Jump to content

Wikipedia:Village pump (technical)

From Wikipedia, the free encyclopedia
 Policy Technical Proposals Idea lab WMF Miscellaneous 
The technical section of the village pump is used to discuss technical issues about Wikipedia. Bug reports and feature requests should be made in Phabricator (see how to report a bug). Bugs with security implications should be reported differently (see how to report security bugs).

If you want to report a JavaScript error, please follow this guideline. Questions about MediaWiki in general should be posted at the MediaWiki support desk. Discussions are automatically archived after remaining inactive for five days.

VPNgate blocking bot

[edit]

I am seeking consensus on a proposal to develop and deploy a bot to help block VPNgate IP addresses used by a particular WP:LTA. For WP:DENY/WP:BEANS reasons, I cannot provide full details, but users familiar with the LTA in question will understand the context.

Background

[edit]

I have tested several VPNgate IPs, and very few of them are currently blocked. According to Wikipedia's policy on open proxies and VPNs (per WP:NOP), these should be blocked. Given the volume of VPNgate IPs, I propose using a bot to automate this process.

This is building off this discussion on WP:BOTREQUESTS.

I am posting here to gauge consensus needed for a WP:BRFA.

Proposal

[edit]

I propose a bot to automate blocking these VPNgate IPs using the following steps:

  1. The bot will use this list provided by VPNgate, which contains OpenVPN configuration files in Base64 format. The provided "IP" value is only the one that your computer uses to talk to the VPN (and sometimes wrong), not the one used for the VPN to talk to Wikipedia/external internet - this requires testing to uncover.
  2. The bot will iterate through each config file and use OpenVPN to test if it can connect. If successful, it will then use the VPN to send a request to this WhatIsMyIPAddress API to determine the real-world IP address used by each VPN to connect to Wikipedia. This is sometimes the same as the IP used to talk to the VPN - but sometimes completely different, see the demo edit I did using VPNgate on the Bot Requests discussion linked above and I also did one as a reply to this post. Also, testing is needed before blanket blocking because VPNgate claim to fill the list with fake IPs to prevent it from being used for blocking, again see the BR discussion.

Blocking or Reporting:

  • If the bot is approved as an admin bot, it will immediately block the identified IPs or modify block settings to disable TPA (see Yamla's recent ANI discussion per the necessity for this) and enable auto block.
  • If the bot is not approved to run as an admin bot, it will add the IPs to an interface-protected JSON file in its userspace for a bot operated by an admin to actually do the blocking.

Additional Information

[edit]
  • I have already developed and tested this bot locally using Pywikibot. I have tested it on a local MediaWiki install and it successfully prevents all VPNgate users from editing (should they not be IP block exempt).
  • I’m posting here to gauge broader community consensus beyond the original WP:BOTREQUESTS discussion.

Poll Options

[edit]
  • Oppose: Object to the bot proposal. Feel free to explain why.
  • Support options:
  1. Admin Bot (admin given code): An admin will run the bot, and I will provide the code for them to run, as well as desired environment setup etc. and will need to send any code changes or packages updates to them to perform. Admin needs to be quite technically competent.
  2. Admin Bot (admin gives me token): An admin provides me with the bot token (scoped per Anomie below) of a newly created account only for this purpose, allowing me to run the code under myself on Toolforge and fully manage environment setup (needs install and config of multiple python and brew packages not needed for standard pywikibot) as well as instantly deploy any needed code changes or dependency updates without bottlenecks. Admin only needs to know how to use Wikipedia UI and navigate to Special:BotToken, check some boxes, and then submit.
  3. Admin Bot (I run it): For this specific case I am permitted to run my own admin bot. Withdrawn per Rchard2scout and WMF viewdeleted policy.
  4. Bot without Admin Privileges: The bot will report IPs for potential blocking without admin privileges. Not recommended per large volume. Withdrawn per 98 IPs/hour volume, too much for a human admin.
  5. Non-admin bot v2 (preferred by me): My bot, User:MolecularBot is not an admin bot. It can, however, add IP addresses that it finds are the egress of open VPNgate proxies to User:MolecularBot/IP HitList.json (editable only by the bot and WP:PLIERS/interface admins). This means I can run the code for it and manage the complex environment. An admin's bot will be running the uncomplicated code (doesn't require the complex environment and OpenVPN setup for this bot) to just monitor that page for changes and block any IPs added.

Poll

[edit]
  • Oppose for now. From reading that discussion, it looks like the IPs available through the API are only the "ingress" IPs, which is what you connect to on their side when using the VPN (and even then, it seems like the VPN client might sometimes use another IP instead?). If there's actually a publicly available list of outgoing IPs available, I'd be very surprised. From an operational standpoint, those IPs don't need to be public, and if they are, that's a serious error on their side. If we do somehow get our hands on a list, I'd be in favour of option 1. There's plenty of admins available who are able to run bots. --rchard2scout (talk) 08:37, 17 December 2024 (UTC)[reply]
    Hi rchard2scout, I think you misunderstand the bot. The bot connects to each "ingress" IP and then finds out the "egress" IP that it uses by sending a request to a "what is my IP address API" (not associated with VPNGate in any way), then blocking the egress. This fully disables VPNgate on my local instance of MediaWiki. Thus, a list of egress IPs are not required, because it makes it own by connecting to each of the ingress ones and sending a request. I apologize if my documentation wasn't clear. MolecularPilot 🧪️✈️ 08:44, 17 December 2024 (UTC)[reply]
    Noting that I currently do have a complete list of "egress" IPs from my local run of the bot, so should I take your vote as a support of option 1 like you stated? Thank you. MolecularPilot 🧪️✈️ 08:45, 17 December 2024 (UTC)[reply]
    Oops, you're right, I somehow missed this. Hadn't had my first coffee yet ;). Striking, adding new vote.
    That's so fine, my brain is a little laggy in the early morning as well! My technical/documentation writing probably needs some work as well, it's not my best skill (anyone please feel free to edit this post and make it clearer, if it's wrong I'll just fix it). Thank you for your time in reviewing this even though it's still the early morning where you are! :) MolecularPilot 🧪️✈️ 09:38, 17 December 2024 (UTC)[reply]
  • Support option 1. Options 2 and 3 are probably incompatible with our local and WMF policies, because an admin bot can do anything an admin can do, and you haven't gone through RfA, so you're not allowed access to rights like viewdeleted. Or (@ anyone who know this) are OAuth permissions granular enough that an admin can generate a token that allows a bot access to block but not to other permissions? In any case, I think option 1 is the easiest and safest way, there's plenty of admins available who are able to run bots. --rchard2scout (talk) 08:59, 17 December 2024 (UTC)[reply]
    Hi Rchard2scout, thank you for your new comment and feedback. I hope your morning is going well! Ah yes viewdeleted, silly me to forget about that (I have the opposite problem as you before, it is far too late at night where I live!), I do recall it from someone else's declined proposal of admin sortion, I've struck Option 3 now per WMF legal policy. Re OAuth permissions, I know from using Huggle that when you create a bot token there's a very fine grained list of checkboxed for you to tick, and "block" is in fact one of them, so it is that granular as to avoid all other admin perms, I've expanded Option #2 above to clarify this and more circumstances. I do believe this would be my preferred option, per the reasons I've placed in my expansion, but are really happy with anything as long as we can deal with this LTA. Anyway, enjoy your morning! MolecularPilot 🧪️✈️ 11:29, 17 December 2024 (UTC)[reply]
    There's no grant allowing block but no other permissions. The minimum additional admin permissions would be block, blockemail, unreviewedpages, and unwatchedpages. Anomie 12:33, 17 December 2024 (UTC)[reply]
    Support option 5 as well, and that doesn't even need a BRFA or an RFC. We do then need consensus for the adminbot part of that proposal, so perhaps this discussion can focus on that. --rchard2scout (talk) 10:19, 18 December 2024 (UTC)[reply]
  • Option 1. I believe this is the only option allowed under policy. Admins need to run admin bots. This RFC is a bit complicated. Usually an RFC of this type would just get consensus for the task ("Is there consensus to run a bot that blocks VPNGate IP addresses?"), with implementation details to be worked out later. –Novem Linguae (talk) 12:09, 17 December 2024 (UTC)[reply]
    Option 5 is fine if the bot doesn't need to do any blocking and is just keeping a list up-to-date. Don't even need this RFC or a BRFA if you stick the page in your userspace (WP:EXEMPTBOT). –Novem Linguae (talk) 09:50, 18 December 2024 (UTC)[reply]
  • I'd like to suggest an alternative approach: Write a bot or Toolforge tool that generates a data feed of IP addresses, starting with VPN Gate egress IP addresses, perhaps including the first seen timestamp and last seen timestamp for each egress. The blocking and unblocking portion of the process is relatively simple and a number of administrators could write, maintain, and run a bot that does that. (I suspect most administrators that run bots would prefer to write their own code to do that.) Daniel Quinlan (talk) 23:04, 17 December 2024 (UTC)[reply]
    Well, I started writing this suggestion before option 5 was added. Since it looks like this is basically the same as that option, put me down as being in favor of Option 5. Daniel Quinlan (talk) 23:15, 17 December 2024 (UTC)[reply]
  • Courtesy ping for Rchard2scout and Novem Linguae notifying them of the new preferred option 5 above, which I believe makes everything easier for both myself and the admin who wishes to help me (I'll leave a note on AN asking nicely once BRFA passes for MolecularBot). Also, Skynxnex, you expressed support for option 5 below, did you mean to format that as a support !vote in this section (my apologies for the confusing layout of everything here). Thank you very much to everyone for your time in reviewing this proposal and leaving very helpful feedback. MolecularPilot 🧪️✈️ 09:33, 18 December 2024 (UTC)[reply]
    I don't feel like I've thought about the different aspects to do a bolded !vote yet. Skynxnex (talk) 15:07, 18 December 2024 (UTC)[reply]
    That's so fine, thank you anyway for your feedback! :) MolecularPilot 🧪️✈️ 23:07, 18 December 2024 (UTC)[reply]
  • Support option 1 or 5 whichever gets the job done in support of the other options being worked on by the WMF. -- LCU ActivelyDisinterested «@» °∆t° 13:03, 26 December 2024 (UTC)[reply]

Discussion

[edit]
  • Hey, it's me, User:MolecularPilot on VPNgate. This VPN is listed as 112.187.104.70 on VPNgate cause that's what my PC talks to. But, this VPN when talking to Wikipedia, uses 121.179.23.53 as shown which is completely different and not listed anywhere on VPNgate, showing the need for actually testing the VPNs and figuring out the output IPs are my bot does. Can this IP please be WP:OPP blocked? 121.179.23.53 (talk) 06:22, 17 December 2024 (UTC)[reply]
  • There is a relevant Phabricator ticket: T380917. – DreamRimmer (talk) 12:02, 17 December 2024 (UTC)[reply]
  • I don't think non-admins can run admin bots. Perhaps you would like to publicly post your source code, then ask an admin to run it? cc Daniel Quinlan. –Novem Linguae (talk) 12:05, 17 December 2024 (UTC)[reply]
  • I don't think blocking a single VPN provider will have the effect people want it to have. It's easy for a disruptive editor to switch VPNs. This is really a problem that needs to be solved by WMF. Daniel Quinlan (talk) 15:45, 17 December 2024 (UTC)[reply]
    Hi Daniel Quinlan, I guess I didn't make this clear enough in the post but this is designed to work with existing WMF proposals that are being worked on. Both T380917 and T354599 block/give higher edit filter scrutiny based on existing lists of "bad" IPs, this is the same as the old ST47ProxyBot (which actually does scanning but doesn't monitor "egress" IPs, it only attempts to connect to the "ingress" and then blocks it if successfully). This is great for a wide variety of proxy services because ingress/egress is the same, but for modern, more advanced services like VPNgate (and perhaps some services that because a problem for us in future) the ingress IP address is often not the same as the one used to edit Wikipedia, and so requires this solution (this bot). I'll admit that blocking VPNgate won't fully stop this LTA or all proxy vandals but VPNgate is quite a large and widely used network (claiming a total of 18,810,237,498 lifetime connections) that is currently almost fully permitted to edit Wikipedia, and by blocking it this significantly reduces the surface area for proxy attacks. This also creates the infrastructure for easily blocking any future VPN services that use different ingress/egress IPs - the bot can be easily expanded to use new lists. MolecularPilot 🧪️✈️ 21:14, 17 December 2024 (UTC)[reply]
  • What is the actual expected volume per day of new IPs to block? It looks like the current list has 98 ingress IPs (if I'm understanding the configuration blocks correctly). I'll also say I have pretty strong concerns about sharing "personal" tokens of any kind between users, particularly admin permission ones with non-admins. Skynxnex (talk) 19:48, 17 December 2024 (UTC)[reply]
    The list available through this API frequently rotates. It only provides 98 ingress IPs at a time, as you stated and refetching the list without [some duration of time, from my estimates it's around 1 hour] passing returns the same 98 IPs. After 1 hour (estimated) passes, a new 98 IPs are randomly selected to be provided to all users - but these may include some of the same IPs as before because they are picked by random selection from the whole list of 6057 (not available to the public), this has happened a couple times during my data gathering. Therefore re volume per hour, the maximum number of IPs to be blocked is 98, but it could be less due to already blocked IPs being included in that given hour's sample of 98, I hope this makes sense if there's anything that needs clarifying please don't hesitate to ask. MolecularPilot 🧪️✈️ 21:34, 17 December 2024 (UTC)[reply]
    Re "personal" tokens it's actually not a "personal" token to the admin's account, it would be (in theory) a token to an adminbot account with the only things it can be used for being those helpfully specified by Anomie above. However, regardless I see the concerns so I've added a proposal 5 which hopefully is a decent compromise above and ensures that I don't have access to any admin perms/tokens, but that there aren't any bottlenecks and that admins don't need to setup a complex running environment. Thank you for your time in commenting, Skynxnex. MolecularPilot 🧪️✈️ 22:23, 17 December 2024 (UTC)[reply]
    I see bot tokens as fairly similar to personal tokens since bots are associated with an operator. I think proposal 5 has promise. Skynxnex (talk) 23:08, 17 December 2024 (UTC)[reply]
    VPN Gate claims they have about 6,000 servers which is fairly close to my own estimate of how many IPs they are using. If we block each IP for six months, we'd end up averaging about 33 blocks per day. There would be a pretty large influx at the start, but I would want to spread that out over at least several weeks to avoid flooding the block log as badly as ST47ProxyBot did. Daniel Quinlan (talk) 23:10, 17 December 2024 (UTC)[reply]
    It's worth noting that an unknown amount of 'servers' are user computers that people have volunteered cpu time for (this information is somewhere on the website), so, like we see often with IP users, the IP that each server uses can and likely will change with time. This doesn't mean that an effort like this bot won't help, of course, but it's unknown how effective (as a percentage) it would be with just 33 blocks a day. – 2804:F1...33:D1A2 (::/32) (talk) 23:47, 17 December 2024 (UTC)[reply]
    33 blocks per day is a rough estimate, not a limit. Certainly there will be some delay when adding entries to any list generated as proposed above so the block rate will never reach 100%, but the egress IPs don't seem to change that much over time based on what I've seen. Daniel Quinlan (talk) 00:09, 18 December 2024 (UTC)[reply]
    So, I'm posting this anonymously through VPNGate because I don't want people to start suspecting me of things just because I admit to having used a VPN service some others are abusing to make disruptive edits here. Due to its strong base in Japan, I've used VPNGate many times in order to shop at Japanese web stores that block purchases from outside Japan (they typically don't want to offer international support and see this as the easiest solution for avoiding that), and I know a number of other people who've used it for similar reasons (also for Korea, which often has even more hosts available than Japan).
    In any case, while I've personally never enabled this on my PC, I can confirm what IP 2804: said: there's definitely a swarm of short-term volunteer IPs associated with this service who aren't part of VPNGate proper. The overlap between such people and good faith Wikipedia editors may not be large, but it's unlikely to be zero. Unless you have a good mechanism to avoid excessively punishing such users for popping up on your list for the short period of time they themselves use the VPN, maybe it's better to wait for and official WMF solution, which (based on the phabs) seems to intend to take "IP reputation" into account and would thus likely exclude such ephemerals, or at least give them very short term blocks compared to the main servers. Because getting blocked here for several months for having been part of VPNGate for a few hours hardly seems fair.
    Actually, now that I think about it: if you're going to connect to VPNGate servers for the express purpose of determining and blocking their exit IPs, you'd probably be in violation of their TOS. While you might consider this an "ends justifying the means" situation, are you sure you want to associate the WMF with such unauthorized usage? There's a difference between port scanning or getting an IP list via an API and actually traversing the VPN in order to investigate it. This absolutely is not a legal threat by me, but if VPNGate were to learn of this, I wouldn't be surprised if they took action. Aren't there enough services out there that provide VPN IP lists without having to roll your own scanner? It would seem a safer bet for the WMF to use something like that. 125.161.156.63 (talk) 16:05, 19 December 2024 (UTC)[reply]
    Oh, you didn't have to anonymise yourself, we don't cast WP:ASPERSIONS here and now you won't get a reply notification but that's okay! :) I checked the terms of service of their website before making their bot and it just says not to do anything IRL illegal otherwise they'll give your logged data to authorities if subpoenaed, but I will reach out to the VPNgate operators in Japanese (good practice opportunity, huh) when I have time just to double-confirm they're okay with everything. But btw, they encourage checking that your IP has changed to demonstrate it has worked in their how-to-guides, and this isn't 'tranaversing" as we're not collecting data on every single node but only the public IP of the exit node. Re short-term volunteers, that's a great point, and I'll update the JSON schema of its published data to include a "number of sightings" number, so that the blocking adminbot would escalate blocks as this increases so maybe it starts really short term like 2.5 days/60 hours (6000 active volunteers on average, divided by 100 checked every hour, minimum time to ensure the IP has truly stopped) if it's just 1 sighting but ramps up exponentially if it's seen again as an egress IP untill we're talking like 6months - 2 years blocks. Re WMF tickets, the distributed fact of VPNgate that anyone can start hosting means that most VPNgate IP addresses won't have a bad "reputation" (I checked a whole bunch on a variety of reputation lists and the egresses always had "good"" reputations) so reputation checking won't help (but they need short term blocks), also as you can't publically see the egress with VPNgate cause it's different to ingress (unlike most networks). So WMF solutions are actually quite innovative and smart for most VPN/proxy networks, it's just that VPNgate is a bit different needing a unique solution, this bot. MolecularPilot 🧪️✈️ 04:43, 20 December 2024 (UTC)[reply]
    I guess I'm just too careful or chicken even if most people would refrain from casting aspersions.
    I don't quite understand why you say you're not traversing. You're not just touching the network from one side, you're passing through it and coming out on the other side, that's traversing. However if they don't mind it, then I guess you're in luck. Ecxept maybe if those Japanese laws they mention a mllion times in their documents have a problem with something like this.
    I don't know what the WMF is basing its reputation measurements on. My meaning was that sites like browserleaks.com almost always seem to know about the VPN status of the exit nodes I've used over time. I don't know where they're getting this information from exactly, but that's what I meant by reputation, not whether they're good or bad but what they're known to engage in, like being a VPN node. And that database is probabably built either through collaboration or by specialized services, which the WNF can use as well. Like email providers use common antispam databases instead of each rolling their own.
    In any case, good luck with your bot, because I'm afraid these persistent abusers you want to keep out by this probably won't be averse to paying for commercial VPNs if they have to, and many of those only cost a handful of bucks a month. Commercial companies will almost certainly have a TOS that would prohibit your bot, so to counter them the WMF would in the end still have to resort to a specialist or collaborative VPN IP list of some kind. You can probably cut down on casual troublemakers by tracking VPNGate but I don't think it'll help all that much much against anyone highly motivated. They can even continue using VPNGate, it'll just be less convenient because they have to find brand new nodes before you catch those.
    92.253.31.37 (talk) 17:39, 20 December 2024 (UTC)[reply]
    I'm not sure what you mean by "Japanese Laws" they keep mentioning they don't seem to mention any, when I told you that the ToS said don't do anything irl illegal I was referring to this ToS page which doesn't mention any "Japanese Laws" but just says don't do anything like CSAM like your government can subpoena us for, because we'll comply (and directions for LEOs to request this). Re reputation yes, the major VPNgate nodes that have done it for a while do have bad reputations, particularly 219.100.37.0/24 which is the example servers run by the university themselves - but as you said, because anyone can start a VPNgate server and then there's always brand new nodes that won't have bad reputations and can be abused. But - as I've stated in a different discussion above, the list of VPN servers to connect to only updates with new servers hourly, so while reputation services won't catch the new exit nodes (because they won't be used poorly enough to trigger flagging for a white), the bot constantly waits for updates to the list and then immediately tests it to determine the new egress IPs. Re commercial services generally, unlike VPNgate, they use datacenters and static IPs that are assigned to "Hotspot Shield, Inc." (as an example) so it's easy to CIDR range block them and also the reputation of those deteriorates over time as they do bad things - the companies don't randomly get new IPs in random locations around the world, like VPNgate. In fact commercial reputation services excel at identifying commercial services (from my testing), but VPNgate is community distributed, like Wikipedia, and needs a unique approach. And yes, as I said to Daniel, I'll admit that blocking VPNgate won't fully stop this LTA or all proxy vandals but VPNgate is quite a large and widely used network (claiming a total of 18,810,237,498 lifetime connections) that is currently almost fully permitted to edit Wikipedia (the bot currently has 146 IPs in its list and as shown by the stats section of the toolforge frontend, ~60% are currently unblocked (and this is an underestimate because the list is mainly the "obvious" ones that are always provided first in the 98 hourly sample, like 219.100.37.0/24. This is because the bot has only had 1 full run of all IPs in a given hour's list, and many failed partial runs of just the first couple. I think blocking VPNgate significantly reduces the surface area for proxy attacks - only looking at only 10 of the blocked IPs I see link spam, edit warring, block evasion, vandalism and our favourite WP:LTA. MolecularPilot 🧪️✈️ 08:38, 21 December 2024 (UTC)[reply]
    They mention Japanese laws repeatedly in the texts shown when you click the licence and notice buttons under Help > About of the SoftEther VPN Client Manager. It's a canned statement saying they only comply with Japanese laws because they can't possibly follow every law worldwide.
    the bot constantly waits for updates to the list and then immediately tests it to determine the new egress IPs Are you going to run multiple instances of the bot in parallel, because the 98 IP list you get per hour seems far from sufficient for make claims about a strong level of protection if there are ~6000 egresses, many of which churn. With your current setup, an abuser can get their own list refresh, which would be different from what the bot gets, run it past your very helpful :) IP check tool and then make edits from any IP not covered. Which may not be many, but they only need one out of their 98, so it's likely they'll get something as long as the volunteer swarm keeps changing.
    Getting a bit more facetious, VPNGate could conversely determine the IP of your bot and block it as a censorship agent. :) I really think it contradicts the spirit of their operation even if they haven't prohibited it explicitly, since you don't happen to be a state agent. This is just my conjecture, but I'm guessing that if you looked at your IP list edits without focusing solely on the abuse, you'd also see constructive edits coming from them, quite possibly from people using VPNGate to bypass state firewalls. I am well aware of Wikipedia open proxy policy, but it can make editing somewhat difficult for such people.
    These remain my two sticking points: while useful, the bot won't be quite as effective as you represent; and you're arguably abusing their service to operate yours.
    Once this bot starts issuing blocks, you should probably amend Help:I have been blocked to include verbiage about having used a VPN in the recent past, because this situation isn't really covered by the "you are using a VPN" or collateral damage statements. 211.220.201.217 (talk) 15:21, 21 December 2024 (UTC)[reply]
    VPNgate does not have as firm of a ground as you claim. Yes, companies have terms of use and those terms of use often have clauses of disputes being filed in their local country. However, as multiple attourneys have pointed out, this local dispute solving when dealing with an customer from abroad does not really work. In reality, VPNgate is forced to deal with international laws, because otherwise they will just lose their case. (one of the legal opinions supporting this: https://svamc.org/cross-border-business-disputes-company-use-international-arbitration/ )
    As far as blocks go, yes, they could block one user, but let me remind you that there are 120,000 active wikipedia users. The script could just be passed on between users until all of their IP ranges are blocked. They would lose that war, every time. Snævar (talk) 20:11, 21 December 2024 (UTC)[reply]
    I don't recall claiming anything about firm ground. I have a problem with the WMF or parties associated with it engaging in somewhat questionable practices, even if it is for a good cause. I'm OK with port scanning or getting data from an API, because that's external probing, but actually passing through someone's premises with the intent of later restricting their users is something I find objectionable, and it is my conjecture that VPNGate would think likewise. If VPNGate blocked one user's bot, that would simply be an indication that they object to such activities, and having a million other users on the ready to take over would change nothing about that, and I'm fairly certain the WMF does not subscribe to this sort of hackerish way of thinking anyway. VPNGate aren't outlaws against whom anything goes, they operate a prefectly legitimate service, albeit one that some people abuse. It's also possible that it's just me, and VPNGate themselves have no objection to any of this. The OP was going to ask them, so I presume they'll inform everyone about the response sometime soon. 220.81.178.129 (talk) 11:44, 22 December 2024 (UTC)[reply]
    Yes, this is definitely not something that should be adversarial or "us against them" and if they express concerns about this behaviour, we should totally not try and evade it - after all VPNgate does share our mission of spreading free knowledge to the world (and are very useful to spreading Wikipedia and other websites around the globe, it's just some bad actors taking advantage of the kind service of both the university and the volunteers creating a problem). We just need to find a way to work together to ensure that we both can continue to do our things. Being the holiday season, it's pretty busy for me and I'm sure the same is true for the operators so I will reach out in the new year re their thoughts on this. MolecularPilot 🧪️✈️ 04:45, 23 December 2024 (UTC)[reply]
    Hi! The abuser can't get their own list refresh seperate from what the bot sees, I guess I wasn't clear before but what I meant was that everyone gets the same 98 IPs every hour, and then the next hour another 98 are randomly selected to be shown to everyone.
    Re censroship/state agencies this doesn't help state agents or censorship at all, because they want to block the input/ingress IP addresses that citizens would use to connect to the VPN network, and knowing the egress that the VPN network uses to connect to servers doesn't help them at all. I have clarified this in the README.md now so anyone who sees the project will know that it can't be used for censorship.
    Re users bypassing state firewalls, they can still read and if they want to edit we have WP:ACC for that (abusers could go through acc I guess, but then they can't block evade once their account gets indef'ed - and VPNgate has been used a lot by link spammers, people who want to edit war (especially someone who got really upset about castes, I've seen a lot of edit warring from detected IPs about that) to evade the blocks on their main account).
    Btw, thank you for calling my tool helpful, I'm not the best at UI design but I tried to put some effort in and make it looks nice and have useful functions. Thank you to you as well for your time in providing soooo much helpful feedback to make the bot better. :) MolecularPilot 🧪️✈️ 03:52, 22 December 2024 (UTC)[reply]
    Also thanks for reminding me to provide guidance to users on this, I think the current WP:OPP block message doesn't really fit with the VPNgate mode of temporary volunteers (who the user effected might not even know about but could get a dynamic assignment with an IP blocked for a few days). I'll make a custom block template! :) MolecularPilot 🧪️✈️ 03:54, 22 December 2024 (UTC)[reply]
    Tada I guess... {{Blocked VPNgate}} Anyone reading this please feel comfortable to be WP:BOLD and make it better if you'd like, it's still a very early draft. :) MolecularPilot 🧪️✈️ 10:06, 22 December 2024 (UTC)[reply]
    While tone of you thanks seems to include some aspersions :), you're welcome if what I've said has helped you. If the list is the same for everyone, you can indeed be a lot more effective. My point about censorship was less about you helping state censors and more about you using the loophole that VPNGate haven't said anything about private actors, and giving the impression that abuse is the only thing it is being used for. 220.81.178.129 (talk) 11:39, 22 December 2024 (UTC)[reply]
    Oh no I'm really sad now, please don't take my tone when I thanked you in the wrong way (it can be both hard to express and pick up on the internet)! Maybe saying "sooooo" was a bit over the top, but you've genuinely gone back and forth with me a lot of times and always written detailed, logical suggestions or concerns to help, so genuinely, no sarcasm, thank you!!! :) MolecularPilot 🧪️✈️ 04:41, 23 December 2024 (UTC)[reply]
    All right then, and sorry about my tendency to lean a bit on the paranoid side. 159.146.72.149 (talk) 09:25, 23 December 2024 (UTC)[reply]
    That's so fine! :) MolecularPilot 🧪️✈️ 05:00, 24 December 2024 (UTC)[reply]
    How feasible would it be to make the list of IPs private/admin-only? I mean, they're still going to get blocked, and that's public, but I feel like making a public list, even if one may or may not already exist, might be an unnecessary step?
    If I ran a VPN service I'd be a lot less upset about Wikipedia defending itself than Wikipedia creating a public up-to-date list of VPN IPs that everyone can use, without effort, to mass block most of my VPN. – 2804:F1...57:88CF (::/32) (talk) 02:09, 24 December 2024 (UTC)[reply]
    I'm not really sure, I don't think there's a way to restrict viewing a page on EnWiki (I could whip up a MediaWiki extension enabling "read protection" of a page, but I doubt the WMF would install it), but we do have things like checkuserwiki, arbcomwiki etc. which have limited viewership so prep haps the bot could operate on a new antiabusewiki (but this would require even more work from WMF than installing the extension) and then a stewardbot could issue global blocks from there? I would also have to take down molecularbot2.toolforge.org and the GitHub repo (that anyone could just download code and run it to get their own list). But even if we don't have a list, it's trivial to query the MediaWiki API for block status (that's what the toolforge tool does in addition to seeing if the IP is listed at User:MolecularBot/IPData.json when you lookup an IP or generate stats), there's very high ratelimits for this, and you just need to check if the block reason is {{Blocked VPNgate}} or whatever message the adminbot/stewardbot leaves. MolecularPilot 🧪️✈️ 04:54, 24 December 2024 (UTC)[reply]

Colors of images in {{Infobox government agency}} are inverted in the dark mode

[edit]

When the {{Infobox government agency}} template is included into some page, SVG images inside it have their colors inverted if the dark mode is on. See, for example, the article United States Department of State, specifically the seal: it should have dark blue outter ring, white inner circle with a brown eagle, but instead you can see the seal with a bluish-white outter ring, black inner circle with an orange eagle. Looked at several other infobox templates, none of them have a simmilar issue. Also, only vector images are affected by this, raster images are not. I wanted to try to debug it, but the template is fully protected. Tohaomg (talk) 17:30, 22 December 2024 (UTC)[reply]

@Tohaomg it's most likely this edit by @Jonesey95: that has introduced the behaviour. Probably best discussed at Template talk:Infobox government agency. Nthep (talk) 18:04, 22 December 2024 (UTC)[reply]
See the previous discussion. A more comprehensive fix is welcome. The sandbox is open for anyone to edit. – Jonesey95 (talk) 18:57, 22 December 2024 (UTC)[reply]
This is not an acceptable solution, please revert. Sjoerd de Bruin (talk) 20:52, 22 December 2024 (UTC)[reply]
The reason skin-invert worked for signatures was that white writing paper is common and even though colors in pens is varied, the most commonly used ones are dark.
Logos are not created on the basis of a palette of colors, unlike signatures. Logos are created to be visible and understandable from far away and close up. As such, they should not be inverted at large.
I consider the edit request in the template to be unactionable, as it did not ask for any particular solution, not even a hint at one. Snævar (talk) 23:24, 22 December 2024 (UTC)[reply]
I'm not sure why people are continuing to reply here. This discussion will be lost in the archives of VPT; please post at the template talk page with comments, suggestions, proposed fixes, or requests. – Jonesey95 (talk) 06:00, 23 December 2024 (UTC)[reply]
@Jonesey95: I am not buying that argument for one second, also you are refusing to talk about the issue itself. Stop this bureaucratic nonsense. Most issues are solved during discussion not after, it being "lost in the archive" is a non starter as an argument. Clearly neither myself or Sjoerddebruin are going to move this discussion to the template talk page. If you continue attempting to refrain from discussing about the issue itself, consider this your first warning. I would also like to voice my disappointment of how you are handling this, I do expect better than this. Snævar (talk) 09:24, 23 December 2024 (UTC)[reply]
Responding like this and bypassing the instructions that are clearly indicated at the top of the template page is really something, especially with an unsure edit summary. Sjoerd de Bruin (talk) 09:32, 23 December 2024 (UTC)[reply]
I wasn't discussing the issue here because of WP:MULTI. See the template's talk page for further discussion. I have reverted the change and continue to welcome a better way to fix the problem that was identified and that is still present. – Jonesey95 (talk) 15:55, 23 December 2024 (UTC)[reply]

Log out

[edit]

I keep logging out every time I close the browser on my phone. Achmad Rachmani (talk) 22:11, 23 December 2024 (UTC)[reply]

Do you have some sort of ad blocker or privacy thing enabled that isn't allowing you to save cookies perhaps ? —TheDJ (talkcontribs) 22:15, 23 December 2024 (UTC)[reply]
@TheDJ: I have some sort of ad blocker enabled. Achmad Rachmani (talk) 22:22, 23 December 2024 (UTC)[reply]

Cat-a-lot gadget

[edit]

Hi. To follow up a query a user had on my talk page, I wanted to see if there was any way that edits using Cat-a-lot could be marked as minor by default? At present there is now way I am aware of to mark these edits as minor. Alternatively, would there be another way these edits could be filtered out of watchlists? We have a tick box to hide "page categorization", so could they maybe be included in that for example? Thanks. Jevansen (talk) 23:42, 23 December 2024 (UTC)[reply]

commons:Help:Gadget-Cat-a-lot#Preferences says there's a preference for that, it also shows this image: commons:File:2013-03-31-Gadget-Cat-A-Lot-prefscreen.png... is that just outdated info? does the interface still look anything like that?
Edit: erm, right, commons:Help:Gadget-Cat-a-lot#As your user gadget also shows how to set preferences with javascript, which I think is what you might have to do if there is no option (due to it not being a gadget on Wikipedia? You installed it as an user script, at least.) – 2804:F1...57:88CF (::/32) (talk) 02:23, 24 December 2024 (UTC)[reply]
Aha! The userscript you imported the gadget from (User:קיפודנחש/cat-a-lot.js, you import them here), manually sets the preference, including a minor: false!
I'm pretty sure you can overwrite that by just adding a line setting the preference after you import the script, but you could aso just copy their script into your common.js (replacing the import) and change that part to minor: true, that would also do what you want. – 2804:F1...57:88CF (::/32) (talk) 02:36, 24 December 2024 (UTC)[reply]
Hi. Thanks for this. I've updated User:Jevansen/common.js, but this doesn't seem to have changes things. Perhaps I've not done it right? Jevansen (talk) 21:02, 24 December 2024 (UTC)[reply]
Then I'm really not sure hm, I had tried looking at how other people did it, like User:Roland_zh/common.js (which seemed to work: diff), but I'm not really seeing much different? I mean it's set after the import, I guess. Well that and they are importing the gadget two different times, in two different ways...
I did find User:Liz/cat-a-lot.js, but I cannot confirm that it works, since Liz seemingly never used it.
If those don't work then I don't know, I'm sorry. Can't test it without an account anyways - maybe someone else will know. – 2804:F1...26:F77C (::/32) (talk) 21:27, 24 December 2024 (UTC)[reply]
Huh... the script you used was intentionally set to false this year: User talk:קיפודנחש/cat-a-lot.js#Minor: false
Because Help:Minor edit says adding and removing categories is not a minor edit... – 2804:F1...26:F77C (::/32) (talk) 21:40, 24 December 2024 (UTC)[reply]
Good find. I have to admit this isn't a guideline I could recall. Think it's generally an accepted practise to mark as minor any automated cat additions done on mass, as long as they're not in contentious topic areas or especially BLP sensitive etc. It was an admin that made this request to me after all. At any rate, you've definitely solved the cause of the issue here. Appreciate your help. Jevansen (talk) 01:32, 25 December 2024 (UTC)[reply]

Is it unproblematic to use `lang=` spans in section headers?

[edit]

Of course, I know it's wrong to use templates like {{lang}} in section headers, but I know anchors work correctly in the transcluded HTML, so is there any reason a header like === <span lang="la">Tu quoque</span> === would break something? Remsense ‥  16:59, 24 December 2024 (UTC)[reply]

Considering how {{subst:anchor}} works in section headings, this should be fine. I tested it in the sandbox and nothing went immediately wrong. jlwoodwa (talk) 05:22, 25 December 2024 (UTC)[reply]
When considering whether markup is OK in headings, there are several things to check - these include:
  • Whether the heading is actually broken, such as the appearance of the terminal equals signs in the rendered page
  • Whether inward links work from normal Wikitext
  • Whether inward links work from special pages (e.g. the little arrows in a watchlist)
There may be others. But generally, a <span>...</span> tag pair is fine. --Redrose64 🦌 (talk) 11:01, 25 December 2024 (UTC)[reply]

Question from Raph Williams65

[edit]

Hello everyone, i created my own template — {{Golden Badge Award}}, but it does have documentation, could someone explain to me how i could add documentation in the template. &‐Raph Williams65 (talk) 12:31, 25 December 2024 (UTC)[reply]

@Raph Williams65: I guess you meant it does not have documentation. After posting here you created Template:Golden Badge Award/doc which is shown at Template:Golden Badge Award. Is there still something you want help with? PrimeHunter (talk) 21:12, 25 December 2024 (UTC)[reply]
@PrimeHunter: after i asked the question, i went to Template:Documentation subpage and found my answer. —Raph Williams65 (talk) 04:01, 26 December 2024 (UTC)[reply]

Delivering pings on the watchlist page

[edit]

Apologies if this is old hat. Like many people, I sit on my watchlist page, clicking the "View new changes" link every so often. This would keep me up to date with stuff that I wish to be informed of, except that pings are not delivered. (By "delivered" I mean that the ping icon appears at the top of the page.) I only see that I have been pinged if I go to some other page. Would it be easy to deliver pings on the watchlist page too? For example, clicking the "View new changes" link could be added to the actions that cause ping delivery. Zerotalk 02:17, 26 December 2024 (UTC)[reply]

You can use User:BrandonXLF/UpdateNotifications.js, which automatically updates the alert and notification counts every few seconds. – DreamRimmer (talk) 05:32, 26 December 2024 (UTC)[reply]
I have forked this at User:DreamRimmer/UpdateNotificationsWatchlist.js, now it only updates notifications when we click "View new changes" link on the watchlist page. – DreamRimmer (talk) 06:57, 26 December 2024 (UTC)[reply]
There's also User:Evad37/livenotifications which polls minutely. – SD0001 (talk) 10:10, 26 December 2024 (UTC)[reply]

Why does one of these PDF files give a thumbnail and the other a link?

[edit]
alt text
Caption
alt text
Caption

The link above and the thumbnail image are generated from: [[File:Southern Telegraph, April 8, 1836, Rodney, Mississippi.pdf|page=1|thumb|alt=alt text|Caption]] [[File:US4256931A.pdf|page=1|thumb|alt=alt text|Caption]]

Why does one give a link and the other a thumbnail? Rjjiii (talk) 15:23, 26 December 2024 (UTC)[reply]

@Rjjiii File:Southern Telegraph, April 8, 1836, Rodney, Mississippi.pdf has been corrupted somehow, its size is shown as 0x0 pixels. This seems to have been going on intermittently for years, see phab:T297942. 86.23.109.101 (talk) 15:35, 26 December 2024 (UTC)[reply]
Thanks! That was really helpful. I ran the file through https://www.ilovepdf.com/repair-pdf and re-uploaded and it seems to work fine now. Rjjiii (talk) 16:02, 26 December 2024 (UTC)[reply]

Discussion at VPI about NOINDEX

[edit]

Editors might be interested in WP:VPI#NOINDEX AfDs on living people as it relates to a technical issue. -- LCU ActivelyDisinterested «@» °∆t° 15:52, 26 December 2024 (UTC)[reply]

Mass rollback not working for me.

[edit]

I've installed User:Writ Keeper/Scripts/massRollback but it doesn't show up when I look at a contributions page. Doug Weller talk 09:30, 27 December 2024 (UTC)[reply]

You can use mw.loader.load('//meta.wikimedia.org/w/index.php?title=User:Dragoniez/Selective_Rollback.js&action=raw&ctype=text/javascript'); . – DreamRimmer (talk) 09:42, 27 December 2024 (UTC)[reply]
@DreamRimmer Thanks. Copy and paste? And where to? Doug Weller talk 10:21, 27 December 2024 (UTC)[reply]
@Doug Weller: Please copy this and paste it into your common.js. – DreamRimmer (talk) 10:25, 27 December 2024 (UTC)[reply]

Quarry

[edit]

In Python, or preferably Java, how do I run a Quarry query and do something with the results (e.g. log em to console)? Polygnotus (talk) 16:10, 27 December 2024 (UTC)[reply]

To run database queries in terminal, you will need db credentials. First, create a Wikimedia developer account and a Toolsadmin account. After you have those set up, you can create a tool and get db credentials. Once you have everything in place, I can share a simple Python script to help you run queries and manage the results. For a more detailed guide, check out Help:Toolforge/Quickstart. – DreamRimmer (talk) 17:07, 27 December 2024 (UTC)[reply]

Audio

[edit]

When there is audio given for a word as in "Polish: Polska [ˈpɔlska] " there is a black speaker symbol that tells readers where to click to play the audio.

Unfortunately it seems that (at least on mobile versions) it doesn't account for the background colour so in pop up notes such as in "[a]" it just blends into the black background.

Is this fixable? I’d imagine that this possibly also interferes with dark modes but I don’t know how to check that.

2001:BB6:B817:800:901:622:DF19:9BD2 (talk) 20:25, 27 December 2024 (UTC)[reply]

Good point, I've filed phab:T382801. Nardog (talk) 01:57, 28 December 2024 (UTC)[reply]

List-defined refs

[edit]

Hi, can anyone explain to me why this edit does not fix the ref name error at ref 507? Thanks, DuncanHill (talk) 19:02, 28 December 2024 (UTC)[reply]

@DuncanHill The ref name is "Gaza genocide CNN_22_October_2024" you'd just named it "CNN_22_October_2024" Nthep (talk) 19:29, 28 December 2024 (UTC)[reply]
@Nthep: Thanks, I hadn't realised that excerpt changed the refnames. Anyway, as I've been told by an admin not to proceed I won't fix any of the other errors in the article. I don't want an ARBPIA block for fixing refs. Obviously better to leave them broken. Nobody else seems to care anyway. DuncanHill (talk) 20:10, 28 December 2024 (UTC)[reply]
Please do not make claims about me unless you can prove them. Nobody mentioned ARBPIA, and I certainly didn't play the admin card: my edit at Gaza genocide was made as an ordinary WP:XC user, a threshold that I passed way back in July 2009, more than two years before I became an admin. --Redrose64 🦌 (talk) 20:20, 28 December 2024 (UTC)[reply]
You, an admin, quoted CITEVAR at me telling me not to add LDR to an article I was editing. One I've edited several times to mend reference errors. Anyway, I won't try to fix the article again. DuncanHill (talk) 20:25, 28 December 2024 (UTC)[reply]
Yes, I'm an admin; but where did I mention that? Did I do anything that might be construed as "I'm an admin so my edit trumps yours"? Also, I didn't quote CITEVAR, I linked it. It's an editing guideline that we are all expected to follow. --Redrose64 🦌 (talk) 20:32, 28 December 2024 (UTC)[reply]
Your sig is highlighted in blue like all the other admins. DuncanHill (talk) 20:36, 28 December 2024 (UTC)[reply]
It's not a MediaWiki default feature, you probably have some gadget installed that does that (possibly User:Amalthea/userhighlighter.js); these gadgets cannot distinguish between edits made using admin permissions (such as editing a fully-protected page) and those which anybody, even the total newbies, can make (such as this post). I certainly don't have any special tool that marks some edits as admin edits and not others. In any case, my sig here is exactly the same as all the other sigs that I have left on any other discussion page since 00:01, 25 December 2024 (UTC), whether I have my admin hat on or not. --Redrose64 🦌 (talk) 21:17, 28 December 2024 (UTC)[reply]
And your name is highlighted in blue on my watchlist, like all other admins. I wasn't talking about "edits made using admin permissions". You, an admin, told me "do not add WP:LDRs to articles that previously had none, this goes against WP:CITEVAR". DuncanHill (talk) 21:25, 28 December 2024 (UTC)[reply]
(edit conflict) But I didn't do so with my admin hat on, I did so as a watcher of WP:VPT. That's what I'm saying here. I can't turn the admin bit off and on at whim (that's a WP:CRAT action), not even according to whether I need to use admin rights or not. The rights are just there, all of the time, and have been since 2011. For example, on a fully-protected page, I get an "Edit" tab and not a "View source" tab, but I also get a pink box stating "Note: This page is protected so that only users with administrative rights can make edits." It's like a WP:30/500 page: you and I both get the pink box stating "Note: This page is extended-confirmed protected so that only users with extended confirmed rights can make edits." When I edit such pages, I do so with my WP:XC hat on; and when I edit VPT, I do so hatless. One thing the admin right does not do is give my edits any greater weight. Any XC user could have made the fix that I did, and given the explanation that I did. If you feel that I am guilty of a misuse of the rights that come with the admin bit, you know what to do. --Redrose64 🦌 (talk) 21:53, 28 December 2024 (UTC)[reply]
When an admin says "do not do x" to a non-admin, then THEY ARE WEARING THEIR ADMIN HAT. It's not about "using your admin rights", it's about the fact that you are an admin. DuncanHill (talk) 22:16, 28 December 2024 (UTC)[reply]
This page is unprotected, anybody (who has read that guideline) could have written a post similar (if not identical) to mine. If I had preceded my post with a phrase such as "As an administrator, I must warn you that ...", you might have a point. But I didn't. This page has more than 3,600 watchers; I can't find out who they are (except for myself), but I suspect that some are admins and some not. The rights of a person making a post shouldn't make any difference to how that post is interpreted. Unless, of course, somebody posts in a manner that implies that they have a right that in reality, they don't. --Redrose64 🦌 (talk) 22:48, 28 December 2024 (UTC)[reply]
But not anybody wrote it, an admin wrote it. You can't tell people "do not" and then pretend you weren't an admin when you said it. If it really upsets you that people know you are an admin then resign. DuncanHill (talk) 23:00, 28 December 2024 (UTC)[reply]
I'm not pretending not to be an admin; I'm saying that the edit was done without recourse to the admin toolkit. It doesn't upset me that people know I'm an admin (it's right there on my user page), but apparently it upsets you. You can't expect an admin to do nothing but block, delete and protect: at some point admins will want to make a perfectly ordinary edit. If you are upset that you have found out that some editors also happen to be admins, uninstall that gadget that you seem to be using. Then we'll all look the same again. --Redrose64 🦌 (talk) 23:20, 28 December 2024 (UTC)[reply]
This isn't about you using the toolkit or not. It's the fact that you are an admin so when you give an instruction it is an instruction given by an admin. An admin - you - told me "do not add WP:LDRs to articles that previously had none, this goes against WP:CITEVAR". I folowed the instruction the admin had given me. DuncanHill (talk) 00:07, 29 December 2024 (UTC)[reply]
AN report filed. --Redrose64 🦌 (talk) 00:26, 29 December 2024 (UTC)[reply]
@DuncanHill and Nthep:That's not it at all. The problem is that almost the whole of the "Genocide" section is transcluded from the lead section of Gaza genocide, except for that article's infobox (and certain other preliminary matter); and the ref concerned was defined inside the infobox. Moving it outside the infobox fixes it.
BTW: please do not add WP:LDRs to articles that previously had none, this goes against WP:CITEVAR. --Redrose64 🦌 (talk) 19:43, 28 December 2024 (UTC)[reply]
@Redrose64: How else do I fix the broken refnames? That wasn't the only one. DuncanHill (talk) 19:49, 28 December 2024 (UTC)[reply]
(edit conflict) You brought one specific issue to this problem board, which I fixed, and this is the thanks that I get for that. So, despite your claim that they are responsible for all that remain, I don't see why I should fix any more for you. Please note that you have not been forbiddedn from fixing refname errors in this article by Redrose64. If there is any responsibility, it should lie with those who introduced the error in the first place, which certainly was not me. In short: problems should be fixed at source, not somewhere down the chain. --Redrose64 🦌 (talk) 20:13, 28 December 2024 (UTC)[reply]
@Redrose64: You told me not to use list-defined refs, even though this seems to be the only way of fixing the refname errors in the article. I am not going around looking for fucking horrible referencing systems to add to random articles for the hell of it, all I am trying to do is fix problems when I see them. Can you do me a favour? Next time I ask for help just ignore me. We'll both be happier, and probably things will get fixed faster. DuncanHill (talk) 20:20, 28 December 2024 (UTC)[reply]
Please read what I wrote. I didn't tell you not to use list-defined refs, I directed you to a guideline that says not to change the article's established referencing style. In my edit to Gaza genocide (linked above), I demonstrated that LDRs are not the only way of fixing the refname errors in the article. If you have other problems of a similar nature, please list them and the watchers of this page will endeavour to help, but don't expect them to do so if you are going to treat them the way that you treat me.
In short: if you don't want help from the people who hang around a help desk, don't ask at that help desk. --Redrose64 🦌 (talk) 20:29, 28 December 2024 (UTC)[reply]
I want help from helpful people. I didn't ask you to fix anything, I asked why my edit hadn't worked. I intended, having sorted the first one out, to go ahead an fix the other errors myself. You came down on me with "do not add WP:LDRs to articles that previously had none, this goes against WP:CITEVAR". So are you now saying I can ignore that? DuncanHill (talk) 20:35, 28 December 2024 (UTC)[reply]
To quote from my very first reply here: The problem is that almost the whole of the "Genocide" section is transcluded from the lead section of Gaza genocide, except for that article's infobox ... and the ref concerned was defined inside the infobox. Moving it outside the infobox fixes it. There you go: an explanation of what the problem was, plus directions on how to fix. Now, what else have I omitted to provide you with? --Redrose64 🦌 (talk) 21:21, 28 December 2024 (UTC)[reply]
Will that work for all the others in the article? DuncanHill (talk) 21:28, 28 December 2024 (UTC)[reply]
No, scrub that, Redrose64 - PLEASE STOP TRYING TO HELP ME. It's really unpleasant now. DuncanHill (talk) 21:30, 28 December 2024 (UTC)[reply]
OK, shall I take myself to WP:AN? --Redrose64 🦌 (talk) 22:06, 28 December 2024 (UTC)[reply]

Why does the account go out?

[edit]

Why is my Wikipedia account getting kicked out every hour or every day or every minute? (Strait WikiN (talk) 11:30, 28 December 2024 (UTC))[reply]

Do you allow cookies on your device? 331dot (talk) 11:50, 28 December 2024 (UTC)[reply]
Yes. I gave permission. To delete cookies or not to delete t Strait WikiN (talk) 14:48, 28 December 2024 (UTC)[reply]
Possibly related to phab:T372702? @Strait WikiN please confirm. NightWolf1223 <Howl at meMy hunts> 00:35, 29 December 2024 (UTC)[reply]