Re: [CODE4LIB] calling another webpage within CGI script

2009-11-24 Thread David Pattern
Hi Ken

Are you behind a web proxy server or firewall?  If so, you'll probably need to 
specify a proxy server in the script.

If the proxy is defined in the environment variables on the server, then you 
can use...

  my $ua = LWP::UserAgent-new( timeout = 60 );
  $ua-env_proxy();

...otherwise, you might need to hardcode it into the script...

  my $ua = LWP::UserAgent-new( timeout = 60 );
  $ua-proxy(['http'], 'http://squid.wittenberg.edu:3128');

(replace squid.wittenberg.edu:3128 with whatever the proxy server name and 
port number actually are)

regards
Dave Pattern
University of Huddersfield


From: Code for Libraries [code4...@listserv.nd.edu] On Behalf Of Ken Irwin 
[kir...@wittenberg.edu]
Sent: 23 November 2009 19:41
To: CODE4LIB@LISTSERV.ND.EDU
Subject: Re: [CODE4LIB] calling another webpage within CGI script

Hi Joe,

That's really helpful, thanks.
Actually finding out what the error message is nice:

HTTP Error : 500 Can't connect to www.npr.org:80 (connect: Permission denied)

I've tried this with a few websites and always get the same error, which tells 
me that the problem is on my server side. Any idea what I can change so I don't 
get a permission-denied rejection? I'm not even sure what system I should be 
looking at.

I tried Vishwam's suggestion of granting 777 permissions to both the file and 
the directory and I get the same response.

Is there some Apache setting someplace that says hey, don't you go making web 
calls while I'm in charge?

(This is a Fedora server running Apache, btw).

I don't know what to poke at!

Ken


---
This transmission is confidential and may be legally privileged. If you receive 
it in error, please notify us immediately by e-mail and remove it from your 
system. If the content of this e-mail does not relate to the business of the 
University of Huddersfield, then we do not endorse it and will accept no 
liability.


Re: [CODE4LIB] Web analytics for POST data

2009-11-24 Thread Joel Marchesoni
Hi Yitzchak,

I was just looking at this yesterday on the Google Analytics site.  It's a way 
to define custom variables at either the page, session, or visitor level:

http://code.google.com/apis/analytics/docs/tracking/gaTrackingCustomVariables.html

Joel Marchesoni 
Tech Support Analyst
Hunter Library @ Western Carolina University
jma...@email.wcu.edu
828-227-2860
 Please consider the environment before printing this email!



-Original Message-
From: Code for Libraries [mailto:code4...@listserv.nd.edu] On Behalf Of 
Yitzchak Schaffer
Sent: Monday, November 23, 2009 7:01 PM
To: CODE4LIB@LISTSERV.ND.EDU
Subject: Re: [CODE4LIB] Web analytics for POST data

Alejandro Garza Gonzalez wrote:
 1) You *can* use GA and some Javascript embedded in your III pages to 
 log events (as they´re called in GA lingo). The javascript (depending 
 on your coding wizardry level) could track anything from hovers over 
 elements, form submission, next page events, etc.

Hi Alejandro,

Thanks for a great suggestion.  I tried poking around at it; it seems to 
me like Events aren't built for what I'm really interested in doing, 
namely systematic exploration and analysis of the search sessions.  IOW, 
let's say a form looks like

t=finn
a=twain
l=circ,reserve

It looks like I could log this as three separate events, or one; but 
either way, how would one analyze this?  I'm not interested (solely) in 
how many times this particular query was entered.

I started looking at ways to funnel the params into my own tracking 
script, the prototype of which just writes a line to a text file with a 
JSON serialization of the form data; but I'm not a JS ninja, so I'm 
still trying to figure out how to get around the XSS problems.

Ruddy III turnkey...

-- 
Yitzchak Schaffer
Systems Manager
Touro College Libraries
33 West 23rd Street
New York, NY 10010
Tel (212) 463-0400 x5230
Fax (212) 627-3197
Email yitzchak.schaf...@tourolib.org


Re: [CODE4LIB] calling another webpage within CGI script

2009-11-24 Thread Greg McClellan

Hi,

I had a similar problem a while back which was solved by disabling 
SELinux. http://www.crypt.gen.nz/selinux/disable_selinux.html


-Greg


Re: [CODE4LIB] Web analytics for POST data

2009-11-24 Thread Alejandro Garza Gonzalez
To get around XSS you can use GET requests to your logging script, 
sending the data as arguments by one of two methods (maybe there are 
others?):


   * one way is to just get an Image by setting an image's SRC to
 your logging script.
   * another is to have an inline IFRAME where you also change its SRC
 to your logging script's URL.

You might have to have some built-in delay to let the logging script 
have time to actually log the event before the form gets submitted... 
I'm thinking using setTimeout() in javascript.


_alejandro

Yitzchak Schaffer said the following on 23/11/2009 06:01 p.m.:

Alejandro Garza Gonzalez wrote:
1) You *can* use GA and some Javascript embedded in your III pages to 
log events (as they´re called in GA lingo). The javascript 
(depending on your coding wizardry level) could track anything from 
hovers over elements, form submission, next page events, etc.


Hi Alejandro,

Thanks for a great suggestion.  I tried poking around at it; it seems 
to me like Events aren't built for what I'm really interested in 
doing, namely systematic exploration and analysis of the search 
sessions.  IOW, let's say a form looks like


t=finn
a=twain
l=circ,reserve

It looks like I could log this as three separate events, or one; but 
either way, how would one analyze this?  I'm not interested (solely) 
in how many times this particular query was entered.


I started looking at ways to funnel the params into my own tracking 
script, the prototype of which just writes a line to a text file with 
a JSON serialization of the form data; but I'm not a JS ninja, so I'm 
still trying to figure out how to get around the XSS problems.


Ruddy III turnkey...



--
_ ___ _ _ _ _ _ _ _
*Ing. Alejandro Garza González*
Coordinación de proyectos y desarrollo de sistemas
Centro in...@te, Centro para la Innovación en Tecnología y Educación
Tecnológico de Monterrey

Tel. +52 [81] 8358.2000, Ext. 6751
Enlace intercampus: 80.689.6751, 80.788.6106
http://www.itesm.mx/innovate/

El contenido de este mensaje de datos no se considera oferta, propuesta 
o acuerdo, sino hasta que sea confirmado en documento por escrito que 
contenga la firma autógrafa del apoderado legal del ITESM. El contenido 
de este mensaje de datos es confidencial y se entiende dirigido y para 
uso exclusivo del destinatario, por lo que no podrá distribuirse y/o 
difundirse por ningún medio sin la previa autorización del emisor 
original. Si usted no es el destinatario, se le prohíbe su utilización 
total o parcial para cualquier fin.


The content of this data transmission must not be considered an offer, 
proposal, understanding or agreement unless it is confirmed in a 
document signed by a legal representative of ITESM. The content of this 
data transmission is confidential and is intended to be delivered only 
to the addressees. Therefore, it shall not be distributed and/or 
disclosed through any means without the authorization of the original 
sender. If you are not the addressee, you are forbidden from using it, 
either totally or partially, for any purpose.


Re: [CODE4LIB] calling another webpage within CGI script - solved!

2009-11-24 Thread Graham Stewart

Hi,

We run many Library / web / database applications on RedHat servers with 
SELinux enabled.  Sometimes it takes a bit of investigation and  horsing 
around but I haven't yet found a situation where it had to be disabled. 
 setsebool and chcon can solve most problems and SELinux is an 
excellent enhancement to standard filesystem and ACL security.


-Graham

--
Graham Stewart
Network and Storage Services Manager, Information Technology Services
University of Toronto Library
130 St. George Street
Toronto, Ontariograham.stew...@utoronto.ca
Canada   M5S 1A5Phone: 416-978-6337 | Mobile: 416-550-2806 | 
Fax: 416-978-1668


Ken Irwin wrote:

Hi all,

Thanks for your extensive suggestions and comments. A few folks suggested that 
SELinux might be the issue. Tobin's suggestion to change one of the settings 
proved effective:
# setsebool -P httpd_can_network_connect 1.

Thanks to everyone who helped -- I learned a lot.

Joys
Ken

-Original Message-
From: Code for Libraries [mailto:code4...@listserv.nd.edu] On Behalf Of Greg 
McClellan
Sent: Tuesday, November 24, 2009 10:04 AM
To: CODE4LIB@LISTSERV.ND.EDU
Subject: Re: [CODE4LIB] calling another webpage within CGI script

Hi,

I had a similar problem a while back which was solved by disabling 
SELinux. http://www.crypt.gen.nz/selinux/disable_selinux.html


-Greg


Re: [CODE4LIB] calling another webpage within CGI script - solved!

2009-11-24 Thread Ross Singer
On Tue, Nov 24, 2009 at 11:18 AM, Graham Stewart
graham.stew...@utoronto.ca wrote:
 We run many Library / web / database applications on RedHat servers with
 SELinux enabled.  Sometimes it takes a bit of investigation and  horsing
 around but I haven't yet found a situation where it had to be disabled.
  setsebool and chcon can solve most problems and SELinux is an excellent
 enhancement to standard filesystem and ACL security.

Agreed that SELinux is useful but it is a tee-otal pain in the keister
if you're ignorantly working against it because you didn't actually
know it was there.

It's sort of the perfect embodiment between the disconnect between the
developer and the sysadmin.  And, if this sort of tension interests
you, vote for Bess Sadler's presentation at Code4lib 2010: Vampires
vs. Werewolves: Ending the War Between Developers and Sysadmins with
Puppet and anything else that interests you.

http://vote.code4lib.org/election/index/13

-Ross Bringin' it on home Singer.


Re: [CODE4LIB] calling another webpage within CGI script - solved!

2009-11-24 Thread Graham Stewart

An interesting topic ... heading out to cast vote now.

In our environment, about 6 years ago we informally identified the gap 
(grey area, war, however it is described) between server / network 
managers and developers / Librarians as an obstacle to our end goals and 
have put considerable effort into closing it.  The key efforts being 
communication (more planning, meetings, informal sessions), 
collaboration (no-one is working in a vacuum), and the willingness to 
expand/stretch job descriptions (programmers sometimes participate in 
hardware / OS work and sysadmins will attend interface / application 
planning meetings).  Supportive management helps.


The end result is that sysadmins try as hard as possible to fully 
understand what an application is doing/requires on their 
hardware/networks, and programmers almost never run any applications 
that sysadmins don't know about.


So, SELinux has never been a problem because we know what a server needs 
to do before it ends up in a developer's hands and developers know not 
to pound their heads against the desk for a day before talking to 
sysadmins about something that doesn't work.  Well, for the most part, 
anyway ;-)


-Graham

Ross Singer wrote:

On Tue, Nov 24, 2009 at 11:18 AM, Graham Stewart
graham.stew...@utoronto.ca wrote:

We run many Library / web / database applications on RedHat servers with
SELinux enabled.  Sometimes it takes a bit of investigation and  horsing
around but I haven't yet found a situation where it had to be disabled.
 setsebool and chcon can solve most problems and SELinux is an excellent
enhancement to standard filesystem and ACL security.


Agreed that SELinux is useful but it is a tee-otal pain in the keister
if you're ignorantly working against it because you didn't actually
know it was there.

It's sort of the perfect embodiment between the disconnect between the
developer and the sysadmin.  And, if this sort of tension interests
you, vote for Bess Sadler's presentation at Code4lib 2010: Vampires
vs. Werewolves: Ending the War Between Developers and Sysadmins with
Puppet and anything else that interests you.

http://vote.code4lib.org/election/index/13

-Ross Bringin' it on home Singer.


--
Graham Stewart
Network and Storage Services Manager, Information Technology Services
University of Toronto Library
130 St. George Street
Toronto, Ontariograham.stew...@utoronto.ca
Canada   M5S 1A5Phone: 416-978-6337 | Mobile: 416-550-2806 | 
Fax: 416-978-1668


[CODE4LIB] Job Posting: Director of Information Technology, Rutgers University Libraries, Piscataway, NJ

2009-11-24 Thread Grace J. Agnew
The Director of Information Technology reports to the Associate 
University Librarian for Digital Library Systems. Provides vision, 
leadership, and management of the Integrated Information Systems 
Department, a 14-person department. Is responsible for policies, 
procedures, selection, installation, and management of integrated 
information systems hardware and software, including integrated library 
system software, Windows networking, digital mass storage, servers, 
workstations, and peripherals for a three-campus library system. Leads 
cross-departmental teams in specifying, selecting, purchasing, and 
installing hardware and software to meet the diverse research and 
education needs of the libraries' users-the faculty and staff of Rutgers 
University. Manages the libraries' main computer facility, housing 
systemwide servers and digital mass storage system. Has primary 
responsibility for the design, implementation, and management of the 
libraries' Drupal-enabled website, the SirsiDynix Integrated Library 
System, and the production Fedora repository system. Proposes policy and 
sets procedures for information management, including security and 
maintenance of the libraries' digital information resources. Leads the 
web services team and will provide leadership in a large-scale redesign 
of the website to reflect the user experience. Provides leadership to 
the libraries' preparations for migration to an open library management 
system in the next two years.


Requires a bachelor's degree in computer science, information 
management, or a related field, or an equivalent combination of 
education and/or experience; plus a minimum of eight years relevant 
experience, at least five of which must be in a managerial or 
supervisory capacity in a digital library, library systems, or higher 
education IT, museum, archives or other non-profit cultural heritage 
information environment. Requires demonstrable expertise in web services 
technologies (XML, WSDL, Web 2.0, content management systems); 
demonstrable expertise in storage architectures and management, 
authentication and authorization strategies, and information security; 
and demonstrable expertise in software development methodologies and 
processes, as well as networking architecture and management. Also 
requires project management skills, ability to make desired progress on 
multiple projects simultaneously, excellent written and oral 
communication skills, and leadership abilities. Requires ability to 
represent the libraries in professional conferences and university IT 
committees. Prefer master's degree and experience managing integrated 
library systems. Good working knowledge of SOA (service oriented 
architecture) and experience with grant funded digital library projects 
preferred.


To apply, reference position number 09-000739 via the Rutgers MyATS 
system, available at: http://uhr.rutgers.edu/FindAJob.htm

*

*
--





Grace Agnew
Associate University Librarian for Digital Library Systems
Rutgers, the State University of New Jersey
Library Technical Services Building
47 Davidson Road
Piscataway, NJ 08854-5603

gag...@rci.rutgers.edu
PH: (732) 445-5908
FAX: (732) 445-5888