Hi.
The recent draft privacy policy mentions that the Wikimedia blog (https://blog.wikimedia.org) will soon be hosted by WordPress.com.
Was this discussed anywhere? If so, where?
What is the proposed URL structure of a blog hosted by WordPress.com? I think there's a reasonable expectation that when a user visits *.wikimedia.org, we don't simply send his or her browser info to a third party without his or her consent. This has come up previously with Jobvite and iframes. It's also come up with the use of tracking tools such as Google Analytics, which not only affect one-time visitors, but aim to persist client-side.
How will the blog be backed up? Relying on an external service means not being in control of the data. Will there be regular backups made to ensure that if WordPress.com goes away, we won't lose all of our posts?
MZMcBride
On 05/09/13 13:37, MZMcBride wrote:
Hi.
The recent draft privacy policy mentions that the Wikimedia blog (https://blog.wikimedia.org) will soon be hosted by WordPress.com.
Was this discussed anywhere? If so, where?
What is the proposed URL structure of a blog hosted by WordPress.com? I think there's a reasonable expectation that when a user visits *.wikimedia.org, we don't simply send his or her browser info to a third party without his or her consent. This has come up previously with Jobvite and iframes. It's also come up with the use of tracking tools such as Google Analytics, which not only affect one-time visitors, but aim to persist client-side.
How will the blog be backed up? Relying on an external service means not being in control of the data. Will there be regular backups made to ensure that if WordPress.com goes away, we won't lose all of our posts?
MZMcBride
I agree: this does seem to be a curious decision, at odds with the WMF's general policy of self-hosting as much as possible in order to maintain maximum independence from outside entities, particularly in the context of the recent concerns about privacy. I would have thought that maintaining a WordPress installation would be well within the WMF's capabilities.
Neil
This is being discussed on-wiki too, at https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordP... .
Richard Symonds Wikimedia UK 0207 065 0992
Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT. United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects).
*Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.*
On 5 September 2013 14:00, Neil Harris neil@tonal.clara.co.uk wrote:
On 05/09/13 13:37, MZMcBride wrote:
Hi.
The recent draft privacy policy mentions that the Wikimedia blog (https://blog.wikimedia.org) will soon be hosted by WordPress.com.
Was this discussed anywhere? If so, where?
What is the proposed URL structure of a blog hosted by WordPress.com? I think there's a reasonable expectation that when a user visits *.wikimedia.org, we don't simply send his or her browser info to a third party without his or her consent. This has come up previously with Jobvite and iframes. It's also come up with the use of tracking tools such as Google Analytics, which not only affect one-time visitors, but aim to persist client-side.
How will the blog be backed up? Relying on an external service means not being in control of the data. Will there be regular backups made to ensure that if WordPress.com goes away, we won't lose all of our posts?
MZMcBride
I agree: this does seem to be a curious decision, at odds with the WMF's general policy of self-hosting as much as possible in order to maintain maximum independence from outside entities, particularly in the context of the recent concerns about privacy. I would have thought that maintaining a WordPress installation would be well within the WMF's capabilities.
Neil
______________________________**_________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.**org Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/**mailman/listinfo/wikimedia-lhttps://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@**lists.wikimedia.orgwikimedia-l-request@lists.wikimedia.org ?subject=**unsubscribe>
This was definitely mentioned at Wikimania. What I understood is that it will be hosted externally for performance and reliability reasons, but that the rest should remain the same.
Anyway, I'm not an expert here, just what I understood from Matthew Roth & friends
Lodewijk
2013/9/5 Richard Symonds richard.symonds@wikimedia.org.uk
This is being discussed on-wiki too, at
https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordP... .
Richard Symonds Wikimedia UK 0207 065 0992
Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT. United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects).
*Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.*
On 5 September 2013 14:00, Neil Harris neil@tonal.clara.co.uk wrote:
On 05/09/13 13:37, MZMcBride wrote:
Hi.
The recent draft privacy policy mentions that the Wikimedia blog (https://blog.wikimedia.org) will soon be hosted by WordPress.com.
Was this discussed anywhere? If so, where?
What is the proposed URL structure of a blog hosted by WordPress.com? I think there's a reasonable expectation that when a user visits *.wikimedia.org, we don't simply send his or her browser info to a
third
party without his or her consent. This has come up previously with
Jobvite
and iframes. It's also come up with the use of tracking tools such as Google Analytics, which not only affect one-time visitors, but aim to persist client-side.
How will the blog be backed up? Relying on an external service means not being in control of the data. Will there be regular backups made to
ensure
that if WordPress.com goes away, we won't lose all of our posts?
MZMcBride
I agree: this does seem to be a curious decision, at odds with the WMF's general policy of self-hosting as much as possible in order to maintain maximum independence from outside entities, particularly in the context
of
the recent concerns about privacy. I would have thought that maintaining
a
WordPress installation would be well within the WMF's capabilities.
Neil
______________________________**_________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.**org Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l%3E,
<mailto:wikimedia-l-request@**lists.wikimedia.org<
wikimedia-l-request@lists.wikimedia.org>
?subject=**unsubscribe>
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Thu, Sep 5, 2013 at 10:26 PM, Lodewijk lodewijk@effeietsanders.orgwrote:
This was definitely mentioned at Wikimania. What I understood is that it will be hosted externally for performance and reliability reasons, but that the rest should remain the same.
So, A blog for one of the top 10 websites in the world is being hosted externally "for performance and reliability"? - That doesn't sound right. Maybe Mr. Roth & friends can clarify a bit here.
Blogs generally don't require a lot of resources, aside from some comment oversight. But it's not like there is a deluge of comments or moderation required in the current blog - they average about 1, maybe 2 comments and from my impression, don't particularly have a high number of regular followers.
This seems like something trivial, perhaps because of familiarity with Wordpress, it is being preferred in this case. But then, why are we willingly and so easily handing the visitors to a third party? especially with so much paranoia about monitoring and privacy issues. Even for the sake of our own impression and opinions - Is there a particular role there that Mediawiki can't fill in? (I recall Erik once argued that wiki is the most versatile platform, does he believe that Wordpress is a better alternative? )
Regards Theo
Anyway, I'm not an expert here, just what I understood from Matthew Roth & friends
Lodewijk
2013/9/5 Richard Symonds richard.symonds@wikimedia.org.uk
This is being discussed on-wiki too, at
https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordP...
.
Richard Symonds Wikimedia UK 0207 065 0992
Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A
4LT.
United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects).
*Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.*
On 5 September 2013 14:00, Neil Harris neil@tonal.clara.co.uk wrote:
On 05/09/13 13:37, MZMcBride wrote:
Hi.
The recent draft privacy policy mentions that the Wikimedia blog (https://blog.wikimedia.org) will soon be hosted by WordPress.com.
Was this discussed anywhere? If so, where?
What is the proposed URL structure of a blog hosted by WordPress.com?
I
think there's a reasonable expectation that when a user visits *.wikimedia.org, we don't simply send his or her browser info to a
third
party without his or her consent. This has come up previously with
Jobvite
and iframes. It's also come up with the use of tracking tools such as Google Analytics, which not only affect one-time visitors, but aim to persist client-side.
How will the blog be backed up? Relying on an external service means
not
being in control of the data. Will there be regular backups made to
ensure
that if WordPress.com goes away, we won't lose all of our posts?
MZMcBride
I agree: this does seem to be a curious decision, at odds with the
WMF's
general policy of self-hosting as much as possible in order to maintain maximum independence from outside entities, particularly in the context
of
the recent concerns about privacy. I would have thought that
maintaining
a
WordPress installation would be well within the WMF's capabilities.
Neil
______________________________**_________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.**org Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l%3E,
<mailto:wikimedia-l-request@**lists.wikimedia.org<
wikimedia-l-request@lists.wikimedia.org>
?subject=**unsubscribe>
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
As I understand the blog is currently a self-hosted instance of Wordpress and the idea is to move the hosting to somewhere else. (So this is not MediaWiki vs. Wordpress, but self-hosting vs. not self-hosting)
Best regards, Bence
On Thu, Sep 5, 2013 at 7:29 PM, Theo10011 de10011@gmail.com wrote:
On Thu, Sep 5, 2013 at 10:26 PM, Lodewijk <lodewijk@effeietsanders.org
wrote:
This was definitely mentioned at Wikimania. What I understood is that it will be hosted externally for performance and reliability reasons, but
that
the rest should remain the same.
So, A blog for one of the top 10 websites in the world is being hosted externally "for performance and reliability"? - That doesn't sound right. Maybe Mr. Roth & friends can clarify a bit here.
Blogs generally don't require a lot of resources, aside from some comment oversight. But it's not like there is a deluge of comments or moderation required in the current blog - they average about 1, maybe 2 comments and from my impression, don't particularly have a high number of regular followers.
This seems like something trivial, perhaps because of familiarity with Wordpress, it is being preferred in this case. But then, why are we willingly and so easily handing the visitors to a third party? especially with so much paranoia about monitoring and privacy issues. Even for the sake of our own impression and opinions - Is there a particular role there that Mediawiki can't fill in? (I recall Erik once argued that wiki is the most versatile platform, does he believe that Wordpress is a better alternative? )
Regards Theo
Anyway, I'm not an expert here, just what I understood from Matthew Roth
&
friends
Lodewijk
2013/9/5 Richard Symonds richard.symonds@wikimedia.org.uk
This is being discussed on-wiki too, at
https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordP...
.
Richard Symonds Wikimedia UK 0207 065 0992
Wikimedia UK is a Company Limited by Guarantee registered in England
and
Wales, Registered No. 6741827. Registered Charity No.1144513.
Registered
Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A
4LT.
United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation
(who
operate Wikipedia, amongst other projects).
*Wikimedia UK is an independent non-profit charity with no legal
control
over Wikipedia nor responsibility for its contents.*
On 5 September 2013 14:00, Neil Harris neil@tonal.clara.co.uk wrote:
On 05/09/13 13:37, MZMcBride wrote:
Hi.
The recent draft privacy policy mentions that the Wikimedia blog (https://blog.wikimedia.org) will soon be hosted by
WordPress.com.
Was this discussed anywhere? If so, where?
What is the proposed URL structure of a blog hosted by
WordPress.com?
I
think there's a reasonable expectation that when a user visits *.wikimedia.org, we don't simply send his or her browser info to a
third
party without his or her consent. This has come up previously with
Jobvite
and iframes. It's also come up with the use of tracking tools such
as
Google Analytics, which not only affect one-time visitors, but aim
to
persist client-side.
How will the blog be backed up? Relying on an external service means
not
being in control of the data. Will there be regular backups made to
ensure
that if WordPress.com goes away, we won't lose all of our posts?
MZMcBride
I agree: this does seem to be a curious decision, at odds with the
WMF's
general policy of self-hosting as much as possible in order to
maintain
maximum independence from outside entities, particularly in the
context
of
the recent concerns about privacy. I would have thought that
maintaining
a
WordPress installation would be well within the WMF's capabilities.
Neil
______________________________**_________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.**org Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l%3E,
<mailto:wikimedia-l-request@**lists.wikimedia.org<
wikimedia-l-request@lists.wikimedia.org>
?subject=**unsubscribe>
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Thu, Sep 5, 2013 at 10:33 AM, Bence Damokos bdamokos@gmail.com wrote:
As I understand the blog is currently a self-hosted instance of Wordpress and the idea is to move the hosting to somewhere else. (So this is not MediaWiki vs. Wordpress, but self-hosting vs. not self-hosting)
Exactly!
Best regards, Bence
On Thu, Sep 5, 2013 at 7:29 PM, Theo10011 de10011@gmail.com wrote:
On Thu, Sep 5, 2013 at 10:26 PM, Lodewijk <lodewijk@effeietsanders.org
wrote:
This was definitely mentioned at Wikimania. What I understood is that
it
will be hosted externally for performance and reliability reasons, but
that
the rest should remain the same.
So, A blog for one of the top 10 websites in the world is being hosted externally "for performance and reliability"? - That doesn't sound right. Maybe Mr. Roth & friends can clarify a bit here.
I can chime in as a tech operations person (in my official capacity). Currently the blog is in a partially maintained by Operations state. In ops, we have a few concerns - #1 is security (exemplified by our recent security incident) of having a wordpress instance in our production environment. #2 is support of the blog from a technical standpoint. We are currently all oversubscribed with trying to keep the production sites up and speedy. The blog is low priority for us compared to the wiki's, and therefore is often neglected. When we hire about 5 more ops people, it may be more sustainable, but right now, it's not - so it would actually be a net positive for the Operations team to move the blog onto a dedicated third party, and will also hopefully prevent any future security incidents.
Leslie
Blogs generally don't require a lot of resources, aside from some comment oversight. But it's not like there is a deluge of comments or moderation required in the current blog - they average about 1, maybe 2 comments and from my impression, don't particularly have a high number of regular followers.
This seems like something trivial, perhaps because of familiarity with Wordpress, it is being preferred in this case. But then, why are we willingly and so easily handing the visitors to a third party? especially with so much paranoia about monitoring and privacy issues. Even for the sake of our own impression and opinions - Is there a particular role
there
that Mediawiki can't fill in? (I recall Erik once argued that wiki is the most versatile platform, does he believe that Wordpress is a better alternative? )
Regards Theo
Anyway, I'm not an expert here, just what I understood from Matthew
Roth
&
friends
Lodewijk
2013/9/5 Richard Symonds richard.symonds@wikimedia.org.uk
This is being discussed on-wiki too, at
https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordP...
.
Richard Symonds Wikimedia UK 0207 065 0992
Wikimedia UK is a Company Limited by Guarantee registered in England
and
Wales, Registered No. 6741827. Registered Charity No.1144513.
Registered
Office 4th Floor, Development House, 56-64 Leonard Street, London
EC2A
4LT.
United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation
(who
operate Wikipedia, amongst other projects).
*Wikimedia UK is an independent non-profit charity with no legal
control
over Wikipedia nor responsibility for its contents.*
On 5 September 2013 14:00, Neil Harris neil@tonal.clara.co.uk
wrote:
On 05/09/13 13:37, MZMcBride wrote:
Hi.
The recent draft privacy policy mentions that the Wikimedia blog (https://blog.wikimedia.org) will soon be hosted by
WordPress.com.
Was this discussed anywhere? If so, where?
What is the proposed URL structure of a blog hosted by
WordPress.com?
I
think there's a reasonable expectation that when a user visits *.wikimedia.org, we don't simply send his or her browser info to
a
third
party without his or her consent. This has come up previously with
Jobvite
and iframes. It's also come up with the use of tracking tools such
as
Google Analytics, which not only affect one-time visitors, but aim
to
persist client-side.
How will the blog be backed up? Relying on an external service
means
not
being in control of the data. Will there be regular backups made
to
ensure
that if WordPress.com goes away, we won't lose all of our posts?
MZMcBride
I agree: this does seem to be a curious decision, at odds with the
WMF's
general policy of self-hosting as much as possible in order to
maintain
maximum independence from outside entities, particularly in the
context
of
the recent concerns about privacy. I would have thought that
maintaining
a
WordPress installation would be well within the WMF's capabilities.
Neil
______________________________**_________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.**org <Wikimedia-l@lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l%3E,
<mailto:wikimedia-l-request@**lists.wikimedia.org<
wikimedia-l-request@lists.wikimedia.org>
?subject=**unsubscribe>
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Fri, Sep 6, 2013 at 4:46 AM, Leslie Carr lcarr@wikimedia.org wrote:
I can chime in as a tech operations person (in my official capacity). Currently the blog is in a partially maintained by Operations state. In ops, we have a few concerns - #1 is security (exemplified by our recent security incident) of having a wordpress instance in our production environment. #2 is support of the blog from a technical standpoint. We are currently all oversubscribed with trying to keep the production sites up and speedy. The blog is low priority for us compared to the wiki's, and therefore is often neglected. When we hire about 5 more ops people, it may be more sustainable, but right now, it's not - so it would actually be a net positive for the Operations team to move the blog onto a dedicated third party, and will also hopefully prevent any future security incidents.
Leslie
That is a argument for changing the blogging tool/platform, Not changing to non self-hosted environment.
On Sep 5, 2013 5:07 PM, "K. Peachey" p858snake@gmail.com wrote:
On Fri, Sep 6, 2013 at 4:46 AM, Leslie Carr lcarr@wikimedia.org wrote: That is a argument for changing the blogging tool/platform, Not changing
to
non self-hosted environment.
How so? Not having to maintain another site, regardless of the platform, makes it easier on the ops team. Also, what platform would we even switch to? Joomla?
On 5 September 2013 22:07, K. Peachey p858snake@gmail.com wrote:
That is a argument for changing the blogging tool/platform, Not changing to non self-hosted environment.
tl;dr Wordpress is the only blog that isn't shit. And Wordpress.com is a fine place to host a blog if you don't want ever to have to think about the nuts and bolts of securing the thing.
I think this makes 100% sense from an operations perspective. Anytime you can "outsource" a lower priority web service - fantastic.
However, from a community advocacy perspective - I am less convinced. I would be curious if anyone from that team could chime in as well.
The security argument makes a great deal of sense to me - making the primary production sites vulnerable should always be avoided if at all humanly possible to do so.
Here are some lingering questions I would have for Advocacy and Ops: 1. How closely are we working with WordPress.com staff on this setup? 2. Will we be paying for the service? (I know it is minimal - more curious than anything) 3. Is the Automattic (company behind WordPress) privacy policy compatible with WMF's current and proposed (as it exists now) privacy policy? 4. Will people be required to register with WordPress.com to participate in the blog? 5. I recognize we utilize a lot of corporations - but most do not handle our content (I suppose data centers and bandwidth - but I digress) - generally that has been our own or a nonprofit like Freenode (if you count IRC as content service). Additionally, they use ads - which has been a hot topic on project sites. Recognizing the blog is not really a project site that is covered as tightly under our principles - can someone speak to the compatibility of Automattic's policies and values with WM and WMF? How are we getting around the ads? 6. Are there other services on WMF servers that could be potential security threats? Are OTRS, Mailman, and Etherpad subject to these concerns as well? Is there a likely possibility that other services will be moved in the future? 7. Should all of these services be moved to a separate server? Is that feasible?
I appreciate that WMF is having this dialogue before the switch actually happens. I agree it is a compelling idea.
- greg aka varnent
On 5 Sep, 2013, at 5:16 PM, David Gerard dgerard@gmail.com wrote:
On 5 September 2013 22:07, K. Peachey p858snake@gmail.com wrote:
That is a argument for changing the blogging tool/platform, Not changing to non self-hosted environment.
tl;dr Wordpress is the only blog that isn't shit. And Wordpress.com is a fine place to host a blog if you don't want ever to have to think about the nuts and bolts of securing the thing.
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
At least OTRS and mailman belong inside our security "bubble" of control, where the only people with access are ops and they can be properly secured. The security risk of those applications potentially introducing and attacker to all our data is minimal compared to the much greater risk of placing our user names, passwords, email addresses, and highly private OTRS queues in the hands of a third party including all their technicians, not to mention their security practices that we have no control over.
As for the other question. If the nsa sends a letter to WordPress then they can get the email address and IP of someone who posted a post or comment to our blog. Probably the password too. If we host it over SSL then there's no way for them to know even that a given user commented, and if we did SSL right (maybe in another ten years) no one would know whether an IP was anon browsing, a checkuser or oversight, or reading our highly sensitive OTRS queues. On Sep 5, 2013 6:28 PM, "Gregory Varnum" gregory.varnum@gmail.com wrote:
I think this makes 100% sense from an operations perspective. Anytime you can "outsource" a lower priority web service - fantastic.
However, from a community advocacy perspective - I am less convinced. I would be curious if anyone from that team could chime in as well.
The security argument makes a great deal of sense to me - making the primary production sites vulnerable should always be avoided if at all humanly possible to do so.
Here are some lingering questions I would have for Advocacy and Ops:
- How closely are we working with WordPress.com staff on this setup?
- Will we be paying for the service? (I know it is minimal - more curious
than anything) 3. Is the Automattic (company behind WordPress) privacy policy compatible with WMF's current and proposed (as it exists now) privacy policy? 4. Will people be required to register with WordPress.com to participate in the blog? 5. I recognize we utilize a lot of corporations - but most do not handle our content (I suppose data centers and bandwidth - but I digress) - generally that has been our own or a nonprofit like Freenode (if you count IRC as content service). Additionally, they use ads - which has been a hot topic on project sites. Recognizing the blog is not really a project site that is covered as tightly under our principles - can someone speak to the compatibility of Automattic's policies and values with WM and WMF? How are we getting around the ads? 6. Are there other services on WMF servers that could be potential security threats? Are OTRS, Mailman, and Etherpad subject to these concerns as well? Is there a likely possibility that other services will be moved in the future? 7. Should all of these services be moved to a separate server? Is that feasible?
I appreciate that WMF is having this dialogue before the switch actually happens. I agree it is a compelling idea.
- greg aka varnent
On 5 Sep, 2013, at 5:16 PM, David Gerard dgerard@gmail.com wrote:
On 5 September 2013 22:07, K. Peachey p858snake@gmail.com wrote:
That is a argument for changing the blogging tool/platform, Not
changing to
non self-hosted environment.
tl;dr Wordpress is the only blog that isn't shit. And Wordpress.com is a fine place to host a blog if you don't want ever to have to think about the nuts and bolts of securing the thing.
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Thu, Sep 5, 2013 at 6:44 PM, Dan Collins en.wp.st47@gmail.com wrote:
At least OTRS and mailman belong inside our security "bubble" of control, where the only people with access are ops and they can be properly secured. The security risk of those applications potentially introducing and attacker to all our data is minimal compared to the much greater risk of placing our user names, passwords, email addresses, and highly private OTRS queues in the hands of a third party including all their technicians, not to mention their security practices that we have no control over.
As for the other question. If the nsa sends a letter to WordPress then they can get the email address and IP of someone who posted a post or comment to our blog. Probably the password too. If we host it over SSL then there's no way for them to know even that a given user commented, and if we did SSL right (maybe in another ten years) no one would know whether an IP was anon browsing, a checkuser or oversight, or reading our highly sensitive OTRS queues.
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html...
In which it is disclosed that, unsurprisingly, SSL poses no real challenge for the NSA. In any case, I find it hard to imagine a plausible scenario in which the NSA would be interested in a commenter on the WMF blog. (My previous post in this thread was sarcastic, in case that was unclear).
Hi all,
I was going to socialize some of the transitions for the Wikimedia blog in the next few weeks on the Wikimedia blog spacehttps://meta.wikimedia.org/wiki/Wikimedia_Blogon Meta and on the blog itself with a blog post, but this conversation has sped up the discussion. I plan to have something on Meta by the beginning of next week and hope that we can continue the discussion there when the content is posted.
As a general concept, we’re redesigning the blog to be less focused on the Wikimedia Foundation and more on the Wikimedia movement. For the past year, we have been sharing more narratives from the movement, making this important communications tool more about movement partners and not exclusively about the Wikimedia Foundation. We believe the public has little understanding of the people behind the projects and we want to share their stories (i.e. why the contribute, why they edit, why they develop). We still need the tool to communicate important updates from the WMF, but that can be accomplished in a larger ecosystem with more diversity of voices. We’ve had a significant increase in publication from authors who don’t work for the WMF, as well as increased multi-lingual posts, and we will continue to increase the amount and diversity of participation.
Specifically, let me address a couple of points raised in this thread.
-
We are redesigning the blog. For those at Wikimania who saw my talk, we shared the working site for the new Wikimedia blog and explained the basics of our thinking. Here is the link for the site under construction. Please understand this is still under construction and there will be some changes, but this is the basic design of the new Wikimedia blog. It’s also populated with data from a db dump that is now 2 months old, so you will see significant content difference from the current Wikimedia blog. The draft version of the blog is hosted on an outside platform, WP Engine, but this is not necessarily the hosting company we may use in future: http://wikimedia.wpengine.com/ -
We’re exploring the possibility of 3rd-party hosting of the blog. We had extensive discussions with members of the WMF Operations and Engineering teams about whether to continue to host the blog on our servers or move to a 3rd-party host. Ultimately we determined that 3rd party hosts made sense for the blog for a number of important reasons. I would refer you to the email in this threadhttp://www.gossamer-threads.com/lists/wiki/foundation/387838#387838from Leslie Carr in our Ops team, but essentially they feel that a move to a 3rd party host would address important security and support concerns, and would therefore be preferable to continuing to host the blog ourselves. -
A 3rd-party host will give us redundancy and strong backups. The blog has become the Foundation’s primary public communications tool (alongside, naturally, the host of wikis we use to converse with the community). We want to be sure this platform is hosted on a 3rd-party site in case we encounter a significant outage or cluster-wide downtime. Obviously we can’t rely on the projects to get that information out if the cluster is down, and although we will continue to use identi.ca, twitter, and facebook, we’d like to have a stable place to point traffic. -
The blog needs to be able to handle a lot of traffic, quickly. We know that Wikimedia’s servers are up to this kind of task, but we’re experts at hosting wikis - not necessarily experts at hosting blogs. Specifically blogs that may need to handle very large volumes of traffic, spam, and comments in a short period of time. We had one such situation back in 2012 during the Wikipedia blackout. We sent tens of millions of readers to the Wikimedia blog and dealt with around 18K comments in a matter of hours. We could handle it, but we’d like to have capacity to handle that in an emergency situation. Not all blog hosting companies can do this, but a few that we’re looking at are expressly built to handle immediate and massive increases in traffic, and they’ve got amazing back up services. -
We have not yet selected a 3rd-party host. We have screened a couple of 3rd-party hosts. While Wordpress.com is one of our top choices (not the standard consumer version, rather their ‘managed’ or white glove hosting services for high volume customers), we have not yet selected them. Right now the WMF legal team is in discussions with Wordpress.com and others. We appreciate that if we host on a 3rd party site, we need to navigate the important issue of ensuring our privacies policies are compatible. -
The new blog is responsive and much better on multiple devices. With the 2012 Wordpress theme, we can easily adapt our blog to multiple screen widths. Please try expanding and narrowing your browser widths to see the responsive design, or load the new blog on a mobile or tablet. -
We feel Wordpress is still the best tool for blog publishing. While wikis are functional for many things, we feel Wordpress is better for blogging/publishing. When we started the blog redesign, we briefly discussed other platforms, but we don’t believe there is a superior tool for the blog. Because we’ve had a Wordpress install since 2008 and it has worked well for us since then, we decided not to change. We also needed to be sure that however we proceeded, we could also move away if we need to, and easily and quickly resume hosting of the blog or move it somewhere else. -
When we move hosting to a 3rd-party site, users will need to agree to the new privacy policy that we work out for the blog. During the transition when we update the database and move the blog from our cluster to a 3rd-party site, current blog users will need to create new accounts on the new blog and agree to the new privacy policy.
More to come next week, but hopefully this addresses some of the concerns raised here. We’re very interested in your feedback and hope that we can capture all the comments and critique on the Meta page when it is up.
thanks, Matthew
On Thu, Sep 5, 2013 at 3:44 PM, Dan Collins en.wp.st47@gmail.com wrote:
At least OTRS and mailman belong inside our security "bubble" of control, where the only people with access are ops and they can be properly secured. The security risk of those applications potentially introducing and attacker to all our data is minimal compared to the much greater risk of placing our user names, passwords, email addresses, and highly private OTRS queues in the hands of a third party including all their technicians, not to mention their security practices that we have no control over.
As for the other question. If the nsa sends a letter to WordPress then they can get the email address and IP of someone who posted a post or comment to our blog. Probably the password too. If we host it over SSL then there's no way for them to know even that a given user commented, and if we did SSL right (maybe in another ten years) no one would know whether an IP was anon browsing, a checkuser or oversight, or reading our highly sensitive OTRS queues. On Sep 5, 2013 6:28 PM, "Gregory Varnum" gregory.varnum@gmail.com wrote:
I think this makes 100% sense from an operations perspective. Anytime
you
can "outsource" a lower priority web service - fantastic.
However, from a community advocacy perspective - I am less convinced. I would be curious if anyone from that team could chime in as well.
The security argument makes a great deal of sense to me - making the primary production sites vulnerable should always be avoided if at all humanly possible to do so.
Here are some lingering questions I would have for Advocacy and Ops:
- How closely are we working with WordPress.com staff on this setup?
- Will we be paying for the service? (I know it is minimal - more
curious
than anything) 3. Is the Automattic (company behind WordPress) privacy policy compatible with WMF's current and proposed (as it exists now) privacy policy? 4. Will people be required to register with WordPress.com to participate in the blog? 5. I recognize we utilize a lot of corporations - but most do not handle our content (I suppose data centers and bandwidth - but I digress) - generally that has been our own or a nonprofit like Freenode (if you
count
IRC as content service). Additionally, they use ads - which has been a
hot
topic on project sites. Recognizing the blog is not really a project
site
that is covered as tightly under our principles - can someone speak to
the
compatibility of Automattic's policies and values with WM and WMF? How
are
we getting around the ads? 6. Are there other services on WMF servers that could be potential security threats? Are OTRS, Mailman, and Etherpad subject to these
concerns
as well? Is there a likely possibility that other services will be moved
in
the future? 7. Should all of these services be moved to a separate server? Is that feasible?
I appreciate that WMF is having this dialogue before the switch actually happens. I agree it is a compelling idea.
- greg aka varnent
On 5 Sep, 2013, at 5:16 PM, David Gerard dgerard@gmail.com wrote:
On 5 September 2013 22:07, K. Peachey p858snake@gmail.com wrote:
That is a argument for changing the blogging tool/platform, Not
changing to
non self-hosted environment.
tl;dr Wordpress is the only blog that isn't shit. And Wordpress.com is a fine place to host a blog if you don't want ever to have to think about the nuts and bolts of securing the thing.
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
*.Wordpress.com blocked in China..... Chinese wikipedia: http://zh.wikipedia.org/ My blog: http://shizhao.org twitter: https://twitter.com/shizhao
[[zh:User:Shizhao]]
2013/9/6 Matthew Roth mroth@wikimedia.org:
Hi all,
I was going to socialize some of the transitions for the Wikimedia blog in the next few weeks on the Wikimedia blog spacehttps://meta.wikimedia.org/wiki/Wikimedia_Blogon Meta and on the blog itself with a blog post, but this conversation has sped up the discussion. I plan to have something on Meta by the beginning of next week and hope that we can continue the discussion there when the content is posted.
As a general concept, we’re redesigning the blog to be less focused on the Wikimedia Foundation and more on the Wikimedia movement. For the past year, we have been sharing more narratives from the movement, making this important communications tool more about movement partners and not exclusively about the Wikimedia Foundation. We believe the public has little understanding of the people behind the projects and we want to share their stories (i.e. why the contribute, why they edit, why they develop). We still need the tool to communicate important updates from the WMF, but that can be accomplished in a larger ecosystem with more diversity of voices. We’ve had a significant increase in publication from authors who don’t work for the WMF, as well as increased multi-lingual posts, and we will continue to increase the amount and diversity of participation.
Specifically, let me address a couple of points raised in this thread.
We are redesigning the blog. For those at Wikimania who saw my talk, we shared the working site for the new Wikimedia blog and explained the basics of our thinking. Here is the link for the site under construction. Please understand this is still under construction and there will be some changes, but this is the basic design of the new Wikimedia blog. It’s also populated with data from a db dump that is now 2 months old, so you will see significant content difference from the current Wikimedia blog. The draft version of the blog is hosted on an outside platform, WP Engine, but this is not necessarily the hosting company we may use in future: http://wikimedia.wpengine.com/
We’re exploring the possibility of 3rd-party hosting of the blog. We had extensive discussions with members of the WMF Operations and Engineering teams about whether to continue to host the blog on our servers or move to a 3rd-party host. Ultimately we determined that 3rd party hosts made sense for the blog for a number of important reasons. I would refer you to the email in this threadhttp://www.gossamer-threads.com/lists/wiki/foundation/387838#387838from Leslie Carr in our Ops team, but essentially they feel that a move to a 3rd party host would address important security and support concerns, and would therefore be preferable to continuing to host the blog ourselves.
A 3rd-party host will give us redundancy and strong backups. The blog has become the Foundation’s primary public communications tool (alongside, naturally, the host of wikis we use to converse with the community). We want to be sure this platform is hosted on a 3rd-party site in case we encounter a significant outage or cluster-wide downtime. Obviously we can’t rely on the projects to get that information out if the cluster is down, and although we will continue to use identi.ca, twitter, and facebook, we’d like to have a stable place to point traffic.
The blog needs to be able to handle a lot of traffic, quickly. We know that Wikimedia’s servers are up to this kind of task, but we’re experts at hosting wikis - not necessarily experts at hosting blogs. Specifically blogs that may need to handle very large volumes of traffic, spam, and comments in a short period of time. We had one such situation back in 2012 during the Wikipedia blackout. We sent tens of millions of readers to the Wikimedia blog and dealt with around 18K comments in a matter of hours. We could handle it, but we’d like to have capacity to handle that in an emergency situation. Not all blog hosting companies can do this, but a few that we’re looking at are expressly built to handle immediate and massive increases in traffic, and they’ve got amazing back up services.
We have not yet selected a 3rd-party host. We have screened a couple of 3rd-party hosts. While Wordpress.com is one of our top choices (not the standard consumer version, rather their ‘managed’ or white glove hosting services for high volume customers), we have not yet selected them. Right now the WMF legal team is in discussions with Wordpress.com and others. We appreciate that if we host on a 3rd party site, we need to navigate the important issue of ensuring our privacies policies are compatible.
The new blog is responsive and much better on multiple devices. With the 2012 Wordpress theme, we can easily adapt our blog to multiple screen widths. Please try expanding and narrowing your browser widths to see the responsive design, or load the new blog on a mobile or tablet.
We feel Wordpress is still the best tool for blog publishing. While wikis are functional for many things, we feel Wordpress is better for blogging/publishing. When we started the blog redesign, we briefly discussed other platforms, but we don’t believe there is a superior tool for the blog. Because we’ve had a Wordpress install since 2008 and it has worked well for us since then, we decided not to change. We also needed to be sure that however we proceeded, we could also move away if we need to, and easily and quickly resume hosting of the blog or move it somewhere else.
When we move hosting to a 3rd-party site, users will need to agree to the new privacy policy that we work out for the blog. During the transition when we update the database and move the blog from our cluster to a 3rd-party site, current blog users will need to create new accounts on the new blog and agree to the new privacy policy.
More to come next week, but hopefully this addresses some of the concerns raised here. We’re very interested in your feedback and hope that we can capture all the comments and critique on the Meta page when it is up.
thanks, Matthew
On Thu, Sep 5, 2013 at 3:44 PM, Dan Collins en.wp.st47@gmail.com wrote:
At least OTRS and mailman belong inside our security "bubble" of control, where the only people with access are ops and they can be properly secured. The security risk of those applications potentially introducing and attacker to all our data is minimal compared to the much greater risk of placing our user names, passwords, email addresses, and highly private OTRS queues in the hands of a third party including all their technicians, not to mention their security practices that we have no control over.
As for the other question. If the nsa sends a letter to WordPress then they can get the email address and IP of someone who posted a post or comment to our blog. Probably the password too. If we host it over SSL then there's no way for them to know even that a given user commented, and if we did SSL right (maybe in another ten years) no one would know whether an IP was anon browsing, a checkuser or oversight, or reading our highly sensitive OTRS queues. On Sep 5, 2013 6:28 PM, "Gregory Varnum" gregory.varnum@gmail.com wrote:
I think this makes 100% sense from an operations perspective. Anytime
you
can "outsource" a lower priority web service - fantastic.
However, from a community advocacy perspective - I am less convinced. I would be curious if anyone from that team could chime in as well.
The security argument makes a great deal of sense to me - making the primary production sites vulnerable should always be avoided if at all humanly possible to do so.
Here are some lingering questions I would have for Advocacy and Ops:
- How closely are we working with WordPress.com staff on this setup?
- Will we be paying for the service? (I know it is minimal - more
curious
than anything) 3. Is the Automattic (company behind WordPress) privacy policy compatible with WMF's current and proposed (as it exists now) privacy policy? 4. Will people be required to register with WordPress.com to participate in the blog? 5. I recognize we utilize a lot of corporations - but most do not handle our content (I suppose data centers and bandwidth - but I digress) - generally that has been our own or a nonprofit like Freenode (if you
count
IRC as content service). Additionally, they use ads - which has been a
hot
topic on project sites. Recognizing the blog is not really a project
site
that is covered as tightly under our principles - can someone speak to
the
compatibility of Automattic's policies and values with WM and WMF? How
are
we getting around the ads? 6. Are there other services on WMF servers that could be potential security threats? Are OTRS, Mailman, and Etherpad subject to these
concerns
as well? Is there a likely possibility that other services will be moved
in
the future? 7. Should all of these services be moved to a separate server? Is that feasible?
I appreciate that WMF is having this dialogue before the switch actually happens. I agree it is a compelling idea.
- greg aka varnent
On 5 Sep, 2013, at 5:16 PM, David Gerard dgerard@gmail.com wrote:
On 5 September 2013 22:07, K. Peachey p858snake@gmail.com wrote:
That is a argument for changing the blogging tool/platform, Not
changing to
non self-hosted environment.
tl;dr Wordpress is the only blog that isn't shit. And Wordpress.com is a fine place to host a blog if you don't want ever to have to think about the nuts and bolts of securing the thing.
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
--
Matthew Roth Global Communications Manager Wikimedia Foundation +1.415.839.6885 ext 6635 www.wikimediafoundation.org *http://blog.wikimedia.org/* _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Thu, Sep 5, 2013 at 9:57 PM, shi zhao shizhao@gmail.com wrote:
*.Wordpress.com blocked in China.....
Welp, there goes that plan.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
<quote name="Tyler Romeo" date="2013-09-05" time="23:17:46 -0400">
On Thu, Sep 5, 2013 at 9:57 PM, shi zhao shizhao@gmail.com wrote:
*.Wordpress.com blocked in China.....
Welp, there goes that plan.
Being pedantic: that doesn't mean that all wordpress.com hosted blogs through different domains (eg: blog.wikimedia.org can point to a wordpress.com IP, which the blog really lives) are blocked.
I can't think of one off the top of my head that is in that category (they don't usually advertise that they're wordpress.com-hosted) to test/suggest.
Greg
On Thu, Sep 5, 2013 at 9:54 PM, Greg Grossmeier greg@wikimedia.org wrote:
I can't think of one off the top of my head that is in that category (they don't usually advertise that they're wordpress.com-hosted) to test/suggest.
Here are a few: http://wordpress.org/showcase
Greg
-- | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | | identi.ca: @greg A18D 1138 8E47 FAC8 1C7D |
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Also, it'd be a bit difficult to set up, because I doubt the China firewall is stupid enough to allow simple CNAME redirects, so we'd have to dynamically interact with whatever Wordpress.com's DNS environment is.
True, but does China only do domain based blocking?
Matthew: thank you very much for writing up this detailed explanation.
Matthew Roth wrote:
As a general concept, we’re redesigning the blog to be less focused on the Wikimedia Foundation and more on the Wikimedia movement. For the past year, we have been sharing more narratives from the movement, making this important communications tool more about movement partners and not exclusively about the Wikimedia Foundation. We believe the public has little understanding of the people behind the projects and we want to share their stories (i.e. why the contribute, why they edit, why they develop).
Yay! This is great.
We have not yet selected a 3rd-party host. We have screened a couple of 3rd-party hosts. While Wordpress.com is one of our top choices (not the standard consumer version, rather their 'managed' or white glove hosting services for high volume customers), we have not yet selected them. Right now the WMF legal team is in discussions with Wordpress.com and others.
Both the draft privacy policy and its associated talk page make it seem as though this has already been decided. Clarification in this area would be good, especially as I think it makes sense to figure out whether we should have a requirement that external services follow our (new) privacy policy.
We appreciate that if we host on a 3rd party site, we need to navigate the important issue of ensuring our privacies policies are compatible.
Navigate how?
When we move hosting to a 3rd-party site, users will need to agree to the new privacy policy that we work out for the blog. During the transition when we update the database and move the blog from our cluster to a 3rd-party site, current blog users will need to create new accounts on the new blog and agree to the new privacy policy.
This seems to focus on blog editors, but not blog visitors. If I visit wordpress.com, I see that my Web browser deflects Google Analytics, KissMetrics, Quantcast, and WordPress Stats. If I visit wordpress.org, I see that my browser deflects Google Analytics, Quantcast, Twitter Button, and Facebook Social Plugins.
MZMcBride
On 6 September 2013 14:19, MZMcBride z@mzmcbride.com wrote:
This seems to focus on blog editors, but not blog visitors. If I visit wordpress.com, I see that my Web browser deflects Google Analytics, KissMetrics, Quantcast, and WordPress Stats. If I visit wordpress.org, I see that my browser deflects Google Analytics, Quantcast, Twitter Button, and Facebook Social Plugins.
Yes. It's important that none of this happen.
- d.
David Gerard, 06/09/2013 15:22:
On 6 September 2013 14:19, MZMcBride wrote:
This seems to focus on blog editors, but not blog visitors. If I visit wordpress.com, I see that my Web browser deflects Google Analytics, KissMetrics, Quantcast, and WordPress Stats. If I visit wordpress.org, I see that my browser deflects Google Analytics, Quantcast, Twitter Button, and Facebook Social Plugins.
Yes. It's important that none of this happen.
Speaking of which, WMF got some visitor stats for the blog just a few months ago[1] which are also publicly available in aggregate as of a few days ago[2], using EventLogging: will the same system be usable also from a third-party installation? Also, I understand that the details of the security incident mentioned earlier are kept private, but is it something that can't be solved by hosting the blog on some scalable cloud service such as heroku or whatever, as we already do for wikitech-static wiki (and did for wikitech-old wiki)? Of course I'm not adding anything WMF doesn't know already; just mentioning a couple points worth addressing in future explanations of whatever decision is made.
Nemo
[1] https://meta.wikimedia.org/w/index.php?title=Talk:Wikimedia_budget&diff=prev&oldid=5640956 [2] https://ganglia.wikimedia.org/latest/graph.php?r=week&z=xlarge&title=&vl=&x=&n=&hreg[]=client-side&mreg[]=Blog>ype=line&glegend=show&aggregate=1&embed=1&_=1378369345031
What should not be missed out in the discussion is the fact that blog post according to current guidelines should be written on the wiki. Additionally accounts are not integrated. Operations is afraid of spikes, and spam. So why not just use the best platform we all know for this, and where the posts anyway get written now? Mediawiki. Wikinews allows original research. Having an additional type of communication on there would drive the project and solve all technical problems. That should not say that there might not be some other problems, but i would love to hear about them.
Rupert Am 06.09.2013 16:32 schrieb "Federico Leva (Nemo)" nemowiki@gmail.com:
David Gerard, 06/09/2013 15:22:
On 6 September 2013 14:19, MZMcBride wrote:
This seems to focus on blog editors, but not blog visitors. If I visit
wordpress.com, I see that my Web browser deflects Google Analytics, KissMetrics, Quantcast, and WordPress Stats. If I visit wordpress.org, I see that my browser deflects Google Analytics, Quantcast, Twitter Button, and Facebook Social Plugins.
Yes. It's important that none of this happen.
Speaking of which, WMF got some visitor stats for the blog just a few months ago[1] which are also publicly available in aggregate as of a few days ago[2], using EventLogging: will the same system be usable also from a third-party installation? Also, I understand that the details of the security incident mentioned earlier are kept private, but is it something that can't be solved by hosting the blog on some scalable cloud service such as heroku or whatever, as we already do for wikitech-static wiki (and did for wikitech-old wiki)? Of course I'm not adding anything WMF doesn't know already; just mentioning a couple points worth addressing in future explanations of whatever decision is made.
Nemo
[1] <https://meta.wikimedia.org/w/**index.php?title=Talk:** Wikimedia_budget&diff=prev&**oldid=5640956https://meta.wikimedia.org/w/index.php?title=Talk:Wikimedia_budget&diff=prev&oldid=5640956
[2] <https://ganglia.wikimedia.**org/latest/graph.php?r=week&z=** xlarge&title=&vl=&x=&n=&hreg[]**=client-side&mreg[]=Blog&** gtype=line&glegend=show&**aggregate=1&embed=1&_=**1378369345031https://ganglia.wikimedia.org/latest/graph.php?r=week&z=xlarge&title=&vl=&x=&n=&hreg[]=client-side&mreg[]=Blog>ype=line&glegend=show&aggregate=1&embed=1&_=1378369345031
______________________________**_________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.**org Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/**mailman/listinfo/wikimedia-lhttps://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@**lists.wikimedia.orgwikimedia-l-request@lists.wikimedia.org ?subject=**unsubscribe>
On Fri, Sep 6, 2013 at 12:53 PM, rupert THURNER rupert.thurner@gmail.comwrote:
What should not be missed out in the discussion is the fact that blog post according to current guidelines should be written on the wiki.
We started drafting blog posts on Meta to encourage transparency and make it easier to translate them. Mike Peel suggested we start doing it and it makes sense for most posts (rather than drafting them locally on your computer, or in another program). It's also easier this way for blog editors because Tilman has written a scripthttps://meta.wikimedia.org/wiki/Wikimedia_Blog/Converting_wiki_pages_to_blog_poststhat quickly converts markup to html.
Drafting on wiki is more of a good process than an ideal way to publish the content, in my opinion.
Additionally accounts are not integrated. Operations is afraid of spikes, and spam. So why not just use the best platform we all know for this, and where the posts anyway get written now? Mediawiki. Wikinews allows original research. Having an additional type of communication on there would drive the project and solve all technical problems. That should not say that there might not be some other problems, but i would love to hear about them.
Rupert Am 06.09.2013 16:32 schrieb "Federico Leva (Nemo)" nemowiki@gmail.com:
David Gerard, 06/09/2013 15:22:
On 6 September 2013 14:19, MZMcBride wrote:
This seems to focus on blog editors, but not blog visitors. If I visit
wordpress.com, I see that my Web browser deflects Google Analytics, KissMetrics, Quantcast, and WordPress Stats. If I visit wordpress.org,
I
see that my browser deflects Google Analytics, Quantcast, Twitter
Button,
and Facebook Social Plugins.
Yes. It's important that none of this happen.
Speaking of which, WMF got some visitor stats for the blog just a few months ago[1] which are also publicly available in aggregate as of a few days ago[2], using EventLogging: will the same system be usable also
from a
third-party installation? Also, I understand that the details of the security incident mentioned earlier are kept private, but is it something that can't be solved by hosting the blog on some scalable cloud service such as heroku
or
whatever, as we already do for wikitech-static wiki (and did for wikitech-old wiki)? Of course I'm not adding anything WMF doesn't know already; just mentioning a couple points worth addressing in future explanations of whatever decision is made.
Nemo
[1] <https://meta.wikimedia.org/w/**index.php?title=Talk:** Wikimedia_budget&diff=prev&**oldid=5640956<
https://meta.wikimedia.org/w/index.php?title=Talk:Wikimedia_budget&diff=...
[2] <https://ganglia.wikimedia.**org/latest/graph.php?r=week&z=** xlarge&title=&vl=&x=&n=&hreg[]**=client-side&mreg[]=Blog&** gtype=line&glegend=show&**aggregate=1&embed=1&_=**1378369345031<
https://ganglia.wikimedia.org/latest/graph.php?r=week&z=xlarge&title...
______________________________**_________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.**org Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l%3E,
<mailto:wikimedia-l-request@**lists.wikimedia.org<
wikimedia-l-request@lists.wikimedia.org>
?subject=**unsubscribe>
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Fri, Sep 6, 2013 at 10:20 PM, Matthew Roth mroth@wikimedia.org wrote:
On Fri, Sep 6, 2013 at 12:53 PM, rupert THURNER rupert.thurner@gmail.comwrote:
What should not be missed out in the discussion is the fact that blog post according to current guidelines should be written on the wiki.
We started drafting blog posts on Meta to encourage transparency and make it easier to translate them. Mike Peel suggested we start doing it and it makes sense for most posts (rather than drafting them locally on your computer, or in another program). It's also easier this way for blog editors because Tilman has written a scripthttps://meta.wikimedia.org/wiki/Wikimedia_Blog/Converting_wiki_pages_to_blog_poststhat quickly converts markup to html.
Drafting on wiki is more of a good process than an ideal way to publish the content, in my opinion.
why?
rupert.
On 8 September 2013 13:06, rupert THURNER rupert.thurner@gmail.com wrote:
On Fri, Sep 6, 2013 at 10:20 PM, Matthew Roth mroth@wikimedia.org wrote:
Drafting on wiki is more of a good process than an ideal way to publish the content, in my opinion.
why?
Because turning MediaWiki from a terrible blogging platform into a good one (comment management and blog-style RSS at absolute minimum) would be more work than even maintaining our own WordPress installation.
- d.
On 8 September 2013 13:16, David Gerard dgerard@gmail.com wrote:
Because turning MediaWiki from a terrible blogging platform into a good one (comment management and blog-style RSS at absolute minimum) would be more work than even maintaining our own WordPress installation.
Chatting with Rupert about this just now, he pointed out that Wikinews does RSS just fine:
https://www.mediawiki.org/wiki/Extension:GoogleNewsSitemap
The URL is ugly (but that's why mod_rewrite exists):
https://en.wikinews.org/w/index.php?title=Special:NewsFeed&feed=atom&...
So that's that problem actually solved (and I thought that'd be the hard one).
Comments remain a problem: LiquidThreads is unloved and largely unmaintained, and Flow is barely started.
- d.
That said, WordPress is the best blogging software because it does everything you'd want a blog to do. Moving from that to cobbling together a blog in MediaWiki would be like moving to TiddlyWiki because MediaWiki is hard.
As someone who has to administer WordPress for work, I think almost everyone who self-hosts WordPress should just be outsourcing it to wordpress.com. (I self-host my own sites 'cos I'm a control addict and because I know enough to do it relatively safely.)
* security hole of the month, requiring immediate upgrade to latest * keeping PHP from eating all your memory (fiddling with fcgid) * multisite functionality is weird, clunky and frequently just doesn't work properly * wp-cron.php is an abomination and should be disabled wherever possible * etc etc.
So outsourcing it is basically a good idea - if we can meet privacy policy and, more stringently, privacy *expectations*. Expectations are going to be more stringent than the letter of the policy, but we should still meet them for the blog just as well as we presently do.
- d.
Once we have Flow working well, then a Media-Wiki based public blog with comments might actually be workable (and it'd be nice to have comments mesh seamlessly with WM accounts).
However, that's still a year or two off - I don't think it's any reason not to transfer the blog for now, assuming we can handle the privacy issues that implies. We can always move back if we develop the mediawiki magic bullet :-)
A.
On 8 September 2013 14:08, David Gerard dgerard@gmail.com wrote:
On 8 September 2013 13:16, David Gerard dgerard@gmail.com wrote:
Because turning MediaWiki from a terrible blogging platform into a good one (comment management and blog-style RSS at absolute minimum) would be more work than even maintaining our own WordPress installation.
Chatting with Rupert about this just now, he pointed out that Wikinews does RSS just fine:
https://www.mediawiki.org/wiki/Extension:GoogleNewsSitemap
The URL is ugly (but that's why mod_rewrite exists):
https://en.wikinews.org/w/index.php?title=Special:NewsFeed&feed=atom&...
So that's that problem actually solved (and I thought that'd be the hard one).
Comments remain a problem: LiquidThreads is unloved and largely unmaintained, and Flow is barely started.
- d.
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
If self hosting WP is being a issue, We should look at sustianiable alternatives compared to just chucking the baby out with the bath water because it's "too hard".
I personally would love to see us usign a ncie GIT based backend produces static html outputs for the blog (Cachability++ Security++).
The only issue I forsee with such a option is choosing a comment system that we could embed.
On Thu, Sep 5, 2013 at 11:46 AM, Leslie Carr lcarr@wikimedia.org wrote:
Currently the blog is in a partially maintained by Operations state. In ops, we have a few concerns - #1 is security (exemplified by our recent security incident) of having a wordpress instance in our production environment. #2 is support of the blog from a technical standpoint. We are currently all oversubscribed with trying to keep the production sites up and speedy. The blog is low priority for us compared to the wiki's, and therefore is often neglected. When we hire about 5 more ops people, it may be more sustainable, but right now, it's not - so it would actually be a net positive for the Operations team to move the blog onto a dedicated third party, and will also hopefully prevent any future security incidents.
Exactly. Just because we have people who have no trouble maintaining a WordPress install doesn't mean we should. Time is always limited, and we have to prioritize. Working with a reputable third party that also drives development of the same open source software seems like a perfectly reasonable choice to me in this instance. And BTW - we do get situations where the blog gets a huge spike of traffic every once in a while, e.g. during the SOPA/PIPA protest, so hosting it ourselves is not as effortless as it may seem, without even accounting for customization requests from our communications team, etc.
Erik
How much do we expect to be paying to Wordpress each year for this service?
John Vandenberg. sent from Galaxy Note On Sep 6, 2013 8:23 AM, "Erik Moeller" erik@wikimedia.org wrote:
On Thu, Sep 5, 2013 at 11:46 AM, Leslie Carr lcarr@wikimedia.org wrote:
Currently the blog is in a partially maintained by Operations state. In ops, we have a few concerns - #1 is security (exemplified by our recent security incident) of having a wordpress instance in our production environment. #2 is support of the blog from a technical standpoint. We are currently all oversubscribed with trying to keep the production sites up and speedy. The blog is low priority for us compared to the wiki's,
and
therefore is often neglected. When we hire about 5 more ops people, it
may
be more sustainable, but right now, it's not - so it would actually be a net positive for the Operations team to move the blog onto a dedicated third party, and will also hopefully prevent any future security
incidents.
Exactly. Just because we have people who have no trouble maintaining a WordPress install doesn't mean we should. Time is always limited, and we have to prioritize. Working with a reputable third party that also drives development of the same open source software seems like a perfectly reasonable choice to me in this instance. And BTW - we do get situations where the blog gets a huge spike of traffic every once in a while, e.g. during the SOPA/PIPA protest, so hosting it ourselves is not as effortless as it may seem, without even accounting for customization requests from our communications team, etc.
Erik
Erik Möller VP of Engineering and Product Development, Wikimedia Foundation
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Hoi, The most relevant thing is the quality of the service provided. Add to this the limited resources the WMF has. The cost is probably less than what our total cost of ownership would be. It is also not wise to always try to second guess the people who have the responsibility to make these decisions. Thanks, GerardM
On 9 September 2013 11:16, John Vandenberg jayvdb@gmail.com wrote:
How much do we expect to be paying to Wordpress each year for this service?
John Vandenberg. sent from Galaxy Note On Sep 6, 2013 8:23 AM, "Erik Moeller" erik@wikimedia.org wrote:
On Thu, Sep 5, 2013 at 11:46 AM, Leslie Carr lcarr@wikimedia.org
wrote:
Currently the blog is in a partially maintained by Operations state.
In
ops, we have a few concerns - #1 is security (exemplified by our recent security incident) of having a wordpress instance in our production environment. #2 is support of the blog from a technical standpoint.
We
are currently all oversubscribed with trying to keep the production
sites
up and speedy. The blog is low priority for us compared to the wiki's,
and
therefore is often neglected. When we hire about 5 more ops people, it
may
be more sustainable, but right now, it's not - so it would actually be
a
net positive for the Operations team to move the blog onto a dedicated third party, and will also hopefully prevent any future security
incidents.
Exactly. Just because we have people who have no trouble maintaining a WordPress install doesn't mean we should. Time is always limited, and we have to prioritize. Working with a reputable third party that also drives development of the same open source software seems like a perfectly reasonable choice to me in this instance. And BTW - we do get situations where the blog gets a huge spike of traffic every once in a while, e.g. during the SOPA/PIPA protest, so hosting it ourselves is not as effortless as it may seem, without even accounting for customization requests from our communications team, etc.
Erik
Erik Möller VP of Engineering and Product Development, Wikimedia Foundation
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Personally i think this is a bad idea, especially with respect to all the nsa discussions. If wmf is not able to host it might be hosted by one of the chapters, or wikinews might accept a new article type "blog", what you think?
Rupert
Am 05.09.2013 19:34 schrieb "Bence Damokos" bdamokos@gmail.com:
As I understand the blog is currently a self-hosted instance of Wordpress and the idea is to move the hosting to somewhere else. (So this is not MediaWiki vs. Wordpress, but self-hosting vs. not self-hosting)
Best regards, Bence
On Thu, Sep 5, 2013 at 7:29 PM, Theo10011 de10011@gmail.com wrote:
On Thu, Sep 5, 2013 at 10:26 PM, Lodewijk <lodewijk@effeietsanders.org
wrote:
This was definitely mentioned at Wikimania. What I understood is that
it
will be hosted externally for performance and reliability reasons, but
that
the rest should remain the same.
So, A blog for one of the top 10 websites in the world is being hosted externally "for performance and reliability"? - That doesn't sound
right.
Maybe Mr. Roth & friends can clarify a bit here.
Blogs generally don't require a lot of resources, aside from some
comment
oversight. But it's not like there is a deluge of comments or moderation required in the current blog - they average about 1, maybe 2 comments
and
from my impression, don't particularly have a high number of regular followers.
This seems like something trivial, perhaps because of familiarity with Wordpress, it is being preferred in this case. But then, why are we willingly and so easily handing the visitors to a third party?
especially
with so much paranoia about monitoring and privacy issues. Even for the sake of our own impression and opinions - Is there a particular role
there
that Mediawiki can't fill in? (I recall Erik once argued that wiki is
the
most versatile platform, does he believe that Wordpress is a better alternative? )
Regards Theo
Anyway, I'm not an expert here, just what I understood from Matthew
Roth
&
friends
Lodewijk
2013/9/5 Richard Symonds richard.symonds@wikimedia.org.uk
This is being discussed on-wiki too, at
https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordP...
.
Richard Symonds Wikimedia UK 0207 065 0992
Wikimedia UK is a Company Limited by Guarantee registered in England
and
Wales, Registered No. 6741827. Registered Charity No.1144513.
Registered
Office 4th Floor, Development House, 56-64 Leonard Street, London
EC2A
4LT.
United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation
(who
operate Wikipedia, amongst other projects).
*Wikimedia UK is an independent non-profit charity with no legal
control
over Wikipedia nor responsibility for its contents.*
On 5 September 2013 14:00, Neil Harris neil@tonal.clara.co.uk
wrote:
On 05/09/13 13:37, MZMcBride wrote:
Hi.
The recent draft privacy policy mentions that the Wikimedia blog (https://blog.wikimedia.org) will soon be hosted by
WordPress.com.
Was this discussed anywhere? If so, where?
What is the proposed URL structure of a blog hosted by
WordPress.com?
I
think there's a reasonable expectation that when a user visits *.wikimedia.org, we don't simply send his or her browser info to
a
third
party without his or her consent. This has come up previously
with
Jobvite
and iframes. It's also come up with the use of tracking tools
such
as
Google Analytics, which not only affect one-time visitors, but
aim
to
persist client-side.
How will the blog be backed up? Relying on an external service
means
not
being in control of the data. Will there be regular backups made
to
ensure
that if WordPress.com goes away, we won't lose all of our posts?
MZMcBride
I agree: this does seem to be a curious decision, at odds with the
WMF's
general policy of self-hosting as much as possible in order to
maintain
maximum independence from outside entities, particularly in the
context
of
the recent concerns about privacy. I would have thought that
maintaining
a
WordPress installation would be well within the WMF's
capabilities.
Neil
______________________________**_________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.**org <Wikimedia-l@lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l%3E,
<mailto:wikimedia-l-request@**lists.wikimedia.org<
wikimedia-l-request@lists.wikimedia.org>
?subject=**unsubscribe>
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Thu, Sep 5, 2013 at 2:51 PM, rupert THURNER rupert.thurner@gmail.com wrote:
Personally i think this is a bad idea, especially with respect to all the nsa discussions. If wmf is not able to host it might be hosted by one of the chapters, or wikinews might accept a new article type "blog", what you think?
Rupert
This is a very good point - we must try to protect logs of visitors to the WMF blog from the inevitably prying eyes of the National Security Agency! And only by self-hosting it will this be effectively accomplished!
On Thu, Sep 5, 2013 at 2:57 PM, Nathan nawrich@gmail.com wrote:
This is a very good point - we must try to protect logs of visitors to the WMF blog from the inevitably prying eyes of the National Security Agency! And only by self-hosting it will this be effectively accomplished!
This doesn't make any sense. If we're assuming the NSA is monitoring all Internet traffic, which is the problem everybody has been complaining about, then they don't need access to our servers to tell who is visiting the blog.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Thursday, September 5, 2013, rupert THURNER wrote:
Personally i think this is a bad idea, especially with respect to all the nsa discussions. If wmf is not able to host it might be hosted by one of the chapters, or wikinews might accept a new article type "blog", what you think?
Cool idea, but maybe Wikipedia, Wikibooks, Wikiversity, meta or outreach would be a better fit mission wise? Blog hosting would violate fundamental Wikinews project guidelines regarding neutrality, style guidelines and verifiability. Thus, not a good fit for Wikinews, though I am sure if you contact the local communities, they would appreciate the suggestion. :) (Maybe Spanish Wikinews would appreciate it.) If it was a serious option, Wikinewsie.org is getting Icelandic hosting for our reporting journalism workspace to protect our reporters... I believe we already have a Wordpress install, so as a potential thematic organization, The Wikinewsie Group could be placed to assist. We chose Icelandic hosting for a variety of reasons that have been mentioned in previous security related discussions.
Sincerely, Laura Hale
Mediawiki is indeed the most versatile platform, but that just means it's okay at most things. It doesn't mean it's better than other platforms explicitly designed for a particular job ;-)
I'd prefer self-hosting on general principle, but if our operations people say it's better and more stable hosted elsewhere - and presumably they have - then fair enough.
Andrew.
On 5 September 2013 18:29, Theo10011 de10011@gmail.com wrote:
On Thu, Sep 5, 2013 at 10:26 PM, Lodewijk lodewijk@effeietsanders.orgwrote:
This was definitely mentioned at Wikimania. What I understood is that it will be hosted externally for performance and reliability reasons, but that the rest should remain the same.
So, A blog for one of the top 10 websites in the world is being hosted externally "for performance and reliability"? - That doesn't sound right. Maybe Mr. Roth & friends can clarify a bit here.
Blogs generally don't require a lot of resources, aside from some comment oversight. But it's not like there is a deluge of comments or moderation required in the current blog - they average about 1, maybe 2 comments and from my impression, don't particularly have a high number of regular followers.
This seems like something trivial, perhaps because of familiarity with Wordpress, it is being preferred in this case. But then, why are we willingly and so easily handing the visitors to a third party? especially with so much paranoia about monitoring and privacy issues. Even for the sake of our own impression and opinions - Is there a particular role there that Mediawiki can't fill in? (I recall Erik once argued that wiki is the most versatile platform, does he believe that Wordpress is a better alternative? )
Regards Theo
Anyway, I'm not an expert here, just what I understood from Matthew Roth & friends
Lodewijk
2013/9/5 Richard Symonds richard.symonds@wikimedia.org.uk
This is being discussed on-wiki too, at
https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordP...
.
Richard Symonds Wikimedia UK 0207 065 0992
Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A
4LT.
United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects).
*Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.*
On 5 September 2013 14:00, Neil Harris neil@tonal.clara.co.uk wrote:
On 05/09/13 13:37, MZMcBride wrote:
Hi.
The recent draft privacy policy mentions that the Wikimedia blog (https://blog.wikimedia.org) will soon be hosted by WordPress.com.
Was this discussed anywhere? If so, where?
What is the proposed URL structure of a blog hosted by WordPress.com?
I
think there's a reasonable expectation that when a user visits *.wikimedia.org, we don't simply send his or her browser info to a
third
party without his or her consent. This has come up previously with
Jobvite
and iframes. It's also come up with the use of tracking tools such as Google Analytics, which not only affect one-time visitors, but aim to persist client-side.
How will the blog be backed up? Relying on an external service means
not
being in control of the data. Will there be regular backups made to
ensure
that if WordPress.com goes away, we won't lose all of our posts?
MZMcBride
I agree: this does seem to be a curious decision, at odds with the
WMF's
general policy of self-hosting as much as possible in order to maintain maximum independence from outside entities, particularly in the context
of
the recent concerns about privacy. I would have thought that
maintaining
a
WordPress installation would be well within the WMF's capabilities.
Neil
______________________________**_________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.**org Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l%3E,
<mailto:wikimedia-l-request@**lists.wikimedia.org<
wikimedia-l-request@lists.wikimedia.org>
?subject=**unsubscribe>
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On 5 September 2013 20:03, Andrew Gray andrew.gray@dunelm.org.uk wrote:
Mediawiki is indeed the most versatile platform, but that just means it's okay at most things. It doesn't mean it's better than other platforms explicitly designed for a particular job ;-)
Wordpress is a ridiculously better blog platform than MediaWiki will ever be.
I'd prefer self-hosting on general principle, but if our operations people say it's better and more stable hosted elsewhere - and presumably they have - then fair enough.
I would worry only about our privacy policies for users - will we use our own database of users? Will people need to log in with a Wordpress.com accoun to comment? Can we say precisely what data Wordpress will get?
- d.
wikimedia-l@lists.wikimedia.org