Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

Tue Dec 31 15:58:14 UTC 2019

I still don’t see any multi-million dollar donation receipts though.. 

So if we want to do this, do we sacrifice security for the 99.9% or do we have Wikimedia pay the bill?

Oh, BTW, I have some network equipment with only 16-bit ASN support, or no large communities, or no IPv6, or no AES, or no BGP4, or no RPKI, or no [...] so I don’t know if it’s late but maybe we should revert at least some of those, because they’re not really needed.. The internet is broken anyways, so we don’t need more ASNs, or security, or connectivity anyways.. Oh, and it can do only 10 Mbit Ethernet, so my buffers fill up with anything at GbE or above, can we scrap them too? 

On a serious note, I don’t think TLS does not provide validation of the server just because the Web PKI system is broken, and I don’t think TLS doesn’t provide security or privacy. And I also believe they are needed. There are many scenarios where they are vital.. 

- They protect against modifying content: now if an anonymous edit is made, everyone will see and revert it, without TLS everyone could see a different thing and we wouldn’t know. 
- They protect against knowing what people browse (privacy): I don’t want others to know what information I look up on Wikipedia, or at least more people than necessary. Someone mentioned that if I have this requirement I should work towards it. I think most people have this requirement and it’s easier if Wikipedia works towards it, than everyone setting up a network and peering directly with every website they want to use. 

I am usually in favor of replacing things if possible that hold back everyone else, even if it hurts. We’re not throwing away last year’s phones, but devices closing 10 years in life. If we want devices we want to keep, and reduce e-waste and all that, we should find a way to keep them up to date, not demand that nobody makes any progress.. If Android could get updates (I think it can now) we could just add TLS 1.2 and TLS 1.3 by backporting. No new features, just essentials. But for some reason, someone, not necessarily in the Android team, and for some reason, decided that it’s not a priority.

Would we accept network equipment that doesn’t receive updates? Maybe, due to cost. But should we, or just maybe put some pressure on the manufacturer to support it for more than 3 months?

There’s a debate on how long the new cars should receive software updates. People keep them for over 15 years. Should we replace our cars every 2? No. The manufacturers should support them for a reasonable period, and then we should accept that some features will stop working. 

Now you may say if the car manufacturer stops producing parts after 2 years, you can find some third party ones. Well, nobody stops you from operating a reverse proxy for Wikipedia at unsafewikipedia.org, but the pros and cons there are different.. 

> On 31 Dec 2019, at 17:12, Seth Mattinen <sethm at rollernet.us> wrote:
> 
> On 12/31/19 12:50 AM, Ryan Hamel wrote:
>> Just let the old platforms ride off into the sunset as originally planned like the SSL implementations in older JRE installs, XP, etc. You shouldn't be holding onto the past.
> 
> 
> Because poor people anywhere on earth that might not have access to the newer technology don't deserve access to Wikipedia, right? Gotta make sure information is only accessible to those with means to keep "lesser" people out.