Talk:Main Page

From OpenSimulator
Jump to navigationJump to search

Translator

Please add the following to the opensimulator.org/wiki

Extension:Google Translator https://www.mediawiki.org/wiki/Extension:Google_Translator


Recentchanges

Please extend Recentchanges to 180 days.

Recent Wiki Changes

Remove Mention of Forge

The Section of the Page that says "you can create a project hosted on the forge" but that should be removed as the forge no longer exists CodyCooper (talk)

Uh... this MediaWiki installation really needs some serious upgrading...

Recently, I have pointed out to the Lindens (with little success) that their own MediaWiki installation for the Second Life Wiki is slightly dated (besides having broken SVG support since their last upgrade, which is a separate issue).

Today I happened to try to place some footnotes here on the OpenSim wiki with the usual <ref> tag, which comes with the Cite extension since time immemorial, e.g. MediaWiki 1.21 (at the time of writing, the current version is 1.40.X). I was a bit confused, tried to implement a new template instead of using <ref>, but that didn't work either, so I thought — what is going on here?

Or rather: how old is this Wiki, anyway?

A quick look at the Special pages was mind-boggling: at the time of writing, this is still running MediaWiki 1.19 (!!!). Guys — that's not only way too old, but, worse, it has more security issues than a Swiss cheese has holes. To make matters even worse... you're running this on PHP... 5.2!? That's so ancient that exploits don't even target that any longer! These days, in 2023, you should not run anything below the 8.X series (even the 7.X is discontinued). If you must run the 5.X series (because, well, such archaic versions of MediaWiki will probably not run on anything above PHP 5.X...), at least run the last version of 5.6 — it's a decade old or so, but at least it patches the worst nightmares of the 5.X versions.

Needless to say, PHP 7.X introduced a new JIT compiler which makes everything way faster; and for the 8.X, it was improved (rewritten from scratch?) to attain the kind of performance that formerly only HHVM (Facebook's own fork of PHP) could come close to, and surpass it. So, it's not just about serious security issues, bugs, and lack of functionality — it's also about speed, and making the best usage of the resources you have on the server where this wiki is running. PHP 7 and 8 take up less memory and are faster than the whole 5 series — that's why they abandoned it, almost a decade ago (!).

I also won't comment on the MySQL version. It's a version contemporary with the birth of Second Life. Or perhaps about the same age as the pyramids in Egypt. I don't remember what came first. Seriously. Nobody should be running anything that old. And if they do, at the very least, such information should not be public — you're basically giving everything that hackers need, handed over in a silver platter, with watercress on it. They can even figure out what operating system you're running — one that is at least twelve versions behind the current one, and there is a new one every other year or so, so that's how old your version is.

Not to mention that you should also install a free Let's Encrypt certificate to get Apache to serve this site behind TLS, that is, an encrypted connection. HTTPS is not only safer; it's also got far more performance, when using HTTP/2.0 (and now HTTP/3), which multiplexes the streams and delivers them more efficiently to the browser. You're just wasting resources otherwise. Back in the early days of OpenSimulator, getting a signed certificate was indeed too expensive (they still are), but Let's Encrypt and ZeroSSL and other free certificate authorities have changed everything. There is now absolutely no reason not to use secure encryption these days.

But even if you do not wish to upgrade Apache, install the automated tools to cycle the Let's Encrypt license, and so forth, there is a very simple solution: just use Cloudflare. Cloudflare is a global reverse proxy + cache (well, a CDN, really), with 250+ data centres spread around the world, and adding lots of security screening on top of any website (as well as mitigating DDoS attacks, eliminating bots, and so forth). All of that for free — they can afford it, because they have Big Business already paying them millions for 'pro' or 'enterprise' service. Cloudflare works by managing DNS on your behalf — you can keep your current registrar (NameCheap, I guess?), you just need to point the nameservers to Cloudflare's own. They do their magic, switching IP addresses under the hood, and deal with the whole TLS termination on their side. So, the world will only be able to access https://opensimulator.org — not knowing exactly where that server physically is — and internally they will contact your server using whatever method you prefer. Using HTTP/1.0 or 1.1 for communication with a reverse proxy/cache is not a huge performance hit — after all, they just need to do that every now and then to keep their own caches fresh, while serving whole pages and all media directly to the visitors.

(At least, as far as I can see, you have picked a great choice of hosting provider :) Don't get all that performance to waste!)

I have no idea who maintains this wiki, but you've got a major task in front of you. It's very hard to upgrade MediaWiki after 'forgetting' to do so many upgrades. The MediaWiki maintainers usually break everything from version to version, and that's one reason why their upgrading tool targets a few versions in the past. You can safely skip 2-3 versions, and the upgrader should be able to deal with the changes.

But there is no way to go straight from 1.19 to the latest version (1.40)! In fact, I don't even know how that can be easily done without a major impact on the existing content. The differences are simply too great. I know — I've been through that kind of nightmare in the past, and still have one ancient 1.18 database dump to try to manually patch so that it runs on some version of MediaWiki that has some kind of migration path to the current version.

The problem is that, the longer you guys take to do that, the harder it will be. I wouldn't dare to say that you've already reached the point of no return — because there are always ways to tweak content to conform to modern standards — but it will get worse and worse every year.

Also consider that, even if you couldn't care less if this wiki gets hacked or not (because you have backups that can be restored in milliseconds), you put everybody else on the same server — even on the same service provider! — at risk (I'm one of them — hello neighbours :) ). You could merely be hosting some sort of rootkit from which malicious attackers are targeting other hosts on the same network — professional hackers might not care much about the OpenSimulator Wiki (there is no money to be made out of this content...), but having an available server behind a provider's firewall is quite useful, these days.

If that happens (and it will, believe me), don't be too surprised if your data centre provider will kick you out of their services until you do all mandatory upgrades. Right now, because the overall traffic might be very low, the server where this wiki is installed is likely to fall under the radar of their sysadmins — they have hundreds of thousands (millions?) of servers to worry about.

So... do yourselves a huge favour... and start upgrading things!

As a bonus, MediaWiki users will get all the goodies that are pre-installed on the more recent versions — and that includes not only better syntax highlighters or a WYSIWYG editor, but a ton of functionality that makes updating a wiki a fun & easy task :)

Anyway... I'm not really complaining, of course. You guys have been providing this Wiki for an eternity now, doing your work for free, for the benefit of tens of thousands of OpenSimulator users across the globe. For that I'm deeply in gratitude, and thank you. But I also fear the day that everything comes apart because of some sort of technical issue...

Gwyneth Llewelyn (talk) 10:42, 27 June 2023 (PDT)

I'm all for it, but the person in charge of that part, who claimed to be working on an upgrade as well, has not been doing anything for months or years. You might want to copy this entire thing for safe keeping -Tampa