Jump to content

Wikipedia:Bureaucrats' noticeboard

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Xaosflux (talk | contribs) at 17:53, 3 February 2018 (Wikipedia:Inactive_administrators/2018#February_2018: pipe that). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

    To contact bureaucrats to alert them of an urgent issue, please post below.
    For sensitive matters, you may contact an individual bureaucrat directly by e-mail.
    You may use this tool to locate recently active bureaucrats.

    The Bureaucrats' noticeboard is a place where items related to the Bureaucrats can be discussed and coordinated. Any user is welcome to leave a message or join the discussion here. Please start a new section for each topic.

    This is not a forum for grievances. It is a specific noticeboard addressing Bureaucrat-related issues. If you want to know more about an action by a particular bureaucrat, you should first raise the matter with them on their talk page. Please stay on topic, remain civil, and remember to assume good faith. Take extraneous comments or threads to relevant talk pages.

    If you are here to report that an RFA or an RFB is "overdue" or "expired", please wait at least 12 hours from the scheduled end time before making a post here about it. There are a fair number of active bureaucrats; and an eye is being kept on the time remaining on these discussions. Thank you for your patience.

    To request that your administrator status be removed, initiate a new section below.

    Crat tasks
    RfAs 1
    RfBs 0
    Overdue RfBs 0
    Overdue RfAs 0
    BRFAs 10
    Approved BRFAs 0
    Requests for adminship and bureaucratship update
    RfA candidate S O N S % Status Ending (UTC) Time left Dups? Report
    Worm That Turned 248 4 4 98 Open 09:47, 18 November 2024 3 days, 2 hours no report
    It is 06:58:22 on November 15, 2024, according to the server's time and date.


    2FA Borked

    Hello. Sorry to make work for you. I recently replaced my mobile device that had my 2FA Authenticator app. Regrettably, I can’t find the scratch tokens so I can’t login anymore. I’m still logged in here on this device which is how I’m able to post.

    Anyhow, I’m going to abandon this account and switch all activity to jehochman2 (talk · contribs · deleted contribs · logs · filter log · block user · block log). Please be so kind as to move my ops to that account. Please name my original account something else and rename jehochman2 to be Jehochman. If that’s not doable, do whatever you think is right. Feel free to email to confirm that this is me and not some very clever imposter.

    As a warning to all those watching, 2FA on Wikipedia isn’t fully baked. The emergency codes should be automatically emailed to the user. I haven’t had these troubles with any of the other web services where I use 2FA. Jehochman Talk 14:24, 31 January 2018 (UTC)[reply]

    I haven’t had these troubles with any of the other web services where I use 2FA.
    That's because most websites require you to verify your phonenumber and allow you to use this as a secondary route for recovery. As we don't want to store people's phone numbers (for privacy reasons, and I think the community would freak out), we don't have this additional backup methodology (and it does weaken the 2FA security to have them actually).
    The emergency codes should be automatically emailed to the user
    there is NO website that supports 2FA that will ever email you emergency codes. That would defeat the whole process. Almost every website will tell you to print them and store them securely (as do we)
    I recently replaced my mobile device that had my 2FA Authenticator app
    The simplest method is to deal with this is to disable 2FA with your old phone and then re-enroll on the new phone.
    Feel free to email to confirm that this is me and not some very clever imposter.
    Ehm... if you think that emailing is a method of confirming identity, then you might very well be an imposter. Rights should never be transferred based on such a simple check
    Anyhow, I’m going to abandon this account and switch all activity
    Recovery of the old account is possible, IF you can somehow prove your identity. For this create a ticket similar to: phab:T180654 and describe the evidence that you can provide to a functionary (don't throw it into the actual ticket right away, the sysop will set up a private conversation for that). Evidence that might be usable, is proving your access to the email address that you used for the original account, committed identity, GPG keys, in person contact with well respected members of the community, et etc... —TheDJ (talkcontribs) 15:01, 31 January 2018 (UTC)[reply]
    Thanks, but I didn't post here to be schooled. Why don't you listen and we'll see if somebody can help me. Jehochman2 (talk) 15:29, 31 January 2018 (UTC)[reply]
    • (edit conflict)You can get 2FA reset. You aren't the first admin to have this issue, which Crats can't fix, but I'm betting someone smarter than I will come along and tell you the link to request that auth be removed from your primary account. Last time I saw it, it was fairly painless. It seems that many (myself included) preferred that as it maintained the histories of the admin. Dennis Brown - 15:02, 31 January 2018 (UTC)[reply]
    • (edit conflict) @Jehochman: / @Jehochman2: , assuming you can convince a developer - a much better fix for your immediate need would be to petition to have 2FA removed from your account. An example phab ticket is phab:T185731 phab:T180654 (is better). Scratch codes are supposed to be very secret, so adding them to email is generally a bad idea. 2FA does need more improvements, which is why it is not available for everyone right now. Once you petition a developer, they may contact you to further authenticate you. — xaosflux Talk 15:03, 31 January 2018 (UTC)[reply]

    Proposal regarding 2FA

    Can we ask for a tool that will allow a Bureaucrat or Steward to turn off 2FA for a particular account? The developer has no insight into who's who. They are going to rely on a Bureaucrat or Steward in any event to check the applicant's identity. If we want people to use good security, we have to make it convenient. Things inevitably go wrong and people will need support from time to time. Jehochman2 (talk) 16:49, 31 January 2018 (UTC)[reply]

    I think this has been requested and rejected before for not being practical and/or happening not often enough to bother coding a whole backend for this. Anyway, I think meta-wiki is the right place to suggest this, not enwiki. Regards SoWhy 17:00, 31 January 2018 (UTC)[reply]
    Check out meta:Requests for comment/Expand two-factor verification as an option for all users on all wikis and especially the related links in the closing statement and parent record phab:T100375. — xaosflux Talk 17:06, 31 January 2018 (UTC)[reply]
    As of my last contact with the WMF regarding this, they want a way for the community (probably stewards and large-wiki bureaucrats) to disable 2FA on an account. Developers can access other information to confirm account identity, such as login records and email addresses, that even checkusers/stewards can't look at. However, they don't seem to do so (normally) in these cases. My understanding is that this is a low priority item on the WMF agenda, so I don't expect much motion on this for a while. -- Ajraddatz (talk) 18:16, 31 January 2018 (UTC)[reply]
    It's one of those things that all us developers really want to work on, but there's just so much more high prio stuff that it is hard to get around to. These items did end at 20 and 49 on the community wishlist though, so it might rank high enough to take on during a hackathon or something. —TheDJ (talkcontribs) 08:55, 1 February 2018 (UTC)[reply]
    Specifically, this tool is described at phab:T180896 btw. —TheDJ (talkcontribs) 08:57, 1 February 2018 (UTC)[reply]
    Are there any summer internships? I know some students at Berkeley who might be interested to help.Jehochman Talk 00:48, 2 February 2018 (UTC)[reply]

    emergency desysop of Denelson83

    Resolved
     – Actioned on meta by steward Teles. — xaosflux Talk 03:11, 1 February 2018 (UTC)[reply]

    Denelson83 has been temporarily desyopped because of concerns that the account may be compromised. This was done under emergency procedures and was certified by Arbitrators BU Rob13, KrakatoaKatie and Ks0stm.

    For the Arbitration Committee, Katietalk 02:48, 1 February 2018 (UTC)[reply]

    The following inactive administrators are being desysoped due to inactivity. Thank you for your service.

    1. Friday (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
    2. Coren (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
    3. Chris 73 (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
    4. AngelOfSadness (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
    5. Mike V (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
    6. Midom (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
    xaosflux Talk 17:37, 3 February 2018 (UTC)[reply]