Browse Author by MarkusGlaser

A culture of knowledge sharing – Impressions from the Wikimedia Hackathon 2017

Wikimedia Hackathon 2017 Fixing LDAP
Wikimedia Hackathon – the event for the MediaWiki tech community, image by Mglaser (CC BY-SA 4.0), via Wikimedia Commons

Vienna! A city of music, culture and avant-garde. And, notably, the host of this year’s Wikimedia Hackathon, an annual tech event where roundabout 200 developers, maintainers and users of MediaWiki gathered to experiment, discuss, plan and, of course, enjoy the company of like-minded people. Naturally, BlueSpice, being the largest professional flavor of MediaWiki, was also represented in various ways, getting glimpses at the most recent turns in development, making connections among colleagues, and exchanging experiences and ideas. Continue Reading

BlueSpice switches over to Elasticsearch

Diego Delso, Biblioteca Vasconcelos, Ciudad de México, CC BY-SA 4.0, via Wikimedia Commons.

We are currently fitting out the new Version 3 of BlueSpice with a new search engine. So this is a good opportunity to explain what actually happens in a search engine and why we have decided to make this change. Continue Reading

Security release 2.23.1.1, and how to report vulnerabilities

Yesterday, we published the security release BlueSpice 2.23.1.1. Community user Frederic Mohr had reported a severe cross-site-scripting vulnerability with the Shoutbox, where arbitrary JavaScript code could be inserted in the box and would be executed on each page load. The fix he provided contains a minor change in the input handling. The new release fixes this vulnerability. There’s also a patch available for BlueSpice 2.23.1. The monthly release also contains the patch. Downloads and patches can be found at Sourceforge.

We highly recommend to update or patch your existing BlueSpice installations.

I want to thank Frederic for his support! And I’d like to take this chance to sketch out how we handle vulnerability reports. Usually, bugs are reported in our public forum. However, reporting a security related issue also means publishing the vulnerability right away, without giving us the chance to patch the software. Because of this, I ask you to report security issues directly to me by email: glaser@hallowelt.com. If possible, please encrypt the actual description of the vulnerability with GPG. My public key can be found on the MIT keyserver. We will then contact you, verify the vulnerability and provide a patch. After the patch is released, we will request a CVE number to have this properly documented. Of course, credits for finding the vulnerability go to the person that reported it.

Install MediaWiki – Step by step instructions

In this article I want to answer the most frequently asked questions relating to installing MediaWiki. But first, a question in return: what is the purpose of the wiki? Is it just a test installation or is it to be used productively?

Installing a local test system

For testing, I recommend installing MediaWiki locally on your own computer. The installation process of a wiki is always the same. Firstly you need to set up and adapt the environment in which the wiki will run, this is primarily the webserver and the database as the case may be. Then you copy the wiki software files to the right place and set up the configuration data, either by hand or automatically, on the system environment. The most important things here are entering the right paths, language and connection to the database.

You can use the environment XAMPP for your local installation. Installation instructions can be found on the site mediawiki.org. I know small companies which run their wikis just with XAMPP and make them available on the intranet.

Installation as a productive system

To use a wiki productively in your business and organisation, however, I advise you to install it in a professional environment. XAMPP is not designed for professional use. Here, you need to decide whether the wiki will be made available on the web, or for internal use within the business. In any case, you need storage space available on the network. The system requirements can be found, for example, here at BlueForge (German website), or again in the official requirements list on mediawiki.org, where, of course, one can also find the official installation instructions.

On the net, there are also useful video instructions, like this one:

Sometimes, it is also worth getting webspace with MediaWiki already fully installed from a webhost. Almost all the larger providers offer such services. And of course, cloud providers are preparing to include MediaWiki in their portfolios too. One is, however, not so flexible with these pre-packaged offers when it comes to updating and extending the software. Service providers like Hallo Welt! – Medienwerkstatt organise webspace, installation, extensions and maintenance of the software.

Here are a few tips to help decide where the software should be:

  • Migration: The files from your test wiki can be migrated to a productive system at any time. Generally, the effort needed to relocate a MediaWiki’s data is manageable.
  • Data saving: It is, however, very important to back up the files from a productive wiki regularly. Internal IT departments or webhosts regularly mirror the server so that it is possible to reset it to an earlier date. Generally, the more often the data is backed up and the longer the back ups are kept, the higher the hosting costs.
  • Test system: When making an installation with a lot of special adaptations and extensions, we recommend setting up a test system which will be synchronised with the productive system. New developments can be brought on to and taken off the test system before one puts them into practice on the productive system. In addition, one has a redundant system which can be used if the productive system goes offline.
  • Connectivity: If the wiki is to be connected to a central authentication system or other internal software, the system is generally installed on the intranet, as, for example, connecting to the LDAP server over the web is not possible or only with difficulty. If the whole infrastructure is on a cloud, it is different. One can, of course, combine the wiki with all the applications available on the cloud.
  • Compatibility and upgrades: There are innumerable extensions for MediaWiki, but not all extensions work with every version. For this reason, it is not always a good idea to use the newest version of MediaWiki. MediaWiki has a very short publishing cycle of only three months. For this reason, I recommend making an annual or biennial upgrade, in between introducing the newest safety patches. It gets problematic when an in-house developer changes the MediaWiki core. These changes are overwritten when upgrading and this can lead to undesirable side effects requiring significant support work. In order to guarantee reliability when upgrading, our developers for the BlueSpice for MediaWiki distribution, for example, avoid any core-hacks.

Extending with BlueSpice

Last but not least: For those who want to extend their MediaWiki with BlueSpice free there are installation instructions here for the freely downloadable software. Generally, MediaWiki is first installed and updated and then the newest version of BlueSpice is put over the top. Please make sure here too that you use the BlueSpice version compatible with the MediaWiki release you are using.

Weblinks

Further MediaWiki articles