February 26

Hi, when I block http://geoiplookup.wikimedia.org, I can no longer edit or even view any Wikipedia page. It just doesn't load. However, when I take wikipedia.org and wikimedia.org off my whitelist for NoScript (meaning that I block scripting completely), there's no problem. I prefer JS to be enabled on this site but I don't want to have to allow this geolocation thing. My question is why does this have to run? Yes, it's not a big deal (IP gives away my location anyway so this isn't a privacy thing), but I'm interested in the why. Voxii (talk) 01:48, 26 February 2011 (UTC)[reply]

I block the geoiplookup with adblock and can view pages just fine. The geoip is used for serving ad banners and (I think) for gathering readership statistics that are none of Wikipedia's business and that certainly shouldn't be disclosed to third parties, so blocking it is appropriate. I certainly notice that blocking the geoip server suppresses the ad banners. I don't think that raw server logs include viewer (as opposed to editor) IP addresses, though I could be wrong. I may try to find out. 71.141.88.54 (talk) 02:33, 26 February 2011 (UTC)[reply]

It does. Actually, it's more than just server logs. IP addresses of logged-in users are available to anyone with the "checkuser" right (along with developers and staff). I too use Adblock with the EasyPrivacy filter and that's why it's blocked. BTW, this only happens when logged in. Voxii (talk) 03:06, 26 February 2011 (UTC)[reply]

I see, that is weird. All the more reason not to log in, I guess. Are you seriously saying that CU can examine the browsing (not just editing) activity of all logged-in users? I didn't realize that and I find it creepy. Or do you just mean it can see what addresses have received authentication cookies for which accounts? That's more reasonable. 71.141.88.54 (talk) 03:49, 26 February 2011 (UTC)[reply]

No, just edits are recorded (and anything that triggers the abuse filter when trying to edit). They also get to see your user-agent and possibly other things. That's how they investigate "sock puppets" since most IPs are dynamic. Voxii (talk) 03:58, 26 February 2011 (UTC)[reply]

Well, I think it's worth opening a bugzilla ticket about not being able to view pages with geoipserver blocked, especially if you can reproduce it on another computer, etc. It's not good behavior of a free encyclopedia to not work without invading reader privacy. 71.141.88.54 (talk) 04:42, 26 February 2011 (UTC)[reply]

Ugh, I hate using bugzilla. For now I'm just blocking scripts from wikimedia.org and that works. I forgot why I white-listed it in the first place but it doesn't seem to break anything on this site so far. If I start feeling motivated I might try it on another computer with Chrome (instead of Firefox) and report it if the same thing happens. And yeah, I agree it's not good for Wikipedia's image, however they kinda already any respect they had with those stupid humongous donation banners. One even said "Help Keep Wikipedia Ad-free" lol. Voxii (talk) 05:48, 26 February 2011 (UTC)[reply]

Voxii and adsl-71-141-88-54.dsl.snfc21.sbcglobal.net, I think we need a dose of sanity here. The server named "geoiplookup" looks up information about the source IP address of the HTTP connection in a database and returns that information over the same HTTP connection, where it's used by Javascript running on your machine. It's not logged. If you think that Wikimedia is "secretly" logging this information and selling it to third parties in violation of their own policies, why don't you believe that they've been secretly doing that all along? If they were trying to hide what they were doing, they could give the server an innocuous name, like, I dunno, en.wikipedia.org. Your fear of this new server on the basis of its name is completely irrational. Furthermore, don't you realize that virtually every other web site on the Net keeps long-term records of everything you do on that site? You can't "block" that except by not visiting the site. It's hard to think of a web site less deserving of your fear than Wikipedia.

The IP addresses used by logged-in Wikipedia users to make edits are recorded for some period of time, and a very small number of people have the ability to view this information using a tool called "CheckUser". The only permitted use of this is to prevent sockpuppetry. Every use of this tool is logged to prevent abuse (the log does not include the IP information, just the user doing the lookup and the looked-up user); anyone abusing the system would have their checkuser right revoked (I don't know if this has ever happened). Again, this is vastly more concern for your privacy than you'll find nearly anywhere else. -- BenRG (talk) 08:58, 26 February 2011 (UTC)[reply]

Also -- ad banners? Are we using the same site? Not logging in as a way of avoiding having your IP address recorded; do you understand that when you aren't logged in, your IP address is being more easily recorded than it had been previously? Not logging in as a way of them not getting readership statistics: every visit to every page is in some server log somewhere, with your IP address. (And who says it isn't their business to gather aggregate reader statistics?) Very strange conversation here; like we're talking about a different site or something. --Mr.98 (talk) 14:07, 26 February 2011 (UTC)[reply]

It sounds like 71 thinks there are ad banners but they're simply not shown because they blocked the geolookup. Of course when advertising servers use geolocation they simply do it in the background and serve different content based on the results, they don't need to rely on a seperate server telling the client what their geolocation is which the client then tells the ad server but anyway... Nil Einne (talk) 18:12, 26 February 2011 (UTC)[reply]

No, apparently it was about the donation banners, which encouraged us to donate money in order to make Jimbo's huge potato-like face go away. I believe this coercive method was quite effective. 81.131.21.81 (talk) 19:13, 26 February 2011 (UTC)[reply]

Except all you had to do was log in to make them go away! (Some coercion!) --Mr.98 (talk) 22:01, 26 February 2011 (UTC)[reply]

Indeed the whole idea is actually incredibly silly. If you want to do a geolookup for purposes of usage statistics, there's no reason you even have to do it from a publicly accessible server or in realtime. Just store the IP in a database and activity in a database and do a geolookup on the IPs in the logs where it's not already store. If you did want to do it in realtime, you'd still not bother to give any indication to the client, a geolookup would be made by some again potentially not publicly accessible server and this would be stored in the logs. The client doesn't see any sign of this since it goes on in the background of the server farm. Nil Einne (talk) 18:08, 26 February 2011 (UTC)[reply]

You might find it useful to also post this at WP:VPT (if you would rather not open a bugzilla report) as some of the coders are frequently active on that page. Nanonic (talk) 06:05, 26 February 2011 (UTC)[reply]

If you do a Google search for ip address, you can see the surveillance abilities of some other websites. Who deserves to have the power of surveillance? Who deserves to have the power of privacy? How can the balance of those powers best reflect justice? See also Caller ID.

—Wavelength (talk) 15:08, 26 February 2011 (UTC)[reply]

Instead of asking two "who" questions and implying that every person is always deserving or always undeserving, I would have done better to ask two "when" questions to reflect different circumstances. When or in what circumstances does a person deserve to have the power of Internet surveillance? When or in what circumstances does a person deserve to have the power of Internet privacy?

—Wavelength (talk) 15:33, 26 February 2011 (UTC)[reply]

It's not "surveillance" — it's how computers work. You have to send a return address to get the site information you're asking for. If you are completely paranoid about that, there are multitudes of easy programs (e.g. tor) or proxies you can use to disguise your web surfing habits. If you're concerned about internet privacy, Wikipedia is probably the least of your troubles! Listen, I'm a huge advocate of internet privacy. But the collection of server data in and of itself does not to me pose any major threat to that. What you do with said logs is another question, but I see no indication that Wikipedia does anything invasive whatsoever with them. --Mr.98 (talk) 22:01, 26 February 2011 (UTC)[reply]

It's not how computers work. It's how IP works, but it didn't have to be designed that way. Compare IP with the (pre-Internet-age) telephone network, where every switch effectively behaves like a NAT router. Tracing a call was very difficult because it required compromising the security of every switch (probably by calling the switching station and convincing them that you had authority to request the trace). The Internet was not designed with privacy in mind, which is very unfortunate. IPv6 makes things worse by eliminating the need for NAT and dynamic IP addresses, which were introduced to delay address space exhaustion but happen to have the side effect of improving privacy. -- BenRG (talk) 01:36, 27 February 2011 (UTC)[reply]

I don't mind the existence of checkuser and some other info gathering, as long as it's only used on editors--that is, IMO, Wikipedia should not be collecting any data about readers who do not edit. By "ad banners" I mean the WP fundraising banners and so forth. If you block geoiplookup, those go away. Obviously there are other websites whose practices are worse than Wikipedia's, but we're supposed to be ahead of the curve (maybe bad metaphor, if the curve is going in the wrong direction). I do know that WP has recently been disclosing location data about its readers, which I see as a bad idea. And, my understanding had been that IP addresses of read-only page retrievals were not logged, making it impossible to gather geolocation info by post-processing the logs. But, the computing desk isn't the right place to get into a general debate about Wikipedia data collection practices even though the issue has been bothering me for a while, so I'll try to stop. 71.141.88.54 (talk) 18:56, 26 February 2011 (UTC)[reply]

My understanding is that checkuser does not let admins see anything about your reading habits, just your editing habits. So what's the big deal?

I fail to see at all how aggregate location information violates anyones privacy in any way. Knowing that 50% of your readers are from one country, and 30% are from another, tells you absolutely nothing private about the individual readers involved. The only potential privacy violation I can see is posting individual IP addresses... which is what happens when you edit without logging in. --Mr.98 (talk) 22:01, 26 February 2011 (UTC)[reply]

CheckUser only works on edits. I believe that page views are sampled in order to collect aggregate statistics; that is, one in 1000 requests or so increments a counter for the page requested and perhaps one for the general region of the world that the request comes from. This information isn't obtained by postprocessing of logs.

The Foundation has to meet its expenses (primarily related to serving pages for a top-10 web site) somehow, and I can't think of an alternative to the current annual pledge drive that isn't either more annoying or more compromising of its moral integrity. The fact that blocking geoiplookup makes the banners go away doesn't mean that geoiplookup is somehow responsible for the banners; it just means that the request to geoiplookup is one step in displaying the banner and if that step fails, the banner code gives up. Most other web sites would fall back on a default banner in that case, but the WMF is nicer than that, apparently. -- BenRG (talk) 22:48, 26 February 2011 (UTC)[reply]

AFAIK the details are stored for a limited time although you're correct it's only 1/1000. See [1] [2] where for example it's mentioned

One in thousand server accesses are logged and stored for a limited time for analysis purposes.

and

The 1:1000 sampled squid logs are scanned one day at a time. Counts per day are added to monthly totals. Since each record stands for thousand original server accesses, totals are multiplied by 1000.

Note that the privacy policy does not say your page visits won't be logged:

When a visitor requests or reads a page, or sends email to a Wikimedia server, no more information is collected than is typically collected by web sites. The Wikimedia Foundation may keep raw logs of such transactions, but these will not be published or used to track legitimate users.

and

No more information on users and other visitors reading pages is collected than is typically collected in server logs by web sites. Aside from the above raw log data collected for general purposes, page visits do not expose a visitor's identity publicly. Sampled raw log data may include the IP address of any user, but it is not reproduced publicly.

and

To provide site statistics. The Foundation statistically samples raw log data from users' visits. These logs are used to produce the site statistics pages; the raw log data is not made public.

To solve technical problems. Log data may be examined by developers in the course of solving technical problems and in tracking down badly-behaved web spiders that overwhelm the site.

All of which suggest IP addresses are logged at least for a short time, as with probably 99.99% of the internet. While the info is unclear, I presume all visits are logged for a short time but only ever used by developers, and there is also a 1/1000 sample of the logs which is used for analysis.

Anyway another thing just occured to me. The statistics AFAIK are all gathered from the squid caches. However (again AFAIK) logged in users do not use the squid cache so if you want to stay out of the stats, being logged in may help (I'm lazy to ask anyone since I don't care). To emphasise, I'm pretty sure this won't stop you being logged since as I said I'm pretty sure all requests are logged even if only kept for a short time and not used except as needed by the developers when there are problems. It simply means you won't have a possibility of being sampled in the stats. One thing is for sure, blocking the geolookup server is not going to do anything about whether or not you're part of the visitor statistics logs.

Nil Einne (talk) 15:51, 27 February 2011 (UTC)[reply]

BTW the geoiplookup info it used to choose fundraising banners [3]. It's an interesting way of doing things and I guess reflects the way all this is designed. As I've remarked I'm pretty sure it's not very common practice, most servers would just serve you different content based on the info they gather from you (including IP which they'll geolookup and possibly more themselves, cookies, any info you provided to them previously etc) rather then getting you to make a geolookup request and then send the info to them. Privacy wise I wouldn't say it's better or worse then a server doing a geolookup in the background although you can block it or send differing info which some may see as a plus. See also [4] Nil Einne (talk) 16:19, 27 February 2011 (UTC)[reply]

Thanks for the responses and as I said several times I'm ok with checkuser logging info about edits. I got concerned by Voxii's "IP addresses of logged-in users are available to anyone with the 'checkuser' right" (where "logged-in users" would seem to include non-editing users) but it sounds like that is inaccuarate. Re other info: I used to share Mr. 98's view that disclosing non-individualized aggretated viewership data didn't impact privacy, but I no longer believe that, and there's certain classes of Wikipedia articles that I don't like to read online because of the aggregate reporting. It's like a secret-ballot election: even if your individual vote is not identifiable, the aggregate vote total has potentially enormous consequence. And reading an encyclopedia privately should have no consequences of any sort, not just no individualized consequence.

I'm taking the view that the purpose of this project is to write an encyclopedia, and we find ourselves also running a giant web site as a not-completely-fortunate side effect. So our privacy experience for readers should be guided by the printed encyclopedias that we aim to replace, and not by the creepier practices of other web sites. When you read Encyclopaedia Britannica at the library and put the volumes back on the shelf where you got them, they don't send any info of any kind anywhere, including aggregated info. That is not an imperfection of the printed medium; it's an advantage and we have a huge privacy regression compared to it. Anyway this isn't the right venue for such a discussion but I might write some more about it elsewhere. 71.141.88.54 (talk) 10:11, 3 March 2011 (UTC)[reply]

Microsoft tried to do an update to my computer to prevent USB pen drives from running auto-start (while allowing CDs and DVDs to continue to do so). I refused. I went to their site to try to figure out why they wanted to do this, but didn't find an answer. Does anybody know why ? StuRat (talk) 05:14, 26 February 2011 (UTC)[reply]

Because security researchers, users and anti-malware companies have been demanding that they do this ever since auto-run was introduced to Windows. Many malware items such as Conficker use the auto-run functionality of USB drives to help them spread. See AutoRun#Attack_vectors, [5], [6] and [7]. Nanonic (talk) 05:45, 26 February 2011 (UTC)[reply]

Indeed. It is a REALLY good idea to disable USB autorun. The Masked Booby (talk) 13:36, 26 February 2011 (UTC)[reply]

If you can. I've been trying to disable USB autorun in XP for the past year. I even downloaded the software from Microsoft that was supposed to do it, but it doesn't :-( --Shantavira|^{feed me} 13:43, 26 February 2011 (UTC)[reply]

It seems to me that a panel that pops up and tell you what it's trying to auto-run, and asks your permission to do so, would be better than just disabling it completely. StuRat (talk) 21:19, 27 February 2011 (UTC)[reply]

Dear Wikipedians:

I saw in the news that:

Sr. Director of Engineering at Mozilla Corporation, Damon Sicore, posted on Google Groups ahead of the public release: "Yesterday we killed the blocker list, ...

My question is: what does Damon mean when he said "we killed the blocker list.", does it mean that:

a) There are still blocker bugs, but the list was simply struck out so as to try pushing Firefox to market ahead of IE9?

OR

b) all blocker bugs have been squashed?

Thanks,

66.241.140.111 (talk) 14:25, 26 February 2011 (UTC)[reply]

Well, certainly not (a). There are ways of getting rid of blocking bugs without fixing them, such as reducing the severity or postponing them to a later release, but those decisions would be made on a case-by-case basis. Mozilla's public tracker should tell you the fate of every former blocking bug, but I don't know how to search it. -- BenRG (talk) 21:05, 26 February 2011 (UTC)[reply]

Thanks. I had forgotten about this post I made until I was reading Firefox news today. Guess that demonstrates the foible of human memory: they can only work by association or by habit. 66.241.140.111 (talk) 21:08, 3 March 2011 (UTC)[reply]

Resolved

I kind of assumed they could, but I'm thinking I've been naive. I was just reading the Python see below documentation and saw this:

Every block of memory allocated with malloc() should eventually be returned to the pool of available memory by exactly one call to free(). It is important to call free() at the right time. If a block’s address is forgotten but free() is not called for it, the memory it occupies cannot be reused until the program terminates.

This seems to say that any forgotten blocks will be freed, by Windows' intervention, when the program terminates - and therefore not every call to malloc has to be balanced by a call to free, if the freeing is intended to take place at the end of the program. Have I got that right? I write in C (on XP) and usually have a clean_up() function which is the last thing the program calls, containing several calls to free() for things I've malloced but which behave similarly to globals, i.e. I want them all the time and never want to free the space while the program is running. (This might be a hangover from writing on the classic Mac systems, where if I remember rightly it was possible, by forgetting to free stuff, to put blocks of memory out of use until the next reboot.) Can I just throw away these clean_up functions? 81.131.21.81 (talk) 17:09, 26 February 2011 (UTC)[reply]

As far as I know, Python's interpreter won't allow memory leaks unless bugged somehow. However, should you write the program in C or even assembly code, I'm pretty sure you can waste all the memory you like! Zakhalesh (talk) 17:20, 26 February 2011 (UTC)[reply]

Sorry, I wasn't actually asking about Python - I just happened to be reading about it (that part of the documentation relates to embedding Python in C, which I was considering doing). Python, to be clear, is a distraction: ignore the bit about Python. My question is, can I really, using C on Windows, leave blocks of memory unusable after my program has quit, or will the system ensure this doesn't happen? 81.131.21.81 (talk) 17:30, 26 February 2011 (UTC)[reply]

Hmm. As far as I know, the OS will be able to reclaim the memory once the program has quit, creating the "sawtooth" that memleaks are known for, but I'm not sure so I'd like someone a bit more experienced with this to answer as well. — Preceding unsigned comment added by Zakhalesh (talk • contribs) 17:41, 26 February 2011 (UTC)[reply]

You shouldn't need to worry, as long as you're using an OS with memory protection (any modern OS). If I recall correctly (but I might not), the OS only assigns whole pages of memory to a particular process. When that process ends, the OS reclaims all of the pages it assigned, since they're no longer needed. Paul (Stansifer) 17:55, 26 February 2011 (UTC)[reply]

Thanks. 81.131.21.81 (talk) 18:13, 26 February 2011 (UTC)[reply]

It's a common misconception that languages with garbage collection prevent all memory leaks: they prevent losing the capacity to reach an unfreed object (so long as they do cycle detection), but an algorithm may never use a reference again and yet "forget" to clear it (some Java-based examples). --Tardis (talk) 01:49, 27 February 2011 (UTC)[reply]

It is correct that there is no value in freeing memory directly before a program terminates. It may be helpful in certain types of debugging situations (so that you can use a debugger to check for memory that was accidentally left unfreed when it ought to have been), but other than that it is a waste of code and time. Looie496 (talk) 18:16, 26 February 2011 (UTC)[reply]

I wouldn't call it a waste: it's good practice (in both the training and the "course of work" senses), and it allows your code to be composable. (There's no prohibition against calling main() recursively, for instance, and in Python (even though that's not the OP's real point) any script can be loaded as a module.) It's probably possible to leak some things like shared memory objects or so, but I'm not sure. --Tardis (talk) 01:49, 27 February 2011 (UTC)[reply]

"There's no prohibition against calling main() recursively" - true in C, false in C++ (see sections 3.6.1.3 and 5.2.2.9[8] --Colapeninsula (talk) 17:14, 28 February 2011 (UTC)[reply]

In your situation, the best and direct way is using a password reset program, it allows you to reset the password of windows without knowing the old one by burning to a blank CD or USB flash drive. Sounds simple? Well, just try it, i think you will solve your problems soon. You can get more from this tutorial How to change/reset windows password without data loss. http://www.passwordseeker.com

(laptop password lost)

I can't remember the password to my laptop is there some way to recall it? — Preceding unsigned comment added by SonyaMMD (talk • contribs) 20:39, 26 February 2011 (UTC)[reply]

Yes, but we'll have to go deeper. [9] 109.128.182.182 (talk) 21:13, 26 February 2011 (UTC)[reply]

It is possible to recover Windows passwords using rainbow table lookup, if the passwords aren't too long (less than 14 characters). You may want to take a look at the article Ophcrack. Using a functioning PC, follow the links to the website, download the CD image corresponding to your windows version, burn a CD, and and boot your laptop from the CD. A program is automatically started, which tries to detect all user passworrds, including the administrator password, on the laptop. --NorwegianBlue ^talk 22:29, 26 February 2011 (UTC)[reply]

Is it the windows password or the BIOS password? 82.43.92.41 (talk) 00:29, 27 February 2011 (UTC)[reply]

There are also options to reset the password. If you have Windows on your laptop you can use your Windows CD I believe. Or this one that I have used in the past also works: [10]. And it works well enough. Though I didn't test to see if it keeps any passwords you had saveed on your login (such as if you saved your web mail password in your browser). - Akamad (talk) 04:40, 27 February 2011 (UTC)[reply]

I fixed your question title. In the future, please use more helpful titles. StuRat (talk) 21:14, 27 February 2011 (UTC)[reply]

http://webchat.freenode.net/?nick=lostPassword&channels=##windows ¦ Reisio (talk) 21:12, 28 February 2011 (UTC)[reply]

I would like to print from my personal laptop to the networked printer at my place of work. I'm connected to wireless network but I guess the printer and workstations are probably connected some other network. Is there some software I can install on my workstation (I have administrative rights enough to install software on my work machine) and my laptop that will enable me to send documents to print via my work desktop? Laptop: Win7; PC: WinXP. The IT department say I can't do it but they just don't like taking time out from their goblin slaying/gold hoarding MMPORGS. --129.215.5.255 (talk) 22:05, 26 February 2011 (UTC)[reply]

When IT says you "can't" do it, they may well mean that it's against workplace policy and you could face disciplinary action for doing it. I think your best bet is to copy the file to a shared folder and then print it from the work machine, since that's unlikely to run afoul of any rules. There is probably a supported way to log in to the work machine from your laptop (e.g. VNC) and to copy files to it (e.g. SSH and WinSCP). -- BenRG (talk) 00:36, 27 February 2011 (UTC)[reply]

If you've forgotten your Windows password and you're on a domain, you should contact your system administrator to reset your password. If you're not on a domain, you can reset your password by using a password reset disk or by using an administrator account. If you forget the administrator password and don't have a password reset disk or another administrator account, you won't be able to reset the password. If there are no other user accounts on the computer, you won't be able to log on to Windows and will need to re-install Windows. If you do not want to re-install your windows system, then follow this tutorial to reset a forgotten windowsvistapassword: Source(s):http://www.passwordseeker.com

If you've forgotten your Windows password and you're on a domain, you should contact your system administrator to reset your password. If you're not on a domain, you can reset your password by using a password reset disk or by using an administrator account. If you forget the administrator password and don't have a password reset disk or another administrator account, you won't be able to reset the password. If there are no other user accounts on the computer, you won't be able to log on to Windows and will need to re-install Windows. If you do not want to re-install your windows system, then follow this tutorial to reset a forgotten windowsvistapassword: Source(s):http://www.passwordseeker.com