Re: [Wikitech-l] Deployment highlights - week of August 19th

[Federico Leva (Nemo)]

Thank you both, concise and clear. :)
Even though they are just quick ephemeral updates they are useful so 
I've copied them to

*  and
* 


which appear to be the (only) pages where they fit.

Nemo

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Deployment highlights - week of August 19th

[Chris Steipp]

On Mon, Aug 19, 2013 at 12:06 PM, Greg Grossmeier wrote:

> 
> > Ceph and OAuth pages still don't say anything about what's actually
> > going to happen. (What sort of OAuth, read only or not etc.? Ceph
> > for what, and is it true that "We're *currently* evaluating it" as
> > the wikitech page says, or is the roadmap right that some decision
> > was taken in July?)
>
> Yes, sorry about that. Those project pages are out of date.
>
> Quick answers:
>
> Ceph: This morning (Pacific time) we enabled multi-write to both Ceph
> and Swift (ie: Ceph will be as up to date as the main file store
> constantly). Later this week (probably Thursday) around the same time
> (early early Pacific morning) we'll switch the 'master' store to Ceph.
> ie: you shouldn't see any issues now on the user facing end, but you
> might later this week (but probably not, based on what we saw this
> morning).
>
>
> OAuth: Chris can correct me if I'm wrong, but this first round of OAuth
> deploys will be to enable intra-WMF server OAuth (mostly for
> Labs/Wikitech use, I believe).
>

I just deployed OAuth to the test wikis this morning. The available set of
rights that can be authorized to an OAuth Consumer (an application that
will be talking to the MediaWiki api on behalf of a user) isn't exhaustive,
but it covers most basic usage of the api, including editing. So no, not
read only.

I'll send out a more detailed announcement with links to documentation for
getting started with OAuth in a little bit.


>
>
> Thanks,
>
> Greg
>
> --
> | Greg GrossmeierGPG: B2FA 27B1 F7EB D327 6B8E |
> | identi.ca: @gregA18D 1138 8E47 FAC8 1C7D |
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Deployment highlights - week of August 19th

[Greg Grossmeier]

> Ceph and OAuth pages still don't say anything about what's actually
> going to happen. (What sort of OAuth, read only or not etc.? Ceph
> for what, and is it true that "We're *currently* evaluating it" as
> the wikitech page says, or is the roadmap right that some decision
> was taken in July?)

Yes, sorry about that. Those project pages are out of date.

Quick answers:

Ceph: This morning (Pacific time) we enabled multi-write to both Ceph
and Swift (ie: Ceph will be as up to date as the main file store
constantly). Later this week (probably Thursday) around the same time
(early early Pacific morning) we'll switch the 'master' store to Ceph.
ie: you shouldn't see any issues now on the user facing end, but you
might later this week (but probably not, based on what we saw this
morning).


OAuth: Chris can correct me if I'm wrong, but this first round of OAuth
deploys will be to enable intra-WMF server OAuth (mostly for
Labs/Wikitech use, I believe).


Thanks,

Greg

-- 
| Greg GrossmeierGPG: B2FA 27B1 F7EB D327 6B8E |
| identi.ca: @gregA18D 1138 8E47 FAC8 1C7D |


signature.asc
Description: Digital signature
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Deployment highlights - week of August 19th

[Greg Grossmeier]

> Greg Grossmeier wrote:
> >If you have any questions, please let me know.
> 
> All right.

:-)

> >== Wednesday ==
> >* We will enable secure login (via HTTPS) by default. This means that
> >  all logged in users will read and edit the site via a secure
> >  connection over HTTPS. Given some restrictions/internet blocks in some
> >  jurisdictions, we will disable this feature on specific language
> >  wikis.
> 
> * Will logged in users automatically be redirected from HTTP to HTTPS once
> this change is live?
> 
> * Will links in e-mail notifications switch from HTTP to HTTPS?
> 
> Most importantly, a change like this will inevitably result in a small
> percentage of users no longer being able to access the site.
> 
> ** How are editors expected to be able to report issues if they're no
> longer able to access the site? Will they simply have to edit a village
> pump anonymously and hope that someone notices?
> 
> ** Will there be any opt-out mechanism for logged in users?
> 
> *** Is the editing community willing to lose a small percentage of editors
> who will no longer be able to contribute to the site?

After I talk with the relevant/knowledgeable people (namely, Chris and
Ryan) later today, I'll add these questions and answers to the HTTPS
wiki page on meta.

Thanks for help us be explicit.

Greg

-- 
| Greg GrossmeierGPG: B2FA 27B1 F7EB D327 6B8E |
| identi.ca: @gregA18D 1138 8E47 FAC8 1C7D |


signature.asc
Description: Digital signature
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Deployment highlights - week of August 19th

[Seb35]

Le Sat, 17 Aug 2013 15:58:01 +0200, MZMcBride  a écrit:

Greg Grossmeier wrote:

== Wednesday ==
* We will enable secure login (via HTTPS) by default. This means that
 all logged in users will read and edit the site via a secure
 connection over HTTPS. Given some restrictions/internet blocks in some
 jurisdictions, we will disable this feature on specific language
 wikis.


* Will logged in users automatically be redirected from HTTP to HTTPS  
once

this change is live?

* Will links in e-mail notifications switch from HTTP to HTTPS?

Most importantly, a change like this will inevitably result in a small
percentage of users no longer being able to access the site.

** How are editors expected to be able to report issues if they're no
longer able to access the site? Will they simply have to edit a village
pump anonymously and hope that someone notices?

** Will there be any opt-out mechanism for logged in users?

*** Is the editing community willing to lose a small percentage of  
editors

who will no longer be able to contribute to the site?

MZMcBride


Given the number of questions coming with HTTPS, I find we should discuss  
it in a central and perennial location, probably on the new page  
[[meta:HTTPS]] .


Indeed, in addition to the WMF, the public and editors are now concerned  
about the privacy and browsing security, but HTTPS has many challenges  
that need to be addressed:
* technical issues (e.g. caching, performance, MITM mitigation, PFS/cipher  
suites, DNSSEC),
* diplomatic issues (e.g. country of issuance of the certificate, firewall  
of China),
* user interaction issues (e.g. diffuse knowledge about HTTPS and  
security, management of errors, promotion of pinning/TACK?  
)
So tech and non-tech people should be involved in the discussions to  
better balance all aspects of the security/privacy.


Just my POV,
Seb35

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Deployment highlights - week of August 19th

[MZMcBride]

Greg Grossmeier wrote:
>If you have any questions, please let me know.

All right.

>== Wednesday ==
>* We will enable secure login (via HTTPS) by default. This means that
>  all logged in users will read and edit the site via a secure
>  connection over HTTPS. Given some restrictions/internet blocks in some
>  jurisdictions, we will disable this feature on specific language
>  wikis.

* Will logged in users automatically be redirected from HTTP to HTTPS once
this change is live?

* Will links in e-mail notifications switch from HTTP to HTTPS?

Most importantly, a change like this will inevitably result in a small
percentage of users no longer being able to access the site.

** How are editors expected to be able to report issues if they're no
longer able to access the site? Will they simply have to edit a village
pump anonymously and hope that someone notices?

** Will there be any opt-out mechanism for logged in users?

*** Is the editing community willing to lose a small percentage of editors
who will no longer be able to contribute to the site?

MZMcBride



___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Deployment highlights - week of August 19th

[Federico Leva (Nemo)]

Ceph and OAuth pages still don't say anything about what's actually 
going to happen. (What sort of OAuth, read only or not etc.? Ceph for 
what, and is it true that "We're *currently* evaluating it" as the 
wikitech page says, or is the roadmap right that some decision was taken 
in July?)


Nemo

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Deployment highlights - week of August 19th

[Greg Grossmeier]

Quick update:

Visual Editor will be rolling out their latest wmf13 branch (not
MediaWiki 1.22wmf13, but the VisualEditor code branched for wmf13) on
the afternoon of Tuesday the 20th.

Wikitech Deployments page has been updated to reflect this.

Greg


> Here is your weekly dose of deployment highlights!
> 
> Full schedule always available at:
> https://wikitech.wikimedia.org/wiki/Deployments
> 
> Next week's:
> https://wikitech.wikimedia.org/wiki/Deployments#Week_of_August_19th
> 
> Highlights below...
> 
> == Monday ==
> * We'll be enabling Ceph on production. Ceph is used for storage of
>   media files (eg: images, videos, etc). More (very detailed)
>   information about this can be found at:
>   https://wikitech.wikimedia.org/wiki/Ceph
> * We'll be deploying OAuth to the set of test wikis (test.wikipedia,
>   test2.wikipedia, mediawiki.org, and test.wikidata.org). More
>   information about the OAuth work can be found at:
>   https://www.mediawiki.org/wiki/Oauth
> * MediaWiki 1.22wmf13 will be deployed to the second group of wikis,
>   ie: all non-Wikipedia project sites.
>   For the list of important changes, see:
>   https://www.mediawiki.org/wiki/MediaWiki_1.22/wmf13#Important_Changes
> 
> == Tuesday ==
> * Notifications (Echo) will be deployed to the first set of non-english
>   pilot sites, specifically French and Polish.
>   See the Notifications release plan at:
>   https://www.mediawiki.org/wiki/Echo/Release_Plan_2013
> 
> == Wednesday ==
> * We will enable secure login (via HTTPS) by default. This means that
>   all logged in users will read and edit the site via a secure
>   connection over HTTPS. Given some restrictions/internet blocks in some
>   jurisdictions, we will disable this feature on specific language
>   wikis.
>   
>   There is a page on MetaWiki explaining this, with a link to the
>   Wikimedia blog post that originally announced the plan here:
>   https://meta.wikimedia.org/wiki/HTTPS
> 
>   This is a first step along a route to improved security while also
>   taking into account internet censorship in certain jurisdictions.
>   
>   There will be more communication about this rollout on Monday the
>   19th.
> 
> == Thursday ==
> * MediaWiki 1.22wmf13 will be deployed to the last group of wikis, ie:
>   all Wikipedia project sites.
>   For the list of important changes, see:
>   https://www.mediawiki.org/wiki/MediaWiki_1.22/wmf13#Important_Changes
> 
> 
> If you have any questions, please let me know.
> 
> Greg
> 
> -- 
> | Greg GrossmeierGPG: B2FA 27B1 F7EB D327 6B8E |
> | identi.ca: @gregA18D 1138 8E47 FAC8 1C7D |



-- 
| Greg GrossmeierGPG: B2FA 27B1 F7EB D327 6B8E |
| identi.ca: @gregA18D 1138 8E47 FAC8 1C7D |


signature.asc
Description: Digital signature
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l