gammafunk — 오늘 오전 6:23
@ASCIIPhilia you should be able to see this channel and discuss any admin issues that you'd like to keep private
ASCIIPhilia — 오늘 오전 6:25
Thank you for inviting me.
gammafunk — 오늘 오전 6:25
@ASCIIPhilia regarding passwords/emails in sharing a user db, yes it is arguably a security concern. But ultimately it's not different than us trusting our server admins with user data in the first place
ultimately each server admin is responsible for what they do with their users' data
But the idea with starting from an existing db is to prevent griefing for a majority of users. It's limited in effectiveness to US users, of course
If you feel strongly that you don't want to import an existing user database, then we will of course allow you to start with a fresh database. We will notify users of a new server either way
But if it's all the same to you, it is helpful to start with an existing database


ASCIIPhilia — 오늘 오전 6:28
```
ASCIIPhilia
Yesterday, after finishing the server work and submitting a PR, I posted on the Korean Roguelike community that a new server was now open and that a PR had been requested to Sequell. Then I went to sleep.  However, when I checked the Roguelikes @dcss channel today, I saw concerns about name squatting. From the logs, it seems that such issues have not occurred yet. But are there any actions I should take? (e.g., temporarily disabling account registration until the announcement) 
ASCIIPhilia — Today 6:14
It seems that no one has seriously started playing yet, so if we need to restrict registrations or reset the database, I would like to announce this as soon as possible to minimize confusion (e.g., advising people not to register yet).
Or am I overreacting to something that I don't need to worry about?
gammafunk — Today 6:19
oh, yes, that's a good point
it would be ideal if you started with a user db of an existing server
that minimizes the amount of squatting/griefing that can occur
I do have a copy of cbr2 database from a number of months ago, but we could get a more recent copy of it for you
so one approach to this problem is for us to get a copy of the cbr2 user db, you install that over any existing db, and registrations can proceed from there
the alternative is to just tell people to register if they care about streaks, but we've had issues with this in the past
do you mind if I add you to the admin private channel on the dev discord?
ASCIIPhilia — Today 6:24
I didn't think it was possible because, even though the passwords are hashed, I believed sharing them for a new server launch rather than a migration could be a security issue.
ASCIIPhilia — Today 6:24
Yes, of course.
gammafunk — Today 6:24
great, we can continue discussion there
```
For those who might want to understand the this problem, I am attaching the previous conversation. 



gammafunk — 오늘 오전 6:28
yeah, I think @PleasingFungus brought it up initially
actually, as I think about it, sharing the db in the first place is somewhat more complicated
PleasingFungus — 오늘 오전 6:32
i certainly understand security concerns re sharing a db
gammafunk — 오늘 오전 6:32
last time Zureal and I sort of hacked the save download to do a password protected download but that won't work with ASCIIphilia
PleasingFungus — 오늘 오전 6:32
it's not my favorite situation
but just to be clear, there is an existing and well established security issue with starting a new DB
we share scoring between servers
so starting a new server with a fresh db effectively leaves all accounts without any password protection
and means that players have to scramble to re-register their account on a new server if they don't want to be 'griefed'
ASCIIPhilia — 오늘 오전 6:34
For users who registered on another server but can't find their account, the opportunity to register with the same nickname will be blocked.
Since the databases of all servers were not integrated from the beginning, there are likely accounts already owned by different people on each server. (Like stocks, in this case) (doesn't the owner on a specific server have no right to claim that their account should be reserved on my server? After all, if we copy, we have to choose one database from multiple servers.)
PleasingFungus — 오늘 오전 6:35
For users who registered on another server but can't find their account, the opportunity to register with the same nickname will be blocked.

I don't understand, sorry. can you rephrase?
Since the databases of all servers were not integrated from the beginning, there are likely accounts already owned by different people on each server.

Yes.

doesn't the owner on a specific server have no right to claim that their account should be reserved on my server?

Huh?

we have to choose one database from multiple servers.

Certainly. But what's the harm?
ASCIIPhilia — 오늘 오전 6:37
I am talking about exceptional cases. For example, suppose I registered as ASCIIPhilia on CWZ and forgot my password and the email I used to sign up. I am sure that I registered on CWZ, but if the new server inherits CWZ's database, I would just have another server where I lost my account instead of being able to register again.
PleasingFungus — 오늘 오전 6:37
Certainly. That's no worse than the status quo, though.
You can simply register asciiphilia2. It is a little sad, but that's life.
On the other hand, the alternative is that a troll can register asciiphilia and mess with stats.
Imagine that you're taking a break from crawl, or just aren't in the discord, and so you don't notice the announcement of a new server.
Then you come back for the next tournament.
While playing in the next tournament, a troll sees that you have a streak, registers an account under your name on the new server, and breaks your streak.
This isn't hypothetical; this is something that real people have done several times before.
It's very disruptive and troublesome to fix.
gammafunk — 오늘 오전 6:40
Using a US server db doesn't solve this problem, of course, since (especially CWZ) players may not be registered on cbr2
But it's nice that it helps a large number of players
I also realized that it'd probably be best to use the CDI database at this point, since I can more easilly set up db sharing by making asciiphilia a dgl admin temporarily
PleasingFungus — 오늘 오전 6:41
yes, and if someone was going to take advantage of a US server to break non-US players streaks, they could already use cbr2 etc




ASCIIPhilia — 오늘 오전 6:41
So I think there might be a somewhat cumbersome but smart way to handle this:

Providing an opportunity for reservation
Minimizing griefing
We could create a special registration backend to run during the initial period (a few days or weeks) of the server launch. If a user is registered on any other server, they would first be given the opportunity to register on my server.

During this period, to register on my server, one would either have to register an account that is not registered on any other server or, if the account is already registered elsewhere, log in to one of those servers (this would be handled by the backend) to authenticate the registration.

After the special backend period ends, anyone can register freely.

This way, for accounts with multiple ownership claims, the first person to reserve it would get the account, making it the fairest method in many respects.
After the special backend period ends, these privileges will also end. Therefore, this aspect is also fair.
This registration backend program might also be useful for other new server launches in the future.
ASCIIPhilia — 오늘 오전 6:50
For now, I'll take the server down to prevent any potential issues until we decide on the method to use.
gammafunk — 오늘 오전 6:51
So you would tell it 1) an existing server 2) a username and 3) a password, and if it could authenticate on that server using the credentials you provide, it would allow you to register?
ASCIIPhilia — 오늘 오전 6:51
yes
gammafunk — 오늘 오전 6:51
How would it know that an account had an existing registration?
ASCIIPhilia — 오늘 오전 6:52
The backend can attempt to login via WebSocket.
gammafunk — 오늘 오전 6:52
No, I mean, you said that it would allow a user to register if the account was not registered on any other server
So how would it know that?
In that case where I gave it some arbitrary new account not registered elsewhere, how would it in fact know that this account is not registered on any server
ASCIIPhilia — 오늘 오전 6:54
Wouldn't it be enough to check that the user file is not registered on any other server?
gammafunk — 오늘 오전 6:54
user file?
ASCIIPhilia — 오늘 오전 6:54
https://archive.nemelex.cards/morgue/ASCIIPhilia 
gammafunk — 오늘 오전 6:54
well, this doesn't actually check registration
this would be a way to try to see if the user had ever played a game on that server
but if you register and never play a game, I'm not sure you can say that any special file or directory exists
I actually registered on nemelex.cards a few minutes ago
I'm not sure if I have anything on the server at all that's public to verify this
seems I do have an rc file now
ASCIIPhilia — 오늘 오전 6:56
https://archive.nemelex.cards/rcfiles/crawl-0.31/gammafunk.rc
yep
gammafunk — 오늘 오전 6:57
yeah so I guess you could look for a specific directory, but of course each server has its own directory scheme
This is a cool idea if you're willing to implement it
I wonder what @advil thinks about the proposal (see ⁠admin-private⁠ )
One issue it doesn't quite solve is that of timing. People who came back to dcss after say 6 months away would be out of luck in this situation
I imagine you'd want a grace period of...a month? I'm not sure what's reasonable, but it would definitely need to be more than a few days
ASCIIPhilia — 오늘 오전 7:00
I believe that, given that period (6 month), we've provided the utmost consideration.
The suggested period was just a proposal, and it could be extended if necessary.
gammafunk — 오늘 오전 7:00
right
In the end, if you'd like to implement this backend for your server, we wouldn't refuse. It does sound like an improvement over simply sharing the database in a few important ways
I would like to see what advil thinks, since he's someone who's advised us on many infrastructure aspects
ASCIIPhilia — 오늘 오전 7:11
I've created things like PublicControlBot with Node.js before, so a WebSocket-based register check doesn't seem too difficult. However, I'm not sure how to access the server db file. I haven't looked into it yet, but do it use SQLite?
If it uses SQLite instead of something proprietary, it shouldn't be difficult.
ASCIIPhilia — 오늘 오전 7:27
Is the CAO server shut down?
gammafunk — 오늘 오전 7:30
yes, it's just a simple sqlite database that you could manipulate with any standart sqlite3 library
gammafunk — 오늘 오전 7:31
No, it's loading for me at https://crawl.akrasiac.org:8443/#lobby
maybe you're not using the new http url?
the old url didn't support https




ASCIIPhilia — 오늘 오전 7:32
i used webtiles.akrasica.org
in this url: https://crawl.develz.org/wordpress/howto
gammafunk — 오늘 오전 7:32
oh, yeah, that probably uses http and doesn't work
I should update that url; the current one is just https://crawl.akrasiac.org:8443/
oh actually webtiles.akrasiac.org did work
gammafunk — 오늘 오전 7:34
you should use https://crawl.akrasiac.org:8443/ I will update the url on that page
ASCIIPhilia — 오늘 오전 7:34
I couldn't get in earlier, but now I can go into the link of WordPress.
gammafunk — 오늘 오전 7:34
we need to update the json for cao as well
ASCIIPhilia — 오늘 오전 7:35
I might have been mistaken
gammafunk — 오늘 오전 7:35
well, this hostname is a typo, not sure if that matters
but in any case, I've updated the link on that page to https://crawl.akrasiac.org:8443/, thanks
and I'll update our server json for the play page as well, since that's also out of date for CAO
ASCIIPhilia — 오늘 오전 7:50
[CDI]
'wss://crawl.dcss.io/socket'
'https://crawl.dcss.io/crawl/rcfiles/crawl-git/%n.rc'

[CDO]
Console Only
'https://crawl.develz.org/configs/trunk/%n.rc'

[CAO]
'wss://crawl.akrasiac.org:8443/socket'
'https://crawl.akrasiac.org/rcfiles/crawl-git/%n.rc'

[CUE]
'wss://underhound.eu:8080/socket'
'https://underhound.eu/crawl/rcfiles/crawl-git/%n.rc'

[CBRO2]
'wss://cbro.berotato.org:8443/socket'
'https://cbro.berotato.org/rcfiles/crawl-git/%n'

[LLD]
'ws://lazy-life.ddo.jp:8080/socket'
'http://lazy-life.ddo.jp:8000/' (Broken)
'http://lazy-life.ddo.jp:8080/rcfiles/trunk/%n.rc' (Broken)

[CWZ]
Server down

[CXC]
'wss://crawl.xtahua.com/socket'
'https://crawl.xtahua.com/crawl/rcfiles/crawl-git/%n.rc'

[CPO]
'wss://crawl.project357.org/socket'
'https://crawl.project357.org/rc-files/trunk/%n.rc'
 
PleasingFungus — 오늘 오전 7:51
this is a cool idea, but i'm very sorry to say it's unclear to me that it's better than starting with an existing db
accounts with multiple ownership claims...

it's very unclear to me that we should be worrying about these. i can't remember us ever encountering issues involving them, truthfully. 
and aside from such users, who seem to be very rare, this scheme is worse in terms of allowing potential for griefing after the initial period ended - as gammafunk noted.
i would be OK with this scheme if we left this system in place indefinitely, but of course that's work to maintain.
my intuition is that it would be less work for everyone, both server admins and users, to re-use an existing db. but if you feel strongly about it, then having this 'validated login' scheme in place indefinitely seems like an acceptable second-best. 🙂
btw, very sorry to give you so much trouble about this just as you're launching your new server! i very much appreciate the work you're doing to set this server up. i just want to avoid having the same kind of 'troll' issues that we've had in the past
ASCIIPhilia — 오늘 오전 7:58
I'd like to ask the opposite question: would many people try to do such a thing six months after the server opened? In my opinion, just as you mentioned that there are very few cases of account conflicts, I don't think anyone would try to join that account. (It would have been forgotten by then.)
PleasingFungus — 오늘 오전 7:59
I'd like to ask the opposite question: would many people try to do such a thing six months after the server opened? 

yes
ASCIIPhilia — 오늘 오전 7:59
That's alright, I understand completely. Strict players would be much more sensitive to this issue. It's definitely worth the effort to find a good solution for that. 🙂
PleasingFungus — 오늘 오전 8:00
to elaborate: such trolls tend to look at things like the 'list of active streaks' and, for each player on that list, go through all servers to check if the player forgot to register themselves there 
it doesn't matter how long the server has been open, since it's always possible that a long-standing player simply overlooked one server, so trolls will check all of them
ASCIIPhilia — 오늘 오전 8:01
It's really infuriatingly clever; it's surprising that such people exist.
Seeing this, it seems like fundamentally creating an integrated account management system might be the right approach.
PleasingFungus — 오늘 오전 8:02
yes, it would be correct
we've wanted one for many many years...
but it would be a lot of work, and those rare players with multiple accounts would cause much more trouble for such a thing - since we would have to do something about them
i guess maybe we could do something like...
set up new registrations & login through a central service
turn off registrations on existing servers, but allow people to continue using their existing accounts

but then you run into some big questions, like:
what happens when someone registers an account on the central service that already exists on a server? can you log in even with these different credentials? isn't that a big opportunity for griefing..?
ASCIIPhilia — 오늘 오전 8:09
But once we go through it, we won't have to worry about it afterward. In any case, it's not an easy task.
ASCIIPhilia — 오늘 오전 8:17
I think i can use this system for a maximum of one year. If we use it indefinitely, it will become dependent on other server databases, making the situation almost the same as starting from scratch with another server database.
I understand PleasingFugus's concerns, but I still think a period of about a year is sufficient. Does anyone else have any opinions on this?
Using a specific server's database from the start does not make it free from all griefing either.
This seems to be a matter of choice:

Give the benefit of automatic registration to users of a specific server's database while preventing most griefing.
Offer equal registration opportunities to everyone, excluding a few with extraordinary records who have forgotten about DCSS for a year, and still prevent most griefing.
gammafunk — 오늘 오전 8:44
I do think it has a benefit for non-US players in particular, since we're only able to use one server database
with the import approach
Our approach to import a DB isn't as fair to users in the EU or on CPO compared to ASCIIPhilia's system
similar problem for the few users on LLD I guess. Not so many users on CPO or LLD, but both servers have a good number of users who may have used a south korean server
I am a bit worried that the technical details of the implementation and its use in practice might have unforseen problems. But I agree that on a basic level, it's not that hard to authenticate via websocket and check an rc file url
PleasingFungus — 오늘 오전 8:48
Using a specific server's database from the start does not make it free from all griefing either.

well, it means that it's not a new opportunity for griefing. If we use an existing db, we're in no worse shape than we are today; if someone neglected to register their account on the db we're copying from, then trolls could already cause them trouble.
I think i can use this system for a maximum of one year. If we use it indefinitely, it will become dependent on other server databases, making the situation almost the same as starting from scratch with another server database.


I don't understand this, sorry. Can you rephrase?
ASCIIPhilia — 오늘 오전 8:50
What I mean is that maintaining a system that relies on information from other servers for registration is no different from starting with another server's database from the beginning. 
gammafunk — 오늘 오전 8:51
It does have one important difference: it's the same as starting with all server databases instead of just one
PleasingFungus — 오늘 오전 8:51
Offer equal registration opportunities to everyone, excluding a few with extraordinary records who have forgotten about DCSS for a year...

Two points:
It's not just people who have 'forgotten about DCSS for a year' who would be affected by your proposal. If someone keeps playing DCSS, but doesn't see the announcement of a new server (or sees it but forgets about it, or doesn't realize the full implications of it), then they could be affected.
Furthermore, even for people who do see the announcement, it creates extra work for them to register their accounts. This is work that many people won't have to do if we import an existing DB. It is a small amount of work per player to register an account, but many players...
ASCIIPhilia — 오늘 오전 8:52
My english writing skills aren't very good, so I rely on tools. Feel free to make such requests anytime. 🙂
PleasingFungus — 오늘 오전 8:52
What I mean is that maintaining a system that relies on information from other servers for registration is no different from starting with another server's database from the beginning. 

Thank you for clarifying!

In addition to what gammafunk has said, I'd note that your approach means we aren't shipping a database around. That has some security advantages.
However, another problem I just thought of...
...doesn't your system mean that, whenever someone tries to register an account, we'll have to send their password in plaintext to every other server? That's a little bit awkward...
gammafunk — 오늘 오전 8:53
no
it will use a tls websocket
for servers that support tls, of course




PleasingFungus — 오늘 오전 8:54
sure, but the server will receive it in plaintext, right?
so if any of our servers were ever compromised in some way, we'd be sending them a bunch of extra passwords, as well as those that people used directly...
maybe we have bigger problems in that case, but it seems a little unfortunate
gammafunk — 오늘 오전 8:55
right, it's not an ideal system design from a security standpoint
ASCIIPhilia — 오늘 오전 8:57
However, if we operate this system temporarily, it might not be a significant issue.
Based on my checks, LLD is the only server using a websocket without TLS.
Moreover, since it's already impossible to retrieve RC files from LLD, it was likely to be excluded from the checks anyway.
PleasingFungus — 오늘 오전 8:59
The 'sending passwords' issue isn't my largest concern. I agree the other issues I raised are more important. 🙂
ASCIIPhilia — 오늘 오전 9:11
Conversely, people who fall into the blind spot of your proposal might also be deprived of a registration opportunity they shouldn't have to lose.
PleasingFungus — 오늘 오전 9:12
It seems like such people are somewhere between rare to nonexistent.
ASCIIPhilia — 오늘 오전 9:13
I think it will be rare for someone to have their streak ruined by a troll after a year.
PleasingFungus — 오늘 오전 9:13
I don't. For the reasons I described above.
And the inconvenience to them is incredibly marginal. They aren't 'deprived of a registration opportunity' - they simply will have to choose another account name. Everyone on the internet is used to this.
You have talked about 'fairness' many times, but I do not understand why.
There are no issues of 'justice' or 'fairness' here.
There is no fundamental right to be able to register an account name on a server.
I am very confused!
ASCIIPhilia — 오늘 오전 9:14
Why isn't it a right? Many online games operate pre-registration periods for nicknames.
PleasingFungus — 오늘 오전 9:14
Why would it be a right? Who would decree it to be a right?
You could declare that it's a right, if you wanted to. You are the server admin.
But it isn't a human right. It isn't a right granted by God or constitutions.
"First come, first serve" for names is a common practice, but it's not a right.
It's a reasonable default, if there are no other concerns. But I've already outlined my other concerns here.
I really don't understand what the importance of it is.
ASCIIPhilia — 오늘 오전 9:21
If the account database had been unified from the beginning and this system had been maintained, then protecting such users would be a given. However, there have already been numerous cases where this integrity has been broken, whether by goodwill or by trolls.
I'am not completely disregarding those users; we are proposing to give them a one-year period.
In my case playing on CWZ, there were players who used the names of in-game gods as their usernames. These players couldn't register those names on other servers because they were already taken, but they happily played on CWZ and didn't mind if the scoreboard was mixed with records from other servers.
PleasingFungus — 오늘 오전 9:22
thank you for providing the concrete example! it's helpful.
what do you think about the idea of specially handling such users? importing the database from another server, and then wiping those users out of it, so that they can register under the same name they used in cwz. does that seem practical?
ASCIIPhilia — 오늘 오전 9:27
I don't understand some parts. How can we identify and specially handle such users?
And why do we need to delete them?
Are you suggesting a compromise that combines using the DB and considering such users? They naturally obtained and used their IDs. Besides, my server is not CWZ, so why should we make special considerations for them? This is what I mean by fairness.
gammafunk — 오늘 오전 9:41
I think ASCIIPhilia's example about users with names of gods was just to illustrate that everyone has to live with the results of registration of account names on other servers (and the resulting effects on shared scoring). Not an example of a class of users he wanted to help in any particular way
If that clarifies
ASCIIPhilia — 오늘 오전 9:42
Yes, that's correct.
ASCIIPhilia — 오늘 오전 9:50
The word "right" might have a slightly different nuance compared to a similar word in my native language (which refers to rights). I meant it not as a human right but as something a service user should naturally be able to do.
PleasingFungus — 오늘 오전 10:33
Oh, are these actual players, or just hypotheticals?
I'm only interested in the former.
the more we talk, the less I understand this idea of fairness. Why is it more fair for 'the first person who logs on to the new server' to get a given username than for 'the person who has been using that username on another server for years?'
why is the first thing "something a service user should naturally be able to do", but the second is not?
i appreciate your patience as we discuss this... i'm sorry i haven't been able to communicate more clearly
ASCIIPhilia — 오늘 오전 11:35
No, I also apologize for not being able to convey my meaning clearly. I also want to say thank you for being patient with my opinion on this topic.
When we talk about a WebTiles server and someone asks who owns the server, we would typically refer to the admin of that server. However, the scoreboard system is a bit more complex. Simply put, we can say it belongs to all of us.
Basically, I see no reason to sync my server, which I own, with the database of another server owned by someone else. If the server is not going to be integrated with the scoreboard system, there is even less reason to do so.

It's easy to understand if you think of users from other servers as third parties, and my server and its users as the primary parties involved.
What I'm talking about is primarily fairness for my server's users. Users from other servers shouldn't interfere here. Therefore, "users from other servers (third parties) automatically getting their names on the new server (the second case)" is not natural. However, considering this synchronization and its side effects is a matter of "respect" for the scoreboard system. As a compromise for that respect, I am proposing a period of one year.
If you argue that all official servers have no autonomy and are subordinate to the scoreboard system, then I can understand that measure.
ASCIIPhilia — 오늘 오전 11:48
One more thing to add, I'm not saying that the lack of autonomy for official servers is bad (it has its own significance), nor do I think that my approach must be adhered to. 
I want to hear the thoughts of the various people here on this topic.
PleasingFungus — 오늘 오전 11:51
thank you for helping to explain!
one point is that, even from the point of view of your server's users alone, importing a database will help many of your server's users. since many of them will have accounts on other servers already, this will save them time - they won't have to re-register.
ASCIIPhilia — 오늘 오전 11:54
Yes, each approach definitely has its pros and cons.
PleasingFungus — 오늘 오전 11:54
for users whose names were taken by someone else on other servers, it's certainly worse to import someone else's DB, I agree. But it seems like there should be few such people, and an "appeals process" via email or Discord seems workable. I can talk more about this if it would be helpful.
But also...
If you argue that all official servers have no autonomy and are subordinate to the scoreboard system, then I can understand that measure.

This is an interesting question. Being an 'official' server mostly just means being included in the scoreboard system. So, we would like official servers to not 'break' the scoreboard for existing users.

On the other hand, all of this is just a game, and everyone who runs servers is doing it for fun. So, there has to be some flexibility and compromise.
My worry with the 'one year' proposal is that we are creating a lot of extra work for many people (both you and players), and that we are setting ourselves up for trouble once that one year ends.

I can believe that I am wrong, and that everything will be OK. Maybe one year is plenty.

But it seems like a shame to create those potential problems when it would be so easy to avoid.
I agree that 'the people who play on the server' should be more important to you than 'people who do not play on the server', all else being equal. This is especially true if there are 'old accounts' that have not been used in a long time, but are still holding on to names that your players want.
But my intuition - correct me if I am wrong, please! - is that there are very few such 'people who shared nicknames on CWA with other people using non-CWZ accounts'. If there are so few people, then even from the perspective of prioritizing your server's players, importing a DB seems better.
PleasingFungus — 오늘 오후 12:01
And those few players can be handled manually in some way, via some kind of appeal.
If you truly feel that the 'one year' approach is the best way forward, then I will not veto it. But I hope you consider my thoughts about this as well.

ASCIIPhilia — 오늘 오후 12:08
Would it be okay if I translated this conversation and posted it in the community that has been closely communicating with CWZ(the place where the main active users of my server will likely gather in the future)? I'd like to hear the opinions of various people.
Which server's database can I use as a basis?
And who is the final decision-maker on this matter? Does everyone here need to agree? Or is it ultimately up to me to decide?
ebering — 오늘 오후 12:12
@advil and iirc @gammafunk have the access to cao scoring, there's no formal rulebook for this sort of thing
PleasingFungus — 오늘 오후 12:27
sure thing! that makes sense to me. let me know if i can help.
PleasingFungus — 오늘 오후 12:28
gammafunk suggested that using cdi would make sense: ⁠admin-private⁠