|Open||None||T118181 Planning for phasing out non-Forward-Secret TLS ciphers|
|Open||None||T147967 The WMF-Last-Access Set-Cookie header should follow RFC 2965 syntax rather than the pre-RFC Netscape format|
|Resolved||BBlack||T147199 Removing support for DES-CBC3-SHA TLS cipher (drops IE8-on-XP support)|
|Resolved||Johan||T163251 Communicate dropping IE8-on-XP support (a security change) to affected editors and other community members|
|Resolved||Johan||T172418 Get translations for "IE8 on XP won't work"|
Update: Today is the start date for going to 5%. Before we pull that trigger sometime later (perhaps much later) today, I'm working on a few other things:
- Creating a wikitech page with technical details about both the deprecation process/timeline and the rationale, to link elsewhere (e.g. on the browser rec page).
- Importing some of the translations that exist so far into the warning page, along with various other suggested wording updates.
I've left another note about this at enwiki's VPT: https://en.wikipedia.org/w/index.php?title=Wikipedia:Village_pump_(technical)&diff=795973850&oldid=795961036
That's where experienced editors are most likely end up, if they see these errors and are confused.
I've done (1) above here: https://wikitech.wikimedia.org/wiki/HTTPS/3DES_Deprecation . Will link that back into the browser recommendation page when I updated it for dates in a few minutes as well. It's probably not helpful for most end-users, but it lays everything out in deeper technical terms, especially the rationale section.
I have a dumb question! 😃
Currently, https://en.wikipedia.org/test-sec-warning says "Our HTTPS: Browser Recommendations page on wikitech has more-detailed information on fixing this situation." However, if wikitech is going the same way as the rest of the wikis experiencing this phenomenon (I expect it will), then the user will also be unable to access that link at some point in the future.
It's a very valid question :)
Around the time of the final date of protocol-level removal (~Nov 17), 3DES will stop working for most of our sites, Wikitech included, at which point nobody can view any of these messages or warnings directly. However, the ramp-up in pageview replacements with the https://en.wikipedia.org/test-sec-warning is happening only on our standard Varnish termination layer. This affects all of the major wiki projects in all languages, but doesn't apply to a handful of our sites which are on separate internet-facing infrastructure, including Wikitech and a few other more-technical sites/tools.
I imagine people who use IE8 on XP mainly fall into two categories: those who have no control over their work environment, and those who are easily confused by computer technology and don't really know what a cipher is.
Hopefully in the former case, they'll complain to their IT department and they'll fix it, and hopefully in the latter they'll blindly trust our Firefox links and find their way out of this mess from there :)
Testing updated HTML with some translations and a translate link (and other minor cleanups) at https://pinkunicorn.wikimedia.org/test-sec-warning . Will push something like this to the real one at https://en.wikipedia.org/test-sec-warning before upping percentage. Thoughts? Further tweaks? Mistakes? :)
A few nits:
- Consistently use lower case attribute names, e.g. dir="rtl".
- Add missing lang attributes to all the non-English paragraphs. Both for semantic reasons, maintenance (easier to update in-place without knowing the language), and possibly to help assistive technology.
- Prefix each paragraph content with the autonym for that language as well for end-users, which should make it significantly easier to find your language and less visually distracting for the mind when reading by naturally not needing to look through the other paragraphs.
<p lang="de"><strong>Deutsch:</strong> Die Wikimedia-Wikis werden bald ...</p>
Thanks! Updated for all the above as best I can (I'm not 100% sure on the language-name text prefix for Arabic and Chinese, but took a good stab from http://mediaglyphs.org/mg/?p=langnames ), I guess someone that knows better can recommend a further fixup?
I also re-ordered everything (except English at the top as canonical) according to language popularity from https://en.wikipedia.org/wiki/List_of_languages_by_number_of_native_speakers .
Thanks for adding the lang attributes. I also realised that one of the benefits this has is that browsers will pick a better and more suitable default font for the entire paragraph. For example, here is Japanese:
Heh yeah I guess you're right. Still, I added it to the current page, and we seemed to have picked up some new translations over the weekend. I can pull the link back out of there on the next update if that makes more sense.
I see that the Arabic text in the banner is broken. I'm looking at this page. This should not go like this to Arabic speakers. :) Can someone look into it? (I don't know Arabic fluently, but I know enough to be able to explain to whoever picks this up what's wrong in the text.)
Also, if you need help with Persian translation, let me know and I'll work on it.
Thanks for reporting. We've looked into it and got a native speaker of Arabic to point out what needs to be fixed.
Translations are always welcome. They can be done here:
Great! (I still don't see the change in the link, but I guess you will push it later.:)
Translations are always welcome. They can be done here:
To be honest, most of the community is blissfully unaware this is happening. But unless you bring out all the bells and whistles and the blinking lights, that's always going to be the case. (: We've put the information out through Tech News and the normal channels for technical updates, we're making sure those who are actually affected get to know it and so on.
The communities tend to be reasonable when you do something for good reason, and especially the fact that there's some sort of risk for everyone else in letting 0,1% connect to the wikis the way they are is a pretty reasonable argument for doing this.