[05:32:44] proxybot is legacy [05:32:55] super legacy from a time long before you were around [05:35:59] I don't think any of the new groups need local equivalent [05:36:26] Stewards/Tech Team/T&S is all for security reasons as they aren't allowed to hold security sensitive rights globally [05:36:55] or any rights for actions that must be done on meta [05:46:16] oh why [05:46:34] i assume GA doesn’t need a local group then either right [05:46:55] or CNM [05:47:04] Security reasons [05:47:24] GA doesn't have anything I would define as sensitive at first glance [05:47:34] Im not fully awake though yet [05:47:38] sensitive = NDA? [05:47:47] it has global abuse filter management I guess [05:47:59] but i dunno if that counts [05:51:46] That would be one consideration [05:51:55] That probably could [05:52:03] I can do proper assessments tonight [05:52:26] If stewards have the right globally and not on meta, it'll be fine [05:54:42] If you could, don't want to take up your time of course, but probably would be good to determine if any roles need local versions of them, and which can be deleted [06:31:14] I believe it was to allow global (b)locking to be performed only on Meta. If this were made a global permission, users could execute global (b)locks outside of Meta, and I think transparency would be lost [06:31:55] hmm okay [06:32:00] that makes sense yeah [06:33:34] iow if we want to grant an action that must be log-ged in Meta, we need a local group [06:46:56] Global (b)locks should be meta only [06:46:58] Yes [06:47:16] For a mix of security and integrity reasons [12:15:01] yep [12:16:06] so far none of the new groups seem to have anything that should be restricted to Meta only [12:18:23] the kind of stuff that is restricted to local meta groups is like 2FA checks and disables on the local techteam, interwiki userrights on Trust and Safety and Stewards, you get the picture [12:19:06] oh and anything related to modifying global groups & global group membership is also restricted to meta only [12:26:14] i think wiki mechanic should require 2FA [12:27:12] huh, it doesn't? i'm kinda surprised [12:28:12] and the stronger password policies [12:29:37] BlankEclair: don't think so [13:21:50] that reminds me, we never updated password policies for the tech team's global group [13:21:59] it still refers to a non-existent sre group [13:22:05] oops [13:22:49] @bluemoon0332 that makes my cyber hat cry [13:44:45] Be right back [13:44:49] https://github.com/miraheze/mw-config/pull/5603 [13:45:02] merge it please [13:45:09] it has been merged [13:45:22] Does mediawiki support using passkeys for login [13:45:22] you are only a wiki creator [13:45:36] @bluemoon0332: didn't you play with that [13:45:39] It supports webauthn [13:45:41] Yeah well current passing RfGP for GA do [13:45:58] I'm using webauthn myself [13:46:02] Oh I thought that was Authenticator app [13:46:14] please fix that then before I fly over to America and slap you with a trout [13:46:31] @bluemoon0332 does it work on all wikis now [13:46:37] so you can always login [13:46:49] [1/2] WAIT NO NO I FIXED IT NO [13:46:49] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1260230683947831426/image0.jpg?ex=668e90c9&is=668d3f49&hm=b077f842d956d91939edc5311cc4261efc8e405cc1d2e9c02e082806ffc52aec& [13:46:54] i'm surprised that people don't enable 2fa for everything [13:47:06] well if you login on meta and go straight to Special:UserLogin on the wiki you want to access it does [13:47:15] Can you use passkeys and the MFA Auth app code? [13:47:15] that's how I was able to login to rainverse.wiki [13:47:20] BlankEclair: i agree [13:47:27] can't use both [13:47:39] The reason I never did was I do t like needing to grab my phone to login [13:47:46] which kinda sucks because you don't have recovery codes if using WebAuthn [13:47:52] But not a great reason [13:47:55] Hm [13:48:02] I dont have tube key [13:48:02] though exceptions i give are test accounts and miraheze phorge because both SSO methods already have 2fa [13:48:04] Oh actually [13:48:15] also, just as soon as i said that, i forgot that i don't have 2fa enabled for wikimedia phab [13:48:21] I need to publish my GPG key [13:48:33] pixldev: a lazy hack i do is to use scrcpy to connect to my phone [13:48:35] So I can disable it if needed [13:48:44] Da fuc is scrcpy [13:48:55] https://github.com/Genymobile/scrcpy [13:49:07] I’m an app slave [13:49:11] Apple* [13:49:13] oh [13:49:16] good luck [13:50:57] I need to make a passkey on my PC when I’m downstairs [13:51:06] I don’t have a yubi key so :p [13:51:22] Although losing access to both my desktop and my phone seems unlikely [13:52:11] if you think about it, password managers just converts "something you know" to "something you have" [13:52:49] wdym, `*K=@=ti=X&cXITq5;y&@cOi2efoieo_k!"F"_?CG#k>%c:x!&?Jnqj{pTWN]d^HhL_n{]KCq` is very easy to remember /s [13:53:12] smh weak password [13:53:17] mine's ª»Sj+PÓ7Ùý[ìÑ$²?:ýuà7NÇ?wü]ð:å$zô{$R¼ý]s Mines dorwssap [13:54:52] admin is a nice one though [13:55:58] average WPA password [13:56:27] my hotspot password is "dying is my passion" [13:56:34] so ¯\_(ツ)_/¯ [13:57:10] I remember the days when I was trying to type these abominations on touchscreens whenever someone offered me to connect to their WiFi back in the day [13:57:22] for the love of god, use passphrases [13:57:27] ahaha [13:57:42] for application where i actually have to type them i'd generate a passphrase [13:58:24] i have one that's like "drastic feminine agreeable penknife gibberish payable bless manhunt legged wife chubby fanatic preshow matron overeager zen turkey universe woof aftermost", but i dread the day i have to type it out by hand [14:12:20] Okay honestly I’m not even suprised [14:12:38] Enabling MFA has stopped me being able to login [14:12:42] what [14:12:43] On the same device [14:12:53] https://cdn.discordapp.com/attachments/1006789349498699827/1260237244380483665/image0.jpg?ex=668e96e5&is=668d4565&hm=4b37bb4345d2b095636069598bdfbfdfc475eccd0a0cd16fe99f761400147cb3& [14:13:08] what in the name of fuck [14:13:25] I- I’m not even surprised anymore [14:13:35] Other errors [14:13:38] https://cdn.discordapp.com/attachments/1006789349498699827/1260237431525867550/image0.jpg?ex=668e9711&is=668d4591&hm=b2ac3ab22d173d60bd7bba9ebf6c771d544404632435c0878fe0a734d7b9f990& [14:13:42] Error* [14:13:55] @bluemoon0332 you seen this issue before? [15:01:35] I have never seen this error page before wtf [15:03:17] impressive [15:05:02] Literally right after I enable MFA [15:05:45] MFA is why i never browse miraheze logged in [15:05:48] Cant be arsed with the hassle [15:06:18] meanwhile i actively try to browse logged out, go figure [15:06:25] Just get logged out after an hour anyway theres no poinr [15:06:41] I’ll try to fix it on my PC [15:06:44] if I can’t [15:06:50] Um [15:06:53] May need some assistance [15:07:10] I think i can revoke your 2fa [15:07:21] If push comes to shove [15:07:24] technical ability shouldn't be the problem [15:07:32] Yeah [15:07:35] It’s policy [15:08:01] It would be hard to argue that someone took over my discord and speaks with the same insanity as me [15:08:13] If I’m not logged out on mobile even better [15:08:18] Desktop* [15:08:36] I have a GPG key I just forgot to publish it [15:08:52] Thats a bit silleh [15:09:01] Yea [15:09:26] I wanted to try and remove on of the identities on it that had my email [17:25:26] yep, if I take too long or input the FIDO2 wrong one too many times [17:25:49] normally I can just reload the page and try again without issues [20:44:06] yeah... @originalauthority what burden of proof do you need to remove the MFA [20:45:08] https://tenor.com/view/wojak-doomer-gif-25753254 [20:45:26] https://cdn.discordapp.com/attachments/1006789349498699827/1260336033573371935/image0.gif?ex=668ef2e6&is=668da166&hm=9ad1b3ddd3b2769428724da9ebc63fbb4c41eb7808158c07ac14af44be5c08eb& [20:45:49] save me winne your my only hope [20:45:50] LMAO [20:46:20] wonder if it would have worked if the passkey was on desktop [20:46:32] though that locks me out of phone editing [20:46:47] i could try code but then if my phone poofs womp fucking womp [20:46:51] why don't you use something like Microsoft Authenticator [20:46:58] and this is why i never enabled MFA befire [20:47:06] i used authy for my other MFAs [20:47:26] What's Authy [20:47:46] https://authy.com/ [20:48:27] authy didn't work for me probably cuz russian phone number, so I had to stick w/ google [20:48:35] i need a better solution for this mess [20:48:43] discord github and smt else are all on authy for mt [20:48:49] back when I was forced to 2fa for discord [20:49:02] and I don't think i remember its backup password [20:49:04] uh oh! [20:49:44] You should really keep a note of these things! [20:50:15] i have horrible memory i mainly use my phones password manager [20:50:16] let me check it [20:50:40] i hate everything [20:51:06] so later reset that if i canm [20:51:16] I have my recov codes though [20:51:31] copy those onto an external drive and /or print them [20:51:58] okay here are my gh recovs [20:53:40] do any auth apps still have a desktop version actually? [20:53:53] I've never seen one [20:54:53] authy used to but long sunset [20:57:29] anyways authy has worked for me [20:57:39] i just dont like needing my phone for login [20:58:23] gonna prob publish my GPG key later to cover my bases [21:10:20] i recall now why i didnt do this before [21:18:40] aegis is my authy [21:18:57] not centrally dominated, more flexible in how you use it, you are responsible for ensuring your backups though [21:19:19] if i find smt better then authy i may switch [21:19:35] for now i just wanna try to not lock myself out of my accoutn with an open RfGP LMAO [21:32:32] I am firmly aboard the aegis camp, just get your backups straightened out since if you lose it you're done for [21:32:46] but you can super easily make copies and stick them anywhere [21:32:49] does mediawiki not have recov codes? [21:32:59] TOTP does [21:33:01] do it support iOS? [21:33:01] well you're done for as far as getting back in aegis [21:33:06] but that requires you to still know your password [21:33:07] I have no idea [21:33:25] (i think) [21:33:29] you'd still be able to recover with one time codes yeah [21:33:38] probably stick aegis backups where you put the one time codes [21:33:43] one thing from the NY Times said the best option was duo lmao [21:33:47] never heard of it either [21:34:11] I avoid apple like the plague so I have limited at best idea what goes on there [21:34:18] yeah nope [21:34:23] no aegis in the walled gardeb [21:34:34] remind me again why I defend iOS [21:35:40] again dont matter to me rn [21:35:56] because you got the lockin effect [21:36:11] and people locked in wall gardens need to drink a lot to keep their wits about them [21:36:20] ill need to figure out how much of my soul i must offer to tech to remove the borked mfa or hope apple has mercy on me tommorow [21:36:33] https://tenor.com/view/wobble-pensive-emoji-pensive-ish-wobblepensive-gif-26167268 [21:37:11] for all the crap I give windows at least I can whip it into shape [21:37:18] whipped apple is just a crappy linux distro [22:35:10] Fuck Duo [22:35:17] Had to use that at uni it is hell [22:35:51] Name one good service with duo in the name [22:37:41] Duolingo! [22:38:46] HAVE YOU DONE YOUR SPANISH HOMEWORKS [22:38:59] No Spanish sux [22:40:18] EL BÚHO DUOLINGO QUIERE QUE HAGAS TU TAREA DE ESPAÑOL [22:40:58] Bone jaw [22:41:47] FUI A LA ESCUELA Y APRENDÍ CUARENTA Y TRES IDIOMAS. LO MENOS QUE PUEDES HACER ES APRENDER ESTO [22:42:08] oh @suzuneu if you get a chance, could you upd. the markadmins gadget to include WMs (and fix GP/GA) [22:42:14] um what did I walk into [22:42:29] Thats hello in french [22:42:31] Bone jaw [22:45:20] Already done I think [22:46:49] EDUCACIÓN [22:46:58] oh good [22:53:50] not sure where to ask, but my pages are getting protected somehow. is it some anti-spam thing that does it? [22:57:45] Who does the logs say protected then [22:58:06] huh? [22:58:09] what do you mean [23:02:46]