[Lnc-business] L-Pedia
Wes Benedict
wes.benedict at lp.org
Tue Jun 21 13:40:02 EDT 2016
After talking to Robert Kraus, we are recalling the L-Pedia is hosted on
the same server as LP.org. So, when security holes or outdated software
from L-Pedia causes problems, it hurts LP.org. Giving access to the key
points is a security risk for LP.org.
We plan to phase out the server we have for LP.org over the next year or
so, depending on how things go.
I suggest starting over and building a brand new L-Pedia separate from
LP.org. That's what we're going to do for LP.org. Start over with a new
website. Has to be done sometimes.
Wes Benedict, Executive Director
Libertarian National Committee, Inc.
1444 Duke St., Alexandria, VA 22314
(202) 333-0008 ext. 232, wes.benedict at lp.org
facebook.com/libertarians @LPNational
Join the Libertarian Party at: http://lp.org/membership
On 6/21/2016 1:24 PM, Caryn Ann Harlos wrote:
> I believe James Gholston is saying he can "fix" it. He needs the
> access to do so. He can fix the LPedia spam issue too.... but he
> needs access. What I am asking (and it might be ignorant) is if there
> is already a sandbox for LPedia or if one can be created (i.e. it can
> be walled off from other assets) and a volunteer can take over. I
> don't want staff time taken.... but I don't want the asset to be
> destroyed either.
>
> What can we do to give it over to a volunteer? To either start over,
> fix or whatever? That is really the answer needed I think. When I
> have that information, I will pursue the appropriate motion to make it
> happen..... and hopefully involving NO other staff time other than
> giving the keys to a volunteer or creating the sandbox. I am not a
> techie, but I know enough to know that shouldn't be a big deal.
>
> Or alternatively if the Party simply doesn't want this asset anymore,
> we can "give" it to a volunteer or perhaps see if LSLA wants to take
> it over.
>
>
> On Tue, Jun 21, 2016 at 11:17 AM, Wes Benedict <wes.benedict at lp.org
> <mailto:wes.benedict at lp.org>> wrote:
>
> I think the only reason volunteers might not have been given
> access is because of the security opening that allow tons of spam.
> I don't recall if this is hosted somewhere that causes it to also
> hurt other websites we control.
>
> I deliberately wanted L-Pedia to be a volunteer managed site -
> staff has not had interest in trying to control the content of
> L-Pedia since 2009. I believe a few times the volunteers asked
> Eric Dixon to help trouble shoot some things. I think that's it.
>
> What might be nice is for a team (not staff) to rebuild from
> scratch an L-Pedia using the technology they think is needed, and
> don't even give the passwords to staff. That would guarantee
> prevention of staff interference. Unless you all think you can fix
> the current version which is also fine with me.
>
> We are in the middle of trying to fix some LPStore.org issues and
> plan to roll out a new LP.org shortly. I promised info on the Ohio
> ballot access drive to Ken Moellman last Friday and haven't gotten
> it to him yet. Have been working on hiring help and need to finish
> the approvals and paperwork. I have over 200 emails in my inbox
> and many require follow up work, not just reading or forwarding.
> Sounds easy to delegate, but it's not easy to delegate in a way
> that others don't violate our Policy Manual and chair and LNC
> directives.
>
> L-Pedia is near the bottom of my priorities right now. I removed
> links to it from LP.org in 2010 because the content was so bad. I
> hear it's improved dramatically since then which is a good sign.
>
> If you would like staff to help with L-Pedia before updating the
> home page of Lp.org, and lots of other things, that will require a
> directive from the chair or LNC motion.
>
> Caryn, please consult Eric Dixon, former staff member, copied on
> this email, to see if he can dig up some emails for you on this topic.
>
> I'm thinking we should postpone LP.org upgrade until after the
> election, given all the other stuff that keeps coming up. Whether
> it's upgraded by staff, or an outside company, either way it will
> take tons of staff time.
>
>
> Wes Benedict, Executive Director
> Libertarian National Committee, Inc.
> 1444 Duke St., Alexandria, VA 22314
> (202) 333-0008 ext. 232 <tel:%28202%29%20333-0008%20ext.%20232>,wes.benedict at lp.org <mailto:wes.benedict at lp.org>
> facebook.com/libertarians <http://facebook.com/libertarians> @LPNational
> Join the Libertarian Party at:http://lp.org/membership
>
> On 6/21/2016 9:32 AM, Caryn Ann Harlos wrote:
>> That seems reasonable to me, but it seems to me that there is
>> some reason that a volunteer was not allowed this access in the
>> past. Perhaps it was just because the right person didn't ask
>> and pursue it. Which is why I am asking and pursuing it. Simply
>> giving said access seems like it would solve this issue. From
>> what I understand James Gholston of Texas has the skills and
>> desire to do this.
>>
>> On Tue, Jun 21, 2016 at 7:27 AM, Brett Bittner
>> <brett at brettbittner.com <mailto:brett at brettbittner.com>> wrote:
>>
>> My thoughts:
>>
>> * I see the historical content as valuable
>> * I understand the constraints on staff time and budget
>> * We are in the midst of the 2016 election cycle
>> * A termed agreement (until the end of 2016, maybe?) with a
>> volunteer for short term access for critical updates this
>> cycle (due to its high page rank) could "band-aid" us
>> through to allow for consideration of staff time and $$
>> allocation at our December 2016 session without taking
>> away resources in the immediate term
>>
>>
>> Brett C. Bittner
>>
>> brett at brettbittner.com <mailto:brett at brettbittner.com>
>> 404.492.6524 <tel:404.492.6524>
>>
>> "I would rather be exposed to the inconveniences attending
>> too much liberty than those attending too small a degree of
>> it." -- Thomas Jefferson
>>
>> On Tue, Jun 21, 2016 at 9:13 AM, Caryn Ann Harlos
>> <carynannharlos at gmail.com <mailto:carynannharlos at gmail.com>>
>> wrote:
>>
>> Thank you David. I am hoping for some discussion,
>> particularly from those who have been here a while, on
>> the best route. It seems this an asset that the Party
>> started and let lie fallow. From this update it seems it
>> is inevitable that it will be be undone through a hack
>> exploit or needed software update if something isn't
>> done, which requires certain server access which the
>> Party does not want to give to an outside volunteer. This
>> presents at least these options (and I would like to hear
>> more).
>>
>> 1. Remove it and kill it (this is going to happen if
>> nothing is done, I am very opposed to this option and am
>> trying to prevent it)
>>
>> 2. Allot staff time and budget to re-open the site for
>> registrations and administer it (this has been an option
>> all along and not done, I presume due to lack of budget
>> and need for staff time elsewhere---- if this is
>> possible, this seems to be the best solution)
>>
>> 3. Appoint and allow a volunteer to have the necessary
>> server access to do number 2 (this seems to me to be the
>> next best option, but I presume there are security
>> concerns - not sure why these could not alleviated with
>> vetting and agreements - a properly vetted volunteer is
>> no less secure than a staff member)
>>
>> 4. Allow LPedia to be transferred to an outside server
>> (paid for by the Party at a cost not to exceed X
>> dollars), retain access, ownership, and ultimate control
>> of site, and appoint a volunteer to run
>>
>> 5. "Give" LPedia and all the rights to it away to a
>> volunteer or perhaps see if the LSLA were interested in
>> taking over.
>>
>> These are options that seem to present themselves. I do
>> not know which is the best of these or other that may be
>> added to the list. Number 1 is unacceptable for such a
>> valuable resource. I have used LPedia quite a bit, and
>> am one of the few that has editing permissions.
>>
>> In Liberty,
>> Caryn Ann Harlos
>> Region 1 Representative
>> (Alaska, Arizona, Colorado, Hawaii, Kansas, Montana,
>> Utah, Wyoming, Washington)
>>
>> On Mon, Jun 20, 2016 at 8:01 PM, David Demarest
>> <dpdemarest at centurylink.net
>> <mailto:dpdemarest at centurylink.net>> wrote:
>>
>> Caryn, I would be happy to co-sponsor the motion you
>> suggest below.
>>
>> */Celebrate Life, Set the Bar High and LIVE FREE!/**//*
>>
>> *//*
>>
>> */The War on Cronyism Begins Now!/*
>>
>> ~David Pratt Demarest
>>
>> Region 6 Representative, Libertarian National Committee
>>
>> Secretary, Nebraska Libertarian State Central Committee
>>
>> David.Demarest at LP.org <mailto:David.Demarest at LP.org>
>>
>> Secretary at LPNE.org <mailto:Secretary at LPNE.org>
>>
>> DPDemarest at centurylink.net
>> <mailto:DPDemarest at centurylink.net>
>>
>> David.Demarest at firstdata.com
>> <mailto:David.Demarest at firstdata.com>
>>
>> http://www.LP.org
>>
>> http://www.LPNE.org
>>
>> Cell: 402-981-6469 <tel:402-981-6469>
>>
>> Home: 402-493-0873 <tel:402-493-0873>
>>
>> Office: 402-222-7207 <tel:402-222-7207>
>>
>> *From:*Lnc-business
>> [mailto:lnc-business-bounces at hq.lp.org
>> <mailto:lnc-business-bounces at hq.lp.org>] *On Behalf
>> Of *Caryn Ann Harlos
>> *Sent:* Monday, June 20, 2016 8:09 PM
>> *To:* lnc-business at hq.lp.org
>> <mailto:lnc-business at hq.lp.org>
>> *Cc:* James Gholston <jamesg at dimensionality.com
>> <mailto:jamesg at dimensionality.com>>
>> *Subject:* [Lnc-business] L-Pedia
>>
>> I do not recall this being brought up, and this seems
>> like an issue who's time for addressing is far
>> overdue. I inquired with James Gholston who has been
>> an administrator of accounts there, and he provided
>> me with this information and request. I'd like to get
>> this discussion going, and perhaps if there is
>> interest, speak with some of you about co-sponsoring
>> a motion to get this going.
>>
>> ====
>>
>> As probably everyone I'm sending this email to knows,
>> our party has a history-centric wiki (since 2005)
>> that has very high PageRank and shows up heavily in
>> searches. It is likely the biggest online repository
>> that lists names of people who have participated in
>> the Libertarian Party (with access to some party
>> data, we could crank out a lot of biographical articles).
>>
>> Situation: MediaWiki is not designed to be maintained
>> without shell and ftp access, but only paid
>> contractors and staff have this level of access.
>> Meanwhile, the LNC Staff does not have time to
>> maintain react-text: 196 LPedia.org /react-text
>> <http://l.facebook.com/l.php?u=http%3A%2F%2FLPedia.org%2F&h=IAQGLgKMN>,
>> and the party doesn't have the resources to pay
>> someone to maintain it.
>>
>> What problems do we have that result? Two big ones
>> are visible on the front page. Three years ago
>> account creation was temporarily locked down when we
>> were getting more than 100 garbage articles and
>> accounts added per minute and it's still temporarily
>> down. Also, a needed image permission is broken on
>> the server preventing image uploads while the wiki
>> settings prohibit linking to external images. The
>> really pixellated image of John Hospers isn't really
>> an image. It's a table. ...And it's roughly a third
>> of a megabyte. A PNG or JPEG would be a tiny fraction
>> of the size and would look far nicer, but it hasn't
>> been possible to add one of those for a few years.
>>
>> Additional problems: The version of MediaWiki we're
>> using is eight years out of date -- and that update
>> seven years ago was done by the LNC staff spending
>> money. Extensions are needed -- both to add features
>> to handle the data on react-text: 205 LPedia.org
>> /react-text
>> <http://l.facebook.com/l.php?u=http%3A%2F%2FLPedia.org%2F&h=wAQH_h6KR>and
>> to control attacks (our PageRank makes us a high
>> value target).
>>
>> Our main tool for controlling attacks is a bot that
>> runs on my personal desktop (written four and a half
>> years ago when successful attacks were exceeding what
>> could be humanly controlled in a reasonable amount of
>> time as a workaround for lack of server access) --
>> and stops running whenever my machine or Internet
>> connectivity are down, allowing garbage to
>> accumulate. We have no meaningful extensions to stop
>> things (a decade-old CAPTCHA that's easily bypassed
>> -- especially with the version of MediaWiki we're
>> running). With the bot (react-text: 211
>> http://lpedia.org/User:WHUMP /react-text
>> <http://l.facebook.com/l.php?u=http%3A%2F%2Flpedia.org%2FUser%3AWHUMP&h=mAQEXDhYU>)
>> it's possible to continue to allow anonymous
>> contributions (most of our contributions have always
>> been anonymous -- many very substantial) and I can
>> bug people for usernames and email addresses and add
>> the manually when I know about them or personally
>> recruit them, but reliance on these steps is not optimal.
>>
>> Also, what do we do when a PHP or SQL update breaks
>> MediaWiki 1.12 altogether?
>>
>> My suggested fix: Move react-text: 220 LPedia.org
>> /react-text
>> <http://l.facebook.com/l.php?u=http%3A%2F%2FLPedia.org%2F&h=KAQGIW0iR>to
>> a server where trusted volunteers are allowed
>> under-the-hood access. It doesn't need to be anything
>> even remotely fancy or expensive: A shared hosting
>> DreamHost account would be more than sufficient.
>> Additional volunteer-maintainable party domains --
>> presently existing or merely potential -- could be
>> hosted on the same server and also be maintained by
>> volunteers (and/or staff and contractors, time
>> permitting). The LNC staff can retain control when
>> they see a need or find time to exercise it, yet not
>> be a bottleneck when there's simply too many things
>> to do, not enough staff, and not enough time for even
>> just the essentials.
>>
>> There are other historical concerns and things that
>> might be relatively easy to do to help the volunteers
>> who participate with react-text: 226 LPedia.org
>> /react-text
>> <http://l.facebook.com/l.php?u=http%3A%2F%2FLPedia.org%2F&h=QAQES3Arj>(I'd
>> like to change the default licence to public domain
>> and I'm concerned about the mold/mildew risk to our
>> unscanned surviving archival documents after the
>> basement flood), but let me focus on just this one
>> thing right now.
>>
>> =======
>>
>> I have cc'd James on this message so he can keep
>> track and feed me relevant information.
>>
>> --
>>
>> In Liberty,
>>
>> Caryn Ann Harlos
>>
>> Region 1 Representative
>>
>> (Alaska, Arizona, Colorado, Hawaii, Kansas, Montana,
>> Utah, Wyoming, Washington)
>>
>> Caryn.Ann.Harlos at LP.org <mailto:Caryn.Ann.Harlos at LP.org>
>>
>>
>> _______________________________________________
>> Lnc-business mailing list
>> Lnc-business at hq.lp.org <mailto:Lnc-business at hq.lp.org>
>> http://hq.lp.org/mailman/listinfo/lnc-business_hq.lp.org
>>
>>
>>
>>
>> --
>> In Liberty,
>> Caryn Ann Harlos
>> Region 1 Representative
>> (Alaska, Arizona, Colorado, Hawaii, Kansas, Montana,
>> Utah, Wyoming, Washington)
>> Caryn.Ann.Harlos at LP.org <mailto:Caryn.Ann.Harlos at LP.org>
>>
>> _______________________________________________
>> Lnc-business mailing list
>> Lnc-business at hq.lp.org <mailto:Lnc-business at hq.lp.org>
>> http://hq.lp.org/mailman/listinfo/lnc-business_hq.lp.org
>>
>>
>>
>> _______________________________________________
>> Lnc-business mailing list
>> Lnc-business at hq.lp.org <mailto:Lnc-business at hq.lp.org>
>> http://hq.lp.org/mailman/listinfo/lnc-business_hq.lp.org
>>
>>
>>
>>
>> --
>> In Liberty,
>> Caryn Ann Harlos
>> Region 1 Representative
>> (Alaska, Arizona, Colorado, Hawaii, Kansas, Montana, Utah,
>> Wyoming, Washington)
>> Caryn.Ann.Harlos at LP.org <mailto:Caryn.Ann.Harlos at LP.org>
>>
>>
>> _______________________________________________
>> Lnc-business mailing list
>> Lnc-business at hq.lp.org <mailto:Lnc-business at hq.lp.org>
>> http://hq.lp.org/mailman/listinfo/lnc-business_hq.lp.org
>
>
> _______________________________________________
> Lnc-business mailing list
> Lnc-business at hq.lp.org <mailto:Lnc-business at hq.lp.org>
> http://hq.lp.org/mailman/listinfo/lnc-business_hq.lp.org
>
>
>
>
> --
> In Liberty,
> Caryn Ann Harlos
> Region 1 Representative
> (Alaska, Arizona, Colorado, Hawaii, Kansas, Montana, Utah, Wyoming,
> Washington)
> Caryn.Ann.Harlos at LP.org
>
>
> _______________________________________________
> Lnc-business mailing list
> Lnc-business at hq.lp.org
> http://hq.lp.org/mailman/listinfo/lnc-business_hq.lp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://hq.lp.org/pipermail/lnc-business/attachments/20160621/a1ff6bcc/attachment-0002.html>
More information about the Lnc-business
mailing list