Wikipedia:Wikipedia Signpost/2010-11-01/Technology report

Wikimedia Foundation office switching to Google Apps
Concerns were raised on the Foundation-l mailing list this week by several Wikipedians when it became known that the Office IT team of the Wikimedia Foundation had decided to start using Google Apps. Google Apps is a web-based office suite that includes Gmail, Google Calendar, Docs and other productivity tools.

User MZMcBride pointed out the software was closed source (in contrast to the open source nature of the MediaWiki software) and wondered if there was any connection to the $2 million grant that Google had given to Wikimedia. The privacy track record of Google was also under question, with Risker noting that "Google's greatest weakness is in the privacy sector. Anyone remember when they turned on Buzz and suddenly there was all kinds of personal information made available because they linked people's multiple accounts? Well, the same thing holds for all their other applications."

Jon Davis, the office IT employee who is running the migration, pointed out the benefits of online office tools for a group of people often on the road, the quality of the software and its usage of open standards. He added that the Foundation is a commercial user of the software and does not receive any benefits for its usage from Google. Responding to privacy concerns, he replied that: The EULA for Google App[s] is slightly different than the normal one. We continue to own our data and Google doesn't. We have had the EULA reviewed by legal counsel, as well as our in-house tech staff, and received the opinion that the privacy provisions were strong enough to meet our needs.

The Foundation's Deputy Director Erik Möller emphasized that its "general policy is to be as open on internal tools as reasonably possible", but that unfortunately the open source Mozilla Thunderbird email client didn't meet all its needs. "We're reluctantly switching to GMail as the standard email solution, but we'd love to switch to an open solution in future".

Browsing securely
Last week's release of the Firefox extension Firesheep prompted discussion on the wikitech-l mailing list about the lack of default secure browsing for Wikimedia websites. Firesheep is a utility that simplifies hijacking the Twitter and Facebook accounts of other users when they use insecure Wi-Fi networks. Although not included in Firesheep, Wikipedia is vulnerable to the same problem unless people make use of the secure server when logging in to Foundation sites. Questions were raised regarding switching all login requests to such secure connections, but Foundation contractor Roan Kattouw quickly pointed out that to protect connections against this problem, all traffic (and not just all login requests) would have to make use of secure connections. On this point, there were many concerns about the hardware cost of switching all traffic to secure connections, but Conrad Irwin pointed out:

There is no real massive load caused by https [using the secure server] at runtime. There is however a significant chink of developer and sys[tem] admin time needed to implement this and make it work.

Developer Ashar Voultoiz subsequently added an option to the interface of the MediaWiki software to simplify use of a secure server for logging in. The option will benefit other users of the software who do have the resources to provide a secure browsing environment. In the meantime, editors and especially administrators of the Foundation's websites are encouraged to make use of the secure server whenever they are logging in from open Wi-Fi networks and other shared internet connections, such as in libraries.

In August, The Signpost covered a study of the security of large websites, in which Wikipedia received a 4 out of 10 score on their current password practices.

In brief
Not all fixes may have gone live to WMF sites at the time of writing; some may not be scheduled to go live for many weeks.
 * JeLuF has more than doubled the number of servers which work on the job queue (low priority tasks handled during off-peak times, such as category listing updates). It previously stood at about a million "jobs" on the English Wikipedia and is now zero on most wikis and under 200,000 on the English Wikipedia.
 * MediaWiki will now use the RSD protocol to announce its API capabilities in a more machine-understandable format (bug #25648).
 * It was announced that the speed of Pending Changes has improved and that work is ongoing regarding user interface improvement (wikitech-l mailing list).
 * Developer Chad Horohoe announced the official release of a new installer for the MediaWiki software, making it a lot easier for third parties to install and configure their own wiki (wikitech-l mailing list). It had been in the pipeline for a number of months, and a key target feature for the next release of the software.