User talk:GZWDer

Hi! It is great if you're trying things out, but I would like to ask to keep obvious tests to the betacluser Wikifunctions. Cheers! -- DVrandecic (WMF) (talk) 03:08, 8 August 2023 (UTC)Reply

@DVrandecic (WMF): Sandbox-Implementation 3 (Z10131) is intended to be a sandbox object. GZWDer (talk) 11:48, 8 August 2023 (UTC)Reply

I have disabled Z10445 and Z10448, both attempts by you to bypass the security controls and give execution access to unauthorised users. This is a violation of the TOU and is not allowed. Do not do this again. Jdforrester (WMF) (talk) 12:00, 8 August 2023 (UTC)Reply

@Jdforrester (WMF): I make them since eval is a very basic function of computer science, and there are no indication that this is explicitly prohibited. Currently there is no policy of function security, and before we hand out Functioneers and Maintainers request process to the community, we need to make one. We may also need a security review process of individual implementations.--GZWDer (talk) 12:06, 8 August 2023 (UTC)Reply

You were given very special access to approve code on the understanding that it was limited to only a handful of humans on Earth, and that normal users could not do these things. It is not very plausible for you to claim that you did not realise what you were doing was not allowed. The only other item on your talk page is asking you to also ask first and implement later, following a discussion, and yet you've done this.

The TOU already covers attempts to give unauthorised access to parts of the Wikimedia system, but I agree that starting to write something at Wikifunctions:List of policies and guidelines would be a good start. Jdforrester (WMF) (talk) 12:14, 8 August 2023 (UTC)Reply

@Jdforrester (WMF): Many sorts of systems are already well sandboxed (e.g. Lua), or there are additional measure added to prevent doing anything dangerous (cf mw:Extension:Score/2021_security_advisory). The system is so safe that you does not need to be in any trusted group to edit Lua module. However Denny proposed that every implementations should be runable even without approval (this task is later merged to a task I created). Note that the "only other item on your talk page" is posted after I created these two eval objects (They are created in Friday but today is Tuesday).--GZWDer (talk) 12:22, 8 August 2023 (UTC)Reply

Ah, sorry about the timing!

Yes, we hope that the sandboxing will generally provide appropriate controls, but one of the major parts of the sandboxing is that only special power-users on wikifunctions.org can approve implementations to be run by regular users. Jdforrester (WMF) (talk) 12:33, 8 August 2023 (UTC)Reply

Note I am not challenging these decisions and will not create anything similar and feel free to disable any other implementations you think to be problematic.--GZWDer (talk) 12:28, 8 August 2023 (UTC)Reply

Hi GZWDer. I'm testing things out around here, and tried a roundtripping test case roundtrip hex2string(string2hex(string)) == string (Z10937) for these inverse functions. But it failed execution, and I can't immediately see why. Since you made these functions, I thought you may be able to tell me what I'm missing. Thanks in advance. --99of9 (talk) 08:29, 30 August 2023 (UTC)Reply

@99of9: phab:T343649. GZWDer (talk) 11:38, 30 August 2023 (UTC)Reply

Thanks. So if I understand correctly, when applied to the situation I created, it should work in future, but if I wanted it to work now, I should have put that test on the other function? --99of9 (talk) 11:47, 30 August 2023 (UTC)Reply

Done Moving it to the other function was quite easy and it works now. Thanks again. --99of9 (talk) 03:35, 31 August 2023 (UTC)Reply