefit of several decades of IT history. "This time things are different" has never been true. --Saftzie (talk) 19:56, August 17, 2015 (UTC)
Well, that was a nice detour...but you're trying to equate "inactive privileged users provide no benefit" to "letting inactive privileged users keep their privileges provides no benefit". One of these is trivially true, the other is certainly not. ʞooɔ 20:01, August 17, 2015 (UTC)
I'm not sure where you get any kind of detour, except the one you keep trying to make. But I certainly do think that inactive privileged accounts are the same as inactive accounts with privilege. --Saftzie (talk) 20:10, August 17, 2015 (UTC)
Well, that entire thing you wrote had zero relation to what you were responding to...but you're jumping straight from an obvious truth (inactive admins provide no benefit because, well, they're inactive) to a much more dubious claim (desysopping inactive admins is harmless) with no justification. I think it's pretty clear that the latter claim is actually not true. ʞooɔ 20:20, August 17, 2015 (UTC)
I never said anything like what you are attributing to me, but if you'd like the most unambiguous statement I can make, here it is: de-sysopping inactive admins is desirable. Of course, anyone should be able to infer that from my "support" vote. --Saftzie (talk) 20:40, August 17, 2015 (UTC)

Comment - Wikia has a new [[w:c:c:Thread:893491|thread]] on the issue (in which they say JS editing should return to everyone by the end of the week). As a (humorous?) aside, when someone asked if the login form could be implemented on a JS-free page, I responded to point out Special:UserLogin. Someone (presumably DaNASCAT) deleted my post, and DaNASCAT closed the thread 15 minutes later. I guess Wikia really hates Special:UserLogin. --Saftzie (talk) 18:36, August 17, 2015 (UTC)

I mean, to be fair, he didn't specifically ask you. MolMan 18:38, August 17, 2015 (UTC)
I'm pretty sure anyone can post on a public thread. Yes, I realize freedom of speech doesn't mean I have a right to say anything on a website I don't own, but the complete content of my response was
It comes with MediaWiki.
My judgement may be flawed, but that seems unlikely to be interpreted as a flame or vandalism, the usual justifications for removing a post. --Saftzie (talk) 18:55, August 17, 2015 (UTC)
I'll be candid for a moment: I asked him to delete your message. Special:UserLogin is my trigger. MolMan 20:14, August 17, 2015 (UTC)
I think you're just still trying to collect penis and tit photos. --Saftzie (talk) 20:17, August 17, 2015 (UTC)
History says it was definitely DaNASCAT. Like I said, the hate for UserLogin must be strong. --Saftzie (talk) 19:17, August 17, 2015 (UTC)
Can I just say that I would willingly cuss out DaNASCAT because of his ineptitude? There is literally no reason not to use Special:UserLogin, at least in my opinion after reading above. 7kyt1iT.gif --WINE OF GOOD HEALTH (Actually Stinko) 13:39, August 21, 2015 (UTC)
At this point, it's political, since Special:UserLogin is a technically superior option. When Wikia rolls out HELIOS (their new authentication system, which supposedly supports login over SSL/TLS), it may or may not integrate with UserLogin. I'd almost expect them to go out of their way to make sure it doesn't integrate. We'll have to wait and see. --Saftzie (talk) 16:49, August 21, 2015 (UTC)
Wikia have been very cagey about what was actually affected - they haven't admitted it was the login form any more than it could have been the special page. Having seen the JS before it was hidden, it looked like the form but I may be wrong. UserLogin shouldn't have loaded any JS (and didn't when I tested it a short while after the attack), and I would assume it utilises the same mechanism as Preferences, but as almost all discussion of improving security and what went wrong has been quietly ignored I'm very unsure. cqm 18:57, 21 Aug 2015 (UTC) (UTC)

Support - ≥1 year since last mainspace edit, restoration of user rights upon request. Temujin 10:04, August 19, 2015 (UTC)

Support - Extend it to one year of inactivity excluding any vanity edits (i.e. personal userpage edits). This would cut the list down by a lot while adding only one name to the list (Whiplash has made only one edit in the past year which was to update a personal userpage). Personally I'd also adding Hairr to the list (his last edit was to immediately undo a rollback he did, which makes me believe it was accidental), but I will not push the issue What I've done Ciphrius Kane Talk 00:59, August 21, 2015 (UTC)

Agreed about the length of time and about the vanity edits. White partyhat old.png C Teng talk 21:52, August 23, 2015 (UTC)

Closed - Administrators and bureaucrats will have their userrights removed after one year of inactivity. Users that lose their rights through this process can request them back at any time, without the need for another RfA/RfB. --LiquidTalk 19:59, August 26, 2015 (UTC)