*.Wordpress.com blocked in China..... Chinese wikipedia: http://zh.wikipedia.org/ My blog: http://shizhao.org twitter: https://twitter.com/shizhao
[[zh:User:Shizhao]] 2013/9/6 Matthew Roth <[email protected]>: > Hi all, > > I was going to socialize some of the transitions for the Wikimedia blog in > the next few weeks on the Wikimedia blog > space<https://meta.wikimedia.org/wiki/Wikimedia_Blog>on Meta and on > the blog itself with a blog post, but this conversation has > sped up the discussion. I plan to have something on Meta by the beginning > of next week and hope that we can continue the discussion there when the > content is posted. > > As a general concept, we’re redesigning the blog to be less focused on the > Wikimedia Foundation and more on the Wikimedia movement. For the past year, > we have been sharing more narratives from the movement, making this > important communications tool more about movement partners and not > exclusively about the Wikimedia Foundation. We believe the public has > little understanding of the people behind the projects and we want to share > their stories (i.e. why the contribute, why they edit, why they develop). > We still need the tool to communicate important updates from the WMF, but > that can be accomplished in a larger ecosystem with more diversity of > voices. We’ve had a significant increase in publication from authors who > don’t work for the WMF, as well as increased multi-lingual posts, and we > will continue to increase the amount and diversity of participation. > > Specifically, let me address a couple of points raised in this thread. > > > - > > We are redesigning the blog. For those at Wikimania who saw my talk, we > shared the working site for the new Wikimedia blog and explained the basics > of our thinking. Here is the link for the site under construction. Please > understand this is still under construction and there will be some changes, > but this is the basic design of the new Wikimedia blog. It’s also populated > with data from a db dump that is now 2 months old, so you will see > significant content difference from the current Wikimedia blog. The draft > version of the blog is hosted on an outside platform, WP Engine, but this > is not necessarily the hosting company we may use in future: > http://wikimedia.wpengine.com/ > - > > We’re exploring the possibility of 3rd-party hosting of the blog. We had > extensive discussions with members of the WMF Operations and Engineering > teams about whether to continue to host the blog on our servers or move to > a 3rd-party host. Ultimately we determined that 3rd party hosts made sense > for the blog for a number of important reasons. I would refer you to the > email in this > thread<http://www.gossamer-threads.com/lists/wiki/foundation/387838#387838>from > Leslie Carr in our Ops team, but essentially they feel that a move to > a 3rd party host would address important security and support concerns, and > would therefore be preferable to continuing to host the blog ourselves. > - > > A 3rd-party host will give us redundancy and strong backups. The blog > has become the Foundation’s primary public communications tool (alongside, > naturally, the host of wikis we use to converse with the community). We > want to be sure this platform is hosted on a 3rd-party site in case we > encounter a significant outage or cluster-wide downtime. Obviously we can’t > rely on the projects to get that information out if the cluster is down, > and although we will continue to use identi.ca, twitter, and facebook, > we’d like to have a stable place to point traffic. > - > > The blog needs to be able to handle a lot of traffic, quickly. We know > that Wikimedia’s servers are up to this kind of task, but we’re experts at > hosting wikis - not necessarily experts at hosting blogs. Specifically > blogs that may need to handle very large volumes of traffic, spam, and > comments in a short period of time. We had one such situation back in 2012 > during the Wikipedia blackout. We sent tens of millions of readers to the > Wikimedia blog and dealt with around 18K comments in a matter of hours. We > could handle it, but we’d like to have capacity to handle that in an > emergency situation. Not all blog hosting companies can do this, but a few > that we’re looking at are expressly built to handle immediate and massive > increases in traffic, and they’ve got amazing back up services. > - > > We have not yet selected a 3rd-party host. We have screened a couple of > 3rd-party hosts. While Wordpress.com is one of our top choices (not the > standard consumer version, rather their ‘managed’ or white glove hosting > services for high volume customers), we have not yet selected them. Right > now the WMF legal team is in discussions with Wordpress.com and others. We > appreciate that if we host on a 3rd party site, we need to navigate the > important issue of ensuring our privacies policies are compatible. > - > > The new blog is responsive and much better on multiple devices. With the > 2012 Wordpress theme, we can easily adapt our blog to multiple screen > widths. Please try expanding and narrowing your browser widths to see the > responsive design, or load the new blog on a mobile or tablet. > - > > We feel Wordpress is still the best tool for blog publishing. While > wikis are functional for many things, we feel Wordpress is better for > blogging/publishing. When we started the blog redesign, we briefly > discussed other platforms, but we don’t believe there is a superior tool > for the blog. Because we’ve had a Wordpress install since 2008 and it has > worked well for us since then, we decided not to change. We also needed to > be sure that however we proceeded, we could also move away if we need to, > and easily and quickly resume hosting of the blog or move it somewhere > else. > - > > When we move hosting to a 3rd-party site, users will need to agree to > the new privacy policy that we work out for the blog. During the > transition when we update the database and move the blog from our cluster > to a 3rd-party site, current blog users will need to create new accounts on > the new blog and agree to the new privacy policy. > > > More to come next week, but hopefully this addresses some of the concerns > raised here. We’re very interested in your feedback and hope that we can > capture all the comments and critique on the Meta page when it is up. > > thanks, > Matthew > > > On Thu, Sep 5, 2013 at 3:44 PM, Dan Collins <[email protected]> wrote: > >> At least OTRS and mailman belong inside our security "bubble" of control, >> where the only people with access are ops and they can be properly secured. >> The security risk of those applications potentially introducing and >> attacker to all our data is minimal compared to the much greater risk of >> placing our user names, passwords, email addresses, and highly private OTRS >> queues in the hands of a third party including all their technicians, not >> to mention their security practices that we have no control over. >> >> As for the other question. If the nsa sends a letter to WordPress then they >> can get the email address and IP of someone who posted a post or comment to >> our blog. Probably the password too. If we host it over SSL then there's no >> way for them to know even that a given user commented, and if we did SSL >> right (maybe in another ten years) no one would know whether an IP was anon >> browsing, a checkuser or oversight, or reading our highly sensitive OTRS >> queues. >> On Sep 5, 2013 6:28 PM, "Gregory Varnum" <[email protected]> wrote: >> >> > I think this makes 100% sense from an operations perspective. Anytime >> you >> > can "outsource" a lower priority web service - fantastic. >> > >> > However, from a community advocacy perspective - I am less convinced. I >> > would be curious if anyone from that team could chime in as well. >> > >> > The security argument makes a great deal of sense to me - making the >> > primary production sites vulnerable should always be avoided if at all >> > humanly possible to do so. >> > >> > Here are some lingering questions I would have for Advocacy and Ops: >> > 1. How closely are we working with WordPress.com staff on this setup? >> > 2. Will we be paying for the service? (I know it is minimal - more >> curious >> > than anything) >> > 3. Is the Automattic (company behind WordPress) privacy policy compatible >> > with WMF's current and proposed (as it exists now) privacy policy? >> > 4. Will people be required to register with WordPress.com to participate >> > in the blog? >> > 5. I recognize we utilize a lot of corporations - but most do not handle >> > our content (I suppose data centers and bandwidth - but I digress) - >> > generally that has been our own or a nonprofit like Freenode (if you >> count >> > IRC as content service). Additionally, they use ads - which has been a >> hot >> > topic on project sites. Recognizing the blog is not really a project >> site >> > that is covered as tightly under our principles - can someone speak to >> the >> > compatibility of Automattic's policies and values with WM and WMF? How >> are >> > we getting around the ads? >> > 6. Are there other services on WMF servers that could be potential >> > security threats? Are OTRS, Mailman, and Etherpad subject to these >> concerns >> > as well? Is there a likely possibility that other services will be moved >> in >> > the future? >> > 7. Should all of these services be moved to a separate server? Is that >> > feasible? >> > >> > I appreciate that WMF is having this dialogue before the switch actually >> > happens. I agree it is a compelling idea. >> > >> > - greg aka varnent >> > >> > >> > On 5 Sep, 2013, at 5:16 PM, David Gerard <[email protected]> wrote: >> > >> > > On 5 September 2013 22:07, K. Peachey <[email protected]> wrote: >> > > >> > >> That is a argument for changing the blogging tool/platform, Not >> > changing to >> > >> non self-hosted environment. >> > > >> > > >> > > tl;dr Wordpress is the only blog that isn't shit. And Wordpress.com is >> > > a fine place to host a blog if you don't want ever to have to think >> > > about the nuts and bolts of securing the thing. >> > > >> > > _______________________________________________ >> > > Wikimedia-l mailing list >> > > [email protected] >> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, >> > <mailto:[email protected]?subject=unsubscribe> >> > >> > >> > _______________________________________________ >> > Wikimedia-l mailing list >> > [email protected] >> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, >> > <mailto:[email protected]?subject=unsubscribe> >> _______________________________________________ >> Wikimedia-l mailing list >> [email protected] >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, >> <mailto:[email protected]?subject=unsubscribe> >> > > > > -- > > Matthew Roth > Global Communications Manager > Wikimedia Foundation > +1.415.839.6885 ext 6635 > www.wikimediafoundation.org > *http://blog.wikimedia.org/* > _______________________________________________ > Wikimedia-l mailing list > [email protected] > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:[email protected]?subject=unsubscribe> _______________________________________________ Wikimedia-l mailing list [email protected] Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[email protected]?subject=unsubscribe>
