Wikipedia:Interface administrators' noticeboard

Archives

Archive 1 Archive 2 Archive 3

This page has archives. Sections older than 30 days may be automatically archived by Lowercase sigmabot III when more than 3 sections are present.

Hello.

I am a French Wikipedia user of mass-tools, which loads several other scripts.

Most contain a table with style="background-color:transparent". This transparent background prevents text color from inverting in dark mode: the text is black (instead of white) on a black background. Simply removing style="background-color:transparent" does the trick.

Could you remove it from the following scripts?

• User:Timotheus Canens/massblock.js, line 117
• User:Timotheus Canens/massprotect.js, line 131
• User:Timotheus Canens/massrestore.js, line 75
• User:Timotheus Canens/massunblock.js, line 75
• User:Timotheus Canens/massedit.js, line 124
• User:Plastikspork/massmove.js, line 148
• User:Animum/massdelete.js, line 127

Ping @Timotheus Canens, Plastikspork, and Animum: FYI.

Thank you! — Antimuonium ^talk 16:20, 9 March 2025 (UTC)[reply]

Okay, fixed mine. Plastikspork _―Œ^(talk) 16:30, 9 March 2025 (UTC)[reply]

Please undelete the deleted revisions of User:Nickps/common.css. There's no reason to keep them deleted after recreating the page. Nickps (talk) 18:33, 9 March 2025 (UTC)[reply]

Done. * Pppery * _{it has begun...} 18:35, 9 March 2025 (UTC)[reply]

The following interface administrator(s) are inactive:

• DErenrich-WMF (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

— JJMC89 bot 23:18, 28 March 2025 (UTC)[reply]

WMF access, exempt. — xaosflux ^Talk 09:12, 29 March 2025 (UTC)[reply]

Just a note, that the already required 2FA access for group members, is now being enforced by the software. If an int-admin doesn't have 2FA enabled, your int-admin permission will be listed as "disabled" (only when you view your own groups) - and the access will not be available until you enable 2FA. Thank you, — xaosflux ^Talk 22:55, 29 March 2025 (UTC)[reply]

What's stopping the attacker setting up their own 2FA, if you have it disabled? Re-enabling intadmin after 2FA is disabled should require some kind of third party (e.g. crat or steward), otherwise this seems like security theater. The only scenario where this might help is when the attacker wants to "quietly" use your privileges without you noticing. That might make a bit of sense for oversight access, but for intadmin, what can the attacker do beside leave a very public trail of edited pages? Suffusion of Yellow (talk) 23:10, 29 March 2025 (UTC)[reply]

I'm just the messenger here. Feel free to open more feature requests to help improve the process. — xaosflux ^Talk 23:30, 29 March 2025 (UTC)[reply]

Yep, more a question for the crowd, than you specifically. Suffusion of Yellow (talk) 23:43, 29 March 2025 (UTC)[reply]

I think the point here is to force folks to adopt what is a genuine improvement in account security (in case they weren't already). We should not be dismissing this as needless security theater even if a specific attack scenario ("what if the account was already compromised") was not considered. Sohom (talk) 23:34, 29 March 2025 (UTC)[reply]

I ... guess. But I hope it's made clear at the time you are disabling 2FA that re-enabling it will let your account regain access to intadmin privileges. Otherwise it might provide a false sense of security: "I'm not going to use the bit anyway in the next few months, so I'll just disable 2FA now." Suffusion of Yellow (talk) 23:49, 29 March 2025 (UTC)[reply]

Notably, currently the only supported way to change authentication devices is to remove/reactivate - we certainly wouldn't want everyone doing that having to go see granters again (who also would have no way to know that the request wasn't from a theoretical compromised account). — xaosflux ^Talk 00:23, 30 March 2025 (UTC)[reply]