Some kind people at Qualys have surveyed versions of open source web apps present on the web, including MediaWiki. Here is the relevant page from their presentation:

For the original see:

• https://community.qualys.com/docs/DOC-1401

And the press release:

• http://www.qualys.com/company/newsroom/newsreleases/usa/view/2010-07-28/

They make the point that 95% of MediaWiki installations have a “serious vulnerability”, whereas only 4% of WordPress installations do. While WordPress’s web-based upgrade utility certainly has a positive impact on security, I feel I should point out that what WordPress counts as a serious vulnerability does not align with MediaWiki’s definition of the same term.

For instance, if a web-based user could execute arbitrary PHP code on the server, compromising all data and user accounts, we would count that as the most serious sort of vulnerability, and we would do an immediate release to fix it. We’re proud of the fact that we haven’t had any such vulnerability in a stable release since 1.5.3 (December 2005).

However in WordPress, they count this as a feature, and all administrators can do it. Similarly, WordPress avoids the difficult problem of sanitising HTML and CSS while preserving a rich feature set by simply allowing all authors to post raw HTML.

If you are running MediaWiki in a CMS-like mode, with whitelist edit and account creation restricted, then I think it’s fair to say that in terms of security, you’re better off with MediaWiki 1.14.1 or later than you are with the latest version of WordPress.

However, the statistics presented by Qualys show that an alarming number of people are running versions of MediaWiki older than 1.14.1, which was the most recent fix for an XSS vulnerability exploitable without special privileges. There is certainly room for us to do better.

We have a new installer project in development, which we hope to release in 1.17. It includes a feature which encourages users to sign up for our release announcements mailing list. But maybe we need to do more. Should we take a leaf from WordPress’s book, and nag administrators with a prominent notice when they are not using the latest version? Such a feature would require MediaWiki to “dial home”, which is controversial in our developer community.

Tim Starling, Lead Platform Architect

We are proud to announce the first stable release of the 1.16 series. Selected changes that may be of interest since MediaWiki 1.15 are:

• Watchlists now have RSS/Atom feeds. RSS feeds generally are now hidden, since Atom is a better protocol and is supported by virtually all clients.
• It’s now possible to block users from sending email via Special:Emailuser.
• The maintenance script system was overhauled. Most maintenance scripts now have a useful help page when you run them with –help.
• AdminSettings.php is no longer required in order to run maintenance scripts. You can just set $wgDBadminuser and $wgDBadminpassword in your LocalSettings.php instead.
• The preferences system was overhauled. Preferences are stored in a more compact format. Changes to site default preferences will automatically affect all users who have not chosen a different preference.
• Support for SQLite was improved. Some broken features were fixed, and it now has an efficient full-text search.
• The user groups ACL system was improved by allowing rights to be revoked, instead of just granted.
• A new localisation caching system was introduced, which will make MediaWiki faster for almost everyone, especially when lots of extensions are enabled.

By default, this new system makes a lot of database queries. If your database is particularly slow, or if your system administrator limits your query count, or if you want to squeeze as much performance as possible out of Mediawiki, set $wgCacheDirectory to a writable path on the local filesystem. Make sure you have the DBA extension for PHP installed, this will improve performance further.

MediaWiki 1.15.5 was also released today. Both MediaWiki 1.15.5 and 1.16.0 contain important security fixes. For further details please read the release announcement.

At Wikimedia we are always looking to innovate – to try new things and see how they work. For instance, right now we’re re-thinking how we fill open positions in our newly formed Community Department. Rather than focus on traditional resources for hiring new talent, we have decided to put out a call to the broad, global audience that visits our projects. We’re focused on casting our net widely – in many languages and countries. Our goal is to find interesting people; people who have unique experience and skills and are interested in working with us.

In order to do this we’re going to try out a few different things, including the addition of a banner to our projects inviting people to Work at Wikimedia/Wikipedia. Keep an eye out for the banners.  If you’d prefer to not see them, just click “hide” and it will disappear into the background. If you’re interested though, click through and you’ll find a form with the opportunity to tell us a little bit about yourself.

Here is some information from the Community Department outlining what they are looking to do with this call for submissions:

This year, the Community Department will be hiring for a series of important senior and entry level positions. All positions will involve collaborating and communicating with Wikimedia project contributors and users intensively and publicly, grappling with problems that no one has ever solved before, navigating technological and social challenges and opportunities, and dealing with a high level of complexity and uncertainty. Candidates should have extremely high levels of skill and comfort in communication (especially writing), qualitative and quantitative analysis, management and self-management. Candidates who are not already deeply immersed in online collaborative communities will have to show an aptitude for quickly gaining a deep understanding of our communities’ technologies, practices, traditions and culture — and to become trusted and productive members of the Wikimedia community and movement.

We are especially looking for:

Current Wikimedia community contributors, readers and leaders,

Insightful observers of Wikimedia and other collaborative communities,

People with specialty skill sets (e.g. statistics, ethnography, and probably a lot other things we’ve never thought of),

People belonging to language communities of new and growing Wikipedias and other Wikimedia projects,

People with insight into reaching groups currently underrepresented in Wikimedia contributor communities.

Ideal candidates for positions at Wikimedia Foundation’s Community Department:

Have a passion for online communities, self-organizing systems, open and collaborative enterprises, democratic and consensus based societies, and emergent and participatory governance structures — and desperately want to see them succeed and prove the cynics wrong.

Have thought enough about this stuff to have their own opinions and theories on various problems and opportunities facing Wikimedia and other online communities.

Are equally strong dealing with qualitative and quantitative knowledge and research.

Are self-directed, self-motivated, efficient, upbeat, optimistic, and extremely good with people. Wikimedia Foundation staff face intense pressures in highly-demanding roles. While the Wikimedia Foundation team strives to be mutually supportive, it only works when each individual is self-driven to overcome the challenges they face.

Are knowledgeable about software development processes and with database and web technologies.

Are creative non-linear thinkers who will sometimes fight for seemingly crazy ideas by backing them up with logical argument and data.

Are systems-thinkers who love to think about workflow and technology systems inside organizations.

Are multilingual, especially in major world languages and languages with large or growing Wikipedias.

Have insights and experience reaching groups currently underrepresented in Wikimedia communities.

If you are interested in submitting your information for consideration for our Community Department please visit this page and fill out the form.

Thanks for your interest!

-Daniel Phelps, Human Resources & Philippe Beaudette, Community Department

Earlier today the folks over at Google provided an update on their progress using Translation Toolkit with volunteers and translators to improve the article count in smaller language versions of Wikipedia, including Arabic, Gujarati, Hindi, Kannada, Swahili, Tamil and Telugu.  Google is a passionate believer in the need to translate and bring more high quality works of text to less-represented languages on the web.

Michael Galvez, a Product Manager from Google, presented the recent findings of these efforts at this year’s Wikimania in Gdańsk – which wrapped up on Sunday, July 11 of this year.

From Michael’s post:

We believe that translation is key to our mission of making information useful to everyone. For example, Wikipedia is a phenomenal source of knowledge, especially for speakers of common languages such as English, German and French where there are hundreds of thousands—or millions—of articles available. For many smaller languages, however, Wikipedia doesn’t yet have anywhere near the same amount of content available.

Google is reporting an increase of about 16 million words so far due to the efforts of local volunteers and translators using the Translation Toolkit.  In Hindi Wikipedia these efforts have resulted in an increase in size of about 20 per cent. They continue their work directly with volunteers from these language projects, and continue to expand the capabilities of the translation toolkit in new languages.

A big thanks for the ongoing efforts of the volunteers and translators, and to Google for continuing to invest time and resources in this great translation system.

Jay Walsh, Communications

The Royal Gold Cup, today’s feature article on the English Wikipedia, is not only a fascinating object but it is also the culmination of an innovative project between the British Museum and Wikipedia.

For the last month the British Museum has been host to a volunteer Wikipedian in Residence – a pilot project aimed at building a mutually beneficial and proactive relationship between two communities that share a common heritage. Wikipedia is “the free encyclopedia” since 2001 and the British Museum has provided free entry “to all studious and curious persons” since 1753.

A london based Wikipedian, editing under the name Johnbod who is the principal author of Royal Gold Cup, is the first recipient of a prize offered by the museum for new feature quality content about objects in their collection.

This article was created only a month ago as a result of the museum offering a Backstage Pass tour for UK local Wikipedians. The one to one relationships built from this day have resulted in not only new Wikipedia content but a greater understanding in both communities of the needs of the other. A mutually beneficial relationship was created. Other recipients of this prize and also featured today are the articles Rosetta Stone in the Latin Wikipedia and Epifania in the Catalan Wikipedia.

Other major events run as part of this burgeoning relationship included the Hoxne Challenge – a focused day of writing on the article Hoxne Hoard. This event posed the challenge to create top quality content in a short space of time if the experts, literature and Wikipedians are brought together in the same room.  Video of the event released by the British Museum under cc-by-sa.

Jonathan Williams, keeper of the department of Prehistory and Europe at the British Museum said of this project,

“I am delighted with the amazing results of the British Museum’s new relationship with Wikipedia. We’ve learned a lot about how Wikipedia works, and about how it can be such a great resource for people who want to learn about history and archaeology. And I have had my eyes opened to the potential audiences the Museum can reach by working more closely with the Wikipedia community.

During its 600 year history, the Royal Gold Cup has belonged to kings of France, Great Britain, and Spain. But being on Wikipedia’s mainpage has to be its finest moment yet!”

In recognition of the value of Wikpedia’s top quality content the British Museum have also featured the Royal Gold Cup on their main page and included a link back to Wikipedia from their catalogue reference.

To read more about the British Museum – Wikipedia project, check out http://en.wikipedia.org/wiki/Wikipedia:GLAM/BM

Liam Wyatt, Wikipedian-in-Residence at the British Museum in London

Gdańsk, Poland is currently filled with several hundred wiki enthusiasts, as the city plays host to two of the major wiki-focused global conferences this week: Wikimania, the official conference of Wikimedians and the projects of the Wikimedia Foundation, and WikiSym 2010, the 6th international symposium on wikis and open collaboration. This is the first time that both conferences have been coordinated to take place at the same time and in the same city.

Wikimania 2010

Wikimania 2010 is the 6th annual international conference for Wikimedia’s volunteers, collaborators, and stakeholders – focusing on discussion about Wikimedia’s projects and the core, free operating software, MediaWiki.  The conference starts Friday, July 9 and runs for three days into Sunday, July 11.   Over 300 participants from around the world are expected to attend and deliver over 50 presentations on topics within three conference tracks (knowledge, infrastructure, and people) that include subjects like offline viewing of Wikipedia, semantic MediaWiki, increasing participation on projects, and expanding Wikimedia’s global volunteer network.

Wikimania 2010 will also include for the first time an orchestral recital of the work of Władysław Szpilman, as a memorial on the tenth anniversary of the composer’s death in July, 2000.  Szpilman, a world-renown composer and performer, authored the memoir, The Pianist, which inspired the film directed by Roman Polański. This year will also include the first film premiere at Wikimania, the debut public screening of Truth In Numbers, The Wikipedia Story, a documentary film three years in the making by filmmakers Nic Hill and Scott Glosserman.

Also for the first time this year, Wikimedians converged in London, and throughout Europe, for wiki-train: a coordinated, rolling-wiki meetup on rails that brought a few dozens wikimedians together to ride from London to Gdansk. A highlight video reel is available on Wikimedia Commons.

Wikisym 2010

The sixth annual conference of Wikisym, is the gathering of academics from around the world focusing on wikis and digital collaboration systems, which now include over 300 different formats of wikis and online collaboration tools.  This year’s program includes dozens of open-topics, as well as two keynotes by Wikipedian and author Andrew Lih, and Cliff Lampe, Assistant Professor in telecommunications, media and information studies from the University of Michigan. Wikisym takes place July 7 through July 9.

Host city: Gdańsk

Gdańsk, the 1000-year old port city in Northern Poland has deep historical and multicultural roots.  The birthplace of Poland’s Solidarity movement and the first city to experience World War II, Gdańsk and the tri-city region are home to over 800,000 residents.  The area is one of the major industrial and cultural centers of Poland.  It’s a musical capital (home of the Chopin music festival), and a historic center for commercial trade throughout eastern Europe.  The complex history of Gdańsk is described in great detail on its English Wikipedia article, including the unique debate about the accurate use of the city’s name (Gdańsk or Danzig?), through history.

The local coordination teams for Wikimania and Wikisym deserve our great thanks for producing two conferences that bring together 100s of passionate wiki enthusiasts from all over the world.  Congratulations, and good luck!

Jay Walsh, Head of Communications

Starting at 0:10 UTC on July 5th, the Wikimedia Foundation suffered from
intermittent, partial power failures in the internal power network of
one of its main data centers in Tampa, Florida. Due to the temporary
unavailability of several critical systems and the large impact on the
available systems capacity, all Wikimedia projects went down. The power
situation stabilized at 1:12 UTC, and systems and services recovery has
been taking place since. We expect all projects to be back online and
editable around 4:00 UTC.

The Wikimedia Foundation congratulates the newest official Wikimedia chapter: Wikimedia India! The Chapters Committee has unanimously approved the formation of WMIN, an important step towards building a stronger community of volunteers throughout the country. We’re extremely excited to see their good work recognized by this milestone achievement.

Wikimedia’s 29 local chapters form a vital network of organizations that share a common mission: a world in which every single human being can freely share in the sum of all knowledge . The Foundation has high hopes for Wikimedia India, and we look forward to working closely with the new chapter as the Foundation begins implementing a strategic, five-year plan to help grow readers and editors throughout the Global South, starting in India.

The formation of this chapter is a critical step in the Wikimedia movement– we offer our sincere congratulations to WMIN!

Moka Pantages, Communications

Earlier in June, Germany’s first Skillshare conference took place under the patronage of Edelgard Bulmahn (Member of Parliament, former Federal Secretary of Education).  The conference set new standards for community events in the German-speaking Wikimedia universe. More than 150 volunteers from free content projects met in the picturesque town of Lüneburg; the attendees included young artisans, university members, politicians, media, and Lüneburg citizens. The conference aimed to strengthen the free content community, gain attention from media, and recruit new authors to free content projects, which do not fall into the category of usual suspects for male computer scientists in their twenties. Skillshare was conceptualized as an open platform for exchanging ideas between free content communities.

The conference featured a three-day in person meeting between 34 open space workshops  on topics like OpenStreetMap, programming bots, quality management, conflict resolution,  and effective use of sources. But community building involves not only formal training, but also informal chats. Lueneburg’s pubs were brimming with excited Wikipedians chatting about the latest monobook extensions, neutral point of view in advertising cell phones, or their favorite beers. No less than 150 of the most active volunteers thus learned that there is life beyond the keyboard.

Likewise, the citizens of Lueneburg and the regional small artisans association (the event’s host) learned that real people write Wikipedia. Some even got hooked on writing Wikipedia entries about their own trade or town. More than 1400 photos and 40 old maps from the city’s archive were some of outcomes of the conference.

Big politics and the media joined the event for a discussion on New Media, attended by Kai Gniffke, chief of staff of main German evening news TV program, three members of the Parliamentary subcommittee for new media, University of Lüneburg, and Wikimedia’s own Ting Chen.

The event also broke new ground in its funding model. Wikimedia Germany and Wikimedia Switzerland covered a small part of the costs, while local businesses and associations contributed the bulk of the funds. Wikimedia Switzerland and Wikimedia Austria offered travel stipends. The funding model created effective ties to the universe outside of Wikipedia/Wikimedia, which means additional funds, but more importantly, new blood for a larger open content community. The event also strengthened connections between Wikipedians, many of whom had never met in person. It also brought together members of different free content projects like Wikisource, Wikiquote, and OpenStreetMap.

It certainly was the most effective and lively event for the German-speaking community to date, and, bar the not-invented-here-syndrome, it might serve as a pilot project for other languages.

Nadine Stark, co-organizer, Skillshare