[00:34:26] <MirahezeRelay>	 <Loves Next & Misses Sandra#2978> Are self-harm articles not allowed
[00:35:14] <MirahezeRelay>	 <Loves Next & Misses Sandra#2978> Even if it’s marked NSFW
[02:30:14] <MirahezeRelay>	 <BWM#6978> @Agent please see DMs, potential oversight
[02:59:14] <MirahezeRelay>	 <max20091#7318> Welp, I think there's a problem with renaming progress
[02:59:50] <MirahezeRelay>	 <max20091#7318> Renaming someone making them appears on all wikis within MH
[03:05:21] <MirahezeRelay>	 <NotAracham#0009> Oh, there's a bot flag thing for that which might not be flagging correctly...
[03:08:48] <MirahezeRelay>	 <BWM#6978, replying to NotAracham#0009> no, afaik rename logs are added in RC everywhere
[03:09:02] <MirahezeRelay>	 <BWM#6978> it's been like that for awhile, though perhaps we should consider removing it
[03:09:09] <MirahezeRelay>	 <BWM#6978> oh wait hold on, it appears on every wiki?
[03:10:08] <MirahezeRelay>	 <NotAracham#0009> Yes
[03:10:20] <MirahezeRelay>	 <NotAracham#0009> Or rather, I would assume, every wiki where an attach has occurred
[03:10:39] <MirahezeRelay>	 <NotAracham#0009> If it's literally every wiki, that's a big problem
[03:15:37] <MirahezeRelay>	 <BWM#6978, replying to NotAracham#0009> yeah this has always been the case
[03:15:42] <MirahezeRelay>	 <BWM#6978, replying to NotAracham#0009> if it's this that's bad bad
[03:16:11] <MirahezeRelay>	 <Agent#3928> Yes, a rename is broadcasted on every wiki where the user is locally attached
[03:16:28] <MirahezeRelay>	 <Agent#3928> so if you have an account on a lot of wikis then expect to see that rename on a lot of wikis
[03:18:38] <MirahezeRelay>	 <Mr. 冠#7987> Would it be appropriate to ask someone for assistance in return for a commission based payment?
[03:49:05] <MirahezeRelay>	 <max20091#7318> I created a global user page but it didn't work, is there any button to enable that?
[03:55:53] <MirahezeRelay>	 <BWM#6978> where did you create it
[04:02:44] <MirahezeRelay>	 <max20091#7318> https://login.miraheze.org/
[04:03:08] <MirahezeRelay>	 <Legroom#2748, replying to Mr. 冠#7987> is it really worth it?
[04:03:46] <MirahezeRelay>	 <Mr. 冠#7987> I just don't have the time to learn the system perfectly
[04:05:10] <MirahezeRelay>	 <BWM#6978, replying to max20091#7318> you have to delete your Meta userpage
[04:05:15] <MirahezeRelay>	 <BWM#6978> and all other userpages
[04:09:31] <MirahezeRelay>	 <max20091#7318> wait, I can't delete my meta userpage as I don't have delete permission
[04:09:41] <MirahezeRelay>	 <BWM#6978> @Agent ^
[05:48:39] <MirahezeRelay>	 <RhinosF1#3648, replying to max20091#7318> Use admin Noticeboard
[05:48:57] <MirahezeRelay>	 <RhinosF1#3648, replying to BWM#6978> Please don't ping individual users. We have Noticeboards and emails
[10:01:44] <MirahezeRelay>	 <Ivan Maglione#6875> How can I insert templates on my wiki?
[10:06:56] <MirahezeRelay>	 <Ivan Maglione#6875> I would add a Infobox
[10:14:25] <MirahezeRelay>	 <Legroom#2748> templates has to be created in pages w/ `Template:` prefix
[10:14:35] <MirahezeRelay>	 <Legroom#2748> you can code them or import them from another wiki
[10:15:18] <MirahezeRelay>	 <Legroom#2748> [1/4] there are several ways to make an infobox
[10:15:18] <MirahezeRelay>	 <Legroom#2748> [2/4] - code tables
[10:15:19] <MirahezeRelay>	 <Legroom#2748> [3/4] - code w/ PortableInfobox extension 
[10:15:19] <MirahezeRelay>	 <Legroom#2748> [4/4] - import from another place
[10:17:34] <MirahezeRelay>	 <Legroom#2748> [1/4] importing from Wikipedia is a common mistake newbies make here, these infoboxes often are pain to deal w/
[10:17:34] <MirahezeRelay>	 <Legroom#2748> [2/4] so we usually recommend here to go w/ PortableInfobox, it has to be enabled in Manage extensions menu, parser hooks tab
[10:17:35] <MirahezeRelay>	 <Legroom#2748> [3/4] see pinned messages here for coding guides
[10:17:35] <MirahezeRelay>	 <Legroom#2748> [4/4] you can also make a simple infobox at `Special:InfoboxBuilder` visual interface
[11:38:49] <MirahezeRelay>	 <TheGhostOfInky#2853> [1/2] Can a Steward please delete this page? It was blanked out by the author but has over 1000 edits.
[11:38:49] <MirahezeRelay>	 <TheGhostOfInky#2853> [2/2] https://polcompballanarchy.miraheze.org/wiki/Ultroneism
[11:53:23] <MirahezeRelay>	 <raidarr#6550, replying to TheGhostOfInky#2853> it's done
[11:53:39] <MirahezeRelay>	 <raidarr#6550> lots of things link to it, I left a link to the list in the delete reason
[11:59:06] <MirahezeRelay>	 <TheGhostOfInky#2853, replying to raidarr#6550> It's probably the self-insert template, I'll clean it up
[12:15:23] <MirahezeRelay>	 <Han#3688> how is this image set?
[14:01:04] <MirahezeRelay>	 <Original Authority#5802, replying to Han#3688> PageImages extension iirc
[14:17:32] <MirahezeRelay>	 <Han#3688, replying to Original Authority#5802> thank you!!
[14:23:53] <MirahezeRelay>	 <Legroom#2748> it's the one that conflicts w/ WikiSEO?
[14:40:43] <MirahezeRelay>	 <Milly#7253> So lately, whenever I'm trying to write documentation for infoboxes, the code is parsed horizontally instead of vertically, when it's written to be the latter. Anyone know what's causing this conflict?
[14:58:19] <MirahezeRelay>	 <max20091#7318> yea
[14:58:29] <MirahezeRelay>	 <max20091#7318> actually it's not conflict
[14:59:28] <MirahezeRelay>	 <max20091#7318> Quite annoying that PageImages refuses to grab images in Infoboxes
[15:02:17] <MirahezeRelay>	 <Han#3688> oh? the image above is from an infobox
[15:04:02] <MirahezeRelay>	 <max20091#7318> is that portable infobox?
[15:06:13] <MirahezeRelay>	 <Han#3688> I believe so
[15:09:33] <MirahezeRelay>	 <ChaoticShadow#2188> Didn’t they fix the conflict with seo
[15:13:09] <MirahezeRelay>	 <Legroom#2748> hmmmm gotta check this them
[18:14:10] <MirahezeRelay>	 <MarkusRost#8278> [1/2] I don't know if someone gets a notification for new OAuth consumers, but I proposed a new one:
[18:14:10] <MirahezeRelay>	 <MarkusRost#8278> [2/2] https://meta.miraheze.org/wiki/Special:OAuthListConsumers/view/f7d7b6d85767eb1b443f283b63d46d5b
[18:42:18] <Orange_Star>	 For SRE mainly but could also be of interest to the wider community: we should have an OAuth policy I think, because right now it's kinda at the discretion of the however wishes to handle that stuff
[18:44:20] <RhinosF1>	 Orange_Star: that's a very good idea
[18:44:24] <Orange_Star>	 Like for example only using it for Miraheze-related stuff, like identifying users for a tool that's directly relevant to a MH wiki
[18:44:38] <Orange_Star>	 No using it as free SSO
[18:44:41] <Orange_Star>	 That stuff
[18:46:51] <MirahezeRelay>	 <MarkusRost#8278> that sounds indeed like a good idea
[18:48:06] <Orange_Star>	 I'll try to write a draft, see what I come up with
[18:54:26] <MirahezeRelay>	 <MarkusRost#8278> This might be helpful as orientation
[18:58:13] <MirahezeRelay>	 <Legroom#2748> [1/2] renamed old image and uploaded new file w/ old title of that image
[18:58:13] <MirahezeRelay>	 <Legroom#2748> [2/2] now thumbnails are messed up lol
[18:59:24] <RhinosF1>	 Wait I think is the advice
[19:34:31] <Orange_Star>	 Draft is up (https://meta.miraheze.org/wiki/Requests_for_Comment/OAuth_policy) not yet ready for voting though. Suggestions to the talk page pls
[19:36:15] <RhinosF1>	 Orange_Star: slight point of Ofer
[19:36:17] <RhinosF1>	 Order
[19:36:27] <RhinosF1>	 Actual user rights take precedence over grants
[19:36:44] <RhinosF1>	 So if you don't have the 'checkuser' right and request it, you'll still be denied
[19:36:53] <Orange_Star>	 I know
[19:37:09] <RhinosF1>	 I feel it should be in bold
[19:37:22] <RhinosF1>	 The grants / rights are probably confusing to some users
[19:39:40] <RhinosF1>	 Orange_Star: ^
[19:42:32] <Orange_Star>	 added
[20:02:54] <Orange_Star>	 Reception123: I would like to request a @miraheze cloak, now that we have a GC
[20:13:40] <Orange_Star>	 or CosmicAlpha: ^
[20:13:52] <CosmicAlpha>	 Sure
[20:20:32] <sar>	 We have GCs again?
[20:20:40] <Orange_Star>	 yeah
[20:20:47] <sar>	 Woo!
[20:20:48] <Orange_Star>	 Reception123 and CosmicAlpha
[20:23:46] <RhinosF1>	 Ye sar
[20:26:47] <CosmicAlpha>	 Orange_Star: FYI, I requested your cloak a few minutes ago, so they should do it soon.
[20:35:50] <CosmicAlpha>	 Orange_Star: done
[20:37:03] <MirahezeRelay>	 <florigon#5751> Orange_Star: Any reason my Oauth was never approved? https://phabricator.miraheze.org/T10387 it was up for a month, until i closed it because i wasnt sure if my domain name would change. But im thinking of reopening. It fits the proposal criterias, except for open source, but id gladly make the code open-source as well.
[20:37:34] <MirahezeRelay>	 <Agent#3928> There was simply no one to ever review it
[20:37:36] <Orange_Star>	 Well there's a really simple reason for it: The people with access do not know what exactly to do in a review
[20:38:03] <MirahezeRelay>	 <florigon#5751> Oh lol
[20:38:25] <Orange_Star>	 Also the RfC is currently just a draft, nothing set in stone yet until people vote
[20:39:10] <Orange_Star>	 Re: Access thing: At least I didn't know what to look for in these reviews, which is why I'm doing the RfC
[20:39:15] <Orange_Star>	 can't speak for the other SREs
[20:39:56] <MirahezeRelay>	 <florigon#5751> So there hasnt actually been an oauth system in place yet?
[20:40:03] <Orange_Star>	 more or less
[20:40:13] <MirahezeRelay>	 <florigon#5751> Gotcha
[20:40:19] <Orange_Star>	 there are some consumers from non-SRE members, like the Discord verification bot
[20:40:44] <RhinosF1>	 Orange_Star: basically determine if there's a risk
[20:41:12] <RhinosF1>	 Identity only can be approved if user not an idiot and privacy meets same as CSP standard
[20:41:33] <Orange_Star>	 that's another thing that needs addressing, the privacy thing
[20:41:53] <RhinosF1>	 I think identity might allow access to user email
[20:41:53] <Orange_Star>	 applying the CSP standards looks good to me
[20:42:12] <Orange_Star>	 There's 2 versions of identity, the one with email access and another one without email
[20:42:17] <RhinosF1>	 CSP is the only external trust map we have
[20:42:30] <RhinosF1>	 Without email, user is not idiot is fine tbh
[20:42:49] <RhinosF1>	 And like it's not illegal activity obviously
[20:43:11] <RhinosF1>	 With email, CSP questions should be ok
[20:43:15] <RhinosF1>	 But ask Owen tbh
[20:43:16] <CosmicAlpha>	 If the user has to agree to email, before access it is also fine from my understanding.
[20:43:37] <RhinosF1>	 User always knows what they are sharing
[20:43:40] <RhinosF1>	 If they read
[20:43:51] <RhinosF1>	 CosmicAlpha: is a director
[20:44:06] <RhinosF1>	 So can make calls on if I'm talking shit about privacy
[20:45:18] <MirahezeRelay>	 <florigon#5751> Yeah all i need is email-free identity. Im currently writing my own authentication code, but itd be so much more convenient if i coukd just use MH's.
[20:45:28] <Orange_Star>	 I don't think we should count on the user reading the consent box
[20:45:54] <Orange_Star>	 if email apply CSP standards, if not then I guess we can be more permissive about approving
[20:45:58] <RhinosF1>	 Orange_Star: no but explicit consent reduces the liability a bit
[20:46:12] <CosmicAlpha>	 With user consent it is usually fine with email.
[20:46:17] <RhinosF1>	 If no private info being shared, user is not idiot is fine
[20:46:43] <RhinosF1>	 If private info, we should check that the users expectation of what's happening is clear
[20:47:02] <CosmicAlpha>	 I did have a conversation with Owen about this type of thing a couple months ago also.
[20:48:21] <Orange_Star>	 consent box for email access looks like this, all in plain text except the "Miraheze Phabricator" text, which is bolded.
[20:48:22] <Orange_Star>	 In order to complete your request, Miraheze Phabricator needs permission to access information about you, including your real name and email address, on all projects of this site. No changes will be made with your account.
[20:49:01] <RhinosF1>	 It's more about ensuring least privilege, expectations are valid, not something horrid we don't want to be associated with
[20:49:20] <RhinosF1>	 We don't want lockbit having login with Miraheze to access ransomware breaches
[20:49:31] <RhinosF1>	 We don't want CU being able to played with by a login app
[20:49:47] <RhinosF1>	 And we don't want an app posting your email publicly if you didn't know about it
[20:49:49] <RhinosF1>	 Orange_Star: ^
[20:50:19] <Orange_Star>	 the consent box doesn't say what they will do with that info
[20:50:29] <Orange_Star>	 only that they will have access to it
[20:50:36] <RhinosF1>	 So you check the process that would happen before
[20:50:45] <Orange_Star>	 they may or may not publish your email on Twitter
[20:50:45] <CosmicAlpha>	 https://phabricator.miraheze.org/T10270 for example could be approved, technically, it just expired and then a lot happened, I got busy, and then stepped down, so never got to following up with that one. But I reviewed the code also which looked fine, and email is fine with user consent, and talked with Owen about it also.
[20:50:48] <RhinosF1>	 Like toolforge requires you have privacy warnings
[20:51:26] <RhinosF1>	 CosmicAlpha: that's a very valid use
[20:55:18] <CosmicAlpha>	 Yes, but for other's without a really valid use case would definitely be declined. It is a case-by-case basis, that it should have some discretion to the reviewing user, and no policy can cover every case, it can cover specific invalid and valid, but there will always be one not covered and so for that it should still have some leeway there. Just my opinion anyway. T&S should also be consulted for ones where it has any privacy 
[20:55:18] <CosmicAlpha>	 information in particular.
[20:56:10] <Orange_Star>	 I intent to leave the details to the reviewer
[20:56:20] <RhinosF1>	 Orange_Star: the GMFJ ICO decision I shared with Owen is probably the biggest impact here
[20:56:29] <Orange_Star>	 RfC is for basic stuff like no requesting insane grants
[20:56:30] <RhinosF1>	 And that would imply we're fine and not liable
[20:58:09] <RhinosF1>	 Orange_Star: yeah but like from an actual perspective of data rules
[20:58:18] <RhinosF1>	 If we've been honest about what's being shared, that's fine
[20:58:46] <RhinosF1>	 GMFJ argued with me that once data left them, they were no longer responsible for what happened with it
[20:59:27] <RhinosF1>	 I challenged that because they promised that my mobile number would never be used without initial contact from a recruiter via SMS or email
[20:59:48] <RhinosF1>	 I said recruiters had failed to do so and when asked to stop didn't
[21:00:03] <MirahezeRelay>	 <MarkusRost#8278> Oh, do I need to create a phab task to ask for consumer approval?
[21:00:24] <RhinosF1>	 The ICO ruled that GMFJ had to take reasonable measures to ensure that any conditions within their privacy policy regarding information sharing must be complied with
[21:00:37] <RhinosF1>	 And asked them to improve
[21:00:52] <Orange_Star>	 MarkusRust: Unless you want a new consumer no
[21:01:16] <MirahezeRelay>	 <MarkusRost#8278> well I created a new one today 😄
[21:01:26] <RhinosF1>	 They ruled on a separate point that a specific part of GMFJ's response broke the law because they inadvertently disclosed my data to other users when asked to restrict processing
[21:01:37] <RhinosF1>	 Orange_Star: is that interesting?
[21:02:47] <Orange_Star>	 yes
[21:03:07] <RhinosF1>	 Orange_Star: I can dig up the full decision if you want
[21:03:14] <RhinosF1>	 Will have to email though
[21:03:23] <Orange_Star>	 not needed, that's good enough
[21:03:50] <MirahezeRelay>	 <Agent#3928> I don't see any reason to not approve MarkusRost's OAuth consumer request
[21:05:39] <MirahezeRelay>	 <MarkusRost#8278, replying to Agent#3928> [1/2] Only because it's the localhost testing version 😅 
[21:05:39] <MirahezeRelay>	 <MarkusRost#8278, replying to Agent#3928> [2/2] The production version I'll create when I'm done coding should probably be checked a bit more closely due to the permissions requested
[21:05:53] <MirahezeRelay>	 <Agent#3928> I'm inclined to approve
[21:06:54] <Orange_Star>	 Overall, I personally don't care about OAuth consumers sharing my email publicly, my personal email is publicly available for everyone to see, but other users may not want that, and while the consent box may clear us of legal liability, I would still like to have consumers requesting email access to pass a CSP review (but without the actual adding to CSP step)
[21:07:53] <Orange_Star>	 identity only without email we can be more permissive about approving, as long as it's directly related to Miraheze (Proposal 3)
[21:08:01] <Orange_Star>	 Agent: Click the approve button then
[21:08:04] <MirahezeRelay>	 <Agent#3928> @MarkusRost Approved
[21:08:16] <MirahezeRelay>	 <MarkusRost#8278> thanks 🙂
[21:08:48] <MirahezeRelay>	 <Agent#3928> np
[21:09:50] <MirahezeRelay>	 <Agent#3928> Orange_Star: I agree that those OAuth consumer requests should go under scrutiny
[21:09:56] <MirahezeRelay>	 <Agent#3928> A CSP like review would be useful
[21:12:57] <MirahezeRelay>	 <MarkusRost#8278> [1/2] @Agent while I agree that no PII is an important factor for approval, I think the trusted user and localhost consumer are more important arguments here. 
[21:12:57] <MirahezeRelay>	 <MarkusRost#8278> [2/2] A consumer with delete and block can still do a lot of damage after all
[21:14:09] <MirahezeRelay>	 <MarkusRost#8278> (also what does CSP stand for exactly?)
[21:14:17] <Orange_Star>	 Content Security Policy
[21:14:33] <MirahezeRelay>	 <MarkusRost#8278> ah, didn't find any results on the wiki
[21:14:35] <Orange_Star>	 https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
[21:21:34] <Orange_Star>	 https://meta.miraheze.org/wiki/Requests_for_Comment/OAuth_policy is now open, thanks everyone for the suggestions
[21:24:10] <Orange_Star>	 that was my thousandth edit in Meta btw :)
[21:27:23] <MirahezeRelay>	 <MarkusRost#8278> I only have 6 edits on Meta and 4 of them were test edits
[21:28:15] <MirahezeRelay>	 <MarkusRost#8278> oh and that's all the edits I ever did on Miraheze
[21:38:37] <MirahezeRelay>	 <florigon#5751> @Agent I made a new request: https://phabricator.miraheze.org/T10806
[22:22:27] <MacFan4000>	 heh, my account is nearly 7 years old, and I've only made about 3000 edits globally (2500 of which are on meta)