[03:24:03] <BlankEclair>	 gawd putting the ssh keypair on a fido2 key was harder than i expected
[03:24:15] <BlankEclair>	 especially with agent caching everything, i had to get askpass working for it too
[03:38:04] <BlankEclair>	 notaracham: the docusign document doesn't have a textbox on the email field
[03:45:08] <MirahezeRelay>	 <notaracham> It should if you check the box for email
[03:45:20] <BlankEclair>	 omg ty
[03:46:22] <MirahezeRelay>	 <pixldev> Welcome aboard Elaina
[03:47:06] <BlankEclair>	 ty ^_^
[03:49:18] <BlankEclair>	 signed
[03:49:19] <BlankEclair>	 task made: https://issue-tracker.miraheze.org/T13272
[03:56:43] <BlankEclair>	 somebody should probably update the extension for https://issue-tracker.miraheze.org/T13251
[03:59:07] <MirahezeRelay>	 <enews> why is claire back on IRC
[03:59:55] <BlankEclair>	 because i'm using irc??
[03:59:59] <BlankEclair>	 i use both
[04:00:18] <MirahezeRelay>	 <enews> ohh
[04:00:23] <MirahezeRelay>	 <enews> i thought like
[04:00:27] <MirahezeRelay>	 <enews> nobody uses that
[04:00:40] <BlankEclair>	 i-
[04:00:49] <BlankEclair>	 RhinosF1 and MacFan4000 be out here like :((
[04:01:18] <BlankEclair>	 i find it funny that i'm logged in to hetzner while using my server as a proxy
[04:01:23] <BlankEclair>	 so i'm managing my server with my server
[04:01:46] <MirahezeRelay>	 <pixldev, replying to enews> i use it
[04:02:00] <MirahezeRelay>	 <pixldev> Not here much
[04:02:13] <MirahezeRelay>	 <pixldev> but for networks and communities that arent relayed
[04:02:14] <MirahezeRelay>	 <enews> claire should join the irwa server since it just got public....
[04:02:22] <MirahezeRelay>	 <pixldev> like wikimedia stuff and scoutlink
[04:02:32] <MirahezeRelay>	 <enews> im gonna update the discord links on the website
[04:02:46] <MirahezeRelay>	 <pixldev> goood
[04:07:24] <MirahezeRelay>	 <enews, replying to pixldev> updated open an issue if there are any dead links
[04:16:05] <MacFan4000>	 BlankEclair: just an FYI, you'll also need to complete Data privacy trainings when those get sent out
[04:21:04] <MirahezeRelay>	 <pixldev, replying to MacFan4000> Oh yeah those exist groan
[04:38:31] <MirahezeRelay>	 <cosmicalpha> They aren't that hard to do really. Just a little time consuming (will take about an hour to complete)
[04:45:46] <MirahezeRelay>	 <notaracham> It's old hat for those who've been in data roles before, but at least makes sure we're all on the same page
[04:46:52] <MirahezeRelay>	 <notaracham> ... Claire's totally gonna find an exploit in the training viewer, isn't she?
[04:52:29] <MacFan4000>	 (request was approved) Welcome aboard BlankEclair!
[04:55:33] <MirahezeRelay>	 <theoneandonlylegroom> what
[04:55:40] <MirahezeRelay>	 <theoneandonlylegroom> what I've missed
[04:56:19] <MacFan4000>	 @theoneandonlylegroom BlankEclair joining the tech team
[04:56:29] <MirahezeRelay>	 <theoneandonlylegroom> yay
[04:56:50] <MirahezeRelay>	 <theoneandonlylegroom> I thought she was already lmao
[04:57:28] <MacFan4000>	 they had access to extension repos yes, but nothing more than that
[04:57:46] <BlankEclair>	 > [25/02/2025 15:46] <MirahezeRelay> <notaracham> ... Claire's totally gonna find an exploit in the training viewer, isn't she?
[04:57:49] <BlankEclair>	 that would be hilarious
[05:03:59] <MirahezeRelay>	 <enews> claire you should join the uhh roblox wikis server
[05:04:04] <MirahezeRelay>	 <enews> oh wait this isnt general
[05:17:23] <BlankEclair>	 til that we have wikitide.com
[05:17:42] <MirahezeRelay>	 <cosmicalpha> We have a lot of domains lol
[05:18:00] <MirahezeRelay>	 <notaracham> Including Wiki.surf, I think
[05:18:11] <MirahezeRelay>	 <notaracham> Which is one of my favorites.
[05:18:15] <MirahezeRelay>	 <cosmicalpha> wikitide.com was the original main domain of legacy wikitide IIRC
[05:18:19] <MirahezeRelay>	 <cosmicalpha, replying to notaracham> Yep we do
[05:18:35] <BlankEclair>	 now i gotta deal with the onslaught of having to get everything properly up and running
[05:19:03] <BlankEclair>	 blankeclair@wikitide.net joins my ten other email addresses
[05:29:50] <MirahezeRelay>	 <cosmicalpha> Better than me lol. I have many more
[05:30:03] <MirahezeRelay>	 <cosmicalpha> Like 15-20 lol
[05:30:39] <BlankEclair>	 impressive???
[05:32:09] <CosmicAlpha>	 Not exactly lol
[05:32:25] <CosmicAlpha>	 Perhaps in a bad way. I can never find what I need...
[05:32:29] <CosmicAlpha>	 lol
[05:33:38] <BlankEclair>	 your battery drain would be impressive lol
[05:47:50] <MirahezeRelay>	 <notaracham> I thankfully only have 4ish that I actively use, maybe... 8-9 total?
[05:52:32] <CosmicAlpha>	 > 10:33 PM <+ BlankEclair> your battery drain would be impressive lol
[05:52:33] <CosmicAlpha>	 I turn sync off so have to manually reload lol
[05:54:33] <BlankEclair>	 ah okay
[05:56:46] <MirahezeRelay>	 <notaracham, replying to BlankEclair> Hahaha damn it it didn't take long.
[05:57:05] <BlankEclair>	 "this video player sucks, i wonder if i can use mpv"
[05:57:11] <BlankEclair>	 "oh yep, it works, without auth even"
[05:57:22] <BlankEclair>	 "hmm... this url seems awfully easy to guess"
[05:57:31] <BlankEclair>	 "oh you can see a list of all the files"
[12:23:51] <MirahezeRelay>	 <rodejong> 502 Cloudflare
[12:23:58] <MirahezeRelay>	 <rodejong> Several cp's down
[12:35:54] <MirahezeRelay>	 <pixldev, replying to notaracham> dont tell me she did it
[13:38:44] <MirahezeRelay>	 <pixldev> BlankEclair: I’m actually gonna cry my school make us use a site for some practice certs and it sent me my password in plain text
[13:39:06] <BlankEclair>	 pixldev: oh no
[13:39:29] <BlankEclair>	 > [25/02/2025 23:35] <MirahezeRelay> <pixldev, replying to notaracham> dont tell me she did it
[13:39:31] <BlankEclair>	 be gay do cri-
[13:42:16] <MirahezeRelay>	 <pixldev> It sent user and pass in plain text to login too…
[13:42:49] <MirahezeRelay>	 <pixldev> This site is so clunky
[13:42:54] <MirahezeRelay>	 <pixldev> I want to burn
[15:31:17] <MirahezeRelay>	 <originalauthority, replying to pixldev> How did you expect it to be sent?
[15:41:22] <MirahezeRelay>	 <pixldev, replying to originalauthority> Hashed?
[15:50:08] <Frisk>	 i thought passwords are usually hashed on server side, not client side
[15:52:45] <MirahezeRelay>	 <pixldev> I don’t recall actually
[15:53:00] <MirahezeRelay>	 <pixldev> Although the fact it sent me an email with my password is yikes in itself
[15:53:21] <MirahezeRelay>	 <pixldev> Preferably the server should never know I think
[15:53:47] <Frisk>	 yes, that is 100% correct
[16:00:11] <MirahezeRelay>	 <notaracham, replying to pixldev> Yeah... this is unfortunately common in a lot of lower budget/private sites where signup is not really a high priority.  Especially LMS/training sites
[16:00:33] <MirahezeRelay>	 <notaracham> If they're even halfway decent they'll require you to set a new password after using the login once.
[16:01:09] <MirahezeRelay>	 <pixldev, replying to notaracham> This is not exactly a super small site..:
[16:01:32] <MirahezeRelay>	 <pixldev, replying to notaracham> They use Spring Servlets so I think that’s sailed
[16:01:49] <MirahezeRelay>	 <notaracham> Hahahaha, oh man, is it college board?
[16:02:14] <MirahezeRelay>	 <pixldev> SHOCKINGLY NO
[16:02:21] <MirahezeRelay>	 <pixldev> Not thaaaat big
[16:02:34] <MirahezeRelay>	 <pixldev> Burn college board burn
[16:02:40] <MirahezeRelay>	 <notaracham> They had some godawful security back when I was applying for college/AP exams
[16:02:42] <MirahezeRelay>	 <pixldev> It’s NIMS
[16:02:51] <MirahezeRelay>	 <pixldev> https://www.nims-skills.org/
[16:03:00] <MirahezeRelay>	 <pixldev> So not super big
[16:03:29] <MirahezeRelay>	 <pixldev, replying to notaracham> College board has only ever had one priority I believe
[16:03:34] <MirahezeRelay>	 <pixldev> 🤑
[16:04:43] <MirahezeRelay>	 <notaracham> Oh yeah, I have totally used NIMS for a job trainning thingy
[16:04:58] <MirahezeRelay>	 <pixldev> Hope you used a unique password
[16:05:17] <MirahezeRelay>	 <pixldev> I complained at the start of class about making a new account and my friend told me to just reuse one
[16:05:30] <MirahezeRelay>	 <pixldev> That was a decently satisfying I told you so 30 minutes later
[16:07:07] <MirahezeRelay>	 <pixldev, replying to notaracham> curious what Claire would make of it
[16:07:15] <MirahezeRelay>	 <pixldev> Besides carnage
[16:44:24] <MirahezeRelay>	 <originalauthority> Passwords are sent over https plain text
[16:45:31] <MirahezeRelay>	 <originalauthority> [1/7] The way it works 
[16:45:32] <MirahezeRelay>	 <originalauthority> [2/7] - create an account
[16:45:32] <MirahezeRelay>	 <originalauthority> [3/7] - password is hashed, this is a one way function so there is no way to get that password back 
[16:45:32] <MirahezeRelay>	 <originalauthority> [4/7] - you log in
[16:45:33] <MirahezeRelay>	 <originalauthority> [5/7] - password is sent in plain text to the backend
[16:45:33] <MirahezeRelay>	 <originalauthority> [6/7] - backend hashes the password again with the same salt etc 
[16:45:33] <MirahezeRelay>	 <originalauthority> [7/7] - compare if the hash that was generated is the same as the one in the database, if it matches exactly, its the same password, if not, its not
[23:42:02] <MirahezeRelay>	 <pixldev> https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/6ZRT4V5KA7JVJ6FXLJHAMII3MXVOZGYH/
[23:42:06] <MirahezeRelay>	 <pixldev> Thanks Frisk for this
[23:43:01] <Frisk>	 extended thanks to whoever runs MediaWiki account on Fediverse https://wikis.world/@mediawiki/114066962701191277
[23:43:36] <Frisk>	 oh right, forgot they have fancy process/script for doing that as a community
[23:43:45] <MirahezeRelay>	 <pixldev> lol
[23:44:05] <Frisk>	 https://masto-collab.toolforge.org/
[23:44:06] <MirahezeRelay>	 <pixldev> i suspected Sammy but i also can’t recall anyone else with access
[23:44:07] <Frisk>	 really cool