On Tue, Dec 31, 2019 at 6:12 AM Seth Mattinen <sethm@rollernet.us> wrote:
On 12/31/19 12:50 AM, Ryan Hamel wrote:
Just let the old platforms ride off into the sunset as originally planned like the SSL implementations in older JRE installs, XP, etc. You shouldn't be holding onto the past.
Because poor people anywhere on earth that might not have access to the newer technology don't deserve access to Wikipedia, right? Gotta make sure information is only accessible to those with means to keep "lesser" people out.
This. I visited a rural school in South Africa around 2008. For many things - such as using their cellphone provider's billing infrastructure to pay for third-party services via SMS - a switch to TLS 1.2 only would probably have no impact. But for educational purposes, their reliance on Wikipedia was dramatic - and they could *only* get to it from outdated phones that had been donated, scavenged, or cobbled together from parts. In the intervening years, the disposable-electronics culture has probably been a great boon to them, bringing better and more tech - but much of it is probably still pre Android 4.4.2 But perhaps Wikipedia's decision is based on actual data. I'd love to see percentages of their negotiated TLS ciphers, per country and per client type. Back in 2015, you could see them as discussed here: https://news.ycombinator.com/item?id=10194258 ... but I'm not sure where the equivalent data would be in the new Grafana data: https://grafana.wikimedia.org/?orgId=1 Royce