I'm not exactly a "noob", but I haven't kept up with PHP changes -- what is running is running, so why change?
So I was just punting on the "how long will it take to upgrade?" question. (I said "More than an hour", because just finding out the impact will take that long!)
So what exactly is the expected impact of upgrading PHP 5.3.8 to 5.5 or greater? (Note: I'm now officially in that "more than an hour" of upgrading.)
Having been stung by various upgrades over the years, I tend to not touch stuff that isn't broken. I'm running several MediaWiki sites between 1.13 and 1.16. I'd sorta like to upgrade, but I don't know what that buys me, and y'know, they're all working... :-)
Jan
On 2015-12-04, at 04:00, mediawiki-l-request@lists.wikimedia.org wrote:
Send MediaWiki-l mailing list submissions to mediawiki-l@lists.wikimedia.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.wikimedia.org/mailman/listinfo/mediawiki-l or, via email, send a message with subject or body 'help' to mediawiki-l-request@lists.wikimedia.org
You can reach the person managing the list at mediawiki-l-owner@lists.wikimedia.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of MediaWiki-l digest..."
Today's Topics:
- What PHP version do you use? (Tim Starling)
- Re: What PHP version do you use? (Bill Traynor)
- Re: What PHP version do you use? (Tim Starling)
Message: 1 Date: Fri, 4 Dec 2015 12:25:41 +1100 From: Tim Starling tstarling@wikimedia.org To: mediawiki-l@lists.wikimedia.org Subject: [MediaWiki-l] What PHP version do you use? Message-ID: n3qq2m$92u$1@ger.gmane.org Content-Type: text/plain; charset=utf-8
If you manage a MediaWiki instance, please tell us what PHP version you use, and some other relevant information, by filling out this form:
https://docs.google.com/forms/d/1Z-io754bUxVujh100D4xvIwkiBIFk9Ef0j4TYrJ2zMc/viewform
You may have seen on wikitech-l that there is some controversy over whether we should require PHP 5.5 in the next major release of MediaWiki. I made this little survey in the interests of gathering some extra data to support our decision, beyond what we already have from WikiApiary.
You don't need to log in to fill out the form, and no personal information will be forwarded to us.
-- Tim Starling
Message: 2 Date: Thu, 3 Dec 2015 20:54:35 -0500 From: Bill Traynor btraynor@gmail.com To: MediaWiki announcements and site admin list mediawiki-l@lists.wikimedia.org Subject: Re: [MediaWiki-l] What PHP version do you use? Message-ID: CAN20qYptjEk14SdnmCUgt6x4+s22wzqNxSpa2fsX3y-XNUZfUg@mail.gmail.com Content-Type: text/plain; charset=UTF-8
Can we fill it out multiple times if we run manage more than one instance?
On Thu, Dec 3, 2015 at 8:25 PM, Tim Starling tstarling@wikimedia.org wrote:
If you manage a MediaWiki instance, please tell us what PHP version you use, and some other relevant information, by filling out this form:
https://docs.google.com/forms/d/1Z-io754bUxVujh100D4xvIwkiBIFk9Ef0j4TYrJ2zMc/viewform
You may have seen on wikitech-l that there is some controversy over whether we should require PHP 5.5 in the next major release of MediaWiki. I made this little survey in the interests of gathering some extra data to support our decision, beyond what we already have from WikiApiary.
You don't need to log in to fill out the form, and no personal information will be forwarded to us.
-- Tim Starling
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Message: 3 Date: Fri, 4 Dec 2015 14:34:45 +1100 From: Tim Starling tstarling@wikimedia.org To: mediawiki-l@lists.wikimedia.org Subject: Re: [MediaWiki-l] What PHP version do you use? Message-ID: n3r1km$me3$1@ger.gmane.org Content-Type: text/plain; charset=utf-8
Good question. I'm most interested in the amount of work it will take to upgrade PHP, so if you manage a hundred identical servers and will upgrade them all in bulk, then you shouldn't submit the form more than once, because that would be overrepresentative. But if you consult on several completely separate systems, each with their own quirks and dependencies, then I suppose it makes sense to submit the form more than once.
I've added a checkbox to the form so that you can tell us if you are submitting it more than once.
-- Tim Starling
On 04/12/15 12:54, Bill Traynor wrote:
Can we fill it out multiple times if we run manage more than one instance?
On Thu, Dec 3, 2015 at 8:25 PM, Tim Starling tstarling@wikimedia.org wrote:
If you manage a MediaWiki instance, please tell us what PHP version you use, and some other relevant information, by filling out this form:
https://docs.google.com/forms/d/1Z-io754bUxVujh100D4xvIwkiBIFk9Ef0j4TYrJ2zMc/viewform
You may have seen on wikitech-l that there is some controversy over whether we should require PHP 5.5 in the next major release of MediaWiki. I made this little survey in the interests of gathering some extra data to support our decision, beyond what we already have from WikiApiary.
You don't need to log in to fill out the form, and no personal information will be forwarded to us.
-- Tim Starling
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Subject: Digest Footer
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
End of MediaWiki-l Digest, Vol 147, Issue 3
:::: You know what? What makes our economy grow is energy. And Americans are used to going to the gas tank (sic), and when they put that hose in their, uh, tank, and when I do it, I wanna get gas out of it. And when I turn the light switch on, I want the lights to go on, and I don't want somebody to tell me I gotta change my way of living to satisfy them. Because this is America, and this is something we've worked our way into, and the American people are entitled to it, and if we're going improve (sic) our standard of living, you have to consume more energy. -- Chuck Grassley :::: Jan Steinman, EcoReality Co-op ::::
On 4 December 2015 at 19:52, Jan Steinman Jan@ecoreality.org wrote:
Having been stung by various upgrades over the years, I tend to not touch stuff that isn't broken. I'm running several MediaWiki sites between 1.13 and 1.16. I'd sorta like to upgrade, but I don't know what that buys me, and y'know, they're all working... :-)
Are you aware of what security issues (which are now public) your wikis are vulnerable to? I am very sceptical that stuff "isn't broken", although I (personally) am not going to research old issues, find your wiki, and then attack it, to make a point. Have you really backported/rewritten patches for all of them yourself? I've been involved in MediaWiki development for a few years now - and 1.16 was obsolete before I started.
Hi Alex and All others,
Doesn't this very issue go to the heart of the Mediawiki survey of Stakeholders found? Accordingly to the slideshow on that survey 71% of all independent users of Mediawiki use an old outdated version of the software. I think we can safely assume almost all of those users have not updated their sites with security patches. The problem is the technical knowledge to update Mediawiki is above the average user of the software and/or they lack command line access. By not having an easy GUI to both update the software and the extensions to the software it effectively leads to a lot of sites running with the ghost of Christmas past.
Sent from my iPad
On Dec 4, 2015, at 12:29 PM, Alex Monk krenair@gmail.com wrote:
On 4 December 2015 at 19:52, Jan Steinman Jan@ecoreality.org wrote:
Having been stung by various upgrades over the years, I tend to not touch stuff that isn't broken. I'm running several MediaWiki sites between 1.13 and 1.16. I'd sorta like to upgrade, but I don't know what that buys me, and y'know, they're all working... :-)
Are you aware of what security issues (which are now public) your wikis are vulnerable to? I am very sceptical that stuff "isn't broken", although I (personally) am not going to research old issues, find your wiki, and then attack it, to make a point. Have you really backported/rewritten patches for all of them yourself? I've been involved in MediaWiki development for a few years now - and 1.16 was obsolete before I started. _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Dear all
I fully agree with tharpenator@gmail.com Keeping Mediawiki and its extensions (such as Semanticmediawiki and many others) up to date isn't an easy job and this is proven by the number of outdated versions still in use. The task may be made easier by Composer and other developments, but these are not available to all of us.
Personally I'm trying to stay on track but I'm often struggling with unexpected problems.
Kind regards
Francis
On Fri, Dec 4, 2015 at 10:28 PM, tharpenator@gmail.com wrote:
Hi Alex and All others,
Doesn't this very issue go to the heart of the Mediawiki survey of Stakeholders found? Accordingly to the slideshow on that survey 71% of all independent users of Mediawiki use an old outdated version of the software. I think we can safely assume almost all of those users have not updated their sites with security patches. The problem is the technical knowledge to update Mediawiki is above the average user of the software and/or they lack command line access. By not having an easy GUI to both update the software and the extensions to the software it effectively leads to a lot of sites running with the ghost of Christmas past.
Sent from my iPad
On Dec 4, 2015, at 12:29 PM, Alex Monk krenair@gmail.com wrote:
On 4 December 2015 at 19:52, Jan Steinman Jan@ecoreality.org wrote:
Having been stung by various upgrades over the years, I tend to not
touch
stuff that isn't broken. I'm running several MediaWiki sites between
1.13
and 1.16. I'd sorta like to upgrade, but I don't know what that buys me, and y'know, they're all working... :-)
Are you aware of what security issues (which are now public) your wikis
are
vulnerable to? I am very sceptical that stuff "isn't broken", although I (personally) am not going to research old issues, find your wiki, and
then
attack it, to make a point. Have you really backported/rewritten patches for all of them yourself? I've been involved in MediaWiki development
for a
few years now - and 1.16 was obsolete before I started. _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
On 05/12/15 11:24, Francis Franck wrote:
I fully agree with tharpenator@gmail.com Keeping Mediawiki and its extensions (such as Semanticmediawiki and many others) up to date isn't an easy job and this is proven by the number of outdated versions still in use. The task may be made easier by Composer and other developments, but these are not available to all of us.
I wonder why a version update system such that used by Drupal (and other systems) does not exit for Mediawiki....
Gordo
On 4 Dec 2015, at 14:52, Jan Steinman wrote:
So what exactly is the expected impact of upgrading PHP 5.3.8 to 5.5 or greater?
The folks who have been squabbling over control of your hijacked server will stop doing so, because the latest bunch willing to coexist with each other won't have a steady stream of script kiddie competitors. But don't worry: if you only go to the last 5.5, you'll probably have a new flow of friends to co-administer your server in a few months.
On 05/12/15 06:52, Jan Steinman wrote:
I'm not exactly a "noob", but I haven't kept up with PHP changes -- what is running is running, so why change?
It is important to keep up with security releases. If your server is compromised, it can be used to host fraudulent websites, participate in DDoS attacks and send spam. The criminals of the internet depend on people like you who don't care about security. You are an essential part of their infrastructure.
So I was just punting on the "how long will it take to upgrade?" question. (I said "More than an hour", because just finding out the impact will take that long!)
So what exactly is the expected impact of upgrading PHP 5.3.8 to 5.5 or greater? (Note: I'm now officially in that "more than an hour" of upgrading.)
Having been stung by various upgrades over the years, I tend to not touch stuff that isn't broken. I'm running several MediaWiki sites between 1.13 and 1.16. I'd sorta like to upgrade, but I don't know what that buys me, and y'know, they're all working... :-)
I can't say I have tried to run MediaWiki 1.13 (released in 2008) on PHP 5.5. Maybe it would work.
I was just looking for my notes on how hard it is to upgrade MediaWiki. It looks like I had a similar conversation with you back in 2008, about upgrading from 1.3! Good times.
Note that 1.3 -> 1.13 was a gap of 4 years, and it's now been another 7 years after that. So maybe it is about time for another upgrade?
Normally, upgrading PHP is very simple, because by the time you upgrade PHP, you've already upgraded MediaWiki to a version which has been tested on the new version of PHP. Your case is not normal. That is the price you pay for upgrading MediaWiki as often as other people paint their houses.
I think you should take your site down for "scheduled maintenance", and while it is down, upgrade PHP and any other dependencies such as MySQL and the rest of the Linux distro, and then upgrade MediaWiki to 1.23. That is, don't bother testing MW 1.13 on PHP 5.5, it doesn't matter if it doesn't work if you are halfway through an upgrade.
If you really hate upgrading things, you should take steps to make it easy. Use PHP from an Ubuntu LTS package, don't compile your own. Use unattended-upgrades to get security releases automatically. Don't change any files that were distributed with MediaWiki.
-- Tim Starling
mediawiki-l@lists.wikimedia.org