The question this list would need to find agreement on is: should the Uzbek Wikipedia be set up in a way that makes access via the HTTPS protocol the canonical one?
Certainly. There is already widespread agreement on supporting HTTPS in the archives, and no question that it should be canonical when ISPs or governments seek to block the HTTP access. Any government taking those measures is likely to take other measures which might put editors using HTTP instead of HTTPS at risk, so it makes abundant sense to do this if we have any respect for our editors' safety at all.
I wish that http://208.80.154.225/wiki/Bosh_Sahifa and https://208.80.154.225/wiki/Bosh_Sahifa would work, too, but the foundation apparently can't or chooses not to afford separate IP addresses for each language's Wikipedia.
The Foundation in years past would take advantage of the end of the annual fundraiser to write a thank you letter to donors which included other less well funded charity foundations and organization which the leadership would recommend endorsing. One of those foundations, the EFF, publishes this page with helpful background information:
https://www.eff.org/https-everywhere
One of the reasons that donor response was so strong this year is because this past January, the Foundation decided to join with the EFF and others in support of what turned out to be a very popular activism campaign against the proposed U.S. SOPA/PIPA legislation, primarily in the interest of the Foundation's legal and office actions staff which would have been substantially burdened with the task of removing links to external sites deemed infringing in ex parte court applications had the legislation become law. Can you imagine what would happen if the Foundation decided to support more than just their own staff and take action to support the nearly one fifth of long time editors who toil in near-poverty or impoverished conditions by with an activism campaign based on Chart 4 of http://www.imf.org/external/pubs/ft/fandd/2011/09/berg.htm or http://en.wikipedia.org/wiki/File:Employment_growth_by_top_tax_rate.jpg or https://docs.google.com/presentation/d/1Yz3W7LVnwne79wiwxdqKiRuFRAyQX-JXIAbA... ?
Best regards, James Salsman
I wish that http://208.80.154.225/wiki/Bosh_Sahifa and https://208.80.154.225/wiki/Bosh_Sahifa would work, too, but the foundation apparently can't or chooses not to afford separate IP addresses for each language's Wikipedia.
As one of the network folks, I will answer this. We do not have enough public IP(v4)s for an address for each language in each project, and unless someone gives us a major donation of IPv4 addresses (anyone have a spare /20 laying around?), I don't think we will be able to make this happen as we are frugal with our existing IPs and the allocating authorities (RIPE and ARIN) are being quite strict with their new IPv4 allocations.
If you'd like to read more about IP allocation policies, here's a few links https://www.arin.net/policy/nrpm.html#four3 https://www.arin.net/resources/request/ipv4_depletion.html https://www.ripe.net/ripe/docs/ripe-553 (see section 5.6)
Leslie
Leslie Carr lcarr@wikimedia.org schrieb:
I wish that http://208.80.154.225/wiki/Bosh_Sahifa and https://208.80.154.225/wiki/Bosh_Sahifa would work, too, but the foundation apparently can't or chooses not to afford separate IP addresses for each language's Wikipedia.
As one of the network folks, I will answer this. We do not have enough public IP(v4)s for an address for each language in each project, and unless someone gives us a major donation of IPv4 addresses (anyone have a spare /20 laying around?), I don't think we will be able to make this happen as we are frugal with our existing IPs and the allocating authorities (RIPE and ARIN) are being quite strict with their new IPv4 allocations.
If you'd like to read more about IP allocation policies, here's a few links https://www.arin.net/policy/nrpm.html#four3 https://www.arin.net/resources/request/ipv4_depletion.html https://www.ripe.net/ripe/docs/ripe-553 (see section 5.6)
Just an idea, which is not very beautiful: What about a router forwarding ports to the correct machine by using iptables? Would that also work in connection with search engines?
Cheers
Marco
On Thu, Dec 27, 2012 at 1:39 PM, Marco Fleckinger marco.fleckinger@wikipedia.at wrote:
Leslie Carr lcarr@wikimedia.org schrieb:
I wish that http://208.80.154.225/wiki/Bosh_Sahifa and https://208.80.154.225/wiki/Bosh_Sahifa would work, too, but the foundation apparently can't or chooses not to afford separate IP addresses for each language's Wikipedia.
As one of the network folks, I will answer this. We do not have enough public IP(v4)s for an address for each language in each project, and unless someone gives us a major donation of IPv4 addresses (anyone have a spare /20 laying around?), I don't think we will be able to make this happen as we are frugal with our existing IPs and the allocating authorities (RIPE and ARIN) are being quite strict with their new IPv4 allocations.
If you'd like to read more about IP allocation policies, here's a few links https://www.arin.net/policy/nrpm.html#four3 https://www.arin.net/resources/request/ipv4_depletion.html https://www.ripe.net/ripe/docs/ripe-553 (see section 5.6)
Just an idea, which is not very beautiful: What about a router forwarding ports to the correct machine by using iptables? Would that also work in connection with search engines?
Are you suggesting we use different nonstandard ports for each different wiki/language combo that resides on the same IP ?
Cheers
Marco
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Leslie Carr lcarr@wikimedia.org schrieb:
On Thu, Dec 27, 2012 at 1:39 PM, Marco Fleckinger marco.fleckinger@wikipedia.at wrote:
Just an idea, which is not very beautiful: What about a router
forwarding ports to the correct machine by using iptables? Would that also work in connection with search engines?
Are you suggesting we use different nonstandard ports for each different wiki/language combo that resides on the same IP ?
Yes exactly!
On Thu, Dec 27, 2012 at 2:37 PM, Marco Fleckinger marco.fleckinger@wikipedia.at wrote:
Leslie Carr lcarr@wikimedia.org schrieb:
On Thu, Dec 27, 2012 at 1:39 PM, Marco Fleckinger marco.fleckinger@wikipedia.at wrote:
Just an idea, which is not very beautiful: What about a router
forwarding ports to the correct machine by using iptables? Would that also work in connection with search engines?
Are you suggesting we use different nonstandard ports for each different wiki/language combo that resides on the same IP ?
Yes exactly!
I guess that is theoretically possible with a more intrusive load balancer in the middle. We need the HOST information from the http header to be added as we have our varnish caches serving multiple services, not one(or more) per language/project combo. I'm pretty sure that lvs doesn't have this ability (which we use). Some large commercial load balancers have the ability to rewrite some headers, but that would be a pretty intensive operation (think lots of cpu needed, since it needs to terminate SSL and then rewrite headers) and would probably be expensive. If you have another way you think we can do this, I am all ears!
We may want to move this discussion to wikitech-l as all the technical discussions probably bore most of the people on wikimedia-l
Leslie
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
How many languages _need_ this?
Is it only one language-project?
If you only need one IP address, to avoid censorship by one country, it should be achievable.
John Vandenberg. sent from Galaxy Note On Dec 28, 2012 4:21 AM, "Leslie Carr" lcarr@wikimedia.org wrote:
I wish that http://208.80.154.225/wiki/Bosh_Sahifa and https://208.80.154.225/wiki/Bosh_Sahifa would work, too, but the foundation apparently can't or chooses not to afford separate IP addresses for each language's Wikipedia.
As one of the network folks, I will answer this. We do not have enough public IP(v4)s for an address for each language in each project, and unless someone gives us a major donation of IPv4 addresses (anyone have a spare /20 laying around?), I don't think we will be able to make this happen as we are frugal with our existing IPs and the allocating authorities (RIPE and ARIN) are being quite strict with their new IPv4 allocations.
If you'd like to read more about IP allocation policies, here's a few links https://www.arin.net/policy/nrpm.html#four3 https://www.arin.net/resources/request/ipv4_depletion.html https://www.ripe.net/ripe/docs/ripe-553 (see section 5.6)
Leslie
-- Leslie Carr Wikimedia Foundation AS 14907, 43821 http://as14907.peeringdb.com/
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Thank you everyone for your help, and I especially appreciate Sumanah for setting up the bug and making the RT ticket happen. Unfortunately, I cannot track the progress of the RT ticket, but I am sure someone will keep us posted on the Bugzilla bug or on this list.
Eternal gratitude to everyone involved!
Regarding the discussion about the IP, here are my thoughts, but maybe I am missing a number of the technical intricacies here:
I am not sure if I understand correctly, but having access through the IP does not seem to improve the situation. Remember that access through https is perfectly possible. So for anyone who really wants to access the wiki and knows about the https-access, they can.
The problem are those people that do not know about it. There are no people coming to the Uzbek Wikipedia through search engines, because they link to the http-protocol version of the URLs. That is why making the https-Version canonical and thus the addresses the search engines eventually point to much more useful.
One could make the IP-Adress directly canonical -- otherwise setting up this extra-IP would not bring any advantage -- and thus avoid DNS, but this is not required to resolve the current problem, and it sure would not be very pretty. Also, IP-banning a single IP through an ISP is all but hard for an ISP. And anyway, it would need to be configured to setup a canonical URL, which is the currently suggested next step anyway.
Therefore I would suggest to refrain from setting up a specific IP (besides the technicality of having too few IPs around), at least for now, and concentrate on canonizing the HTTPS protocol (as summed up in the Bug).
Thank you again!
On Fri, Dec 28, 2012 at 3:05 AM, John Vandenberg jayvdb@gmail.com wrote:
How many languages _need_ this?
Is it only one language-project?
If you only need one IP address, to avoid censorship by one country, it should be achievable.
John Vandenberg. sent from Galaxy Note On Dec 28, 2012 4:21 AM, "Leslie Carr" lcarr@wikimedia.org wrote:
I wish that http://208.80.154.225/wiki/Bosh_Sahifa and https://208.80.154.225/wiki/Bosh_Sahifa would work, too, but the foundation apparently can't or chooses not to afford separate IP addresses for each language's Wikipedia.
As one of the network folks, I will answer this. We do not have enough public IP(v4)s for an address for each language in each project, and unless someone gives us a major donation of IPv4 addresses (anyone have a spare /20 laying around?), I don't think we will be able to make this happen as we are frugal with our existing IPs and the allocating authorities (RIPE and ARIN) are being quite strict with their new IPv4 allocations.
If you'd like to read more about IP allocation policies, here's a few
links
https://www.arin.net/policy/nrpm.html#four3 https://www.arin.net/resources/request/ipv4_depletion.html https://www.ripe.net/ripe/docs/ripe-553 (see section 5.6)
Leslie
-- Leslie Carr Wikimedia Foundation AS 14907, 43821 http://as14907.peeringdb.com/
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
wikimedia-l@lists.wikimedia.org