*.Wordpress.com blocked in China..... Chinese wikipedia: http://zh.wikipedia.org/ My blog: http://shizhao.org twitter: https://twitter.com/shizhao
[[zh:User:Shizhao]]
2013/9/6 Matthew Roth mroth@wikimedia.org:
Hi all,
I was going to socialize some of the transitions for the Wikimedia blog in the next few weeks on the Wikimedia blog spacehttps://meta.wikimedia.org/wiki/Wikimedia_Blogon Meta and on the blog itself with a blog post, but this conversation has sped up the discussion. I plan to have something on Meta by the beginning of next week and hope that we can continue the discussion there when the content is posted.
As a general concept, we’re redesigning the blog to be less focused on the Wikimedia Foundation and more on the Wikimedia movement. For the past year, we have been sharing more narratives from the movement, making this important communications tool more about movement partners and not exclusively about the Wikimedia Foundation. We believe the public has little understanding of the people behind the projects and we want to share their stories (i.e. why the contribute, why they edit, why they develop). We still need the tool to communicate important updates from the WMF, but that can be accomplished in a larger ecosystem with more diversity of voices. We’ve had a significant increase in publication from authors who don’t work for the WMF, as well as increased multi-lingual posts, and we will continue to increase the amount and diversity of participation.
Specifically, let me address a couple of points raised in this thread.
We are redesigning the blog. For those at Wikimania who saw my talk, we shared the working site for the new Wikimedia blog and explained the basics of our thinking. Here is the link for the site under construction. Please understand this is still under construction and there will be some changes, but this is the basic design of the new Wikimedia blog. It’s also populated with data from a db dump that is now 2 months old, so you will see significant content difference from the current Wikimedia blog. The draft version of the blog is hosted on an outside platform, WP Engine, but this is not necessarily the hosting company we may use in future: http://wikimedia.wpengine.com/
We’re exploring the possibility of 3rd-party hosting of the blog. We had extensive discussions with members of the WMF Operations and Engineering teams about whether to continue to host the blog on our servers or move to a 3rd-party host. Ultimately we determined that 3rd party hosts made sense for the blog for a number of important reasons. I would refer you to the email in this threadhttp://www.gossamer-threads.com/lists/wiki/foundation/387838#387838from Leslie Carr in our Ops team, but essentially they feel that a move to a 3rd party host would address important security and support concerns, and would therefore be preferable to continuing to host the blog ourselves.
A 3rd-party host will give us redundancy and strong backups. The blog has become the Foundation’s primary public communications tool (alongside, naturally, the host of wikis we use to converse with the community). We want to be sure this platform is hosted on a 3rd-party site in case we encounter a significant outage or cluster-wide downtime. Obviously we can’t rely on the projects to get that information out if the cluster is down, and although we will continue to use identi.ca, twitter, and facebook, we’d like to have a stable place to point traffic.
The blog needs to be able to handle a lot of traffic, quickly. We know that Wikimedia’s servers are up to this kind of task, but we’re experts at hosting wikis - not necessarily experts at hosting blogs. Specifically blogs that may need to handle very large volumes of traffic, spam, and comments in a short period of time. We had one such situation back in 2012 during the Wikipedia blackout. We sent tens of millions of readers to the Wikimedia blog and dealt with around 18K comments in a matter of hours. We could handle it, but we’d like to have capacity to handle that in an emergency situation. Not all blog hosting companies can do this, but a few that we’re looking at are expressly built to handle immediate and massive increases in traffic, and they’ve got amazing back up services.
We have not yet selected a 3rd-party host. We have screened a couple of 3rd-party hosts. While Wordpress.com is one of our top choices (not the standard consumer version, rather their ‘managed’ or white glove hosting services for high volume customers), we have not yet selected them. Right now the WMF legal team is in discussions with Wordpress.com and others. We appreciate that if we host on a 3rd party site, we need to navigate the important issue of ensuring our privacies policies are compatible.
The new blog is responsive and much better on multiple devices. With the 2012 Wordpress theme, we can easily adapt our blog to multiple screen widths. Please try expanding and narrowing your browser widths to see the responsive design, or load the new blog on a mobile or tablet.
We feel Wordpress is still the best tool for blog publishing. While wikis are functional for many things, we feel Wordpress is better for blogging/publishing. When we started the blog redesign, we briefly discussed other platforms, but we don’t believe there is a superior tool for the blog. Because we’ve had a Wordpress install since 2008 and it has worked well for us since then, we decided not to change. We also needed to be sure that however we proceeded, we could also move away if we need to, and easily and quickly resume hosting of the blog or move it somewhere else.
When we move hosting to a 3rd-party site, users will need to agree to the new privacy policy that we work out for the blog. During the transition when we update the database and move the blog from our cluster to a 3rd-party site, current blog users will need to create new accounts on the new blog and agree to the new privacy policy.
More to come next week, but hopefully this addresses some of the concerns raised here. We’re very interested in your feedback and hope that we can capture all the comments and critique on the Meta page when it is up.
thanks, Matthew
On Thu, Sep 5, 2013 at 3:44 PM, Dan Collins en.wp.st47@gmail.com wrote:
At least OTRS and mailman belong inside our security "bubble" of control, where the only people with access are ops and they can be properly secured. The security risk of those applications potentially introducing and attacker to all our data is minimal compared to the much greater risk of placing our user names, passwords, email addresses, and highly private OTRS queues in the hands of a third party including all their technicians, not to mention their security practices that we have no control over.
As for the other question. If the nsa sends a letter to WordPress then they can get the email address and IP of someone who posted a post or comment to our blog. Probably the password too. If we host it over SSL then there's no way for them to know even that a given user commented, and if we did SSL right (maybe in another ten years) no one would know whether an IP was anon browsing, a checkuser or oversight, or reading our highly sensitive OTRS queues. On Sep 5, 2013 6:28 PM, "Gregory Varnum" gregory.varnum@gmail.com wrote:
I think this makes 100% sense from an operations perspective. Anytime
you
can "outsource" a lower priority web service - fantastic.
However, from a community advocacy perspective - I am less convinced. I would be curious if anyone from that team could chime in as well.
The security argument makes a great deal of sense to me - making the primary production sites vulnerable should always be avoided if at all humanly possible to do so.
Here are some lingering questions I would have for Advocacy and Ops:
- How closely are we working with WordPress.com staff on this setup?
- Will we be paying for the service? (I know it is minimal - more
curious
than anything) 3. Is the Automattic (company behind WordPress) privacy policy compatible with WMF's current and proposed (as it exists now) privacy policy? 4. Will people be required to register with WordPress.com to participate in the blog? 5. I recognize we utilize a lot of corporations - but most do not handle our content (I suppose data centers and bandwidth - but I digress) - generally that has been our own or a nonprofit like Freenode (if you
count
IRC as content service). Additionally, they use ads - which has been a
hot
topic on project sites. Recognizing the blog is not really a project
site
that is covered as tightly under our principles - can someone speak to
the
compatibility of Automattic's policies and values with WM and WMF? How
are
we getting around the ads? 6. Are there other services on WMF servers that could be potential security threats? Are OTRS, Mailman, and Etherpad subject to these
concerns
as well? Is there a likely possibility that other services will be moved
in
the future? 7. Should all of these services be moved to a separate server? Is that feasible?
I appreciate that WMF is having this dialogue before the switch actually happens. I agree it is a compelling idea.
- greg aka varnent
On 5 Sep, 2013, at 5:16 PM, David Gerard dgerard@gmail.com wrote:
On 5 September 2013 22:07, K. Peachey p858snake@gmail.com wrote:
That is a argument for changing the blogging tool/platform, Not
changing to
non self-hosted environment.
tl;dr Wordpress is the only blog that isn't shit. And Wordpress.com is a fine place to host a blog if you don't want ever to have to think about the nuts and bolts of securing the thing.
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
--
Matthew Roth Global Communications Manager Wikimedia Foundation +1.415.839.6885 ext 6635 www.wikimediafoundation.org *http://blog.wikimedia.org/* _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe