Here is your weekly dose of deployment highlights!
Full schedule always available at: https://wikitech.wikimedia.org/wiki/Deployments
Next week's: https://wikitech.wikimedia.org/wiki/Deployments#Week_of_August_19th
Highlights below...
== Monday == * We'll be enabling Ceph on production. Ceph is used for storage of media files (eg: images, videos, etc). More (very detailed) information about this can be found at: https://wikitech.wikimedia.org/wiki/Ceph * We'll be deploying OAuth to the set of test wikis (test.wikipedia, test2.wikipedia, mediawiki.org, and test.wikidata.org). More information about the OAuth work can be found at: https://www.mediawiki.org/wiki/Oauth * MediaWiki 1.22wmf13 will be deployed to the second group of wikis, ie: all non-Wikipedia project sites. For the list of important changes, see: https://www.mediawiki.org/wiki/MediaWiki_1.22/wmf13#Important_Changes
== Tuesday == * Notifications (Echo) will be deployed to the first set of non-english pilot sites, specifically French and Polish. See the Notifications release plan at: https://www.mediawiki.org/wiki/Echo/Release_Plan_2013
== Wednesday == * We will enable secure login (via HTTPS) by default. This means that all logged in users will read and edit the site via a secure connection over HTTPS. Given some restrictions/internet blocks in some jurisdictions, we will disable this feature on specific language wikis.
There is a page on MetaWiki explaining this, with a link to the Wikimedia blog post that originally announced the plan here: https://meta.wikimedia.org/wiki/HTTPS
This is a first step along a route to improved security while also taking into account internet censorship in certain jurisdictions.
There will be more communication about this rollout on Monday the 19th.
== Thursday == * MediaWiki 1.22wmf13 will be deployed to the last group of wikis, ie: all Wikipedia project sites. For the list of important changes, see: https://www.mediawiki.org/wiki/MediaWiki_1.22/wmf13#Important_Changes
If you have any questions, please let me know.
Greg
Quick update:
Visual Editor will be rolling out their latest wmf13 branch (not MediaWiki 1.22wmf13, but the VisualEditor code branched for wmf13) on the afternoon of Tuesday the 20th.
Wikitech Deployments page has been updated to reflect this.
Greg
<quote name="Greg Grossmeier" date="2013-08-16" time="15:34:21 -0700">
Here is your weekly dose of deployment highlights!
Full schedule always available at: https://wikitech.wikimedia.org/wiki/Deployments
Next week's: https://wikitech.wikimedia.org/wiki/Deployments#Week_of_August_19th
Highlights below...
== Monday ==
- We'll be enabling Ceph on production. Ceph is used for storage of media files (eg: images, videos, etc). More (very detailed) information about this can be found at: https://wikitech.wikimedia.org/wiki/Ceph
- We'll be deploying OAuth to the set of test wikis (test.wikipedia, test2.wikipedia, mediawiki.org, and test.wikidata.org). More information about the OAuth work can be found at: https://www.mediawiki.org/wiki/Oauth
- MediaWiki 1.22wmf13 will be deployed to the second group of wikis, ie: all non-Wikipedia project sites. For the list of important changes, see: https://www.mediawiki.org/wiki/MediaWiki_1.22/wmf13#Important_Changes
== Tuesday ==
- Notifications (Echo) will be deployed to the first set of non-english pilot sites, specifically French and Polish. See the Notifications release plan at: https://www.mediawiki.org/wiki/Echo/Release_Plan_2013
== Wednesday ==
We will enable secure login (via HTTPS) by default. This means that all logged in users will read and edit the site via a secure connection over HTTPS. Given some restrictions/internet blocks in some jurisdictions, we will disable this feature on specific language wikis.
There is a page on MetaWiki explaining this, with a link to the Wikimedia blog post that originally announced the plan here: https://meta.wikimedia.org/wiki/HTTPS
This is a first step along a route to improved security while also taking into account internet censorship in certain jurisdictions.
There will be more communication about this rollout on Monday the 19th.
== Thursday ==
- MediaWiki 1.22wmf13 will be deployed to the last group of wikis, ie: all Wikipedia project sites. For the list of important changes, see: https://www.mediawiki.org/wiki/MediaWiki_1.22/wmf13#Important_Changes
If you have any questions, please let me know.
Greg
-- | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | | identi.ca: @greg A18D 1138 8E47 FAC8 1C7D |
Ceph and OAuth pages still don't say anything about what's actually going to happen. (What sort of OAuth, read only or not etc.? Ceph for what, and is it true that "We're *currently* evaluating it" as the wikitech page says, or is the roadmap right that some decision was taken in July?)
Nemo
<quote name="Federico Leva (Nemo)" date="2013-08-17" time="11:45:29 +0200">
Ceph and OAuth pages still don't say anything about what's actually going to happen. (What sort of OAuth, read only or not etc.? Ceph for what, and is it true that "We're *currently* evaluating it" as the wikitech page says, or is the roadmap right that some decision was taken in July?)
Yes, sorry about that. Those project pages are out of date.
Quick answers:
Ceph: This morning (Pacific time) we enabled multi-write to both Ceph and Swift (ie: Ceph will be as up to date as the main file store constantly). Later this week (probably Thursday) around the same time (early early Pacific morning) we'll switch the 'master' store to Ceph. ie: you shouldn't see any issues now on the user facing end, but you might later this week (but probably not, based on what we saw this morning).
OAuth: Chris can correct me if I'm wrong, but this first round of OAuth deploys will be to enable intra-WMF server OAuth (mostly for Labs/Wikitech use, I believe).
Thanks,
Greg
On Mon, Aug 19, 2013 at 12:06 PM, Greg Grossmeier greg@wikimedia.orgwrote:
<quote name="Federico Leva (Nemo)" date="2013-08-17" time="11:45:29 +0200"> > Ceph and OAuth pages still don't say anything about what's actually > going to happen. (What sort of OAuth, read only or not etc.? Ceph > for what, and is it true that "We're *currently* evaluating it" as > the wikitech page says, or is the roadmap right that some decision > was taken in July?)
Yes, sorry about that. Those project pages are out of date.
Quick answers:
Ceph: This morning (Pacific time) we enabled multi-write to both Ceph and Swift (ie: Ceph will be as up to date as the main file store constantly). Later this week (probably Thursday) around the same time (early early Pacific morning) we'll switch the 'master' store to Ceph. ie: you shouldn't see any issues now on the user facing end, but you might later this week (but probably not, based on what we saw this morning).
OAuth: Chris can correct me if I'm wrong, but this first round of OAuth deploys will be to enable intra-WMF server OAuth (mostly for Labs/Wikitech use, I believe).
I just deployed OAuth to the test wikis this morning. The available set of rights that can be authorized to an OAuth Consumer (an application that will be talking to the MediaWiki api on behalf of a user) isn't exhaustive, but it covers most basic usage of the api, including editing. So no, not read only.
I'll send out a more detailed announcement with links to documentation for getting started with OAuth in a little bit.
Thanks,
Greg
-- | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | | identi.ca: @greg A18D 1138 8E47 FAC8 1C7D |
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Thank you both, concise and clear. :) Even though they are just quick ephemeral updates they are useful so I've copied them to * https://www.mediawiki.org/wiki/Auth_systems/status#2013-08-20 and * https://www.mediawiki.org/wiki/Site_performance_and_architecture/status#2013-08-20 which appear to be the (only) pages where they fit.
Nemo
Greg Grossmeier wrote:
If you have any questions, please let me know.
All right.
== Wednesday ==
- We will enable secure login (via HTTPS) by default. This means that
all logged in users will read and edit the site via a secure connection over HTTPS. Given some restrictions/internet blocks in some jurisdictions, we will disable this feature on specific language wikis.
* Will logged in users automatically be redirected from HTTP to HTTPS once this change is live?
* Will links in e-mail notifications switch from HTTP to HTTPS?
Most importantly, a change like this will inevitably result in a small percentage of users no longer being able to access the site.
** How are editors expected to be able to report issues if they're no longer able to access the site? Will they simply have to edit a village pump anonymously and hope that someone notices?
** Will there be any opt-out mechanism for logged in users?
*** Is the editing community willing to lose a small percentage of editors who will no longer be able to contribute to the site?
MZMcBride
Le Sat, 17 Aug 2013 15:58:01 +0200, MZMcBride z@mzmcbride.com a écrit:
Greg Grossmeier wrote:
== Wednesday ==
- We will enable secure login (via HTTPS) by default. This means that
all logged in users will read and edit the site via a secure connection over HTTPS. Given some restrictions/internet blocks in some jurisdictions, we will disable this feature on specific language wikis.
- Will logged in users automatically be redirected from HTTP to HTTPS
once this change is live?
- Will links in e-mail notifications switch from HTTP to HTTPS?
Most importantly, a change like this will inevitably result in a small percentage of users no longer being able to access the site.
** How are editors expected to be able to report issues if they're no longer able to access the site? Will they simply have to edit a village pump anonymously and hope that someone notices?
** Will there be any opt-out mechanism for logged in users?
*** Is the editing community willing to lose a small percentage of editors who will no longer be able to contribute to the site?
MZMcBride
Given the number of questions coming with HTTPS, I find we should discuss it in a central and perennial location, probably on the new page [[meta:HTTPS]] https://meta.wikimedia.org/wiki/HTTPS.
Indeed, in addition to the WMF, the public and editors are now concerned about the privacy and browsing security, but HTTPS has many challenges that need to be addressed: * technical issues (e.g. caching, performance, MITM mitigation, PFS/cipher suites, DNSSEC), * diplomatic issues (e.g. country of issuance of the certificate, firewall of China), * user interaction issues (e.g. diffuse knowledge about HTTPS and security, management of errors, promotion of pinning/TACK? http://tack.io) So tech and non-tech people should be involved in the discussions to better balance all aspects of the security/privacy.
Just my POV, Seb35
<quote name="MZMcBride" date="2013-08-17" time="09:58:01 -0400">
Greg Grossmeier wrote:
If you have any questions, please let me know.
All right.
:-)
== Wednesday ==
- We will enable secure login (via HTTPS) by default. This means that
all logged in users will read and edit the site via a secure connection over HTTPS. Given some restrictions/internet blocks in some jurisdictions, we will disable this feature on specific language wikis.
- Will logged in users automatically be redirected from HTTP to HTTPS once
this change is live?
- Will links in e-mail notifications switch from HTTP to HTTPS?
Most importantly, a change like this will inevitably result in a small percentage of users no longer being able to access the site.
** How are editors expected to be able to report issues if they're no longer able to access the site? Will they simply have to edit a village pump anonymously and hope that someone notices?
** Will there be any opt-out mechanism for logged in users?
*** Is the editing community willing to lose a small percentage of editors who will no longer be able to contribute to the site?
After I talk with the relevant/knowledgeable people (namely, Chris and Ryan) later today, I'll add these questions and answers to the HTTPS wiki page on meta.
Thanks for help us be explicit.
Greg
wikitech-l@lists.wikimedia.org