BTW there are not only common browsers like internet explorer which
are getting content from wikipedia, but even less common browsers,
such as bots, which are sometimes written in languages, where even if
it's not impossible, it at least adds 1 more level of complexity for
programmer to make them work.
Some of you who know me, probably know that I am really lazy guy. And
I was cursing Ryan Lane for enforcing ssl on wikitech when I had to
implement some certificate handling and ssl handshake into wm-bot
which is retrieving some data from it using api (reorad only - wm-bot
doesn't even have mediawiki user account). It took me like 20 minutes
to implement it and that was really horrid :D Think of all these poor
programmers, who wrote their wikimedia bot in assembler or
brainfuck... try to implement ssl in that first :P
On Tue, Apr 30, 2013 at 8:02 PM, Petr Bena <benapetr(a)gmail.com> wrote:
Ok, I agree with both of you that ssl is probably no
deal for current
machines and browsers. But anyway - I am afraid that /forcing/ people
to use anything is a bad idea. It should be up to them to do what they
like on their own risk.
There are countries where encryption is illegal (not really expert on
that, but I heard that in Iran and such countries encryption is
problem), and these people would not be able to register / edit
wikipedia using an account if you made it a requirement.
First step should be just making it a default option for everyone,
before actually enforcing anybody.
On Tue, Apr 30, 2013 at 7:52 PM, Luis Villa <lvilla(a)wikimedia.org> wrote:
> On Tue, Apr 30, 2013 at 10:27 AM, Petr Bena <benapetr(a)gmail.com> wrote:
>> SSL is requiring more CPU,
>
> Not really.
>
> "In January this year (2010), Gmail switched to using HTTPS for
> everything by default. Previously it had been introduced as an option,
> but now all of our users use HTTPS to secure their email between their
> browsers and Google, all the time. In order to do this we had to
> deploy no additional machines and no special hardware. On our
> production frontend machines, SSL/TLS accounts for less than 1% of the
> CPU load, less than 10KB of memory per connection and less than 2% of
> network overhead. Many people believe that SSL takes a lot of CPU time
> and we hope the above numbers (public for the first time) will help to
> dispel that."
>
>
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
>
> Luis
>
>
>
>> both on server and client and disable all
>> kinds of cache (such as squid or varnish), and some browsers may have
>> problems with it OR in some countries encryption may be even illegal.
>>
>> Whatever you are going to do, you should let people turn it off.
>> Wikimedia project itself has horrible security (in this thread I
>> started some time ago -
>>
http://www.gossamer-threads.com/lists/wiki/wikitech/277357?do=post_view_thr…
>> I was even told that wikimedia doesn't need good security at all,
>> because user accounts aren't so critical there), forcing SSL will not
>> improve it much
>>
>> On Tue, Apr 30, 2013 at 6:30 AM, Paul Selitskas <p.selitskas(a)gmail.com>
wrote:
>>> On Tue, Apr 30, 2013 at 5:55 AM, Tyler Romeo <tylerromeo(a)gmail.com>
wrote:
>>>> On Mon, Apr 29, 2013 at 9:07 PM, Paul Selitskas
<p.selitskas(a)gmail.com>wrote;wrote:
>>>>
>>>>> There are some situations when HTTPS won't work (for example,
blocked
>>>>> by provider or government). How does one disable HTTPS without
>>>>> actually accessing a HTTPS version if the user is redirected from
HTTP
>>>>> automatically?
>>>>>
>>>>> HTTPS was once blocked in Belarus, thus disabling access to above
>>>>> mentioned GMail, Facebook, Twitter and so on. There should be always
>>>>> an option (like ?noSecure=1).
>>>>>
>>>>
>>>> Well, with $wgSecureLogin the idea is that it is completely disallowed
to
>>>> log in, i.e., enter a password, over an insecure connection.
>>>>
>>>
>>> Ah, I missed that moment. Thanks.
>>>
>>> --
>>> З павагай,
>>> Павел Селіцкас/Pavel Selitskas
>>> Wizardist @ Wikimedia projects
>>>
>>> _______________________________________________
>>> Wikitech-l mailing list
>>> Wikitech-l(a)lists.wikimedia.org
>>>
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> Wikitech-l(a)lists.wikimedia.org
>>
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
>
>
> --
> Luis Villa
> Deputy General Counsel
> Wikimedia Foundation
> 415.839.6885 ext. 6810
>
> NOTICE: This message may be confidential or legally privileged. If you
> have received it by accident, please delete it and let us know about
> the mistake. As an attorney for the Wikimedia Foundation, for
> legal/ethical reasons I cannot give legal advice to, or serve as a
> lawyer for, community members, volunteers, or staff members in their
> personal capacity.
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l(a)lists.wikimedia.org
>
https://lists.wikimedia.org/mailman/listinfo/wikitech-l