The Signpost

Technology report

Foundation office switches to closed source, secure browsing, brief news

Wikimedia Foundation office switching to Google Apps

Concerns were raised on the Foundation-l mailing list this week by several Wikipedians when it became known that the Office IT team of the Wikimedia Foundation had decided to start using Google Apps. Google Apps is a web-based office suite that includes Gmail, Google Calendar, Docs and other productivity tools.

User MZMcBride pointed out the software was closed source (in contrast to the open source nature of the MediaWiki software) and wondered if there was any connection to the $2 million grant that Google had given to Wikimedia. The privacy track record of Google was also under question, with Risker noting that "Google's greatest weakness is in the privacy sector. Anyone remember when they turned on Buzz and suddenly there was all kinds of personal information made available because they linked people's multiple accounts? Well, the same thing holds for all their other applications."

Jon Davis, the office IT employee who is running the migration, pointed out the benefits of online office tools for a group of people often on the road, the quality of the software and its usage of open standards. He added that the Foundation is a commercial user of the software and does not receive any benefits for its usage from Google. Responding to privacy concerns, he replied that:

The Foundation's Deputy Director Erik Möller emphasized that its "general policy is to be as open on internal tools as reasonably possible", but that unfortunately the open source Mozilla Thunderbird email client didn't meet all its needs. "We're reluctantly switching to GMail as the standard email solution, but we'd love to switch to an open solution in future".

Browsing securely

Last week's release of the Firefox extension Firesheep prompted discussion on the wikitech-l mailing list about the lack of default secure browsing for Wikimedia websites. Firesheep is a utility that simplifies hijacking the Twitter and Facebook accounts of other users when they use insecure Wi-Fi networks. Although not included in Firesheep, Wikipedia is vulnerable to the same problem unless people make use of the secure server when logging in to Foundation sites. Questions were raised regarding switching all login requests to such secure connections, but Foundation contractor Roan Kattouw quickly pointed out that to protect connections against this problem, all traffic (and not just all login requests) would have to make use of secure connections. On this point, there were many concerns about the hardware cost of switching all traffic to secure connections, but Conrad Irwin pointed out:


Developer Ashar Voultoiz subsequently added an option to the interface of the MediaWiki software to simplify use of a secure server for logging in. The option will benefit other users of the software who do have the resources to provide a secure browsing environment. In the meantime, editors and especially administrators of the Foundation's websites are encouraged to make use of the secure server whenever they are logging in from open Wi-Fi networks and other shared internet connections, such as in libraries.

In August, The Signpost covered a study of the security of large websites, in which Wikipedia received a 4 out of 10 score on their current password practices.

In brief

Not all fixes may have gone live to WMF sites at the time of writing; some may not be scheduled to go live for many weeks.

The increased work by servers on the job queue

















Wikipedia:Wikipedia Signpost/2010-11-01/Technology_report