We know NSA wants Wikipedia data, as Wikipedia is listed in one of the
That slide is about HTTP, and the tech staff are moving the
user/reader base to HTTPS.
As we learn more about the NSA programs, we need to consider vectors
other than HTTP for the NSA to obtain the data they want. And the
userbase needs to be aware of the current risks.
One question from the "Dells are backdored"[sic] thread that is worth
separate consideration is:
Are the Wikimedia transit links encrypted, especially for database replication?
MySQL has replication over SSL, so I assume the answer is Yes.
If not, is this necessary or useful, and feasible ?
However we also need to consider that SSL and other encryption may be
useless against NSA/etc, which means replicating non-public data
should be avoided wherever possible, as it becomes a single point of
Given how public our system is, we don't have a lot of non-public
data, so we might be able to design the architecture so that
information isnt replicated, and also ensure it isnt accessed over
insecure links. I think the only parts of the dataset that are
private & valuable are
* passwords/login cookies,
* checkuser info - IPs and useragents,
* WMF analytics, which includes readers iirc, and
* hidden/deleted edits
* private wikis and mailing lists
Have I missed any?
Are passwords and/or checkuser info replicated?
Is there a data policy on WMF analytics data which prevents it flowing
over insecure links, and limits what is collected and ensures
destruction of the data within reasonable timeframes? i.e. how about
not using cookies to track analytics of readers who are on HTTP
instead of HTTPS?
The private wikis can be restricted to https, depending on the value
of the data on those wikis in the wrong hands. The private mailing
lists will be harder to secure, and at least the English Wikipedia
arbcom list contain a lot of valuable data about contributors.
Regarding hidden/deleted edits, the replication isnt the only source
of this data. All edits are also exposed via Recent Changes
(https/api/etc) as they occur, and the value of these edits is
determined by the fact they are hidden afterwards (e.g. don't appear
in dumps). Is there any way to control who is effectively capturing
all edits via Recent Changes?
to increase accountability and create more opportunities for course
corrections and resourcing adjustments as necessary, Sue's asked me
and Howie Fung to set up a quarterly project evaluation process,
starting with our highest priority initiatives. These are, according
to Sue's narrowing focus recommendations which were approved by the
- Visual Editor
- Mobile (mobile contributions + Wikipedia Zero)
- Editor Engagement (also known as the E2 and E3 teams)
- Funds Dissemination Committe and expanded grant-making capacity
I'm proposing the following initial schedule:
- Editor Engagement Experiments
- Visual Editor
- Mobile (Contribs + Zero)
- Editor Engagement Features (Echo, Flow projects)
- Funds Dissemination Committee
We’ll try doing this on the same day or adjacent to the monthly
metrics meetings , since the team(s) will give a presentation on
their recent progress, which will help set some context that would
otherwise need to be covered in the quarterly review itself. This will
also create open opportunities for feedback and questions.
My goal is to do this in a manner where even though the quarterly
review meetings themselves are internal, the outcomes are captured as
meeting minutes and shared publicly, which is why I'm starting this
discussion on a public list as well. I've created a wiki page here
which we can use to discuss the concept further:
The internal review will, at minimum, include:
Team members and relevant director(s)
So for example, for Visual Editor, the review team would be the Visual
Editor / Parsoid teams, Sue, me, Howie, Terry, and a minute-taker.
I imagine the structure of the review roughly as follows, with a
duration of about 2 1/2 hours divided into 25-30 minute blocks:
- Brief team intro and recap of team's activities through the quarter,
compared with goals
- Drill into goals and targets: Did we achieve what we said we would?
- Review of challenges, blockers and successes
- Discussion of proposed changes (e.g. resourcing, targets) and other
- Buffer time, debriefing
Once again, the primary purpose of these reviews is to create improved
structures for internal accountability, escalation points in cases
where serious changes are necessary, and transparency to the world.
In addition to these priority initiatives, my recommendation would be
to conduct quarterly reviews for any activity that requires more than
a set amount of resources (people/dollars). These additional reviews
may however be conducted in a more lightweight manner and internally
to the departments. We’re slowly getting into that habit in
As we pilot this process, the format of the high priority reviews can
help inform and support reviews across the organization.
Feedback and questions are appreciated.
VP of Engineering and Product Development, Wikimedia Foundation
Support Free Knowledge: https://wikimediafoundation.org/wiki/Donate
could wmf please extend the mediawiki software in the following way:
1. it should knows "groups"
2. allow users to store an arbitrary number of groups with their profile
3. allow to select one of the "group"s joined to an edit when saving
4. add a checkbox "COI" to an edit, meaning "potential conflict of interest"
5. display and filter edits marked with COI in a different color in history
6. display and filter edits done for a group in a different color in
7. allow members of a group to receive notifications done on the group page,
or when a group is mentioned in an edit/comment/talk page.
currently it is quite cumbersome to participate as an organisation. it is
quite cumbersome for people as well to detect COI edits. the most prominent
examples are employees of the wikimedia foundation, and GLAMs. users tend
to create multiple accounts, and try to create "company accounts". the main
reason for this behaviour are (examples, but of course valid general):
* have a feedback page / notification page for the swiss federal archive
for other users
* make clear that an edit is done private or as wmf employee
this then would allow the community to create new policies, e.g. the german
community might cease using company accounts, and switch over to this
system. this proposal is purely technical. current policies can still be
applied if people do not need something else, e.g. wmf employees may
continue to use "sue gardner (wmf)" accounts.
what you think?
I just wanted to let you know, so you could mark your calendars if
interested, that there are two IRC office hours scheduled to discuss
VisualEditor in March and one in April.
The first will be held on Monday March 17 at 1500 UTC and the second will
be held on Wednesday March 19 at 0100 UTC. (See
https://meta.wikimedia.org/wiki/IRC_office_hours for time conversion
Logs will be posted on meta after each office hour completes. You'll find
them, along with logs for older office hours on the topic, at
The April office hour is scheduled for Saturday April 19 at 2000 UTC.
Please see https://meta.wikimedia.org/wiki/IRC_office_hours for more
information on what office hours are and how to join in.
Senior Community Advocate
Wikimedia Foundation, Inc.
I am very pleased to announce that Wikimedia NYC and Wikimedia DC are
working in collaboration to host the first national Wikimedia conference in
the United States!
Here are the details for the conference:
Dates: Friday, May 30, 2014 - Sunday, June 1, 2014
Location: New York Law School (185 West Broadway, New York, NY 10013)
For more information, please review our official press release below! We
hope you will join us and help us spread the word!
I can think of a few reasons why we should accept bitcoin:
* It's consistent with our leadership in internet technology
* Our peers like EFF, and Internet archive accept it
* It's secured using the same kinds of encryption we rely on to maintain
* It permits donations from countries that do not have Visa/Mastercard
* It has a fanatically loyal and growing following that is dying to give us
money in that currency
Most imporantly, current technology would permit us to accept bitcoin
without ever *holding* bitcoin.
Companies like BitPay ( https://bitpay.com/) and CoinBase (
https://coinbase.com/) are little different than accepting Visa,
Mastercard, or Paypal. It's now possible for funds received as bitcoins to
be *immediately* converted to USD.
I don't think we should 'make a statement' by accepting bitcoin, I think
the currency is simply at the stage where it would be to our benefit to do
The next WMF metrics and activities meeting will take place on Thursday,
March 6, 2014 at 7:00 PM UTC (11 AM PST). The IRC channel is
#wikimedia-office on irc.freenode.net and the meeting will be broadcast as
a live YouTube stream.
The current structure of the meeting is:
* Review of key metrics including the monthly report card, but also
specialized reports and analytic
* Review of financials
* Welcoming recent hires
* Brief presentations on recent projects, with a focus on highest priority
* Update and Q&A with the Executive Director, if available
https://meta.wikimedia.org/wiki/Metrics_and_activities_meetings for further
information about how to participate.
We'll post the video recording publicly after the meeting.
Executive Assistant to the VP of Engineering & Product Development
+1 (415) 839-6885 ext. 6689
In the past years I have organized (alone and together with Deror Lin or
Nicole Ebber) the Wikimania presentation 'The Coolest Projects' where I
tried to give an inspiring overview of some of the amazing things Wikimedia
affiliates are doing in our movement - sometimes against the stream. I have
enjoyed it a lot and learned a huge amount of stuff from the volunteers I
spoke with in preperation for this presentation.
I decided however that 2013 will have been my last presentation on this
topic. I no longer have the luxury or enthusiasm to spend the countless
hours on collecting, investigating, expanding, comprehending and presenting
these projects. While Nicole had to make the same decision, I found Deror
Lin (with whom I presented together in 2012) prepared to continue the
project in 2014.
I think it is fair to say that the effort has become a project in itself.
I'm very glad Deror is taking the torch and I'm sure he can use all the
help he can get. Please don't tell him, but to give you an impression of
the work involved, we estimated that we easily spent hundreds of hours on
preparing this presentation last year. So if you want to help Deror, please
share your support. He will probably approach the affiliates in the coming
months to share their cool projects, and I hope that you don't make him
chase you too much :) Think about it already!
If you want to help out, or if you just want to show your support for the
presentation, please leave a note on
Looking forward to an awesome presentation, but this time with me in the
While watching the current changes to Wikimedia France microgrants program
implemented, I was curious to know which Wikimedia entities had similar
funding programs for individuals - how they worked, how we could learn form
Since apparently there was no Meta page for that(tm) (yet!) I went ahead and
I dug my information out of my email archives and FDC proposal forms, so I
could totally have missed some programs - please add the ones you know
Of course, it would be more useful to have more detailed information on
Together with Caroline & Pierre-Selim we threw some ideas on what we
thought was interesting to know about the programs, but that's still very
alpha - please add more ideas!
Looking forward to your thoughts about this!