>Yet, it seems that until a couple of years ago there was no proof that any person had ever broken glass with his or her voice alone. Then in 2005 the Discovery Channel television show MythBusters ...*
Considering that we have had witnesses reporting that tons of times in the last 200 years, and written records of such acts (by journalists), and everything, this is a peculiar version of "proof".
Looking at the source it took me < 5 minutes to find the actual vuln =/. Drupal saying "Just migrate away" is not the correct way to handle this disclosure. Some people can't switch immediately. A patch should be made available, and the module should be depreciated. Does Drupal have a way to update modules easily? If not, there should be...
> Some people can't switch immediately. A patch should be made available, and the module should be depreciated
Maybe that's what should happen, but it's not what will happen.
The module is unmaintained. Who do you suggest should do it? Will you? If not then you're just demanding that work should be done somewhere, by someone else, without providing any path or resources for it. That's just not how freely contributed and shared labour works.
It's a risk you take on when you use that free resource, and why it matters to contribute back to the ecosystem that you're using free of charge. Frankly, if you've been using the freely available module for this long then you're already ahead of where you were before.
"This software is broken so you shouldn't use it" is absolutely a perfectly reasonable solution to the problem, and nobody owes you anything more.
> The module is unmaintained. Who do you suggest should do it? Will you?
Yes. I am contacting the security team and working on a patch already. The page mentions someone is currently working on the issue already however.
> "This software is broken so you shouldn't use it" is absolutely a perfectly reasonable solution.
I don't completely agree. If it's unmaintained, new installations shouldn't use it, totally agree. That doesn't help the 120K installations which are using the plugin though. It may take more time to impedance match apis, rather then fixing the security issue.
They probably don't want to get into the realm of maintaining user contributed modules.
They do offer an alternative (Entity Reference) and asked if anyone would patch or maintain the module. They also added a warning on the module's page.
Same. Took hardly any time to see the SQL injection. I wonder how many more of these there are on older installations using modules that are no longer actively maintained (Hint: probably lots. Code quality has come a long way since the early days of Drupal.)
All I'm seeing is a missing db_like which means a user can search for "%foo%bar%" instead of just "foo%bar". This is not a SQL-injection, nor a relevant issue.
The problem is in that function though. It is missing a condition for publication status. Titles of unpublished nodes should render for some users, but not all.
I've eventually learned to limit my usage of the Wikipedia to science, distant history, and synopsis of works of popular culture while avoiding like plague current politics and ongoing events.
...but thats on english wiki only. As pole understanding english, I despair for my natives trying to use polish wikipedia, because here politics creep everywhere. I remember what a disaster polish's article on Big Bang was before its ridiculous state was called out and went viral in sceptic circles as being plainly antiscientific. Until then it's contents were more fittingly titled as "philosophical and religious criticisms of Big Bang theory". Remnants of those may be found in Article's discussion which filled with philosophical and religious debate about Big bang.
Honest question, what alternative do you use instead? HN mostly links to news article, and I would question if current politics and ongoing events are more accurately written by news media and with less bias. I don't know about polish news companies, but its not uncommon elsewhere that news companies are openly biased towards one political party or bias their articles towards their main customer group (UK example from Yes, Minister: https://www.youtube.com/watch?v=DGscoaUWW2M).
We have books or research papers, but meta research generally acknowledge that researchers include bias into their work, often linked to the opinion of those that funds the research. Meta research is thus generally a bit better, especially the meta-meta-research papers, through it generally takes a quite political contested topic for that to happen which then further increase the risk of bias by the meta researchers selecting results that favors their side.
In terms of news, I use Haystack (http://www.haystack.tv). It aggregates YouTube videos from various media sources daily, much of it American (then again, that might be intentional). You can also pick and choose specific sources and topics you want to follow, even cast to Chromecast. The developer(s) are pretty responsive too and the app is free.
My only frustration is that it only aggregates videos on YouTube. If you want to get video news segments from media companies that publish their videos to a proprietary CDN or hosting service, you can't use it with Haystack.
> Plenty of philosophy articles are also very poor
Try the Stanford Encyclopedia of Philosophy; it's amazing and authoritative, written by the experts. And free (but takes donations!). You'll never look up a philosophy topic in Wikipedia again.
Many of them seem to be written/edited by people who are more interested in using an equation editor than in trying to explain the topic. I don't necessarily expect ELI5 level but I wonder how many people who don't already understand the topic in depth can decode most of those math pages.
They dive into a lot of jargon and rarely attempt to provide any real context that a non-specialist can understand.
I understand that it's hard to do and it also reflects the fact that Wikipedia pages are wildly variable in the audience they're written for.
I think all articles should be at formers level since people with a deeper knowledge will be using sites, books, etc where that deeper knowledge is assumed. If they aren't already they can get started by reading reading the sources in the article
It is an encyclopedia, not a collection of tutorials. That seems more appropriate for something like wikibooks. Otherwise, every single article would be in inordinately long with a lot of redundancy. I like it better in which pre-requisites are often linked to other pages, so you can brush up on the pre-req's if you don't understand them.
Topics of contention between two nations (or worse, between two political factions inside a nation) are usually suspect. Even if every sentence is meticulously sourced, you can't tell if someone is "lying by omission." Basically, the tone of the article is determined by which country (or faction) can muster more people with free time and passable English skills, which may not correspond to actual expertise on the topic...
I agree that math/physics sections are pretty good. It's difficult for knowledgeable people to disagree on these matters...
> This is a problem for literally every source on Earth, and persists even among the most prestigious newspapers, books, etc.
That's true but practically meaningless. Some sources are dramatically more reliable and accurate than others. I can't completely trust my 4 year old nephew about physics, nor can I completely trust a leading physics text book, but that doesn't make those sources similarly reliable.
What we're discussing here is where Wikipedia falls on that continuum. I agree with the GP; there is so much deception by omission in WP that I don't trust it. For example, I was just looking at (American) football player Peyton Manning's article; it completely omitted a major sexual assault/harassment allegation, one about which there was a court settlement, book, major news coverage, etc.
The Biographies of Living Persons policy is rather strict, because of the potential for libel lawsuits. The Wikipedia foundation can barely afford to keep Wikipedia running as it is, let alone deal with hundreds of libel lawsuits.
I mean explicitly that Wikipedia does as least as good on lying by omission as the most reputable sources (NYTimes, the Wall Street Journal, whatever).
Surely there must be some significant differences? It's hard to believe they are all the same. Claiming they are all the same is a strategy of propagandists (I'm not saying you are one; I'm saying it's a dubious approach). 'It's all the same' is the opposite of truth and accuracy, which require discernment; it the justification of liars (again, not the parent).
Anyway, the parent's claim isn't my experience, but now we're just one person on the Internet disagreeing with another.
I'm not saying their all the same. I'm saying Wikipedia is generally better (though of course far from perfect), without trying to make difficult-to-quantify claims about how much better.
> It's difficult for knowledgeable people to disagree on these matters...
See eg "Speed of light" for an example of the complications that people get into in writing an article that's readable by the general population, but which is also correct for the 5% of wikipedia editors who have a good grasp on this.
I find that quality on technical and mathematical subjects varies wildly.
I remember once looking up a very specific topic, just to be sure that I don't misremember a certain simple but crucial core relation. What I found was a page that was so shockingly disorganised that I had to wade through 5 pages of mindbendingly complexified, quasi-obscurantist... drivel... just to extract that central piece of information that really should have been mentioned in the bit above the TOC, or at least easy to find.
Ah, yes some areas are lacking. I am more concerned about correctness though. Do you ever find math material that is completely wrong on Wikipedia? Stuff like number theory, abstract algebra, and category theory seem to hold up when I cross reference. I'm in no position to qualify myself as mathematician though, I just enjoy mathematics a lot.
Anecdotal, but what here isn't now: I used to edit as well after noticing how incredibly wrong some of the less popular but obviously wrong articles were. Until one day I made some anonymous corrections with proper sources properly cited. I would see my edits immediately undone. I went back and re-did my edit, rewording it to be clearer, and explaining my citations, assuming I was at fault and if I simply corrected MY mistakes the edit would go through. It did not, and this time I was notified I had attempted to vandalize said page and would be banned from making further edits if I persisted. I went on to create an account and try and argue my points civilly in the talk page, to no avail, and being attacked by the article's caretaker (who by the way knew ABSOLUTELY NOTHING about the article's underlying facts/science, anything). After this I left the editing of wikipedia to people with far more patience than I, and I really believe after seeing other talk pages with glaring errors on the wiki article, that this is the modus operandi for many of these "caretakers". You step on their territory and they shoo you away as quickly as possible(they get so bad and pedantic with their arguing they call themselves "wikilawyers"). Still upsets me to this day that when I see an obvious mistake such as a bad date, misspelling or other easily identifiable misinformation I can't be bothered to do more than wonder about what the poor soul who tried to correct it went through. /rant
> Until one day I made some anonymous corrections with proper sources properly cited. I would see my edits immediately undone.
I understand where you're coming from. I've edited for items such as the citation having nothing to do with the content, and seen it reversed and gone through the same thing. Sometimes something as simple as "show me where I can find this in your citation" brings more than civil discourse -- it brings obvious animosity and is countered with straw man attacks or other logical fallacies. I think people have psychological and emotional needs, and some have a need to feel important, dutiful and powerful. This is where they satisfy that need.
Another problem is I think people in authority--sometimes very smart people--draw conclusions that they haven't properly thought about.
Do you? Seems like there should be a xkcd covering this. The usual case as near as I can tell is something like: Make a minor correction to an obvious error, including a link to a source and other wikipedia articles. Edit gets immediately reverted by whoever has declared themselves the guardian of that particular page. Talk page lights up with all sorts of tangential discussion of whether or not this particular subtopic should be corrected or deleted or reworded or something else. Someone else tries making a modification, which again is immediately reverted. People who enjoy the drama have a self-interested desire to perpetuate it. If you are lucky you could go back 6 months later and there's maybe a 50% chance that the original has been corrected (that's if the original topic hasn't come into contact with the non-notable deletionists).
Anyone know when C2 became a javascriptified dumpster fire? Seems like that's a "Day the Music Died" event that should have a date associated with it.
(Not OP) I have in the past, and my experience was that the talk page was civil, my changes were discussed and we came to a common agreement as to what the change should be.
Nothing like the fiasco you're describing.
You still haven't answered the question though; do you submit corrections?
> The usual case as near as I can tell is something like:
Based on this I'm not sure you have edited yourself, despite retorting the parent. First off articles don't have guardians; [0] just because someone disagreed with you, it doesn't mean they disagree with everyone or on every article, you're making a huge generalization. Second, I'm not sure why you see talk page discussion as a bad thing; when two parties disagree on something, they usually discuss and try to reach a consensus. [1] Do you believe you're above that or something?
> Someone else tries making a modification, which again is immediately reverted.
This is called edit warring [2] and shouldn't be done. You shouldn't just try to force your revision in after it has been disagreed with.
All you're doing in your comment is painting up some illusory image to discourage someone from trying to engage the system themselves. How about you let them edit and see for themselves if what you said is true? Based on my experience Wikipedia isn't anything like that at all, in fact most articles aren't watched enough for anyone to care how you tweak them.
Yeah, that's a hopelessly optimistic viewpoint, I fear. I have many hundreds or more contributions, but stopped a few years ago.
Tried coming back and immediately ran into edit wars on a list of fastest production cars, when legions of people were eager to get the Tesla on there on the strength of a press-release of an upcoming release. Rules warring, silent reversion, you name it.
Wikipedia Review (though not without its share of cranks, and now largely dead), shares a pretty good history of the more sordid history of WP.
When complaining about inadequate behavior from other Wikipedia editors, it would be very useful to point out concrete links to edits and reverts. This gives a chance to other interested parties to fix the article and contribute to the discussion.
I remember asking for a smaller monitor and getting some weird looks. To much screen space and I'm always turning my head left and right, was hurting my neck. I prefer virtual desktops and a tiling window manager.
