[05:19:12] oh boy….. [[Special:Diff/385462]] [05:19:12] https://meta.miraheze.org/wiki/Special:Diff/385462 [05:19:13] [05:19:15] guess he was serious [05:29:55] I'll explain [05:34:39] Answered [05:46:07] Oh I don’t think that required a response [05:46:13] But πŸ€·β€β™‚οΈ [05:46:42] If we don't, he'll open a RfC πŸ˜„ [05:53:46] wow, the answer is really easy to understand:nomChocoStrawberry:. [05:54:49] I can make it easier if needed πŸ˜„ [05:55:01] Even a 4 year old would understand [20:29:06] Could a @Stewards lock [[User:WikiTide]] [20:29:06] https://meta.miraheze.org/wiki/User:WikiTide [20:29:07] [20:29:21] created by me to avoid name theft in the future [20:29:40] or @.labster if available [20:37:14] hm we should add it to the abuse filter [20:37:16] I believe a blacklist would/should apply in that case [20:37:50] That's the thing - I created the account meaning to check the blacklist, but no such blacklists exist [20:37:51] not even an AF but an actual title blacklist if I'm remembering correctly which could only be bypassed with the appropriate rights upon creation (though if I'm dreaming an AF would probably do it) [20:38:34] I forget where it's at [20:38:39] But it should be edited [20:39:04] There is a title blacklist, yes [20:40:00] Is it editable by users or in the abuse filter ext. itself, out of curiosity? [20:41:08] Also NA if you could lock [20:43:49] See https://www.mediawiki.org/wiki/Extension:TitleBlacklist [20:43:57] Ahhh [20:44:13] oh there's nothing in that on Meta [20:44:43] There's the IP ones [20:44:44] that's it [20:45:19] Really? [20:45:24] Check our config [20:46:37] Miraheze is on there [20:46:42] But no one added WikiTide [20:47:17] _provides a trout for the responding steward to slap with_ [20:48:08] Labster has handled - I figured best to create and lock before a problematic user did, no? [20:48:17] No [20:48:21] Especially since WikiTide wasn't on the blacklist [20:48:29] I guess it doesn't really hurt but it'd be better to add it to the blacklist [20:48:32] We have many methods for blacklisting stuff [20:48:35] preferably wt was put on the blacklist preemptively instead [20:48:45] Creating an account would have been the route [20:49:03] There's a blacklist for a reason [20:49:07] So you don't do that [20:49:51] Someone can add it to the blacklist [20:50:03] And ideally do it case insensitive [20:50:29] Although hopefully AntiSpoof would block User:Wikitide [20:50:42] WikiForge would probably be a good idea too [20:50:44] I don't think it really hurts to do but I agree [20:51:00] spoofing checks didn't catch the name at all [20:51:19] <.labster> Yeah, I don't really think this is a problem. User found security issue, immediately reported after non-harmful testing. [20:51:50] That's a different username to the one you created [20:52:02] Ah [20:52:06] You don't need to security test this [20:52:15] The blacklist is public [20:52:15] wait, how? [20:52:19] oh the lowercase i [20:52:46] where is the config, exactly? [20:53:00] Where all the other config is [20:53:18] https://github.com/search?q=repo%3Amiraheze%2Fmw-config%20wgTitleBlacklistSources&type=code [20:53:21] Ah [20:53:28] <.labster> Yes it was not handled in the best possible way, but it's hardly worth complaining about, nor does it approach the idea of retesting mailman passwords like someone πŸ™„ [20:54:36] Is it a problem if a meta admin adds it to the blacklist or is that Steward/SRE territory [20:55:10] I've done it before [20:55:25] But make sure you know what the hell you are doing [20:55:52] Do not break the format [20:56:49] [1/2] @rhinosf1 [20:56:49] [2/2] https://cdn.discordapp.com/attachments/443926951292567562/1226274436056092702/Screenshot_2024-04-06_at_1.56.45_PM.png?ex=66242c10&is=6611b710&hm=a486ddd199d6714c4b0231940baba6aefc084c6ecb22242ad2019c73525aeb57& [20:57:01] https://cdn.discordapp.com/attachments/443926951292567562/1226274488082239519/Screenshot_2024-04-06_at_1.56.59_PM.png?ex=66242c1d&is=6611b71d&hm=9309be446f5ffb1f73c4a4528be04a95742e5706f1b2687b6386f24e149becbe& [20:57:13] Don't ask me to check regex [20:57:24] it fits I'm 99% sure [20:57:25] But T/F should be both cases [20:57:41] It would be better to probably have it case insensitive [20:57:49] @.labster do you speak regex? [20:57:55] <.labster> yeah lgtm [20:58:15] Will it catch WikiTide and Wikitide or just the former [20:58:22] Can you make it case insensitive [20:58:43] <.labster> it's already case insensitive, that's what the `(?i:` is doing [20:58:52] Oh cool [20:59:00] Ah good [20:59:02] @brandon.wm ye do it [20:59:05] done [20:59:20] learn something new every day! [21:00:23] <.labster> it's interesting because you could still create an account like "Foo (mmiraheze)" but not "Foo (mMiraheze)" [21:00:47] I can fix if wanted [21:00:58] I just need to know how :p [21:01:06] <.labster> I'm sure there was a reason, I'm not worried too much. [21:01:44] oh cool [21:01:48] well it's done that's good [21:02:21] <.labster> If someone went out of their way to do word boundary handling I'm sure there was a reason. [21:02:39] okay cool [21:11:25] <.labster> Anyway next time if you think there might be a security issue, ask before trying it out yourself? @brandon.wm