User talk:Jimbo Wales

From Wikipedia, the free encyclopedia
Jump to: navigation, search


(Manual archive list)

OpenSSL Bug[edit]

Since this was brought up recently on this page, I want to mention that:

  • If you would like to test a web site for SSL security (in general) of a website, use this URL:

https://www.ssllabs.com/ssltest/analyze.html

  • If you would like to test whether your specific browser is secure (in general in terms of SSL), use this URL:

https://www.howsmyssl.com/

  • If you would like to test whether your specific browser is secure in testing whether an SSL certificate has been revoked, use this URL:

https://revoked.grc.com/

A Quest For Knowledge (talk) 23:51, 16 April 2014 (UTC)

Could Wikipedia please switch to an EDH cipher suite with forward secrecy instead of what it's using now, that allows old recorded sessions to be decrypted if the server key is compromised? That would have prevented a lot of possible user password exposure. 70.36.142.114 (talk) 23:58, 16 April 2014 (UTC)

Vacation reminder[edit]

It was archived so I wanted to remind people that I'm on vacation until mid-week next week. And after that I'm at board meetings in San Francisco and so not that much on-wiki bandwidth.--Jimbo Wales (talk) 04:28, 18 April 2014 (UTC)

Is it technically possible for such notices (editable by you) to appear above the edit window?
Wavelength (talk) 04:46, 18 April 2014 (UTC)
It is possible for all administrators to create page notices which Mr. Wales could have used to carry this announcement. It wouldn't have been a terribly bad idea to have done so. Cheers.—John Cline (talk) 05:59, 18 April 2014 (UTC)
Can you tell me more about how to do this?--Jimbo Wales (talk) 05:08, 19 April 2014 (UTC)
Wikipedia:Editnotice. Simply create User talk:Jimbo Wales/Editnotice. Viriditas (talk) 05:40, 19 April 2014 (UTC)
You can use this list of search results to see edit notices of other editors.
Wavelength (talk) 15:27, 19 April 2014 (UTC)

The problem with developing maths rendering[edit]

The standard rendering of mathematics is one of the ugliest parts of wikipedia. Its using a outdated image based system rather than the more modern MathJax system. See for example the difference between Formula with the maths rendering preference option changed from PNG to MathJax. Problems with the image based system include differences in font and font sizes between the main text and equations. There has been some good work developing a new system but they are having problems getting enough attention from foundation staffers to get the code integrated into the code base. It seems most mathematicians don't know enough about the code side to help and coders are not sufficiently interested in the maths to want to help.

User:Physikerwelt wrote about this problem at Wikipedia talk:WikiProject Mathematics#TeX not rendered

That's my point. It's really not a very pleasant work to break down everything into atomic changes. With the new version of the Math extension that Gabriel Wicke and me developed in September last year MathJax is executed on the server side, which solves the performance problems. The problem with this development was that it changed from the old version to the new one in one step. I turned out that nobody from the foundation would ever find time to do a code review for such a large change. Therefore I had to break down this change into a number of small commits. This is really a lot of useless work and causes some unfortunate side effects. I'd really appreciate if the Foundation could allocate some paid developers to review the changes in the Math extension at once. But it seems that there is no money for the math extension so everything has to be developed and reviewed for free.--Physikerwelt (talk) 11:43, 19 April 2014 (UTC)

Is there anything the foundation can do to help this much needed extension along?--Salix alba (talk): 13:59, 19 April 2014 (UTC)

Very strong support, the Foundation should be leveraging its (our) resources by doing things like code reviews for community developed work, rather than putting them into schemes which don't necessarily have the backing of the community, and don't necessarily work. All the best, Rich Farmbrough, 00:45, 20 April 2014 (UTC).
It does not send out a good message to the mathematics editing community that so little attention is being paid to this issue. Does the WMF have a plan for mathematics-based text? What resources do you think they should be committing to this requirement? Deltahedron (talk) 11:21, 20 April 2014 (UTC)
(@Rich Farmbrough) This comment nails it. Sławomir Biały (talk) 13:10, 20 April 2014 (UTC)

Corrected numbers in page Formula[edit]

I have updated that example page, "Formula" by adding footnotes to explain the correct volume factors as "33.51" and "0.2833" (rather than 33.47 and 0.2933), as typical content errors when people focus too much on presentation style, as a case of "form over substance". The errors were inserted over 3 years ago (11 April 2011: dif962). Because of the widespread problems in the factual content of pages, I often downplay the significance of font styles, or red-error messages, which tend to cause people to overlook other factual details on a page. In general, when citing an example page (such as "Formula"), to emphasize the importance of font styles, first be sure the page is free of more-important factual errors, or else beware the cosmic joke when the font does not matter in comparison to the severity of the content errors, such as incorrect calculations. -Wikid77 10:50, 20 April 2014 (UTC)

The "email this user" feature[edit]

Maybe a lurker/stalker would like to answer this question, or maybe Jimbo can when he's back from his (presumably luxurious and decadent) vacation.

Seriously, I would like to know whether emails sent using the "email this user" feature have ever been read or recorded by anyone without the knowledge of the sender and recipient. I didn't notice this point specifically addressed anywhere already, though I admit to not having looked very carefully.Anythingyouwant (talk) 18:03, 19 April 2014 (UTC)

I have no direct knowledge but I'd expect that if the mail were intercepted as part of a law enforcement investigation, the people involved would not be allowed to say so (although, see warrant canary). Keep in mind also that any warrants might be executed at the upstream email provider rather than at WP, in which case WP probably wouldn't even know about it. And of course PRISM is supposedly vacuuming all email everywhere. Wikipedia's normal practice if I remember is that the system logs that you have sent an email, but not its content or its target address. You're right that this info seems a little bit hard to find. I just looked around briefly and don't see it. 70.36.142.114 (talk) 20:20, 19 April 2014 (UTC)
Thanks for the reply. If there's a warrant issued by a court, then that's one thing, but if anyone at Wikipedia or Wikimedia does it, then that's another thing altogether.Anythingyouwant (talk) 20:25, 19 April 2014 (UTC)
IANAL but I'd imagine that would be dubious enough that you're not likely to get an answer, because of the can of worms it would open. If you mean something like "can Wikipedia admins see emails that you send", it's a pretty safe bet that they can't, as it would likely require mucking with the server code or deployment at the WMF developer level. Is there a specific incident that you're suspicious about? If you just want a bit more privacy assurance than the email function provides, your best bet is probably use the email function only to exchange initial contact info with the other person, and then handle further communications offline. 70.36.142.114 (talk) 22:10, 19 April 2014 (UTC)
By "offline" do you mean outside of Wikipedia, or outside of the internet? If emailing outside of Wikipedia provides more privacy assurance, then there ought to be a warning when people use "Email this user" saying that people might want to be very circumspect until they can email directly to the other person.Anythingyouwant (talk) 22:19, 19 April 2014 (UTC)
Well, former president Carter says he uses snail mail to avoid interception, so if you want to go full tinfoil, don't use the internet or the phone.[1] I don't have reason to think Special:EmailUser is particularly worse than typical direct email with no special precautions. It appears to just collect the message and dump it into an smtp library (after calling some unknown hooks, though), which seems straightforward enough.[2] But, most people probably don't bother using the TLS version of the email page so the message would reach the server in the clear; either participant's email system might also not use TLS; the WP TLS pages don't have forward secrecy and were vulnerable to the Heartbleed bug; the other person could be careless about what you tell him or her; email archived on a server (hello gmail) apparently has less legal protection than email in transit ([3], again IANAL); etc. etc. etc. Your best bet is encrypt your messages with something like GnuPG. An intermediate measure might be for both people to use the same webmail provider with a TLS web client, so the messages are less likely to travel over the public internet other than from browsers. This wider discussion of email privacy probably doesn't belong on Jimbo's talk page. WP:RDC might be a better venue. 70.36.142.114 (talk) 23:01, 19 April 2014 (UTC)
I'm just saying that if neither Jimbo nor anyone else at Wikipedia/Wikimedia would ever stoop to reading or recording messages that go through "Email this user", then why not say so to people using that function? Something like, "we treat your emails as totally private". Instead, people who go to "Email this user" are ominously told: "Wikipedia makes no guarantee of confidentiality for messages sent by this system." Is Wikipedia allowing itself to read or record these emails? That's all I'm asking, and it's a perfectly straightforward and legitimate question to ask here, not into tinfoil-hat territory at all.Anythingyouwant (talk) 23:12, 19 April 2014 (UTC)
I think that's just a disclaimer that WP isn't trying to provide a secure user to user communication infrastructure, and probably to give them some leeway to check what's going on if someone abuses the email function such as to send spam. If you're worried about someone at WP intercepting private email to win some stupid wiki-editing dispute, that seems farfetched to me. WMF has historically been pretty conservative about logging, e.g. there's stuff they don't log that could make checkuser more effective if they decided to do so. Email interception would be several steps beyond that. 70.36.142.114 (talk) 00:01, 20 April 2014 (UTC)
Plus, there's the fact that once a user hits send, the message leaves Wikipedia's hands. We can't guarantee that an email won't be intercepted by a third party or monitored by the recipient's ISP or email provider. Novusuna talk 00:09, 20 April 2014 (UTC)
I expect that you're both probably correct and there's nothing to worry about. But, that seems all the more reason to provide some assurance that Wikipedia and Wikimedia won't interfere with the privacy of this communication system, after saying "Wikipedia makes no guarantee of confidentiality for messages sent by this system."Anythingyouwant (talk) 00:22, 20 April 2014 (UTC)
The Privacy Policy is what you want. At a technical level the source code for Mediawiki is available, and I would imagine simply opens an SMTP connection to some mailserver. The disclaimer is typical lawyer nonsense, no-one has any reasonable expectation that WMF can control the privacy of the global email system, and conversely no disclaimer absolves it from being negligent within the WMF infrastructure. All the best, Rich Farmbrough, 00:52, 20 April 2014 (UTC).
Special:Emailuser (source) is a wrapper for UserMailer.php (source). Summary: "This module performs a direct (authenticated) login to a SMTP Server to use for mail relaying if 'wgSMTP' specifies an array of parameters. It requires PEAR:Mail to do that. Otherwise it just uses the standard PHP 'mail' function." — Scott talk 00:59, 20 April 2014 (UTC)

──────────────────────────────────────────────────────────────────────────────────────────────────── To be finicky, the privacy policy specifically exempts the user email feature (see the part about "what the privacy policy does not cover"). SpecialEmailUser.php wraps UserMailer.php but it also calls some hooks that are part of the site configuration, so I don't know how to tell what actually happnens on the servers (those hooks are probably the logical place to put any interception in case of something like an abuse investigation). Overall I'd treat it about the same way as the PM system of a message board, and not send anything super secret through it, but otherwise not worry too much for normal traffic. As someone once said, WP is not a Swiss bank. 70.36.142.114 (talk) 01:45, 20 April 2014 (UTC)

The privacy policy that you point to says (emphasis added): "We provide several tools that allow users to communicate with each other. The communications may be covered by this Policy while they pass through our systems...." May?Anythingyouwant (talk) 02:00, 20 April 2014 (UTC)
Oh, I see what you mean, I mis-read it, it's not an exclusion. It says that if you email private info to someone, then the privacy policy doesn't cover what the other person does with the info. "May" is ambiguous and the sentence comes across to me as "it doesn't much help if the privacy policy covers the info, if the other person discloses it". 70.36.142.114 (talk) 02:26, 20 April 2014 (UTC)

If you email anyone (in whatever way), you are living in a fantasy world if you think that that is private... NSA captures all email traffic entering and leaving the country and as such Wikimedia cannot guarantee the confidentiality. Any of the dozen or so parties between Wikimedia and the recipient can do the same. Wikimedia knows this, and that's why they are explaining it to you. —TheDJ (talkcontribs) 10:31, 20 April 2014 (UTC)

I don't care if the dozen or so parties between Wikimedia and the recipient read the email. I care if Wikimedia reads the email. After all, the email will be pretty much irrelevant to all of them except Wikimedia.Anythingyouwant (talk) 01:29, 21 April 2014 (UTC)

Vacation reminder again[edit]

This is another note about Jimbo on vacation until late April. See above: #Vacation reminder. Hence, other users will need to answer questions here, or link any related responses which Jimbo stated in prior discussions. -Wikid77 11:07, 20 April 2014 (UTC)

Is Jimbo still active?[edit]

Does Jimmy Wales still actively edit on Wikipedia or are all edits under his name done by the Wikipedians which he entrusted to handle his talk page?Nathan121212 (talk) 14:06, 20 April 2014 (UTC)

Edits from the Jimbo Wales account are made by Jimmy Wales. There's never been any credible suggestion that anyone else uses the account. --Demiurge1000 (talk) 14:09, 20 April 2014 (UTC)
Thanks for confirming, that notice at the top confused me a bit. Cool to know the founder still improves the site's content.Nathan121212 (talk) 14:41, 20 April 2014 (UTC)
The notice at the top simply means that his talk page is watched by a great many users, who may step in to answer questions before he can get to them. Novusuna talk 18:14, 20 April 2014 (UTC)
Yes I edit content. From time to time I take up a new project to plod along on. My current one is this: I have set up a link in my browser to random British women writers inspired by projects to improve our poor coverage of female authors. Now and again I click it and look for something I can improve in some small way.--Jimbo Wales (talk) 19:52, 20 April 2014 (UTC)

URLs ending in period cause issues when copied to clients such as email[edit]

Per twitter convo (as @mwiik) w/@jimmy_wales, alerting folks to issue with URLs ending in period. An issue arises when such URLs are copied to clients such as email or twitter. Clients typically link such URLs but remove the ending period, thus causing the link not to be found. I do not know the full list of clients affected, but since this seems quite reasonable client behavior, I suggest a fix on wikipedia's end.

I first noticed this on SCOTUS cases, and surveyed such cases within wikipedia, obtaining the following list of 156 URLs. I do not claim this list is 100% complete and of course there may be other pages not pertaining to SCOTUS cases that may be affected.

Here is the list of 156 SCOTUS cases from my survey. Unfortunately, the wikipedia server (or editor) also doesn't include the final period in a raw URL, so all the below links will not work as they are, you must add a period to the end.— Preceding unsigned comment added by NullSpaceKid (talkcontribs) 19:33, 20 April 2014 (UTC)

With apologies for refactoring your comment, NullSpaceKid, I've collapsed the list of URLs for readability. It seems like that simplest solution would be to create redirects on the pages without periods to point to the correct ones. Some of the cases listed above already have such redirects. Novusuna talk 20:13, 20 April 2014 (UTC)