Re: [Wikitech-l] Let's improve our password policy

2014-02-06 Thread MZMcBride
Chris Steipp wrote: >1) As I understand it, the reason we went from 0 to 1 character required >is spammers were actively trying to find accounts with no password so they >could edit with an autoconfirmed account. Err, citation needed. :-) I'd forgotten that I'd filed

Re: [Wikitech-l] Fwd: FW: effects on caching

2014-02-06 Thread MZMcBride
Chad wrote: >*From:* Schubotz, Moritz >*Sent:* Mittwoch, 29. Januar 2014 14:33 >*To:* wikitech-l@lists.wikimedia.org >*Subject:* FW: effects on caching Looking at I guess this message never made it through. MZMcBride _

Re: [Wikitech-l] Password Hash

2014-02-06 Thread Chris Steipp
On Wed, Feb 5, 2014 at 8:26 PM, C. Scott Ananian wrote: > Password hashing algorithms are not the same as general hash algorithms. I > would prefer we didn't use whirlpool; it is "recommended by NESSIE and ISO" > as a hash function, but as a password hash. CWE916 recommends "bcrypt, > scrypt, an

[Wikitech-l] The Zürich Hackathon and you

2014-02-06 Thread Quim Gil
Hi, the registration to the Zürich Hackathon will open very soon. https://www.mediawiki.org/wiki/Zurich_Hackathon_2014 Wikimedia CH is doing a great work putting in place the foundations of the event. There are two areas where they need help from the tech community: * defining the schedule * pro

Re: [Wikitech-l] Let's improve our password policy

2014-02-06 Thread Tyler Romeo
On Thu, Feb 6, 2014 at 4:54 PM, Derric Atzrott wrote: > Actually to be honest, if I could login to Mediawiki with a public/private > keypair I would actually really enjoy that. Certainly it shouldn't be the > default, but in a very non-joking way, I would support an initiative to add > that as a

[Wikitech-l] Fwd: FW: effects on caching

2014-02-06 Thread Chad
Better late than never :) Relevant to today's outage. -Chad -- Forwarded message -- From: Schubotz, Moritz Date: Thu, Feb 6, 2014 at 2:04 PM Subject: FW: effects on caching To: "innocentkil...@gmail.com" FYI *From:* Schubotz, Moritz *Sent:* Mittwoch, 29. Januar 2014 14:33

Re: [Wikitech-l] Let's improve our password policy

2014-02-06 Thread Derric Atzrott
>> Well if we are going to go down that road, requring public/private key >> pairs would also be more secure. However i doubt either would be acceptable >> to users. >> > >Actually, I think it might be better if we just have people come on down to >the San Francisco office and show their government

Re: [Wikitech-l] Let's improve our password policy

2014-02-06 Thread Tyler Romeo
On Thu, Feb 6, 2014 at 3:26 PM, Brian Wolff wrote: > Well if we are going to go down that road, requring public/private key > pairs would also be more secure. However i doubt either would be acceptable > to users. > Actually, I think it might be better if we just have people come on down to the

Re: [Wikitech-l] Let's improve our password policy

2014-02-06 Thread Brian Wolff
> "" ain't secure > "password" isn't secure either, and that's 8 > > It seems to me that a pretty secure approach would be to have the system > give the user his 8-12 character password, rather than letting him pick a > password. Then we can be assured that he's not doing

Re: [Wikitech-l] TitleValue

2014-02-06 Thread Sumana Harihareswara
I agree that this mailing list is a reasonable place to discuss the interfaces. Notes from the Architecture Summit are now up at https://www.mediawiki.org/wiki/Architecture_Summit_2014/TitleValue# . At yesterday's RFC review we agreed that we'd like to hold another one next week (will figure out a

Re: [Wikitech-l] Let's improve our password policy

2014-02-06 Thread Nathan Larson
On Thu, Feb 6, 2014 at 9:58 AM, Chris Steipp wrote: > 1) As I understand it, the reason we went from 0 to 1 character required is > spammers were actively trying to find accounts with no password so they > could edit with an autoconfirmed account. We rely on "number of > combinations of minimum p

Re: [Wikitech-l] English Wikipedia Issues

2014-02-06 Thread Jeremy Baron
On Feb 6, 2014 11:48 AM, "Andre Klapper" wrote: > On Thu, 2014-02-06 at 11:41 -0500, Derric Atzrott wrote: > > Not sure if anyone else noticed or not yet, but at least the English Wikipedia > > appears to be having some intermittent issues. > > This is being worked on currently on IRC in #wikimedi

Re: [Wikitech-l] English Wikipedia Issues

2014-02-06 Thread Chad
On Thu, Feb 6, 2014 at 8:41 AM, Derric Atzrott wrote: > Hey all, > > > > Not sure if anyone else noticed or not yet, but at least the English > Wikipedia > appears to be having some intermittent issues. > > > > Request: GET http://en.wikipedia.org/wiki/Super_Bowl_XXVII, from > 10.64.32.105 > via

Re: [Wikitech-l] English Wikipedia Issues

2014-02-06 Thread Andre Klapper
On Thu, 2014-02-06 at 11:41 -0500, Derric Atzrott wrote: > Not sure if anyone else noticed or not yet, but at least the English Wikipedia > appears to be having some intermittent issues. This is being worked on currently on IRC in #wikimedia-operations currently, plus was reported to https://bugzi

[Wikitech-l] English Wikipedia Issues

2014-02-06 Thread Derric Atzrott
Hey all, Not sure if anyone else noticed or not yet, but at least the English Wikipedia appears to be having some intermittent issues. Request: GET http://en.wikipedia.org/wiki/Super_Bowl_XXVII, from 10.64.32.105 via cp1052 cp1052 ([10.64.32.104]:3128), Varnish XID 4288339681 Forwarded for:

Re: [Wikitech-l] Let's improve our password policy

2014-02-06 Thread Chris Steipp
On Wed, Feb 5, 2014 at 8:00 PM, MZMcBride wrote: > Hi. > > Tyler Romeo wrote: > >On Wed, Feb 5, 2014 at 2:20 AM, MZMcBride wrote: > >> Ultimately, account security is a user's prerogative. [...] Banks and > >>even e-mail providers have reason to implement stricter authentication > >>requirements

Re: [Wikitech-l] Password Hash

2014-02-06 Thread Thomas Gries
Where we are at it: This en-wiki article [2] - https://en.wikipedia.org/wiki/Bcrypt currently lacks the important information of the password limitation. Should be added by someone who's an expert in that field. ___ Wikitech-l mailing list Wikitech-

Re: [Wikitech-l] Password Hash

2014-02-06 Thread Thomas Gries
Am 05.02.2014 23:03, schrieb Brion Vibber: > Is the 72-byte truncation a general bcrypt problem or specific to > password_hash()? Any concerns or a non-issue? Note that some non-Latin > strings can only fit 24 chars in 72 bytes of UTF-8. Long enough for most > passwords, but some people like passph

[Wikitech-l] Language Engineering IRC Office Hour on February 12, 2014 (Wednesday) at 1700 UTC

2014-02-06 Thread Runa Bhattacharjee
[x-posted] Hello, The Wikimedia Language Engineering team will be hosting the monthly IRC office hour on February 12, 2014 (Wednesday) at 1700 UTC/ 0900 PDT on #wikimedia-office. This time we would be talking about the recent changes made to the Universal Language Selector (ULS) - the MediaWiki