Hi everyone. I am following up on my email from a week ago, about the wiki.
To summarize: I discovered that our wiki had been spammed, but fortunately I found it only a day after it was spammed. I discovered the spamming on June 27, and immediately shut down the wiki and emailed the freedos-user email list about it: On Thu, Jun 27, 2024 at 10:37 AM Jim Hall <jh...@freedos.org> wrote: > > I just realized that someone started spamming our wiki yesterday. So > I've taken that down until I can clean it out and apply a patch. > > Great. Just when a bunch of people would be likely to visit the wiki > to learn more about us. Unfortunately, the only backup was right before I started copying over most of the content, and they spammed the site before the next backup - and I had already made a ton of updates to the wiki in the weeks leading up to the 30th anniversary on June 29. So rolling back to a previous backup basically wipes out the wiki. I can't attach screenshots on the email list, so I've created a temporary page at https://wiki.freedos.org/spammed/ that has screenshots and a version of this email. Whoever spammed the wiki, I don't think they mangled any existing wiki pages, probably to stay under the radar. That means our content is still there, so we can copy/paste it out of the wiki. I found out about the spammed wiki because I was searching for the answer to a question someone asked me about the history of FreeDOS, and I thought we had a "history" page. I deleted these first 3 pages before I realized the extent of the spamming. But they created hundreds and hundreds of new pages, most (all?) of them not linked to from any other pages on the wiki (orphaned). They also created many hundreds of dummy users. The web page I linked to has a screenshot from the Orphaned pages report, showing 500 pages at a time, sorted alphabetically, and over half of page 1 is "pages that start with a number." Page 1 ends with "BBB," page 2 goes to "Fiber," and page 3 goes to "Ideal." So you can see that this is a really long list of pages. Doing a spot check on these pages and looking at the creation date for each, I'm pretty sure the hack happened a day or two before I found it on June 27. So, where do we go from here? I could rebuild the wiki. However, that would require basically rebuilding from scratch. Maintaining a Mediawiki requires a lot of work. You basically have to jump onto a new version as soon as they release a new one, because they often fix security issues (probably like the one that caused our problem). We were on the 1.41.x version, and the Mediawiki website* says "The 1.42.0 stable release came out on 27 June 2024." That was shortly after our wiki was spammed. I'm not excited about a future where I need to drop all my other work immediately, just to apply a new Mediawiki version to the wiki website. *see https://www.mediawiki.org/wiki/MediaWiki_1.42 Even before this issue, I was thinking about how to integrate some of our "non-wiki" content into the wiki website. For example, we have some ebooks at https://www.freedos.org/books/ and content from the press kit that I wanted to migrate into the wiki in some way - but these aren't really "wiki" topics, they are longer form. And I wanted to copy the articles I've written about FreeDOS into the wiki - but again, these don't fit as "wiki" topics. Years ago, we created a "FreeDOS Documentation Project" website that hosted all of our "how-to" articles, "technotes," and other long form topics. We retired that when SourceForge set up a shared wiki for all projects hosted at SourceForge, and we thought it would be easier to maintain a wiki. And for a time, that worked well, until most folks stopped contributing to the wiki. We had a few who updated the wiki, but like two or three people, including me. And of course: later, SourceForge stopped managing a shared wiki, and that's when we set up our own wiki (which lived on freedos.sourceforge.net for a long time before SF did an update that broke the wiki and I had to move the wiki to the new server). Looking at how people look for "help" today, I don't think a wiki is the right answer in 2024. We've seen people email freedos-user and freedos-devel to ask for help, and I've seen similar requests on Facebook and on YouTube sometimes. What people are looking for is a "walkthrough" or a "tutorial" - long form "how-to" content that shows people how to do something, like how to install FreeDOS, or how to use the FreeDOS command line. Instead of building a new wiki, I think this is the right opportunity to set up a FreeDOS "documentation" website, filled with these kinds of "how-to" and "what-is" content. Writing about FreeDOS is also my strength, so I can build up some core documentation quickly by adapting (or just copying/pasting) content from articles I've already written, such as the articles I wrote for Opensource.com and Both.org and elsewhere. The website would be an excellent place for anyone who wants to write a "how-to" or "what-is" document, and share it. It doesn't have to be "evergreen" content like "what is FreeDOS" or "how to install FreeDOS" - it can be more timely items like "what's new in the latest test release." It's similar to article websites, but just about documentation. And it can be non-traditional documentation, too - for example, topics on this website might include a link to a video walkthrough to show things in action, for people who just want to follow along with a video. I've created a mockup of what this documentation website might look like: https://test.freedos.org/ This is meant to be a mockup, so it doesn't use real text. Instead, it shows "squiggles" to represent text. (Behind the scenes, this is just placeholder text with a special font that renders text as "squiggles.") The website concept would have some articles "pinned" at the top as "recommended reading" - these are articles that we want new users to read, such as "what is FreeDOS" or "a quick-start guide to using FreeDOS" or "how to install FreeDOS." Below that, the website would show other topics .. as the list gets too long, we can hide the rest of the list behind a "show more" button. There's also a "call to action" to invite people to write their own how-to for the website. A few topics can be "aliased" to always be accessible, such as /about might be an alias to the "what is FreeDOS" topic, and /install might be an alias to the "how to install FreeDOS" item. But otherwise, topics are listed in the hierarchy. This is basically how I manage the Technically We Write website and Coaching Buttons websites. They are very fast and very secure, because there's no web interface to add content (there's a separate process for that) and the website is essentially a viewer with no ability to modify the contents of the website. So the security profile is extremely small. But it's also easy to backup because it's files - I do a backup of the TWW and CB websites every day. This "test" website is just a place to test things before they go live. My plan would be to rename the wiki.freedos.org server to something like docs.freedos.org and set up the permanent website there. I think this is the best plan, and I think it will also address new users and experienced developers very well. And now we'll have a place that we can point new people to when they ask "newbie" questions, to say "go read this URL on the FreeDOS Documentation website, and it will answer your questions." Thoughts? If there are no alternatives, I can start working on this next week, and likely migrate a set of "what-is" topics from the wiki (and some "how-to" content from my other articles) to the new site that same week, to get things moving on the new documentation website. Jim _______________________________________________ Freedos-devel mailing list Freedos-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-devel
