Wikipedia:Arbitration Committee/CheckUser and Oversight/2019 CUOS appointments/CU

ST47

 * Nomination statement


 * I am volunteering for Checkuser and Oversight. I returned to Wikipedia early this year from a long inactivity - I originally edited from 2006 - 2009. I am familiar with WP:SPI and investigate and resolve cases there regularly, and I have already signed the WMF NDA as a WP:ACC user. I'm a computer security researcher and a part time web admin, so I am very familiar with the uses - and limitations - of the tool. I am comfortable calculating IP ranges and issuing range blocks. My Recent Changes and AbuseFilter patrolling causes me to stumble upon likely sock puppet accounts fairly often, and access to the Checkuser tools would allow me to properly resolve those cases and help with backlogs at WP:SPI and elsewhere. Similarly, I do occasionally run into oversightable things from recent changes or sockpuppets, and report them to the oversight team. I often have IRC and email open even while I'm not actively on wiki. So, I offer to take on either or both roles, as you decide.

Standard questions for all candidates (ST47)

 * 1) Please describe any relevant on-Wiki experience you have for this role.
 * I regularly patrol WP:SPI for cases that are ready for administration, either because a CheckUser has already commented or because no CheckUser is required, so I am familiar with investigating behavioral evidence of sockpuppetry as well as the procedures at SPI. I come across enough likely socks through patrolling Recent Changes, abuse filters, and a few other venues, to be familiar with the common LTAs. I also issue my fair share of range blocks, balancing the size of the range and the duration against the level of disruption in order to minimize collateral damage.
 * 1) Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
 * I work in computer security, and I'm a developer/sysadmin for a small hobbyist website, so I regularly work with IP addresses and ranges, WHOIS and port scan data, user agent headers, and so on.
 * 1) Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
 * No.

Questions for this candidate (ST47)

 * Editors may ask a maximum of two questions per candidate.


 * You went almost an entire decade with minimal activity . While I think it's great that you have returned, some might say that you should have been desysopped for inactivity. CU/OS are particularly sensitive permissions if put in the wrong hands, even more so than just administrator. If given the tools (and you are applying for both tools), do you think that you will be active enough over the next few years to put them to good use? --Rschen7754 01:14, 5 October 2019 (UTC)
 * Hi Rschen, thanks for the question. I won't wade too far into topic of sysop inactivity except to say that I probably wouldn't have started back up if I would have had to go through RfA again. Aside from a few new buttons, the learning curve hasn't been too steep, and I'm far from the only administrator to return from a long period of inactivity. If WP:RBM is any indication, we should be working to retain and recover experienced editors, particularly those who have left under non-controversial circumstances.
 * On point, I do believe I'm here to stay. I went inactive due to college; I now hold a stable full-time job. I've gained some maturity and life experience, and I'm returning with a fresh motivation to contribute to the project well into the future. I've learned the few new tools and processes that are relevant to my work, and I've found ways to apply my skills here that I enjoy and find productive. So yes, I do believe that I would be able to put the tools to good use.
 * Now, if I'm wrong about all that, the activity requirements for CU and OS are also quite a bit more stringent than for sysop. I believe it is 5 logged actions (with the functionary tools) in a year, and of course ArbCom has the power to change that or otherwise manage the Checkuser or Oversight tools as they see fit. I'm also aware of the experimental 2FA support and while local CU is not one of the mandatory users, I'd certainly look closely into using it if appointed, as another option to improve account security. (My password is already a long random string that is not used for any other site.) ST47 (talk) 06:15, 5 October 2019 (UTC)

Comments (ST47)

 * Comments may also be submitted to the Arbitration Committee privately by emailing . Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.

L235

 * Nomination statement


 * Greetings: I’m Kevin, and I’m applying for CheckUser and Oversight access to help with some of the backlogs we’ve seen, particularly at SPI. I’ve been an SPI clerk since December 2015, where I’ve been actively involved in sockpuppetry investigations. As a clerk and patrolling administrator, I am responsible for making initial determinations on the use of CheckUser (endorsing or declining CU requests prior to CU review), evaluating evidence, and blocking users for sockpuppetry. I’ve made over 500 blocks in the ~1 year since my RfA, and many SPI-clerk recommendations for admin action before that.


 * I have an extensive track record as a thorough evaluator of behavioral evidence in SPI cases, and I have a technical background as a Stanford computer science student. I am regularly available and accessible on IRC, and I am glad to perform CU/OS functions on ACC, UTRS, and OTRS (all of which I currently have access to).

Standard questions for all candidates (L235)

 * 1) Please describe any relevant on-Wiki experience you have for this role.
 * My nomination statement describes a number of pertinent areas in which I've contributed; in particular, I've been an SPI clerk for nearly four years, an ArbCom clerk for over four and a half years, and an administrator for over a year. In these roles, I have worked closely with functionaries and arbitrators, especially in sockpuppet investigations, and have developed experience in evaluating evidence and using the block and revdel tools.
 * 1) Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
 * I have a technical background as a student of computer science at Stanford; although networking is not my area of research, I know the basics and I'm confident I can pick up relevant skills fairly quickly. As for experience dealing with private information, I have held a number of positions requiring NDAs and/or background checks.
 * 1) Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
 * I do not have other advanced permissions, but I do have OTRS access to the info-en queue.

Questions for this candidate (L235)

 * Editors may ask a maximum of two questions per candidate.



Comments (L235)

 * Comments may also be submitted to the Arbitration Committee privately by emailing . Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.


 * Anyone around SPI will know the good work Kevin does. Thoroughly vetted and clueful administrator. --qedk (t 桜 c) 17:02, 6 October 2019 (UTC)
 * A relatively new admin but combined with their ArbCom/SPI clerking experience I feel comfortable supporting both tools. Only hesitation would be increased workload, but these are in areas that generally overlap, so I'm not really concerned. --Rschen7754 05:08, 8 October 2019 (UTC)

Oshwah

 * Nomination statement
 * I am applying for the CheckUser permissions in order to extend my participation on Wikipedia and help put a stop to sock puppetry, disruption, and abuse. I'll be available to help with processing requests that I see go unanswered on IRC, as well as help with the backlog at SPI and ACC. I've been an administrator for three years, an oversighter for one year, and have been consistently active, available, and happy to help with requests and urgent matters on IRC and other communication methods. Having the checkuser tools will help me to be able to help more people, as well as help protect this project from sock puppetry and abuse, and put an end to harassment. If you have any questions, please do not hesitate to ask and I'll be happy to answer them.

Standard questions for all candidates (Oshwah)

 * 1) Please describe any relevant on-Wiki experience you have for this role.
 * My time has been mostly spent in recent changes patrolling and attempting to mentor and help new users on Wikipedia. I patrol recent changes and revert vandalism, respond to instances of long-term abuse, username violations, blatant sock puppetry, page protection requests, and (occasionally) AFD, AN3, and ANI. I'm also an ACC Tool Administrator on WP:ACC, and assist with processing account creation requests, as well as helping tool users with difficult or complex cases. I'm also an SPI clerk and help with responding to evidence and accusations of sock puppetry. I'm also highly active on IRC and I respond to requests for assistance and input from other users, and I respond to emergencies such as LTA activity, threats, blocking requests, revision deletion and suppression requests.
 * 1) Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
 * My user page explains the extent of my background in a nutshell - I've grown up around computers and my IT-related experience goes very far back. I performed computer and network administration throughout my youth while in school, and held jobs in IT-related areas ever since. I have a BS in Computer Software Engineering Technology and a Minor in Applied Mathematics. I have extensive IPv4 and IPv6 experience that I actively use during my daily tasks at my current job, including networking, traffic routing, VPN, encryption, and security. I also have basic and advanced certification with Dell SonicWall firewalls and have written packet sniffing, ARP, and ICMP software GUIs and tools completely by myself using C++, Win32, and the WinPcap library.
 * 1) Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
 * I am an oversighter on the English Wikipedia here, a bureaucrat on the test protect, and a steward on the Wikimedia beta project. I have OTRS permissions and access to the oversight-en and info-en queues.

Questions for this candidate (Oshwah)

 * Editors may ask a maximum of two questions per candidate.
 * Your candidacy in 2018 was unsuccessful. What is different about it this time around? --Rschen7754 01:32, 4 October 2019 (UTC)
 * Since last year, I was promoted to a full clerk on SPI. I've also extended my participation on Wikipedia by not only responding to suppression requests and suppressing content that required its use with the oversight tool, but also helped to remove missed content that needed supression. I also expanded the oversight page to make it more clear, detailed, and easy to read for newcomers. I've also helped to improve the ACC process for users by increasing deflection. This was done by helping to create necessary pages in order for users to assist themselves and create their own accounts instead of making them wait up to six months to have one created for them by creating a new ticket request.

Comments (Oshwah)

 * Comments may also be submitted to the Arbitration Committee privately by emailing . Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.


 * Inclined to support, he seems to have handled OS well and also became a SPI clerk. --Rschen7754 05:05, 8 October 2019 (UTC)
 * Oshwah is an asset to SPI, has dealt with his bits well, and is also one of the most active administrators we have. --qedk (t 桜 c) 13:26, 8 October 2019 (UTC)
 * Oshwah is well versed in policy and has perfomed over 62000 admin actions in over 3 years which has spot on and one of the most active admins in the Project.Clearly an asset.Pharaoh of the Wizards (talk) 23:12, 8 October 2019 (UTC)
 * Last year I was in favour of Oshwah becoming a CheckUser and that has not changed - it actually has strengthened. He has handled OS well and is an SPI clerk. I trust his judgement. -- The SandDoctor Talk 05:17, 9 October 2019 (UTC)
 * Yes, I support Oshwah's request for CheckUser - I think he's well grasped at SPI and would be an asset. Steven   Crossin  Help resolve disputes! 06:24, 10 October 2019 (UTC)

Mz7

 * Nomination statement


 * Hello, I'm Mz7, and I would like to apply for checkuser rights this year. I have a history of evaluating SPIs going back to when I became an administrator in January 2017, and I am experienced at identifying the behavioral peculiarities that may indicate that two accounts are related. CheckUser would just be another tool in the toolbox to help with the work I already do in that area. Apart from SPI, back in January of this year I joined the account creation team (ACC), which typically has a backlog of requests awaiting checkuser (the oldest request in that queue at the time I am writing this is from 7 months ago). I would be happy to help out on that front as well. As far as my personal background goes, I am familiar with networking principles and IPv4/IPv6 range blocks, and I consider myself a quick-learner. If there is a tricky or unfamiliar case, I would not hesitate to consult with a fellow checkuser. I am very active on IRC, and I find that I get along pretty well with others on Wikipedia. I look forward to working with the team if appointed.

Standard questions for all candidates (Mz7)

 * 1) Please describe any relevant on-Wiki experience you have for this role.
 * As I mentioned in my nomination statement, I have commented on numerous sockpuppetry investigations in the past several years I've been an administrator. Specifically, I have experience spotting behavioral peculiarities that carry over between multiple accounts (which are the key in investigations—checkuser is just complementary evidence in that sense), and I am familiar with the kind of information that checkuser would return and how it would factor into the outcome of an investigation. I joined WP:ACC back in January 2019, where I have handled approximately 400 requests, about three dozen of which I had to refer to checkusers.
 * 1) Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
 * I have a technical background and am familiar with basic networking principles and IP address assignment. I consider myself a quick learner, and if there is any technical aspect of a case that I am unfamiliar with, I will not hesitate to ask a fellow checkuser for advice. I also have experience fulfilling confidentiality obligations.
 * 1) Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
 * This is my first time applying for advanced permissions beyond sysop on any WMF project. From November 2016 to April 2019, I was an active member of the OTRS team with access to the info-en and permissions queues. I voluntarily requested that my access be removed in April 2019; although my activity level was still within the activity requirements of OTRS, I decided I wanted to focus my time more on content work and administrative work on-wiki.

Questions for this candidate (Mz7)

 * Editors may ask a maximum of two questions per candidate.



Comments (Mz7)

 * Comments may also be submitted to the Arbitration Committee privately by emailing . Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.

RoySmith

 * Nomination statement


 * I am applying only for CU.  Qualifications:


 * Admin since 2005.
 * Extensive unix DevOps experience, including managing web servers at Songza and Google.
 * Engineering team lead for Smarts/EMC's IPv6 network management product.
 * Have been active on WP:SPI, opening cases for investigation by CU holders.

Standard questions for all candidates (RoySmith)

 * 1) Please describe any relevant on-Wiki experience you have for this role.
 * I've been active for the past few months opening SPI cases. I got into that when I started working on reviewing new drafts, which has a fair amount of socking involved.  My role at this point has been gathering whatever evidence I could with the standard admin capabilities.  Commonality of editing focus, correlations between users of editing timelines, similarities in usernames, editing style, etc.  When there seemed to be enough behavioral evidence, I would open a SPI case for further investigation by a CU.
 * 1) Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
 * My last two positions (Senior Software Engineer at Google, and Director of Engineering at Songza) were both hands-on running web servers and applications. Much diagnostic work involved reading through server logs.  In both positions I had access to confidential user information.  Particularly at Google, access to any personally-identifiable information was tightly controlled, on a "need to know" basis, and with strict requirements to limit access to the minimum amount of data required to do the job, for the minimum amount of time, and quarantined to a secure environment.  As a CU, I would have access to similarly sensitive user information, and would exercise the same diligence.  I'm being vague here, but please feel free to ask questions if I've glossed over anything that you want to know.
 * 1) Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
 * Other than being an admin on en, none. No OTRS permissions.

Questions for this candidate (RoySmith)

 * Editors may ask a maximum of two questions per candidate.


 * I'm a little surprised to see, given your apparent technical experience, that you've only blocked 5 IP addresses in the last 10 years. The CU role requires a lot of work with IP addresses, such as blocking, analysing or classifying networks, and evaluating collateral. Could you elaborate on how your experience has prepared you for IP addresses in the context of Wikipedia? Would you expect your blocking activity to massively change? -- zzuuzz (talk) 06:32, 4 October 2019 (UTC)


 * Every incoming HTTP request will have the remote IP address logged. For logged in users, there will be, in addition, a username.  The IP addresses can be used as a clue to suggest that multiple requests may have come from the same place.  For example, if I make a logged-in edit, then log out and make another edit, both edits will be associated with the same IP address, and that's a pretty good clue they're by the same person.


 * But, life is more complicated than that. For example, with my residential internet connection, I have a (mostly) static IP (v4) address.  Inside my house, my router does NAT, making multiple computers on my WiFi all appear to have the same IP address.  So, all you can really say about a request from that IP is that it was from some computer within range of my WiFi.


 * NAT is done on a much larger scale at universities, corporations, libraries, and the like. Even countries.  Thus, indiscriminate blocking of IPs can deny service to a large number of users as collateral damage.


 * Commercial customers are more likely to publicly expose a range of IP addresses, commonly written using CIDR notation. For example, a small business I help out with their IT needs, has a /29.  That means the top 29 bits are their network address, leaving the bottom 3 bits for internal addressing.  Excluding 000 and 111 as reserved, that gives them 6 externally routable IP address, any of which might be visible in the Wikimedia server logs for requests coming from this location.  If it were decided that this location was overrun with miscreants and we wanted to block the entire lot of them, we would block the entire /29 range (I don't think I've ever actually used this feature).  Special:Block lists some particularly sensitive examples of this, along with cautions for use, and instructions for reporting to the WMF any such blocks.


 * NAT is theoretically possible with IPv6, but the extremely large address space eliminates the main technical driver (i.e. address space exhaustion) which gave rise to NATv4. It is still used at IPv6-IPv4 traffic boundaries.


 * On the other end of the spectrum, some users will come from multiple IP addresses. The most obvious case is somebody editing from both home and their office, or from public WiFi hotspots.  Users with dial-up connections (increasingly rare these days) will get a different IP address on each connection (although, probably out of a limited-size pool).  Mobile users (a large and growing segment, especially outside of North America) will get dynamic IP addresses.  With all of those, the IP address won't change very quickly, so a user who logs out and logs in again as a sock will probably still have the same IP address.


 * Corroborating evidence would be identical user-agent strings. For example, I take my laptop with me and use it on various networks, including public hotspots and on mobile networks via tethering to my phone.  In those various locations, I'll have different IP addresses, but my user-agent string will be the same.  On the other hand, in large centrally-managed environments, software is usually rolled out onto desktops via automated processes, so every computer may have the same user-agent string.  Thus user-agent matches or mis-matches are just another hint, neither conclusively proving or disproving anything.


 * And, of course, all of the above assumes a technically naive user. A more sophisticated user can intentionally mask their IP address using proxies.  User-agent strings are likewise easy to spoof at the desktop (by installing multiple browsers, ua-switcher plugins, virtual machines, custom client software, etc).  At the network layer, a security gateway could mutate HTTP headers (including the user-agent string) on the fly.  I would be surprised if our most sophisticated and well-funded users (government-backed disinformation agencies, high-priced PR firms with Fortune-500 clients, national political parties) were not already doing this.  I think it less likely that garden-variety SEO spammers are using technology like that, but it's not beyond reach of a mid-sized company with more money than ethics.


 * As for, "Would you expect your blocking activity to massively change?", it's difficult to predict the future. Certainly, as a CU, I would have access to more information than I do now, which would help me make better block-or-no-block decisions.  Sometimes I suspect a sock, but not enough to bother opening a case for somebody else to follow up on.  As a CU, I could see for myself, which might well lead to more blocks.  I imagine I'll also be servicing the SPI queue and/or responding to requests from other queues (arbcom, etc) so that would lead to more blocks.  Massively?  That would be speculation, so I can't really answer that part.  Not to mention, that just like with edit-count-itis, I don't believe there's much value in comparing block counts.  With the tools I have now, I could certainly be doing more blocking, but I tend to be conservative about blocks, and I don't expect that would change.


 * -- RoySmith (talk) 14:26, 4 October 2019 (UTC)


 * I'd like to discuss your approach to blocking suspected socks. Perhaps you recall this incident last year, in which I undid one of your blocks because it was based solely on your assertion that any new user who shows up at AFD is a sock. At the end of that discussion you seemed to understand that that is not ok, and why it isn't ok. To my mind this isn't something that should have needed to be explained to an admin with your level of experience, but since you seemed to get it that was that.


 * Or so I thought, but then earlier this year you stated " I generally work under the assumption that when a brand new account immediately heads for AfD, something's not right. It's simply not what you would expect a brand new user to be doing.  There was  a long AN thread (started by me) about this, which I've taken as an endorsement of this approach.". My read of the reference discussion  was that there was support for that specific block and it was not a community endorsement of this approach, and I said so on your talk page, and you seemed to indicate again that you got the point.


 * So my question is, if you were granted CU access, could we expect that anyone who was new and made a comment at AFD would be checkusered by you, to try and find evidence to back up this assumption that "new user at AFD = 100% certainty of socking"? Beeblebrox (talk) 20:48, 4 October 2019 (UTC)


 * "New user at AFD = 100% certainty of socking" is overstating things. I'll certainly agree, however, that "new user at AFD = suspicion of socking".


 * WP:NOTFISHING talks about legitimate, credible concerns of bad-faith editing or sock-puppetry. Under "Grounds for checking", it gives "double voting" as one of the disruptive behaviors we're trying to defend against.  We know socking is a problem.  We know WP:UPE is a problem.  We know socking at AfDs to prevent paid articles from being deleted is a problem.  It's not a huge leap of logic to suspect that, when a new user's first edits are to AfD, maybe it's a sock.


 * So, what we're really talking about is how I would make the judgement call to suspect socking when I see unusual behavior at AfD. I can't give you an exact answer.  That's why we still employ humans to make judgement calls instead of relying on AI algorithms to do it for us.  Certainly, when a user's first edit is to AfD, that's something that raises suspicion.  When several new users all comment on the same AfD, that's a (much) bigger suspicion.  And, while I can't put into words exactly what I'm looking for, I've certainly read things that people have written and thought, "Hmmm, that sounds fishy".


 * Wielding more powerful tools implies the need for greater discretion when using them. The ability to access a user's confidential and personally-identifiable information is indeed a more powerful tool than the ability to block somebody.


 * If a block is made in error, it can be reversed with no lasting harm. Well, that's not quite true; if the act of blocking somebody ends up chasing away a potentially valuable new user, that's harm.  From the point of view of the user's account on the site, however, they've been restored to their previous state.


 * The same cannot be said of accessing confidential information. Once I've seen something, I can't unsee it.  There's no way to completely undo the disclosure, and you never know what you're going to see before you look.  Behavior-based blocks should not be made willy-nilly, but the decision to breach a user's confidentiality has to meet an even higher bar.


 * Should you expect that I'll automatically run a CU investigation on every new user that pops up at AfD? No, of course not.  Will I look at brand new users who are commenting at AfD and wonder if they're legitimate?  Yes.  How will I decide that my initial suspicion is strong enough to justify digging deeper?  The simple answer is, "I'll make my determination is accordance with the policies outlined in WP:CHECK.  The deeper answer, however, will always be, "I'm human and I'll make human judgements based on my experience and intuition, plus WP:CHECK."  And, obviously, I'll avail myself of (off-wiki) advice from other functionaries on close calls, especially as I'm getting up to speed.
 * Thanks for your detailed reply. I've just realized I missed a whole other aspect of this, now at Sockpuppet investigations/JimKrause/Archive, the entry for 6 October 2018, in which you state "Behavior and depth of understanding of wiki processes makes it impossible to believe claims of being new users."(emphasis added) A Checkuser found one of the accused to be unconnected, and the other, the one whose block was the subject of the previous AN discussion, they declined to CU at all. Given your answer above, I'm curious as to how you feel about the CUs refusal to even run a check? Beeblebrox (talk) 20:35, 6 October 2019 (UTC)
 * Obviously, I felt what I was seeing was suspicious, for the reasons stated, and deserved greater scrutiny. Based on their SPI comments, User:Atlantic306 shared my suspicion, but User:AGK felt a CU investigation wasn't warranted.  How do I feel about that?  I'm fine with it.  I made a request, and the CU declined.  That's fine, that's their job to decide which ones are justified and which aren't.  I'm not trying to be evasive, but I don't know what else you're looking for me to say.  -- RoySmith (talk) 22:18, 6 October 2019 (UTC)
 * I guess what I was getting at is if you think you would have run a CU or if you agree with the decision not to. Beeblebrox (talk) 02:46, 7 October 2019 (UTC)
 * This all happened a year ago, and I barely remember the details. But, I suspect that if, at the time, the magic CU fairy had come down and granted me three wishes, I probably would have used one of them to run a CU.  But, that was a year ago.  In the intervening time (and especially more recently as I've considered applying), I've read a lot more about CU policy. I've also opened a bunch of SPI cases and gotten to observe how things get handled in real life.  So, let's look at WP:CHECK...


 * Point 1 says, to prevent or reduce potential or actual disruption, or to investigate credible, legitimate concerns of bad faith editing. I think it's clear that this example was potential disruption, since we're talking about (potentially) influencing the result of an AfD for illegitimate purposes.  So, then we're down to whether this was credible, legitimate concerns of bad faith editing (and I'm sure that's what you're getting at).  Credible just means "believable", and obviously at the time, I believed it.  So, yeah, my reading of the policy is that this would be a legitimate check.  And thus the answer to your first question, (do) you think you would have run a CU?, is, yes.


 * But, the real answer is that I expect that initially, I'll be seeking a lot of input, and go along with the advice I receive. It's quite clear that if I were to ask you, you would say not to run it.  Given that AGK declined this a year ago, I expect they would say the same thing.  So, yeah, if this were my first case, and I asked for advice, and the two people who came back were you and AGK, I expect I'd have two people advising me not to check, and I'd go along with that.  So the answer to your second question, (do) you agree with the decision not to is also, yes.


 * I'll leave you with one last thought. In my career as a software engineer, I've learned to embrace egoless programming.  The same concept applies here.  Assuming I'm granted CU, I recognize that on day one, I'll be the least experienced and least knowledgeable of the entire CU cadre.  My first job will be to learn as much as I can from those who have more experience than I do.  It's one thing for me to read WP:CHECK and think I understand it, but I know that there's nothing that can replace real-life experience.  -- RoySmith (talk) 03:46, 7 October 2019 (UTC)

Comments (RoySmith)

 * Comments may also be submitted to the Arbitration Committee privately by emailing . Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.


 * I'd like to thank RoySmith for their extensive reply to my question above. For the benefit of readers who are less technically minded, it's not to be faulted on technical grounds, ie it shows a fair general knowledge of some of the issues that we face. I remain a little concerned about inexperience of blocking on Wikipedia in general, and IP addresses in particular, which as I mentioned above are a staple of CU work. I am not looking for large numbers of blocks, just enough to be able to identify quality and a level of experience. For example, it is one thing to know what an IP address range is - it is another to range block it and deal with all the collateral, complaints, block evasion, and other mess that comes with actually performing such a block. We all learn things from blocking IP addresses. Anyway, the decision is not mine, and I've probably had my say, so I'll step aside and wish you good luck. -- zzuuzz (talk) 18:48, 6 October 2019 (UTC)
 * Inclined to say not right now - the concern isn't lack of technical expertise but expertise in when running a CU is allowed under policy, and issuing rangeblocks (that could be CU blocks as well). Would be happy to reconsider after serving as a SPI clerk, or more relevant experience (like at WP:ACC or even m:SWMT). --Rschen7754 06:11, 7 October 2019 (UTC)
 * The written policy for CU is of course our basic rule, but in actual work it, like all policies, needs interpretation. Various CUs interpret it differently, because so much of this is judgment. In discussions on the CU list, there are frequently disagreements. Of course, most checks are not and need not be discussed there, but I think that for a good percentage of checks here might be   one or two of the current checkusers who would disagree with it, and I know that I often see declines to check where I might have run one.  to I think someone with Roy's experience on and off WP will have good judgment, and will especially know enough to go carefully at first.
 * Additionally, it seem that he has anexceptionally wide background in related technical issues, and we could certainly use his support on the team.  DGG ( talk ) 03:12, 8 October 2019 (UTC)


 * I'd also like to thank Roy for his detailed responses to my questions, and for totally not calling me out for kinda stretching the rules with 2 and 1/2 questions. Whatever else I may think, in both the past incident in question and here on this page Roy has been forthright and civil despite my rather pointed questions. Beeblebrox (talk) 23:59, 8 October 2019 (UTC)

SQL

 * Nomination statement


 * Hi, I'm SQL. I have served as an Administrator since 2007.

I'm the developer behind:


 * IPCheck, a tool used by many functionaries daily to help determine if a given IP is a proxy / webhost / compromised.
 * ISP Rangefinder and NBCH, tools used to list hosts on hosting networks.
 * IPRange, a tool used to resolve a given subnet (often helpful to identify webhosts or proxies).
 * I was the original developer behind the account creation interface

I am a regular at Requests for unblock, the account creation interface (mostly in the proxy check queue), the unblock ticket request system, and the Wikiproject on open proxies. I would primarily use the tool in those areas.

Standard questions for all candidates (SQL)

 * 1) Please describe any relevant on-Wiki experience you have for this role.
 * I mention in my nomination some of the various related tools I've written. I've contributed extensively at the Wikiproject on open proxies. I'm active in the proxy check queue at ACC.
 * 1) Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
 * As I mentioned last year, I've had a lot of relevant jobs, NOC / internal support, and cable tech support.
 * 1) Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
 * I do not. I suppose I don't know how much it matters - if at all, but I am a steward on the beta cluster. SQL Query me!  03:06, 6 October 2019 (UTC)

Questions for this candidate (SQL)

 * Editors may ask a maximum of two questions per candidate.


 * Your candidacy in 2018 was unsuccessful. What is different about it this time around? --Rschen7754 01:31, 4 October 2019 (UTC)
 * , I apologize for the delay, it's been a busy week. By and large one of the primary concerns cited was a one-time issue shortly before CUOS2018. I won't rehash the debate, but I have read and re-read that discussion many times and have taken the feedback I received there to heart. I was too quick in that instance to use the tools, and should have proposed an action and solicited feedback before doing so. SQL Query me!  04:05, 5 October 2019 (UTC)

Comments (SQL)

 * Comments may also be submitted to the Arbitration Committee privately by emailing . Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.


 * I have no concerns with SQL's judgement. He is a good administrator with sufficient technical knowledge to be of benefit to the project in this role. -- The SandDoctor Talk 03:01, 10 October 2019 (UTC)