[Owasp-leaders] OWASP Wiki update- awesome editing features

Matt Tesauro matt.tesauro at owasp.org
Tue Mar 14 01:46:36 UTC 2017


Thanks for announcing the the wiki update on the leaders list - I've been
so busy doing other things today I didn't get chance to let people know the
wiki was updated this weekend - a bit ahead of schedule per the the March
Ops Blog
estimated date of March 20th.  I had a email with the subject "Death to
MediaWiki syntax! Long live MediaWiki syntax!" in my head but this works
too. ; )

This is most of Activity 1 of the Website Reboot completed.  There's a few
items to finish - those are below.

A couple of things to note about the updated MediaWiki software and new
editor (called Visual Editor by MediaWiki)

   - You have two choices now when editing wiki pages - the WYSIWYG [1]
   Visual Editor and a new/improved source editor
   - There have been a few rare occasions where the Visual Editor messed up
   pages with HeaderTabs (those in page tabs like this page
   <https://www.owasp.org/index.php/Board>).  MediaWiki has updated Parsoid
   (the thing that powers the editor) and it looks like that's been fixed.
   - Parsoid is the back-end service that takes the Visual Editor output
   and turns it into a wiki page.  By default it runs over HTTP but I've setup
   ours to use HTTPS - cause that's just the right thing to do. : )
   - Things left to do
      - The wiki is still hosted at Rackspace which ended their hosting
      donation recently.   As soon as the refactoring of the Ansible
deploy code
      is done, we'll be moving elsewhere.
      - There were breaking changes between 1.25.x (previous) and 1.27.x
      (current) and the group of MediaWiki extensions we were using have been
      updated to work with 1.27.x. There's a few more new extensions that were
      only coded for the new release that we'll be adding shortly like
      for account requests.
      - MediaWiki changed how sessions and caching works for 1.27.x.  We
      have a working setup but its not optimal for several reasons.  I'm
      researching options to improve performance of the wiki's sessions and
      caching which will allow us to have multiple-web heads without load
      balancing users in a sticky fashion (aka same IP always gets the same web
      node).  This is a big change to how MediaWiki worked since we
started using
      it so I'm going to experiment first before we make production
changes.  The
      end result should be a much more fault tolerant installation in our new
      hosting provider.
      - The wiki is using a Let's Encrypt SSL certificate and get's an A on
      SSL Labs.  There has been system hardening done but this is not
the final,
      fully-hardened install.  If you have suggested changes, please submit a
      case to "IT Support" using the "Contact Us
      <https://www.tfaforms.com/308703>" form so the don't get lost between
      when you make them and the migration to a new hosting provider.

I'm going to push some things to Github and start tracking the progress on
the Website Reboot there - look for another announcement soon when that's
in place.


[1] https://en.wikipedia.org/wiki/WYSIWYG

-- Matt Tesauro
OWASP AppSec Pipeline Lead
OWASP WTE Project Lead
http://AppSecLive.org <http://appseclive.org/> - Community and Download site

On Mon, Mar 13, 2017 at 6:26 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> All
> I was pleasantly surprise to find out that we have the latest wiki version
> which is much easier to edit and adapt!
> Want to thank you Matt Tesauro for that accomplishment , really needed and
> gives a new way to edit the content
> Please, if you are experiencing any issues contact the Wiki editors or
> submit an issue. But so far I think is awesome
> Regards
> Johanna Curiel
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170313/b919f1fd/attachment-0001.html>

More information about the OWASP-Leaders mailing list