MediaWiki

From LinuxReviews
Jump to navigationJump to search

MediaWiki is a free software content management system notable for being used on the worlds largest encyclopedia/propaganda site Wikipedia as well as dozens of smaller wikis like LinuxReviews, Immortal Poetry, https://www.pcgamingwiki.com/ Pc Gaming Wiki] and many more.

Features

MediaWiki lets users create pages using a special MediaWiki markup that is somewhat similar to Markdown yet different in many ways.

MediaWiki allows users to upload images, videos and other file types as long as the administrator allows it. Video transcoding and hosting is not supported by the default installation. Those features can be added using the plug-in TimedMediaHandler. A lot of other functionality is also not included in standard MediaWiki installations. There are a lot of plugins for MediaWiki available that allow everything from voting on pages to syntax highlighting on pages.

Image Support

MediaWiki handles JPG, PNG and SVG images just fine as long as it is correctly setup to use ImageMagick or GD.

MediaWiki does, as of version 1.34.2, NOT handle WebP images correctly.

MediaWiki creates very large thumbnails when PNG images are used. Uploading optimized PNG images made by pngquant and other similar software is therefore meaningless. You should never upload PNG images to MediaWiki, ever. A random website screenshot can illustrate this:

MediaWiki vs A Website Screenshot
JPG file saved in GIMP PNG file saved in GIMP JPG file after being re-sized by MediaWiki PNG file after being re-sized by MediaWiki
208K 216K 104K 252K

This simple random example illustrates how MediaWiki makes PNG thumbnails that are 2.5x the size of JPG thumbnails even if the original JPG and PNG versions of the same image have close to identical file sizes.

Plugins

See Special:Version for a list of those used in this site.

Patches

Some of the features one would like to have on a MediaWiki installation can not be added using plugins. Some of the features require patching the core MediaWiki software.

Increased Random Visitor User Privacy Patch

The getName function in includes/user/User.php can be changed to make MediaWiki more privacy-friendly toward random visitors who make small changes or edits or comment without making an account.

MediaWiki will, by default, record and who the IP address of these random "anonymous" users in its many publicly available logs. You can see an example of edits with an IP address visible, made in 2007, in this pages logs. The following patch may be of interest if you think that is problematic.

File: includes/user/User.php
        /**
         * Get the user name, or the IP of an anonymous user
         * @return string User's name or IP address
         *
         * Changed by LinuxReviews to make anonymous
         */

	public function getName() {
                if ( $this->isItemLoaded( 'name', 'only' ) ) {
                        // Special case optimisation
                        return $this->mName;
                }

                $this->load();
                if ( $this->mName === false ) {
                                // begin LinuxReviews mod
                                $cleanip = IP::sanitizeIP( $this->getRequest()->getIP() );
                                $hiddenip = hash("sha256", $cleanip , FALSE);
                                $hiddenip = mb_substr ($hiddenip, 8, 5);
                                if (isset($_SERVER['HTTP_USER_AGENT'])) {
                                        $hideua = $_SERVER['HTTP_USER_AGENT'];
                                }else{
                                      	$hideua = 'Anonymous Browser';
                                }
                                $hideua = hash("sha256", $hideua , FALSE);
                                $hideua = mb_substr ($hideua, 8, 5);
                                $hideip = ' ('.$hideua.$hiddenip.')';
                                $fakename = 'anonymous'.$hideip;
                                $this->mName = IP::sanitizeIP( "$fakename" );
                }
                return $this->mName;
        }

The idea here is to combine 5 characters from a sha 256 hash of the users IP with 5 characters of a sha 256 hash with the users web browser user-agent. This creates an unique string for each users who visits the site.

Simply giving every user who is not logged in a single username like "anonymous" causes problems with some MediaWiki functions and plugins since that makes them view everyone not logged as the same user. Giving each user a username that is somewhat random yet unique to them during their session solves this problem.

Tracking is a concern with the above patch. It is easy to tell that anonymous (8ea6d0545a) making one edit is probably the same as anonymous (8ea6d0545a) making another edit (since they share the same IP and user-agent). Those who have seen this patch and know how the number is generated will also be able to tell that anonymous (8ea6d0545a) is coming from the same IP anonymous (fd5a90545a) is using (because they share the last five 0545a hex digits).

The privacy concern with this patch is far less than it is with a default MediaWiki installation that uses the plain IP address of a visitor and shows that in all logs. It may be possible to tell that 8ea6d0545a is the same as 8ea6d0545a and it may even be possible to see that (every)one editing from an IP that results in 0545a being generated as the last five digits is using the same IP (if you actually know how the above PHP function works). However, figuring out what IP 0545a corresponds to is of course impossible. You can't figure out that it comes from the sha256 hash 3d8ff5730545a2f7714930efed3a9be66326b9f4a05eda38c2d4380971410f0c and you wouldn't be able to know what IP that corresponds to even if you did.

You can write a comment below, without being logged in, and look at Special:Log/comments to see what your user-data (User-Agent/IP) is being recorded as.

Do be aware that banning users, restricting users and that kind of thing is a lot more problematic when this random user privacy patch is used. This patch may not be for you if tight tyrannical control over your users is important to you. Then again, allowing random people to edit and comment without creating user-accounts in the first place may not be what you want if that's the case.

Rate this article:
5.00
(one vote)

Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.