[05:44:07] https://en.wikipedia.org/wiki/User:Gryllida/common.js [05:44:07] what is wrong with that? trying to learn to edit pages via api, that throws an error `Uncaught TypeError: Cannot read property 'assert' of undefined` in console [05:44:39] not sure i'm asking in the right place, but there's no #mediawiki-js so ... [17:07:44] hi guys, i'm experiencing a problem trying to visit a specific page: https://en.wikipedia.org/wiki/C_Sharp_syntax [17:07:51] keeps giving server errors... [17:13:29] valerio: weird, I'm following up on -operations [17:22:14] valerio: hi again :) how long did you say you've been experiencing the error with this page? [18:41:56] For the purposes of Wikimedia chapter meetups, I'm looking for a way to import events from a calendar (Google Calendar/.ics/whatnot) to enwiki. In other words, is there a way to convert .ics to, say, a wikitable? [18:42:26] I know there's a mediawiki widget, but I presume there's no way that would be installed on enwiki [18:45:52] export your ics to CSV, then write a small script to make that a table? :P [18:45:58] what is a "mediawiki widget"? [18:46:15] https://www.mediawiki.org/wiki/Extension:Widgets [18:46:34] but yeah the widgets extension isn't even installed on wikipedia, so no point asking for a specific widget :) [18:46:47] oh, I see [18:46:53] didn't even know that exists [19:42:22] Rhododendrites, andre__, visualeditor will import CSV files. Just drag-and-drop a CSV file into a VE window, and it will create a table. [19:48:19] uuuuuuuh nice [19:53:17] https://en.wikipedia.org/wiki/User:Gryllida/common.js [19:53:17] what is wrong with that? trying to learn to edit pages via api, that throws an error `Uncaught TypeError: Cannot read property 'assert' of undefined` in console [19:54:23] Drag and drop is not my thing, but I do copy and paste tables into VisualEditor with some success every now and then [19:55:13] I've not yet observed any newbie successfully do it from over their shoulder, though, so I still point people to the LibreOffice solution most of the time for non-WMF wikis (https://stackoverflow.com/a/29469443/1333493 ) [22:18:49] Hi all, is there a limit on number of unsuccsessfull login attempts? I cannot find it in wgRateLimits. [22:26:39] Urbanecm, do you know error message text it gives you after the limit is reached? [22:26:56] Sveta, because I don't know **if** there is such limit, I cannot have the message [22:27:35] I have no problem on Wikipedia, I'm just wondering if WMF have such kind of limit, only a theoretical question ;) [22:28:18] it depends on wiki configuration, wikimedia projects just start showing you a captcha after the first three attempts [22:30:19] I'll tell why I'm asking, it'll be better I guess. I'm a member of Czech Wikipedia Arbitration Comittee and in one of our cases an user says in his statement that "his password was guessed". He told us that his password was eight digit number and I'm wondering if it's possible to guess password without warn somebody. [22:31:02] So if you can solve the captcha, you can guess how many times you wish? [22:31:04] Sveta, ^^^ [22:31:16] then I tried a few more times with the captcha, it said "You have made too many recent login attempts. Please wait 5 minutes before trying again. " [22:31:45] that's a 'login-throttled' message in mediawiki codes, but I am not sure what the exact limit is [22:32:24] Sveta, thank you anyway :) [22:32:34] CheckUser now logs unsuccessful login attempts iirc [22:32:46] not sure since when [22:33:05] but the messages where recently committed [22:33:28] does anything log successful login attempts? [22:33:39] CheckUser too per the new messages [22:33:56] Hauskatze, really? Do you know if it's live at wikis? [22:34:33] Urbanecm: I translated yesterday the messages and I think I saw a ticket recently closed for this [22:34:43] I don't think we have this function live, yet [22:34:49] let me do a bit of research [22:35:05] might be wgPasswordAttemptThrottle [22:35:09] [ 'count' => 5, 'seconds' => 300 ], [22:35:18] [ 'count' => 150, 'seconds' => 60 * 60 * 48 ], [22:35:27] * Limit password attempts to X attempts per Y seconds per IP per account. [22:36:29] (those are the defaults but I don't think Wikimedia customises that setting) [22:36:40] Hauskatze, imho showing login attempts is a little bit problematic, because it isn't a logged action right now (I mean on-wiki, not in serverlog) [22:36:56] Urbanecm: I can look into that further [22:37:19] If you tell me the username, I can check how many attempts have been made on the account [22:37:52] bawolff, that's great! It's 'Awewewe'@'cswiki'. [22:38:17] Although, in cases of guessing, its much more common for attackers to look at password dumps from other sites than actually bruteforcing [22:39:17] Urbanecm: T174492 [22:39:18] T174492: Log unsuccessful login attempts in CheckUser - https://phabricator.wikimedia.org/T174492 [22:39:23] bawolff, I know, but that's the only way that came to my mind when verifying user's statement [22:39:28] Hauskatze, thank you [22:41:44] Urbanecm: There's been 4 failed login attempts on that account in the last 30 days. But they are very spread out, each about a week apart. Looks more like user mistyping their password [22:42:05] bawolff, thank you for information, will forward it to the ArbCom. [22:42:33] Anyway, when talking about passwords: Should users report that somebody is trying to get into their account? [22:42:59] they should change their passwords to something stronger than 'eight digit number' [22:43:52] and enable 2FA if they're permited to [22:44:42] Urbanecm: Depends, if there are very large persistent attempts they can [22:45:59] And yes, what Sveta said. 8 numeric digits is a bad password [22:46:15] Although the most important thing is to use different passwords for different sites [22:46:45] Especially, if the password is 12345678.... ;) [22:47:57] bawolff, well, my question about breaking-in was about another users, who were encouradged to use 2FA and to make sure their password is strong, but right now, they're reporting such things to me and I cannot do anything with it. [22:48:42] It's about 3-5 attempts, then nothing, then again the same. Notifications came from wikis that the users are NOT active at [22:48:56] Ultimately there's not very much that wmf would be able to do about it either. If its a large scale bruteforce attempt we can block the relavent IPs, but that's about it, and we would probably only do that if it was a really serious attempt [22:49:12] All affected users (well, those who reported it to me) are sysops, just FYI [22:49:30] I know, so that's the reason why I'm asking if I should do anything with the reports :) [22:50:33] password strength was discussed, i think the 'good' option was to show users a password strength meter but not enforce strong passwords [22:50:46] At best what I can do is just look at the log, see if all the attempts are coming from the same IP. And then I suppose we could do something about the IP... but unless its trying a lot of passwords we probably wouldn't full on block it [22:51:53] Best scenario of course is to use a password manager, and have your password be a totally random 16 (or longer) character string that's unique to the site [22:52:02] but lots of users don't like that idea [22:52:12] We do enforce some standards for sysop [22:52:30] you cannot use the password 'dolphins' [22:52:39] I wonder if 'hunter2' is on the blacklist [22:52:51] but its still just very basic restrictions [22:54:16] bawolff, ok, the usernames are: Mates, Vojtasafr, Horst, all at cswiki. Really don't know how many attempts were performed because I just know what they told me [23:01:33] Urbanecm: Yeah, it looks like just one off attempts. Possibly even someone just entering the wrong username by mistake. I wouldn't worry about it [23:02:16] bawolff: Ok, thank you. I just wanted to be sure I won't ignore any report that might be useful :)