[Lnc-business] L-Pedia

Wes Benedict wes.benedict at lp.org
Tue Jun 21 13:40:02 EDT 2016


After talking to Robert Kraus, we are recalling the L-Pedia is hosted on 
the same server as LP.org. So, when security holes or outdated software 
from L-Pedia causes problems, it hurts LP.org. Giving access to the key 
points is a security risk for LP.org.

We plan to phase out the server we have for LP.org over the next year or 
so, depending on how things go.

I suggest starting over and building a brand new L-Pedia separate from 
LP.org. That's what we're going to do for LP.org. Start over with a new 
website. Has to be done sometimes.


Wes Benedict, Executive Director
Libertarian National Committee, Inc.
1444 Duke St., Alexandria, VA 22314
(202) 333-0008 ext. 232, wes.benedict at lp.org
facebook.com/libertarians @LPNational
Join the Libertarian Party at: http://lp.org/membership

On 6/21/2016 1:24 PM, Caryn Ann Harlos wrote:
> I believe James Gholston is saying he can "fix" it.  He needs the 
> access to do so.  He can fix the LPedia spam issue too.... but he 
> needs access.  What I am asking (and it might be ignorant) is if there 
> is already a sandbox for LPedia or if one can be created (i.e. it can 
> be walled off from other assets) and a volunteer can take over.  I 
> don't want staff time taken.... but I don't want the asset to be 
> destroyed either.
>
> What can we do to give it over to a volunteer?  To either start over, 
> fix or whatever?  That is really the answer needed I think.  When I 
> have that information, I will pursue the appropriate motion to make it 
> happen..... and hopefully involving NO other staff time other than 
> giving the keys to a volunteer or creating the sandbox.  I am not a 
> techie, but I know enough to know that shouldn't be a big deal.
>
> Or alternatively if the Party simply doesn't want this asset anymore, 
> we can "give" it to a volunteer or perhaps see if LSLA wants to take 
> it over.
>
>
> On Tue, Jun 21, 2016 at 11:17 AM, Wes Benedict <wes.benedict at lp.org 
> <mailto:wes.benedict at lp.org>> wrote:
>
>     I think the only reason volunteers might not have been given
>     access is because of the security opening that allow tons of spam.
>     I don't recall if this is hosted somewhere that causes it to also
>     hurt other websites we control.
>
>     I deliberately wanted L-Pedia to be a volunteer managed site -
>     staff has not had interest in trying to control the content of
>     L-Pedia since 2009. I believe a few times the volunteers asked
>     Eric Dixon to help trouble shoot some things. I think that's it.
>
>     What might be nice is for a team (not staff) to rebuild from
>     scratch an L-Pedia using the technology they think is needed, and
>     don't even give the passwords to staff. That would guarantee
>     prevention of staff interference. Unless you all think you can fix
>     the current version which is also fine with me.
>
>     We are in the middle of trying to fix some LPStore.org issues and
>     plan to roll out a new LP.org shortly. I promised info on the Ohio
>     ballot access drive to Ken Moellman last Friday and haven't gotten
>     it to him yet. Have been working on hiring help and need to finish
>     the approvals and paperwork. I have over 200 emails in my inbox
>     and many require follow up work, not just reading or forwarding.
>     Sounds easy to delegate, but it's not easy to delegate in a way
>     that others don't violate our Policy Manual and chair and LNC
>     directives.
>
>     L-Pedia is near the bottom of my priorities right now. I removed
>     links to it from LP.org in 2010 because the content was so bad. I
>     hear it's improved dramatically since then which is a good sign.
>
>     If you would like staff to help with L-Pedia before updating the
>     home page of Lp.org, and lots of other things, that will require a
>     directive from the chair or LNC motion.
>
>     Caryn, please consult Eric Dixon, former staff member, copied on
>     this email, to see if he can dig up some emails for you on this topic.
>
>     I'm thinking we should postpone LP.org upgrade until after the
>     election, given all the other stuff that keeps coming up. Whether
>     it's upgraded by staff, or an outside company, either way it will
>     take tons of staff time.
>
>
>     Wes Benedict, Executive Director
>     Libertarian National Committee, Inc.
>     1444 Duke St., Alexandria, VA 22314
>     (202) 333-0008 ext. 232 <tel:%28202%29%20333-0008%20ext.%20232>,wes.benedict at lp.org <mailto:wes.benedict at lp.org>
>     facebook.com/libertarians <http://facebook.com/libertarians>  @LPNational
>     Join the Libertarian Party at:http://lp.org/membership
>
>     On 6/21/2016 9:32 AM, Caryn Ann Harlos wrote:
>>     That seems reasonable to me, but it seems to me that there is
>>     some reason that a volunteer was not allowed this access in the
>>     past.  Perhaps it was just because the right person didn't ask
>>     and pursue it.  Which is why I am asking and pursuing it.  Simply
>>     giving said access seems like it would solve this issue.  From
>>     what I understand James Gholston of Texas has the skills and
>>     desire to do this.
>>
>>     On Tue, Jun 21, 2016 at 7:27 AM, Brett Bittner
>>     <brett at brettbittner.com <mailto:brett at brettbittner.com>> wrote:
>>
>>         My thoughts:
>>
>>           * I see the historical content as valuable
>>           * I understand the constraints on staff time and budget
>>           * We are in the midst of the 2016 election cycle
>>           * A termed agreement (until the end of 2016, maybe?) with a
>>             volunteer for short term access for critical updates this
>>             cycle (due to its high page rank) could "band-aid" us
>>             through to allow for consideration of staff time and $$
>>             allocation at our December 2016 session without taking
>>             away resources in the immediate term
>>
>>
>>         Brett C. Bittner
>>
>>         brett at brettbittner.com <mailto:brett at brettbittner.com>
>>         404.492.6524 <tel:404.492.6524>
>>
>>         "I would rather be exposed to the inconveniences attending
>>         too much liberty than those attending too small a degree of
>>         it." -- Thomas Jefferson
>>
>>         On Tue, Jun 21, 2016 at 9:13 AM, Caryn Ann Harlos
>>         <carynannharlos at gmail.com <mailto:carynannharlos at gmail.com>>
>>         wrote:
>>
>>             Thank you David.  I am hoping for some discussion,
>>             particularly from those who have been here a while, on
>>             the best route.  It seems this an asset that the Party
>>             started and let lie fallow.  From this update it seems it
>>             is inevitable that it will be be undone through a hack
>>             exploit or needed software update if something isn't
>>             done, which requires certain server access which the
>>             Party does not want to give to an outside volunteer. This
>>             presents at least these options (and I would like to hear
>>             more).
>>
>>             1.  Remove it and kill it (this is going to happen if
>>             nothing is done, I am very opposed to this option and am
>>             trying to prevent it)
>>
>>             2. Allot staff time and budget to re-open the site for
>>             registrations and administer it (this has been an option
>>             all along and not done, I presume due to lack of budget
>>             and need for staff time elsewhere---- if this is
>>             possible, this seems to be the best solution)
>>
>>             3.  Appoint and allow a volunteer to have the necessary
>>             server access to do number 2 (this seems to me to be the
>>             next best option, but I presume there are security
>>             concerns - not sure why these could not alleviated with
>>             vetting and agreements - a properly vetted volunteer is
>>             no less secure than a staff member)
>>
>>             4. Allow LPedia to be transferred to an outside server
>>             (paid for by the Party at a cost not to exceed X
>>             dollars), retain access, ownership, and ultimate control
>>             of site, and appoint a volunteer to run
>>
>>             5. "Give" LPedia and all the rights to it away to a
>>             volunteer or perhaps see if the LSLA were interested in
>>             taking over.
>>
>>             These are options that seem to present themselves.  I do
>>             not know which is the best of these or other that may be
>>             added to the list.  Number 1 is unacceptable for such a
>>             valuable resource.  I have used LPedia quite a bit, and
>>             am one of the few that has editing permissions.
>>
>>             In Liberty,
>>             Caryn Ann Harlos
>>             Region 1 Representative
>>             (Alaska, Arizona, Colorado, Hawaii, Kansas, Montana,
>>             Utah, Wyoming, Washington)
>>
>>             On Mon, Jun 20, 2016 at 8:01 PM, David Demarest
>>             <dpdemarest at centurylink.net
>>             <mailto:dpdemarest at centurylink.net>> wrote:
>>
>>                 Caryn, I would be happy to co-sponsor the motion you
>>                 suggest below.
>>
>>                 */Celebrate Life, Set the Bar High and LIVE FREE!/**//*
>>
>>                 *//*
>>
>>                 */The War on Cronyism Begins Now!/*
>>
>>                 ~David Pratt Demarest
>>
>>                 Region 6 Representative, Libertarian National Committee
>>
>>                 Secretary, Nebraska Libertarian State Central Committee
>>
>>                 David.Demarest at LP.org <mailto:David.Demarest at LP.org>
>>
>>                 Secretary at LPNE.org <mailto:Secretary at LPNE.org>
>>
>>                 DPDemarest at centurylink.net
>>                 <mailto:DPDemarest at centurylink.net>
>>
>>                 David.Demarest at firstdata.com
>>                 <mailto:David.Demarest at firstdata.com>
>>
>>                 http://www.LP.org
>>
>>                 http://www.LPNE.org
>>
>>                 Cell: 402-981-6469 <tel:402-981-6469>
>>
>>                 Home: 402-493-0873 <tel:402-493-0873>
>>
>>                 Office: 402-222-7207 <tel:402-222-7207>
>>
>>                 *From:*Lnc-business
>>                 [mailto:lnc-business-bounces at hq.lp.org
>>                 <mailto:lnc-business-bounces at hq.lp.org>] *On Behalf
>>                 Of *Caryn Ann Harlos
>>                 *Sent:* Monday, June 20, 2016 8:09 PM
>>                 *To:* lnc-business at hq.lp.org
>>                 <mailto:lnc-business at hq.lp.org>
>>                 *Cc:* James Gholston <jamesg at dimensionality.com
>>                 <mailto:jamesg at dimensionality.com>>
>>                 *Subject:* [Lnc-business] L-Pedia
>>
>>                 I do not recall this being brought up, and this seems
>>                 like an issue who's time for addressing is far
>>                 overdue. I inquired with James Gholston who has been
>>                 an administrator of accounts there, and he provided
>>                 me with this information and request. I'd like to get
>>                 this discussion going, and perhaps if there is
>>                 interest, speak with some of you about co-sponsoring
>>                 a motion to get this going.
>>
>>                 ====
>>
>>                 As probably everyone I'm sending this email to knows,
>>                 our party has a history-centric wiki (since 2005)
>>                 that has very high PageRank and shows up heavily in
>>                 searches. It is likely the biggest online repository
>>                 that lists names of people who have participated in
>>                 the Libertarian Party (with access to some party
>>                 data, we could crank out a lot of biographical articles).
>>
>>                 Situation: MediaWiki is not designed to be maintained
>>                 without shell and ftp access, but only paid
>>                 contractors and staff have this level of access.
>>                 Meanwhile, the LNC Staff does not have time to
>>                 maintain react-text: 196 LPedia.org /react-text
>>                 <http://l.facebook.com/l.php?u=http%3A%2F%2FLPedia.org%2F&h=IAQGLgKMN>,
>>                 and the party doesn't have the resources to pay
>>                 someone to maintain it.
>>
>>                 What problems do we have that result? Two big ones
>>                 are visible on the front page. Three years ago
>>                 account creation was temporarily locked down when we
>>                 were getting more than 100 garbage articles and
>>                 accounts added per minute and it's still temporarily
>>                 down. Also, a needed image permission is broken on
>>                 the server preventing image uploads while the wiki
>>                 settings prohibit linking to external images. The
>>                 really pixellated image of John Hospers isn't really
>>                 an image. It's a table. ...And it's roughly a third
>>                 of a megabyte. A PNG or JPEG would be a tiny fraction
>>                 of the size and would look far nicer, but it hasn't
>>                 been possible to add one of those for a few years.
>>
>>                 Additional problems: The version of MediaWiki we're
>>                 using is eight years out of date -- and that update
>>                 seven years ago was done by the LNC staff spending
>>                 money. Extensions are needed -- both to add features
>>                 to handle the data on react-text: 205 LPedia.org
>>                 /react-text
>>                 <http://l.facebook.com/l.php?u=http%3A%2F%2FLPedia.org%2F&h=wAQH_h6KR>and
>>                 to control attacks (our PageRank makes us a high
>>                 value target).
>>
>>                 Our main tool for controlling attacks is a bot that
>>                 runs on my personal desktop (written four and a half
>>                 years ago when successful attacks were exceeding what
>>                 could be humanly controlled in a reasonable amount of
>>                 time as a workaround for lack of server access) --
>>                 and stops running whenever my machine or Internet
>>                 connectivity are down, allowing garbage to
>>                 accumulate. We have no meaningful extensions to stop
>>                 things (a decade-old CAPTCHA that's easily bypassed
>>                 -- especially with the version of MediaWiki we're
>>                 running). With the bot (react-text: 211
>>                 http://lpedia.org/User:WHUMP /react-text
>>                 <http://l.facebook.com/l.php?u=http%3A%2F%2Flpedia.org%2FUser%3AWHUMP&h=mAQEXDhYU>)
>>                 it's possible to continue to allow anonymous
>>                 contributions (most of our contributions have always
>>                 been anonymous -- many very substantial) and I can
>>                 bug people for usernames and email addresses and add
>>                 the manually when I know about them or personally
>>                 recruit them, but reliance on these steps is not optimal.
>>
>>                 Also, what do we do when a PHP or SQL update breaks
>>                 MediaWiki 1.12 altogether?
>>
>>                 My suggested fix: Move react-text: 220 LPedia.org
>>                 /react-text
>>                 <http://l.facebook.com/l.php?u=http%3A%2F%2FLPedia.org%2F&h=KAQGIW0iR>to
>>                 a server where trusted volunteers are allowed
>>                 under-the-hood access. It doesn't need to be anything
>>                 even remotely fancy or expensive: A shared hosting
>>                 DreamHost account would be more than sufficient.
>>                 Additional volunteer-maintainable party domains --
>>                 presently existing or merely potential -- could be
>>                 hosted on the same server and also be maintained by
>>                 volunteers (and/or staff and contractors, time
>>                 permitting). The LNC staff can retain control when
>>                 they see a need or find time to exercise it, yet not
>>                 be a bottleneck when there's simply too many things
>>                 to do, not enough staff, and not enough time for even
>>                 just the essentials.
>>
>>                 There are other historical concerns and things that
>>                 might be relatively easy to do to help the volunteers
>>                 who participate with react-text: 226 LPedia.org
>>                 /react-text
>>                 <http://l.facebook.com/l.php?u=http%3A%2F%2FLPedia.org%2F&h=QAQES3Arj>(I'd
>>                 like to change the default licence to public domain
>>                 and I'm concerned about the mold/mildew risk to our
>>                 unscanned surviving archival documents after the
>>                 basement flood), but let me focus on just this one
>>                 thing right now.
>>
>>                 =======
>>
>>                 I have cc'd James on this message so he can keep
>>                 track and feed me relevant information.
>>
>>                 -- 
>>
>>                 In Liberty,
>>
>>                 Caryn Ann Harlos
>>
>>                 Region 1 Representative
>>
>>                 (Alaska, Arizona, Colorado, Hawaii, Kansas, Montana,
>>                 Utah, Wyoming, Washington)
>>
>>                 Caryn.Ann.Harlos at LP.org <mailto:Caryn.Ann.Harlos at LP.org>
>>
>>
>>                 _______________________________________________
>>                 Lnc-business mailing list
>>                 Lnc-business at hq.lp.org <mailto:Lnc-business at hq.lp.org>
>>                 http://hq.lp.org/mailman/listinfo/lnc-business_hq.lp.org
>>
>>
>>
>>
>>             -- 
>>             In Liberty,
>>             Caryn Ann Harlos
>>             Region 1 Representative
>>             (Alaska, Arizona, Colorado, Hawaii, Kansas, Montana,
>>             Utah, Wyoming, Washington)
>>             Caryn.Ann.Harlos at LP.org <mailto:Caryn.Ann.Harlos at LP.org>
>>
>>             _______________________________________________
>>             Lnc-business mailing list
>>             Lnc-business at hq.lp.org <mailto:Lnc-business at hq.lp.org>
>>             http://hq.lp.org/mailman/listinfo/lnc-business_hq.lp.org
>>
>>
>>
>>         _______________________________________________
>>         Lnc-business mailing list
>>         Lnc-business at hq.lp.org <mailto:Lnc-business at hq.lp.org>
>>         http://hq.lp.org/mailman/listinfo/lnc-business_hq.lp.org
>>
>>
>>
>>
>>     -- 
>>     In Liberty,
>>     Caryn Ann Harlos
>>     Region 1 Representative
>>     (Alaska, Arizona, Colorado, Hawaii, Kansas, Montana, Utah,
>>     Wyoming, Washington)
>>     Caryn.Ann.Harlos at LP.org <mailto:Caryn.Ann.Harlos at LP.org>
>>
>>
>>     _______________________________________________
>>     Lnc-business mailing list
>>     Lnc-business at hq.lp.org <mailto:Lnc-business at hq.lp.org>
>>     http://hq.lp.org/mailman/listinfo/lnc-business_hq.lp.org
>
>
>     _______________________________________________
>     Lnc-business mailing list
>     Lnc-business at hq.lp.org <mailto:Lnc-business at hq.lp.org>
>     http://hq.lp.org/mailman/listinfo/lnc-business_hq.lp.org
>
>
>
>
> -- 
> In Liberty,
> Caryn Ann Harlos
> Region 1 Representative
> (Alaska, Arizona, Colorado, Hawaii, Kansas, Montana, Utah, Wyoming, 
> Washington)
> Caryn.Ann.Harlos at LP.org
>
>
> _______________________________________________
> Lnc-business mailing list
> Lnc-business at hq.lp.org
> http://hq.lp.org/mailman/listinfo/lnc-business_hq.lp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://hq.lp.org/pipermail/lnc-business/attachments/20160621/a1ff6bcc/attachment-0002.html>


More information about the Lnc-business mailing list