Hello everyone,
Recently, a security issue has been found with Education extension. As a result, new requests for installing the extension on Wikimedia wikis are being "stalled", i.e. blocked for an indeterminate period. Can someone from the Foundation comment on this? I don't see why we shouldn't install the extension to more wikis, if the current installations are still working as-is (i.e. they're not being uninstalled because of the security issue, as far as I know).
While it might be a long shot, is it possible to influence this decision somehow?
I feel thoroughly disappointed, having held community discussion and vote, and then waiting for a month (!) for no apparent reason, just to be outright told that it's unlikely to happen anytime soon. [1]
[1] https://phabricator.wikimedia.org/T110619
Cheers, Filip Maljković Wikimedia Serbia
Dear Filip,
I am so very sorry to hear about these frustrations with the deployment of the Education Extension. The problem is that there have been recent security issues with the extension. Engineering and our Trust & Safety department are working on some stop gaps to allow the extension to remain in place (and likely be deployed) while we determine what to do with the recent security issues.
Please rest assured that we are working hard both on keeping the Education Extension going, and on thinking about a better tool to replace it for the future.
Feel free to follow up if you have any further questions. I've cc-ed James Alexander here.
Best,
Floor Koudijs
Senior Manager, Wikipedia Education Program
Wikimedia Foundation
+1.415.839.6885 x6806 (landline)
+1.415.692.5289 (cell phone)
fkoudijs@wikimedia.org
education.wikimedia.org
On Mon, Sep 28, 2015 at 11:14 AM, Filip Maljkovic dungodung@gmail.com wrote:
Hello everyone,
Recently, a security issue has been found with Education extension. As a result, new requests for installing the extension on Wikimedia wikis are being "stalled", i.e. blocked for an indeterminate period. Can someone from the Foundation comment on this? I don't see why we shouldn't install the extension to more wikis, if the current installations are still working as-is (i.e. they're not being uninstalled because of the security issue, as far as I know).
While it might be a long shot, is it possible to influence this decision somehow?
I feel thoroughly disappointed, having held community discussion and vote, and then waiting for a month (!) for no apparent reason, just to be outright told that it's unlikely to happen anytime soon. [1]
[1] https://phabricator.wikimedia.org/T110619
Cheers, Filip Maljković Wikimedia Serbia
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Hi, Filip & Floor.
These are very disturbing news. Filip, I can only sympathize..
Floor, / James, can we get any assurances that the Education Extension will not be removed in the middle of the semester? My academic courses at Tel Aviv University, and I'm sure others' who are using the extension, are completely depended on it (not to mention all the smaller workshops throughout the year). Not having the extension will completely change the way these courses are run, and if it's done after the semester begins in mid October,it can be quite catastrophic.
Is there any other info you can give us about this? I'd rather know in advance if there's a chance it suddenly stops working so I can look for other solutions before my courses begin.
Please advise. Thanks much,
Shani.
On Tue, Sep 29, 2015 at 1:09 AM, Floor Koudijs fkoudijs@wikimedia.org wrote:
Dear Filip,
I am so very sorry to hear about these frustrations with the deployment of the Education Extension. The problem is that there have been recent security issues with the extension. Engineering and our Trust & Safety department are working on some stop gaps to allow the extension to remain in place (and likely be deployed) while we determine what to do with the recent security issues.
Please rest assured that we are working hard both on keeping the Education Extension going, and on thinking about a better tool to replace it for the future.
Feel free to follow up if you have any further questions. I've cc-ed James Alexander here.
Best,
Floor Koudijs
Senior Manager, Wikipedia Education Program
Wikimedia Foundation
+1.415.839.6885 x6806 (landline)
+1.415.692.5289 (cell phone)
fkoudijs@wikimedia.org
education.wikimedia.org
On Mon, Sep 28, 2015 at 11:14 AM, Filip Maljkovic dungodung@gmail.com wrote:
Hello everyone,
Recently, a security issue has been found with Education extension. As a result, new requests for installing the extension on Wikimedia wikis are being "stalled", i.e. blocked for an indeterminate period. Can someone from the Foundation comment on this? I don't see why we shouldn't install the extension to more wikis, if the current installations are still working as-is (i.e. they're not being uninstalled because of the security issue, as far as I know).
While it might be a long shot, is it possible to influence this decision somehow?
I feel thoroughly disappointed, having held community discussion and vote, and then waiting for a month (!) for no apparent reason, just to be outright told that it's unlikely to happen anytime soon. [1]
[1] https://phabricator.wikimedia.org/T110619
Cheers, Filip Maljković Wikimedia Serbia
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Hey Shani,
While I'm loathe to make any explicit "guarantee" that it wouldn't be removed (obviously, in the end, the site safety is most important if it was doing something that was completely damaging then I wouldn't hesitate to remove it) I do not foresee doing that. I also AM willing to guarantee that we would do whatever we can to prevent the running courses from being aversely affected if it came to that and would bend over backwards to try and find some stop gap measure to allow things to finish out.
That said as a bit more background to what Floor was saying earlier: We have indeed been having issues with security problems in the extension. These aren't all brand new but they've escalated and more and more of them have been found which could make the extension a significant attack vector for people who want to hurt the sites. We also are fairly worried because we've found enough issues it's likely there are other things hiding that we haven't found yet.
While at some level my "perfect" world would be uninstalling it (in the end I'm a cautious person and in our current engineering process it would not have been approved for deployment) we don't want to hurt everyone whose using it and so have been looking for a temporary measure to lessen the risk. We think we've found that and it's in testing now, I hope to have it out this week and then I think Chris (Steipp, of the Engineering Security team) and I will be ok with it rolling out on the new wikis like that as well for now. We'll then be able to take a step back and think of options to try and ensure that everything is safe and secure while also ensuring that you have what you need to do your courses.
James Alexander Manager Trust & Safety Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Mon, Sep 28, 2015 at 3:25 PM, Shani shani.even@gmail.com wrote:
Hi, Filip & Floor.
These are very disturbing news. Filip, I can only sympathize..
Floor, / James, can we get any assurances that the Education Extension will not be removed in the middle of the semester? My academic courses at Tel Aviv University, and I'm sure others' who are using the extension, are completely depended on it (not to mention all the smaller workshops throughout the year). Not having the extension will completely change the way these courses are run, and if it's done after the semester begins in mid October,it can be quite catastrophic.
Is there any other info you can give us about this? I'd rather know in advance if there's a chance it suddenly stops working so I can look for other solutions before my courses begin.
Please advise. Thanks much,
Shani.
On Tue, Sep 29, 2015 at 1:09 AM, Floor Koudijs fkoudijs@wikimedia.org wrote:
Dear Filip,
I am so very sorry to hear about these frustrations with the deployment of the Education Extension. The problem is that there have been recent security issues with the extension. Engineering and our Trust & Safety department are working on some stop gaps to allow the extension to remain in place (and likely be deployed) while we determine what to do with the recent security issues.
Please rest assured that we are working hard both on keeping the Education Extension going, and on thinking about a better tool to replace it for the future.
Feel free to follow up if you have any further questions. I've cc-ed James Alexander here.
Best,
Floor Koudijs
Senior Manager, Wikipedia Education Program
Wikimedia Foundation
+1.415.839.6885 x6806 (landline)
+1.415.692.5289 (cell phone)
fkoudijs@wikimedia.org
education.wikimedia.org
On Mon, Sep 28, 2015 at 11:14 AM, Filip Maljkovic dungodung@gmail.com wrote:
Hello everyone,
Recently, a security issue has been found with Education extension. As a result, new requests for installing the extension on Wikimedia wikis are being "stalled", i.e. blocked for an indeterminate period. Can someone from the Foundation comment on this? I don't see why we shouldn't install the extension to more wikis, if the current installations are still working as-is (i.e. they're not being uninstalled because of the security issue, as far as I know).
While it might be a long shot, is it possible to influence this decision somehow?
I feel thoroughly disappointed, having held community discussion and vote, and then waiting for a month (!) for no apparent reason, just to be outright told that it's unlikely to happen anytime soon. [1]
[1] https://phabricator.wikimedia.org/T110619
Cheers, Filip Maljković Wikimedia Serbia
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Thanks for your rapid reply and encouraging words, James.
While I completely understand the need to keep the site safe, I, as I'm sure others using it (or wanting to use it) appreciate your efforts to insure no running course will be damaged, as well as the possible future deployment to those who wish to use it (especially before a better solution presents itself).
If ever your team needs help testing anything with a live course, I'll be happy to assist.
Best, Shani.
On Tue, Sep 29, 2015 at 1:48 AM, James Alexander jalexander@wikimedia.org wrote:
Hey Shani,
While I'm loathe to make any explicit "guarantee" that it wouldn't be removed (obviously, in the end, the site safety is most important if it was doing something that was completely damaging then I wouldn't hesitate to remove it) I do not foresee doing that. I also AM willing to guarantee that we would do whatever we can to prevent the running courses from being aversely affected if it came to that and would bend over backwards to try and find some stop gap measure to allow things to finish out.
That said as a bit more background to what Floor was saying earlier: We have indeed been having issues with security problems in the extension. These aren't all brand new but they've escalated and more and more of them have been found which could make the extension a significant attack vector for people who want to hurt the sites. We also are fairly worried because we've found enough issues it's likely there are other things hiding that we haven't found yet.
While at some level my "perfect" world would be uninstalling it (in the end I'm a cautious person and in our current engineering process it would not have been approved for deployment) we don't want to hurt everyone whose using it and so have been looking for a temporary measure to lessen the risk. We think we've found that and it's in testing now, I hope to have it out this week and then I think Chris (Steipp, of the Engineering Security team) and I will be ok with it rolling out on the new wikis like that as well for now. We'll then be able to take a step back and think of options to try and ensure that everything is safe and secure while also ensuring that you have what you need to do your courses.
James Alexander Manager Trust & Safety Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Mon, Sep 28, 2015 at 3:25 PM, Shani shani.even@gmail.com wrote:
Hi, Filip & Floor.
These are very disturbing news. Filip, I can only sympathize..
Floor, / James, can we get any assurances that the Education Extension will not be removed in the middle of the semester? My academic courses at Tel Aviv University, and I'm sure others' who are using the extension, are completely depended on it (not to mention all the smaller workshops throughout the year). Not having the extension will completely change the way these courses are run, and if it's done after the semester begins in mid October,it can be quite catastrophic.
Is there any other info you can give us about this? I'd rather know in advance if there's a chance it suddenly stops working so I can look for other solutions before my courses begin.
Please advise. Thanks much,
Shani.
On Tue, Sep 29, 2015 at 1:09 AM, Floor Koudijs fkoudijs@wikimedia.org wrote:
Dear Filip,
I am so very sorry to hear about these frustrations with the deployment of the Education Extension. The problem is that there have been recent security issues with the extension. Engineering and our Trust & Safety department are working on some stop gaps to allow the extension to remain in place (and likely be deployed) while we determine what to do with the recent security issues.
Please rest assured that we are working hard both on keeping the Education Extension going, and on thinking about a better tool to replace it for the future.
Feel free to follow up if you have any further questions. I've cc-ed James Alexander here.
Best,
Floor Koudijs
Senior Manager, Wikipedia Education Program
Wikimedia Foundation
+1.415.839.6885 x6806 (landline)
+1.415.692.5289 (cell phone)
fkoudijs@wikimedia.org
education.wikimedia.org
On Mon, Sep 28, 2015 at 11:14 AM, Filip Maljkovic dungodung@gmail.com wrote:
Hello everyone,
Recently, a security issue has been found with Education extension. As a result, new requests for installing the extension on Wikimedia wikis are being "stalled", i.e. blocked for an indeterminate period. Can someone from the Foundation comment on this? I don't see why we shouldn't install the extension to more wikis, if the current installations are still working as-is (i.e. they're not being uninstalled because of the security issue, as far as I know).
While it might be a long shot, is it possible to influence this decision somehow?
I feel thoroughly disappointed, having held community discussion and vote, and then waiting for a month (!) for no apparent reason, just to be outright told that it's unlikely to happen anytime soon. [1]
[1] https://phabricator.wikimedia.org/T110619
Cheers, Filip Maljković Wikimedia Serbia
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Hi Floor,
Is there any ETA on when we can expect this remedial work to be completed?
Regards, Craig Franklin
2015-09-29 8:09 GMT+10:00 Floor Koudijs fkoudijs@wikimedia.org:
Dear Filip,
I am so very sorry to hear about these frustrations with the deployment of the Education Extension. The problem is that there have been recent security issues with the extension. Engineering and our Trust & Safety department are working on some stop gaps to allow the extension to remain in place (and likely be deployed) while we determine what to do with the recent security issues.
Please rest assured that we are working hard both on keeping the Education Extension going, and on thinking about a better tool to replace it for the future.
Feel free to follow up if you have any further questions. I've cc-ed James Alexander here.
Best,
Floor Koudijs
Senior Manager, Wikipedia Education Program
Wikimedia Foundation
+1.415.839.6885 x6806 (landline)
+1.415.692.5289 (cell phone)
fkoudijs@wikimedia.org
education.wikimedia.org
On Mon, Sep 28, 2015 at 11:14 AM, Filip Maljkovic dungodung@gmail.com wrote:
Hello everyone,
Recently, a security issue has been found with Education extension. As a result, new requests for installing the extension on Wikimedia wikis are being "stalled", i.e. blocked for an indeterminate period. Can someone from the Foundation comment on this? I don't see why we shouldn't install the extension to more wikis, if the current installations are still working as-is (i.e. they're not being uninstalled because of the security issue, as far as I know).
While it might be a long shot, is it possible to influence this decision somehow?
I feel thoroughly disappointed, having held community discussion and vote, and then waiting for a month (!) for no apparent reason, just to be outright told that it's unlikely to happen anytime soon. [1]
[1] https://phabricator.wikimedia.org/T110619
Cheers, Filip Maljković Wikimedia Serbia
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Hey Craig,
We're hoping to get the stop-gap in place within the week. Longer term... it's difficult to say. It's deep enough that we're not entirely sure we can 'fix' the extension but will look into that in addition to other options and other tools.
James Alexander Manager Trust & Safety Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Mon, Sep 28, 2015 at 4:52 PM, Craig Franklin < craig.franklin@wikimedia.org.au> wrote:
Hi Floor,
Is there any ETA on when we can expect this remedial work to be completed?
Regards, Craig Franklin
2015-09-29 8:09 GMT+10:00 Floor Koudijs fkoudijs@wikimedia.org:
Dear Filip,
I am so very sorry to hear about these frustrations with the deployment of the Education Extension. The problem is that there have been recent security issues with the extension. Engineering and our Trust & Safety department are working on some stop gaps to allow the extension to remain in place (and likely be deployed) while we determine what to do with the recent security issues.
Please rest assured that we are working hard both on keeping the Education Extension going, and on thinking about a better tool to replace it for the future.
Feel free to follow up if you have any further questions. I've cc-ed James Alexander here.
Best,
Floor Koudijs
Senior Manager, Wikipedia Education Program
Wikimedia Foundation
+1.415.839.6885 x6806 (landline)
+1.415.692.5289 (cell phone)
fkoudijs@wikimedia.org
education.wikimedia.org
On Mon, Sep 28, 2015 at 11:14 AM, Filip Maljkovic dungodung@gmail.com wrote:
Hello everyone,
Recently, a security issue has been found with Education extension. As a result, new requests for installing the extension on Wikimedia wikis are being "stalled", i.e. blocked for an indeterminate period. Can someone from the Foundation comment on this? I don't see why we shouldn't install the extension to more wikis, if the current installations are still working as-is (i.e. they're not being uninstalled because of the security issue, as far as I know).
While it might be a long shot, is it possible to influence this decision somehow?
I feel thoroughly disappointed, having held community discussion and vote, and then waiting for a month (!) for no apparent reason, just to be outright told that it's unlikely to happen anytime soon. [1]
[1] https://phabricator.wikimedia.org/T110619
Cheers, Filip Maljković Wikimedia Serbia
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
James,
After reading your reply to Craig, it is important for me to make sure that members of the Wiki-EDU community are part of the discussion of exploring other tools.
This affects all of our work and some of us have put hours and hours of volunteer work into working with it and developing teaching practices with it.
While this tool has never been perfect, it's all we have. And while for you this issue might be just another technical glitch that needs fixing, for me, and for other educators, it's our wiki (and academic) life. It matters and we care.
Since we are the ones with the practical experience working with the extension thus far, and know best what's working well, what's not, what's missing, etc., I believe it would be beneficial for all parties to make sure this experience does not go into waste.
I understand the complexity of working on something like this with too many a people. *So may I suggest a task force with reps. from the education team as well as volunteers with hands-on experience? *
Just to be clear, I'm not trying to step on any toes here; just want to make sure the community's interests are part of the discussion and decisions that affect our day-to-day are not taken without considering us.
Sincerely, Shani.
On Tue, Sep 29, 2015 at 3:04 AM, James Alexander jalexander@wikimedia.org wrote:
Hey Craig,
We're hoping to get the stop-gap in place within the week. Longer term... it's difficult to say. It's deep enough that we're not entirely sure we can 'fix' the extension but will look into that in addition to other options and other tools.
James Alexander Manager Trust & Safety Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Mon, Sep 28, 2015 at 4:52 PM, Craig Franklin < craig.franklin@wikimedia.org.au> wrote:
Hi Floor,
Is there any ETA on when we can expect this remedial work to be completed?
Regards, Craig Franklin
2015-09-29 8:09 GMT+10:00 Floor Koudijs fkoudijs@wikimedia.org:
Dear Filip,
I am so very sorry to hear about these frustrations with the deployment of the Education Extension. The problem is that there have been recent security issues with the extension. Engineering and our Trust & Safety department are working on some stop gaps to allow the extension to remain in place (and likely be deployed) while we determine what to do with the recent security issues.
Please rest assured that we are working hard both on keeping the Education Extension going, and on thinking about a better tool to replace it for the future.
Feel free to follow up if you have any further questions. I've cc-ed James Alexander here.
Best,
Floor Koudijs
Senior Manager, Wikipedia Education Program
Wikimedia Foundation
+1.415.839.6885 x6806 (landline)
+1.415.692.5289 (cell phone)
fkoudijs@wikimedia.org
education.wikimedia.org
On Mon, Sep 28, 2015 at 11:14 AM, Filip Maljkovic dungodung@gmail.com wrote:
Hello everyone,
Recently, a security issue has been found with Education extension. As a result, new requests for installing the extension on Wikimedia wikis are being "stalled", i.e. blocked for an indeterminate period. Can someone from the Foundation comment on this? I don't see why we shouldn't install the extension to more wikis, if the current installations are still working as-is (i.e. they're not being uninstalled because of the security issue, as far as I know).
While it might be a long shot, is it possible to influence this decision somehow?
I feel thoroughly disappointed, having held community discussion and vote, and then waiting for a month (!) for no apparent reason, just to be outright told that it's unlikely to happen anytime soon. [1]
[1] https://phabricator.wikimedia.org/T110619
Cheers, Filip Maljković Wikimedia Serbia
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
I am with Shani on this. After WMF stopped the technical support of the extension, the old bugs remained unsolved and new [even more dangerous] ones were found. Education programs run in 70 countries worldwide and an increasing number of countries wants to employ the extension to keep track of their increasing number of students. This should be a high-priority thing for the foundation, given the importance of education programs in promoting and improving Wikipedia. The current extension should get a person responsible for developing it and fixing bugs ASAP; otherwise it is a waste of money and resources for both WMF and local communities which want to run education programs efficiently.
This doesn't mean that a new Extension cannot be a solution in the long-term. A realistic guess is that it wouldn't be ready within the next year, though. The decision should be discussed with the Wikimedia Education community and, best, coordinated by people from the Education Collab. We are a group of volunteers who often use the extension and recommend it to other program leaders. We should get regular updates on the situation so that we stay up-to-date and can inform others of the situation. The information that Education extension is not to be deployed on any new wiki was not announced at all. I understand you might not want to go into detail for security reasons, but the information itself should have been announced.
Thank for taking the situation seriously.
Vojtěch Dostál
předseda rady / chairman of the board Wikimedia Česká republika / Wikimedia Czech Republic http://www.wikimedia.cz Facebook https://www.facebook.com/Wikimedia.CR | Twitter https://twitter.com/Wikimedia_CR | Newsletter http://eepurl.com/FsHJr
2015-09-29 2:32 GMT+02:00 Shani shani.even@gmail.com:
James,
After reading your reply to Craig, it is important for me to make sure that members of the Wiki-EDU community are part of the discussion of exploring other tools.
This affects all of our work and some of us have put hours and hours of volunteer work into working with it and developing teaching practices with it.
While this tool has never been perfect, it's all we have. And while for you this issue might be just another technical glitch that needs fixing, for me, and for other educators, it's our wiki (and academic) life. It matters and we care.
Since we are the ones with the practical experience working with the extension thus far, and know best what's working well, what's not, what's missing, etc., I believe it would be beneficial for all parties to make sure this experience does not go into waste.
I understand the complexity of working on something like this with too many a people. *So may I suggest a task force with reps. from the education team as well as volunteers with hands-on experience? *
Just to be clear, I'm not trying to step on any toes here; just want to make sure the community's interests are part of the discussion and decisions that affect our day-to-day are not taken without considering us.
Sincerely, Shani.
On Tue, Sep 29, 2015 at 3:04 AM, James Alexander <jalexander@wikimedia.org
wrote:
Hey Craig,
We're hoping to get the stop-gap in place within the week. Longer term... it's difficult to say. It's deep enough that we're not entirely sure we can 'fix' the extension but will look into that in addition to other options and other tools.
James Alexander Manager Trust & Safety Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Mon, Sep 28, 2015 at 4:52 PM, Craig Franklin < craig.franklin@wikimedia.org.au> wrote:
Hi Floor,
Is there any ETA on when we can expect this remedial work to be completed?
Regards, Craig Franklin
2015-09-29 8:09 GMT+10:00 Floor Koudijs fkoudijs@wikimedia.org:
Dear Filip,
I am so very sorry to hear about these frustrations with the deployment of the Education Extension. The problem is that there have been recent security issues with the extension. Engineering and our Trust & Safety department are working on some stop gaps to allow the extension to remain in place (and likely be deployed) while we determine what to do with the recent security issues.
Please rest assured that we are working hard both on keeping the Education Extension going, and on thinking about a better tool to replace it for the future.
Feel free to follow up if you have any further questions. I've cc-ed James Alexander here.
Best,
Floor Koudijs
Senior Manager, Wikipedia Education Program
Wikimedia Foundation
+1.415.839.6885 x6806 (landline)
+1.415.692.5289 (cell phone)
fkoudijs@wikimedia.org
education.wikimedia.org
On Mon, Sep 28, 2015 at 11:14 AM, Filip Maljkovic dungodung@gmail.com wrote:
Hello everyone,
Recently, a security issue has been found with Education extension. As a result, new requests for installing the extension on Wikimedia wikis are being "stalled", i.e. blocked for an indeterminate period. Can someone from the Foundation comment on this? I don't see why we shouldn't install the extension to more wikis, if the current installations are still working as-is (i.e. they're not being uninstalled because of the security issue, as far as I know).
While it might be a long shot, is it possible to influence this decision somehow?
I feel thoroughly disappointed, having held community discussion and vote, and then waiting for a month (!) for no apparent reason, just to be outright told that it's unlikely to happen anytime soon. [1]
[1] https://phabricator.wikimedia.org/T110619
Cheers, Filip Maljković Wikimedia Serbia
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Thanks, Vojtěch. Resending this with James CCed (for some reason he was ommitted from the thread).
Shani. On 29 Sep 2015 11:43, "Vojtěch Dostál" vojtech.dostal@wikimedia.cz wrote:
I am with Shani on this. After WMF stopped the technical support of the extension, the old bugs remained unsolved and new [even more dangerous] ones were found. Education programs run in 70 countries worldwide and an increasing number of countries wants to employ the extension to keep track of their increasing number of students. This should be a high-priority thing for the foundation, given the importance of education programs in promoting and improving Wikipedia. The current extension should get a person responsible for developing it and fixing bugs ASAP; otherwise it is a waste of money and resources for both WMF and local communities which want to run education programs efficiently.
This doesn't mean that a new Extension cannot be a solution in the long-term. A realistic guess is that it wouldn't be ready within the next year, though. The decision should be discussed with the Wikimedia Education community and, best, coordinated by people from the Education Collab. We are a group of volunteers who often use the extension and recommend it to other program leaders. We should get regular updates on the situation so that we stay up-to-date and can inform others of the situation. The information that Education extension is not to be deployed on any new wiki was not announced at all. I understand you might not want to go into detail for security reasons, but the information itself should have been announced.
Thank for taking the situation seriously.
Vojtěch Dostál
předseda rady / chairman of the board Wikimedia Česká republika / Wikimedia Czech Republic http://www.wikimedia.cz Facebook https://www.facebook.com/Wikimedia.CR | Twitter https://twitter.com/Wikimedia_CR | Newsletter http://eepurl.com/FsHJr
2015-09-29 2:32 GMT+02:00 Shani shani.even@gmail.com:
James,
After reading your reply to Craig, it is important for me to make sure that members of the Wiki-EDU community are part of the discussion of exploring other tools.
This affects all of our work and some of us have put hours and hours of volunteer work into working with it and developing teaching practices with it.
While this tool has never been perfect, it's all we have. And while for you this issue might be just another technical glitch that needs fixing, for me, and for other educators, it's our wiki (and academic) life. It matters and we care.
Since we are the ones with the practical experience working with the extension thus far, and know best what's working well, what's not, what's missing, etc., I believe it would be beneficial for all parties to make sure this experience does not go into waste.
I understand the complexity of working on something like this with too many a people. *So may I suggest a task force with reps. from the education team as well as volunteers with hands-on experience? *
Just to be clear, I'm not trying to step on any toes here; just want to make sure the community's interests are part of the discussion and decisions that affect our day-to-day are not taken without considering us.
Sincerely, Shani.
On Tue, Sep 29, 2015 at 3:04 AM, James Alexander < jalexander@wikimedia.org> wrote:
Hey Craig,
We're hoping to get the stop-gap in place within the week. Longer term... it's difficult to say. It's deep enough that we're not entirely sure we can 'fix' the extension but will look into that in addition to other options and other tools.
James Alexander Manager Trust & Safety Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Mon, Sep 28, 2015 at 4:52 PM, Craig Franklin < craig.franklin@wikimedia.org.au> wrote:
Hi Floor,
Is there any ETA on when we can expect this remedial work to be completed?
Regards, Craig Franklin
2015-09-29 8:09 GMT+10:00 Floor Koudijs fkoudijs@wikimedia.org:
Dear Filip,
I am so very sorry to hear about these frustrations with the deployment of the Education Extension. The problem is that there have been recent security issues with the extension. Engineering and our Trust & Safety department are working on some stop gaps to allow the extension to remain in place (and likely be deployed) while we determine what to do with the recent security issues.
Please rest assured that we are working hard both on keeping the Education Extension going, and on thinking about a better tool to replace it for the future.
Feel free to follow up if you have any further questions. I've cc-ed James Alexander here.
Best,
Floor Koudijs
Senior Manager, Wikipedia Education Program
Wikimedia Foundation
+1.415.839.6885 x6806 (landline)
+1.415.692.5289 (cell phone)
fkoudijs@wikimedia.org
education.wikimedia.org
On Mon, Sep 28, 2015 at 11:14 AM, Filip Maljkovic <dungodung@gmail.com
wrote:
Hello everyone,
Recently, a security issue has been found with Education extension. As a result, new requests for installing the extension on Wikimedia wikis are being "stalled", i.e. blocked for an indeterminate period. Can someone from the Foundation comment on this? I don't see why we shouldn't install the extension to more wikis, if the current installations are still working as-is (i.e. they're not being uninstalled because of the security issue, as far as I know).
While it might be a long shot, is it possible to influence this decision somehow?
I feel thoroughly disappointed, having held community discussion and vote, and then waiting for a month (!) for no apparent reason, just to be outright told that it's unlikely to happen anytime soon. [1]
[1] https://phabricator.wikimedia.org/T110619
Cheers, Filip Maljković Wikimedia Serbia
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Although I understand, i do agree with Shani and Vojtech
derek
On 29-09-15 10:45, Shani wrote:
Thanks, Vojtěch. Resending this with James CCed (for some reason he was ommitted from the thread).
Shani.
On 29 Sep 2015 11:43, "Vojtěch Dostál" <vojtech.dostal@wikimedia.cz mailto:vojtech.dostal@wikimedia.cz> wrote:
I am with Shani on this. After WMF stopped the technical support of the extension, the old bugs remained unsolved and new [even more dangerous] ones were found. Education programs run in 70 countries worldwide and an increasing number of countries wants to employ the extension to keep track of their increasing number of students. This should be a high-priority thing for the foundation, given the importance of education programs in promoting and improving Wikipedia. The current extension should get a person responsible for developing it and fixing bugs ASAP; otherwise it is a waste of money and resources for both WMF and local communities which want to run education programs efficiently. This doesn't mean that a new Extension cannot be a solution in the long-term. A realistic guess is that it wouldn't be ready within the next year, though. The decision should be discussed with the Wikimedia Education community and, best, coordinated by people from the Education Collab. We are a group of volunteers who often use the extension and recommend it to other program leaders. We should get regular updates on the situation so that we stay up-to-date and can inform others of the situation. The information that Education extension is not to be deployed on any new wiki was not announced at all. I understand you might not want to go into detail for security reasons, but the information itself should have been announced. Thank for taking the situation seriously. Vojtěch Dostál předseda rady / chairman of the board Wikimedia Česká republika / Wikimedia Czech Republic http://www.wikimedia.cz Facebook <https://www.facebook.com/Wikimedia.CR> | Twitter <https://twitter.com/Wikimedia_CR> | Newsletter <http://eepurl.com/FsHJr> 2015-09-29 2:32 GMT+02:00 Shani <shani.even@gmail.com <mailto:shani.even@gmail.com>>: James, After reading your reply to Craig, it is important for me to make sure that members of the Wiki-EDU community are part of the discussion of exploring other tools. This affects all of our work and some of us have put hours and hours of volunteer work into working with it and developing teaching practices with it. While this tool has never been perfect, it's all we have. And while for you this issue might be just another technical glitch that needs fixing, for me, and for other educators, it's our wiki (and academic) life. It matters and we care. Since we are the ones with the practical experience working with the extension thus far, and know best what's working well, what's not, what's missing, etc., I believe it would be beneficial for all parties to make sure this experience does not go into waste. I understand the complexity of working on something like this with too many a people. *So may I suggest a task force with reps. from the education team as well as volunteers with hands-on experience? * Just to be clear, I'm not trying to step on any toes here; just want to make sure the community's interests are part of the discussion and decisions that affect our day-to-day are not taken without considering us. Sincerely, Shani. On Tue, Sep 29, 2015 at 3:04 AM, James Alexander <jalexander@wikimedia.org <mailto:jalexander@wikimedia.org>> wrote: Hey Craig, We're hoping to get the stop-gap in place within the week. Longer term... it's difficult to say. It's deep enough that we're not entirely sure we can 'fix' the extension but will look into that in addition to other options and other tools. James Alexander Manager Trust & Safety Wikimedia Foundation (415) 839-6885 x6716 @jamesofur On Mon, Sep 28, 2015 at 4:52 PM, Craig Franklin <craig.franklin@wikimedia.org.au <mailto:craig.franklin@wikimedia.org.au>> wrote: Hi Floor, Is there any ETA on when we can expect this remedial work to be completed? Regards, Craig Franklin 2015-09-29 8:09 GMT+10:00 Floor Koudijs <fkoudijs@wikimedia.org <mailto:fkoudijs@wikimedia.org>>: Dear Filip, I am so very sorry to hear about these frustrations with the deployment of the Education Extension. The problem is that there have been recent security issues with the extension. Engineering and our Trust & Safety department are working on some stop gaps to allow the extension to remain in place (and likely be deployed) while we determine what to do with the recent security issues. Please rest assured that we are working hard both on keeping the Education Extension going, and on thinking about a better tool to replace it for the future. Feel free to follow up if you have any further questions. I've cc-ed James Alexander here. Best, Floor Koudijs Senior Manager, Wikipedia Education Program Wikimedia Foundation +1.415.839.6885 x6806 <tel:%2B1.415.839.6885%20%C2%A0x6806> (landline) +1.415.692.5289 <tel:%2B1.415.692.5289> (cell phone) fkoudijs@wikimedia.org <mailto:fkoudijs@wikimedia.org> education.wikimedia.org <http://education.wikimedia.org/> On Mon, Sep 28, 2015 at 11:14 AM, Filip Maljkovic <dungodung@gmail.com <mailto:dungodung@gmail.com>> wrote: Hello everyone, Recently, a security issue has been found with Education extension. As a result, new requests for installing the extension on Wikimedia wikis are being "stalled", i.e. blocked for an indeterminate period. Can someone from the Foundation comment on this? I don't see why we shouldn't install the extension to more wikis, if the current installations are still working as-is (i.e. they're not being uninstalled because of the security issue, as far as I know). While it might be a long shot, is it possible to influence this decision somehow? I feel thoroughly disappointed, having held community discussion and vote, and then waiting for a month (!) for no apparent reason, just to be outright told that it's unlikely to happen anytime soon. [1] [1] https://phabricator.wikimedia.org/T110619 Cheers, Filip Maljković Wikimedia Serbia _______________________________________________ Education mailing list Education@lists.wikimedia.org <mailto:Education@lists.wikimedia.org> https://lists.wikimedia.org/mailman/listinfo/education _______________________________________________ Education mailing list Education@lists.wikimedia.org <mailto:Education@lists.wikimedia.org> https://lists.wikimedia.org/mailman/listinfo/education _______________________________________________ Education mailing list Education@lists.wikimedia.org <mailto:Education@lists.wikimedia.org> https://lists.wikimedia.org/mailman/listinfo/education _______________________________________________ Education mailing list Education@lists.wikimedia.org <mailto:Education@lists.wikimedia.org> https://lists.wikimedia.org/mailman/listinfo/education _______________________________________________ Education mailing list Education@lists.wikimedia.org <mailto:Education@lists.wikimedia.org> https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
-- Kind regards, Derek V. Giroulle Wikimedia Belgium vzw. Boardmember Troonstraat 51, BE-1050 Brussels +32 494 134134
Thank you to Shani, Vojtech and Derek indicating your ideas around a long-term solution for the current Education Extension. I could not agree with you more and I am happy that you would like to be involved.
My current understanding is that unfortunately our Engineering team does not have the capacity to build and maintain a tool that can replace the Education Extension. That means we will have to think creatively about how to solve this problem, and that's what we are trying to do.
The option that we are currently considering (and I cannot yet guarantee a timeline or anything like that because we're in the middle of the planning phase) is adapting the Wiki Ed Foundation's Dashboard to make it fit for international use. See the Phabricator task https://phabricator.wikimedia.org/T91676 here, and the related Phabricator project https://phabricator.wikimedia.org/tag/education-program-dashboard/. We would like to make this a feature project for the next round of Outreachy https://phabricator.wikimedia.org/tag/outreachy-round-11/, which means that we'll have a dedicated intern to work on this project full time for three months, with the support of two mentors. If this works out as I hope it will, we may have something ready before the next academic year - but again, no hard guarantees here. I am currently working on getting the project shaped up, looking into mentors and confirming with possible interns.
Two important points that were addressed in this thread: * Have community involvement early on. I really love this idea, and I'm very grateful you're bringing this up and keep reminding us not to forget about that. What I'd personally love to see is a group that can be involved in advice, user testing and anything else on the user end that we may need. I'm copying Quim Gil on this email to see if this fits within the scope of Outreachy, as he may have some ideas around how to organize this best. We would have to be careful not too derail the project with too ambitious ideas and suggestions, and focusing on attainable and concrete tasks for the intern to work on. That said, having several minds involved in this with different backgrounds could be hugely valuable, in my opinion. * Think about maintenance. This is what I'm currently looking into, since it's clear that the issue is not so much developing new tools, but also looking ahead and making sure there will be ongoing support for these tools. That's a longer discussion that wwill take place in parallel to the development of the tool itself. This may not sound reassuring, but please trust that it's foremost in all of our minds at WMF - we already have enough tools out there that don't get the proper support, and we really don't want to build more.
If for some reason the Outreachy plan does not work out, I have some ideas about what to do next, but these ideas are not well formed enough to discuss them right now. I would be happy to discuss this further if that becomes appropriate.
Vojtech, as to your point about communicating with the communities about future deployments: you are right. This all happened last week and as I was looking into it, I didn't think this would immediately affect many communities. I was also hoping a fix would be in place soon so we could continue deploying as requested, and the stall may be for only a week or so. I may have underestimated the impact on the communities, especially given the activity coming out of the CEE meeting. I apologize for that. If you feel further communication (outside of this thread) is warranted, I look forward to hearing your suggestions as to where & who it should be focused on, to make sure we are not overlooking any interested parties.
Thank you all for your passionate dedication to the Education Program and advocating for the tools we need. It is much appreciated!
Warmly,
Floor Koudijs
Senior Manager, Wikipedia Education Program
Wikimedia Foundation
+1.415.839.6885 x6806 (landline)
+1.415.692.5289 (cell phone)
fkoudijs@wikimedia.org
education.wikimedia.org
On Tue, Sep 29, 2015 at 2:34 AM, Derek V. Giroulle - WMBE < derekvgiroulle@wikimedia.be> wrote:
Although I understand, i do agree with Shani and Vojtech
derek
On 29-09-15 10:45, Shani wrote:
Thanks, Vojtěch. Resending this with James CCed (for some reason he was ommitted from the thread).
Shani. On 29 Sep 2015 11:43, "Vojtěch Dostál" vojtech.dostal@wikimedia.cz wrote:
I am with Shani on this. After WMF stopped the technical support of the extension, the old bugs remained unsolved and new [even more dangerous] ones were found. Education programs run in 70 countries worldwide and an increasing number of countries wants to employ the extension to keep track of their increasing number of students. This should be a high-priority thing for the foundation, given the importance of education programs in promoting and improving Wikipedia. The current extension should get a person responsible for developing it and fixing bugs ASAP; otherwise it is a waste of money and resources for both WMF and local communities which want to run education programs efficiently.
This doesn't mean that a new Extension cannot be a solution in the long-term. A realistic guess is that it wouldn't be ready within the next year, though. The decision should be discussed with the Wikimedia Education community and, best, coordinated by people from the Education Collab. We are a group of volunteers who often use the extension and recommend it to other program leaders. We should get regular updates on the situation so that we stay up-to-date and can inform others of the situation. The information that Education extension is not to be deployed on any new wiki was not announced at all. I understand you might not want to go into detail for security reasons, but the information itself should have been announced.
Thank for taking the situation seriously.
Vojtěch Dostál
předseda rady / chairman of the board Wikimedia Česká republika / Wikimedia Czech Republic http://www.wikimedia.cz Facebook https://www.facebook.com/Wikimedia.CR | Twitter https://twitter.com/Wikimedia_CR | Newsletter http://eepurl.com/FsHJr
2015-09-29 2:32 GMT+02:00 Shani shani.even@gmail.com:
James,
After reading your reply to Craig, it is important for me to make sure that members of the Wiki-EDU community are part of the discussion of exploring other tools.
This affects all of our work and some of us have put hours and hours of volunteer work into working with it and developing teaching practices with it.
While this tool has never been perfect, it's all we have. And while for you this issue might be just another technical glitch that needs fixing, for me, and for other educators, it's our wiki (and academic) life. It matters and we care.
Since we are the ones with the practical experience working with the extension thus far, and know best what's working well, what's not, what's missing, etc., I believe it would be beneficial for all parties to make sure this experience does not go into waste.
I understand the complexity of working on something like this with too many a people. *So may I suggest a task force with reps. from the education team as well as volunteers with hands-on experience? *
Just to be clear, I'm not trying to step on any toes here; just want to make sure the community's interests are part of the discussion and decisions that affect our day-to-day are not taken without considering us.
Sincerely, Shani.
On Tue, Sep 29, 2015 at 3:04 AM, James Alexander < jalexander@wikimedia.orgjalexander@wikimedia.org> wrote:
Hey Craig,
We're hoping to get the stop-gap in place within the week. Longer term... it's difficult to say. It's deep enough that we're not entirely sure we can 'fix' the extension but will look into that in addition to other options and other tools.
James Alexander Manager Trust & Safety Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Mon, Sep 28, 2015 at 4:52 PM, Craig Franklin < craig.franklin@wikimedia.org.au> wrote:
Hi Floor,
Is there any ETA on when we can expect this remedial work to be completed?
Regards, Craig Franklin
2015-09-29 8:09 GMT+10:00 Floor Koudijs < fkoudijs@wikimedia.org fkoudijs@wikimedia.org>:
Dear Filip,
I am so very sorry to hear about these frustrations with the deployment of the Education Extension. The problem is that there have been recent security issues with the extension. Engineering and our Trust & Safety department are working on some stop gaps to allow the extension to remain in place (and likely be deployed) while we determine what to do with the recent security issues.
Please rest assured that we are working hard both on keeping the Education Extension going, and on thinking about a better tool to replace it for the future.
Feel free to follow up if you have any further questions. I've cc-ed James Alexander here.
Best,
Floor Koudijs
Senior Manager, Wikipedia Education Program
Wikimedia Foundation
+1.415.839.6885 x6806 <%2B1.415.839.6885%20%C2%A0x6806> (landline)
+1.415.692.5289 (cell phone)
fkoudijs@wikimedia.org
education.wikimedia.org
On Mon, Sep 28, 2015 at 11:14 AM, Filip Maljkovic < dungodung@gmail.comdungodung@gmail.com> wrote:
> Hello everyone, > > Recently, a security issue has been found with Education extension. > As a result, new requests for installing the extension on Wikimedia wikis > are being "stalled", i.e. blocked for an indeterminate period. Can someone > from the Foundation comment on this? I don't see why we shouldn't install > the extension to more wikis, if the current installations are still working > as-is (i.e. they're not being uninstalled because of the security issue, as > far as I know). > > While it might be a long shot, is it possible to influence this > decision somehow? > > I feel thoroughly disappointed, having held community discussion and > vote, and then waiting for a month (!) for no apparent reason, just to be > outright told that it's unlikely to happen anytime soon. [1] > > [1] https://phabricator.wikimedia.org/T110619 > https://phabricator.wikimedia.org/T110619 > > Cheers, > Filip Maljković > Wikimedia Serbia > > _______________________________________________ > Education mailing list > Education@lists.wikimedia.orgEducation@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/education > https://lists.wikimedia.org/mailman/listinfo/education >
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing listEducation@lists.wikimedia.orghttps://lists.wikimedia.org/mailman/listinfo/education
-- Kind regards, Derek V. Giroulle Wikimedia Belgium vzw. Boardmember Troonstraat 51, BE-1050 Brussels+32 494 134134
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Hi all -
Although health issues have kept me inactive for most of the last year, I'm disturbed to hear that the response to what are apparently serious enough security problems (enough to call it a 'significant attack vector') is to put in to place a temporary fix that will fix some (but not all) of the security holes, and then to assign an intern to make the WikiEdu dashboard fit for international use, with tentative - but not firm plans - to get it done by the next school year through an internship program. I've known and been friends with some tech interns in past years, but I don't think it's appropriate to task an as-of-yet unknown intern with as-of-yet unknown skills with a project of this importance. Keep in mind that although the WikiEdu dashboard is actively being used, the education extension is also actively being used on many wikis still, including ENWP, our largest single project.
We should be planning to either fix all security holes in the current education extension that we are aware of as quickly as possible, or hire additional engineering staff or contractors to create an alternative to the education extension that replicates its functionality and is security vetted as soon as humanly possible. The education programs have made significant and growing contributions across many languages - it's not an accceptable outcome to leave them without a comparable tool. It's also not an acceptable outcome to leave in place a 'significant attack vector' on all wikis that have the extension installed - which include our biggest wiki, ENWP.
It's not an acceptable solution for a website as large as ours to leave in place an extension described as a 'significant attack vector' (even if the upcoming changes reduce the risk associated with it,) and equally, it's not an acceptable alternative to leave everyone who relies on the alternative high and dry, particularly with no guarantee that a tool or replacement tool with the same functionality will be available to them in future semester. This is not an issue of lack of resources - although I totally believe the current WMF engineering department lacks the bandwidth to handle this project at the moment, there are skilled Mediawiki programmers who could be brought on board on temporary contract to either fix more fully the current extension, or write a new extension from scratch and then have it security audited (there are people who do not currently work for WMF who are perfectly capable of performing initial security audits to the point that the burden on WMF's final security auditors would be minimal.)
We're not a movement that lacks in resources. We have consistently increased our fundraising ability year over year - and in the most recent financial plan are starting an endowment with 5mm and reserves that at no point dip under 59mm and have a year end goal of over 71mm. One reason to have reserves is in the case that our fundraising ability suddenly begins to fall - but that's not there only use, unexpected but necessary expenditures can also rightfully draw on the reserve. We have the money to bring in experienced devs, even if on temporary contracts, to fix this the right way. Why is the use of outside talent beyond an intern not being considered if this is too big a project for the current team to handle internally? I'm tempted to cc wikimedia-l on this, since security holes on our biggest sites effect more than just the education community.
Best, Kevin Gorman
On Tue, Sep 29, 2015 at 11:51 AM, Floor Koudijs fkoudijs@wikimedia.org wrote:
Thank you to Shani, Vojtech and Derek indicating your ideas around a long-term solution for the current Education Extension. I could not agree with you more and I am happy that you would like to be involved.
My current understanding is that unfortunately our Engineering team does not have the capacity to build and maintain a tool that can replace the Education Extension. That means we will have to think creatively about how to solve this problem, and that's what we are trying to do.
The option that we are currently considering (and I cannot yet guarantee a timeline or anything like that because we're in the middle of the planning phase) is adapting the Wiki Ed Foundation's Dashboard to make it fit for international use. See the Phabricator task here, and the related Phabricator project. We would like to make this a feature project for the next round of Outreachy, which means that we'll have a dedicated intern to work on this project full time for three months, with the support of two mentors. If this works out as I hope it will, we may have something ready before the next academic year - but again, no hard guarantees here. I am currently working on getting the project shaped up, looking into mentors and confirming with possible interns.
Two important points that were addressed in this thread:
- Have community involvement early on. I really love this idea, and I'm very
grateful you're bringing this up and keep reminding us not to forget about that. What I'd personally love to see is a group that can be involved in advice, user testing and anything else on the user end that we may need. I'm copying Quim Gil on this email to see if this fits within the scope of Outreachy, as he may have some ideas around how to organize this best. We would have to be careful not too derail the project with too ambitious ideas and suggestions, and focusing on attainable and concrete tasks for the intern to work on. That said, having several minds involved in this with different backgrounds could be hugely valuable, in my opinion.
- Think about maintenance. This is what I'm currently looking into, since
it's clear that the issue is not so much developing new tools, but also looking ahead and making sure there will be ongoing support for these tools. That's a longer discussion that wwill take place in parallel to the development of the tool itself. This may not sound reassuring, but please trust that it's foremost in all of our minds at WMF - we already have enough tools out there that don't get the proper support, and we really don't want to build more.
If for some reason the Outreachy plan does not work out, I have some ideas about what to do next, but these ideas are not well formed enough to discuss them right now. I would be happy to discuss this further if that becomes appropriate.
Vojtech, as to your point about communicating with the communities about future deployments: you are right. This all happened last week and as I was looking into it, I didn't think this would immediately affect many communities. I was also hoping a fix would be in place soon so we could continue deploying as requested, and the stall may be for only a week or so. I may have underestimated the impact on the communities, especially given the activity coming out of the CEE meeting. I apologize for that. If you feel further communication (outside of this thread) is warranted, I look forward to hearing your suggestions as to where & who it should be focused on, to make sure we are not overlooking any interested parties.
Thank you all for your passionate dedication to the Education Program and advocating for the tools we need. It is much appreciated!
Warmly,
Floor Koudijs
Senior Manager, Wikipedia Education Program
Wikimedia Foundation
+1.415.839.6885 x6806 (landline)
+1.415.692.5289 (cell phone)
fkoudijs@wikimedia.org
education.wikimedia.org
On Tue, Sep 29, 2015 at 2:34 AM, Derek V. Giroulle - WMBE derekvgiroulle@wikimedia.be wrote:
Although I understand, i do agree with Shani and Vojtech
derek
On 29-09-15 10:45, Shani wrote:
Thanks, Vojtěch. Resending this with James CCed (for some reason he was ommitted from the thread).
Shani.
On 29 Sep 2015 11:43, "Vojtěch Dostál" vojtech.dostal@wikimedia.cz wrote:
I am with Shani on this. After WMF stopped the technical support of the extension, the old bugs remained unsolved and new [even more dangerous] ones were found. Education programs run in 70 countries worldwide and an increasing number of countries wants to employ the extension to keep track of their increasing number of students. This should be a high-priority thing for the foundation, given the importance of education programs in promoting and improving Wikipedia. The current extension should get a person responsible for developing it and fixing bugs ASAP; otherwise it is a waste of money and resources for both WMF and local communities which want to run education programs efficiently.
This doesn't mean that a new Extension cannot be a solution in the long-term. A realistic guess is that it wouldn't be ready within the next year, though. The decision should be discussed with the Wikimedia Education community and, best, coordinated by people from the Education Collab. We are a group of volunteers who often use the extension and recommend it to other program leaders. We should get regular updates on the situation so that we stay up-to-date and can inform others of the situation. The information that Education extension is not to be deployed on any new wiki was not announced at all. I understand you might not want to go into detail for security reasons, but the information itself should have been announced.
Thank for taking the situation seriously.
Vojtěch Dostál
předseda rady / chairman of the board Wikimedia Česká republika / Wikimedia Czech Republic http://www.wikimedia.cz Facebook | Twitter | Newsletter
2015-09-29 2:32 GMT+02:00 Shani shani.even@gmail.com:
James,
After reading your reply to Craig, it is important for me to make sure that members of the Wiki-EDU community are part of the discussion of exploring other tools.
This affects all of our work and some of us have put hours and hours of volunteer work into working with it and developing teaching practices with it.
While this tool has never been perfect, it's all we have. And while for you this issue might be just another technical glitch that needs fixing, for me, and for other educators, it's our wiki (and academic) life. It matters and we care.
Since we are the ones with the practical experience working with the extension thus far, and know best what's working well, what's not, what's missing, etc., I believe it would be beneficial for all parties to make sure this experience does not go into waste.
I understand the complexity of working on something like this with too many a people. So may I suggest a task force with reps. from the education team as well as volunteers with hands-on experience?
Just to be clear, I'm not trying to step on any toes here; just want to make sure the community's interests are part of the discussion and decisions that affect our day-to-day are not taken without considering us.
Sincerely, Shani.
On Tue, Sep 29, 2015 at 3:04 AM, James Alexander jalexander@wikimedia.org wrote:
Hey Craig,
We're hoping to get the stop-gap in place within the week. Longer term... it's difficult to say. It's deep enough that we're not entirely sure we can 'fix' the extension but will look into that in addition to other options and other tools.
James Alexander Manager Trust & Safety Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
On Mon, Sep 28, 2015 at 4:52 PM, Craig Franklin craig.franklin@wikimedia.org.au wrote:
Hi Floor,
Is there any ETA on when we can expect this remedial work to be completed?
Regards, Craig Franklin
2015-09-29 8:09 GMT+10:00 Floor Koudijs fkoudijs@wikimedia.org: > > Dear Filip, > > I am so very sorry to hear about these frustrations with the > deployment of the Education Extension. The problem is that there have been > recent security issues with the extension. Engineering and our Trust & > Safety department are working on some stop gaps to allow the extension to > remain in place (and likely be deployed) while we determine what to do with > the recent security issues. > > Please rest assured that we are working hard both on keeping the > Education Extension going, and on thinking about a better tool to replace it > for the future. > > Feel free to follow up if you have any further questions. I've cc-ed > James Alexander here. > > Best, > > Floor Koudijs > > Senior Manager, Wikipedia Education Program > > Wikimedia Foundation > > +1.415.839.6885 x6806 (landline) > > +1.415.692.5289 (cell phone) > > fkoudijs@wikimedia.org > > education.wikimedia.org > > > On Mon, Sep 28, 2015 at 11:14 AM, Filip Maljkovic > dungodung@gmail.com wrote: >> >> Hello everyone, >> >> Recently, a security issue has been found with Education extension. >> As a result, new requests for installing the extension on Wikimedia wikis >> are being "stalled", i.e. blocked for an indeterminate period. Can someone >> from the Foundation comment on this? I don't see why we shouldn't install >> the extension to more wikis, if the current installations are still working >> as-is (i.e. they're not being uninstalled because of the security issue, as >> far as I know). >> >> While it might be a long shot, is it possible to influence this >> decision somehow? >> >> I feel thoroughly disappointed, having held community discussion and >> vote, and then waiting for a month (!) for no apparent reason, just to be >> outright told that it's unlikely to happen anytime soon. [1] >> >> [1] https://phabricator.wikimedia.org/T110619 >> >> Cheers, >> Filip Maljković >> Wikimedia Serbia >> >> _______________________________________________ >> Education mailing list >> Education@lists.wikimedia.org >> https://lists.wikimedia.org/mailman/listinfo/education > > > > _______________________________________________ > Education mailing list > Education@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/education >
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
-- Kind regards, Derek V. Giroulle Wikimedia Belgium vzw. Boardmember Troonstraat 51, BE-1050 Brussels +32 494 134134
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
2015. 9. 30. 오전 3:52에 "Floor Koudijs" fkoudijs@wikimedia.org님이 작성:
The option that we are currently considering (and I cannot yet guarantee
a timeline or anything like that because we're in the middle of the planning phase) is adapting the Wiki Ed Foundation's Dashboard to make it fit for international use. See the Phabricator task here, and the related Phabricator project. We would like to make this a feature project for the next round of Outreachy, which means that we'll have a dedicated intern to work on this project full time for three months, with the support of two mentors. If this works out as I hope it will, we may have something ready before the next academic year - but again, no hard guarantees here. I am currently working on getting the project shaped up, looking into mentors and confirming with possible interns.
Two important points that were addressed in this thread:
- Have community involvement early on. I really love this idea, and I'm
very grateful you're bringing this up and keep reminding us not to forget about that. What I'd personally love to see is a group that can be involved in advice, user testing and anything else on the user end that we may need. I'm copying Quim Gil on this email to see if this fits within the scope of Outreachy, as he may have some ideas around how to organize this best. We would have to be careful not too derail the project with too ambitious ideas and suggestions, and focusing on attainable and concrete tasks for the intern to work on. That said, having several minds involved in this with different backgrounds could be hugely valuable, in my opinion.
- Think about maintenance. This is what I'm currently looking into, since
it's clear that the issue is not so much developing new tools, but also looking ahead and making sure there will be ongoing support for these tools. That's a longer discussion that wwill take place in parallel to the development of the tool itself. This may not sound reassuring, but please trust that it's foremost in all of our minds at WMF - we already have enough tools out there that don't get the proper support, and we really don't want to build more.
I seriously doubt that the software will be maintained after the internship period if this is Outreachy project. The likely workflow: 1.The Outreachy term ends 2.User disappear/become inactive 3.We are going to get this same message again at some stage after new security vulnerability is found.
Well, yeah, Flow, LQT, (ironic both tools are going to be not be developed)[1] etc etc.
[1]: context: Flow was developed with the purpose of 'replacing LQT/make discussion easier' but I feel if they succeded to replace LQT fully. (disclaimer: Flow is "not active development mode" according to the WMF team.)
-- revi https://revi.me -- Sent from Android --
That is a good point, Revi. And this is the kind of mess that makes me discouraged sometimes. But I think that James' involvement will be helpful here, as will a possible migration plan to a maintained tool.
(I've noticed a pattern recently of a few people separately deciding that they're not going to maintain certain tools or projects any longer. This maintainability problem really needs to be addressed, and is something that I'm hoping a CTO or VPE would address head-on.)
On Wed, Sep 30, 2015 at 12:58 AM, Yongmin Hong lists@revi.pe.kr wrote:
- 오전 3:52에 "Floor Koudijs" fkoudijs@wikimedia.org님이 작성:
The option that we are currently considering (and I cannot yet guarantee
a timeline or anything like that because we're in the middle of the planning phase) is adapting the Wiki Ed Foundation's Dashboard to make it fit for international use. See the Phabricator task here, and the related Phabricator project. We would like to make this a feature project for the next round of Outreachy, which means that we'll have a dedicated intern to work on this project full time for three months, with the support of two mentors. If this works out as I hope it will, we may have something ready before the next academic year - but again, no hard guarantees here. I am currently working on getting the project shaped up, looking into mentors and confirming with possible interns.
Two important points that were addressed in this thread:
- Have community involvement early on. I really love this idea, and I'm
very grateful you're bringing this up and keep reminding us not to forget about that. What I'd personally love to see is a group that can be involved in advice, user testing and anything else on the user end that we may need. I'm copying Quim Gil on this email to see if this fits within the scope of Outreachy, as he may have some ideas around how to organize this best. We would have to be careful not too derail the project with too ambitious ideas and suggestions, and focusing on attainable and concrete tasks for the intern to work on. That said, having several minds involved in this with different backgrounds could be hugely valuable, in my opinion.
- Think about maintenance. This is what I'm currently looking into,
since it's clear that the issue is not so much developing new tools, but also looking ahead and making sure there will be ongoing support for these tools. That's a longer discussion that wwill take place in parallel to the development of the tool itself. This may not sound reassuring, but please trust that it's foremost in all of our minds at WMF - we already have enough tools out there that don't get the proper support, and we really don't want to build more.
I seriously doubt that the software will be maintained after the internship period if this is Outreachy project. The likely workflow: 1.The Outreachy term ends 2.User disappear/become inactive 3.We are going to get this same message again at some stage after new security vulnerability is found.
Well, yeah, Flow, LQT, (ironic both tools are going to be not be developed)[1] etc etc.
[1]: context: Flow was developed with the purpose of 'replacing LQT/make discussion easier' but I feel if they succeded to replace LQT fully. (disclaimer: Flow is "not active development mode" according to the WMF team.)
-- revi https://revi.me -- Sent from Android --
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
The librarian in me couldn't resist providing a citation for Pine's and Kevin's and Revi's points.
https://www.mediawiki.org/wiki/Developers/Maintainers#MediaWiki_extensions_d...
This page may not be quite current. Until yesterday, the education program extension was still marked as supported. The listed maintainer (and original developer of our dear extension), Jeroen De Dauw, has not worked on it since 2012 https://www.mediawiki.org/wiki/Wikipedia_Education_Program/status, afaict. [1] Nevertheless, this page illustrates a pattern of neglect and abandonment. (Did I just actually type that?? Ah well, truth to power...)
[1] https://www.mediawiki.org/wiki/Wikipedia_Education_Program/status
--
Anna Koval, M.Ed. Manager, Wikipedia Education Program Wikimedia Foundation +1.415.839.6885 x 6729 Skype: annakoval.wiki akoval@wikimedia.org education.wikimedia.org
On Wed, Sep 30, 2015 at 1:04 AM, Pine W wiki.pine@gmail.com wrote:
That is a good point, Revi. And this is the kind of mess that makes me discouraged sometimes. But I think that James' involvement will be helpful here, as will a possible migration plan to a maintained tool.
(I've noticed a pattern recently of a few people separately deciding that they're not going to maintain certain tools or projects any longer. This maintainability problem really needs to be addressed, and is something that I'm hoping a CTO or VPE would address head-on.)
On Wed, Sep 30, 2015 at 12:58 AM, Yongmin Hong lists@revi.pe.kr wrote:
- 오전 3:52에 "Floor Koudijs" fkoudijs@wikimedia.org님이 작성:
The option that we are currently considering (and I cannot yet
guarantee a timeline or anything like that because we're in the middle of the planning phase) is adapting the Wiki Ed Foundation's Dashboard to make it fit for international use. See the Phabricator task here, and the related Phabricator project. We would like to make this a feature project for the next round of Outreachy, which means that we'll have a dedicated intern to work on this project full time for three months, with the support of two mentors. If this works out as I hope it will, we may have something ready before the next academic year - but again, no hard guarantees here. I am currently working on getting the project shaped up, looking into mentors and confirming with possible interns.
Two important points that were addressed in this thread:
- Have community involvement early on. I really love this idea, and I'm
very grateful you're bringing this up and keep reminding us not to forget about that. What I'd personally love to see is a group that can be involved in advice, user testing and anything else on the user end that we may need. I'm copying Quim Gil on this email to see if this fits within the scope of Outreachy, as he may have some ideas around how to organize this best. We would have to be careful not too derail the project with too ambitious ideas and suggestions, and focusing on attainable and concrete tasks for the intern to work on. That said, having several minds involved in this with different backgrounds could be hugely valuable, in my opinion.
- Think about maintenance. This is what I'm currently looking into,
since it's clear that the issue is not so much developing new tools, but also looking ahead and making sure there will be ongoing support for these tools. That's a longer discussion that wwill take place in parallel to the development of the tool itself. This may not sound reassuring, but please trust that it's foremost in all of our minds at WMF - we already have enough tools out there that don't get the proper support, and we really don't want to build more.
I seriously doubt that the software will be maintained after the internship period if this is Outreachy project. The likely workflow: 1.The Outreachy term ends 2.User disappear/become inactive 3.We are going to get this same message again at some stage after new security vulnerability is found.
Well, yeah, Flow, LQT, (ironic both tools are going to be not be developed)[1] etc etc.
[1]: context: Flow was developed with the purpose of 'replacing LQT/make discussion easier' but I feel if they succeded to replace LQT fully. (disclaimer: Flow is "not active development mode" according to the WMF team.)
-- revi https://revi.me -- Sent from Android --
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
My 2 cents....
I dont understand why we have to have an extension for every single project. It would make sense if we assume that ed programs only work in one language and this tool had some effect on the content of the project. We have worked in multiple languages, mostly Spanish followed by English but in our past event last week, we tried translating articles about Mexico into Danish, Swedish and French, taking "advantage" of our foreign students. We also work a bit with Commons, not only uploading files, but providing subtitles (boy, could we use a better way to do that... something like the tool on YouTube as students are wasting a lot of time on figuring out times rather than focusing on language) and improving/translating file descriptions (a good exercise for lower level language classes). Right now, I cannot really track a lot of this without personal reporting from students/teachers... many of whom do not understand the need to document so precisely what we do.
A single education extension on Meta that could track user names across all projects, now that we have global usernames, is much better going forward. I talked to a couple of engineers during Wikimania 2015 who basically told me, in so many words, that the extension as it is right now is not fixable, and needs to be replaced. Such a tool is feasible as there are already tools that do similar things (e.g.https://tools.wmflabs.org/guc/index.php).
If we cannot get this done via the normal channels, we should look into alternatives, such as partnering with one or more unis and maybe even find other sources of funding.
Leigh From: akoval@wikimedia.org Date: Wed, 30 Sep 2015 05:43:38 -0700 To: education@lists.wikimedia.org CC: qgil@wikimedia.org; jalexander@wikimedia.org Subject: Re: [Wikimedia Education] Education extension blocked?
The librarian in me couldn't resist providing a citation for Pine's and Kevin's and Revi's points. https://www.mediawiki.org/wiki/Developers/Maintainers#MediaWiki_extensions_d...
This page may not be quite current. Until yesterday, the education program extension was still marked as supported. The listed maintainer (and original developer of our dear extension), Jeroen De Dauw, has not worked on it since 2012, afaict. [1] Nevertheless, this page illustrates a pattern of neglect and abandonment. (Did I just actually type that?? Ah well, truth to power...)
[1] https://www.mediawiki.org/wiki/Wikipedia_Education_Program/status -- Anna Koval, M.Ed. Manager, Wikipedia Education Program Wikimedia Foundation +1.415.839.6885 x 6729Skype: annakoval.wiki akoval@wikimedia.org education.wikimedia.org
On Wed, Sep 30, 2015 at 1:04 AM, Pine W wiki.pine@gmail.com wrote: That is a good point, Revi. And this is the kind of mess that makes me discouraged sometimes. But I think that James' involvement will be helpful here, as will a possible migration plan to a maintained tool.
(I've noticed a pattern recently of a few people separately deciding that they're not going to maintain certain tools or projects any longer. This maintainability problem really needs to be addressed, and is something that I'm hoping a CTO or VPE would address head-on.)
On Wed, Sep 30, 2015 at 12:58 AM, Yongmin Hong lists@revi.pe.kr wrote:
2015. 9. 30. 오전 3:52에 "Floor Koudijs" fkoudijs@wikimedia.org님이 작성:
The option that we are currently considering (and I cannot yet guarantee a timeline or anything like that because we're in the middle of the planning phase) is adapting the Wiki Ed Foundation's Dashboard to make it fit for international use. See the Phabricator task here, and the related Phabricator project. We would like to make this a feature project for the next round of Outreachy, which means that we'll have a dedicated intern to work on this project full time for three months, with the support of two mentors. If this works out as I hope it will, we may have something ready before the next academic year - but again, no hard guarantees here. I am currently working on getting the project shaped up, looking into mentors and confirming with possible interns.
Two important points that were addressed in this thread:
- Have community involvement early on. I really love this idea, and I'm very grateful you're bringing this up and keep reminding us not to forget about that. What I'd personally love to see is a group that can be involved in advice, user testing and anything else on the user end that we may need. I'm copying Quim Gil on this email to see if this fits within the scope of Outreachy, as he may have some ideas around how to organize this best. We would have to be careful not too derail the project with too ambitious ideas and suggestions, and focusing on attainable and concrete tasks for the intern to work on. That said, having several minds involved in this with different backgrounds could be hugely valuable, in my opinion.
- Think about maintenance. This is what I'm currently looking into, since it's clear that the issue is not so much developing new tools, but also looking ahead and making sure there will be ongoing support for these tools. That's a longer discussion that wwill take place in parallel to the development of the tool itself. This may not sound reassuring, but please trust that it's foremost in all of our minds at WMF - we already have enough tools out there that don't get the proper support, and we really don't want to build more.
I seriously doubt that the software will be maintained after the internship period if this is Outreachy project.
The likely workflow:
1.The Outreachy term ends
2.User disappear/become inactive
3.We are going to get this same message again at some stage after new security vulnerability is found. Well, yeah, Flow, LQT, (ironic both tools are going to be not be developed)[1] etc etc. [1]: context: Flow was developed with the purpose of 'replacing LQT/make discussion easier' but I feel if they succeded to replace LQT fully.
(disclaimer: Flow is "not active development mode" according to the WMF team.) --
revi
-- Sent from Android --
_______________________________________________
Education mailing list
Education@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/education
_______________________________________________
Education mailing list
Education@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/education
_______________________________________________ Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
@Leigh - there are always other sources of funding available, but I don't think it's appropriate to use them on something that should absolutely be resourced from WMF (and when WMF is sitting on $70 million USD.) There are some projects that can't be appropriately financed by WMF, and we should focus the limited funds available from outside sources on those projects, not on a security audit of a WMF-built extension deployed on our largest projects. I could probably raise enough outside funding to do a rewrite and security audit of a tool like this if one didn't already exist that had been written and initially supported by WMF - especially when WMF, economically, is a lot better off than many funding sources. As it is, there's no way I could even try to raise outside funding for this with a straight face.
Revi is absolutely right that anything done by an Outreachy or GSoC intern will fall in to disrepair unless it's supported by the WMF afterwards. The education extension needs to be supported by the WMF - both because the WMF has spent millions of dollars over the course of the education program's lifespan convincing people to buy in to it and is finally starting to see buy-in across many communities, and because it frankly scares me that there's a currently enabled extension on ENWP that James feels comfortable describing as a 'significant attack vector.' I was aware of a couple of issues with it, but they all required elevated privileges so I wasn't incredibly worried about it - but if we're still finding significant security issues on a widely deployed plugin, it needs a full security audit and full set of fixes, not temp fixes for the biggest bugs now and hopes that any remaining bugs aren't big enough to be an issue.
Additionally, even if an Outreachy or GSoC intern manages to internationalize the WikiEdu dashboard in time for the next instructional season (which isn't a guarantee,) that's another tool we'll have to train instructors and the communities of various Wikipedias on - and one of the frequent complaints of ENWP in the past has been that too many education related tools have required them to leave ENWP for a third party site to use a tool that is poorly documented and maintained - which is likely what will happen if we rely on a GSoC or similar intern.
Even if a temp fix addresses the most pressing security issues, the suggestion here seems to be that there will continue to be security issues with the plugin, just ones that aren't quite as pressing. With $70 million banked, it's hard to justify leaving security holes that are more than absolutely trivial in a plugin that is installed on one of the largest websites on the world. I'm not trying to rag on the amount we have banked - it's an appropriate level of reserves for an organization with WMF's budget - but there are reasons we have reserves to begin with, and this is one of them. The extension needs to either have a thorough security audit with all non-trivial security holes fixed, be replaced with a comparable extension written from the ground up with security in mind if the holes are too big to fix, and this needs to happen in a way that doesn't interfere drastically with any one set of classes - and keep in mind, school schedules are different around the world (any thing we do that kills an entire class or set of classes or makes it impossible for their instructors to track them easily will get us negative publicity in that area, and will set local education programs back significantly.)
If this needs more resources than the departments involved currently have (and I totally believe that it does,) then this needs to be raised to a level of WMF where more resources can be assigned to it. Even if the temp fixes that are coming fix the largest bugs we know about, the fact that it remained in place on one of the largest sites on the internet this long before the bugs found were enough to constitute a 'significant attack vector' makes me strongly suspect there are further security bugs in the plugin that we have yet to discover, and calls for at a minimum a security audit and fixes applied to anythingthat isn't absolutely trivial.
Best, Kevin Gorman
On Wed, Sep 30, 2015 at 6:28 AM, Leigh Thelmadatter osamadre@hotmail.com wrote:
My 2 cents....
I dont understand why we have to have an extension for every single project. It would make sense if we assume that ed programs only work in one language and this tool had some effect on the content of the project. We have worked in multiple languages, mostly Spanish followed by English but in our past event last week, we tried translating articles about Mexico into Danish, Swedish and French, taking "advantage" of our foreign students. We also work a bit with Commons, not only uploading files, but providing subtitles (boy, could we use a better way to do that... something like the tool on YouTube as students are wasting a lot of time on figuring out times rather than focusing on language) and improving/translating file descriptions (a good exercise for lower level language classes). Right now, I cannot really track a lot of this without personal reporting from students/teachers... many of whom do not understand the need to document so precisely what we do.
A single education extension on Meta that could track user names across all projects, now that we have global usernames, is much better going forward. I talked to a couple of engineers during Wikimania 2015 who basically told me, in so many words, that the extension as it is right now is not fixable, and needs to be replaced. Such a tool is feasible as there are already tools that do similar things (e.g.https://tools.wmflabs.org/guc/index.php).
If we cannot get this done via the normal channels, we should look into alternatives, such as partnering with one or more unis and maybe even find other sources of funding.
Leigh ________________________________ From: akoval@wikimedia.org Date: Wed, 30 Sep 2015 05:43:38 -0700 To: education@lists.wikimedia.org CC: qgil@wikimedia.org; jalexander@wikimedia.org Subject: Re: [Wikimedia Education] Education extension blocked?
The librarian in me couldn't resist providing a citation for Pine's and Kevin's and Revi's points.
https://www.mediawiki.org/wiki/Developers/Maintainers#MediaWiki_extensions_d...
This page may not be quite current. Until yesterday, the education program extension was still marked as supported. The listed maintainer (and original developer of our dear extension), Jeroen De Dauw, has not worked on it since 2012, afaict. [1] Nevertheless, this page illustrates a pattern of neglect and abandonment. (Did I just actually type that?? Ah well, truth to power...)
[1] https://www.mediawiki.org/wiki/Wikipedia_Education_Program/status
--
Anna Koval, M.Ed. Manager, Wikipedia Education Program Wikimedia Foundation +1.415.839.6885 x 6729 Skype: annakoval.wiki akoval@wikimedia.org education.wikimedia.org
On Wed, Sep 30, 2015 at 1:04 AM, Pine W wiki.pine@gmail.com wrote:
That is a good point, Revi. And this is the kind of mess that makes me discouraged sometimes. But I think that James' involvement will be helpful here, as will a possible migration plan to a maintained tool.
(I've noticed a pattern recently of a few people separately deciding that they're not going to maintain certain tools or projects any longer. This maintainability problem really needs to be addressed, and is something that I'm hoping a CTO or VPE would address head-on.)
On Wed, Sep 30, 2015 at 12:58 AM, Yongmin Hong lists@revi.pe.kr wrote:
- 오전 3:52에 "Floor Koudijs" fkoudijs@wikimedia.org님이 작성:
The option that we are currently considering (and I cannot yet guarantee a timeline or anything like that because we're in the middle of the planning phase) is adapting the Wiki Ed Foundation's Dashboard to make it fit for international use. See the Phabricator task here, and the related Phabricator project. We would like to make this a feature project for the next round of Outreachy, which means that we'll have a dedicated intern to work on this project full time for three months, with the support of two mentors. If this works out as I hope it will, we may have something ready before the next academic year - but again, no hard guarantees here. I am currently working on getting the project shaped up, looking into mentors and confirming with possible interns.
Two important points that were addressed in this thread:
- Have community involvement early on. I really love this idea, and I'm
very grateful you're bringing this up and keep reminding us not to forget about that. What I'd personally love to see is a group that can be involved in advice, user testing and anything else on the user end that we may need. I'm copying Quim Gil on this email to see if this fits within the scope of Outreachy, as he may have some ideas around how to organize this best. We would have to be careful not too derail the project with too ambitious ideas and suggestions, and focusing on attainable and concrete tasks for the intern to work on. That said, having several minds involved in this with different backgrounds could be hugely valuable, in my opinion.
- Think about maintenance. This is what I'm currently looking into, since
it's clear that the issue is not so much developing new tools, but also looking ahead and making sure there will be ongoing support for these tools. That's a longer discussion that wwill take place in parallel to the development of the tool itself. This may not sound reassuring, but please trust that it's foremost in all of our minds at WMF - we already have enough tools out there that don't get the proper support, and we really don't want to build more.
I seriously doubt that the software will be maintained after the internship period if this is Outreachy project. The likely workflow: 1.The Outreachy term ends 2.User disappear/become inactive 3.We are going to get this same message again at some stage after new security vulnerability is found.
Well, yeah, Flow, LQT, (ironic both tools are going to be not be developed)[1] etc etc.
[1]: context: Flow was developed with the purpose of 'replacing LQT/make discussion easier' but I feel if they succeded to replace LQT fully. (disclaimer: Flow is "not active development mode" according to the WMF team.)
-- revi https://revi.me -- Sent from Android --
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
_______________________________________________ Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education
Education mailing list Education@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/education