Wikipedia:Bureaucrats' noticeboard
|
|
1, 2, 3, 4, 5, 6, 7, 8, 9, 10 |
This page has archives. Sections older than 5 days may be automatically archived by Lowercase sigmabot III. |
For sensitive matters, you may contact an individual bureaucrat directly by e-mail.
The Bureaucrats' noticeboard is a place where items related to the Bureaucrats can be discussed and coordinated. Any user is welcome to leave a message or join the discussion here. Please start a new section for each topic.
This is not a forum for grievances. It is a specific noticeboard addressing Bureaucrat-related issues. If you want to know more about an action by a particular bureaucrat, you should first raise the matter with them on their talk page. Please stay on topic, remain civil, and remember to assume good faith. Take extraneous comments or threads to relevant talk pages.
If you are here to report that an RFA or an RFB is "overdue" or "expired", please wait at least 12 hours from the scheduled end time before making a post here about it. There are a fair number of active bureaucrats; and an eye is being kept on the time remaining on these discussions. Thank you for your patience.
To request that your administrator status be removed, initiate a new section below.
RfA candidate | S | O | N | S % | Status | Ending (UTC) | Time left | Dups? | Report |
---|---|---|---|---|---|---|---|---|---|
Worm That Turned | 256 | 4 | 7 | 98 | Open | 09:47, 18 November 2024 | 2 days, 11 hours | no | report |
It is 22:44:51 on November 15, 2024, according to the server's time and date. |
2FA Borked
Hello. Sorry to make work for you. I recently replaced my mobile device that had my 2FA Authenticator app. Regrettably, I can’t find the scratch tokens so I can’t login anymore. I’m still logged in here on this device which is how I’m able to post.
Anyhow, I’m going to abandon this account and switch all activity to jehochman2 (talk · contribs · deleted contribs · logs · filter log · block user · block log). Please be so kind as to move my ops to that account. Please name my original account something else and rename jehochman2 to be Jehochman. If that’s not doable, do whatever you think is right. Feel free to email to confirm that this is me and not some very clever imposter.
As a warning to all those watching, 2FA on Wikipedia isn’t fully baked. The emergency codes should be automatically emailed to the user. I haven’t had these troubles with any of the other web services where I use 2FA. Jehochman Talk 14:24, 31 January 2018 (UTC)
- I haven’t had these troubles with any of the other web services where I use 2FA.
- That's because most websites require you to verify your phonenumber and allow you to use this as a secondary route for recovery. As we don't want to store people's phone numbers (for privacy reasons, and I think the community would freak out), we don't have this additional backup methodology (and it does weaken the 2FA security to have them actually).
- The emergency codes should be automatically emailed to the user
- there is NO website that supports 2FA that will ever email you emergency codes. That would defeat the whole process. Almost every website will tell you to print them and store them securely (as do we)
- I recently replaced my mobile device that had my 2FA Authenticator app
- The simplest method is to deal with this is to disable 2FA with your old phone and then re-enroll on the new phone.
- Feel free to email to confirm that this is me and not some very clever imposter.
- Ehm... if you think that emailing is a method of confirming identity, then you might very well be an imposter. Rights should never be transferred based on such a simple check
- Anyhow, I’m going to abandon this account and switch all activity
- Recovery of the old account is possible, IF you can somehow prove your identity. For this create a ticket similar to: phab:T180654 and describe the evidence that you can provide to a functionary (don't throw it into the actual ticket right away, the sysop will set up a private conversation for that). Evidence that might be usable, is proving your access to the email address that you used for the original account, committed identity, GPG keys, in person contact with well respected members of the community, et etc... —TheDJ (talk • contribs) 15:01, 31 January 2018 (UTC)
- Thanks, but I didn't post here to be schooled. Why don't you listen and we'll see if somebody can help me. Jehochman2 (talk) 15:29, 31 January 2018 (UTC)
- (edit conflict)You can get 2FA reset. You aren't the first admin to have this issue, which Crats can't fix, but I'm betting someone smarter than I will come along and tell you the link to request that auth be removed from your primary account. Last time I saw it, it was fairly painless. It seems that many (myself included) preferred that as it maintained the histories of the admin. Dennis Brown - 2¢ 15:02, 31 January 2018 (UTC)
- Thank you. The help page seemed to indicate that this wasn't a good option, but I have posted to Phabricator. If it works I will update the help page so that others can benefit. Jehochman2 (talk) 15:39, 31 January 2018 (UTC)
- @Jehochman2: it really isn't a "good" option - but for well established users they are making some exceptions in entertaining petitions - the requirements for what a petition must include are not even well defined yet. — xaosflux Talk 15:47, 31 January 2018 (UTC)
- (edit conflict) @Jehochman: / @Jehochman2: , assuming you can convince a developer - a much better fix for your immediate need would be to petition to have 2FA removed from your account. An example phab ticket is
phab:T185731phab:T180654 (is better). Scratch codes are supposed to be very secret, so adding them to email is generally a bad idea. 2FA does need more improvements, which is why it is not available for everyone right now. Once you petition a developer, they may contact you to further authenticate you. — xaosflux Talk 15:03, 31 January 2018 (UTC)
- Jehochman, you've emailed me before, so I know your email account. If you email me from that same email address, I can verify you. That is one of the things they probably will ask you to do. Dennis Brown - 2¢ 15:13, 31 January 2018 (UTC)
- A QCU request (Wikipedia:Sockpuppet_investigations#Request_from_WP:BN) has been opened as well. — xaosflux Talk 15:16, 31 January 2018 (UTC)
- QCU withdrawn due to Jehochman's comments that he is on a different system, see withdraw note at QCU requests. — xaosflux Talk 15:44, 31 January 2018 (UTC)
- I reopened it, suggesting a check of Jehochman = Jehochman2. That should match and go part of the way to verifying that it's me. Jehochman2 (talk) 15:50, 31 January 2018 (UTC)
- I've completed the check and posted the results.--Bbb23 (talk) 16:14, 31 January 2018 (UTC)
- I double-checked and have also commented there. —DoRD (talk) 16:29, 31 January 2018 (UTC)
- I reopened it, suggesting a check of Jehochman = Jehochman2. That should match and go part of the way to verifying that it's me. Jehochman2 (talk) 15:50, 31 January 2018 (UTC)
- QCU withdrawn due to Jehochman's comments that he is on a different system, see withdraw note at QCU requests. — xaosflux Talk 15:44, 31 January 2018 (UTC)
- A QCU request (Wikipedia:Sockpuppet_investigations#Request_from_WP:BN) has been opened as well. — xaosflux Talk 15:16, 31 January 2018 (UTC)
- Can we let this sit for a while and see if a developer is willing to help? Additionally, I may ask a few known people to verify that this is me. Jehochman2 (talk) 16:04, 31 January 2018 (UTC)
- @Jehochman2: to find out - did you open a phab ticket? What is the ticket #? — xaosflux Talk 16:15, 31 January 2018 (UTC)
- (edit conflict) I've received an e-mail from the real Jehochman, and can confirm that that's him. Bishonen | talk 16:06, 31 January 2018 (UTC).
- Jehochman2, I got a new phone in December and also forgot to disable 2fa before wiping the old one, so I understand your plight well. After a brief moment of terror, I remembered that I still had my scratch codes. —DoRD (talk) 16:29, 31 January 2018 (UTC)
- I have sent an email to an address previously known by me to belong to Jehochman and they have replied, so I'm convinced his account has not been compromised. Dennis Brown - 2¢ 16:36, 31 January 2018 (UTC)
- Thank goodness! And thank you! Jehochman2 (talk) 16:39, 31 January 2018 (UTC)
- I've been busy in real life so haven't been posting on Wikipedia much, though I've been using it a lot as a reference. I'm glad this event has given me a chance to reconnect with some of my old friends. Jehochman2 (talk) 16:42, 31 January 2018 (UTC)
- You might need to hit https://phabricator.wikimedia.org/maniphest/query/all/ , login (register?) and file a request. Dennis Brown - 2¢ 16:44, 31 January 2018 (UTC)
- Is this right? phab:T186115 Jehochman2 (talk) 16:46, 31 January 2018 (UTC)
- Well, it says "Access denied" for me. Regards SoWhy 16:53, 31 January 2018 (UTC)
- Items listed as "security" related can only be viewed by certain people (the owner can add 'subscribers' if they would like). — xaosflux Talk 16:57, 31 January 2018 (UTC)
- I assumed as much. My point was that we cannot confirm or deny that his request is right because only certain people can actually see it =) Regards SoWhy 17:02, 31 January 2018 (UTC)
- Items listed as "security" related can only be viewed by certain people (the owner can add 'subscribers' if they would like). — xaosflux Talk 16:57, 31 January 2018 (UTC)
- Is this right? phab:T186115 Jehochman2 (talk) 16:46, 31 January 2018 (UTC)
- They will look here and verify, I would imagine. There isn't a real policy on how this is done, or if it should be done, but then again, it isn't often it is needed. I'm not a fan of 2FA. Seems to be more burden than necessary. Dennis Brown - 2¢ 17:22, 31 January 2018 (UTC)
- You might need to hit https://phabricator.wikimedia.org/maniphest/query/all/ , login (register?) and file a request. Dennis Brown - 2¢ 16:44, 31 January 2018 (UTC)
- Coincidentally I also changed phones today and after reading this thread I made sure to be extra-careful not to disable my previous device before disabling 2FA (to re-enable it afterwards on my new device). Turns out though I can't re-enable it once disabled because I'm no longer admin. Oops! At least I'm not locked out. Wish there was a way to change devices without disabling first... :p Ben · Salvidrim! ✉ 21:23, 31 January 2018 (UTC)
- @Salvidrim!: I've enabled the ability to activate it for your account, if you still want to use it. -- Ajraddatz (talk) 22:48, 31 January 2018 (UTC)
- Speaking of which, why is 2FA still admin-only? ansh666 09:37, 1 February 2018 (UTC)
- I guess because otherwise you would have to deal with the cases similar to the above one on an hourly basis.--Ymblanter (talk) 12:04, 1 February 2018 (UTC)
- Speaking of which, why is 2FA still admin-only? ansh666 09:37, 1 February 2018 (UTC)
- @Salvidrim!: I've enabled the ability to activate it for your account, if you still want to use it. -- Ajraddatz (talk) 22:48, 31 January 2018 (UTC)
Proposal regarding 2FA
Can we ask for a tool that will allow a Bureaucrat or Steward to turn off 2FA for a particular account? The developer has no insight into who's who. They are going to rely on a Bureaucrat or Steward in any event to check the applicant's identity. If we want people to use good security, we have to make it convenient. Things inevitably go wrong and people will need support from time to time. Jehochman2 (talk) 16:49, 31 January 2018 (UTC)
- I think this has been requested and rejected before for not being practical and/or happening not often enough to bother coding a whole backend for this. Anyway, I think meta-wiki is the right place to suggest this, not enwiki. Regards SoWhy 17:00, 31 January 2018 (UTC)
- Check out meta:Requests for comment/Expand two-factor verification as an option for all users on all wikis and especially the related links in the closing statement and parent record phab:T100375. — xaosflux Talk 17:06, 31 January 2018 (UTC)
- As of my last contact with the WMF regarding this, they want a way for the community (probably stewards and large-wiki bureaucrats) to disable 2FA on an account. Developers can access other information to confirm account identity, such as login records and email addresses, that even checkusers/stewards can't look at. However, they don't seem to do so (normally) in these cases. My understanding is that this is a low priority item on the WMF agenda, so I don't expect much motion on this for a while. -- Ajraddatz (talk) 18:16, 31 January 2018 (UTC)
- It's one of those things that all us developers really want to work on, but there's just so much more high prio stuff that it is hard to get around to. These items did end at 20 and 49 on the community wishlist though, so it might rank high enough to take on during a hackathon or something. —TheDJ (talk • contribs) 08:55, 1 February 2018 (UTC)
- Specifically, this tool is described at phab:T180896 btw. —TheDJ (talk • contribs) 08:57, 1 February 2018 (UTC)
- Are there any summer internships? I know some students at Berkeley who might be interested to help.Jehochman Talk 00:48, 2 February 2018 (UTC)
- Specifically, this tool is described at phab:T180896 btw. —TheDJ (talk • contribs) 08:57, 1 February 2018 (UTC)
- It's one of those things that all us developers really want to work on, but there's just so much more high prio stuff that it is hard to get around to. These items did end at 20 and 49 on the community wishlist though, so it might rank high enough to take on during a hackathon or something. —TheDJ (talk • contribs) 08:55, 1 February 2018 (UTC)
emergency desysop of Denelson83
Denelson83 has been temporarily desyopped because of concerns that the account may be compromised. This was done under emergency procedures and was certified by Arbitrators BU Rob13, KrakatoaKatie and Ks0stm.
For the Arbitration Committee, Katietalk 02:48, 1 February 2018 (UTC)
- That's the boilerplate. We've contacted one of the stewards on IRC, but if one of you could do it sooner, we'd appreciate it. Thanks. :-) Katietalk 02:50, 1 February 2018 (UTC)
- (Non-'crat/steward comment) Actioned by Teles at 2:52 UTC. — PinkAmpers&(Je vous invite à me parler) 02:58, 1 February 2018 (UTC)
- @KrakatoaKatie: If there is evidence the account is compromised (no longer in control by the actual account owner), has a global lock been requested? — xaosflux Talk 03:08, 1 February 2018 (UTC)
- @Xaosflux: That's in progress as well. Katietalk 03:09, 1 February 2018 (UTC)
- OK, TY. — xaosflux Talk 03:11, 1 February 2018 (UTC)
- @Xaosflux: That's in progress as well. Katietalk 03:09, 1 February 2018 (UTC)
The following inactive administrators are being desysoped due to inactivity. Thank you for your service.
- Friday (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
- Coren (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
- Chris 73 (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
- AngelOfSadness (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
- Mike V (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)
- Midom (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)