[Wikimedia-l] Wikimedia blog moving to WordPress.com

classic Classic list List threaded Threaded
42 messages Options
123
Reply | Threaded
Open this post in threaded view
|

[Wikimedia-l] Wikimedia blog moving to WordPress.com

MZMcBride-2
Hi.

The recent draft privacy policy mentions that the Wikimedia blog
(<https://blog.wikimedia.org>) will soon be hosted by WordPress.com.

Was this discussed anywhere? If so, where?

What is the proposed URL structure of a blog hosted by WordPress.com? I
think there's a reasonable expectation that when a user visits
*.wikimedia.org, we don't simply send his or her browser info to a third
party without his or her consent. This has come up previously with Jobvite
and iframes. It's also come up with the use of tracking tools such as
Google Analytics, which not only affect one-time visitors, but aim to
persist client-side.

How will the blog be backed up? Relying on an external service means not
being in control of the data. Will there be regular backups made to ensure
that if WordPress.com goes away, we won't lose all of our posts?

MZMcBride



_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Neil Harris
On 05/09/13 13:37, MZMcBride wrote:

> Hi.
>
> The recent draft privacy policy mentions that the Wikimedia blog
> (<https://blog.wikimedia.org>) will soon be hosted by WordPress.com.
>
> Was this discussed anywhere? If so, where?
>
> What is the proposed URL structure of a blog hosted by WordPress.com? I
> think there's a reasonable expectation that when a user visits
> *.wikimedia.org, we don't simply send his or her browser info to a third
> party without his or her consent. This has come up previously with Jobvite
> and iframes. It's also come up with the use of tracking tools such as
> Google Analytics, which not only affect one-time visitors, but aim to
> persist client-side.
>
> How will the blog be backed up? Relying on an external service means not
> being in control of the data. Will there be regular backups made to ensure
> that if WordPress.com goes away, we won't lose all of our posts?
>
> MZMcBride
>
>
>

I agree: this does seem to be a curious decision, at odds with the WMF's
general policy of self-hosting as much as possible in order to maintain
maximum independence from outside entities, particularly in the context
of the recent concerns about privacy. I would have thought that
maintaining a WordPress installation would be well within the WMF's
capabilities.

Neil



_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Richard Symonds-3
This is being discussed on-wiki too, at
https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordPress.3F
.

Richard Symonds
Wikimedia UK
0207 065 0992

Wikimedia UK is a Company Limited by Guarantee registered in England and
Wales, Registered No. 6741827. Registered Charity No.1144513. Registered
Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT.
United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia
movement. The Wikimedia projects are run by the Wikimedia Foundation (who
operate Wikipedia, amongst other projects).

*Wikimedia UK is an independent non-profit charity with no legal control
over Wikipedia nor responsibility for its contents.*


On 5 September 2013 14:00, Neil Harris <[hidden email]> wrote:

> On 05/09/13 13:37, MZMcBride wrote:
>
>> Hi.
>>
>> The recent draft privacy policy mentions that the Wikimedia blog
>> (<https://blog.wikimedia.org>) will soon be hosted by WordPress.com.
>>
>> Was this discussed anywhere? If so, where?
>>
>> What is the proposed URL structure of a blog hosted by WordPress.com? I
>> think there's a reasonable expectation that when a user visits
>> *.wikimedia.org, we don't simply send his or her browser info to a third
>> party without his or her consent. This has come up previously with Jobvite
>> and iframes. It's also come up with the use of tracking tools such as
>> Google Analytics, which not only affect one-time visitors, but aim to
>> persist client-side.
>>
>> How will the blog be backed up? Relying on an external service means not
>> being in control of the data. Will there be regular backups made to ensure
>> that if WordPress.com goes away, we won't lose all of our posts?
>>
>> MZMcBride
>>
>>
>>
>>
> I agree: this does seem to be a curious decision, at odds with the WMF's
> general policy of self-hosting as much as possible in order to maintain
> maximum independence from outside entities, particularly in the context of
> the recent concerns about privacy. I would have thought that maintaining a
> WordPress installation would be well within the WMF's capabilities.
>
> Neil
>
>
>
>
> ______________________________**_________________
> Wikimedia-l mailing list
> [hidden email].**org <[hidden email]>
> Unsubscribe: https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<https://lists.wikimedia.org/mailman/listinfo/wikimedia-l>,
> <mailto:wikimedia-l-request@**lists.wikimedia.org<[hidden email]>
> ?subject=**unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Lodewijk
This was definitely mentioned at Wikimania. What I understood is that it
will be hosted externally for performance and reliability reasons, but that
the rest should remain the same.

Anyway, I'm not an expert here, just what I understood from Matthew Roth &
friends

Lodewijk


2013/9/5 Richard Symonds <[hidden email]>

> This is being discussed on-wiki too, at
>
> https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordPress.3F
> .
>
> Richard Symonds
> Wikimedia UK
> 0207 065 0992
>
> Wikimedia UK is a Company Limited by Guarantee registered in England and
> Wales, Registered No. 6741827. Registered Charity No.1144513. Registered
> Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT.
> United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia
> movement. The Wikimedia projects are run by the Wikimedia Foundation (who
> operate Wikipedia, amongst other projects).
>
> *Wikimedia UK is an independent non-profit charity with no legal control
> over Wikipedia nor responsibility for its contents.*
>
>
> On 5 September 2013 14:00, Neil Harris <[hidden email]> wrote:
>
> > On 05/09/13 13:37, MZMcBride wrote:
> >
> >> Hi.
> >>
> >> The recent draft privacy policy mentions that the Wikimedia blog
> >> (<https://blog.wikimedia.org>) will soon be hosted by WordPress.com.
> >>
> >> Was this discussed anywhere? If so, where?
> >>
> >> What is the proposed URL structure of a blog hosted by WordPress.com? I
> >> think there's a reasonable expectation that when a user visits
> >> *.wikimedia.org, we don't simply send his or her browser info to a
> third
> >> party without his or her consent. This has come up previously with
> Jobvite
> >> and iframes. It's also come up with the use of tracking tools such as
> >> Google Analytics, which not only affect one-time visitors, but aim to
> >> persist client-side.
> >>
> >> How will the blog be backed up? Relying on an external service means not
> >> being in control of the data. Will there be regular backups made to
> ensure
> >> that if WordPress.com goes away, we won't lose all of our posts?
> >>
> >> MZMcBride
> >>
> >>
> >>
> >>
> > I agree: this does seem to be a curious decision, at odds with the WMF's
> > general policy of self-hosting as much as possible in order to maintain
> > maximum independence from outside entities, particularly in the context
> of
> > the recent concerns about privacy. I would have thought that maintaining
> a
> > WordPress installation would be well within the WMF's capabilities.
> >
> > Neil
> >
> >
> >
> >
> > ______________________________**_________________
> > Wikimedia-l mailing list
> > [hidden email].**org <[hidden email]>
> > Unsubscribe: https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l>,
> > <mailto:wikimedia-l-request@**lists.wikimedia.org<
> [hidden email]>
> > ?subject=**unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

theo10011
On Thu, Sep 5, 2013 at 10:26 PM, Lodewijk <[hidden email]>wrote:

> This was definitely mentioned at Wikimania. What I understood is that it
> will be hosted externally for performance and reliability reasons, but that
> the rest should remain the same.
>

So, A blog for one of the top 10 websites in the world is being hosted
externally "for performance and reliability"? - That doesn't sound right.
Maybe Mr. Roth & friends can clarify a bit here.

Blogs generally don't require a lot of resources, aside from some comment
oversight. But it's not like there is a deluge of comments or moderation
required in the current blog - they average about 1, maybe 2 comments and
from my impression, don't particularly have a high number of regular
followers.

This seems like something trivial, perhaps because of familiarity with
Wordpress, it is being preferred in this case. But then, why are we
willingly and so easily handing the visitors to a third party? especially
with so much paranoia about monitoring and privacy issues. Even for the
sake of our own impression and opinions - Is there a particular role there
that Mediawiki can't fill in? (I recall Erik once argued that wiki is the
most versatile platform, does he believe that Wordpress is a better
alternative? )

Regards
Theo


>
> Anyway, I'm not an expert here, just what I understood from Matthew Roth &
> friends
>
> Lodewijk
>
>
> 2013/9/5 Richard Symonds <[hidden email]>
>
> > This is being discussed on-wiki too, at
> >
> >
> https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordPress.3F
> > .
> >
> > Richard Symonds
> > Wikimedia UK
> > 0207 065 0992
> >
> > Wikimedia UK is a Company Limited by Guarantee registered in England and
> > Wales, Registered No. 6741827. Registered Charity No.1144513. Registered
> > Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A
> 4LT.
> > United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia
> > movement. The Wikimedia projects are run by the Wikimedia Foundation (who
> > operate Wikipedia, amongst other projects).
> >
> > *Wikimedia UK is an independent non-profit charity with no legal control
> > over Wikipedia nor responsibility for its contents.*
> >
> >
> > On 5 September 2013 14:00, Neil Harris <[hidden email]> wrote:
> >
> > > On 05/09/13 13:37, MZMcBride wrote:
> > >
> > >> Hi.
> > >>
> > >> The recent draft privacy policy mentions that the Wikimedia blog
> > >> (<https://blog.wikimedia.org>) will soon be hosted by WordPress.com.
> > >>
> > >> Was this discussed anywhere? If so, where?
> > >>
> > >> What is the proposed URL structure of a blog hosted by WordPress.com?
> I
> > >> think there's a reasonable expectation that when a user visits
> > >> *.wikimedia.org, we don't simply send his or her browser info to a
> > third
> > >> party without his or her consent. This has come up previously with
> > Jobvite
> > >> and iframes. It's also come up with the use of tracking tools such as
> > >> Google Analytics, which not only affect one-time visitors, but aim to
> > >> persist client-side.
> > >>
> > >> How will the blog be backed up? Relying on an external service means
> not
> > >> being in control of the data. Will there be regular backups made to
> > ensure
> > >> that if WordPress.com goes away, we won't lose all of our posts?
> > >>
> > >> MZMcBride
> > >>
> > >>
> > >>
> > >>
> > > I agree: this does seem to be a curious decision, at odds with the
> WMF's
> > > general policy of self-hosting as much as possible in order to maintain
> > > maximum independence from outside entities, particularly in the context
> > of
> > > the recent concerns about privacy. I would have thought that
> maintaining
> > a
> > > WordPress installation would be well within the WMF's capabilities.
> > >
> > > Neil
> > >
> > >
> > >
> > >
> > > ______________________________**_________________
> > > Wikimedia-l mailing list
> > > [hidden email].**org <[hidden email]>
> > > Unsubscribe:
> https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
> > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l>,
> > > <mailto:wikimedia-l-request@**lists.wikimedia.org<
> > [hidden email]>
> > > ?subject=**unsubscribe>
> > >
> > _______________________________________________
> > Wikimedia-l mailing list
> > [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Bence Damokos
As I understand  the blog is currently a self-hosted instance of Wordpress
and the idea is to move the hosting to somewhere else.
(So this is not MediaWiki vs. Wordpress, but self-hosting vs. not
self-hosting)

Best regards,
Bence


On Thu, Sep 5, 2013 at 7:29 PM, Theo10011 <[hidden email]> wrote:

> On Thu, Sep 5, 2013 at 10:26 PM, Lodewijk <[hidden email]
> >wrote:
>
> > This was definitely mentioned at Wikimania. What I understood is that it
> > will be hosted externally for performance and reliability reasons, but
> that
> > the rest should remain the same.
> >
>
> So, A blog for one of the top 10 websites in the world is being hosted
> externally "for performance and reliability"? - That doesn't sound right.
> Maybe Mr. Roth & friends can clarify a bit here.
>
> Blogs generally don't require a lot of resources, aside from some comment
> oversight. But it's not like there is a deluge of comments or moderation
> required in the current blog - they average about 1, maybe 2 comments and
> from my impression, don't particularly have a high number of regular
> followers.
>
> This seems like something trivial, perhaps because of familiarity with
> Wordpress, it is being preferred in this case. But then, why are we
> willingly and so easily handing the visitors to a third party? especially
> with so much paranoia about monitoring and privacy issues. Even for the
> sake of our own impression and opinions - Is there a particular role there
> that Mediawiki can't fill in? (I recall Erik once argued that wiki is the
> most versatile platform, does he believe that Wordpress is a better
> alternative? )
>
> Regards
> Theo
>
>
> >
> > Anyway, I'm not an expert here, just what I understood from Matthew Roth
> &
> > friends
> >
> > Lodewijk
> >
> >
> > 2013/9/5 Richard Symonds <[hidden email]>
> >
> > > This is being discussed on-wiki too, at
> > >
> > >
> >
> https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordPress.3F
> > > .
> > >
> > > Richard Symonds
> > > Wikimedia UK
> > > 0207 065 0992
> > >
> > > Wikimedia UK is a Company Limited by Guarantee registered in England
> and
> > > Wales, Registered No. 6741827. Registered Charity No.1144513.
> Registered
> > > Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A
> > 4LT.
> > > United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia
> > > movement. The Wikimedia projects are run by the Wikimedia Foundation
> (who
> > > operate Wikipedia, amongst other projects).
> > >
> > > *Wikimedia UK is an independent non-profit charity with no legal
> control
> > > over Wikipedia nor responsibility for its contents.*
> > >
> > >
> > > On 5 September 2013 14:00, Neil Harris <[hidden email]> wrote:
> > >
> > > > On 05/09/13 13:37, MZMcBride wrote:
> > > >
> > > >> Hi.
> > > >>
> > > >> The recent draft privacy policy mentions that the Wikimedia blog
> > > >> (<https://blog.wikimedia.org>) will soon be hosted by
> WordPress.com.
> > > >>
> > > >> Was this discussed anywhere? If so, where?
> > > >>
> > > >> What is the proposed URL structure of a blog hosted by
> WordPress.com?
> > I
> > > >> think there's a reasonable expectation that when a user visits
> > > >> *.wikimedia.org, we don't simply send his or her browser info to a
> > > third
> > > >> party without his or her consent. This has come up previously with
> > > Jobvite
> > > >> and iframes. It's also come up with the use of tracking tools such
> as
> > > >> Google Analytics, which not only affect one-time visitors, but aim
> to
> > > >> persist client-side.
> > > >>
> > > >> How will the blog be backed up? Relying on an external service means
> > not
> > > >> being in control of the data. Will there be regular backups made to
> > > ensure
> > > >> that if WordPress.com goes away, we won't lose all of our posts?
> > > >>
> > > >> MZMcBride
> > > >>
> > > >>
> > > >>
> > > >>
> > > > I agree: this does seem to be a curious decision, at odds with the
> > WMF's
> > > > general policy of self-hosting as much as possible in order to
> maintain
> > > > maximum independence from outside entities, particularly in the
> context
> > > of
> > > > the recent concerns about privacy. I would have thought that
> > maintaining
> > > a
> > > > WordPress installation would be well within the WMF's capabilities.
> > > >
> > > > Neil
> > > >
> > > >
> > > >
> > > >
> > > > ______________________________**_________________
> > > > Wikimedia-l mailing list
> > > > [hidden email].**org <[hidden email]>
> > > > Unsubscribe:
> > https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
> > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l>,
> > > > <mailto:wikimedia-l-request@**lists.wikimedia.org<
> > > [hidden email]>
> > > > ?subject=**unsubscribe>
> > > >
> > > _______________________________________________
> > > Wikimedia-l mailing list
> > > [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > >
> > _______________________________________________
> > Wikimedia-l mailing list
> > [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Leslie Carr
On Thu, Sep 5, 2013 at 10:33 AM, Bence Damokos <[hidden email]> wrote:

> As I understand  the blog is currently a self-hosted instance of Wordpress
> and the idea is to move the hosting to somewhere else.
> (So this is not MediaWiki vs. Wordpress, but self-hosting vs. not
> self-hosting)
>
>
Exactly!


> Best regards,
> Bence
>
>
> On Thu, Sep 5, 2013 at 7:29 PM, Theo10011 <[hidden email]> wrote:
>
> > On Thu, Sep 5, 2013 at 10:26 PM, Lodewijk <[hidden email]
> > >wrote:
> >
> > > This was definitely mentioned at Wikimania. What I understood is that
> it
> > > will be hosted externally for performance and reliability reasons, but
> > that
> > > the rest should remain the same.
> > >
> >
> > So, A blog for one of the top 10 websites in the world is being hosted
> > externally "for performance and reliability"? - That doesn't sound right.
> > Maybe Mr. Roth & friends can clarify a bit here.
> >
>

I can chime in as a tech operations person (in my official capacity).
 Currently the blog is in a partially maintained by Operations state.  In
ops, we have a few concerns - #1 is security (exemplified by our recent
security incident) of having a wordpress instance in our production
environment.  #2 is support of the blog from a technical standpoint.  We
are currently all oversubscribed with trying to keep the production sites
up and speedy.  The blog is low priority for us compared to the wiki's, and
therefore is often neglected.  When we hire about 5 more ops people, it may
be more sustainable, but right now, it's not - so it would actually be a
net positive for the Operations team to move the blog onto a dedicated
third party, and will also hopefully prevent any future security incidents.

Leslie


> > Blogs generally don't require a lot of resources, aside from some comment
> > oversight. But it's not like there is a deluge of comments or moderation
> > required in the current blog - they average about 1, maybe 2 comments and
> > from my impression, don't particularly have a high number of regular
> > followers.
> >
> > This seems like something trivial, perhaps because of familiarity with
> > Wordpress, it is being preferred in this case. But then, why are we
> > willingly and so easily handing the visitors to a third party? especially
> > with so much paranoia about monitoring and privacy issues. Even for the
> > sake of our own impression and opinions - Is there a particular role
> there
> > that Mediawiki can't fill in? (I recall Erik once argued that wiki is the
> > most versatile platform, does he believe that Wordpress is a better
> > alternative? )
> >
> > Regards
> > Theo
> >
> >
> > >
> > > Anyway, I'm not an expert here, just what I understood from Matthew
> Roth
> > &
> > > friends
> > >
> > > Lodewijk
> > >
> > >
> > > 2013/9/5 Richard Symonds <[hidden email]>
> > >
> > > > This is being discussed on-wiki too, at
> > > >
> > > >
> > >
> >
> https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordPress.3F
> > > > .
> > > >
> > > > Richard Symonds
> > > > Wikimedia UK
> > > > 0207 065 0992
> > > >
> > > > Wikimedia UK is a Company Limited by Guarantee registered in England
> > and
> > > > Wales, Registered No. 6741827. Registered Charity No.1144513.
> > Registered
> > > > Office 4th Floor, Development House, 56-64 Leonard Street, London
> EC2A
> > > 4LT.
> > > > United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia
> > > > movement. The Wikimedia projects are run by the Wikimedia Foundation
> > (who
> > > > operate Wikipedia, amongst other projects).
> > > >
> > > > *Wikimedia UK is an independent non-profit charity with no legal
> > control
> > > > over Wikipedia nor responsibility for its contents.*
> > > >
> > > >
> > > > On 5 September 2013 14:00, Neil Harris <[hidden email]>
> wrote:
> > > >
> > > > > On 05/09/13 13:37, MZMcBride wrote:
> > > > >
> > > > >> Hi.
> > > > >>
> > > > >> The recent draft privacy policy mentions that the Wikimedia blog
> > > > >> (<https://blog.wikimedia.org>) will soon be hosted by
> > WordPress.com.
> > > > >>
> > > > >> Was this discussed anywhere? If so, where?
> > > > >>
> > > > >> What is the proposed URL structure of a blog hosted by
> > WordPress.com?
> > > I
> > > > >> think there's a reasonable expectation that when a user visits
> > > > >> *.wikimedia.org, we don't simply send his or her browser info to
> a
> > > > third
> > > > >> party without his or her consent. This has come up previously with
> > > > Jobvite
> > > > >> and iframes. It's also come up with the use of tracking tools such
> > as
> > > > >> Google Analytics, which not only affect one-time visitors, but aim
> > to
> > > > >> persist client-side.
> > > > >>
> > > > >> How will the blog be backed up? Relying on an external service
> means
> > > not
> > > > >> being in control of the data. Will there be regular backups made
> to
> > > > ensure
> > > > >> that if WordPress.com goes away, we won't lose all of our posts?
> > > > >>
> > > > >> MZMcBride
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > > I agree: this does seem to be a curious decision, at odds with the
> > > WMF's
> > > > > general policy of self-hosting as much as possible in order to
> > maintain
> > > > > maximum independence from outside entities, particularly in the
> > context
> > > > of
> > > > > the recent concerns about privacy. I would have thought that
> > > maintaining
> > > > a
> > > > > WordPress installation would be well within the WMF's capabilities.
> > > > >
> > > > > Neil
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > ______________________________**_________________
> > > > > Wikimedia-l mailing list
> > > > > [hidden email].**org <[hidden email]
> >
> > > > > Unsubscribe:
> > > https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
> > > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l>,
> > > > > <mailto:wikimedia-l-request@**lists.wikimedia.org<
> > > > [hidden email]>
> > > > > ?subject=**unsubscribe>
> > > > >
> > > > _______________________________________________
> > > > Wikimedia-l mailing list
> > > > [hidden email]
> > > > Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > > <mailto:[hidden email]?subject=unsubscribe>
> > > >
> > > _______________________________________________
> > > Wikimedia-l mailing list
> > > [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > >
> > _______________________________________________
> > Wikimedia-l mailing list
> > [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>



--
Leslie Carr
Wikimedia Foundation
AS 14907, 43821
http://as14907.peeringdb.com/
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

rupert THURNER-2
In reply to this post by Bence Damokos
Personally i think this is a bad idea, especially with respect to all the
nsa discussions. If wmf is not able to host it might be hosted by one of
the chapters, or wikinews might accept a new article type "blog", what you
think?

Rupert

Am 05.09.2013 19:34 schrieb "Bence Damokos" <[hidden email]>:

>
> As I understand  the blog is currently a self-hosted instance of Wordpress
> and the idea is to move the hosting to somewhere else.
> (So this is not MediaWiki vs. Wordpress, but self-hosting vs. not
> self-hosting)
>
> Best regards,
> Bence
>
>
> On Thu, Sep 5, 2013 at 7:29 PM, Theo10011 <[hidden email]> wrote:
>
> > On Thu, Sep 5, 2013 at 10:26 PM, Lodewijk <[hidden email]
> > >wrote:
> >
> > > This was definitely mentioned at Wikimania. What I understood is that
it
> > > will be hosted externally for performance and reliability reasons, but
> > that
> > > the rest should remain the same.
> > >
> >
> > So, A blog for one of the top 10 websites in the world is being hosted
> > externally "for performance and reliability"? - That doesn't sound
right.
> > Maybe Mr. Roth & friends can clarify a bit here.
> >
> > Blogs generally don't require a lot of resources, aside from some
comment
> > oversight. But it's not like there is a deluge of comments or moderation
> > required in the current blog - they average about 1, maybe 2 comments
and
> > from my impression, don't particularly have a high number of regular
> > followers.
> >
> > This seems like something trivial, perhaps because of familiarity with
> > Wordpress, it is being preferred in this case. But then, why are we
> > willingly and so easily handing the visitors to a third party?
especially
> > with so much paranoia about monitoring and privacy issues. Even for the
> > sake of our own impression and opinions - Is there a particular role
there
> > that Mediawiki can't fill in? (I recall Erik once argued that wiki is
the
> > most versatile platform, does he believe that Wordpress is a better
> > alternative? )
> >
> > Regards
> > Theo
> >
> >
> > >
> > > Anyway, I'm not an expert here, just what I understood from Matthew
Roth

> > &
> > > friends
> > >
> > > Lodewijk
> > >
> > >
> > > 2013/9/5 Richard Symonds <[hidden email]>
> > >
> > > > This is being discussed on-wiki too, at
> > > >
> > > >
> > >
> >
https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordPress.3F

> > > > .
> > > >
> > > > Richard Symonds
> > > > Wikimedia UK
> > > > 0207 065 0992
> > > >
> > > > Wikimedia UK is a Company Limited by Guarantee registered in England
> > and
> > > > Wales, Registered No. 6741827. Registered Charity No.1144513.
> > Registered
> > > > Office 4th Floor, Development House, 56-64 Leonard Street, London
EC2A

> > > 4LT.
> > > > United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia
> > > > movement. The Wikimedia projects are run by the Wikimedia Foundation
> > (who
> > > > operate Wikipedia, amongst other projects).
> > > >
> > > > *Wikimedia UK is an independent non-profit charity with no legal
> > control
> > > > over Wikipedia nor responsibility for its contents.*
> > > >
> > > >
> > > > On 5 September 2013 14:00, Neil Harris <[hidden email]>
wrote:

> > > >
> > > > > On 05/09/13 13:37, MZMcBride wrote:
> > > > >
> > > > >> Hi.
> > > > >>
> > > > >> The recent draft privacy policy mentions that the Wikimedia blog
> > > > >> (<https://blog.wikimedia.org>) will soon be hosted by
> > WordPress.com.
> > > > >>
> > > > >> Was this discussed anywhere? If so, where?
> > > > >>
> > > > >> What is the proposed URL structure of a blog hosted by
> > WordPress.com?
> > > I
> > > > >> think there's a reasonable expectation that when a user visits
> > > > >> *.wikimedia.org, we don't simply send his or her browser info to
a
> > > > third
> > > > >> party without his or her consent. This has come up previously
with
> > > > Jobvite
> > > > >> and iframes. It's also come up with the use of tracking tools
such
> > as
> > > > >> Google Analytics, which not only affect one-time visitors, but
aim
> > to
> > > > >> persist client-side.
> > > > >>
> > > > >> How will the blog be backed up? Relying on an external service
means
> > > not
> > > > >> being in control of the data. Will there be regular backups made
to

> > > > ensure
> > > > >> that if WordPress.com goes away, we won't lose all of our posts?
> > > > >>
> > > > >> MZMcBride
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > > I agree: this does seem to be a curious decision, at odds with the
> > > WMF's
> > > > > general policy of self-hosting as much as possible in order to
> > maintain
> > > > > maximum independence from outside entities, particularly in the
> > context
> > > > of
> > > > > the recent concerns about privacy. I would have thought that
> > > maintaining
> > > > a
> > > > > WordPress installation would be well within the WMF's
capabilities.

> > > > >
> > > > > Neil
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > ______________________________**_________________
> > > > > Wikimedia-l mailing list
> > > > > [hidden email].**org <[hidden email]
>
> > > > > Unsubscribe:
> > > https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
> > > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l>,
> > > > > <mailto:wikimedia-l-request@**lists.wikimedia.org<
> > > > [hidden email]>
> > > > > ?subject=**unsubscribe>
> > > > >
> > > > _______________________________________________
> > > > Wikimedia-l mailing list
> > > > [hidden email]
> > > > Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

> > > > <mailto:[hidden email]?subject=unsubscribe>
> > > >
> > > _______________________________________________
> > > Wikimedia-l mailing list
> > > [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > >
> > _______________________________________________
> > Wikimedia-l mailing list
> > [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Nathan Awrich
On Thu, Sep 5, 2013 at 2:51 PM, rupert THURNER <[hidden email]> wrote:
> Personally i think this is a bad idea, especially with respect to all the
> nsa discussions. If wmf is not able to host it might be hosted by one of
> the chapters, or wikinews might accept a new article type "blog", what you
> think?
>
> Rupert
>

This is a very good point - we must try to protect logs of visitors to
the WMF blog from the inevitably prying eyes of the National Security
Agency! And only by self-hosting it will this be effectively
accomplished!

_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Tyler Romeo
On Thu, Sep 5, 2013 at 2:57 PM, Nathan <[hidden email]> wrote:

> This is a very good point - we must try to protect logs of visitors to
> the WMF blog from the inevitably prying eyes of the National Security
> Agency! And only by self-hosting it will this be effectively
> accomplished!
>

This doesn't make any sense. If we're assuming the NSA is monitoring all
Internet traffic, which is the problem everybody has been complaining
about, then they don't need access to our servers to tell who is visiting
the blog.

*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | [hidden email]
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Andrew Gray-3
In reply to this post by theo10011
Mediawiki is indeed the most versatile platform, but that just means
it's okay at most things. It doesn't mean it's better than other
platforms explicitly designed for a particular job ;-)

I'd prefer self-hosting on general principle, but if our operations
people say it's better and more stable hosted elsewhere - and
presumably they have - then fair enough.

Andrew.

On 5 September 2013 18:29, Theo10011 <[hidden email]> wrote:

> On Thu, Sep 5, 2013 at 10:26 PM, Lodewijk <[hidden email]>wrote:
>
>> This was definitely mentioned at Wikimania. What I understood is that it
>> will be hosted externally for performance and reliability reasons, but that
>> the rest should remain the same.
>>
>
> So, A blog for one of the top 10 websites in the world is being hosted
> externally "for performance and reliability"? - That doesn't sound right.
> Maybe Mr. Roth & friends can clarify a bit here.
>
> Blogs generally don't require a lot of resources, aside from some comment
> oversight. But it's not like there is a deluge of comments or moderation
> required in the current blog - they average about 1, maybe 2 comments and
> from my impression, don't particularly have a high number of regular
> followers.
>
> This seems like something trivial, perhaps because of familiarity with
> Wordpress, it is being preferred in this case. But then, why are we
> willingly and so easily handing the visitors to a third party? especially
> with so much paranoia about monitoring and privacy issues. Even for the
> sake of our own impression and opinions - Is there a particular role there
> that Mediawiki can't fill in? (I recall Erik once argued that wiki is the
> most versatile platform, does he believe that Wordpress is a better
> alternative? )
>
> Regards
> Theo
>
>
>>
>> Anyway, I'm not an expert here, just what I understood from Matthew Roth &
>> friends
>>
>> Lodewijk
>>
>>
>> 2013/9/5 Richard Symonds <[hidden email]>
>>
>> > This is being discussed on-wiki too, at
>> >
>> >
>> https://meta.wikimedia.org/wiki/Talk:Privacy_policy#Blog_not_hosted_by_WordPress.3F
>> > .
>> >
>> > Richard Symonds
>> > Wikimedia UK
>> > 0207 065 0992
>> >
>> > Wikimedia UK is a Company Limited by Guarantee registered in England and
>> > Wales, Registered No. 6741827. Registered Charity No.1144513. Registered
>> > Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A
>> 4LT.
>> > United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia
>> > movement. The Wikimedia projects are run by the Wikimedia Foundation (who
>> > operate Wikipedia, amongst other projects).
>> >
>> > *Wikimedia UK is an independent non-profit charity with no legal control
>> > over Wikipedia nor responsibility for its contents.*
>> >
>> >
>> > On 5 September 2013 14:00, Neil Harris <[hidden email]> wrote:
>> >
>> > > On 05/09/13 13:37, MZMcBride wrote:
>> > >
>> > >> Hi.
>> > >>
>> > >> The recent draft privacy policy mentions that the Wikimedia blog
>> > >> (<https://blog.wikimedia.org>) will soon be hosted by WordPress.com.
>> > >>
>> > >> Was this discussed anywhere? If so, where?
>> > >>
>> > >> What is the proposed URL structure of a blog hosted by WordPress.com?
>> I
>> > >> think there's a reasonable expectation that when a user visits
>> > >> *.wikimedia.org, we don't simply send his or her browser info to a
>> > third
>> > >> party without his or her consent. This has come up previously with
>> > Jobvite
>> > >> and iframes. It's also come up with the use of tracking tools such as
>> > >> Google Analytics, which not only affect one-time visitors, but aim to
>> > >> persist client-side.
>> > >>
>> > >> How will the blog be backed up? Relying on an external service means
>> not
>> > >> being in control of the data. Will there be regular backups made to
>> > ensure
>> > >> that if WordPress.com goes away, we won't lose all of our posts?
>> > >>
>> > >> MZMcBride
>> > >>
>> > >>
>> > >>
>> > >>
>> > > I agree: this does seem to be a curious decision, at odds with the
>> WMF's
>> > > general policy of self-hosting as much as possible in order to maintain
>> > > maximum independence from outside entities, particularly in the context
>> > of
>> > > the recent concerns about privacy. I would have thought that
>> maintaining
>> > a
>> > > WordPress installation would be well within the WMF's capabilities.
>> > >
>> > > Neil
>> > >
>> > >
>> > >
>> > >
>> > > ______________________________**_________________
>> > > Wikimedia-l mailing list
>> > > [hidden email].**org <[hidden email]>
>> > > Unsubscribe:
>> https://lists.wikimedia.org/**mailman/listinfo/wikimedia-l<
>> > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l>,
>> > > <mailto:wikimedia-l-request@**lists.wikimedia.org<
>> > [hidden email]>
>> > > ?subject=**unsubscribe>
>> > >
>> > _______________________________________________
>> > Wikimedia-l mailing list
>> > [hidden email]
>> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > <mailto:[hidden email]?subject=unsubscribe>
>> >
>> _______________________________________________
>> Wikimedia-l mailing list
>> [hidden email]
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:[hidden email]?subject=unsubscribe>
>>
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>



--
- Andrew Gray
  [hidden email]

_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

David Gerard-2
On 5 September 2013 20:03, Andrew Gray <[hidden email]> wrote:

> Mediawiki is indeed the most versatile platform, but that just means
> it's okay at most things. It doesn't mean it's better than other
> platforms explicitly designed for a particular job ;-)


Wordpress is a ridiculously better blog platform than MediaWiki will ever be.


> I'd prefer self-hosting on general principle, but if our operations
> people say it's better and more stable hosted elsewhere - and
> presumably they have - then fair enough.


I would worry only about our privacy policies for users - will we use
our own database of users? Will people need to log in with a
Wordpress.com accoun to comment? Can we say precisely what data
Wordpress will get?


- d.

_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

K. Peachey-2
In reply to this post by Leslie Carr
On Fri, Sep 6, 2013 at 4:46 AM, Leslie Carr <[hidden email]> wrote:

> I can chime in as a tech operations person (in my official capacity).
>  Currently the blog is in a partially maintained by Operations state.  In
> ops, we have a few concerns - #1 is security (exemplified by our recent
> security incident) of having a wordpress instance in our production
> environment.  #2 is support of the blog from a technical standpoint.  We
> are currently all oversubscribed with trying to keep the production sites
> up and speedy.  The blog is low priority for us compared to the wiki's, and
> therefore is often neglected.  When we hire about 5 more ops people, it may
> be more sustainable, but right now, it's not - so it would actually be a
> net positive for the Operations team to move the blog onto a dedicated
> third party, and will also hopefully prevent any future security incidents.
>
> Leslie


That is a argument for changing the blogging tool/platform, Not changing to
non self-hosted environment.
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Tyler Romeo
On Sep 5, 2013 5:07 PM, "K. Peachey" <[hidden email]> wrote:
>
> On Fri, Sep 6, 2013 at 4:46 AM, Leslie Carr <[hidden email]> wrote:
> That is a argument for changing the blogging tool/platform, Not changing
to
> non self-hosted environment.

How so? Not having to maintain another site, regardless of the platform,
makes it easier on the ops team. Also, what platform would we even switch
to? Joomla?
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

David Gerard-2
In reply to this post by K. Peachey-2
On 5 September 2013 22:07, K. Peachey <[hidden email]> wrote:

> That is a argument for changing the blogging tool/platform, Not changing to
> non self-hosted environment.


tl;dr Wordpress is the only blog that isn't shit. And Wordpress.com is
a fine place to host a blog if you don't want ever to have to think
about the nuts and bolts of securing the thing.

_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

[Wikimedia-l] Wikimedia blog moving to WordPress.com

Laura Hale
In reply to this post by rupert THURNER-2
On Thursday, September 5, 2013, rupert THURNER wrote:

> Personally i think this is a bad idea, especially with respect to all the
> nsa discussions. If wmf is not able to host it might be hosted by one of
> the chapters, or wikinews might accept a new article type "blog", what you
> think?
>
>
Cool idea, but maybe Wikipedia, Wikibooks, Wikiversity, meta or outreach
would be a better fit mission wise?  Blog hosting would violate fundamental
Wikinews project guidelines regarding neutrality, style guidelines and
verifiability.  Thus, not a good fit for Wikinews, though I am sure if you
contact the local communities, they would appreciate the suggestion. :)
 (Maybe Spanish Wikinews would appreciate it.) If it was a serious option,
Wikinewsie.org is getting Icelandic hosting for our reporting journalism
workspace to protect our reporters...  I believe we already have a
Wordpress install, so as a potential thematic organization, The Wikinewsie
Group could be placed to assist.  We chose Icelandic hosting for a variety
of reasons that have been mentioned in previous security related
discussions.

Sincerely,
Laura Hale


--
mobile:   635209416
twitter: purplepopple
blog: ozziesport.com
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Gregory Varnum-2
In reply to this post by David Gerard-2
I think this makes 100% sense from an operations perspective.  Anytime you can "outsource" a lower priority web service - fantastic.

However, from a community advocacy perspective - I am less convinced.  I would be curious if anyone from that team could chime in as well.

The security argument makes a great deal of sense to me - making the primary production sites vulnerable should always be avoided if at all humanly possible to do so.

Here are some lingering questions I would have for Advocacy and Ops:
1. How closely are we working with WordPress.com staff on this setup?
2. Will we be paying for the service? (I know it is minimal - more curious than anything)
3. Is the Automattic (company behind WordPress) privacy policy compatible with WMF's current and proposed (as it exists now) privacy policy?
4. Will people be required to register with WordPress.com to participate in the blog?
5. I recognize we utilize a lot of corporations - but most do not handle our content (I suppose data centers and bandwidth - but I digress) - generally that has been our own or a nonprofit like Freenode (if you count IRC as content service). Additionally, they use ads - which has been a hot topic on project sites.  Recognizing the blog is not really a project site that is covered as tightly under our principles - can someone speak to the compatibility of Automattic's policies and values with WM and WMF? How are we getting around the ads?
6. Are there other services on WMF servers that could be potential security threats? Are OTRS, Mailman, and Etherpad subject to these concerns as well? Is there a likely possibility that other services will be moved in the future?
7. Should all of these services be moved to a separate server?  Is that feasible?

I appreciate that WMF is having this dialogue before the switch actually happens.  I agree it is a compelling idea.

- greg aka varnent


On 5 Sep, 2013, at 5:16 PM, David Gerard <[hidden email]> wrote:

> On 5 September 2013 22:07, K. Peachey <[hidden email]> wrote:
>
>> That is a argument for changing the blogging tool/platform, Not changing to
>> non self-hosted environment.
>
>
> tl;dr Wordpress is the only blog that isn't shit. And Wordpress.com is
> a fine place to host a blog if you don't want ever to have to think
> about the nuts and bolts of securing the thing.
>
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>


_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Dan Collins-2
At least OTRS and mailman belong inside our security "bubble" of control,
where the only people with access are ops and they can be properly secured.
The security risk of those applications potentially introducing and
attacker to all our data is minimal compared to the much greater risk of
placing our user names, passwords, email addresses, and highly private OTRS
queues in the hands of a third party including all their technicians, not
to mention their security practices that we have no control over.

As for the other question. If the nsa sends a letter to WordPress then they
can get the email address and IP of someone who posted a post or comment to
our blog. Probably the password too. If we host it over SSL then there's no
way for them to know even that a given user commented, and if we did SSL
right (maybe in another ten years) no one would know whether an IP was anon
browsing, a checkuser or oversight, or reading our highly sensitive OTRS
queues.
On Sep 5, 2013 6:28 PM, "Gregory Varnum" <[hidden email]> wrote:

> I think this makes 100% sense from an operations perspective.  Anytime you
> can "outsource" a lower priority web service - fantastic.
>
> However, from a community advocacy perspective - I am less convinced.  I
> would be curious if anyone from that team could chime in as well.
>
> The security argument makes a great deal of sense to me - making the
> primary production sites vulnerable should always be avoided if at all
> humanly possible to do so.
>
> Here are some lingering questions I would have for Advocacy and Ops:
> 1. How closely are we working with WordPress.com staff on this setup?
> 2. Will we be paying for the service? (I know it is minimal - more curious
> than anything)
> 3. Is the Automattic (company behind WordPress) privacy policy compatible
> with WMF's current and proposed (as it exists now) privacy policy?
> 4. Will people be required to register with WordPress.com to participate
> in the blog?
> 5. I recognize we utilize a lot of corporations - but most do not handle
> our content (I suppose data centers and bandwidth - but I digress) -
> generally that has been our own or a nonprofit like Freenode (if you count
> IRC as content service). Additionally, they use ads - which has been a hot
> topic on project sites.  Recognizing the blog is not really a project site
> that is covered as tightly under our principles - can someone speak to the
> compatibility of Automattic's policies and values with WM and WMF? How are
> we getting around the ads?
> 6. Are there other services on WMF servers that could be potential
> security threats? Are OTRS, Mailman, and Etherpad subject to these concerns
> as well? Is there a likely possibility that other services will be moved in
> the future?
> 7. Should all of these services be moved to a separate server?  Is that
> feasible?
>
> I appreciate that WMF is having this dialogue before the switch actually
> happens.  I agree it is a compelling idea.
>
> - greg aka varnent
>
>
> On 5 Sep, 2013, at 5:16 PM, David Gerard <[hidden email]> wrote:
>
> > On 5 September 2013 22:07, K. Peachey <[hidden email]> wrote:
> >
> >> That is a argument for changing the blogging tool/platform, Not
> changing to
> >> non self-hosted environment.
> >
> >
> > tl;dr Wordpress is the only blog that isn't shit. And Wordpress.com is
> > a fine place to host a blog if you don't want ever to have to think
> > about the nuts and bolts of securing the thing.
> >
> > _______________________________________________
> > Wikimedia-l mailing list
> > [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
>
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Nathan Awrich
On Thu, Sep 5, 2013 at 6:44 PM, Dan Collins <[hidden email]> wrote:

> At least OTRS and mailman belong inside our security "bubble" of control,
> where the only people with access are ops and they can be properly secured.
> The security risk of those applications potentially introducing and
> attacker to all our data is minimal compared to the much greater risk of
> placing our user names, passwords, email addresses, and highly private OTRS
> queues in the hands of a third party including all their technicians, not
> to mention their security practices that we have no control over.
>
> As for the other question. If the nsa sends a letter to WordPress then they
> can get the email address and IP of someone who posted a post or comment to
> our blog. Probably the password too. If we host it over SSL then there's no
> way for them to know even that a given user commented, and if we did SSL
> right (maybe in another ten years) no one would know whether an IP was anon
> browsing, a checkuser or oversight, or reading our highly sensitive OTRS
> queues.

http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?hp

In which it is disclosed that, unsurprisingly, SSL poses no real
challenge for the NSA. In any case, I find it hard to imagine a
plausible scenario in which the NSA would be interested in a commenter
on the WMF blog. (My previous post in this thread was sarcastic, in
case that was unclear).

_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia blog moving to WordPress.com

Matthew Roth
In reply to this post by Dan Collins-2
Hi all,

I was going to socialize some of the transitions for the Wikimedia blog in
the next few weeks on the Wikimedia blog
space<https://meta.wikimedia.org/wiki/Wikimedia_Blog>on Meta and on
the blog itself with a blog post, but this conversation has
sped up the discussion. I plan to have something on Meta by the beginning
of next week and hope that we can continue the discussion there when the
content is posted.

As a general concept, we’re redesigning the blog to be less focused on the
Wikimedia Foundation and more on the Wikimedia movement. For the past year,
we have been sharing more narratives from the movement, making this
important communications tool more about movement partners and not
exclusively about the Wikimedia Foundation. We believe the public has
little understanding of the people behind the projects and we want to share
their stories (i.e. why the contribute, why they edit, why they develop).
We still need the tool to communicate important updates from the WMF, but
that can be accomplished in a larger ecosystem with more diversity of
voices. We’ve had a significant increase in publication from authors who
don’t work for the WMF, as well as increased multi-lingual posts, and we
will continue to increase the amount and diversity of participation.

Specifically, let me address a couple of points raised in this thread.


   -

   We are redesigning the blog. For those at Wikimania who saw my talk, we
   shared the working site for the new Wikimedia blog and explained the basics
   of our thinking. Here is the link for the site under construction. Please
   understand this is still under construction and there will be some changes,
   but this is the basic design of the new Wikimedia blog. It’s also populated
   with data from a db dump that is now 2 months old, so you will see
   significant content difference from the current Wikimedia blog. The draft
   version of the blog is hosted on an outside platform, WP Engine, but this
   is not necessarily the hosting company we may use in future:
   http://wikimedia.wpengine.com/
   -

   We’re exploring the possibility of 3rd-party hosting of the blog. We had
   extensive discussions with members of the WMF Operations and Engineering
   teams about whether to continue to host the blog on our servers or move to
   a 3rd-party host. Ultimately we determined that 3rd party hosts made sense
   for the blog for a number of important reasons. I would refer you to the
   email in this
thread<http://www.gossamer-threads.com/lists/wiki/foundation/387838#387838>from
Leslie Carr in our Ops team, but essentially they feel that a move to
   a 3rd party host would address important security and support concerns, and
   would therefore be preferable to continuing to host the blog ourselves.
   -

   A 3rd-party host will give us redundancy and strong backups. The blog
   has become the Foundation’s primary public communications tool (alongside,
   naturally, the host of wikis we use to converse with the community). We
   want to be sure this platform is hosted on a 3rd-party site in case we
   encounter a significant outage or cluster-wide downtime. Obviously we can’t
   rely on the projects to get that information out if the cluster is down,
   and although we will continue to use identi.ca, twitter, and facebook,
   we’d like to have a stable place to point traffic.
   -

   The blog needs to be able to handle a lot of traffic, quickly. We know
   that Wikimedia’s servers are up to this kind of task, but we’re experts at
   hosting wikis - not necessarily experts at hosting blogs. Specifically
   blogs that may need to handle very large volumes of traffic, spam, and
   comments in a short period of time. We had one such situation back in 2012
   during the Wikipedia blackout. We sent tens of millions of readers to the
   Wikimedia blog and dealt with around 18K comments in a matter of hours. We
   could handle it, but we’d like to have capacity to handle that in an
   emergency situation. Not all blog hosting companies can do this, but a few
   that we’re looking at are expressly built to handle immediate and massive
   increases in traffic, and they’ve got amazing back up services.
   -

   We have not yet selected a 3rd-party host. We have screened a couple of
   3rd-party hosts. While Wordpress.com is one of our top choices (not the
   standard consumer version, rather their ‘managed’ or white glove hosting
   services for high volume customers), we have not yet selected them. Right
   now the WMF legal team is in discussions with Wordpress.com and others. We
   appreciate that if we host on a 3rd party site, we need to navigate the
   important issue of ensuring our privacies policies are compatible.
   -

   The new blog is responsive and much better on multiple devices. With the
   2012 Wordpress theme, we can easily adapt our blog to multiple screen
   widths. Please try expanding and narrowing your browser widths to see the
   responsive design, or load the new blog on a mobile or tablet.
   -

   We feel Wordpress is still the best tool for blog publishing. While
   wikis are functional for many things, we feel Wordpress is better for
   blogging/publishing. When we started the blog redesign, we briefly
   discussed other platforms, but we don’t believe there is a superior tool
   for the blog. Because we’ve had a Wordpress install since 2008 and it has
   worked well for us since then, we decided not to change. We also needed to
   be sure that however we proceeded, we could also move away if we need to,
   and easily and quickly resume hosting of the blog or move it somewhere else.
   -

   When we move hosting to a 3rd-party site, users will need to agree to
   the new privacy policy that we work out for the blog. During the
   transition when we update the database and move the blog from our cluster
   to a 3rd-party site, current blog users will need to create new accounts on
   the new blog and agree to the new privacy policy.


More to come next week, but hopefully this addresses some of the concerns
raised here. We’re very interested in your feedback and hope that we can
capture all the comments and critique on the Meta page when it is up.

thanks,
Matthew


On Thu, Sep 5, 2013 at 3:44 PM, Dan Collins <[hidden email]> wrote:

> At least OTRS and mailman belong inside our security "bubble" of control,
> where the only people with access are ops and they can be properly secured.
> The security risk of those applications potentially introducing and
> attacker to all our data is minimal compared to the much greater risk of
> placing our user names, passwords, email addresses, and highly private OTRS
> queues in the hands of a third party including all their technicians, not
> to mention their security practices that we have no control over.
>
> As for the other question. If the nsa sends a letter to WordPress then they
> can get the email address and IP of someone who posted a post or comment to
> our blog. Probably the password too. If we host it over SSL then there's no
> way for them to know even that a given user commented, and if we did SSL
> right (maybe in another ten years) no one would know whether an IP was anon
> browsing, a checkuser or oversight, or reading our highly sensitive OTRS
> queues.
> On Sep 5, 2013 6:28 PM, "Gregory Varnum" <[hidden email]> wrote:
>
> > I think this makes 100% sense from an operations perspective.  Anytime
> you
> > can "outsource" a lower priority web service - fantastic.
> >
> > However, from a community advocacy perspective - I am less convinced.  I
> > would be curious if anyone from that team could chime in as well.
> >
> > The security argument makes a great deal of sense to me - making the
> > primary production sites vulnerable should always be avoided if at all
> > humanly possible to do so.
> >
> > Here are some lingering questions I would have for Advocacy and Ops:
> > 1. How closely are we working with WordPress.com staff on this setup?
> > 2. Will we be paying for the service? (I know it is minimal - more
> curious
> > than anything)
> > 3. Is the Automattic (company behind WordPress) privacy policy compatible
> > with WMF's current and proposed (as it exists now) privacy policy?
> > 4. Will people be required to register with WordPress.com to participate
> > in the blog?
> > 5. I recognize we utilize a lot of corporations - but most do not handle
> > our content (I suppose data centers and bandwidth - but I digress) -
> > generally that has been our own or a nonprofit like Freenode (if you
> count
> > IRC as content service). Additionally, they use ads - which has been a
> hot
> > topic on project sites.  Recognizing the blog is not really a project
> site
> > that is covered as tightly under our principles - can someone speak to
> the
> > compatibility of Automattic's policies and values with WM and WMF? How
> are
> > we getting around the ads?
> > 6. Are there other services on WMF servers that could be potential
> > security threats? Are OTRS, Mailman, and Etherpad subject to these
> concerns
> > as well? Is there a likely possibility that other services will be moved
> in
> > the future?
> > 7. Should all of these services be moved to a separate server?  Is that
> > feasible?
> >
> > I appreciate that WMF is having this dialogue before the switch actually
> > happens.  I agree it is a compelling idea.
> >
> > - greg aka varnent
> >
> >
> > On 5 Sep, 2013, at 5:16 PM, David Gerard <[hidden email]> wrote:
> >
> > > On 5 September 2013 22:07, K. Peachey <[hidden email]> wrote:
> > >
> > >> That is a argument for changing the blogging tool/platform, Not
> > changing to
> > >> non self-hosted environment.
> > >
> > >
> > > tl;dr Wordpress is the only blog that isn't shit. And Wordpress.com is
> > > a fine place to host a blog if you don't want ever to have to think
> > > about the nuts and bolts of securing the thing.
> > >
> > > _______________________________________________
> > > Wikimedia-l mailing list
> > > [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> >
> > _______________________________________________
> > Wikimedia-l mailing list
> > [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>



--

Matthew Roth
Global Communications Manager
Wikimedia Foundation
+1.415.839.6885 ext 6635
www.wikimediafoundation.org
*http://blog.wikimedia.org/*
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
123