1. Where can I find a response from either the WMF board or WMF
funding/finance to the criticisms of a lack of transparency or the
apparent failure of the project to deliver value for the donor's money
as raised in this blog post?
2. Where can I read an officially recognized report for the outcomes
of this project in terms of value for Wikimedia projects? Obviously we
do not want to rely on second-hand analysis when reports to the WMF
are a requirement for such projects.
We know NSA wants Wikipedia data, as Wikipedia is listed in one of the
That slide is about HTTP, and the tech staff are moving the
user/reader base to HTTPS.
As we learn more about the NSA programs, we need to consider vectors
other than HTTP for the NSA to obtain the data they want. And the
userbase needs to be aware of the current risks.
One question from the "Dells are backdored"[sic] thread that is worth
separate consideration is:
Are the Wikimedia transit links encrypted, especially for database replication?
MySQL has replication over SSL, so I assume the answer is Yes.
If not, is this necessary or useful, and feasible ?
However we also need to consider that SSL and other encryption may be
useless against NSA/etc, which means replicating non-public data
should be avoided wherever possible, as it becomes a single point of
Given how public our system is, we don't have a lot of non-public
data, so we might be able to design the architecture so that
information isnt replicated, and also ensure it isnt accessed over
insecure links. I think the only parts of the dataset that are
private & valuable are
* passwords/login cookies,
* checkuser info - IPs and useragents,
* WMF analytics, which includes readers iirc, and
* hidden/deleted edits
* private wikis and mailing lists
Have I missed any?
Are passwords and/or checkuser info replicated?
Is there a data policy on WMF analytics data which prevents it flowing
over insecure links, and limits what is collected and ensures
destruction of the data within reasonable timeframes? i.e. how about
not using cookies to track analytics of readers who are on HTTP
instead of HTTPS?
The private wikis can be restricted to https, depending on the value
of the data on those wikis in the wrong hands. The private mailing
lists will be harder to secure, and at least the English Wikipedia
arbcom list contain a lot of valuable data about contributors.
Regarding hidden/deleted edits, the replication isnt the only source
of this data. All edits are also exposed via Recent Changes
(https/api/etc) as they occur, and the value of these edits is
determined by the fact they are hidden afterwards (e.g. don't appear
in dumps). Is there any way to control who is effectively capturing
all edits via Recent Changes?
to increase accountability and create more opportunities for course
corrections and resourcing adjustments as necessary, Sue's asked me
and Howie Fung to set up a quarterly project evaluation process,
starting with our highest priority initiatives. These are, according
to Sue's narrowing focus recommendations which were approved by the
- Visual Editor
- Mobile (mobile contributions + Wikipedia Zero)
- Editor Engagement (also known as the E2 and E3 teams)
- Funds Dissemination Committe and expanded grant-making capacity
I'm proposing the following initial schedule:
- Editor Engagement Experiments
- Visual Editor
- Mobile (Contribs + Zero)
- Editor Engagement Features (Echo, Flow projects)
- Funds Dissemination Committee
We’ll try doing this on the same day or adjacent to the monthly
metrics meetings , since the team(s) will give a presentation on
their recent progress, which will help set some context that would
otherwise need to be covered in the quarterly review itself. This will
also create open opportunities for feedback and questions.
My goal is to do this in a manner where even though the quarterly
review meetings themselves are internal, the outcomes are captured as
meeting minutes and shared publicly, which is why I'm starting this
discussion on a public list as well. I've created a wiki page here
which we can use to discuss the concept further:
The internal review will, at minimum, include:
Team members and relevant director(s)
So for example, for Visual Editor, the review team would be the Visual
Editor / Parsoid teams, Sue, me, Howie, Terry, and a minute-taker.
I imagine the structure of the review roughly as follows, with a
duration of about 2 1/2 hours divided into 25-30 minute blocks:
- Brief team intro and recap of team's activities through the quarter,
compared with goals
- Drill into goals and targets: Did we achieve what we said we would?
- Review of challenges, blockers and successes
- Discussion of proposed changes (e.g. resourcing, targets) and other
- Buffer time, debriefing
Once again, the primary purpose of these reviews is to create improved
structures for internal accountability, escalation points in cases
where serious changes are necessary, and transparency to the world.
In addition to these priority initiatives, my recommendation would be
to conduct quarterly reviews for any activity that requires more than
a set amount of resources (people/dollars). These additional reviews
may however be conducted in a more lightweight manner and internally
to the departments. We’re slowly getting into that habit in
As we pilot this process, the format of the high priority reviews can
help inform and support reviews across the organization.
Feedback and questions are appreciated.
VP of Engineering and Product Development, Wikimedia Foundation
Support Free Knowledge: https://wikimediafoundation.org/wiki/Donate
I'd be interested in hearing broader community opinions about the
extent to which WMF should sponsor non-profits purely to support work
that Wikimedia benefits from, even if it's not directed towards a
specific goal established in a grant agreement.
This comes up from time to time. One of the few historic precedents
I'm aware of is the $5,000 donation that WMF made to FreeNode in 2006
. But there are of course many other organizations/communities that
the Wikimedia movement is indebted to.
On the software side, we have Ubuntu Linux (itself highly indebted to
Debian) / Apache / MariaDB / PHP / Varnish / ElasticSearch / memcached
/ Puppet / OpenStack / various libraries and many other dependencies ,
infrastructure tools like ganglia, observium, icinga, etc. Some of
these projects have nonprofits that accept and seek sponsorship and
support, some don't.
One could easily expand well beyond the software we depend on
server-side to client-side open source applications used by our
community to create content: stuff like Inkscape, GIMP and LibreOffice
(used for diagrams). And there are other communities we depend on,
So, should we steer clear of this type of sponsorship altogether
because it's a slippery slope, or should we try to come up with
evaluation criteria to consider it on a case-by-case basis (e.g. is
there a trustworthy non-profit that has a track record of
accomplishment and is in actual need of financial support)?
I could imagine a process with a fixed "giving back" annual budget
and a community nominations/review workflow. It'd be work to create
and I don't want to commit to that yet, but I would be interested to
MariaDB specifically invited WMF to become a sponsor, and we're
clearly highly dependent on them. But I don't think it makes sense for
us to just write checks if there's someone who asks for support and
there's a justifiable need. However, if there's broad agreement that
this is something Wikimedia should do more of, then I think it's worth
developing more consistent sponsorship criteria.
 Cf. https://www.mediawiki.org/wiki/Upstream_projects
VP of Engineering and Product Development, Wikimedia Foundation
I emailed mobile-l and wikitech-l about this, now I'm moving this
discussion to wikimedia-l. Here's the longer technical thread:
In summary, to show Wikipedia Zero banners for the correct mobile networks,
we are planning once for each cellular-based app session to log two pieces
of data in a specialized logfile, deleting log entries older than 90 days.
1. MCC-MNC <http://en.wikipedia.org/wiki/Mobile_country_code> code (format
is ###-##), which denotes the mobile operator
2. Exit (gateway/proxy) IP address
* These data points would not be logged alongside the normal web access
This information could be used to estimate rough demand for Wikipedia in
potential Wikipedia Zero geos, although remediating the out-of-sync IP
addresses on file for existing partners is primary.
wanted to see if there were other thoughts on this approach here on
could wmf please extend the mediawiki software in the following way:
1. it should knows "groups"
2. allow users to store an arbitrary number of groups with their profile
3. allow to select one of the "group"s joined to an edit when saving
4. add a checkbox "COI" to an edit, meaning "potential conflict of interest"
5. display and filter edits marked with COI in a different color in history
6. display and filter edits done for a group in a different color in
7. allow members of a group to receive notifications done on the group page,
or when a group is mentioned in an edit/comment/talk page.
currently it is quite cumbersome to participate as an organisation. it is
quite cumbersome for people as well to detect COI edits. the most prominent
examples are employees of the wikimedia foundation, and GLAMs. users tend
to create multiple accounts, and try to create "company accounts". the main
reason for this behaviour are (examples, but of course valid general):
* have a feedback page / notification page for the swiss federal archive
for other users
* make clear that an edit is done private or as wmf employee
this then would allow the community to create new policies, e.g. the german
community might cease using company accounts, and switch over to this
system. this proposal is purely technical. current policies can still be
applied if people do not need something else, e.g. wmf employees may
continue to use "sue gardner (wmf)" accounts.
what you think?
Hey everyone :)
I'll be doing another Wikidata office hour on IRC. It will take place
on May 19th at 5PM UTC in #wikimedia-office. For your timezone please
I'll be giving a status update and then answer whatever
Wikidata-related questions you have. Hope to see many of you there.
Lydia Pintscher - http://about.me/lydia.pintscher
Product Manager for Wikidata
Wikimedia Deutschland e.V.
Tempelhofer Ufer 23-24
Wikimedia Deutschland - Gesellschaft zur Förderung Freien Wissens e. V.
Eingetragen im Vereinsregister des Amtsgerichts Berlin-Charlottenburg
unter der Nummer 23855 Nz. Als gemeinnützig anerkannt durch das
Finanzamt für Körperschaften I Berlin, Steuernummer 27/681/51985.
The next WMF metrics and activities meeting will take place on Thursday,
May 1, 2014 at 6 PM UTC (11 AM PDT). The IRC channel is #wikimedia-office
on irc.freenode.net and the meeting will be broadcast as a live YouTube
The current structure of the meeting is:
* Review of key metrics including the monthly report card, but also
specialized reports and analytic
* Review of financials
* Welcoming recent hires
* Brief presentations on recent projects, with a focus on highest priority
* Update and Q&A with the Executive Director, if available
https://meta.wikimedia.org/wiki/Metrics_and_activities_meetings for further
information about how to participate.
We'll post the video recording publicly after the meeting.
Executive Assistant to the VP of Engineering & Product Development