Re: [CODE4LIB] Terrible Drupal vulnerability
If you are using drupal as main website, consider using Cloudflare Pro. It's just $20 a month and worth it. They'll help block most attacks. And they usually receive vulnerability report ahead of general public. Kun -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Cary Gordon Sent: Friday, October 31, 2014 9:59 AM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] Terrible Drupal vulnerability This is what I posted to the Drupal4Lib list: By now, you should have seen https://www.drupal.org/PSA-2014-003 and heard about the Drupageddon exploits. and you may be wondering if you were vulnerable or iff you were hit by this, how you can tell and what you should do. Drupageddon affects Drupal 7, Drupal 8 and, if you use the DBTNG module, Drupal 6. The general recommendation is that if you do not know or are unsure of your server's security and you did not either update to Drupal 7.32 or apply the patch within a few hours of the notice, you should assume that your site (and server) was hacked and you should restore everything to a backup from before October 15th or earlier. If your manage your server and you have any doubts about your file security, you should restore that to a pre 10/15 image, as well or do a reinstall of your server software. I know this sounds drastic, and I know that not everyone will do that. There are some tests you can run on your server, but they can only verify the hacks that have been identified. At MPOW, we enforce file security on our production servers. Our deployments are scripted in our continuous integration system, and only that system can write files outside of the temporal file directory (e.g. /sites/site-name/files). We also forbid executables in the temporal file system. This prevents many exploits related to this issue. Of course, the attack itself is on the database, so even if the file system is not compromised, the attacker could, for example, get admin access to the site by creating an account, making it an admin, and sending themselves a password. While they need a valid email address to set the password, they would likely change that as soon as they were in. Some resources: https://www.drupal.org/PSA-2014-003 https://www.acquia.com/blog/learning-hackers-week-after-drupal-sql-injection-announcement http://drupal.stackexchange.com/questions/133996/drupal-sa-core-2014-005-how-to-tell-if-my-server-sites-were-compromised I won't attempt to outline every audit technique here, but if you have any questions, please ask them. The takeaway from this incident, is that while Drupal has a great security team and community, it is incumbent upon site owners and admins to pay attention. Most Drupal security issues are only exploitable by privileged users, and admins need to be careful and read every security notice. If a vulnerability is publicly exploitable, you must take action immediately. Thanks, Cary On Thu, Oct 30, 2014 at 5:24 PM, Dan Scott deni...@gmail.com wrote: Via lwn.net, I came across https://www.drupal.org/PSA-2014-003 and my heart sank: Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - https://www.drupal.org/SA-CORE-2014-005Drupal https://www.drupal.org/SA-CORE-2014-005 core - SQL injection https://www.drupal.org/SA-CORE-2014-005. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement. That's about as bad as it gets, folks. -- Cary Gordon The Cherry Hill Company http://chillco.com
Re: [CODE4LIB] Terrible Drupal vulnerability
Hi Cary, I don't know from whom. But for the heartbeat vulnerability earlier this year, they as well as some other big providers like Google and Amazon were notified and patched before it was announced. Kun -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Cary Gordon Sent: Friday, October 31, 2014 11:10 AM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] Terrible Drupal vulnerability How do they receive vulnerability report ahead of general public? From whom? Cary On Friday, October 31, 2014, Lin, Kun l...@cua.edu wrote: If you are using drupal as main website, consider using Cloudflare Pro. It's just $20 a month and worth it. They'll help block most attacks. And they usually receive vulnerability report ahead of general public. Kun -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU javascript:;] On Behalf Of Cary Gordon Sent: Friday, October 31, 2014 9:59 AM To: CODE4LIB@LISTSERV.ND.EDU javascript:; Subject: Re: [CODE4LIB] Terrible Drupal vulnerability This is what I posted to the Drupal4Lib list: By now, you should have seen https://www.drupal.org/PSA-2014-003 and heard about the Drupageddon exploits. and you may be wondering if you were vulnerable or iff you were hit by this, how you can tell and what you should do. Drupageddon affects Drupal 7, Drupal 8 and, if you use the DBTNG module, Drupal 6. The general recommendation is that if you do not know or are unsure of your server's security and you did not either update to Drupal 7.32 or apply the patch within a few hours of the notice, you should assume that your site (and server) was hacked and you should restore everything to a backup from before October 15th or earlier. If your manage your server and you have any doubts about your file security, you should restore that to a pre 10/15 image, as well or do a reinstall of your server software. I know this sounds drastic, and I know that not everyone will do that. There are some tests you can run on your server, but they can only verify the hacks that have been identified. At MPOW, we enforce file security on our production servers. Our deployments are scripted in our continuous integration system, and only that system can write files outside of the temporal file directory (e.g. /sites/site-name/files). We also forbid executables in the temporal file system. This prevents many exploits related to this issue. Of course, the attack itself is on the database, so even if the file system is not compromised, the attacker could, for example, get admin access to the site by creating an account, making it an admin, and sending themselves a password. While they need a valid email address to set the password, they would likely change that as soon as they were in. Some resources: https://www.drupal.org/PSA-2014-003 https://www.acquia.com/blog/learning-hackers-week-after-drupal-sql-inj ection-announcement http://drupal.stackexchange.com/questions/133996/drupal-sa-core-2014-0 05-how-to-tell-if-my-server-sites-were-compromised I won't attempt to outline every audit technique here, but if you have any questions, please ask them. The takeaway from this incident, is that while Drupal has a great security team and community, it is incumbent upon site owners and admins to pay attention. Most Drupal security issues are only exploitable by privileged users, and admins need to be careful and read every security notice. If a vulnerability is publicly exploitable, you must take action immediately. Thanks, Cary On Thu, Oct 30, 2014 at 5:24 PM, Dan Scott deni...@gmail.com javascript:; wrote: Via lwn.net, I came across https://www.drupal.org/PSA-2014-003 and my heart sank: Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - https://www.drupal.org/SA-CORE-2014-005Drupal https://www.drupal.org/SA-CORE-2014-005 core - SQL injection https://www.drupal.org/SA-CORE-2014-005. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement. That's about as bad as it gets, folks. -- Cary Gordon The Cherry Hill Company http://chillco.com -- Cary Gordon The Cherry Hill Company http://chillco.com
Re: [CODE4LIB] Terrible Drupal vulnerability
I think so. However, Cloudflare in their blog post claim they have develop a way to block the attack immediately when the vulnerability was announced. Whether or not they know the exploit ahead of time or not, it would be good to know someone is watching out for you for $20 a month. And you will be mad if you took Oct 15th off without it. I just check, I patched my instance on Oct 16th. Not sure what's going to happened. Kun -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Cary Gordon Sent: Friday, October 31, 2014 1:44 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] Terrible Drupal vulnerability The vulnerability was discovered in the course of an audit by SektionEins, a German security firm, and immediately reported to the Drupal Security Team. Because this was a pretty obscure vulnerability with no reported exploits, the team decided to wait until the first scheduled release date after DrupalCon Amsterdam to put out the notice and patch. Obviously, they knew that once word of the vulnerability was announced, there would immediately be a wave of exploits, so they imposed a blackout on any mention of it before October 15th. I think that they stuck to their word. Of course, attacks started a few hours after the announcement. Cary On Oct 31, 2014, at 9:38 AM, Joe Hourcle onei...@grace.nascom.nasa.gov wrote: On Oct 31, 2014, at 11:46 AM, Lin, Kun wrote: Hi Cary, I don't know from whom. But for the heartbeat vulnerability earlier this year, they as well as some other big providers like Google and Amazon were notified and patched before it was announced. If they have an employee who contributes to the project, it's possible that this was discussed on development lists before it was sent down to user level mailing lists. Odds are, there's also some network of people who are willing to give things a cursory review / beta test in a more controlled manner before they're officially released (and might break thousands of websites). It would make sense that companies who derive a good deal of their profits in supporting software would participate in those programs, as well. I could see categorizing either of those as 'ahead of the *general* public', which was Kun's assertion. -Joe -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Cary Gordon Sent: Friday, October 31, 2014 11:10 AM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] Terrible Drupal vulnerability How do they receive vulnerability report ahead of general public? From whom? Cary On Friday, October 31, 2014, Lin, Kun l...@cua.edu wrote: If you are using drupal as main website, consider using Cloudflare Pro. It's just $20 a month and worth it. They'll help block most attacks. And they usually receive vulnerability report ahead of general public. Kun -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU javascript:;] On Behalf Of Cary Gordon Sent: Friday, October 31, 2014 9:59 AM To: CODE4LIB@LISTSERV.ND.EDU javascript:; Subject: Re: [CODE4LIB] Terrible Drupal vulnerability This is what I posted to the Drupal4Lib list: By now, you should have seen https://www.drupal.org/PSA-2014-003 and heard about the Drupageddon exploits. and you may be wondering if you were vulnerable or iff you were hit by this, how you can tell and what you should do. Drupageddon affects Drupal 7, Drupal 8 and, if you use the DBTNG module, Drupal 6. The general recommendation is that if you do not know or are unsure of your server's security and you did not either update to Drupal 7.32 or apply the patch within a few hours of the notice, you should assume that your site (and server) was hacked and you should restore everything to a backup from before October 15th or earlier. If your manage your server and you have any doubts about your file security, you should restore that to a pre 10/15 image, as well or do a reinstall of your server software. I know this sounds drastic, and I know that not everyone will do that. There are some tests you can run on your server, but they can only verify the hacks that have been identified. At MPOW, we enforce file security on our production servers. Our deployments are scripted in our continuous integration system, and only that system can write files outside of the temporal file directory (e.g. /sites/site-name/files). We also forbid executables in the temporal file system. This prevents many exploits related to this issue. Of course, the attack itself is on the database, so even if the file system is not compromised, the attacker could, for example, get admin access to the site by creating an account, making it an admin, and sending themselves a password. While they need a valid email address to set the password, they would
Re: [CODE4LIB] Canadian WordPress Hosting
iweb.com is at quebec -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Cynthia Ng Sent: Friday, November 08, 2013 12:12 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] Canadian WordPress Hosting I believe the act says it has to stay in Canada. Hence the need to get local or at least Canadian hosting. On Thu, Nov 7, 2013 at 9:41 PM, Riley Childs ri...@tfsgeo.com wrote: What about another country? Riley Childs Library Director and IT Admin Junior Charlotte United Christian Academy P: 704-497-2086 (Anytime) P: 704-537-0331 x101 (M-F 7:30am-3pm ET) Sent from my iPhone Please excuse mistakes On Nov 7, 2013, at 9:28 PM, Mark Jordan mjor...@sfu.ca wrote: FWIW, in British Columbia, public institutions are prohibited by law from hosting any data in the US. Mark Ross Singer rossfsin...@gmail.com wrote: I assume it's not about speed, but about the PATRIOT Act. For example, we don't host any of our customer data in the US (and aren't allowed to). -Ross. On Thu, Nov 7, 2013 at 9:17 PM, Riley Childs ri...@tfsgeo.com wrote: I take that back, did a bit more research, I think there are plenty of options. But I have to ask, why only in Canada, a transit provider in the us willbe just as fast as in Canada Riley Childs Library Director and IT Admin Junior Charlotte United Christian Academy P: 704-497-2086 (Anytime) P: 704-537-0331 x101 (M-F 7:30am-3pm ET) Sent from my iPhone Please excuse mistakes On Nov 7, 2013, at 9:09 PM, Nick Ruest rue...@gmail.com wrote: Cynthia: If you just need a Canadian server, not a Canadian corporation, check out Site5[1]. Not sure if they are exactly what you are looking for, but they have the standard one-click install ControlPanel stuff. Not sure about the automated backup options you're looking for. I've been using them for a few years, and have zero complaints. Riley: Really? Why would we be hard pressed to find that in Canada? -nruest [1] http://www.site5.com/p/canadian-web-hosting/ On 13-11-07 08:38 PM, Riley Childs wrote: Why in Canada? You will be hard pressed to find that Riley Childs Library Director and IT Admin Junior Charlotte United Christian Academy P: 704-497-2086 (Anytime) P: 704-537-0331 x101 (M-F 7:30am-3pm ET) Sent from my iPhone Please excuse mistakes On Nov 7, 2013, at 4:48 PM, Cynthia Ng cynthia.s...@gmail.com wrote: Thanks Kevin. Servers need to be in Canada, preferably paid in Canadian but I don't think that's necessary. I'll looking your recommendation. On Thu, Nov 7, 2013 at 9:48 AM, Kevin Hawkins kevin.s.hawk...@ultraslavonic.info wrote: Does the entity you pay need to be in Canada (that is, accept payment in Canadian dollars), or do the servers need to be there? Or both? I use http://www.csoft.net/ for my personal hosting. Their business office is in Canada, but I'm unclear on where their servers are. Their documentation is written assuming you have strong technical skills, but they respond quickly (and tersely) whenever I've needed help to address gaps in my skills. They have some specific instructions for installation of WordPress once you've connected to them through SSH: http://www.csoft.net/docs/wordpress.html.en They also have documentation in French in case that's helpful. --Kevin On 2:59 PM, Cynthia Ng wrote: Hi Everyone, Apologies for cross-posting, but code4lib is much more active, and has more Canadians that I've seen. I was wondering if anyone had recommendations for a WordPress hosting solution? And yes, it needs to be in Canada. I can do most of my own dev-type work, so really it just needs to be setup to run WordPress (preferably with 1-click install), and most of all, reliable, hopefully with good customer service for when we need to contact the company. Okay, also preferable is that they do daily backups for us and has excellent security (considering it's WordPress). Too many hosting solutions include email and a bunch of other stuff, and I need it only for WordPress and nothing else. A name, plus at least 1-2 reasons on the recommendation would be great! Thanks in advance, Cynthia -- -nruest
Re: [CODE4LIB] EZ Proxy and Google Analytics
Thanks for reply. I though EZ Proxy do rewrite JavaScript. Well, if the true IP is acquired by Google Analytics, it shall be good. Thanks Kun -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Patrick Berry Sent: Sunday, March 24, 2013 10:51 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] EZ Proxy and Google Analytics Google Analytics is run in the client browser, so EZProxy should not have any impact on that. I assume you are trying to filter based on IP? You can see an effect if you look at hostname details though, if you're using the domain rewriting functionality. Pat On Fri, Mar 22, 2013 at 11:38 AM, Lin, Kun l...@cua.edu wrote: Hi Does anybody know when patron visiting the page through EZ-Proxy, will Google Analytics capture Patron’s real IP or EZ-Proxy IP? Thanks Kun Catholic University of America
[CODE4LIB] EZ Proxy and Google Analytics
Hi Does anybody know when patron visiting the page through EZ-Proxy, will Google Analytics capture Patron’s real IP or EZ-Proxy IP? Thanks Kun Catholic University of America
Re: [CODE4LIB] ElasticSearch
That's something pretty pricy. Kun -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Cary Gordon Sent: Thursday, March 14, 2013 2:47 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: [CODE4LIB] ElasticSearch Anyone using it? Thanks, Cary -- Cary Gordon The Cherry Hill Company http://chillco.com
Re: [CODE4LIB] ElasticSearch
Oh, I though he/she is talking about Amazon Search service(part of amazon cloud). I think it is the same or similar name. Kun -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Christian Pietsch Sent: Thursday, March 14, 2013 3:13 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] ElasticSearch On Thu, Mar 14, 2013 at 06:49:28PM +, Lin, Kun wrote: That's something pretty pricy. Are you joking? It's free and open-source software: https://github.com/elasticsearch/elasticsearch Some of my colleagues at Bielefeld University Library's LibTec department are using it with LibreCat http://librecat.org/ to power our university's central publication data service PUB http://pub.uni-bielefeld.de/. They seem to be happy with it. In other projects, we stick to SOLR or even pure old Lucence. What are you looking to use ES for? Cheers, Christian -- Christian Pietsch · http://purl.org/net/pietsch LibTec · Library Technology and Knowledge Management Bielefeld University Library, Bielefeld, Germany
Re: [CODE4LIB] Handwriting and ocr
I don't think that would be possible to OCR handwriting. As I can remember, the result are pretty useless. Unless using something like recaptcha. Kun -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Donna Campbell Sent: Tuesday, March 12, 2013 1:56 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: [CODE4LIB] Handwriting and ocr On a related note, I am looking for a recommendation for software that provides OCR for handwriting (print and/or cursive). To clarify, this would be pen ink on paper not digital ink. Thank you, Donna R. Campbell Technical Services Systems Librarian (215) 935-3872 (phone) (267) 295-3641 (fax) Mailing Address (via USPS): Westminster Theological Seminary Library P.O. Box 27009 Philadelphia, PA 19118 USA Shipping Address (via UPS or FedEx): Westminster Theological Seminary Library 2960 W. Church Rd. Glenside, PA 19038 USA -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Eric Lease Morgan Sent: Tuesday, March 12, 2013 11:57 AM To: CODE4LIB@LISTSERV.ND.EDU Subject: [CODE4LIB] web-based ocr Does anybody here know of a Web-based OCR program or Web service? Many people want to do OCR against digitized texts. We all know of various OCR applications (Adobe Acrobat, ABBYY FineReader, Google's Tesseract, etc.), but they are not necessarily Web-based. As a service to my university, I thought it might be cool (or kewl) to support an image to text application. Go to Web form. Submit one or more image files. Have OCR done against them no matter how dirty the output. Return plain text. As a bonus, the application would support a REST-ful API. Does anybody know of something like this that exists already? -- Eric Lease Morgan University of Notre Dame
Re: [CODE4LIB] human rights violations elibrary for Haiti/France
Check http://www.ushahidi.com/products This is the description on TurnkeyLinux Ushahidi (Swahili for testimony or witness) is a crowdsourcing application created in the aftermath of Kenya's disputed 2007 presidential election that enables local observers to submit reports using their mobile phones or the internet, while simultaneously creating a temporal and geospatial archive of events. http://www.turnkeylinux.org/ushahidi -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Kari R Smith Sent: Thursday, February 28, 2013 9:56 AM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] human rights violations elibrary for Haiti/France Jason, DSpace now has a hosted option, DSpace Direct, which might be a really good option for this group. I'll send her an email message directly about it. Looks like it doesn't really launch until summer but what a great option for folks without a IT department to support them. http://dspacedirect.org/dspacedirect Kari Smith -Original Message- From: Code for Libraries [mailto:CODE4LIB@listserv.nd.edu] On Behalf Of Jason Raitz Sent: Monday, February 25, 2013 2:13 PM To: CODE4LIB@listserv.nd.edu Subject: [CODE4LIB] human rights violations elibrary for Haiti/France Hi, I've just been contacted out of the blue by someone working with a joint Haitian/French human rights organization that needs to create a searchable, bilingual elibrary on human rights violations in Haiti. They've secured hosting in America for various reasons and they have a few thousand or more documents to store, index and make available. The lady I talked to had an interest in using facets and storing the documents in a MySQL db. I briefly suggested that Solr and Blacklight might be where they're heading. I also suggested that she might be able to get more help from an I-school like my alma mater, UNC-SILS. If anyone would like to assist her or has some ideas or experience with such things, her email is reneeasteria [at] gmail [dot] com. She didn't tell me much more beyond this. I believe that she doesn't consider herself a programmer (I bet we would consider her a coder :-) ), she's been working with statistical software for a number of years, and that she is able to learn what's necessary. I'm not sure of any protocols, but I went ahead and CC'd Renee on this message. Cheers, Jason Raitz NCSU Libraries
Re: [CODE4LIB] You *are* a coder. So what am I?
Hi Chris, Well, BASIC style language is my first language. It is pretty easy for someone to start with. Kun -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Chris Gray Sent: Friday, February 15, 2013 9:17 AM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] You *are* a coder. So what am I? I would suggest any attempt to teach people to code should begin with Software Carpentry http://www.software-carpentry.org/about/90seconds.html. An important point here is that there are many misconceptions about programing and teaching that won't stand up to empirical investigation. http://software-carpentry.org/4_0/softeng/ebse.html I'm afraid on that score, Perl is not a good choice for a first language (nor is VBScript or VBA). I know people won't like me for saying that but there is hope of getting past religious wars if we insist on evidence over opinion. Chris On 2/15/2013 8:59 AM, Joe Hourcle wrote: On Feb 15, 2013, at 8:22 AM, Kyle Banerjee wrote: On Thu, Feb 14, 2013 at 7:40 AM, Jason Griffey grif...@gmail.com wrote: The vast, vast, vast, vast majority of people have absolutely no clue how code translates into instructions for the magic glowing screen they look at all day. Even a tiny bit of empowerment in that arena can make huge differences in productivity and communication abilities This is what it boils down to. C4l is dominated by linux based web apps. For people in a typical office setting, the technologies these involve are a lousy place to start learning to program. What most of them need is very different than what is discussed here and it depends heavily on their use case and environment. A bit of VBA, vbs, or some proprietary scripting language that interfaces with an app they use all the time to help with a small problem is a more realistic entry point for most people. However, discussion of such things is practically nonexistent here. Well, as you mention that ... I'm one of the organizers of the DC-Baltimore Perl Workshop : http://dcbpw.org/dcbpw2013/ Last year, we targeted the beginner's track as a sort of 'Perl as a second language', assuming that you already knew the basic concepts of programming (what's a variable, an array, a function, etc.) Would it be worth us aiming for an even lower level of expertise? -Joe ps. Students the unemployed are free ... $25 before March 1st, $50 after; will be April 20th at U. Baltimore. We're also in talks with a training company to have either another track of paid training or a separate day (likely Sunday); they wouldn't necessarily be Perl-specific.
Re: [CODE4LIB] You *are* a coder. So what am I?
Great! Thanks for providing such a useful information. I was actually want to learn node.js. Anybody know anything about it? Thanks Kun Lin Catholic University of America -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Joe Hourcle Sent: Friday, February 15, 2013 9:31 AM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] You *are* a coder. So what am I? On Feb 15, 2013, at 9:00 AM, Lin, Kun wrote: Wow, Interesting. But I am not fun of Perl. Is there other workshop? I don't know of any full workshops in the area, but there are plenty of monthly or semi-monthly meetings of different groups: Python: http://dcpython.org/ R : http://www.meetup.com/R-users-DC/ Groovy: http://www.dcgroovy.org/ Drupal: http://groups.drupal.org/washington-dc-drupalers Hadoop: http://www.meetup.com/Hadoop-DC/ Ruby: http://www.dcrug.org/ ColdFusion: http://www.cfug-md.org/ For those not in this area, see: http://www.pm.org/groups/ http://wiki.python.org/moin/LocalUserGroups http://r-users-group.meetup.com/ http://groups.drupal.org/ http://www.ruby-lang.org/en/community/user-groups/ http://www.haskell.org/haskellwiki/User_groups http://coldfusion.meetup.com/ -Joe
Re: [CODE4LIB] Bootstrap
Hi Ron, Thanks for the comparison. Choosing a Framework is not an easy task as once you start to build on it, it is really difficult to make a move. Thanks Kun Catholic University of America -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Ron Gilmour Sent: Saturday, January 26, 2013 9:53 PM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] Bootstrap And if you're really in the mood to shop around ... Which Is Right for Me? 22 Responsive CSS Frameworks and Boilerplates Explainedhttp://designshack.net/articles/css/which-is-right-for-me-22-responsive-css-frameworks-and-boilerplates-explained/by Joshua Johnson Ron Gilmour Web Services Librarian Ithaca College Library On Sat, Jan 26, 2013 at 9:43 PM, Gabriel Farrell gsf...@gmail.com wrote: Another front-end framework that's been gaining traction is Foundation ( http://foundation.zurb.com/). It might be worth comparing with Bootstrap as you make your decision. On Sat, Jan 26, 2013 at 9:29 AM, Danaye Gebru dge...@slu.edu wrote: A similar alternative to Twitter Bootstrap is Gumby, http://gumbyframework.com/ http://gumbyframework.com/ . I've used it to build SLU's Library newsletter website in drupal 6, http://libraries.slu.edu/newsletter . On Fri, Jan 25, 2013 at 3:47 PM, Ron Gilmour rgilmou...@gmail.com wrote: I used Twitter Bootstrap for the development of the Ithaca College Library website http://ithacalibrary.com. It has a lot of great features and is pretty easy to modify. At the risk of shameless self-promotion, I'll mention that I'm giving a talk on the process of responsive web development at this eventhttp://www.amigos.org/HTML5_CSS3. The presentation will include some stuff about Bootstrap. Ron Gilmour Web Services Librarian Ithaca College Library On Fri, Jan 25, 2013 at 3:59 PM, Lin, Kun l...@cua.edu wrote: Hi Everyone, Has anyone try to use Bootstrap for web develop before? How is the framework? Does it works well? Thanks Kun Lin -- Danaye Gebru Technology Coordinator Pius XII Memorial Library Saint Louis University 3650 Lindell Blvd. St. Louis, Missouri 63108 Tel. 314-977-6772 Email dge...@slu.edu
[CODE4LIB] Bootstrap
Hi Everyone, Has anyone try to use Bootstrap for web develop before? How is the framework? Does it works well? Thanks Kun Lin
Re: [CODE4LIB] CODE4LIB Digest - 13 Jan 2013 to 14 Jan 2013 (#2013-14)
Hi Nate, Podio is a pretty nice site. But do you know anything similar to PODIO but allow us to host it locally? Thanks Kun Catholic University of America Web Support Librarian --- Date:Mon, 14 Jan 2013 21:19:35 -0500 From:Nate Hill nathanielh...@gmail.com Subject: Re: project management system Been using Podio with some friends and kind of like it. https://podio.com/ N On Monday, January 14, 2013, Brad Rhoads wrote: Actually you can get it up and running on Amazon in few minutes. http://bitnami.org/stack/redmine --- www.maf.org/rhoads www.ontherhoads.org On Mon, Jan 14, 2013 at 11:45 AM, John Fink john.f...@gmail.comjavascript:; wrote: We use Redmine, and we're pretty happy with it. It's often used for software, but we've found it very helpful for a range of projects. It does require that you run it locally iirc, and therefore will require that you have someone who can (or can learn) to deploy Rails apps. jf On 2013-01-14 1:41 PM, Eric Phetteplace phett...@gmail.comjavascript:; wrote: Redmine http://www.redmine.org/ is an open source solution in this space. I haven't used it so I can't speak for its quality. Best, Eric On Mon, Jan 14, 2013 at 1:38 PM, Schwartz, Raymond schwart...@wpunj.edu javascript:; wrote: Adam, Where is the free version of basecamp. The website only offers a 45 day free trial. All the rest are subscriptions. /Ray -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDUjavascript:;] On Behalf Of Adam Traub Sent: Monday, January 14, 2013 1:33 PM To: CODE4LIB@LISTSERV.ND.EDU javascript:; Subject: Re: [CODE4LIB] project management system Hi Kun, I'm a big fan of Basecamp (http://basecamp.com/). With a small group, it is pretty easy to get by with just the free version and it handles distribution and archiving of emails. Unless you're looking for time-tracking, it has done a very good job for a couple of the projects I've worked on. I've noticed a few people get excited about the ability for it to store files and have wikis (called whiteboards in Basecamp), though it is easy to outgrow the free version quickly. I generally use it as a scheduling, to-do list (with assignments), and email system. You can always complement the file storage with Dropbox or an internal file system. Cheers, Adam Traub -Original Message- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDUjavascript:;] On Behalf Of Lin, Kun Sent: Monday, January 14, 2013 1:27 PM To: CODE4LIB@LISTSERV.ND.EDU javascript:; Subject: [CODE4LIB] project management system Hi all, Our library is looking for a project management system. Does anyone has any suggestions on which one to choose? We only have a very small team and our main focus is to guide our librarians to submit their ideas and for record tacking purposes. Thanks Kun -- Nate Hill nathanielh...@gmail.com http://4thfloor.chattlibrary.org/ http://www.natehill.net
[CODE4LIB] project management system
Hi all, Our library is looking for a project management system. Does anyone has any suggestions on which one to choose? We only have a very small team and our main focus is to guide our librarians to submit their ideas and for record tacking purposes. Thanks Kun