[02:58:48] <BlankEclair>	 lol, i got a console warning saying that miraheze.org could be a bounce tracker
[02:58:51] <BlankEclair>	 https://firefox-source-docs.mozilla.org/toolkit/components/antitracking/anti-tracking/bounce-tracking-protection/index.html
[03:31:27] <MirahezeRelay>	 <alu19_, replying to BlankEclair> Bounce tracker ?
[03:31:42] <BlankEclair>	 apparently some sort of tracker that relies on redirects?
[03:31:52] <MirahezeRelay>	 <alu19_> Huh
[03:40:25] <MirahezeRelay>	 <notaracham> I wonder what's causing that, I'd guess something with interwiki or redirection from top level > mainpage and our logging.
[03:50:17] <BlankEclair>	 maybe sul2?
[03:50:36] <BlankEclair>	 funny enough, i got that warning while i was on phorge of all places
[11:14:37] <MirahezeRelay>	 <originalauthority> @blankeclair you are an angel for T13428
[11:15:00] <BlankEclair>	 you're welcome <3
[11:15:22] <MirahezeRelay>	 <aeywoo> Hmmm.....
[11:15:25] <MirahezeRelay>	 <aeywoo> Access denied....
[11:16:02] <MirahezeRelay>	 <aeywoo> I wonder what CVE number it'll be.
[11:17:14] <BlankEclair>	 CVE-2025-6969
[11:18:28] <MirahezeRelay>	 <aeywoo> Ahh, the fated UserLogin XSS by typing in aklapper's name three times and putting a script in the password reset screen
[13:59:34] <MirahezeRelay>	 <blankeclair> pre condition being that you must _not_ have brought a goat sacrifice with you
[14:55:20] <MirahezeRelay>	 <aeywoo, replying to blankeclair> Ah dangnamit.
[21:09:54] <MirahezeRelay>	 <pixldev> @rhinosf1 uuuuh can we action https://issue-tracker.miraheze.org/T13431
[21:12:09] <MirahezeRelay>	 <blankeclair, replying to pixldev> PrivateSettings.php
[21:12:34] <MirahezeRelay>	 <blankeclair> i've noticed an api key variable in the ED config for a wiki already
[21:13:08] <MirahezeRelay>	 <blankeclair> and if we can't do PrivateSettings.php, perhaps a per-wiki managewiki/settings hack with a restricted visibility
[21:14:32] <MirahezeRelay>	 <pixldev> i thought we had a way to do private settinfs
[21:14:43] <MirahezeRelay>	 <pixldev> or are webhooks for discord notifs public
[21:17:08] <MirahezeRelay>	 <rhinosf1, replying to pixldev> Replied
[21:17:17] <MirahezeRelay>	 <rhinosf1, replying to pixldev> They are not
[21:17:23] <MirahezeRelay>	 <rhinosf1> We can do private in ManageWiki
[21:17:25] <MirahezeRelay>	 <pixldev> Thought so
[21:17:28] <MirahezeRelay>	 <pixldev> Okay cool
[21:17:33] <MirahezeRelay>	 <rhinosf1> I wanna understand the use case though
[21:17:53] <MirahezeRelay>	 <rhinosf1> They look like read only apis for accessing public services
[21:18:10] <MirahezeRelay>	 <pixldev> Rate limits maybe?
[21:18:11] <MirahezeRelay>	 <rhinosf1> So might be able to use 1 key farm wide
[21:18:22] <MirahezeRelay>	 <rhinosf1, replying to pixldev> Something to know
[21:18:38] <MirahezeRelay>	 <rhinosf1> in ManageWiki = users responsible to rotate in an incident etc
[21:18:46] <MirahezeRelay>	 <rhinosf1> In PS.php = our problem
[21:18:56] <MirahezeRelay>	 <rhinosf1> Also good morning @blankeclair
[21:19:20] <MirahezeRelay>	 <originalauthority, replying to rhinosf1> How?
[21:19:39] <MirahezeRelay>	 <rhinosf1, replying to originalauthority> Something in ManageWikiSettings.php
[21:20:06] <MirahezeRelay>	 <originalauthority> I dont think we can. We can restrict from editing per permission but there's no way to hide them from showing iirc?
[21:20:44] <MirahezeRelay>	 <rhinosf1> Example https://github.com/miraheze/mw-config/blob/master/ManageWikiSettings.php#L2170
[21:20:47] <MirahezeRelay>	 <rhinosf1> @originalauthority ^
[21:20:52] <MirahezeRelay>	 <rhinosf1> Ye we can
[21:20:54] <MirahezeRelay>	 <rhinosf1> And we do it
[21:21:00] <MirahezeRelay>	 <rhinosf1> And it's had a few CVEs
[21:21:09] <MirahezeRelay>	 <originalauthority> Huh wyf
[21:21:14] <MirahezeRelay>	 <originalauthority> I've never noticed that before
[21:22:07] <MirahezeRelay>	 <rhinosf1> Maybe I should ask @blankeclair to security review and find another few CVEs before we add anything more
[21:22:19] <MirahezeRelay>	 <rhinosf1, replying to originalauthority> I guess you learn every day
[21:22:23] <MirahezeRelay>	 <blankeclair, replying to rhinosf1> [1/2] mornyan~
[21:22:23] <MirahezeRelay>	 <blankeclair, replying to rhinosf1> [2/2] https://catgirl.center/notes/a5tur7rk4stf0tx6 is a mood
[21:22:50] <MirahezeRelay>	 <blankeclair, replying to rhinosf1> sec rev managewiki?
[21:23:09] <MirahezeRelay>	 <rhinosf1, replying to blankeclair> Just the visibility function of ManageWikiSettings
[21:23:16] <MirahezeRelay>	 <rhinosf1, replying to blankeclair> I have waiting mode
[21:23:19] <MirahezeRelay>	 <blankeclair> sounds like a mw sec rev lol
[21:23:20] <MirahezeRelay>	 <rhinosf1> It's not too bad
[21:23:28] <MirahezeRelay>	 <rhinosf1> But I do that a lot
[21:23:43] <MirahezeRelay>	 <rhinosf1> It takes me time to get in the zone
[21:24:15] <MirahezeRelay>	 <rhinosf1> I am often early
[21:24:30] <MirahezeRelay>	 <rhinosf1> I'm either early or late
[21:24:34] <MirahezeRelay>	 <rhinosf1> I don't do on time
[21:24:52] <MirahezeRelay>	 <rhinosf1> I'm either early cause I've been in waiting mode or late because I haven't sat down for 3 hours @blankeclair
[21:27:26] <MirahezeRelay>	 <pixldev, replying to rhinosf1> what
[21:27:40] <MirahezeRelay>	 <rhinosf1, replying to pixldev> Ye
[21:28:16] <MirahezeRelay>	 <rhinosf1> Well 1
[21:28:18] <MirahezeRelay>	 <rhinosf1> CVE-2021-29483
[21:33:52] <BlankEclair>	 omg why is my fedi instance accessible at school
[21:33:54] <BlankEclair>	 i'm dying lmfao
[22:00:06] <MirahezeRelay>	 <rhinosf1> @pixldev I think Zotero is fine for MWS.php
[22:00:12] <MirahezeRelay>	 <rhinosf1> Based on the use case
[22:00:16] <MirahezeRelay>	 <rhinosf1> The other one public
[22:00:32] <MirahezeRelay>	 <rhinosf1> PS
[22:07:04] <MirahezeRelay>	 <rhinosf1> @pixldev are you offering to do that bit?
[22:08:38] <MirahezeRelay>	 <pixldev> Never said that
[22:08:47] <MirahezeRelay>	 <pixldev> I have someone i can throw at it
[22:08:54] <MirahezeRelay>	 <pixldev> can ask
[22:14:04] <MirahezeRelay>	 <rhinosf1, replying to pixldev> You asked if we can action it so I assumed you wanted to
[22:17:26] <MirahezeRelay>	 <pixldev> I mean we as a group technically
[22:17:48] <MirahezeRelay>	 <pixldev> i pretend to be part of tech
[22:19:54] <MirahezeRelay>	 <rhinosf1, replying to pixldev> You're just missing a few buttons
[22:20:14] <MirahezeRelay>	 <rhinosf1> I will finish the separating beta task at some point
[22:20:20] <MirahezeRelay>	 <rhinosf1> Then we can make you have beta shell
[22:20:44] <MirahezeRelay>	 <rhinosf1> I will try to finish that task before you turn 18 @pixldev
[22:20:54] <MirahezeRelay>	 <rhinosf1> How long do I have
[23:04:31] <MirahezeRelay>	 <originalauthority> is anyone ssh'd in atm on mwtask heh
[23:05:12] <MirahezeRelay>	 <originalauthority> i cba to log in but I merged Claire's patch for UPV2 so once its pulled the task  can be closed and I cba to boot my mac heh