Has Limesurvey been patched since? (asking as I see it widely used among some very ethical and tech literate projects)
On Mon, Feb 15, 2021 at 8:52 AM Asaf Bartov abartov@wikimedia.org wrote:
That tool was Limesurvey.
A.
On Mon, 15 Feb 2021, 08:59 Philippe Beaudette philippe@beaudette.me wrote:
I would also like to add a bit of historical context. Many years ago, when I worked at the WMF, we were using a FLOSS survey tool (I don't recall which). We were fairly dependent on it, when one day someone discovered that it was vulnerable to sql injection attacks and Tim Starling (I believe) rightly killed it on our servers. Shortly after that, we moved toward using a non-free tool that was safer and more robust. I dont recall that the two events were connected, but I would be surprised if they weren't.
Tim did the right thing then, even though it meant that we were moved off a FLOSS solution. Sometimes "Free" just isn't equal, or better. Sometimes it's an actual honest-to-god security risk and there are reasons why WMF's staff aren't using a free alternative to a proprietary tool. Did anyone ask?
Philippe
On Mon, Feb 15, 2021 at 12:13 AM Risker risker.wp@gmail.com wrote:
To clarify to anyone who doesn't want to read the actual proposal, which Fae did not repeat here:
*Proposal*
It is proposed that on Wikimedia Commons that there must be no promotion of surveys or questionnaires which rely on third party sites and closed source tools, such as Google Forms. This should be interpreted as a ban against engaging volunteers by mass messaging, use of banners or posts on noticeboards. *Recommended consequential action*
Banners and posts which go against this proposal may be removed by anyone.
Posting account(s) may be blocked or have group rights removed at the discretion of administrators, such as all rights that enable mass messaging. In a persistent case, blocks and rights removal may apply to all accounts of the person responsible. A rationale of doing their job as part of being a WMF employee is not considered an exemption.
Now....this applies to everyone who posts about a survey at Wikimedia Commons, as this proposal is strictly related to Commons. It is not a global proposal. However, it would apply to researchers, to WMF staff, to anyone who uses closed-sourced tools. There is no suggestion at all about suitable alternative tools. In fact, there is a severe dearth of quality open source tools. Researchers may be bound by their facilities to use certain types of tools.
Surveys and questionnaires are always voluntary. There's some responsibility on the part of the user to read the privacy statements and use of information statements that are normally mandatory for any legitimate surveys. More than once I've started to participate in a survey and decided it was asking questions I didn't want to answer, and just never saved them.
I think it would also be helpful if someone from WMF Technical could take the time to discuss with the broader community what arrangements have been made in their contract with Google to ensure that the information on those documents (of whatever nature) are not in fact accessible to Google for their data gathering or any other purposes. There is, of course, a certain irony that three of the four people who have commented on this thread so far all have Gmail email addresses.
Risker/Anne
On Mon, 15 Feb 2021 at 00:24, Gnangarra gnangarra@gmail.com wrote:
I agree with Fae's proposal if we are using tools that exclude community members out of safety and privacy concerns then we arent fulfilling the equity goals. I also recognise that alternatives need to be available but with no incentive for them to be used then there is no development of such tools, or improvements to their functionality. Faes proposal is putting the WMF on notice that there are steps we need to take to ensure equity, safety, and privacy in participation.
On Mon, 15 Feb 2021 at 09:08, Łukasz Garczewski < lukasz.garczewski@wikimedia.pl> wrote:
With respect, Fae, if you're going to propose banning an existing solution, it is on you to propose a suitable alternative or at least a process to find it before the ban takes effect.
I write this as a signatory of Free Software Foundation Europe's Public Money? Public Code open letter https://publiccode.eu/openletter/. I am wholeheartedly a proponent of open source software.
At the same time, I am a firm believer in using the best available tool for the job.
Our mission is too important to hold ourselves back at every step due to a noble but often unrealistic wish to use open source solutions for everything we do.
Last year, because of my drive to use proper open source solutions, WMPL wasted hours and hours of staff time (mostly mine) and a not insignificant amount of members' time because:
- Zeus, a widely used, cryptographically secure voting system is
impossible to setup and maintain and has very sparse documentation,
- CiviCRM, the premier open source CRM solution for NGOs, refuses
to work correctly after the Wordpress installation is moved to a new URL, and documentation isn't helpful.
To my knowledge there are no suitable open source options that would be easy-to-use and robust enough to support our needs in both cases and be comparable to commercial counterparts.
I have wasted a ton of time (and therefore WMPL money), before I decided to use state-of-the-art commercial solutions for the needs described above. Don't be like me. Don't make other people think & act like I did. Be smarter.
Should we use an *equivalent* open source solution when one is available? Yes. Should we have a public list of open source tools needed? Yes. Should we use programmes such as Google Summer of Code to build those tools? Yes.
Should we waste time using sub-par solutions or doing work manually? Hell no.
*So here's a constructive alternative idea:*
- Let's gather the needs and use cases for tools used by WMF and
affiliates,
- Let's build a list of potential open source replacements and map
what features are missing,
- Let's put the word out that we're looking for open source
replacements where there are none available,
- Let's embed Wikimedia liaisons in key open source projects to
ensure our needs and use cases are addressed promptly,
- Let's use initiatives such as Summer of Code to kickstart
building some of these tools.
I acknowledge the above is much harder to do than instituting a ban via community consensus. It is, however, a much more productive approach and will get us to your desired state eventually, and without sabotaging the work that needs to happen in the meantime.
Oh, and in case anybody's wondering why we can't build these tools in-house:
We could but really, really shouldn't. MediaWiki and the wider Wikimedia tech infrastructure is still in need of huge improvements. It would be really unwise to distract WMF's development and product teams from these goals by requesting they build standard communication or reporting tools.
On Sat, Feb 13, 2021 at 4:42 PM Fæ faewik@gmail.com wrote:
As a consequence of the promotion of a Google forms based survey this week by a WMF representative, a proposal on Wikimedia Commons has been started to ban the promotion of surveys which rely on third party sites like Google Forms.[1]
Launched today, but already it appears likely that this proposal will have a consensus to support. Considering that Commons is one of our largest Wikimedia projects, there are potential repercussions of banning the on-wiki promotion of surveys which use Google products or other closed source third party products like SurveyMonkey.
Feedback is most welcome on the proposal discussion, or on this list for handling impact, solutions, recommended alternatives that already exist, or the future role of the WMF to support research and surveys for the WMF and affiliates by using forking open source software and self-hosting and self-managing data "locally".
Links
https://commons.wikimedia.org/wiki/Commons:Village_pump/Proposals#Use_of_off...
Thanks Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae #WearAMask
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
--
Z poważaniem · Kind regards
Łukasz Garczewski
Dyrektor ds. operacyjnych · Chief Operating Officer
Wikimedia Polska
tel: +48 601 827 937
e-mail: lukasz.garczewski@wikimedia.pl
Wesprzyj wolną wiedzę! Przekaż 1% podatku lub wpłać darowiznę na rzecz Wikipedii https://wikimedia.pl/
ul. Tuwima 95, pok. 15 Łódź, Polska
KRS 0000244732
NIP 728-25-97-388
wikimedia.pl
Informacje na temat przetwarzania znajdują się w Polityce Prywatności https://pl.wikimedia.org/wiki/Polityka_prywatno%C5%9Bci. Kontakt: rodo@wikimedia.pl _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- GN.
*Power of Diverse Collaboration* *Sharing knowledge brings people together* Wikimania Bangkok 2022 August hosted by ESEAP
Wikimania: https://wikimania.wikimedia.org/wiki/User:Gnangarra Noongarpedia: https://incubator.wikimedia.org/wiki/Wp/nys/Main_Page My print shop: https://www.redbubble.com/people/Gnangarra/shop?asc=u
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe