User Details
- User Since
- Feb 22 2015, 7:40 AM (320 w, 2 d)
- Availability
- Available
- LDAP User
- Unknown
- MediaWiki User
- ThurnerRupert [ Global Accounts ]
Sep 22 2019
Jul 26 2019
Sep 23 2018
Aug 4 2018
Jul 22 2018
the title "password meter" would not suggest a duplication. but the contents is a full ducplicate - and - has a lot more value. there is already an expert discussion in T32574: Display a password strength bar which includes password strenght. the patch attached to T32574: Display a password strength bar uses a password meter algorithm. it implements to configure a minimum strenght in the config file. it does not (yet) implement anything to show the complexity of the password to the user beforehand. having a second ticket only for the lenght of the password based on a paper of such weak quality which is not even public for everybody seems not ok. what mediawiki currently offers is already far better than described in that paper:
- https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy - password lenght 8 for different user groups already there
- limit the rate of retry in online attacks
- hash the passwords for offline attacks (not sure though if it is still in line with what NIST says ...)
Jul 21 2018
yes, exactly, many thanks for the copy out, reedy! there is T32574 as well which partially covers what is mentioned in this ticket (aaaaaaa)
an example password strenght meter:
- demo: https://cups.cs.cmu.edu/meter/
- mentioned in this article: https://phys.org/news/2017-05-unveil-password-meter-users-passwords.html.
- source is here: https://github.com/cupslab/password_meter
this is against recent NIST research, and should be closed as "not implement":
https://pages.nist.gov/800-63-3/sp800-63b.html
this paper is quite outdated or even incorrect, except for "usability" - i.e. present a password strenght meter. to be more detailed, it says that a password is sent via email. but - this is only a temporary password which only allows to reset the password. so comparable to a link with some arbitrary number. it also suggests to use different character classes, which is discouraged by recent NIST research. it also thinks that a minimum password lenght should be set which is also against the NIST recommendations - which are clear that the type of the service offered, or the information to be protected, should determine the password strenght. also, NIST discourages policies that force to set a new password (regular password change eg) and suggests that the strenght should be measured against a list of breached passwords while the study says reusing an old password is bad - no matter if breached or not.
the library used seems excellent. the usage i am not so sure, it is a mandatory check, and not a hint to the user:
if ( $score < $policyVal ) { $status->error( "passwordpolicies-policy-passwordstrength", $score, $policyVal, $maxScore ); }
Feb 16 2018
the upload wizard could guide the user in adding the information. or require the user to add it herself? so we have not the problem of "original photo does not contain the license information, but then it is added". what you think?
Jan 28 2018
another case which could have been solved by this:
Jul 30 2017
hahah, andre, i find it now painful in phabricator that it seems to be impossible to create a ticket towards better control of new pages :) what i want is clear: give a new page time to ripe. and for this, give the persons checking new pages technical means to do this appropriate. as you are experienced with all software components could you list the components involved and their purpose, so we could make tichets which can be implemented? mabe flag pages, or not. maybe display edits after X hours? maybe a flag "not done" or "help wanted" when storing? not sure what means were discussed up to now ...
Jul 29 2017
i cannot recall the exact message, and i would appreciate to concentrate on the root cause: somebody doing new pages control feels that it is necessary to move an article into the users namespace because the person thinks the article is not good enough. such a move should never be necessary or permitted. if not good enough not flag it. if not flagged for long enough (a week or so) just delete it.
Jul 27 2017
Feb 6 2017
i stumbled on https://gerrit.googlesource.com/plugins/github/+/master/README.md - is this something you envision here?
Jul 4 2016
removing myself, to express my wish that administrative bloat and organisation busy with itself should be avoided, while writing software and helping patches from others go into software should be encouraged ...
May 29 2016
May 28 2016
May 16 2016
interesting point, what exif fields would be necessary to get the copyright ok? or add the copyright related fields of xmp?
May 15 2016
why not starting with something easy? if making a thumbnail for wikipedia, leave exif in place?
Apr 22 2016
@wctaiwan , interesting feature, did not notice it before, but i like it. this solves the problem, thank you!!
Apr 21 2016
@wctaiwan , @WhatamIdoing, this is problematic because the implementation seems somehow broken. i tried to get both tabs for anonymous usuage and logged in user. i failed. first it would not let me anonymously edit source, only visual editor. then i switched on both tabs logged in, in the preferences as suggested above. yesterday i wanted to make screenshots for csteipp where mediawiki exposes ip adresses without warning, and i could not trick mediawiki.org any more to allow anonymous edit with visual editor, it was always source.
Apr 20 2016
just to add another example which might help the zillion of sports results on wikipedia. taken an example of bayern munich:
- basedata kicker.de: http://www.kicker.de/news/fussball/bundesliga/vereine/1-bundesliga/2015-16/bayern-muenchen-14/vereinstermine.html
- league table kicker.de: http://www.kicker.de/news/fussball/bundesliga/spieltag/1-bundesliga/2015-16/spieltag.html
- wikipedia: managerial statistics: https://en.wikipedia.org/wiki/Pep_Guardiola#Managerial
- wikipedia: player statistics: https://en.wikipedia.org/wiki/Thomas_M%C3%BCller#Career_statistics
- wikipedia: bayern saison base data, https://en.wikipedia.org/wiki/2015%E2%80%9316_FC_Bayern_Munich_season
added feedback + opposition now to https://www.mediawiki.org/wiki/Topic:Szfpjd08my4nzjr8 ...
if this then makes the same mess as it is done on meta for e.g. idealab - than please do not enable the extension. i would have nothing against a translation support, properly supporting to put pages including transcluded contents side by side.
there was no complaint about the two tabs. the german wikipedia finally voted for switching it on because of the two tabs. so why on earth you open this box again, and _again_ without the community? you guys seem to never learn :(
could you add a link please? why would one want to make 2 clicks out of one? who decided this, with involving whom? the only item i can see is: https://www.mediawiki.org/wiki/VisualEditor/Single_edit_tab which has no discussion *wonder*
Apr 17 2016
on the fly switching? you mean an additional click? please _NOT_.
i really do not understand why you guys keep fighting for having visual editor as only option for years. just show both tabs, and let the users switch off one of them in the rare case a user really has a strong preference.
Apr 16 2016
exactly, whatamidoing-wmf. you should not, but the site-wide default changed without a larger discussion. it was text, now it is visual editor. or was i so adventuros that i changed it myself and i cannot remember any more?
Apr 15 2016
i do not understand what to choose there to have both tabs, edit source and gui edit. there is a dropdown showing "remember my last editor" and i for sure never used visual editor on mediawiki.org. can you please set as defaullt both tabs?
true, thanks for the hint - and the translation :) clicking on "phabricator", then "maniphest" shows these links.
created, or commented on.
Apr 4 2016
the discussion is clear, but does it need a ticket or we close it?
@Dereckson , now i know a wish to notifications: it should include phabricator mentioning my name :)
Mar 26 2016
i liked one summary on the talk page about this waste of a technical department getting distracted from their work and try to solve the world:
Mar 19 2016
discourse has too many weak points imo:
- it is not a proper mailing list server. it e.g. reformats mails, cuts out email adresses etc
- it is not clear why this should be better than a mailing list
- the mobile interface has a small font and big everything else, eating up screen space
- resizing text in mobile is not possible
- it is slow, and an additional web page
Feb 29 2016
as an idea by itself, the stats page could be linked into my profile, as well as subscribing mailing lists. also a link to phabricator tasks, also to gerrit commits. and a link to trials like the software which was proposed as add on to mailing lists ... i cannot find the link at the moment. and a search like intellij or eclipse settings search to find all the settings, features and links.
bawolff, the list server runs on a wikimedia server, and the stats page as well:
Feb 28 2016
from sarahs mail ...
Feb 12 2016
andre, it would be better you focus on technical tasks instead of bureaucracy :) the only reason this task exists is that people started to swear about WMF when superprotect was switched on. both, superprotect and swearing is gone, so this task should be closed as invalid.
Feb 5 2016
i'd love if "wiki" would redirect to the original version as long as a user is able to understand the language according to her preferences. e.g. in my preference i can list "en, fr, de, cn". original version is the one created first, or marked as such.
Jan 31 2016
Oct 1 2015
i wanted to award a token to GWickes statement "There is broad agreement within the architecture committee that we need to be more forward-looking and focused on the major architectural issues." ... but somehow i could not :)
how is this the same or different as T114072, sections ?
very interesting imo. would allow to interlink to sections from different wikis, refer to them from wikidata, include sections in derived texts, like books or offline. i'd appreciate if the solution is simple and easy to edit - e.g. the contents of a heading is a section.
Sep 12 2015
in germany it is common to send cease and desist letters which cost 500-1000 euro each. a couple of contributors showed up like this, one discussion here: https://commons.wikimedia.org/wiki/Commons:Administrators%27_noticeboard/Archive_53#Legal_action_resulting_from_photographs_by_Haraldbischoff
Sep 9 2015
i do think a policy can help the technical space, especially if it is accepted, positive, clear, simple, so to say a role model. twenty lines maximum.
if it includes what one should do to get praise, it will repeat itself. we want participation. the motivation to participate is _not_ to be not harassed, but to get some form of recognition.
Sep 6 2015
ironholds, the linux community had 4'000 committers in the last 15 months. the model is proven. but you are right, i now edited my comment and quoted what torvalds wrote. i should have done it beforehand to make clear i have no particular opinion about it - other than such language does not harm the community. this is also the only research i have: first, wikipedia contribution numbers go down while we have more rules. linux contribution numbers go up, despite sometimes using harsh language and no rules but "standard internet".
Sep 5 2015
before placing complicated text onto users please define criteria why we would need a code of conduct, resp what the result should be in a measurable way. there are so many rules, even contradicting, and everybody passing by wants to add one instead of understand and improve the existing ones. in a community of writers this is deadly.
defining a code of conduct as an _engineering goal_ is just wrong, and waste in the agile sense. besides it is not engineering, there is no benefit to the client. additionally this is targeted to anglo-saxon case law, complicating the user experience for everybody else.
Jul 19 2015
where is this code, i.e. where this "add link" button should then go?
what will replace the mobile-silo'd code?
Feb 24 2015
Why full browser window should loose the "anchoring " whatever you mean by
this ? It is working iPhones since the beginning?