explain xkcd talk:Crap

Explain xkcd: It's 'cause you're dumb.
Jump to: navigation, search

"if it contained a t it was treated as crapped" Shouldn't it be the other way around? The code suggests that you are correct, but "crap" doesn't contain a 't', why would it assume that the page was crapped when a 't' exists. Soulus (talk) 04:14, 4 May 2022 (UTC)

You're right, thank you! ✅ Done 108.162.246.34 03:52, 4 May 2022 (UTC)
I just noticed I had written that code wrong too. Thanks again! (That's not the original code; it's my "reconstruction" of it based on what I remember from reading it before it was deleted, with some gaps filled in by educated guesses that should be equivalent in functionality, even if they aren't the exact lines the vandal used. In particular, the CSS selectors are functionally equivalent guesses at the original code; I don't remember what the vandal had used for them. 108.162.246.34 04:02, 4 May 2022 (UTC)
Cool, no worries. Did you fix the code? Afaik, it should be != -1, rather than == to check equality, but idk much about js. Soulus (talk) 04:14, 4 May 2022 (UTC)
I got the code fixed, and tested it. The current code is fully functional. 172.70.178.199 17:04, 4 May 2022 (UTC)

Am I the only one wondering why we're providing a fully-functioning code that was capable of rendering the site unusable in minutes? With commented explanations amounting to a virtual tutorial for use? If JS has not been disabled within user pages, what's to stop someone from just copying this code and doing it again? Jrfarah (talk) 17:35, 4 May 2022 (UTC)

@Jrfarah That is correct, but an annotated version could allow us to analyze it and its derivatives, and perhaps make a counter-bot. This is a reasonable concern though. 4D4850 (talk) 19:18, 4 May 2022 (UTC)

WE GOT A NEW ONE! ALERT ALERT162.158.63.30 01:38, 21 May 2022 (UTC)Bumpf

Can I edit this page? Riolu The Furry (talk) 16:39, 22 May 2022 (UTC)

Code[edit]

I think it could be dangerous to have such destructive code visible to any wiki user, and I don't understand how the code helps enrich our understanding of the ongoing vandalism. I personally think it should be removed from the page. Vandalbane (talk) 19:57, 23 May 2022 (UTC)

The code is there so countervandalbot developers can look for bugs in it. By having the vandal code public, we have found a few bugs that have allowed us to temporarily disable the bot. The vandal usually just fixes the bugs within a few minutes, but those minutes allow us to do mass reverts and get ahead a little bit. 172.70.130.195 22:08, 23 May 2022 (UTC)
The original anticrap "vaccine" was based on studying the code, and User:Theusaf has put some counter-bot code in the main wiki JS, which also would not have been possible without public code. 172.70.130.195 22:12, 23 May 2022 (UTC)
But (until deleted, i.e. not active any more, to be directly countered) the offending account's common.js contains the code. Assuming it isn't over-obfuscated (which makes it a new task to present the possibly-buggy code to inspection) then there's each new study-case and anybody truly able to counter it can take it from (as it were) source.
Between attacks, I think there's more risk of independent copycats taking the copy (perhaps altering it, if they have any idea how to do that) than anything novel being learnt by whitehats who just missed the boat on the most recent incarnation.
I'm also concerned that the one-click-revert code provided for undoing the regular rap-spam was specifically used by the latest NATO Alphabet incarnation of the offending account. Though I've yet to go through everything they did, this legitimate tool was seemingly applied to both revert-to-Crap and unrevert-back-from-Crap in seemingly randomness, which just made things that bit messier to unravel in some ways.
(Though that was a logical step, for the vandal, I'm surprised they hadn't used a script to do that already, and I'm anticipate their next move but don't wish to give them any hints so can't really say what I think it'll be... And maybe they'll surprise me anyway.)
For what it's worth, I'm against this record having been kept in the first place, but of course that's a horse/stable-door issue. (The vandal knows the page is here, their addition to it is what prompted its semi-protection.) Any decent whitehat with an interest can probably pick up more than enough from the each attack they witness, but vandall-wannabes are being given a much lower-hanging fruit, gratis, which may inspire them more than is really comfortable for us and others. IMO. YMMV. 172.70.86.64 22:38, 23 May 2022 (UTC)
My guess is that the vandalbot's crap removal was a bug that will be fixed in the next incarnation. Do you know JS? If you think you know what the crapper will do next, maybe you could write a counterbot for that behavior? 172.70.178.115 22:47, 23 May 2022 (UTC)
I think it was deliberate. And I just unre-(re-re-re-...)reverted a handful of pages where it seemed obvious that the flip-flop reversion left it on the wrong state. Most were where the last legit addition/improvement (at least one quite historic) had been nixed, so I reinstated. One was a not-useful-comment that I personally had reverted away, previously, and it had come back by an odd number of vandal-reversions. The method I used to check for these isn't guaranteed to not miss others, though, and I left the renverting as a manual process in case of false-positives (for example, some of Kynde's dealing with apparently deleted catagories... which was interesting to learn about being done, along the way ;) ). So, anyway, just FYI, in case you have an inkling to check this kind of thing in your own way either now or in the future.
And I can read JS, fairly well, but I'm not really expert enough to not easily make a hash of it in fresh (re)coding. More of a Perl man (where it is often necessary to make {my %hash;} of it! :p ) and too prone to using Perlish techniques. Plus creating an account for myself just to try to write a counterbot won't inspire confidence. Especially as I can't claim to know exact details (enough to stop anything in its tracks), just the general form of what I'd do if I were malicious and had progressed through the last few iterations of maliciousness, and thus what I am pre-prepared to do in reaction to whatever the next specific events may then turn out to be.
Which I know looks like a cop-out. But, except where I have strong opinions to voice, I like working on the sidelines as a grunt as and when required. Rather than claiming to be the perfect Wellington to any and all particular Napoleons. I'm sure there are some very capable Wellingtons out there, even reading this, but not I. Though I'm also rather agnostic about the possibility of a definite advanced countermeasure. At best, it'd just slightly change the tack of the attacker if they discover that their One Neat Trick isn't going to work as they initially thought.
Consider my input on this a POV, not a statement of authority or any true prescience. And, as an habitual IP, I couldn't easily claim to have had the answer all along. (Or attempt to excuse my inability to be correct, if I wasn't – swings and roundabouts!) What little I'm saying, in oh so many words, as is my unfortunate habit in such things.
TL;DR;... Fair winds and smooth seas to the true sailors, and I'll do my bit to repel any pirates that swing by, and ride the storms nature throws our way in the nebulous future. 172.70.90.63 23:53, 23 May 2022 (UTC)

These are all good points, it makes sense for users to have access to the vandal's script to poke holes in it. I'm just concerned someone could get confused (or some other random troll joins) and accidentally mess up many pages. Vandalbane (talk) 22:51, 23 May 2022 (UTC)

I don't think accidental messing up is really as much of an issue. Although the Crapper already tried to socially-engineer innocents into his activities by pretending to have an anti-vandal script (which, as I say above, is not something I'd ever conceivably really claim to have). The best antidote to that is to mitigate the "Hey, everyone, try this!" being so easily propogated. And common sense. But what wiles the vandal still possesses could still result in similar spill-over of blame if they get lucky.
i.e. "Be alert! Your country needs lerts!" *cough* 172.70.90.63 23:53, 23 May 2022 (UTC)
This is a bit off-topic, but I wonder: what are the motives of our recurring vandal? Are they just bored, are they looking for reactions, or do they have some vendetta against our community? They seem to be able to bang some code together, but they don't seem very mature. Vandalbane (talk) 00:54, 24 May 2022 (UTC)
As I recall, they started out just being curious that any autoconfirmed user could run common.js scripts. I imagine they're having a gay old time "fighting" us. --Jack (t|c) 01:00, 24 May 2022 (UTC)

Bugs in code[edit]

The last edit broke the code, but it could be trivially fixed, so it's not going to keep future vandals from using it. Also, the last few versions have used https://www.explainxkcd.com/wiki/index.php/Special:Random?action=edit for the link, and we should probably mention the automatic undo part of the latest version. It seemed to be the existing one click revert code that was intended to remove crap, modified to automatically revert instead of just adding buttons (basically a zero click undo). 162.158.107.230 16:52, 24 May 2022 (UTC)

Unprotect[edit]

I would like to edit this page. Can an admin please unprotect it? Anticrap (talk) 20:03, 25 May 2022 (UTC)

Could you just give your suggestions here and let an Admin implement them as required?
I actually disagree with the logic of having this page, but if it exists I'm for it remaining protected from who-knows-what targetted maliciousness.
Anything useful can survive a bit of awkwardness because of that. 162.158.159.31 23:28, 25 May 2022 (UTC)
At the end of the paragraph beginning with "While this code" add: "Newer versions appear to be based on this reconstructed code, rather than the original. It is not clear why the crapper did this."
Replace "The vast majority of crapped pages (if not all of them) have now been reverted back to the last good state. The new bot seems to be slower and more intermittent than the old one. " with "Later attacks/recoveries have followed this same pattern, except administrators have responded faster, reducing the number of pages crapped in each attack."
Replace "The vandal changed the delay after page load (the number in the last line; 500 in the latest version) several times. " with "The vandal changed the delay after page load (the number in the last line; 500 in the last version with a delay) several times, before changing it to load with document.body.onload, the finally removing the wrapper and making it run as soon as the JavaScript loads."
Anticrap (talk) 02:44, 26 May 2022 (UTC)
I have implemented these changes. CRLF (talk) 18:16, 26 May 2022 (UTC)

New section, titled "Bot with auto-reverting"[edit]

A later version of the bot, using the account Donald Trump, had the normal crapping behavior, but also mass-reverted edits, both regular and decrapping, done by users who removed its crap. The reverts were automatic, but the operator apparently manually initiated them by opening tabs with the targeted users' contributions pages. The auto-revert code was based on User:CRLF/OneClickUndo.js, which was written as an anti-crap tool. This latest version of the bot had this code:

if (location.href.indexOf('ontrib') != -1) {
    cssSelectorForLatestCheckbox = '#mw-show-top-only'
    cssSelectorForForm = '.mw-contributions-form'
    if (document.querySelector(cssSelectorForLatestCheckbox).checked) {



function rvt(undop, undoafterp, c, tl) { // Implements one-click undo
    $.ajax({
        url: 'https://www.explainxkcd.com/wiki/api.php',
        data: {
            format: 'json',
            action: 'edit',
            title: atob(tl),
            undo: undop,
            undoafter: undoafterp,
            summary: "Reverted edit by anti-crap user",
            token: mw.user.tokens.get('csrfToken')
        },
        dataType: 'json',
        type: 'POST',
        success: function () { if (c) { $('.mw-diff-undo > a').text("success"); $('.mw-diff-undo > a').removeAttr("onclick"); } else { $('#link' + undop).text("success"); $('.mw-diff-undo > a').removeAttr("onclick"); } }
    });
}
try {
    var href = $('.mw-diff-undo > a').attr('href').split("=");
    var undop = href[4];
    var undoafterp = href[3].substr(0, href[3].length - 5);
    $('.mw-diff-undo > a').removeAttr('href');
    $('.mw-diff-undo > a').attr('onclick', 'rvt(' + undop + ',' + undoafterp + ',1,"'+btoa($("#firstHeading").text().substr(33, $("#firstHeading").text().length - 34))+'")');
}
catch (e) { console.log(e); console.log("assumed not undoable"); }


function makeLinks(str, titles) { // Implements undo links on contribs page
    $.ajax({
        url: 'https://www.explainxkcd.com/wiki/api.php',
        type: 'GET',
        dataType: 'json',
        data: { format: 'json', action: 'query', prop: 'revisions', titles: str, rvprop: 'ids', formatversion: 2 },
        success: function (data) {
            for (var i = 0; i < data["query"]["pages"].length; i++) {
                ob = data["query"]["pages"][i]
                pg = ob["title"];
                if (titles[pg] == "done") continue;
                el = titles[pg];
                $('<span id="span' + ob["revisions"][0]["revid"] + '"></span>').insertAfter(el);
                $("#span" + ob["revisions"][0]["revid"]).html(' <strong>[<a id="link' + ob["revisions"][0]["revid"] + '" onclick=\'rvt(' + ob["revisions"][0]["revid"] + ',' + ob["revisions"][0]["parentid"] + ',0,"'+btoa(pg)+'")\'>revert</a>]</strong>');
                titles[pg] = "done";
                $("#span" + ob["revisions"][0]["revid"] + ' strong a').click()
            }
        }
    })
}

cs = $('.mw-contributions-title');
titles = {};
str = "";
for (var i = 0; i < cs.length; i++) {
    titles[cs[i].getAttribute("title")] = cs[i];
    str += cs[i].getAttribute("title") + '|'
    makeLinks(str.slice(0, -1), titles);
}



        setTimeout(function() {
            location.reload()
        }, 4000)
    } else {
        document.querySelector(cssSelectorForLatestCheckbox).click()
        document.querySelector(cssSelectorForForm).submit()
    }

} else if (location.href.indexOf('common') == -1) {
    var cssSelectorForEditTextBox = 'textarea'
    var cssSelectorForEditSummaryBox = '#wpSummary'
    var cssSelectorForEditForm = '#editform'
    var cssSelectorForMainContent = '#bodyContent div:nth-child(4)'
    var cssSelectorForEditLink = '#ca-edit > span:nth-child(1) > a:nth-child(1)'
    if (window.location.href.endsWith('edit')) {
        // The current page is an "edit" page
        // Crap it
        document.querySelector(cssSelectorForEditTextBox).value = 'crap '.repeat(5000);
        document.querySelector(cssSelectorForEditSummaryBox).value = 'Crapped page';
        document.querySelector(cssSelectorForEditForm).submit()
    } else if (document.querySelector(cssSelectorForMainContent).textContent.indexOf('t') == -1) {
        // The current page is a regular "read" page, but it has already been crapped
        // Go to a random uncrapped page
        window.location.href = 'https://www.explainxkcd.com/wiki/index.php/Special:Random?action=edit'
    } else {
        // The current page is a regular "read" page, and it has not yet been crapped
        // Go to its "edit" page so it can be crapped
        document.querySelector(cssSelectorForEditLink).click()
    }
}

The crapping part seemed substantially the same as the old one, except with some minor changes to circumvent anti-crap code put in MediaWiki:common.js.

This bot ran much faster than previous bots, and affected well over 50% of pages. Several users tried to talk to the vandal and ask him/her/them to quit. (S)he/they did stop for the discussion and for a while afterwards, but then began sporadically running the bot again until the account was blocked.

Anticrap (talk) 20:09, 26 May 2022 (UTC)

Any reason why this hasn't been added yet? 172.70.126.221 03:46, 29 May 2022 (UTC)

Recent crap?[edit]

Has there been any recent crap? 172.70.126.211 17:33, 25 June 2022 (UTC)