[00:56:37] Hey all, quick question [00:57:36] I've been wanting to play with the Timeless skin, but when I go to ` MediaWiki:Timeless.css ` it says I don't have editing permissions despite my being the sole bureaucrat. But when I just go to ` Timeless.css ` it lets me edit [00:57:47] Does it make a difference which one I use? [00:57:50] you need to have interface admin [00:57:51] and yes [00:58:07] MediaWiki:Timeless.css is what applied globaly [00:58:40] For all visitors to my wiki, versus ... ? Just me? [01:00:15] All visitors; for custom styling to apply to you alone, it would have to be placed in User:[your username]/timeless.css [01:00:42] OK. All right I think I got it [01:01:09] So I just change permissions to allow bureaucrat to self-assign interface admin, then I go add it on my own profile? [01:01:43] Ah! Got it [01:01:49] Thanks yall [02:04:24] [1/2] cant upload [02:04:24] [2/2] https://cdn.discordapp.com/attachments/407537962553966603/1220191250452320346/image.png?ex=660e0aa8&is=65fb95a8&hm=e0e80d272019a201d77e8d6f87649080de0472bbeed288eacdee504b841b97cc& [02:21:38] has it been fixed? [02:24:04] Way late but not too high, I’ve had it disabled before by virtue of having this Discord account for a while and Doug knew it was me [02:24:15] That’s how I got my account back in 2022 [02:30:39] let me see [02:43:56] [1/2] nope [02:43:57] [2/2] https://cdn.discordapp.com/attachments/407537962553966603/1220201200750821427/image.png?ex=660e13ec&is=65fb9eec&hm=8e3001374cf5be3dde13321b61cd5c8c4b80edb5f06891e151b47244e1586017& [02:44:59] This is something I can't fix right ? [02:47:11] <.labster> Nope, I flagged SRE on this issue [02:53:12] <.labster, replying to sleepytail> Can you make a ticket on [[phorge:]] please? Copy-paste the whole error message there too, please [02:53:12] https://meta.miraheze.org/wiki/phorge: [02:53:13] [03:02:34] [1/2] here ? [03:02:35] [2/2] https://cdn.discordapp.com/attachments/407537962553966603/1220205889177518090/image.png?ex=660e184a&is=65fba34a&hm=681c93e8aa28f28a67574da6447bcb74c1a608832a189e379efbfd03acb7a339& [03:02:46] <.labster> Yes [03:03:13] That's a lot of questions for simple bug [03:04:18] <.labster> If you want it solved? [03:04:29] <.labster> It might be a complex bug too [03:35:57] Good night everyone [03:37:26] done btw. I was more confused about the layout of that part of the wiki it ended up being rather simple. [03:39:21] Is there a guide which shows you how to assing H1, H2... H5 and plain text for new fonts? [03:48:05] [1/2] 💤 [03:48:05] [2/2] 🛌 [04:38:49] T__T [05:06:09] [1/2] I think the error Has to be because of the file name that must have trigger the error when I upload. [05:06:09] [2/2] Because I just took the name as I downloaded it but now I realized renaming at fixed it. [05:06:54] <.labster> Yes, but a file name should never trigger that bug [06:56:47] That doesn't apply to the vast majority of users [06:57:38] And nor am I that convinced that he had undeniable proof. That may have been a dougism. [08:40:05] So, generally speaking would a committed identity be a viable way to recover a lost 2FA account? [08:40:47] It makes me concerned to have 2FA and something unfortunate happen where I just lose access to my account. [10:12:35] does anyone here have a template for a home page? [10:12:50] i just created a wiki and idk where to start [10:19:04] i wish discord search on mobile wasn't this horrible [10:19:46] but in short - there's no universal kind of main page template, different wikis do that differently, some are simple, some are very complicated [10:20:12] I suggest to take a look at other established wikis for examples and see how they do things [10:23:19] Speaking of account recoveries? I just got my main Miraheze account back. It feels good to back on it. [10:23:53] man [10:25:02] What? [10:25:29] I verified this account, as seen here: https://discord.com/channels/407504499280707585/647875094328115211/1220306241880981524 [10:26:22] I mean good to see back lol [10:26:31] Yep. [10:30:39] Welcome back [10:30:59] Thanks so much man. [10:34:29] It feels good to back, doesn't it guys? [10:34:42] Welcome back:) I recommend setting up [Committed identity](https://meta.miraheze.org/wiki/Template:Committed_identity) [10:34:49] + and of course, 2FA [10:35:55] I'm good right now on 2FA. But maybe a little later on the former. [10:39:37] But thank you for the suggestion anyway. [10:43:42] speaking of which, this gives me an idea [10:44:15] depends, for example if the commited identity reveals something only you know, then sure [10:44:18] perhaps establishing like a simple and standard main page "template" that any wiki can use, just like on Fandom before [10:44:41] if it's just a hash of "Hello world" it will not convince me at least [10:44:48] and I'm thinking of making it more akin to like wiki.gg wikis or something [10:46:21] it's good for newbies but then idk [10:46:48] I don't know what to recommend [10:51:20] [1/2] I would think a list of tutorials or main page design "templates" on the dev wiki or somewhere else would be cool [10:51:20] [2/2] obviously, there's not one universal way to create or design a main page, but I think some common basic templates/designs would be nice [10:53:34] External image not working (even though I already enabled the option in the wiki settings before)? [10:53:37] https://cdn.discordapp.com/attachments/407537962553966603/1220324431558217768/image.png?ex=660e86b1&is=65fc11b1&hm=254eb56f0f5778881d28a55e342d57dedde42208d33290ded7500220a6ac109c& [11:27:01] https://meta.miraheze.org/wiki/Special:Contributions/Guy_who_likes_rice how creative [11:35:03] I don't see how that really matters. It's not a violation of the Username policy. [11:36:05] I am aware, just commenting on that I find the username funny. [11:36:15] I see. [13:16:44] [1/2] huh [13:16:44] [2/2] https://cdn.discordapp.com/attachments/407537962553966603/1220360447149084773/image.png?ex=660ea83b&is=65fc333b&hm=80956e00a785a7c4b18a94bbbd8b4fa92986d823f0d90bdd98297f0a3842d858& [13:17:32] Never mind it's working again [13:25:52] Wake up babe new 504s just dropped lol [13:29:46] 502 [13:33:36] Wonder if there'll ever be a "Something went right" page? [13:35:07] got a 502 lmao [13:37:56] [1/2] Okay yeah I'm getting that now, too-- [13:37:57] [2/2] Good thing my twin sister didn't get it earlier though. [13:46:50] something really is wrong [13:47:32] Some servers appear to be down? [13:48:21] I think one of the MW* servers is down and causing a slowdown [13:48:39] It perhaps seems we're having an influx of requests [13:48:50] Looks like mw152 162 and 182 [13:49:00] It fluctuates [13:49:21] Maybe just needs a good kickstart? [14:00:00] it's not my nuke is it [14:00:11] Doubt it [14:00:35] I did figure it would be wise not to submit like 5 100+ page nuke requests at once [14:00:44] but I did get one for 134 pages in [14:01:22] It shouldnt cause it, cause if I recall that uses the jobqueue to queue up the deletions [14:01:30] Could be wrong been awhile since ive looked at that ext [14:01:44] Apologies for the slowness. It appears we might be being DDoS'd [14:02:05] we're not completely down though so like I was telling SRE, that's a testament to our infrastructure [14:02:16] It's holding up pretty well despite having 10x the normal traffic [14:02:56] How maxed out are we on resource usage? [14:03:01] _very_ [14:03:11] Well there goes my idea [14:03:20] https://cdn.discordapp.com/attachments/407537962553966603/1220372176079818773/Screenshot_20240321-090307.png?ex=660eb328&is=65fc3e28&hm=e7f168ae6fa0c740c2a1d90be9456a0487c8094adfc6be1898613dd82c8caa13& [14:03:27] not too bad but not good either [14:03:37] 162 be slackin [14:03:49] on a normal day, they're all at ~15% or so [14:03:51] I like how all of them start with "mw" and then there's one that doesn't. [14:03:53] 162 is taking its union mandated break [14:04:06] understandable [14:04:21] yeah so just bare with us while we ride it out [14:04:21] Wait what the fuck I was kidding [14:04:42] In theory could we pool test151? [14:04:42] careful what you kid for [14:04:53] We can pool mwtask* and test, yeah [14:05:18] 🫡 [14:05:37] I would leave a couple of the task servers unpooled so jobqueue doesnt get screwed [14:06:03] my nuke would thank you [14:11:00] daym [14:11:14] any idea where the ddos comes from? [14:22:56] Russia, China, Amazon [14:25:29] makes sense to me [14:25:33] bruh [14:25:48] unfortunately all three line up in my experience [14:26:02] amazon is just a pita [14:27:49] seems things have stabilized [14:28:19] yep, load on mw* is back to normal levels [14:30:02] I did mention yesterday on my analytics it shows up as 3 visits from a "iframe-toloka.com" whichn when I googled people on Etsy and Quora said it was a Russian site that tries to overwhelm a server, so I'm not sure if its worth blocking on MH end [14:34:01] That doesn't sound good; further invesigation into the website may be necessary [14:34:45] maybe we can nudge nato to do something for us at last lol [14:39:55] bump [14:40:43] Looks like you’re just linking to it in plain text [14:40:55] I’m not sure how external images work but there’s probably some syntax to it [14:41:04] Not just typing a link [14:47:52] You got the account back? [14:48:04] I'm surprised to be honest but that's good [14:48:56] you jinxed it smh [14:51:13] [1/2] this doesn't work too [14:51:14] [2/2] https://cdn.discordapp.com/attachments/407537962553966603/1220384226554417152/image.png?ex=660ebe61&is=65fc4961&hm=a2c7050684e496b601e12bbdeeb8ef277b15ab9030829d3dcbbe0e091c069721& [15:04:25] Why would someone want to DDoS Miraheze? [15:07:19] [1/2] I assume as I'm not the biggest wiki it might show as more traffic from on another wiki's analytics. But on Tuesday it was 1 visit and yesterday it was 3 visits. [15:07:19] [2/2] There are no visits today, but it could always be redirected to another Wiki. [15:10:21] Maybe they work for the wiki host that shall not be names? [15:12:00] Can someone with the sre could disable the 2fa thing on my account? [15:12:25] Huh… look like it’s a bad timing to ask help… [15:13:33] Smh late 23 moment [15:14:09] Unfortunately without concrete mathematical proof of ownership like a PGP key or committed identity it’s highly unlikely:( [15:14:39] Where do i find that pgp thing? [15:14:57] you should have set that up before losing access [15:16:37] I suppose there's a chance you could try emailing SRE or something from the email on your account and details about your account like IP address, when you added your email, your device and browser, etc. to confirm your Identity but I'm not sure if they'd accept that as proof [15:16:58] I’m currently thinking of how much stuff to include in my commit identity but the numerous recent cases I’ve seen of 2FA screwing people over makes me less then thrilled to go and enable it ngl [15:17:15] Nah [15:17:17] I've yet to have issues with 2FA ever [15:17:20] From what rhinos said [15:17:26] other than my own stupidity with TOTP [15:17:34] but I was able to recover from that [15:17:37] I am pretty good at almost losing my phone tho so [15:17:47] I've gotten 2FA lockout before with some accounts years ago but haven't had the issues since then [15:18:01] Just made sure to do better at backing up [15:18:26] I had one friend who had 2FA and encrypted his recovery codes [15:18:37] The issue was he stored the keys.. on that same phone [15:18:50] I did back up the 2fa on my computer but on my phone, it mysteriously went gone [15:18:58] What app you use? [15:19:11] Google authotificator [15:19:48] so you have access on your computer? [15:19:54] And when i tried to recover it, turn out that it didn’t work because it was from the previous version of 2fa… [15:20:16] So, i screwed it up [15:20:52] and what is more is that i got logged out again after barely 2 weeks [15:21:07] Longer then me lol [15:21:45] so, imy guess is: THERE might have a security breach somewhere on your site... i don't know how this happened [15:22:02] quite the bold claim [15:22:09] and that would explain why the site is having a DDoS thing [15:22:10] well, guess [15:22:39] No, those are totally unrelated [15:22:52] alright, i might be wrong then [15:23:02] If someone with a vendetta against us compromised our systems enough to fuck 2FA [15:23:04] Oooooh boy [15:23:18] security breach doesn't cause DDoS [15:23:19] DDoS would be a nice memory [15:23:27] i see [15:23:42] DDoS is the most childish script kiddie """hack""", it's not a security breach [15:23:51] DDoS is the cyber equivalent of a riot outside the pentagon [15:23:59] ah [15:24:02] make sense [15:24:03] Breaking 2FA is setting a bomb in the center of the bulletin [15:24:35] DDoSing is the cyber version of standing around inside and outside a building so nobody can get in or out of the building [15:25:13] while this is a bit off topic I can't say I agree with that analogy [15:25:31] as if someone did that IRL it definitely wouldn't be seen to be as serious as a DDOS [15:26:25] I guess you could say it's like distracting the cashier at a market with useless conversations so that they don't get to server anyone else [15:26:35] yeah this might be warranted to move to #tech / #offtopic [15:26:46] yeah, I'd go to #offtopic if we wish to continue [15:27:05] o [15:27:42] soo well does anyone know any like well-constructed miraheze wikis that newbies like me could take examples from 🥹 [15:28:28] In what regard [15:28:38] you could check out https://meta.miraheze.org/wiki/Gazetteer_of_wikis [15:28:43] I've heard good things of pizzatowerwiki [15:28:50] Yeah [15:28:54] I'm not sure there's a lot that put themselves up to be taken from tbh but yeah, the gazetteer is a good place to start for inspiration [15:28:55] Pizza Tower [15:28:56] they sure got that magic touch with the CSS [15:28:56] Rain world [15:28:58] we have a few wiki wizards around these parts [15:29:00] https://cdn.discordapp.com/attachments/407537962553966603/1220393735309754400/voice-message.ogg?ex=660ec73c&is=65fc523c&hm=db5e20774c3f849387a0964ded99fd09b934ade19ab9deb08bca67070fc7ee7c& [15:29:07] Saw nothing [15:29:15] legroom has the top timeless setup and I did not see that 1 second clip [15:29:26] Ofc [15:29:29] oh my goodness the pizza tower wiki looks so good [15:29:31] Actually [15:29:44] SKL is the main css person for PTW iirc [15:29:53] Legroom is just more of a celebrity xD [15:30:09] I'm not really familiar with the ptw crowd these days [15:30:11] Leg did do Go Gigantic and other one I forgot the name of [15:32:56] You looking mainly for visuals or content? [15:33:21] mostly visuals [15:33:48] pizza tower wiki got me really inspired honestly [15:33:55] Yeah it does that [15:34:01] Go Gigantic is also good [15:34:04] And rain world [15:39:42] Hello, I submitted a request on RequestSSL before, and wanted to add something how can i do? [15:40:13] @reception123 ^ [15:41:23] Is he really the reception am I allowed to DM this account? [15:42:34] Hm? [15:43:24] ? [15:44:15] Hello [15:46:07] how do i get that pgp thing? should a sre person send me an email to confirm i was the one who own allaze-eroler account? [15:47:21] He means under cases to use PGP to authenticate yourself [15:48:23] i see [15:49:28] But I must say the service is really safe from identity attack, and account changes are strictly restricted this adds trust of me for the platform [15:50:42] Understand [15:51:25] It’s something you need to set up before losing an account [15:51:40] naturally people only ever think of it when it becomes an issue though [15:52:26] It’s basically editing your user page to say “here’s my public key, I declare that any user who can produce the corresponding private key has full authorization to request a reset of MFA and password” [15:52:53] tbf, I don't think most people even know it is an option at all, untill they get told after it is too late. Maybe it should be linked to as an option during account creation? [15:52:57] Or preferably when others do [15:53:32] there are other options other than OpenPGP, which I wouldn't recommend to non-techies [15:53:56] there's comitted identities, which may work or not, depending on what you've hashed [15:54:23] and there's knowing a member of SRE in person, which is an option, not particularly realistic, but it's there [15:55:21] Well I do mean in general I don't think most people know of any of those options [15:55:33] Gotta go to the MediaWiki developer conference in April to meet Harej so he can recover my account lmao [15:55:51] (I would actually go if it wasn’t on the opposite side of the country) [15:56:01] problem is how can i edit my user page if i can't log in? [15:56:11] That’s what we are saying [15:56:20] These are foresight methods [15:56:24] one thing i'm sure of is that i authotificated my discord username [15:56:26] You need to set them up before [15:56:34] Is there any benefit to having both? [15:56:36] yeah, I checked with the bot [15:56:40] discord auth unfortunately doesn't cut it or at least it did not in the past [15:56:55] Even discord and email won’t fly I think [15:57:15] I guess you can rely on comitted identities if you've forgotten the passphrase to your OpenPGP keypair [15:57:33] Oh I didn’t realize they had a passphrase [15:57:39] I thought it was just a string [15:57:50] yeah, the private key is stored encrypted, or at least it is an option [15:58:14] and just FYI, you don't give your private key during account recovery, but rather sign a message with it [15:58:20] Yeah [15:58:28] Better way of saying it then what I said [15:58:34] Unlike the hash [15:59:00] yeah, the hash you'll have to reveal to SRE during recovery [15:59:14] I’m assuming it’s recommended to change it after? [15:59:33] I'd recommend it at least, after being used [15:59:50] I'd say the main problem with them is that it's very dependent on what you've chosen as your committed identity [16:00:14] I’m contemplating how much/what info to include in the hash, better to over include then under ig [16:00:36] My Christmas list from when I was 5? [16:00:51] I don't know if that's going to work :ThinkerMH: [16:01:06] I would use SSN but I don’t remember it [16:01:08] /j [16:01:14] I would be impressive if you can rememember that xD [16:01:39] Not às impressed as me [16:02:00] well, how do i start that recovery? [16:02:17] Again. This is a foresight measure [16:02:27] This is something you do before you lose your account. [16:02:38] You set it up before to use in the after [16:03:07] i know my password but the 2fa is broken that is two different thing, really [16:03:41] as one again, the 2fa recovery code is not working because it was from the previous 2fa recovery... [16:03:58] Asking an SRE hey would this work as a commit kinda defeats the point of keeping it secret so [16:04:00] you said you had a backup on your computer, wouldn't that work [16:05:35] I mean i guess you could ask with what pieces of info you’d include? Ie name of my first pet, street i grew up on, favorite food [16:05:39] [1/2] here what happened [16:05:39] [2/2] https://cdn.discordapp.com/attachments/407537962553966603/1220402955807887390/msedge_ytH6Q3I1s8.gif?ex=660ecfd2&is=65fc5ad2&hm=1ce0132195ef25ece11a8459f230cdda0e6297fbb52d7472aa226be8c38b6bf5& [16:07:24] i copy pasted the stored backup on my computer yes and turn out it was from the previous version of backup which i redid it due to a duplicate on my authotificator... [16:07:39] i deleted the wrong one and now both are gone [16:08:29] i pretty much prefere that someone who have the ability to disable the 2FA on my account. [16:09:15] @rhinosf1 any thoughts on the above? [16:10:08] well, with account somehow being recovered, welcome back @cacklettaguy1655 to the Global Rollbacker/CVT team! [16:12:25] One sec [16:13:25] We won't remove 2FA from accounts unless there is undeniable proof of identity [16:13:53] Which is a GPG key, Committed identity or Real life knowledge [16:15:08] the "This is something you do before you lose your account." is just way too vague for me to guess and where to look at. [16:15:57] [1/2] i checked my email and i don't have anything like that aside these: [16:15:57] [2/2] https://cdn.discordapp.com/attachments/407537962553966603/1220405548411781130/image.png?ex=660ed23c&is=65fc5d3c&hm=3b119fa164566ef059bb2e8a4358465d6456b5acdb4f0f5aca276d4350c106a7& [16:17:24] correct [16:18:41] "This is something you do before you lose your account.", simply means that if you didn't do this BEFORE your lost access to your account, you are too late [16:18:44] Would it be possible to make changes to a user’s preferences with just one click on a sidebar? Currently a wiki I’m working on has all text bolded for visibility reasons, but some people like it and others don’t, so my compromise idea is adding an option on the sidebar to enable a gadget that turns off the bolding. Is this possible or is there a better way to do it? [16:19:04] It should be possible set [16:19:46] how am i supposed to know that? [16:19:47] you can enable the gadget by default and whoever doesn't want it can disable it, or viceversa. [16:19:57] no need to bother with sidebar stuff [16:20:11] Yeah but I want viewers to have an easier option for it [16:20:18] Who may not know to change preferences [16:20:20] idk [16:20:35] that is exactly the problem [16:20:41] You're supposed to not lose your 2fa shit lmao [16:21:02] hmm, whoever has an account should know how to use Special:Preferences [16:21:16] preferences don't work on anonymous users btw [16:21:16] I guess I can just make an enable/disable preferences [16:21:25] They don’t? [16:21:30] yup, they don't [16:21:37] only logged in users have preferences [16:21:49] like i explained before, i enabled and disabled twice the 2FA thing as you might have noticed in the screenshot [16:21:52] I thought there was an option to at least change skins for annons. Didn’t realize that [16:22:24] I wonder if there is something else that can be done then [16:23:16] The 2FA page has warnings not to loose it. [16:23:30] [1/9] -----BEGIN PGP SIGNED MESSAGE----- [16:23:30] [2/9] Hash: SHA256 [16:23:30] [3/9] Maybe make a new account and use PGP like I do next time lol [16:23:31] [4/9] -----BEGIN PGP SIGNATURE----- [16:23:31] [5/9] iIUEARYIAC0mHENvbGxlaXJvc2UgPHRydWV3b3JsZGZhY3RzQHByb3Rvbi5tZT4F [16:23:31] [6/9] AmX8XvYACgkQ7snVP8OfHGsYhQEAudtZ9pMAUMHAKvIS1r8Dm+2+4pFD+ZCVgPMX [16:23:31] [7/9] MYJQGLsBAKcUGGKqgXv7DsSHYQ8kWk4rkOx/WyaIKaaU8KKe3GUO [16:23:32] [8/9] =CXNC [16:23:32] [9/9] -----END PGP SIGNATURE----- [16:24:18] Will gadgets that are enabled by default also be enabled for annons? [16:24:35] yes [16:25:03] yes i did saved the 2FA recovery codes but they were the wrong version of it... as i already explained many thing: i saved the WRONG version [16:25:13] I know [16:25:27] Your fault [16:25:31] exactly [16:25:54] If you had saved but deleted the right ones at some point maybe use a file recovery tool like DiskDrill [16:25:56] hence why i asked help instead of telling me to try remembering what i did before which it's impossible [16:26:09] -_- [16:26:14] unlikely [16:26:27] Miraheze likely can't do much because of security issues [16:26:28] because once again, that was 2 months ago [16:26:38] We can't help [16:26:54] what is the alternative? [16:26:59] You didn't need to login for 2 months???? I get logged out every 1-2 days [16:27:06] We make it very clear that we will only unlock accounts in exceptional circumstances with undeniable proof [16:27:11] New account that you don't lose the 2FA codes to [16:27:17] You will have to create another account [16:28:59] so, i have to create a new account and then prove i was the owner of that account? even thought i already show i some stuff like the list of emails i receive after i created my wiki that was barely 2 months ago. no mention that i was the only one who created and edit many wiki pages... [16:29:23] We will not link accounts in anyway [16:29:41] If you need rights on your wiki, you have to go through a local election [16:30:05] If you are the only editor on your wiki regaining rights will be easy [16:30:22] creator and editor... [16:30:29] Yeah it'll be fine [16:30:46] Slightly bureaucratic procedure to regain rights but you can do so easily [16:31:23] Just make some edits from your new account and then run for sysop and bureaucrat on your wiki and because nobody will oppose just ask stewards to give you rights per a successful election and maybe explain the situation [16:32:34] Idk how long exactly that will take but probably at the absolute most it'll take 1-2 weeks probably less [16:32:51] bruh..... [16:32:56] ? [16:33:19] that is the most ridiculous way to recover the account... [16:33:25] You are the one that messed up, so you are the one that are paying the consequences. [16:33:37] yes i admit [16:33:40] Well unfortunately it's insecure for Miraheze to just remove 2FA on request [16:33:53] even though i was usually careful but yes i messed up [16:33:55] So you have to make a new account and be treated policy wise as a new user/editor [16:34:04] [1/2] soft cell lol [16:34:04] [2/2] also battleborn but it's wip and gonna be similar to gigantic [16:34:05] It's not that hard though [16:34:28] alright [16:34:30] one moment [16:37:22] Do gadgets overwrite common and skin css written in their respective pages (like common.css)? [16:38:04] Well doesn't the wiki bot confirm your identity @allaze_eroler [16:38:19] @rhinosf1 does the wiki bot authentication confirm identity? [16:38:28] normally yes [16:39:03] WikiAuthBot is not enough for 2FA [16:39:24] Oh rip ok [16:43:35] anyway, i edited my wiki: https://miaruniverse.miraheze.org/wiki/Main_Page [16:44:24] and the username is allaze-idiot [16:44:39] also, i used the same email than allaze-eroler. [16:49:20] anyone else having issues with updated images never updating? [16:49:28] tried clearing my browser cache on multiple devices [16:49:47] new images still don't appear unless directly loaded after weeks [16:50:58] one question though: it's possible you could reset 2fa? [16:51:53] SRE has the ability to do so if there is sufficient evidence of identity yes [16:52:17] Such as a PGP-signed verification matching a PGP key shared with your account, a SHA512 committed identity, etc. [16:52:32] All of these would've had to have been done before you lost your account [16:55:44] question: does the ip have geographic location, right? if so, can the username have these as well? normally, by having 2 accounts that have the identical ip could prove it? [16:56:55] No [16:57:07] there's some evidence in the global rights log that CheckUser used to be used for account recovery by SRE though [16:57:20] @bluemoon0332 not for 2FA removal [16:57:22] however CU has been heavily restricted by T&S since then [16:57:28] so not like I'll ever touch it [16:57:38] the last time i loged on miraheze was 3 days ago. [16:57:54] @allaze_eroler We can't assist you. [16:58:31] As a matter of policy, outside of exceptional circumstances with strong proof, we do not remove 2FA from accounts. You accepted that risk when you enabled 2FA. [17:00:35] great... other than that PGP thing i never created, what other choice i have? real name when i created my account? [17:01:26] do you have amnesia [17:01:31] Ok sorry that could be a bit too rude [17:01:33] Committed identity or proof of real life identity [17:01:43] @koreirose yes please retract that comment [17:01:55] Sorry I didn't mean that [17:02:09] If there is a clear link to your real life identity, then ID can be used [17:02:46] [1/2] There isn't much we can do besides what's already been stated [17:02:47] [2/2] If you haven't given a SHA512 committed identity, PGP public key, or similar information from your account, there likely isn't anything SRE can do [17:02:49] I have to go now so talk later [17:03:10] you're lucky that if i was a moderator, i would have banned you instantly but unfortunately, it wasn't the case considering my temparaemnt. [17:08:28] where am i supposed to find that SHA512 committed identity or PGP public key? the only information was my real name that were associated with. when i created an account just now, i entered an username, email and real name that is all. [17:08:55] If you don't know where to find it then you don't have it [17:10:44] [1/12] > Thank you for reaching out to us regarding your account recovery. We understand your concern about not being able to find your PGP public key or SHA committed identity for the recovery process. [17:10:44] [2/12] > [17:10:45] [3/12] > After thorough investigation, it appears that your account does not have a PGP public key or SHA committed identity associated with it. As a result, we regret to inform you that we cannot initiate the recovery process for your account based solely on these parameters. [17:10:45] [4/12] > [17:10:45] [5/12] > It's important to note that for security reasons, account recovery processes often rely on specific identification methods such as PGP keys or SHA committed identities to verify ownership. These measures are in place to ensure the integrity and security of your account information. [17:10:46] [6/12] > [17:10:46] [7/12] > Unfortunately, since there is no PGP public key or SHA committed identity linked to your account, we are unable to recover it using these methods. [17:10:46] [8/12] > [17:10:47] [9/12] > If you had previously set up and published a PGP public key or SHA committed identity before losing access to your account, there might be a possibility of recovery through those means. However, without such information on record, we are limited in our ability to assist with account recovery. As such, you need to make a new account. [17:10:47] [10/12] > [17:10:47] [11/12] > We understand the inconvenience this may cause and apologize for any frustration it may bring. We value your security and privacy, and we encourage you to take proactive measures to safeguard your account information in the future. [17:10:48] [12/12] I asked ChatGPT to explain it. Does this help? [17:11:46] got nuke my account and the wiki. [17:11:52] ? [17:14:04] what's going on now [17:14:53] 2FA lockout [17:15:02] i got logged out from the site and i tried to login in, i found out that my 2FA is broken and unable to do so. as well the recovery code is wrong. [17:17:06] [1/2] it used to be an issue years ago [17:17:06] [2/2] I believe a script is run to update thumbnails etc [17:18:33] it's gotten pretty annoying yeah :TheDarkness: [17:18:46] can't even upload under a new name since it detects a duplicate [17:19:08] any idea how I can apply that script to my wiki [17:20:37] I think SRE needs to help you [17:20:45] Not completely sure though [17:21:51] yeah, it's closer to SRE field, I'm not knowledgeable [17:27:33] Is there any kind of MassEdit script on Miraheze? Also gtg talk later [17:29:02] MassEditRegex probably fits that description; however, it's very difficult to use if you don't know regular expressions and is usually restricted to administrators [17:29:43] Unfortunate I see [17:29:55] beyond that something like pywikibot tends to be used [17:39:20] I’m confused - what was said? [17:39:45] do you have amnesia [17:39:47] now deleted [17:39:49] Ah I see [17:40:04] irc log remembers all though [17:41:01] yup [17:45:19] How do I change the ribbon colours on my wiki? https://wiki.greatphermesia.com/ [18:08:49] what ribbon? [18:21:58] Was thinking of battleborn, forgot soft cell. Thanks [18:30:56] I apologize, that was an unnecessary and rude comment to make by one of our users. [18:31:23] indeed [18:31:41] but it's ok, it's already deleted [18:44:47] i managed to find the older version of 2FA recovery codes but... it didn't work. [18:55:57] did you copy the full code and not just part of it [18:56:17] Also they're single use so make sure you're not copying ones you already used [18:56:44] Spacing is also important, make sure there are no extra spaces at the start or end and that the spaces between the strings that are supposed to be there are there [18:58:23] what a fucking idiot i'm...... [18:59:10] i didn't realize it said "code from two-factor or recovery code" i didn't noticed there is that recovery code part... [18:59:32] and so, i entered it and... it worked [19:00:01] now's your chance to disable 2FA, and reconfigure it if you want [19:00:08] indeed [19:00:38] gotta do that asap [19:01:04] my dyslexia really made a good job on fooling me... [19:01:20] Congratulations [19:03:47] i will go delete the second account [19:04:12] You can't fully delete a MediaWiki account but you can request an irreversible vanishing at https://reports.miraheze.org [19:04:24] in all simplicity may as well keep it for testing or whatever [19:04:40] that could work [19:05:03] can't truly get rid of it, making it disappear takes man hours, and legit uses for such an account do exist [19:05:04] Yeah [19:05:04] so eh [19:05:30] fun fact, the entire time I was locked my alt was never locked [19:05:37] and that was an officially designated account [19:08:54] ban evasion smh [19:12:35] alright, fixed [19:12:51] and i did save the qr code as well the code. [19:15:42] yay [19:17:03] as it turn out, the recovery code are single use and are not used to be creating new 2FA system [19:21:04] Yup [19:21:20] which mean: lesson learned [19:21:59] If you want to try and set up PGP or SHA512 commit you’re free to read the guide or ask as well [19:22:20] nods [19:22:34] i will do that tomorrow [19:23:08] md5 ftw [19:23:28] Couldn't you bruteforce someone's committed identity hash if you had enough GPUs? [19:23:34] Hm? [19:23:39] Hopefully not [19:23:41] Just take the hash and run it through random text until you get something that matches [19:24:09] Our modern cyber security architecture relies on that not happen [19:24:15] The like navigation menus [19:24:18] Yes, some hashes are easier than others to break [19:24:41] We do review what algorithms we allow over time [19:24:41] Every possible combination of letters, numbers, and special characters up to a certain length [19:24:46] Hmm ok [19:24:54] Require argon2id hashes then /j [19:25:07] obviously, md5 wouldn't be accepted by anyone [19:25:07] we could simplify the whole "I've lost access to my account" issue by adding a preference for a hash that users can fill out and we could verify with them if they lose access 🤷🏼‍♂️ [19:25:14] boooooooooo [19:25:18] i like md5 [19:25:44] Chances are users will ignore this option and not fill it out honestly [19:25:51] Or just not understand how to make a hash which is understandable [19:26:07] yeah, and thats their bad. but its a way to at least offer some form of recovery method. [19:26:54] Yea ik but I don't see anyone being very likely to fill it out [19:29:17] I’d fill it out [19:29:47] I'll see about adding one for anyone who does want to use it [19:33:32] how about adding that while creating an account? [19:34:25] like: username, real name (optional), secret phrase (mandatory) [19:34:40] I feel like they'd be just as likely to forget a secret phase as a password [19:34:41] And like [19:34:44] This would defeat the purpose of 2FA [19:34:56] Because even if they don't know your 2FA they know your secret phrase which is just another password [19:35:09] i see [19:38:40] I find secret word/phrase to be more forgettable than password [19:39:21] I'll add it anyway—people can use it if they wish, or not if they don't. [19:39:21] also the amount of times clients in my phone customer support days couldn't remember word and would go w/ ID number [19:42:27] Well [19:42:34] I don't think it's particularly secure but you can if you want [19:42:46] It also doesn't seem particularly useful [19:43:02] why is it not secure, or useful? [19:43:03] However it might be okay to make it so that the secret phase can be used only for removing 2FA [19:43:22] [1/2] Not secure because it's 1 factor of authentication to bypass 2FA [19:43:23] [2/2] Not useful because people aren't less likely to forget it than their password and recovery codes [19:44:33] [1/4] > Not secure because it's 1 factor of authentication (something you know) to bypass 2FA [19:44:34] [2/4] in some circumstances we can give people their account back if they can prove that it is them. This would be one of those ways of them proving that it is them. [19:44:34] [3/4] > Not useful because people aren't less likely to forget it than their password and recovery codes [19:44:34] [4/4] is there some data to back that up? That's your opinion. [19:44:40] Well [19:45:04] Hmm [19:45:42] [1/4] > is there some data to back that up? That's your opinion. [19:45:42] [2/4] Because I don't see why you're less likely to forget your secret phrase than your password, a secret phrase is just another password [19:45:42] [3/4] > in some circumstances we can give people their account back if they can prove that it is them. This would be one of those ways of them proving that it is them. [19:45:42] [4/4] If a password is all you need to prove it's you then 2FA isn't useful [19:46:00] I don't see how a secret phrase and a password are different [19:46:30] I never said they we're. The chance of forgetting either is 50/50. [19:50:54] you did customer support? [19:52:36] more like tech support, but w/ customers yeah [19:53:55] still think about fucking weirdo who was taking absolute nonsense for like 30 min at least, and previously harassed call center girls, they redirected him to me lol [19:54:36] and couple of days later he actually appeared in our building and started bragging some shit [19:55:44] I only heard about this from others, it wasn't my shift that day [19:58:10] more would do so then currently and the excuse would be less when something does go wrong, a bit of CYA doesn't hurt I reckon [19:58:48] i forgot authy is sunseting their desktop apps raaaa [19:59:46] Yeah, I'm not generally saying "if you have this, we will remove 2fa from your account", I'm saying that if we are relatively certain that you are the owner of the account, and have for some reason gotten locked out (maybe your 2fa device is broken), then it's an extra step for peace of mind for us. [19:59:59] not that we would be running around unsetting 2FA for everyone who set it. [20:00:27] when is Fandom getting sunset pls [20:01:06] how ironic is it that my anti virus triggers when im trying to install PgpFrontend [20:01:07] Oh I see [20:01:07] That could work [20:04:01] 😔 [21:21:18] or sold tbh [21:23:01] it'd be a shame if thousands of smaller wikis were left and purged [21:28:27] Yea [21:58:27] yeah things did start to go downhill when they were acquired. [21:58:34] not like it was great beforehand. [22:07:42] yeah, it wasn't ideal [22:08:06] but I honestly prefer the pre-2020 days [22:08:10] but more so it is nostalgic [22:11:55] lol [22:12:00] One can only hope [22:12:25] Or at the very least, I hope it someday meets its end. [22:14:27] under the current direction, I don't think it will survive 2030 tbh [22:15:09] rip [22:15:27] honestly [22:15:59] I wouldn't be surprised if it still exists by 2030, just at a declining state. [22:16:11] Since it has been around technically since like...2004. [22:16:12] iirc [22:16:16] yeah [22:16:33] I really hope they step up their game and actually serve community interests, or at least separate the wiki platform from their media conglomerate [22:17:02] lol only time will tell I guess ¯\_(ツ)_/¯ [22:17:20] yeah [22:19:02] [1/2] it'll be a graveyard for gaming wikis tbh, under the current direction [22:19:02] [2/2] I'll be expecting more new gaming wikis to be self-hosted, on miraheze, wiki.gg, or misc wiki farms too [22:19:49] The sub-set of wikis I was on were the "Hypothetical (Topic Here)" wikis. [22:20:00] So who knows what will become of htem. [22:20:23] speaking of which [22:20:26] I was never really an avid gaming wiki editor. [22:20:36] I was more of a creative editor ig. [22:20:38] idk [22:22:44] Comparing wiki.gg and fandom is like comparing green and red apples. They're both the same thing just different colours. [22:23:16] I noticed that too when I browsed wiki.gg. [22:23:22] In the Fandom stars channel, my fellow Fandom stars were discussing the future of Fandom and pretty much all of us are in the side that we're rather disappointed in the direction that Fandom is headed [22:23:29] I basically thought to myself "okay nice Fandom clone we have here." [22:23:52] A lot of wiki.gg wikis are forks from Fandom [22:24:09] Actually, even worse than Fandom in a way, the highest user group you can attain is...sysop? [22:24:19] What the hell kind of laziness is that? [22:24:28] 95% are. About 5% of them are actually wikis they have created themselves and they're all dead. [22:24:29] Isn't wiki.gg just Gamepedia 2.0? [22:24:39] yeah but worse [22:24:46] Interesting [22:24:50] Like, administrator? really? [22:25:00] Yeah, I got the impression that a good number in their team sort of regretted the Gamepedia merger [22:25:04] I'm sorry but that screams laziness to me. [22:25:05] as they worked at Gamepedia [22:25:11] I always laugh at that rule they have that you must keep the mediawiki default links in the sidebar [22:25:17] Not really sure what is up with that tbh [22:25:33] Their implementations of some things are a bit odd [22:25:34] no idea either [22:25:37] like no bureaucrat [22:25:37] They use shared databases so the bureaucrat group is used as a stagf group [22:25:41] I'm sure there are more new wikis than that tbh [22:25:45] Instead of just creating another group? [22:25:50] Bureaucrat is reserved for wiki.gg staff or w/e\ [22:25:56] from what I read [22:26:00] indeed [22:26:14] sysop is basically the highest you'll get there [22:26:16] Bizzare business model I'll give you that [22:26:21] yep [22:26:30] Yeah [22:27:44] what [22:27:52] yes [22:27:59] do you need to ask staff to promote people [22:28:04] Yes [22:28:05] I read their wonderful project pages. [22:28:14] Yeah, would seem like it. [22:28:43] Wow [22:28:47] They seem to lack any kind of wiki management extension though. I assume their LocalSettings file is a 500 case switch statement [22:28:50] `sysop` there only can promote/demote autopatrolled [22:28:51] so essentially... [22:28:51] yeah [22:29:10] Sysop basically is useless with assigning permissions. [22:29:11] Something worse then fandom [22:29:16] Impressive [22:29:19] Basically waht I thought too. [22:29:31] I never thought it was possible either. [22:29:33] Can you request local groups like content mod/patroller/rollback? [22:29:35] Like legitimately. [22:29:58] They are pushing the very boundaries of physics, to a new frontier of existence [22:30:02] LOL [22:30:08] right [22:30:19] But it’s the exact opposite frontier… [22:30:46] Meh, at the end I keep asking myself "Why should I care this much, its not like I ever edit gaming wikis anyway." [22:31:07] Wiki gg staff should consider getting jobs as theoretical physicists/j [22:31:12] lol [22:33:19] I mean, I care, because I care about gaming wikis the most, but that's just me :p [22:33:41] Ah okay. [22:33:50] It's just not the same for me. [22:34:00] I'm more into...idk basically more akin to worldbuilding? [22:34:07] Just being creative. [22:34:10] I care about the wiki community as a whole [22:34:14] That too. [22:34:17] i care about food [22:34:20] lol food [22:34:21] _in the mood for food_ [22:34:22] Same [22:34:25] same! [22:34:31] pizza party when [22:34:46] I do like to help build out new/smaller wikis, wherever they are hosted [22:34:53] Interesting. [22:35:00] That's a very good quality then. [22:35:23] Sadly, since my interests are more limited its harder for me to jump into that. [23:01:51] wiki load slow today [23:02:54] We got DDoS'd again [23:02:59] for a second time [23:03:02] Is it still slow right now? [23:03:30] not now [23:03:39] good to hear [23:03:44] that means the mitigation worked [23:03:49] Alibaba IP strikes again [23:04:33] There was a time earlier today we got it too? [23:04:35] damn [23:04:59] Yeah, around maybe 8 hours ago [23:05:02] ouch [23:05:06] womp womp [23:05:20] just great so some random jerk decides to troll a free wiki site 😦 [23:05:42] Honestly though, I'm quite pleased that we didn't go down [23:05:43] 2b2t moment [23:05:50] 💪 [23:05:53] on our old infra, the farm would've been in flames [23:05:59] now, it was just slow but not down [23:46:32] I would love if we have again a useful replace tool [23:46:42] I miss the times when replace tool could be used [23:47:55] [1/2] *useful: you put (original) in one text field and (new) in other text field. [23:47:55] [2/2] Now you have to learn programming (regex) to do anything and doesn't even works most of the times [23:52:04] <.labster, replying to jakeukalane> skill issue [23:52:24] true but doesnt contradict any of my points [23:52:44] ReplaceText was removed due to being incompatible with revision compression (which Miraheze uses) IIRC; MassEditRegex is a step up with regards to a learning curve but is fundamentally the same [23:53:22] fundamentally is like having no replace [23:53:58] <.labster> If you want to fix ReplaceText it’s open source software [23:54:16] ... what a rude response. [23:54:43] I thought ReplaceText worked? [23:54:51] there's not much else to be said tbh, it's a shame and it was best in market but it is gone unless someone with the appropriate skills makes it go [23:54:53] I might be remembering some old info though [23:55:00] if it works now it's news to me [23:55:13] iirc, CA tried to make it work with compressed revisions but to no avail [23:56:13] I think the probability of it working are -100 because it uses regex and you cant regex something thats compressed [23:56:14] okey, thanks for the update [23:56:41] sad [23:56:49] only alternative is using PWB [23:57:16] do we have a proper pwb guide on meta, seems like a neat thing if not [23:57:27] The wikimedia one is pretty good [23:57:33] supposedly masseditregex works. I made it work I think one time of the three times I requested someone who knows regex to help me. So I don't clearly understand why one works and the other don't [23:57:52] Yeah im abit confused about that too [23:57:53] <.labster, replying to originalauthority> You can if you decompress. I wonder if elasticsearch would help find candidate pages [23:58:14] Yeah but replace text doesnt decompress the revisions which is the problem i guess [23:58:58] I think MassEditRegex uses a different way to search text than ReplaceText [23:58:59] just wanted to know if there was any new or expactative, so for me, the question is resolved. (although being that rude seemed a bit unnecessary) [23:59:07] [1/3] ``` [23:59:08] [2/3] If your revisions are compressed (that is, if $wgCompressRevisions is enabled in LocalSettings.php or the script compressOld.php has been executed with the option -t gzip) then ReplaceText will not work, because it makes use of SQL queries that can't search compressed text. (see the MassEditRegex extension as an alternative in this case.) [23:59:08] [3/3] ``` [23:59:13] Yeah they must use different queries [23:59:27] Surely wouldve been easier to adapt the original extension than create a new one but hey ho