Update: I checked and apparently they pronunciation is significantly different so that he doesn’t in fact just go around bragging about how big he is 😆
Technically these kinds of things are decided by the Wikimedia Foundation but they’ll usually not do things that the editing community of the local wiki doesn’t want.
In 2014 the WMF forced a new software feature (Media Viewer) on all wikis and enforced this by “superprotecting” the JavaScript on the German-language Wikipedia so local admins (who at one point even blocked the Deputy Director of the WMF from editing) couldn’t disable the new media viewer. The WMF doesn’t really want these kinds of constitutional crises to happen again.
I have a discord account that only exists to link in foss projects that are too stubborn to switch to matrix. Its directly bridged into Matrix and I dont actually have to interact with the enshitified platform unless I need to join a new Server (so not very often). My profile is completely blank and my name is just user
using the browser zoom makes the layout narrower again, as if it’s actively trying to reverse the wide layout by the button in the bottom right. It makes the page very weird looking. Just far from ideal.
EDIT: it’s also very inconvenient since my browser saves the zoom level per website (not between en.wikipedia and nl.wikipedia) so the zoom would always be off when going from one article to one in the other language.
Maybe it’s a default feature for all non-English languages to account for potential writing system differences? May not make as much a difference for other languages using the Latin alphabet, but maybe for East Asian scripts or Arabic or Hindi etc., they don’t want to assume the default layout is as readable as it is for English?
well the english wiki does have the wide layout option through the square button on the bottom left, ever since the new layout revamp. Just not the font size option.
But if the point is to remember it, then you should use the security from length of series of 5+ random words. It’s easier to remember, write down, and type. All great characteristics of a master passphrase.
There’s just a theoretical weakness since the base word lists are usually public knowledge and bruteforcers could (and probably already have) optimize for that.
The advantages of a passphrase outweigh though as you mentioned. An attacker would first need your repo anyway.
Also, you don’t need to write it down correctly, if you remember what’s the missing or different or fake bit. And you can write down a few decoy ones next to it. Or have it in two different places. Lots of room for obfuscation along with some good old fashioned physical security on where you store the note. And the backup note off-site, if you’re that kind of person.
Hell, just make some extra decoy ones just for fun and practice.
My strategy for this is to have a second password manager available on a couple old devices, accessed with biometrics (fingerprint in this case), and only the master password saved within it.
I considered saving it within the main manager itself, since I have devices where I can use biometrics rather than password, but that feels like a bad idea.
Websites need desperately to display their password creation rules on login pages. If I knew this particular site had (for some dumbass reason) a maximum password length less than the length of the password I’d otherwise use on that site or (also completely unreasonably) restricts special characters, I can more easily figure out what password I used when I signed up with fewer wrong guesses, all without sacrificing any security. (It’s not like the rules aren’t public info that anyone can get. Just don’t make me go halfway through the signup process to get that information if I’m just trying to log in.)
Use a password manager, no need to remember shit then (besides your master password). For example if you want a local solution KeePass and sync the file (I use Dropbox, it’s encrypted anyway). You can also access it on Android with the sync.
It would also let hackers know what combinations not to try.
I have a better proposal: If your login page has any restriction on passwords (other than being part of Unicode and a max length of 128 characters) then your site should be shut down.
I locked myself out of my main email account once.
I had set it up in the year 2000, when people didn’t have mobile phones, so they sent a letter to your home address before they activated it.
In the meantime, I had moved 11 times, updated my personal info on the site a few times, but never added a phone number or recovery mail address.
So when I called the hotline and they asked me for my address to confirm I’m me, that was a hard one to answer. But I actually got it right in the second try, which was good enough.
Nope, I shared my experience on discord in greentext format because I found the whole process funny (not hating on security) and then thought that it would be a good idea to post it on lemmy too.
Life is like this because its easier on the developers than having to deal with the deluge angry customers losing all their shit to scammers because they use the same 5 character password for every site on the internet.
Man, I’ve seen so many people fired for taking bribes and kickbacks from vendors. Not even large amounts, just more than the limit and then not disclosing it to the ethics and compliance board. Such a stupid way to sabotage your own career.
E: sorry Steve but we pride ourselves on only taking a little bit of bribery, and your level this year was ‘moderate’. We can’t have people going around here like that, we have to stay on the down-low.
They’re probably referring to minor gifts random people might offer you out of gratitude sometime, say if you do customer service and went out of your way for them. A bottle of normal priced wine, some chocolates perhaps, a gift card for a lunch at xyz. Some giveaway merch they have tons of.
Even then, it’d need to be a token wedding gift or something similarly eventful. A birthday isn’t enough. For those things, even within the limits, I’d want pretty justifiable context. At least if you’re working for/in US government.
A $15 box of chocolates from my new contractor who just won the bid just isn’t worth dealing with as an issue.
The limit is relatively low so that you don’t have to flood HR with reports because a supplier gave you a branded pen or a contractor paid for a burger while you were out fixing stuff.
Kind of, yeah. Like a vendor can buy you lunch as long as the total amount per annum is less than a certain amount and if it goes over that you just have to disclose it so E&C can make sure that this doesn’t impact decision-making. There is an allowance for a certain level of glad-handing so I don’t get fired because Cisco came by and gave me a branded t-shirt.
We even had limits like this when I was a postman.
If someone gave me a card at Xmas with some lottery scratch tickets or a gift card it was fine as long as the value was under $50. A coworker got in trouble at my facility about it because a nice old guy on his run gave him a thrashed and neglected early 90s dirtbike missing a bunch of parts because he wanted it gone and couldnt be bothered selling it and they had talked bikes before. The guy told his son he gave it to the postman and the son got it in his head that the postman must have pressured him into it but because he didnt declare it the postman got into a bunch of shit. The process exists to protect everyone involved.
lemmy.dbzer0.com
Active