[Wikimedia-l] Wikimedia blog moving to WordPress.com
Matthew Roth
mroth at wikimedia.org
Thu Sep 5 22:50:41 UTC 2013
Hi all,
I was going to socialize some of the transitions for the Wikimedia blog in
the next few weeks on the Wikimedia blog
space<https://meta.wikimedia.org/wiki/Wikimedia_Blog>on Meta and on
the blog itself with a blog post, but this conversation has
sped up the discussion. I plan to have something on Meta by the beginning
of next week and hope that we can continue the discussion there when the
content is posted.
As a general concept, we’re redesigning the blog to be less focused on the
Wikimedia Foundation and more on the Wikimedia movement. For the past year,
we have been sharing more narratives from the movement, making this
important communications tool more about movement partners and not
exclusively about the Wikimedia Foundation. We believe the public has
little understanding of the people behind the projects and we want to share
their stories (i.e. why the contribute, why they edit, why they develop).
We still need the tool to communicate important updates from the WMF, but
that can be accomplished in a larger ecosystem with more diversity of
voices. We’ve had a significant increase in publication from authors who
don’t work for the WMF, as well as increased multi-lingual posts, and we
will continue to increase the amount and diversity of participation.
Specifically, let me address a couple of points raised in this thread.
-
We are redesigning the blog. For those at Wikimania who saw my talk, we
shared the working site for the new Wikimedia blog and explained the basics
of our thinking. Here is the link for the site under construction. Please
understand this is still under construction and there will be some changes,
but this is the basic design of the new Wikimedia blog. It’s also populated
with data from a db dump that is now 2 months old, so you will see
significant content difference from the current Wikimedia blog. The draft
version of the blog is hosted on an outside platform, WP Engine, but this
is not necessarily the hosting company we may use in future:
http://wikimedia.wpengine.com/
-
We’re exploring the possibility of 3rd-party hosting of the blog. We had
extensive discussions with members of the WMF Operations and Engineering
teams about whether to continue to host the blog on our servers or move to
a 3rd-party host. Ultimately we determined that 3rd party hosts made sense
for the blog for a number of important reasons. I would refer you to the
email in this
thread<http://www.gossamer-threads.com/lists/wiki/foundation/387838#387838>from
Leslie Carr in our Ops team, but essentially they feel that a move to
a 3rd party host would address important security and support concerns, and
would therefore be preferable to continuing to host the blog ourselves.
-
A 3rd-party host will give us redundancy and strong backups. The blog
has become the Foundation’s primary public communications tool (alongside,
naturally, the host of wikis we use to converse with the community). We
want to be sure this platform is hosted on a 3rd-party site in case we
encounter a significant outage or cluster-wide downtime. Obviously we can’t
rely on the projects to get that information out if the cluster is down,
and although we will continue to use identi.ca, twitter, and facebook,
we’d like to have a stable place to point traffic.
-
The blog needs to be able to handle a lot of traffic, quickly. We know
that Wikimedia’s servers are up to this kind of task, but we’re experts at
hosting wikis - not necessarily experts at hosting blogs. Specifically
blogs that may need to handle very large volumes of traffic, spam, and
comments in a short period of time. We had one such situation back in 2012
during the Wikipedia blackout. We sent tens of millions of readers to the
Wikimedia blog and dealt with around 18K comments in a matter of hours. We
could handle it, but we’d like to have capacity to handle that in an
emergency situation. Not all blog hosting companies can do this, but a few
that we’re looking at are expressly built to handle immediate and massive
increases in traffic, and they’ve got amazing back up services.
-
We have not yet selected a 3rd-party host. We have screened a couple of
3rd-party hosts. While Wordpress.com is one of our top choices (not the
standard consumer version, rather their ‘managed’ or white glove hosting
services for high volume customers), we have not yet selected them. Right
now the WMF legal team is in discussions with Wordpress.com and others. We
appreciate that if we host on a 3rd party site, we need to navigate the
important issue of ensuring our privacies policies are compatible.
-
The new blog is responsive and much better on multiple devices. With the
2012 Wordpress theme, we can easily adapt our blog to multiple screen
widths. Please try expanding and narrowing your browser widths to see the
responsive design, or load the new blog on a mobile or tablet.
-
We feel Wordpress is still the best tool for blog publishing. While
wikis are functional for many things, we feel Wordpress is better for
blogging/publishing. When we started the blog redesign, we briefly
discussed other platforms, but we don’t believe there is a superior tool
for the blog. Because we’ve had a Wordpress install since 2008 and it has
worked well for us since then, we decided not to change. We also needed to
be sure that however we proceeded, we could also move away if we need to,
and easily and quickly resume hosting of the blog or move it somewhere else.
-
When we move hosting to a 3rd-party site, users will need to agree to
the new privacy policy that we work out for the blog. During the
transition when we update the database and move the blog from our cluster
to a 3rd-party site, current blog users will need to create new accounts on
the new blog and agree to the new privacy policy.
More to come next week, but hopefully this addresses some of the concerns
raised here. We’re very interested in your feedback and hope that we can
capture all the comments and critique on the Meta page when it is up.
thanks,
Matthew
On Thu, Sep 5, 2013 at 3:44 PM, Dan Collins <en.wp.st47 at gmail.com> wrote:
> At least OTRS and mailman belong inside our security "bubble" of control,
> where the only people with access are ops and they can be properly secured.
> The security risk of those applications potentially introducing and
> attacker to all our data is minimal compared to the much greater risk of
> placing our user names, passwords, email addresses, and highly private OTRS
> queues in the hands of a third party including all their technicians, not
> to mention their security practices that we have no control over.
>
> As for the other question. If the nsa sends a letter to WordPress then they
> can get the email address and IP of someone who posted a post or comment to
> our blog. Probably the password too. If we host it over SSL then there's no
> way for them to know even that a given user commented, and if we did SSL
> right (maybe in another ten years) no one would know whether an IP was anon
> browsing, a checkuser or oversight, or reading our highly sensitive OTRS
> queues.
> On Sep 5, 2013 6:28 PM, "Gregory Varnum" <gregory.varnum at gmail.com> wrote:
>
> > I think this makes 100% sense from an operations perspective. Anytime
> you
> > can "outsource" a lower priority web service - fantastic.
> >
> > However, from a community advocacy perspective - I am less convinced. I
> > would be curious if anyone from that team could chime in as well.
> >
> > The security argument makes a great deal of sense to me - making the
> > primary production sites vulnerable should always be avoided if at all
> > humanly possible to do so.
> >
> > Here are some lingering questions I would have for Advocacy and Ops:
> > 1. How closely are we working with WordPress.com staff on this setup?
> > 2. Will we be paying for the service? (I know it is minimal - more
> curious
> > than anything)
> > 3. Is the Automattic (company behind WordPress) privacy policy compatible
> > with WMF's current and proposed (as it exists now) privacy policy?
> > 4. Will people be required to register with WordPress.com to participate
> > in the blog?
> > 5. I recognize we utilize a lot of corporations - but most do not handle
> > our content (I suppose data centers and bandwidth - but I digress) -
> > generally that has been our own or a nonprofit like Freenode (if you
> count
> > IRC as content service). Additionally, they use ads - which has been a
> hot
> > topic on project sites. Recognizing the blog is not really a project
> site
> > that is covered as tightly under our principles - can someone speak to
> the
> > compatibility of Automattic's policies and values with WM and WMF? How
> are
> > we getting around the ads?
> > 6. Are there other services on WMF servers that could be potential
> > security threats? Are OTRS, Mailman, and Etherpad subject to these
> concerns
> > as well? Is there a likely possibility that other services will be moved
> in
> > the future?
> > 7. Should all of these services be moved to a separate server? Is that
> > feasible?
> >
> > I appreciate that WMF is having this dialogue before the switch actually
> > happens. I agree it is a compelling idea.
> >
> > - greg aka varnent
> >
> >
> > On 5 Sep, 2013, at 5:16 PM, David Gerard <dgerard at gmail.com> wrote:
> >
> > > On 5 September 2013 22:07, K. Peachey <p858snake at gmail.com> wrote:
> > >
> > >> That is a argument for changing the blogging tool/platform, Not
> > changing to
> > >> non self-hosted environment.
> > >
> > >
> > > tl;dr Wordpress is the only blog that isn't shit. And Wordpress.com is
> > > a fine place to host a blog if you don't want ever to have to think
> > > about the nuts and bolts of securing the thing.
> > >
> > > _______________________________________________
> > > Wikimedia-l mailing list
> > > Wikimedia-l at lists.wikimedia.org
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
> >
> >
> > _______________________________________________
> > Wikimedia-l mailing list
> > Wikimedia-l at lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>
--
Matthew Roth
Global Communications Manager
Wikimedia Foundation
+1.415.839.6885 ext 6635
www.wikimediafoundation.org
*http://blog.wikimedia.org/*
More information about the Wikimedia-l
mailing list