[CODE4LIB] Drupal security notice - Drupal contrib - Highly Critical - Remote code execution PSA-2016-001

[Cary Gordon]

There is a remote code execution vulnerability that was discovered by the 
Drupal security team. This is, AFAIK, .theoretical at the moment, but it also 
carries a high risk factor for affected sites.

The affected module list, along with updates for those modules will be released 
at 1600 UTC today (9AM PDT/noon EDT). We can expect that exploits will be 
developed and launched within hours of these announcements. In my experience, 
it is likely that other, related module vulnerabilities will be announced in 
the next few days and weeks.

The notice is available at https://www.drupal.org/node/2764899 


If you do not subscribe to the Drupal Security mailing list, now would be a 
good time to start (https://lists.drupal.org/mailman/listinfo/security-news 
). You can also get 
updates on Twitter at https://twitter.com/drupalsecurity 
.

Thanks,

Cary

> 
>  * Advisory ID: DRUPAL-PSA-2016-001
>  * Project: Drupal contributed modules
>  * Version: 7.x
>  * Date: 2016-July-12
>  * Security risk: 22/25 ( Highly Critical)
>AC:None/A:None/CI:All/II:All/E:Theoretical/TD:All [1]
>  * Vulnerability: Arbitrary PHP code execution
> 
>  DESCRIPTION
> -
> 
> There will be multiple releases of Drupal contributed modules on Wednesday
> July 13th 2016 16:00 UTC that will fix highly critical remote code execution
> vulnerabilities (risk scores up to 22/25 [2]). The Drupal Security Team urges
> you to reserve time for module updates at that time because exploits are
> expected to be developed within hours/days. Release announcements will appear
> at the standard announcement locations. [3]
> 
> Drupal core is not affected. Not all sites will be affected. You should
> review the published advisories on July 13th 2016 to see if any modules you
> use are affected.
>  CONTACT AND MORE INFORMATION
> 
> 
> The Drupal security team can be reached at security at drupal.org 
>  or via the
> contact form at https://www.drupal.org/contact 
>  [4].
> 
> Learn more about the Drupal Security team and their policies [5], writing
> secure code for Drupal [6], and  securing your site [7].
> 
> Follow the Drupal Security Team on Twitter at
> https://twitter.com/drupalsecurity  [8]
> 
> 
> [1] https://www.drupal.org/security-team/risk-levels 
> 
> [2] https://www.drupal.org/security-team/risk-levels 
> 
> [3] https://www.drupal.org/security/contrib 
> 
> [4] https://www.drupal.org/contact 
> [5] https://www.drupal.org/security-team 
> 
> [6] https://www.drupal.org/writing-secure-code 
> 
> [7] https://www.drupal.org/security/secure-configuration 
> 
> [8] https://twitter.com/drupalsecurity 
> 

Re: [CODE4LIB] Islandora meet-up at ALA Orlando Friday, June 24 at 4:30 pm

[Cary Gordon]

I will be there. Hope to see everyone from Islandora world!

> On Jun 22, 2016, at 5:05 PM, Cary Gordon <listu...@chillco.com> wrote:
> 
> I will try to make it, but I have a meeting from 4-5PM at the CC.
> 
> I hope that you mean a 15-minute car/ cab ride OR a 25-minute bus ride from 
> the convention center :)
> 
> Cary
> 
>> On Jun 22, 2016, at 12:33 PM, Erin Tripp <e...@discoverygarden.ca> wrote:
>> 
>> Apologies for cross posting.
>> 
>> For Islandora users and those who are interested in Islandora: 
>> 
>> I propose and informal Islandora meet-up at the Coral Reef Bar & Grill 
>> located at Hilton Grand Vacations at Seaworld, 6924 Grand Vacations Way, 
>> Orlando, Florida, 32821, USA on Friday, June 24 from 4:30 -5:30 pm EDT. All 
>> are welcome. Invite anyone you like.  
>> 
>> I was hoping to find something walkable, but this is my first time to 
>> Orlando and am learning quickly that walkable isn't a thing. For Google map 
>> directions from the convention center to the bar see the Map link below1.   
>> It looks to be a 15-minute car/ cab ride and a 25-minute bus ride from the 
>> convention center. 
>> 
>> I'm unable to make a reservation; however, I'm told there will be lots of 
>> room for us if we arrive between 4-4:30 pm Friday. 
>> 
>> For those of you who can't make it on Friday, I look forward to meeting you 
>> on Saturday at 10:30 am after my Harvesting Repositories: DPLA, Europeana, & 
>> Other Case Studies session. 
>> 
>> Very best, ~ Erin Tripp 
>> 
>> 1: MAP: 
>> https://www.google.ca/maps/dir/Orange+County+Convention+Center+-+North+Concourse,+Universal+Boulevard,+Orlando,+FL,+United+States/6924+Grand+Vacations+Way,+Orlando,+FL+32821,+USA/@28.4194055,-81.4755155,14z/data=!3m1!4b1!4m18!4m17!1m5!1m1!1s0x88e77e463b79f35f:0x890f8122e661e214!2m2!1d-81.4621585!2d28.4297133!1m5!1m1!1s0x88e77e2a86067b0f:0xeaee024c2cbfb68!2m2!1d-81.4686949!2d28.4058143!2m3!6e0!7e2!8j1466784420!3e0.
> 

Re: [CODE4LIB] Islandora meet-up at ALA Orlando Friday, June 24 at 4:30 pm

[Cary Gordon]

I will try to make it, but I have a meeting from 4-5PM at the CC.

I hope that you mean a 15-minute car/ cab ride OR a 25-minute bus ride from the 
convention center :)

Cary

> On Jun 22, 2016, at 12:33 PM, Erin Tripp  wrote:
> 
> Apologies for cross posting.
> 
> For Islandora users and those who are interested in Islandora: 
> 
> I propose and informal Islandora meet-up at the Coral Reef Bar & Grill 
> located at Hilton Grand Vacations at Seaworld, 6924 Grand Vacations Way, 
> Orlando, Florida, 32821, USA on Friday, June 24 from 4:30 -5:30 pm EDT. All 
> are welcome. Invite anyone you like.  
> 
> I was hoping to find something walkable, but this is my first time to Orlando 
> and am learning quickly that walkable isn't a thing. For Google map 
> directions from the convention center to the bar see the Map link below1.   
> It looks to be a 15-minute car/ cab ride and a 25-minute bus ride from the 
> convention center. 
> 
> I'm unable to make a reservation; however, I'm told there will be lots of 
> room for us if we arrive between 4-4:30 pm Friday. 
> 
> For those of you who can't make it on Friday, I look forward to meeting you 
> on Saturday at 10:30 am after my Harvesting Repositories: DPLA, Europeana, & 
> Other Case Studies session. 
> 
> Very best, ~ Erin Tripp 
> 
> 1: MAP: 
> https://www.google.ca/maps/dir/Orange+County+Convention+Center+-+North+Concourse,+Universal+Boulevard,+Orlando,+FL,+United+States/6924+Grand+Vacations+Way,+Orlando,+FL+32821,+USA/@28.4194055,-81.4755155,14z/data=!3m1!4b1!4m18!4m17!1m5!1m1!1s0x88e77e463b79f35f:0x890f8122e661e214!2m2!1d-81.4621585!2d28.4297133!1m5!1m1!1s0x88e77e2a86067b0f:0xeaee024c2cbfb68!2m2!1d-81.4686949!2d28.4058143!2m3!6e0!7e2!8j1466784420!3e0.

Re: [CODE4LIB] Formalizing Code4Lib?

[Cary Gordon]

I could be a resource for this conversation. I have been slow to jump into this 
conversation, as I have been involved in many past discussions on this topic, 
to no end.

I was deeply involved in the organizing of DrupalCons and the formation and 
governance of the Drupal Association. I don’t propose the DA or DrupalCon as a 
model or template for c4l or the con, but my peculiar skill set — I produced 
over 1,800 live events in a previous job/lifetime, may be of use.

Cary

> On Jun 14, 2016, at 3:51 PM, Beatrice Pulliam  wrote:
> 
> I have some experience being on the fiscal agent side of an MOU arrangement 
> and hammering those out, and would like to help.
> 
> Beatrice
> 
> Sent from my iPhone
> 
>> On Jun 14, 2016, at 4:42 PM, Eric Lease Morgan  wrote:
>> 
>>> On Jun 14, 2016, at 8:01 PM, Coral Sheldon-Hess  
>>> wrote:
>>> 
>>> Now, there kind of is. By my count, we have 4 volunteers. Chad, Tom, Galen,
>>> and me. Anyone else?
>> 
>> Coral, please sign me up. I’d like to learn more. —Eric Lease Morgan

Re: [CODE4LIB] Consortial services

[Cary Gordon]

Marmot in Colorado offers Pika, their flavor of VuFind, and I believe that they 
are offering or will offer Islandora.

There is also an academic Islandora consortia called the Islandora Consortia 
Group >

Thanks,

Cary

> On May 24, 2016, at 4:59 PM, McAulay, Lisa  wrote:
> 
> Hi Bill,
> 
> Lyrasis does Islandora hosting I know, and possibly more. The UC system has a 
> shared Digital Asset Management System as well as a shared finding aid 
> publishing service, the latter serves all of California.
> 
> Hope that helps!
> 
> Best,
> Lisa
> 
>> On May 24, 2016, at 4:46 PM, Ingram, William A  wrote:
>> 
>> Hi all, 
>> 
>> I am trying to get a sense of the extent to which non-OPAC systems are being 
>> run by consortia. We know that OPACs have sometimes moved to consortial 
>> management (e.g., CARLI, WRLC), but what what about publishing platforms 
>> (e.g., OJS), repository platforms (e.g., DSpace, Fedora), or other digital 
>> library systems (e.g., Omeka, Archon)? Does anyone have a sense of the 
>> degree to which these non-OPAC systems are being run by consortia?
>> 
>> The one I'm aware of is TDL, which I believe offers DSpace, Vireo ETD, and 
>> OJS (but not OPAC, surprisingly). Are there others?  
>> 
>> Thanks much, 
>> Bill 
>> 
>> 
>> --  
>> Bill Ingram  
>> Manager, Scholarly Communication and Repository Services  
>> University of Illinois at Urbana-Champaign Library  
>> 450-W Library, MC 522  
>> 1408 W Gregory Drive  
>> Urbana, IL 61801 USA  
>> 
>> (217) 333-4648  
>> wingr...@illinois.edu  
>> http://orcid.org/-0002-8307-8844  
>> 
>> 
>> 

Re: [CODE4LIB] Back-of-house software

[Cary Gordon]

There was someone in the Drupal in Libraries BoF today at DrupalCon who 
mentioned it. But who?

Cary

> On May 11, 2016, at 10:12 AM, Charlie Morris  wrote:
> 
> I wonder if anyone out there is using RedHen (
> https://www.drupal.org/project/redhen). I've always been curious about it.
> 
> On Wed, May 11, 2016 at 11:01 AM, Mike Smorul  wrote:
> 
>> I'll put up a vote for redmine. We use it w/ a few commercial plugins from
>> redminecrm (helpdesk, crm, and ticket-checklists) to handle most of our
>> internal procedures and process documentation. Specifically its positioned
>> to handle the following:
>> 
>> * Internal infrastructure changelogs (tickets) and documentation (wiki)
>> * Helpdesk response
>> * Order tracking.
>> * Internal/organization wiki.
>> * Individual project progress, documentation and issue tracking.
>> 
>> One feature we make heavy use of is nesting projects to allows us to both
>> segment work and still see an overview of what's going on w/in a
>> department.
>> 
>> There are a few things we don't use it for:
>> * code browsing - handled by github or an internal gitlab server
>> * office document storage - handled internally via file-share or sharepoint
>> * public project websites - either main drupal or ghpages
>> 
>> On Wed, May 11, 2016 at 9:46 AM, Erin White  wrote:
>> 
>>> Following this thread closely to see what y'all use.
>>> 
>>> We evaluated our institution's IT support desk software and found the
>>> interface pretty hostile to problem-submitters. Instead we've stuck with
>>> our own in-house problem reporting system that has a much simpler user
>>> interface. It meets many business needs but doesn't integrate with our
>>> other systems (documentation, etc.) and our software development
>> workflow.
>>> So we have some things we could be doing much better.
>>> 
>>> --
>>> Erin White
>>> Web Systems Librarian, VCU Libraries
>>> (804) 827-3552 | erwh...@vcu.edu | www.library.vcu.edu
>>> 
>>> On Wed, May 11, 2016 at 3:48 AM, Ben Companjen <
>> ben.compan...@dans.knaw.nl
 
>>> wrote:
>>> 
 Hi Stuart,
 
 First thought (or what should have been my first thought): what
>>> problem(s)
 are you trying to solve?
 I sometime wish I had software that is better geared for service
 management (including incident management, CRM and documentation), but
>> in
 our small organisation with three main services it has already been
>>> helpful
 to structure the information differently and get it together in
>>> well-known
 places. For the Dataverse service that I'm managing we use Google
 Drive/Docs, ownCloud and JIRA.
 
 Incident and service request management is the most important
 process/business function that I think would benefit from software
>>> support.
 Emails, tasks and notes in various places aren't enough anymore to keep
 track of problems and questions. JIRA helps a little, but not all
>>> requests
 relate to software problems and I don't want to use it for every
 simple-to-answer question.
 
 Have you asked your institution's IT service desk for suggestions? They
 might be able to support when you choose the same software. Our IT uses
>>> RT
 and seems happy with it. I'm hoping to get a queue for
>> Dataverse-related
 requests in their system.
 
 Hope this helps.
 
 Ben
 
 
 
 
 On 10-05-16 23:42, "Code for Libraries on behalf of Stuart A. Yeates" <
 CODE4LIB@LISTSERV.ND.EDU on behalf of syea...@gmail.com> wrote:
 
> I’m looking for recommendations for software to run our much of our
> academic library back-of-house business-as-usual work. Things like
 incident
> management, CRM, documentation management, etc across three tiers of
> support.
> 
> We’re looking for something more structured than a mediawiki wiki
>> (which
> we’ve got) and probably less structured than full-blown ITIL. We’re
>>> happy
> with open source or proprietary,  self-hosted or cloud solution, but
>>> we’re
> not happy to pay the kinds of money that Alemba (formerly VMWare) are
> asking for vFire Core (formerly VMware Service Manager).
> 
> We have library management system (ALMA), a discovery system (PRIMO),
>> a
> website (httpd, drupal), a proxy (EZproxy) and a copyright management
> system (Talis Aspire). Our institution provides us with user
>> management,
> physical access management, VM host, email and physical
>> infrastructure.
> 
> Thoughts?
> 
> --
> ...let us be heard from red core to black sky
 
>>> 
>> 

Re: [CODE4LIB] using drupal for a document repository

[Cary Gordon]

You can build a peachy document repository in Drupal. This will work fine if 
you have a small collection, say less than 10k items.

The issue is that it won’t scale. As a Drupal fanboy, I would love to see an 
all Drupal solution work, but, at least at this point, it doesn't.

We work with Islandora, which puts a Drupal front-end on Fedora. OOTB, 
Islandora is weighted towards the Fedora side, but the community has been 
working to move the balance to do more in Drupal. This will be easier once 
Islandora completes its move to Fedora 4.

FWIW, we offer Islandora in a hosted and fully supported service package that 
we call LibraryDAMS.

Thanks,

Cary

> On May 5, 2016, at 2:15 PM, Kelsey Williamson  
> wrote:
> 
> Hi code4lib,
> I was hoping to get some input on this. My small, scrappy institution is
> considering using drupal as a repository, primarily via the Biblio module.
> 
> Obviously this is not ideal, but for reasons I won't get into, our tech
> environment won't support ePrints or dspace, and hosted services are not an
> option either. We do not really have the level of technical expertise
> required to support any fedora-based applications, and cannot hire any
> additional support. There's a chance existing staff could stretch to get
> there, but it would not be a pretty process.
> 
> With all that said, do any red flags come to mind? I looked through both
> code4lib and drupal4lib listserv archives and poked around google, but
> didn't find much evidence of anyone else using drupal in this way. Seems
> suspicious. While my gut tells me it's a bad idea (metadata! standards!
> preservation!), I'm having trouble articulating this to my group in a way
> that sticks, because using Biblio would be easy. I would appreciate hearing
> any other thoughts or opinions on this.
> 
> Thanks!
> Kelsey

Re: [CODE4LIB] using drupal for a document repository

[Cary Gordon]

To be clear, Hydra-in-a-box is in the planning stage at this point, and has not 
AFAIK, begun development. While planning to offer a much friendlier install 
than earlier incarnations of Hydra, is still a Fedora-based solution, and won’t 
come with a Fedora-expert-in-the-box. It will address metadata management 
issues, but exactly how that will happen is not yet defined.

The good news is that both Islandora, the tool I work with, and Hydra will be 
moving to Fedora 4, and that will make them both easier to use in many 
respects. In fact, they should become interoperable.

Thanks,

Cary




> On May 5, 2016, at 2:38 PM, Kerchner, Daniel  wrote:
> 
> Although you might not have the level of technical expertise required to
> support Fedora-based applications in their current incarnations, you might
> want to keep an eye on progress on the Hydra-In-A-Box project.
> Hydra-In-A-Box is meant to provide the benefits of Hydra but would actually
> be easy to install (i.e. not requiring a software developer on staff)
> and/or can be used as a hosted solution.  I think a major driver is to
> provide a solution that is just as much an option for "small, scrappy
> institutions" :)
> 
> http://hydrainabox.projecthydra.org/
> 
> - Dan
> 
> 
> 
> 
> 
> 
> 
> *Dan KerchnerSenior Software Developer, Scholarly Technology GroupThe
> George Washington University LibrariesGelman Library2130 H Street,
> NWWashington, DC 20052kerch...@gwu.edu *
> 
> 
> On Thu, May 5, 2016 at 5:15 PM, Kelsey Williamson <
> kelseyfayesaw...@gmail.com> wrote:
> 
>> Hi code4lib,
>> I was hoping to get some input on this. My small, scrappy institution is
>> considering using drupal as a repository, primarily via the Biblio module.
>> 
>> Obviously this is not ideal, but for reasons I won't get into, our tech
>> environment won't support ePrints or dspace, and hosted services are not an
>> option either. We do not really have the level of technical expertise
>> required to support any fedora-based applications, and cannot hire any
>> additional support. There's a chance existing staff could stretch to get
>> there, but it would not be a pretty process.
>> 
>> With all that said, do any red flags come to mind? I looked through both
>> code4lib and drupal4lib listserv archives and poked around google, but
>> didn't find much evidence of anyone else using drupal in this way. Seems
>> suspicious. While my gut tells me it's a bad idea (metadata! standards!
>> preservation!), I'm having trouble articulating this to my group in a way
>> that sticks, because using Biblio would be easy. I would appreciate hearing
>> any other thoughts or opinions on this.
>> 
>> Thanks!
>> Kelsey
>> 

Re: [CODE4LIB] OCR recommendations?

[Cary Gordon]

We use and like Tesseract, as well.

Cary

> On Apr 18, 2016, at 8:29 AM, Stefano Bargioni  wrote:
> 
> FYI, tesseract works with many languages, and more than one at the same time.
> From [1]:
> 
> -l lang
> 
>The language to use. If none is specified, English is assumed.
>Multiple languages may be specified, separated by plus characters.
>Tesseract uses 3-character ISO 639-2 language codes. (See
>LANGUAGES)
> 
> Additional languages must be installed manually, if I'm not wrong.
> 
> Stefano
> 
> [1] http://manpages.ubuntu.com/manpages/xenial/en/man1/tesseract.1.html
> 
>> On 18 apr 2016, at 16:51, Rachel Gravel  wrote:
>> 
>> Greetings,
>> 
>> Might anyone have some recommendations on good OCR software that is either
>> relatively cheap or free? We're looking to OCR some files for a digital
>> collection (platform still to be determined...) and wonder if there's a
>> more robust tool than Acrobat Pro that won't cost an arm and a leg.
>> 
>> Many thanks in advance for your expertise!
>> 
>> Cheers,
>> Rachel
>> 
>> -- 
>> rachel.gra...@gmail.com
>> (617)870-4179
>> www.linkedin.com/pub/rachel-gravel/4/318/908
>> 

Re: [CODE4LIB] Good Database Software for a Digital Project?

[Cary Gordon]

We use MySQL and now mostly Maria. While I agree that PostgeSQL might be
technically advantageous in some ways, its ubiquity and the easy
availability of many free and paid support options make it a great choice.

That said, I think you should examine and explore the possibilities offered
by Solr or Elastisearch. Those would likely by my tools of choice for your
scenario.

Of course, I would probably wrap this in Drupal either way ;)

Cary

On Friday, April 15, 2016, Adam Constabaris <adam_constaba...@ncsu.edu>
wrote:

> Hi Matt,
>
> It's very hard to provide a responsible recommendation without further
> details, so this is just going to be a quick overview of *relational
> database* options.  It might be that some of the other recommendations fit
> your needs better.  For example, if your users aren't at ease with SQL,
> Solr or ElasticSearch might be better..
>
> Consider SQLite.  It's nearly everywhere (public domain, embedded in tons
> of things).  There's a Firefox extension that will let you work with it
> through the browser if you don't want to do things from the command line.
> SQLite isn't a multi user server, it's more a file format.  The database is
> a single file that you can ship around.  You can build a 'self contained'
> web application on top of it, which can make deployment much easier.
>
> As befits its nature, it's a bit loose with data types (e.g. you can insert
> strings into numeric column types).  But there's a lot to be said in its
> favour.
>
> MySQL (or MariaDB) are reasonable choices,  It does a lot of things very
> well, and it's very easy to get started with, and lots of documentation.
> You will need to pay attention if your data is multilingual and/or
> "non-Latin".
>
> I will second the suggestion to look at PostgreSQL: it's almost as
> available as MySQL, and tends to adhere closer to SQL standards than MySQL
> (e.g. window functions), and it's fast, and its data storage model makes
> for some nice features (e.g. you can update a table's structure while
> others are querying it, which is great for availability).  It supports
> "foreign data wrappers" which let you query other data sources in
> PostgresSQL (https://wiki.postgresql.org/wiki/Foreign_data_wrappers)
>
> It's worth mentioning that recent versions of PostgreSQL have a JSON column
> type (and the most recent versions support functions that let you query
> inside JSON-valued columns).  For some time, it has supported functional
> indexes:
> http://www.postgresql.org/docs/9.1/static/indexes-expressional.html
>
>
> These two features together mean you can index 'into' a JSON-valued column
> to get fast searching over more loosely structured data, so these versions
> of PostgreSQL also give you many of the advantages touted for NoSQL systems
> while still giving you a standardized query language and traditional ACID
> "guarantees."
>
> HTH,
>
> AC
>
>
>
> On Fri, Apr 15, 2016 at 2:18 PM, Matt Sherman <matt.r.sher...@gmail.com
> <javascript:;>>
> wrote:
>
> > Hi all,
> >
> > I am looking to pick the group brain as to what might be the most useful
> > database software for a digital project I am collaborating on.  We are
> > working on converting an annotated bibliography to a searchable database.
> > While I have the data in a few structured formats, we need to figure out
> > now what to actually put it in so that it can be queried.  My default
> line
> > of thinking is to try a MySQL since it is free and used ubiquitously
> > online, but I wanted to see if there were any other database or software
> > systems that we should also consider before investing a lot of time in
> one
> > approach.  Any advice and suggestions would be appreciated.
> >
> > Matt Sherman
> >
>


-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] Islandora & Vagrant - Development use only?

[Cary Gordon]

I disagree with the statement that "Vagrant is not a good idea for production.” 
Vagrant is a terrible idea for production, and it is not designed for that.

We use Ansible to build Islandora, and, after three years of talking about it 
we are starting to use it with Docker. We are an AWS shop, so we use Docker 
with AWS elastic container service, which could come in handy if one of your 
archives gets slashdotted.

Cary

> On Apr 6, 2016, at 8:53 AM, Chris Fitzpatrick  wrote:
> 
> Vagrant is not a good idea for production. It's really for people to work
> against a copy of the production environment.
> Like you can use Vagrant, then update a ansible or puppet or chef script
> then deploy that to yr VM.
> Hashicorp is making something called Otto which is supposed to replace
> Vagrant for end-to-end deployments like this, but that's in alpha now.
> 
> Vagrant isn't  like virtualenv at all. Virtualenv is a way to maintain
> Python dependencies by mucking around with some environment variables. It's
> more like Ruby's bundler.
> 
> It's kinda more like Docker. Docker makes linux containers. Nobody knows
> what those are, but they work great.
> 
> I've seen Vagrant used in production and it supposedly worked well but the
> guy who set it up left and things went bad. It wasn't a performance issue,
> it's just really hard for the replacement to figure out what's going on.
> Use Vagrant with Ansible/Puppet/Chef. Or use Docker. Or use all of that,
> for the win.
> 
> 
> 
> On Wed, Apr 6, 2016 at 3:55 PM, Francis Kayiwa  wrote:
> 
>> On 4/6/16 9:49 AM, Annamarie C Klose wrote:
>> 
>>> Hi, all,
>>> 
>>> Can anyone provide a technical explanation as to why it is not
>>> appropriate to install Islandora on a public server with Vagrant? Despite
>>> all the documentation instructing that Vagrant is for development only, my
>>> university's IT department thinks Vagrant makes Islandora more secure for
>>> production use. They have also stated "Vagrant is used to keep dependencies
>>> separate on machines in the same way Pythons Virtualenv or Ruby's Docker
>>> is." Unfortunately, secure networking is outside of my expertise. I'm
>>> concerned that Vagrant's virtualization is a poor substitute for the real
>>> thing. Before I add hundreds of records to Islandora, I'd like to make sure
>>> that I'm building my library's digital collections on a steady foundation.
>>> Any advice and/or explanations to give IT is welcome.
>>> 
>> 
>> 
>> If we agree  that your University IT are the Operations people find the
>> nicest way to tell them how the developers of Vagrant view the tool below
>> 
>> https://www.vagrantup.com/docs/why-vagrant/
>> 
>> Specifically. "...If you are an operations engineer, Vagrant gives you a
>> disposable environment and consistent workflow for developing and testing
>> infrastructure management scripts..."
>> 
>> You are also correct in being wary about having a production application
>> running on Vagrant. A part of me wants to test that just for laughs, but it
>> will be painful to set up for them and the performance will horrible for
>> you.
>> 
>> Cheers,
>> ./fxk
>> 
>> --
>> "Anyone attempting to generate random numbers by deterministic means is,
>> of course, living in a state of sin."
>> -- John Von Neumann
>> 

Re: [CODE4LIB] Internet of Things

[Cary Gordon]

Dre++

OMG, I am so disconnecting my Aibo from the internet.

I love the Compuserve of things… 
http://www.windley.com/archives/2014/04/the_compuserve_of_things.shtml

Cary


> On Mar 31, 2016, at 6:40 AM, Andreas Orphanides  wrote:
> 
> I'm not a technofuturist of any sort, so maybe I'm the wrong person to be
> commenting on IoT (or maybe I'm exactly the right person)... but stuff in
> IoT land is going to get utterly horrible before it gets good. I'd argue
> that it might already be horrible, but it just doesn't have the penetration
> to be fully recognized.
> 
> Object lessons:
> 
>   - Your Jeep can be hacked so that someone can remotely disable the
>   brakes, thanks to crappy wifi. [1]
>   - Your smart refrigerator leaks your gmail credentials. [2]
>   - Your lightbulbs expose you to drive-by packet sniffing. [3]
>   - Your internet-enabled wine decanter requires you to use
>   vendor-provided wine bottle cartridges [4]
> 
> There's a number of overlapping problems here
> 
>   - the "Compuserve of Things" issue [5], where every eager vendor is
>   going to try to lock users out of competitors' products [6]
>   - the expansion of this problem, which is that corporations will be
>   tempted to use the power of embedded computing to maximize profit [7]
>   - a more general "Internet of Sh*t" problem [8], where the security
>   ramifications of network-enabling devices is not fully realized and exposes
>   users to all kinds of horrors. (As someone aptly put it: open network ports
>   are like mucous membranes -- important for certain functions, but you don't
>   want more of them exposed than necessary.)
> 
> Now all of these problems can be solved, but I am not convinced that they
> will, unless and until things get particularly nasty: specifically, the
> commercial enterprises doing IoT stuff don't have a motive to make things
> better until it starts actually costing them money.
> 
> What can libraries do about this? I don't know. Pushing for open standards
> helps. Implementing open standards helps. Practicing good security in IoT
> certainly helps. I do think that "Just because you can, it doesn't mean you
> should" is not a bad starting point, especially if we model stepping
> through the right risk analyses and security practices as we develop IoT in
> libraries.
> 
> For now, I prefer to stick with Adama's Law: "If it can kill you, don't
> connect it to the network."
> 
> 
> [1] http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
> [2] http://www.theregister.co.uk/2015/08/24/smart_fridge_security_fubar/
> [3]
> http://arstechnica.com/security/2014/07/crypto-weakness-in-smart-led-lightbulbs-exposes-wi-fi-passwords/
> [4]
> http://www.independent.co.uk/life-style/gadgets-and-tech/news/kuvee-smart-wine-bottle-screen-internet-indiegogo-a6958751.html
> [5] http://www.windley.com/archives/2014/04/the_compuserve_of_things.shtml
> [6] http://www.digitaltrends.com/home/philips-hue-bridge-firmware-update/
> [7] http://ieet.org/index.php/IEET/more/rinesi20150925
> [8] https://twitter.com/internetofshit?lang=en
> 
> On Thu, Mar 31, 2016 at 8:29 AM, Andrew Anderson  wrote:
> 
>> For those who were not previously aware of IoT, here’s a primer focused
>> specifically on the library space:
>> 
>> 
>> https://www.oclc.org/publications/nextspace/articles/issue24/librariesandtheinternetofthings.en.html
>> 
>> IMHO this is still a very young concept, and not even fully imagined yet,
>> so there is no reason to feel like you’ve missed the boat, when the ship
>> hasn’t even reached the dock yet.
>> 
>> --
>> Andrew Anderson, President & CEO, Library and Information Resources
>> Network, Inc.
>> http://www.lirn.net/ | http://www.twitter.com/LIRNnotes |
>> http://www.facebook.com/LIRNnotes
>> 
>> On Mar 30, 2016, at 22:16, Lesli M  wrote:
>> 
>>> I feel compelled to pipe up about the comment "Very sad that a librarian
>> didn't know what it was."
>>> 
>>> Librarians come in all flavors and varieties. Until I worked in a
>> medical library, I had no idea what a systematic review was. I had no idea
>> there was a variety of librarian called "clinical librarian."
>>> 
>>> Do you know the hot new interest for law libraries? Medical libraries?
>> Science libraries?
>>> 
>>> The IoT is a specific area of interest. Just like every other special
>> interest out there.
>>> 
>>> Is it really justified to expect all librarians of all flavors and
>> varieties to know this very tech-ish thing called IoT?
>>> 
>>> Lesli
>> 

Re: [CODE4LIB] code4lib mailing list

[Cary Gordon]

You can get enough server for this from AWS for $5-10/mo.

Cary

> On Mar 24, 2016, at 1:13 PM, Thomas Krichel  wrote:
> 
>  Paul Hoffman writes
> 
>> If you're interested, Eric, I have some experience with Mailman (though 
>> not with Listserv) and would be happy if I can -- I have some scripts to 
>> do bulk operations (add or remove subscribers, etc.) and could also help 
>> to migrate the list archive.
> 
>  I find that this is the most important contribution I have seen here
>  in this thread.
> 
>  I have run Mailman over ten years for NEP
> 
> http://nep.repec.org
> 
>  I am also running it for NYLUG
> 
> http://mail.nylug.org/mailman/listinfo
> 
>  It's not just a case of running a box that has Mailman on it.  It's
>  also important to have an infrastructure that sends bulk email and
>  that is not landing up in spam filters. And it's a matter of
>  spam filtering on the list email sending box. The NEP server has a
>  sender score
> 
> https://www.senderscore.org/
> 
>  score of 99/100 last time I looked but you don't get there instantaneously.
> 
>  You also need a hoster that is email friendly.
> 
>  So the list of tasks as I see it is
> 
> 1. Find a sponsor for a dedicated root server, have them pay for the
>   server.  You can get a server for about $50 a month.
> 
> 2. Decide on a domain and set up access for server admin
>   to domain records, including SPF and DKIM.
> 
> 3. Set up the server with linux.
> 
> 4. Set email software (exim or postfix or ...) and mailman or sympa, as
>   well as say spam assassin. 
> 
> 5. Migrate members and email archives.
> 
>  For somebody who knows what (s)he is doing 2-4 is not a big deal
>  but it needs a few hours of work and a commitment to some maintenance.
>  5 is the job that dwarfs everything else. But if Paul is volunteering
>  (or could be sponsored) to lead that forward then you have a realistic
>  case to run it on a community and open-source base. 
> 
> -- 
> 
>  Cheers,
> 
>  Thomas Krichel  http://openlib.org/home/krichel
>  skype:thomaskrichel

Re: [CODE4LIB] code4lib mailing list

[Cary Gordon]

Hi Eric,

I also prefer option 2.

While I think that this is best hosted at an academic institution, if that 
doesn’t pan out I can provide a server for it (CentOS-ish or Ubuntu). 

Thanks,

Cary

I would rather not get involved with the software.
> On Mar 24, 2016, at 2:29 AM, Eric Lease Morgan  wrote:
> 
> Alas, the Code4Lib mailing list software will most likely need to be migrated 
> before the end of summer, and I’m proposing a number possible options for the 
> lists continued existence. 
> 
> I have been managing the Code4Lib mailing list since its inception about 
> twelve years ago. This work has been both a privilege and an honor. The list 
> itself runs on top of the venerable LISTSERV application and is hosted by the 
> University of Notre Dame. The list includes about 3,500 subscribers, and 
> traffic very very rarely gets over fifty messages a day. But alas, University 
> support for LISTSERV is going away, and I believe the University wants to 
> migrate the whole kit and caboodle to Google Groups.
> 
> Personally, I don’t like the idea of Code4Lib moving to Google Groups. Google 
> knows enough about me (us), and I don’t feel the need for them to know more. 
> Sure, moving to Google Groups includes a large convenience factor, but it 
> also means we have less control over our own computing environment, let alone 
> our data.
> 
> So, what do we (I) do? I see three options:
> 
>  0. Let the mailing list die — Not really an option, in my opinion
>  1. Use Google Groups - Feasible, (probably) reliable, but with less control
>  2. Host it ourselves - More difficult, more responsibility, all but absolute 
> control
> 
> Again, personally, I like Option #2, and I would probably be willing to host 
> the list on my one of my computers, (and after a bit of DNS trickery) 
> complete with a code4lib.org domain.
> 
> What do y’all think? If we go with Option #2, then where might we host the 
> list, who might do the work, and what software might we use?
> 
> —
> Eric Lease Morgan
> Artist- And Librarian-At-Large

Re: [CODE4LIB] reearch project about feeling stupid in professional communication

[Cary Gordon]

I apologize for not taking this off list quite yet.

The last post had me both laughing and crying, and I believe that you are quite 
accurate in your characterization of many open-source projects.

It reminded me of my freshman “honors” calculus class, which was taught by by a 
full professor with the social skills of an anteater. The book was a grad-level 
calculus review translated word-by-word from French with not even the slightest 
acknowledgement of the concept of grammar in either language. One day, my 
friend went to see the prof to ask for an explanation of one of his 
incomprehensible lectures. He replied by stating that “If you can’t understand 
it, I can’t see how I can help you!” Not unsurprisingly, everyone who had taken 
calc in high school got a B in the class, and everyone else from this group who 
had probably carried close to 4.0 averages in high school got a D.

In that case, I believe the prof was simply trying to get the message to his 
bosses that he hated teaching. I don’t think that the issues with some 
open-source projects are far off of this.

While there are certainly folks in the “If you can’t understand it, I can’t see 
how I can help you!”/“Cary, you ignorant fool" class, my experience is that 
there are many folks in the open-source community — even ones who work on 
projects with less-than-helpful documentation — who will go to great lengths to 
help folks get on track. I know that I have been the recipient of such help on 
many occasions, and that my asking for help has occasionally led to 
improvements in their misleading or incomplete documentation.


> On Mar 21, 2016, at 12:33 PM, Julie Swierczek  
> wrote:
> 
> Just to clarify: I wasn't talking about this list only.  I am particularly 
> interested in lists related to libraries/archives/museums and technology, but 
> I am also interested in hearing other examples, and about how we have 
> interpreted those examples.  (Tell me a story about it!)  I think that one of 
> the things I'll present or write about are cases where it is not necessarily 
> obvious that a person is belittled by a response.   That is, in reply to a 
> question, a responder says one thing, but what the original questioner heard 
> was "you are too stupid to play with us". 
> 
> Some obvious flame wars involve accusations of stupidity, but I am especially 
> interested in the much more subtle cases where readers might feel stupid even 
> if that is not the author's intent.
> 
> One example that comes to mind is when a group announces that they are 
> releasing a new open source project for institutions of "all sizes" to make 
> it easier for libraries to do this fabulous thing.  So Person X, who is not 
> completely inept with computers, goes to the project site and the 
> instructions are something like this:
> 
> 1. We are not going to tell you which server architecture this works on 
> because you clearly should be smart enough to figure that out.
> 2. Download this package.
> 3. Compile the package.  
> 4. Obviously there are 300 dependencies, but we are not going to tell you 
> what they are. Any decent institution would have them installed already.
> 5. Change system configurations to serve local needs.  We're not going to 
> tell you what that means or how to do it.
> 6. Use the API from your ILS to feed in this data. If your current API 
> doesn't work, please write one according to the specs on some other project 
> you've never heard of.  Note that the documentation of that other project 
> hasn't been updated in eleven years, but you'll figure it out. What? Your 
> library catalog doesn't have an API?!?!?!  You must be joking.  *Everyone* 
> has an API. 
> 7. Earn a PhD in computer science.
> 8. Change your entire server environment including reinstalling your ILS on 
> some other platform, breaking everything and requiring tens of thousands of 
> dollars in development work to put all the pieces back together again.
> 9. Type the following commands in the command line.  Note that they look like 
> a SHA-256 hash, but they are actually really simple commands that everyone 
> should know.
> 10. Voila!  it works.
> addendum: We did not include any help instructions. You can just read the 
> code if you need to figure something out.
> 
> The group offering the program probably does not intend for their directions 
> to come across this way, but that is what sometimes happens, and Person X now 
> feels like an idiot and doesn't want to participate anymore.   
> 
> So, I am looking for something more subtle here than the obvious mudslinging 
> you can find in most tech forums.  As to the question of whether that happens 
> here or not, I would generally say no, except that I - and most likely all 
> readers here - have not read every single message of the list archives, word 
> for word, so something could have passed our notice.  There have most likely 
> been multiple instances where someone asked a question 

Re: [CODE4LIB] reearch project about feeling stupid in professional communication

[Cary Gordon]

I might have rose colored glasses, but I don’t see much of that in this forum. 
I can’t remember the last flame war. Most folks just answer the questions as 
best they can.

I think that you should present your sanitized results here. Perhaps we are 
missing something.

Cary

> On Mar 18, 2016, at 5:36 AM, Swierczek, Julie  
> wrote:
> 
> Hello all,
> 
> Following earlier discussions about the fear of looking stupid in public, 
> I've decided my unofficial research project for the year is to look into ways 
> that communication (especially on professional listservs) might provide 
> grounds for that fear.  I think this might be something especially relevant 
> in tech circles.
> 
> I would like to ask you if you have any examples of listserv communication 
> where you felt that one person was trying to belittle another person, 
> particularly about their knowledge of a given subject in their field.  Best 
> of all would be if you could point me to the conversation in a public 
> listserv archive so that I could read more of the thread.  However, I am also 
> perfectly happy with you quoting the message or even just telling me about 
> it.   I would also appreciate any explanation you could provide about why you 
> see it as a case of someone belittling someone else.  (I ask that for two 
> reasons: 1) it may not be obvious to me because I am not part of that group 
> and I don't know how things normally work in it, such as ongoing flame wars, 
> etc., and 2) I'd also be interested in gathering people's feedback and 
> interpretations of the bad behavior they have seen.)
> 
> An example would be someone saying, "You should know x, y, and z" in response 
> to someone who identifies as a newbie and has a very basic question.  The 
> newbie is asking for help and someone else essentially calls them stupid for 
> not knowing about the topic.
> 
> I promise to keep all posts confidential, as well as your communications to 
> me about them.  (If I publicized any of that information, I would myself be 
> publicly shaming people for being stupid, and that is the opposite of what I 
> am trying to accomplish here.)  I intend to anonymize feedback, removing 
> information about people, topics, the particular listserv, etc.
> 
> To avoid spamming the list with this project, please send your response to 
> juliecswierc...@gmail.com.  Also, if you 
> are interested in the project, please communicate with me through that email 
> address, since I feel this is off-topic for the list.
> 
> Thanks very much.
> 
> Julie
> 
> --
> 
> Julie C. Swierczek
> Digital Asset Manager and Archivist
> 
> Harvard Art Museums
> 32 Quincy Street, Cambridge, MA 02138
> www.harvardartmuseums.org

Re: [CODE4LIB] Drupal 8 Library Extensions

[Cary Gordon]

Hi David,

What do you mean by "Drupal extensions designed for libraries”? Drupal 8 is one 
month into release, and there are no library-specific modules that I know of. 
Many of the the Drupal 7 modules that are popular in the library world (and 
everywhere else) such as the awesome webform module, aren’t in general release, 
yet.

We build a lot of Drupal websites for libraries, and we do not expect to be 
creating any general library sites in Drupal 8 until later this year. Drupal 7 
will be supported until Drupal 9 is released, and with Drupal's new point 
release strategy, I estimate that Drupal 9 is at least four years out.

Drupal 7 has broad adoption in the library community, and it has a wide range 
of modules and tools for libraries. I recommend that you join the Drupal4Lib 
mailing list . There is also 
a Libraries Drupal group .

Thanks,

Cary

> On Mar 15, 2016, at 8:39 AM, David Uspal  wrote:
> 
> Code4Lib,
> 
>   We're in the process of evaluating Drupal 8 as our main site CMS (we're on 
> Concrete5 v6 so migrating to v7 is a large effort, which makes this a good 
> time to evaluate alternatives).  As such, I'm trying to compile a list of the 
> most used Drupal extensions designed for libraries that are compatible with 
> Drupal 8.  Does anyone know where such a list might be found and/or could 
> help in compiling such a list?  Thanks!
> 
> David K. Uspal
> Technology Development Specialist
> Falvey Memorial Library
> Phone: 610-519-8954
> Email: david.us...@villanova.edu

Re: [CODE4LIB] Chattanooga Bid for 2017

[Cary Gordon]

Super!

Hopefully, the date won’s conflict with other library conferences — like this 
year.

Cary

> On Mar 8, 2016, at 10:07 AM, Mary Jinglewski  wrote:
> 
> On behalf of our proposal committee, I am pleased to confirm that
> Chattanooga has now submitted a bid to host Code4Lib 2017.
> 
> Our proposal can be found at http://lab.lib.utc.edu/c4l-cha
> 
> Mary Jinglewski, Wendy Hagenmaier, and Andrea Schurr are attending Code4Lib
> 2016 in Philly and would be happy to talk about our proposal in person.
> 
> 
> Thanks!
> 
> Mary

Re: [CODE4LIB] Call for Product Feedback: Nete

[Cary Gordon]

Your web page mentions support of open source. Is Nete open source? If it is, 
is it being developed openly?

What features will it have at release?

How will it be supported?

If it is not open source, what is its model?

Thanks,

Cary

> On Feb 21, 2016, at 1:22 PM, Timothy Tavarez  wrote:
> 
> Heya folks,
> 
> I'm Timothy Tavarez - founder of a small startup in Colorado Springs, CO
> that is developing an ILS called Nete for public libraries. I'm hoping to
> get some early feedback on all sorts of things, ranging from how we'll do
> business all the way the product itself.
> 
> Nete is in alpha, but it has some pretty cool features that folks will
> likely be interested in.
> 
> If anyone is interested, please let me know!
> 
> Timothy Tavarez
> Founder
> Nete
> 
> t.
> 719-424-9820
> e.
> timothy.tava...@nete.io
> w.
> http://nete.io
> a.
> 415 N Tejon St, Colorado Springs, CO
> 

Re: [CODE4LIB] Don't Change Your Site Because of Reference Librarians RE: [CODE4LIB] Responsive website question

[Cary Gordon]

I have long held the following opinion on zoom control directives:

Grr


> On Feb 8, 2016, at 10:16 AM, Haitz, Lisa (haitzlm) <hait...@ucmail.uc.edu> 
> wrote:
> 
> In the case of the original question, with regard to  
> <http://langsdale.ubalt.edu>  
> This code is on the web site:
> content="width=device-width, initial-scale=1.0, 
> maximum-scale=1.0"/>
> 
> 
> In my experience, I thought having the max-scale value would affect 
> accessibility, by breaking the zoom function.?? 
> 
> http://a11yproject.com/posts/never-use-maximum-scale/
> 
> -Original Message-
> From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Cary 
> Gordon
> Sent: Monday, February 08, 2016 12:11 PM
> To: CODE4LIB@LISTSERV.ND.EDU
> Subject: Re: [CODE4LIB] Don't Change Your Site Because of Reference 
> Librarians RE: [CODE4LIB] Responsive website question
> 
> This is less a matter of site behavior that it is an issue with how the zoom 
> feature works. I agree that zoom should work as you describe, but it won’t 
> work that way if the browser is sending the wrong message regarding the 
> viewport. The viewport should not change when the page is zoomed in on. I 
> think that most users would expect that zooming would enlarge a protion of 
> the viewport, and that is what it should do.
> 
> Cary
> 
> Cary Gordon, MLS
> The Cherry Hill Company
> http://chillco.com
> 
>> On Feb 8, 2016, at 8:25 AM, Katherine Deibel <dei...@uw.edu> wrote:
>> 
>>> When people zoom in (e.g., CTRL+), they aren't actually *zooming in* 
>>> insomuch as making the viewport smaller. The viewport is the keystone to 
>>> the media query magic that makes websites responsive. When it is smaller, 
>>> like for your phone, then it presents a different layout.
>> 
>> Because yes, that is exactly what users are expecting when they use a 
>> feature called zoom. Content and layout change too in other applications 
>> like Word, PDF readers, etc. when you zoom in and out... oh wait... they 
>> don't.
>> 
>> Nope. I would argue that most users believe zoom works like zoom in other 
>> applications and would not talk about the technical aspects of how 
>> responsiveness and concepts like view ports.
>> 
>> From a disability accessibility perspective, magnification is not purely 
>> about text readability but making sure that all features of a 
>> website---images, interactive widgets, text, etc.---are of use to the user. 
>> Merely changing the font size is like putting out a fire in the kitchen 
>> while the rest of the house is ablaze.
>> 
>> 
>> 
>> Kate Deibel, PhD | Web Applications Specialist Information Technology 
>> Services University of Washington Libraries 
>> http://staff.washington.edu/deibel
>> 
>> --
>> 
>> "When Thor shows up, it's always deus ex machina."
>> 
>> On 2016-02-08 7:18 AM, Michael Schofield wrote:
>>> Hi folks,
>>> 
>>> Chiming in. Kyle asked
>>> 
>>>> The reference librarians frequently zoom in on our homepage during class 
>>>> instruction, and have noticed that after they zoom in a bit, our homepage 
>>>> switches from desktop to the mobile layout. Is there any easy way around 
>>>> this?  In other words, is it possible to fix the site so that, if a user 
>>>> is on a desktop/laptop, zooming in on the homepage will *not* flip the 
>>>> user over to the mobile layout?
>>> 
>>> This is actually the normal and expected behavior of responsive websites. 
>>> Otherwise breaking this zoom would make the content less accessible, but 
>>> perhaps a workaround would be to add a font size toggle in the header of 
>>> the website where users can increase or decrease just the font size. Since 
>>> I read you were using jQuery, check out this code that does what I 
>>> described really neatly: http://codepen.io/ianfarb/pen/sxbvk .
>>> 
>>> When people zoom in (e.g., CTRL+), they aren't actually *zooming in* 
>>> insomuch as making the viewport smaller. The viewport is the keystone to 
>>> the media query magic that makes websites responsive. When it is smaller, 
>>> like for your phone, then it presents a different layout.
>>> 
>>> Anyway, I really wanted to comment to warn against making changes like this 
>>> to your website because of library-specific use cases - e.g., someone, 
>>> staff or stakeholder, complains. These don't reflect the use cases of your 
>>> patronbase.
>>> 
>

Re: [CODE4LIB] Don't Change Your Site Because of Reference Librarians RE: [CODE4LIB] Responsive website question

[Cary Gordon]

This is less a matter of site behavior that it is an issue with how the zoom 
feature works. I agree that zoom should work as you describe, but it won’t work 
that way if the browser is sending the wrong message regarding the viewport. 
The viewport should not change when the page is zoomed in on. I think that most 
users would expect that zooming would enlarge a protion of the viewport, and 
that is what it should do.

Cary

Cary Gordon, MLS
The Cherry Hill Company
http://chillco.com

> On Feb 8, 2016, at 8:25 AM, Katherine Deibel <dei...@uw.edu> wrote:
> 
>> When people zoom in (e.g., CTRL+), they aren't actually *zooming in* 
>> insomuch as making the viewport smaller. The viewport is the keystone to the 
>> media query magic that makes websites responsive. When it is smaller, like 
>> for your phone, then it presents a different layout.
> 
> Because yes, that is exactly what users are expecting when they use a feature 
> called zoom. Content and layout change too in other applications like Word, 
> PDF readers, etc. when you zoom in and out... oh wait... they don't.
> 
> Nope. I would argue that most users believe zoom works like zoom in other 
> applications and would not talk about the technical aspects of how 
> responsiveness and concepts like view ports.
> 
> From a disability accessibility perspective, magnification is not purely 
> about text readability but making sure that all features of a 
> website---images, interactive widgets, text, etc.---are of use to the user. 
> Merely changing the font size is like putting out a fire in the kitchen while 
> the rest of the house is ablaze.
> 
> 
> 
> Kate Deibel, PhD | Web Applications Specialist
> Information Technology Services
> University of Washington Libraries
> http://staff.washington.edu/deibel
> 
> --
> 
> "When Thor shows up, it's always deus ex machina."
> 
> On 2016-02-08 7:18 AM, Michael Schofield wrote:
>> Hi folks,
>> 
>> Chiming in. Kyle asked
>> 
>>> The reference librarians frequently zoom in on our homepage during class 
>>> instruction, and have noticed that after they zoom in a bit, our homepage 
>>> switches from desktop to the mobile layout. Is there any easy way around 
>>> this?  In other words, is it possible to fix the site so that, if a user is 
>>> on a desktop/laptop, zooming in on the homepage will *not* flip the user 
>>> over to the mobile layout?
>> 
>> This is actually the normal and expected behavior of responsive websites. 
>> Otherwise breaking this zoom would make the content less accessible, but 
>> perhaps a workaround would be to add a font size toggle in the header of the 
>> website where users can increase or decrease just the font size. Since I 
>> read you were using jQuery, check out this code that does what I described 
>> really neatly: http://codepen.io/ianfarb/pen/sxbvk .
>> 
>> When people zoom in (e.g., CTRL+), they aren't actually *zooming in* 
>> insomuch as making the viewport smaller. The viewport is the keystone to the 
>> media query magic that makes websites responsive. When it is smaller, like 
>> for your phone, then it presents a different layout.
>> 
>> Anyway, I really wanted to comment to warn against making changes like this 
>> to your website because of library-specific use cases - e.g., someone, staff 
>> or stakeholder, complains. These don't reflect the use cases of your 
>> patronbase.
>> 
>> The reference librarians can change the default font size of their browsers. 
>> I would make them google that, rather than seek to break the zoom. For 
>> starters, here is how you go about it in Chrome. 
>> http://www.ehow.com/how_10035444_change-text-size-color-google.html
>> 
>> Good question!
>> 
>> Michael Schofield
>> www.libux.co / @schoeyfield / www.webforlibraries.com
>> 
>> -Original Message-
>> From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of 
>> Katherine N. Deibel
>> Sent: Friday, February 5, 2016 2:43 PM
>> To: CODE4LIB@LISTSERV.ND.EDU
>> Subject: Re: [CODE4LIB] Responsive website question
>> 
>> This is actually a really good question as it gets into an interesting
>> tension between responsiveness and accessibility. Zooming is often a
>> useful means of addressing visual access issues, and one cannot presume
>> that a user will have external or in-browser apps for magnification.
>> 
>> There is some literature on defining media queries using em/rem units
>> instead of pixels, which would address some of the issues.
>> http://blog.cloudfour.com/the-ems-have-it-proportional-media-queries-

Re: [CODE4LIB] Let's Encrypt and EZProxy

[Cary Gordon]

I love the idea of Let’s Encrypt, but I recently bought a three year wildcard 
cert subscription for about $120. I would need to fall firmly into the true 
believer category to go the route you suggest.

Cary

> On Jan 14, 2016, at 11:20 AM, Eric Hellman  wrote:
> 
> A while back, the issue of needing a wildcard certificate (not supported by 
> Lets Encrypt) for EZProxy was discussed.
> 
> In my discussions with publishers about switching to HTTPS, EZProxy 
> compatibility has been the most frequently mentioned stumbling block 
> preventing a complete switch to HTTPS for some HTTPS-ready  publishers. In 
> two cases that I know of, a publisher which has been HTTPS-only was asked by 
> a library customer to provide insecure service (oh the horror!) for this 
> reason.
> 
> It's been pointed out to me that while Lets Encrypt is not supporting 
> wildcard certificates, up to 100 hostnames can be supported on a single LE 
> certificate. A further limit on certificates issued per week per domain would 
> mean that up to 500 hostnames can be registered with LE in a week.
> 
> Are there EZProxy instances out there that need more than 500 hostnames, 
> assuming that all services are switched to HTTPS?
> 
> Also, I blogged my experience talking to people about privacy at #ALAMW16.
> http://go-to-hellman.blogspot.com/2016/01/not-using-https-on-your-website-is-like.html
>  
> 
> 
> Eric
> 
> 
> Eric Hellman
> President, Free Ebook Foundation
> Founder, Unglue.it https://unglue.it/
> https://go-to-hellman.blogspot.com/
> twitter: @gluejar
> 

Re: [CODE4LIB] Let's Encrypt and EZProxy

[Cary Gordon]

I bought it from SS2BUY LLC. - 595 S Knott Ave Anaheim, CA, USA 92804. The cert 
is from Comodo.

I am not using it with EZProxy, but there is no reason that it wouldn’t work. 
There have been no issues with it.


> On Jan 14, 2016, at 6:33 PM, Eric Hellman <e...@hellman.net> wrote:
> 
> I would also go with the $120 3 year wildcard cert for ezproxy. What vendor 
> are you using?
>> On Jan 14, 2016, at 7:23 PM, Cary Gordon <listu...@chillco.com> wrote:
>> 
>> I love the idea of Let’s Encrypt, but I recently bought a three year 
>> wildcard cert subscription for about $120. I would need to fall firmly into 
>> the true believer category to go the route you suggest.
>> 
>> Cary
>> 
>>> On Jan 14, 2016, at 11:20 AM, Eric Hellman <e...@hellman.net> wrote:
>>> 
>>> A while back, the issue of needing a wildcard certificate (not supported by 
>>> Lets Encrypt) for EZProxy was discussed.
>>> 
>>> In my discussions with publishers about switching to HTTPS, EZProxy 
>>> compatibility has been the most frequently mentioned stumbling block 
>>> preventing a complete switch to HTTPS for some HTTPS-ready  publishers. In 
>>> two cases that I know of, a publisher which has been HTTPS-only was asked 
>>> by a library customer to provide insecure service (oh the horror!) for this 
>>> reason.
>>> 
>>> It's been pointed out to me that while Lets Encrypt is not supporting 
>>> wildcard certificates, up to 100 hostnames can be supported on a single LE 
>>> certificate. A further limit on certificates issued per week per domain 
>>> would mean that up to 500 hostnames can be registered with LE in a week.
>>> 
>>> Are there EZProxy instances out there that need more than 500 hostnames, 
>>> assuming that all services are switched to HTTPS?
>>> 
>>> Also, I blogged my experience talking to people about privacy at #ALAMW16.
>>> http://go-to-hellman.blogspot.com/2016/01/not-using-https-on-your-website-is-like.html
>>>  
>>> <http://go-to-hellman.blogspot.com/2016/01/not-using-https-on-your-website-is-like.html>
>>> 
>>> Eric
>>> 
>>> 
>>> Eric Hellman
>>> President, Free Ebook Foundation
>>> Founder, Unglue.it https://unglue.it/
>>> https://go-to-hellman.blogspot.com/
>>> twitter: @gluejar
>>> 
> 

Re: [CODE4LIB] Let's Encrypt public beta

[Cary Gordon]

Great news if you are using Apache on Ubuntu 12.04+ or Debian 7+. Everything 
else will wait for someone to step up and build it.

Thanks,

Cary

> On Dec 3, 2015, at 1:54 PM, Eric Hellman  wrote:
> 
> https://letsencrypt.org/2015/12/03/entering-public-beta.html 
> 
> 
> Remember, LE is designed for automation, so your big value-add will be 
> figuring out how to automate cert renewal on your platform.
> 
> 
> Eric Hellman
> President, Free Ebook Foundation
> Founder, Unglue.it https://unglue.it/
> https://go-to-hellman.blogspot.com/
> twitter: @gluejar

Re: [CODE4LIB] Let's Encrypt public beta

[Cary Gordon]

Nginx support is in progress and there is an “experimental” nginx tool 
available for Ubuntu 12.04+/ Debian 7+. Presumably, this is not ready for 
production.

I was hoping that this would be further along by now, and we recently bought a 
three year wildcard cert subscription ($120), which is what we are recommending 
to out library clients at this time. Of course the cost of the cert is not 
really the issue. The problem that Let’s Encrypt will solve is the maintenance 
of the certs.

Thanks,

Cary

> On Dec 4, 2015, at 9:06 AM, todd.d.robb...@gmail.com 
> <todd.d.robb...@gmail.com> wrote:
> 
> Like Cary said, it'll take some dedication to expand this to other open web
> technologies. I'd love to see nginx support.
> 
> 
> –Tod
> 
> On Fri, Dec 4, 2015 at 7:56 AM, Cary Gordon <listu...@chillco.com> wrote:
> 
>> Great news if you are using Apache on Ubuntu 12.04+ or Debian 7+.
>> Everything else will wait for someone to step up and build it.
>> 
>> Thanks,
>> 
>> Cary
>> 
>>> On Dec 3, 2015, at 1:54 PM, Eric Hellman <e...@hellman.net> wrote:
>>> 
>>> https://letsencrypt.org/2015/12/03/entering-public-beta.html <
>> https://letsencrypt.org/2015/12/03/entering-public-beta.html>
>>> 
>>> Remember, LE is designed for automation, so your big value-add will be
>> figuring out how to automate cert renewal on your platform.
>>> 
>>> 
>>> Eric Hellman
>>> President, Free Ebook Foundation
>>> Founder, Unglue.it https://unglue.it/
>>> https://go-to-hellman.blogspot.com/
>>> twitter: @gluejar
>> 
> 
> 
> 
> -- 
> Tod Robbins
> Digital Asset Manager, MLIS
> todrobbins.com | @todrobbins <http://www.twitter.com/#!/todrobbins>

Re: [CODE4LIB] CSS positioning expertise needed

[Cary Gordon]

Pretty much anything is possible with sufficient resources.

I don’t think that I could say that CSS is the sum total of an optimal 
solution, and a lot depends on how the pages are delivered.

Responsive delivery has a few moving pieces, and a site like yours would likely 
benefit from using an established framework, along the lines of Bootstrap, but 
not necessarily Bootstrap.

Thanks,

Cary

> On Oct 29, 2015, at 8:21 AM, Kyle Breneman  wrote:
> 
> Our library is currently working with the public relations department at
> our university to complete a responsive redesign of the library website.
> The redesign is being driven by the PR department, who is contracting with
> an outside design firm for all of the actual coding.
> 
> We'd like to make some changes to the order in which our homepage content
> displays when our site responsively resized for mobile, but we're being
> told that the changes we want are not possible.  I'm pretty certain that
> what we want can be achieved by CSS positioning, but I'd welcome responses,
> off-list, where I can share more details and get a better understanding of
> what code would be needed to achieve our objectives.
> 
> Regards,
> Kyle Breneman
> Langsdale Library
> University of Baltimore

Re: [CODE4LIB] archivespace vs contentdm

[Cary Gordon]

I would rather let AS speak for itself.
http://www.archivesspace.org/overview

I don't think that I made a clear distinction, and like many modern tools,
AS can do a lot beyond its core function. It can be used to present digital
collections, but that is not its strength. It can also integrate with
repository software — I have seen it working with DSpace — to provide a
more integrated, archive oriented solution.

I am far from being an AS expert. How does your institution use
Archivesspace?

Cary

On Tuesday, September 15, 2015, Kaile Zhu <kaile@tamuk.edu> wrote:

> Interesting to hear that AS is more a management tool rather than a
> digital asset management tool.  Can you elaborate?
>
> -Original Message-
> From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU <javascript:;>]
> On Behalf Of Cary Gordon
> Sent: Tuesday, September 15, 2015 4:27 PM
> To: CODE4LIB@LISTSERV.ND.EDU <javascript:;>
> Subject: Re: [CODE4LIB] archivespace vs contentdm
>
> If your goal is digital asset management, you might want to consider a
> more complete and modern solution like Islandora or Hydra. ContentDM is a
> bit long in the tooth, expensive, and does not manage and store original
> assets.
>
> Archivesspace has some overlap with asset management tools, but really it
> is intended to serve the archivist community. It is more of a management
> tool.
>
> We work with Islandora, a mashup of Drupal and the Fedora repository
> system. It is an end-to-end operation that offers everything from ingest to
> display. We offer hosting , training, customization and support. The
> software, of course, is free and open-source.
>
> We also work with Archivesspace.
>
> Thanks,
>
> Cary Gordon, MLS
> The Cherry Hill Company
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__chillco.com=BQIDAg=URKFmO0h1-PpCttSQ3v_bEhalPi_sNmh-_LG0Bso5YA=UmjVf-1YCnSJ8ymaevl-35Anh5CG-YF09ZrBGH_xV3U=Y36UKe3GI_JwX8S6vnj8k-2G4vwC7JCdGwWdN85QJxg=YqMwqwP4Xy1MVI6H4Ce4PedhCcHyQ51M48E7RkAGCFs=
>
> > On Sep 15, 2015, at 2:09 PM, Kaile Zhu <kaile@tamuk.edu
> <javascript:;>> wrote:
> >
> > My library archives collection has both archivesspace and contentdm
> installed or subscribed.  AS is used for storing data.  CDM is used also
> for storing data, and for displaying content, like digital images, as well.
> >
> > Does it make sense to have both?  Can we use one platform to achieve the
> goal - storing data and publishing the content to the Web?  If yes, which
> one to choose?
> >
> > Thanks.
> >
> > Kelly Zhu
> > 361.597.4082
>


-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] archivespace vs contentdm

[Cary Gordon]

If your goal is digital asset management, you might want to consider a more 
complete and modern solution like Islandora or Hydra. ContentDM is a bit long 
in the tooth, expensive, and does not manage and store original assets.

Archivesspace has some overlap with asset management tools, but really it is 
intended to serve the archivist community. It is more of a management tool.

We work with Islandora, a mashup of Drupal and the Fedora repository system. It 
is an end-to-end operation that offers everything from ingest to display. We 
offer hosting , training, customization and support. The software, of course, 
is free and open-source.

We also work with Archivesspace.

Thanks,

Cary Gordon, MLS
The Cherry Hill Company
http://chillco.com

> On Sep 15, 2015, at 2:09 PM, Kaile Zhu <kaile@tamuk.edu> wrote:
> 
> My library archives collection has both archivesspace and contentdm installed 
> or subscribed.  AS is used for storing data.  CDM is used also for storing 
> data, and for displaying content, like digital images, as well.
> 
> Does it make sense to have both?  Can we use one platform to achieve the goal 
> - storing data and publishing the content to the Web?  If yes, which one to 
> choose?
> 
> Thanks.
> 
> Kelly Zhu
> 361.597.4082

Re: [CODE4LIB] Sorry for my last message

[Cary Gordon]

I would totally put that on the cod4lib.com website.

You could also just fax it to Roy.

> On Sep 4, 2015, at 9:05 AM, Andreas Orphanides <akorp...@ncsu.edu> wrote:
> 
> If you are otherwise in good health and spirits, but you need more money
> for ramen and textbooks, please send a watercolor painting of a box turtle
> by US Postal Service to Cary Gordon.
> 
> On Fri, Sep 4, 2015 at 11:54 AM, Suchy, Daniel <dsu...@ucsd.edu> wrote:
> 
>> And if all is well, we expect a hand typed ascii unicorn.
>> -Dan
>> 
>> 
>> 
>>> On Sep 4, 2015, at 7:37 AM, Jason Bengtson <j.bengtson...@gmail.com>
>> wrote:
>>> 
>>> I believe that, by international convention, that's actually the only
>>> acceptable use of a unicorn emoji.
>>> 
>>> Best regards,
>>> *Jason Bengtson, MLIS, MA*
>>> Innovation Architect
>>> 
>>> 
>>> *Houston Academy of MedicineThe Texas Medical Center Library*
>>> 1133 John Freeman Blvd
>>> Houston, TX   77030
>>> http://library.tmc.edu/
>>> www.jasonbengtson.com
>>> 
>>> On Fri, Sep 4, 2015 at 9:10 AM, Thomas Guignard <
>> thomas.guign...@gmail.com>
>>> wrote:
>>> 
>>>> Ivan, if you are being held and forced to type emails against your will,
>>>> send us a unicorn emoji.
>>>> 
>>>>> On Fri, Sep 4, 2015 at 5:10 AM, "Iván V.G." <ivelama...@gmail.com>
>> wrote:
>>>>> 
>>>>> It was a mistake.
>>>> 
>> 

Re: [CODE4LIB] code4lib chicago

[Cary Gordon]

http://cod4lib.com

> On Aug 31, 2015, at 7:39 AM, Rachel Shaevel  wrote:
> 
> You people are dorks, but you're my kind of dorks.
> 
> ​Rachel Shaevel
> Metadata Librarian
> Department of Technology, Content and Innovation
> Chicago Public Library
> Harold Washington Library Center
> 400 S. State St.
> Chicago, IL 60605
> 
> P: (312) 747-4660
> rshae...@chipublib.org
> 
> 
> From: Code for Libraries  on behalf of Toby 
> Greenwalt 
> Sent: Monday, August 31, 2015 9:32 AM
> To: CODE4LIB@LISTSERV.ND.EDU
> Subject: Re: [CODE4LIB] code4lib chicago
> 
> This is reminiscent of the hackathon we held earlier this year:
> 
> www.steelcitycodfest.com
> On Aug 31, 2015 10:30 AM, "Andreas Orphanides"  wrote:
> 
>> Is that really cod, or is it something like "lake perch", whatever that is?
>> 
>> On Mon, Aug 31, 2015 at 10:05 AM, Matt Sherman 
>> wrote:
>> 
>>> Then you aren't familiar with midwest fish fry.
>>> 
>>> On Mon, Aug 31, 2015 at 10:00 AM, Andreas Orphanides 
>>> wrote:
>>> 
 I feel like a Cod4Lib event would be better located on the east coast
>> for
 some reason.
 
 On Mon, Aug 31, 2015 at 9:38 AM, Eric Lease Morgan 
>>> wrote:
 
> On Aug 28, 2015, at 11:56 AM, Allan Berry  wrote:
> 
>> The UIC Library would be happy to host the Code4Lib event, in
>>> November
> or early December.
> 
> The folks at University of Illinois-Chicago would like to sponsor a
> one-day Cod4Lib event, and in order to determine the best date, they
>>> are
> asking folks to complete the following Doodle Poll:
> 
>  http://doodle.com/45aukez6z6pyav62
> 
> Code4Lib events are great ways to meet people doing the same work you
>>> are
> doing to discuss common problems and solutions. Chicago is large and
> central. Fill out the Poll. Come to Chicago. Invigorate your
>>> professional
> life.
> 
> —
> Eric Morgan
> 
 
>>> 
>> 

Re: [CODE4LIB] code4lib chicago

[Cary Gordon]

Catalog that!

On Wednesday, September 2, 2015, Eric Lease Morgan <emor...@nd.edu> wrote:

> On Sep 2, 2015, at 12:04 PM, Cary Gordon <listu...@chillco.com
> <javascript:;>> wrote:
>
> > http://cod4lib.com
>
>  ROTFL!!! —Eric Morgan
>


-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] "coders for libraries"

[Cary Gordon]

Code4Lib | total world domination by libraries, courtesy of code peeps

> On Sep 1, 2015, at 8:18 AM, Eric Hellman  wrote:
> 
> Code4Lib | You can't spell 'Library' without 'x4C'
>> On Sep 1, 2015, at 10:58 AM, Mark A. Matienzo  
>> wrote:
>> How about if we turn this topic around and focus on thinking about coming
>> up with a tagline that emphasizes our goals for inclusivity rather than
>> identity?
>> 
>> Mark
>> 
>> --
>> Mark A. Matienzo  | http://anarchivi.st/

Re: [CODE4LIB] Code4libBC (Vancouver, BC) - save the date November 26/27. 2015

[Cary Gordon]

Perhaps this belongs on the Cod4lib list.

On Monday, August 31, 2015, Andreas Orphanides <akorp...@ncsu.edu> wrote:

> Will there be cod?
>
> On Mon, Aug 31, 2015 at 5:28 PM, Cynthia Ng <cynthia.s...@gmail.com
> <javascript:;>> wrote:
>
> > Code4lib BC is pleased to announce that another unconference is in the
> > works! Please save the dates - November 26 and 27, at the UBC Irving
> > K. Barber Learning Centre.
> >
> > Program and registration to follow on this list and online at
> > http://wiki.code4lib.org/index.php/BC#Third_Annual_Code4lib_BC_Event.
> >
> > If you have attended past Code4lib BC events, you will know they are
> > informative, dynamic, and affordable gatherings. We will follow a
> > similar format to past meetings featuring morning lightning talks, and
> > afternoon breakout sessions. If you have not attended a session before,
> > please join this group of dynamic library technology practitioners who
> > want to build new relationships as much as develop new software
> > solutions to problems. What’s not to like?
> >
> > Stay tuned for more details to come!
> >
> > Sent on behalf of the organizers:
> >
> >   * Paul Joseph (Chair)
> >   * Caroline Daniels
> >   * Cynthia Ng
> >   * Gordon Coleman
> >   * Jeff Davis
> >   * Mark Jordan
> >   * Shirley Lew
> >   * Tamarack Hockin
> >
>


-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] Protocol-relative URLs in MARC

[Cary Gordon]

I think that this is a great idea, if you control all of the URLs in your 
systems. Otherwise unless all of the major browsers drop http — unlikely — it 
easily has another ten years in it.

Chrome dropped support for SHA-1 a few months ago, and I am sure that it will 
be another 33 months before all of the old certs are fixed. In other words, the 
pre-drop certs will all have expired by then and all new ones are SHA-2.

Cary


 On Aug 17, 2015, at 3:08 PM, Andrew Anderson and...@lirn.net wrote:
 
 That said, there is a big push recently for dropping non-SSL connections in 
 general (going so far as to call the protocol relative URIs an anti-pattern), 
 so is it really worth all the potential pain and suffering to make your links 
 scheme-agnostic, when maybe it would be a better investment in time to switch 
 them all to SSL instead?  This dovetails nicely with some of the discussions 
 I have had recently with electronic services librarians about how to protect 
 patron privacy in an online world by using SSL as an arrow in that quiver.

Re: [CODE4LIB] SWIB15 – Registration Open (Semantic Web in Libraries, Hamburg, 23-25 November)

[Cary Gordon]

That is likely because it has an old cert with SHA-1. Google and Chrome have 
stopped recognizing SHA-1 as valid. Issuing authorities will usually reissue 
the cert for free if you resubmit the CSR.

Cary

 On Aug 11, 2015, at 11:13 AM, Karen Coyle li...@kcoyle.net wrote:
 
 I just got there through the link. I did have some problems with another 
 email that used https and the SWIB site was rejected by Chrome (but not 
 Firefox). Try again?
 
 kc (on the SWIB org committee)
 
 On 8/11/15 7:27 AM, Justin Coyne wrote:
 The links you provided aren't resolving.
 
 Not Found
 
 The requested URL /swib15/programme.php was not found on this server.
 
 
 -Justin
 
 On Tue, Aug 11, 2015 at 9:18 AM, Neubert, Joachim j.neub...@zbw.eu wrote:
 
 We are happy to invite you to this year's SWIB (Semantic Web in Libraries)
 conference in Hamburg, 23 - 25 November 2015.
 
 Take a look at the programme for SWIB15 here:
 http://swib.org/swib15/programme.php.
 
 You can register for the conference at
 http://swib.org/swib15/registration.php.
 
 Further information and contact:
 
 Joachim Neubert
 German National Library of Economics
 Leibniz Information Centre for Economics (ZBW)
 Phone +49 40 428 34-462
 E-Mail: j.neubert(at) zbw.eu
 
 Adrian Pohl
 North Rhine-Westphalian Library Service Center (hbz)
 Phone +49 221 400 75-235
 E-Mail: swib(at)hbz-nrw.de
 
  Website:
 http://swib.org/swib15
 
 Twitter:
 http://twitter.com/swibcon
 
 Twitter Hashtag:
 #swib15
 
 Looking forward to meeting you in Hamburg,
 Joachim
 
 
 -- 
 Karen Coyle
 kco...@kcoyle.net http://kcoyle.net
 m: +1-510-435-8234
 skype: kcoylenet/+1-510-984-3600

Re: [CODE4LIB] sciencedirect query urls

[Cary Gordon]

You might want to look at the ScienceDirect APIs: 
http://api.elsevier.com/documentation/SCIDIRSearchAPI.wadl

 On Jul 23, 2015, at 11:02 AM, Karlsen, Jeffrey karl...@scc.losrios.edu 
 wrote:
 
 I'm having trouble finding a way to make a search box that sends users' 
 queries to ScienceDirect. Anyone know if this is possible? The closest I can 
 get is [insert your proxy]
 http://sciencedirect.com/science/quicksearch?query=[query  terms here]
 
 But I'm unable to e.g. limit to just journals rather than all SD content, 
 limit to subscribed journals, etc. If you look at the URLs on their site, 
 it's clear they're not using GET for the queries so I can't just copy-paste.
 
 Anyone know if there's a trick to it?
 
 
 --
 Jeff Karlsen
 Librarian  Library Dept Chair
 Sacramento City College
 (916) 558-2583
 www.scc.losrios.edu/library 

Re: [CODE4LIB] Archives Spaces - Internal Server Error 500

[Cary Gordon]

ArchivesSpace isn’t a simple web app. It generally runs under Tomcat, JBoss or 
another Java application server. It may be proxied through Apache, Nginx or 
Varnish. The devil is in the details, and the details are in the documentation. 
The documentation is in GitHub 
http://archivesspace.github.io/archivesspace/doc/. Issues are tracked in Jira 
https://archivesspace.atlassian.net/secure/Dashboard.jspa.

There is a support site at http://support.archivesspace.org. That should 
probably be your next stop.

Thanks,

Cary

 On Jul 16, 2015, at 10:44 AM, Bobak, Michael - HPL 
 michael.bo...@houstontx.gov wrote:
 
 Good afternoon,
 
 I am trying to troubleshoot an issue we are having with our Archives Space 
 server. Currently, whenever someone tries to export a resource by Downloading 
 the EAD as a PDF we get an Internal Server 500 response back, with a not so 
 descriptive error text of (Error) Timeout::Error. Here is a link to a 
 screenshot of the error message. http://i.imgur.com/hLBJXRY.png
 
 I am led to believe that this has to do with a timeout issue with the server 
 and some script that is generating the PDF. I am just not certain where the 
 script or configuration file reside within the AS structure in order to 
 increase the timeout value. Hopefully someone has some idea where I should 
 look. If I am way off with my assessment perhaps someone else could point me 
 in the direction as to what is causing this error.
 
 I appreciate any responses anyone may have!
 
 Regards,
 Michael Bobak

Re: [CODE4LIB] a Library Digital Privacy Pledge ?

[Cary Gordon]

I think that this is a very good idea.

Cherry Hill has committed to going all HTTPS this year. As a hosted service 
provider, the challenge is getting our clients to do their part, as they own 
their domains. We are now at the point where they just need to respond to an 
email. This is easy if their domain record is up to date, but can be 
problematic when all of the contacts on the record are stale.

We do not find self-signed certificates to be useful for production resources, 
but we are following the free cert movement, including Let’s Encrypt and WoSign.

Thanks,

Cary

 On Jun 13, 2015, at 9:26 AM, Eric Hellman e...@hellman.net wrote:
 
 Jeremy's response made me think.
 
 What do people think about formulating a Library Digital Privacy Pledge 
 that libraries, publishers and vendors could sign onto?
 
 Or perhaps a set of pledges. I'd start with moving services to SSL.
 
 Principle:
 Library Services and Resources should be delivered, whenever practical, over 
 channels that are immune to eavesdropping.
 
 Current Best Practice:
 Require HTTPS (SSL) for all services and resources delvivered via the web.
 
 Pledge (for Libraries):
 1. All web services that we control will require SSL by the end of 2015.
 2. All web services that we pay for will require SSL by the end of 2016.
 
 Pledge (for Publishers and Vendors):
 1. All web services that we control will enable SSL by the end of 2015.
 2. All web services that we offer will require SSL by the end of 2016.
 
 I pick HTTPS to focus on first because it's relatively easy to specify/ 
 understand. You could do something similar with meta referrer, but it's a bit 
 more arcane.
 
 There's a NISO group (I'm on the steering committee) looking at developing 
 principles for library privacy that might be an appropriate forum to support 
 this.
 
 Eric
 
 On Jun 11, 2015, at 11:55 PM, Frumkin, Jeremy A - (frumkinj) 
 frumk...@email.arizona.edu wrote:
 
 Eric - 
 
 Many thanks for raising awareness of this. It does feel like encouraging 
 good practice re: referrer meta tag would be a good thing, but I would not 
 know where to start to make something like this required practice. Did you 
 have some thoughts on that?
 
 — jaf
 
 ---
 Jeremy Frumkin
 Associate Dean / Chief Technology Strategist
 University of Arizona Libraries
 
 +1 520.626.7296
 j...@arizona.edu
 ——
 A person who never made a mistake never tried anything new. - Albert 
 Einstein
 
 

[CODE4LIB] Digital Library/Archiving software

[Cary Gordon]

Foss4lib.org, operated by Lyrasis, has an inventory of open source digital
asset management systems.

OCLC's ContentDM is a bit long in the tooth, but is still very widely used.

Islandora and Hydra, both using Fedora Commons as their repository, are
very popular among academic libraries. Islandora has a larger public
library audience, although Hydra has recently received a substantial IMLS
grant for a project to make it easier to work with. Islandora uses The
popular Drupal CMS as its front end, and Hydra uses Ruby on Rails.

MPOW, the Cherry Hill Company provides Islandora services, including
development, training, theming (design) and general consultation. We also
offer a fully managed and hosted Islandora service.

Nothing in the library space ever dies, so folks are still using
Greenstone, and they do have a community.

There are at least 100 systems that are or can serve as repositories. Some,
like the ILS vendor offerings, are lame, others, such as Sharepoint, are
not a good fit with libraries. The rest all have a target audience that
they are trying to please.

As long as the systems you are considering fully meet your requirement, if
you are going to mostly rely on a vendor, then you must feel comfortable
with and confident in that vendor. If you have a programming resources on
staff, and plan to work with an open source system, then the project
community becomes your paramount consideration.

Thanks,

Cary

On Friday, May 8, 2015, Cooper, Krystal kcoop...@illinois.edu
javascript:_e(%7B%7D,'cvml','kcoop...@illinois.edu'); wrote:

 Does anyone know of a list or website that lists what digital library or
 digital collection software in use at libraries and museums?

 I'm curious to know what is most popular or heavily used? Open source vs
 paid.

 Is Greenstone still heavily used or is it being phased out?

 KC



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] Digital Library/Archiving software

[Cary Gordon]

Repository66.org seems like a great idea, but it seems years out of date.

On Friday, May 8, 2015, scott bacon sdanielba...@gmail.com wrote:

 I've always found FOSS4LIB (https://foss4lib.org/) and Repository66.org (
 http://maps.repository66.org/) to be a good starting points.



 On Fri, May 8, 2015 at 11:23 AM, Cooper, Krystal kcoop...@illinois.edu
 javascript:;
 wrote:

  Does anyone know of a list or website that lists what digital library or
  digital collection software in use at libraries and museums?
 
  I'm curious to know what is most popular or heavily used? Open source vs
  paid.
 
  Is Greenstone still heavily used or is it being phased out?
 
  KC
 



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] replacing deprecated PHP code throughout website

[Cary Gordon]

My recommendations are:

Move to a CMS. Drupal has a large library community, and I have been
happily using it for ten years. You might find Joomla more to your liking,
or you could worship the claw and go to Wordpress, which is mammoth, but
not particularly developer friendly.

If a CMS is out of the question, consider using the Symfony framework,
which is similar in concept to Rails, but, IMHO, better constructed. I
think that it is the future of serious PHP development.

The great thing about using a framework is that it provides structure,
making it much easier to make the move to OOP.

FWIW, the forthcoming version of Drupal is built with Symfony and is the
start of Drupal's move from its hook system to more standard PHP
components, which will make it friendlier to PHP developers without
a Drupal background.

The ever-irascible Rasmus Lerdorf has declared that Drupal 8, paired with
PHP 7 will be unbeatably performant.

Cary

On Wednesday, April 29, 2015, Ken Irwin kir...@wittenberg.edu wrote:

 Hello all,

 I've just learned that the PHP mysql_* functions are all deprecated as of
 PHP 5.5, and I'm trying to figure out what this means for my life. My
 library's website is heavily database-driven, hand-coded, and all written
 using the mysql_* functions. It's currently running PHP 5.4, so presumably
 code all needs to be updated before the next server upgrade.

 So I'm looking for a little advice:


 1.   Is there a general consensus on what the best long-term
 alternative to the mysql_* functions is? I see a bunch of references to the
 PDO extension, which is available on our server. Is that The Answer, or
 should I be looking other places as well.

 2.   Does anyone have advice about how to proceed with an enormous
 overhaul like this? I'm sure I'll be working on a development copy of the
 server until everything is all worked out. But beyond that, advice would be
 welcome. Have you employed students to do work like this?

 3.   I wonder what other broad-sweeping old-fashionednesses may also
 be about to rear up and bite me. If you imagine that I learned procedural
 (almost never object-oriented) PHP 4 in about 2000 and am slow to change my
 ways, can you predict what sort of deprecated foolishness I might still be
 perpetrating?

 Any advice, input, or experience would be appreciated!

 Thanks
 Ken



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] pdf and web publishing question

[Cary Gordon]

At least with PDF, folks know what to expect, so I suggest that if format
is of the utmost importance, you stick to that, although since you are
originating in InDesign, you might also want to look into using one of the
tools such as in5 that are available to generate HTML5 directly.

Cary

On Wednesday, April 29, 2015, Sergio Letuche code4libus...@gmail.com
wrote:

 Dear all,

 we have a pdf, that is taken from a to be printed pdf, full of tables. The
 text is split in two columns. How would you suggest we uploaded this pdf to
 the web? We would like to keep the structure, and split each section taken
 from the table of contents as a page, but also keep the format, and if
 possible, serve the content both in an html view, and in a pdf view, based
 on the preference of the user.

 Looking forward for your input.

 The document is made with Indesign CS6, and i do not know in which format i
 could transform it into

 Best



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] Mac OS 9 emulator

[Cary Gordon]

Prior to the iMac in 1998, Apple used a proprietary drive system — FDHD — that 
can’t, AFAIK, be emulated.

Cary

 On Apr 23, 2015, at 12:03 PM, Schmitz Fuhrig, Lynda schmitzfuhr...@si.edu 
 wrote:
 
 Typically we are trying to access the data and transfer it for preservation 
 work. There could be cases though where the data will need to be in the 
 emulated environment in order to replay. We can't always predict what types 
 of records we are going to get from across the Institution. We have 
 encountered CDs and diskettes that will only read in the OS 9 environment and 
 won't even be recognized in OS 10.x.
 
 Lynda Schmitz Fuhrig
 Electronic Records Archivist
 Digital Services Division
 Smithsonian Institution Archives
 Capital Gallery Building
 600 Maryland Ave SW
 Suite 3000
 MRC 507
 Washington, DC 20024-2520
 
 siarchives.si.edu | @SmithsonianArch | Facebook | e-newsletter
 
 A gift in support of the Archives will help make more of our collections 
 accessible!
 
 
 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of 
 Richard Sarvas
 Sent: Thursday, April 23, 2015 2:37 PM
 To: CODE4LIB@LISTSERV.ND.EDU
 Subject: Re: [CODE4LIB] Mac OS 9 emulator
 
 Lynda,
 Do you need to use the data on the file system in an emulated environment or 
 are you just trying to access the data on the file system created by OS9?
 
 
 Rick
 
 
 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Kyle 
 Banerjee
 Sent: Thursday, April 23, 2015 1:38 PM
 To: CODE4LIB@LISTSERV.ND.EDU
 Subject: Re: [CODE4LIB] Mac OS 9 emulator
 
 On Thu, Apr 23, 2015 at 10:20 AM, Schmitz Fuhrig, Lynda  
 schmitzfuhr...@si.edu wrote:
 
 Thanks for the responses.
 
 We actually need to read media within it so Virtual Box would not work 
 for us.
 
 
 Could you say a bit more about your use case? Some applications such as 
 dealing with archival materials might actually require actual hardware in 
 which case ebay may be the best option.
 
 kyle

Re: [CODE4LIB] Mac OS 9 emulator

[Cary Gordon]

I agree that using one of the free VirtualBox or VMWare images would cover most 
needs. Other than some software that might be protected by hardware-based 
security, everything should run on them.

Cary


 On Apr 22, 2015, at 11:53 AM, Matt Sherman matt.r.sher...@gmail.com wrote:
 
 Why would you not just run an instance in Virtual Box?
 
 On Wed, Apr 22, 2015 at 2:50 PM, Schmitz Fuhrig, Lynda 
 schmitzfuhr...@si.edu wrote:
 
 Hello all,
 Can anyone recommend a Mac OS 9 emulator that can run off 10.6.x machine
 or later?
 
 Thanks,
 Lynda
 
 Lynda Schmitz Fuhrig
 Electronic Records Archivist
 Digital Services Division
 Smithsonian Institution Archives
 Capital Gallery Building
 600 Maryland Ave SW
 Suite 3000
 MRC 507
 Washington, DC 20024-2520
 
 siarchives.si.eduhttp://siarchives.si.edu/ | @SmithsonianArch
 https://twitter.com/smithsonianarch | Facebook
 https://www.facebook.com/SmithsonianInstitutionArchives | e-newsletter
 http://visitor.r20.constantcontact.com/manage/optin/ea?v=0010Oqxbncv4WpyheEee3Q9DHdF_192SxMMIWgsXuMG1qJ5yKPErzu0TI5d4qyMxK4iLMccSoQG5ck%3D
 
 
 A gift
 http://siarchives.si.edu/about/donate-smithsonian-institution-archives
 in support of the Archives will help make more of our collections
 accessible!
 

Re: [CODE4LIB] New HTTP method proposed: SEARCH

[Cary Gordon]

A great idea, I think, but I would not bet on soon...

On Friday, April 17, 2015, Péter Király kirun...@gmail.com wrote:

 Dear all,

 If you ever created a REST API, you might run into the problem,
 whether searching should be implemented via GET or POST methods. There
 are lots of debate around this supported by different theoretical
 considerations.

 Maybe these debates will be ceased soon, because last week Julian
 Reschke, Ashok Malhotra and James M. Snell submitted an RFC proposal
 HTTP SEARCH Method to Internet Engineering Task Force (IETF) for
 creating a new method, called SEARCH in HTTP 1.1. According to the
 proposal there will be an Accept-Search response header field as
 well to notify clients, that a given server supports the new method.

 An example:

 A SPARQL query:

  SEARCH /contacts HTTP/1.1
  Host: example.org
  Content-Type: text/query
  Accept: text/csv

  select surname, givenname, email limit 10

 The full document is available here:
 http://www.ietf.org/id/draft-snell-search-method-00.txt

 Regards,
 Peter


 --
 Péter Király
 software developer

 Göttingen Society for Scientific Data Processing - http://gwdg.de
 eXtensible Catalog - http://eXtensibleCatalog.org



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] Modeling a repository's objects in a relational database

[Cary Gordon]

This is a beautiful response, and the payoff, at the end, is perfect... Try
it, you probably won't like it. In practice, even with big hardware,
relational databases get mired down with MARC and MODS once the collection
size becomes significant..

Cary

On Friday, April 17, 2015, Mark V. Sullivan 
mark.v.sulli...@sobekdigital.com wrote:

 Stephen,
 As the lead developer on the SobekCM open-source digital repository
 project and formerly a developer for the University of Florida Libraries, I
 have looked at this quite a bit and learned a bit over time.

 I began development working on tracking systems to manage a fairly
 large-scale digitization shop at UF before I was even working on the public
 repository side.  When I arrived (around 1999) metadata was double keyed
 several times for each item during the tracking and metadata creation
 process.  It seemed obvious to me that we needed a tracking system and one
 that would hold metadata for each item.  This was fairly easy to do when
 our metadata was very homogenous and based on simple Dublin Core.  This
 worked well and the system could easily spit out ready METS (and MXF)
 packages.

 Over time, I began to experiment with MODS and increasingly started using
 specialized metadata schemas for different types of objects, such as
 herbarium or oral history materials.  I envisioned a tracking system that
 would hold all of this metadata relationally and provide different tabs
 based on the material type.  So, oral history items would have an extra tab
 exposing the oral history metadata and herbarium would have a similar
 special tab.  While development of this moved ahead, the entire system
 seemed unwieldy.  Adding a new schema was a bit laborious.. even adding a
 new field to use.

 After several years of this, we began the SobekCM digital repository
 software development.  After that experience I swore off trying to store
 very complex structured data in the database in the same type of format.
 (This may also have had to do with an IMLS project I worked on that proved
 the futility of this approach.)  I generally eschew triple-stores for the
 basis of libraries in favor of relational databases on the premise that we
 DO actually understand the basic relationships of digital resources to
 collection and the sub-relations there.  We keep the data within METS files
 with one or more descriptive metadata sections and essentially the database
 only points to that METS file.  For searching, we use a flattened table
 structure with one row per item, much like Solr/Lucene, and Solr/Lucene
 itself.

 My advice is to steer clear of trying to take beautifully (and deeply)
 structured metadata from MODS, Darwin Core, VRACore (and who knows what
 else) and try to create tables and relations for them.

 I think you can point some database tools at the schema and have it
 generate the tables for you.  Just doing that will probably dissuade you.
 ;)

 Mark V. Sullivan
 CIO  Application Architect
 Sobek Digital Hosting and Consulting, LLC
 mark.v.sulli...@sobekdigital.com javascript:;
 352-682-9692 (mobile)​​​


 
 From: Code for Libraries CODE4LIB@LISTSERV.ND.EDU javascript:; on
 behalf of Stephen Schor stephensc...@nypl.org javascript:;
 Sent: Friday, April 17, 2015 1:27 PM
 To: CODE4LIB@LISTSERV.ND.EDU javascript:;
 Subject: [CODE4LIB] Modeling a repository's objects in a relational
 database

 Hullo.

 I'm interested to hear about people's approaches for modeling
 repository objects in a normalized, spec-agnostic way, _relational_ way
 while
 maintaining the ability to cast objects as various specs (MODS, Dublin
 Core).

 People often resort to storing an object as one specification (the text of
 the MODS for example),
 and then convert it other specs using XSLT or their favorite language,
 using established
 mappings / conversions. (
 http://www.loc.gov/standards/mods/mods-conversions.html)

 Baking a MODS representation into a database text field can introduce
 problems with queryablity and remediation that I _feel_ would be hedged
 by factoring out information from the XML document, and modeling it
 in a relational DB.

 This is idea that's been knocking around in my head for a while.
 I'd like to hear if people have gone down this road...and I'm especially
 eager to hear both success and horror stories about what kind of results
 they got.

 Stephen



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] Modeling a repository's objects in a relational database

[Cary Gordon]

You might consider a NoSQL database, either memory (redis, etc.) or disk based 
(MongoDB, etc.) depending on your needs. There are also triple-store specific 
DBs like SparkleDB.

Cary

 On Apr 17, 2015, at 5:01 PM, Stephen Schor stephensc...@nypl.org wrote:
 
 Firstly - thanks for the thoughtful replies, links, and anecdotes.
 
 We end up storing a lot of MODS as text in a database.
 We map it out as other formats...but our app deals in *a lot* of mods.
 
 A lot of time and line-count is dedicated to turning XML into an
 object/datastructure
 that can be sent to-and-from web forms in a way our web app likes..and
 because that
 object/datastructure is atypical we forego the benefits (like first-class
 validation) of our framework.
 Not to mention querying gets hinky in XML and dealing with remediation
 within a
 hierarchy means updating what amounts to a denormalized cache.
 (http://martinfowler.com/bliki/TwoHardThings.html)
 
 It's hard to dissuade myself from the idea that we're simply hanging
 adjectives on nouns (our objects)
 and that different specs map these adjectives to different words and format
 them differently.
 *I think other projects store attributes in a traditional relational way
 and concoct*
 *different specs based on DB records. (Maybe Archivist's Toolkit?
 Archivespace?)*
 
 Uff - anyway - maybe I'll get a chance to describe a collection's objects
 in a spec-agnostic way
 I already can imagine peppering the schema with spec-specific columns and
 it being a slippery
 slope from there. But hey, dream big - right?
 
 I may reply to this thread with my success story one day.
 I'm also really eager to share if it goes totally wrong.
 Those stories are usually more entertaining.
 
 
 Stephen
 
 
 On Fri, Apr 17, 2015 at 6:56 PM, Cary Gordon listu...@chillco.com wrote:
 
 This is a beautiful response, and the payoff, at the end, is perfect... Try
 it, you probably won't like it. In practice, even with big hardware,
 relational databases get mired down with MARC and MODS once the collection
 size becomes significant..
 
 Cary
 
 On Friday, April 17, 2015, Mark V. Sullivan 
 mark.v.sulli...@sobekdigital.com wrote:
 
 Stephen,
 As the lead developer on the SobekCM open-source digital repository
 project and formerly a developer for the University of Florida
 Libraries, I
 have looked at this quite a bit and learned a bit over time.
 
 I began development working on tracking systems to manage a fairly
 large-scale digitization shop at UF before I was even working on the
 public
 repository side.  When I arrived (around 1999) metadata was double keyed
 several times for each item during the tracking and metadata creation
 process.  It seemed obvious to me that we needed a tracking system and
 one
 that would hold metadata for each item.  This was fairly easy to do when
 our metadata was very homogenous and based on simple Dublin Core.  This
 worked well and the system could easily spit out ready METS (and MXF)
 packages.
 
 Over time, I began to experiment with MODS and increasingly started using
 specialized metadata schemas for different types of objects, such as
 herbarium or oral history materials.  I envisioned a tracking system that
 would hold all of this metadata relationally and provide different tabs
 based on the material type.  So, oral history items would have an extra
 tab
 exposing the oral history metadata and herbarium would have a similar
 special tab.  While development of this moved ahead, the entire system
 seemed unwieldy.  Adding a new schema was a bit laborious.. even adding a
 new field to use.
 
 After several years of this, we began the SobekCM digital repository
 software development.  After that experience I swore off trying to store
 very complex structured data in the database in the same type of format.
 (This may also have had to do with an IMLS project I worked on that
 proved
 the futility of this approach.)  I generally eschew triple-stores for the
 basis of libraries in favor of relational databases on the premise that
 we
 DO actually understand the basic relationships of digital resources to
 collection and the sub-relations there.  We keep the data within METS
 files
 with one or more descriptive metadata sections and essentially the
 database
 only points to that METS file.  For searching, we use a flattened table
 structure with one row per item, much like Solr/Lucene, and Solr/Lucene
 itself.
 
 My advice is to steer clear of trying to take beautifully (and deeply)
 structured metadata from MODS, Darwin Core, VRACore (and who knows what
 else) and try to create tables and relations for them.
 
 I think you can point some database tools at the schema and have it
 generate the tables for you.  Just doing that will probably dissuade you.
 ;)
 
 Mark V. Sullivan
 CIO  Application Architect
 Sobek Digital Hosting and Consulting, LLC
 mark.v.sulli...@sobekdigital.com javascript:;
 352-682-9692 (mobile)​​​
 
 
 
 From

Re: [CODE4LIB] Amazon Glacier - tracking deposits

[Cary Gordon]

We have been playing with Glacier, but so far neither us nor our clients have 
been convinced of its cost-effectiveness. A while back, we were discussing a 
project with 15 PB of archival assets, and that would certainly have made 
Glacier cost-effective, saving about $30k/mo. over S3, although requests could 
cut into that.

The Glacier location is in the format /Account ID/vaults/Vault 
Name/archives/Archive ID, so you might want to consider using the whole 
string.

Thanks,

Cary


 On Apr 8, 2015, at 3:32 PM, Sara Amato sam...@willamette.edu wrote:
 
 Has anyone leapt on board with Glacier?   We are considering using it for 
 long term storage of high res archival scans.  We have derivative copies for 
 dissemination, so don’t intend touching these often, if ever.   The question 
 I have is how to best track the  Archive ID that glacier attaches to 
 deposits, as it looks like that is the only way to retrieve information if 
 needed (though you can attach a brief description also that appears on the 
 inventory along with the id.)   We’re considering putting the ID in Archivist 
 Toolkit, where the location of the dissemination copies is noted, but am 
 wondering if there are other tools out there specific for this scenario that 
 people are using. 

Re: [CODE4LIB] Native MarcEdit for MacOSX

[Cary Gordon]

IMHO:

1) If you create something, and you are not under contract to another entity, 
you own it as intellectual property, and you can do whatever you want with it.

2) Open source and even free and open source does not imply any contribution 
model or the licensee's right to have input into development and maintenance. 
The open source licenses that I am familiar with do not confer any ownership on 
the licensees.

3) Under the major open source licenses, licensees are free to fork the 
project, with certain restrictions, such as identifying the source and 
inheriting the license.

I support Terry's right to do whatever he wants with his work. That said, I 
encourage him to consider moving to open source, where he might learn to love 
the pull request. Probably not all of them, though.

Cary

 On Apr 6, 2015, at 10:49 PM, Roy Tennant roytenn...@gmail.com wrote:
 
 I agree with Terry. His decisions on how to deal with his codebase has
 stood the test of time. Open source doesn't mean squat if no one steps up
 to maintain it (and I have some experience with that), so having someone
 dedicated to maintaining it is not a bad strategy. It may not beds the most
 politically correct solution, but so be it. Running (and maintained) code
 trumps everything.
 Roy
 
 On Mon, Apr 6, 2015 at 6:13 PM, Terry Reese ree...@gmail.com wrote:
 
 Hi Bill,
 
 Sure -- this has been asked before.  In fact, I wrote an article about the
 responsibilities developers and organizations have, regardless of if they
 utilize a closed or open source model in the C4L Journal back in 2012:
 http://journal.code4lib.org/articles/6393.
 
 In my case, it's been two things.  Until around 2006 or 2007, MarcEdit's
 code libraries were still largely written in assembly so there was very
 little interest.  But since migrating the code to something more accessible
 (C#),  I'd have to say that the main reason is that work on the project
 has, and continues to be, a hobby and avenue for me to pursue something
 that I happen to be quite passionate about.
 
 --tr
 
 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of
 William Denton
 Sent: Monday, April 6, 2015 7:46 PM
 To: CODE4LIB@LISTSERV.ND.EDU
 Subject: Re: [CODE4LIB] Native MarcEdit for MacOSX
 
 On 6 April 2015, Terry Reese wrote:
 
 What I've offered is that I'd redo the application to provide a native
 Mac App that is Mac-Native while still making use of the present
 assembly code.  This of course requires a Mac of some kind -- and
 since I'm not a Mac user, there it is.  From the users perspective, it
 should all be Mac-tastic.
 
 I've always been curious, and now seems a good time to ask: I'm sure
 you've considered, and been asked about, releasing MarcEdit under a free
 software license, but decided against it.  Why?
 
 Bill
 --
 William Denton ↔  Toronto, Canada ↔  https://www.miskatonic.org/
 

Re: [CODE4LIB] Native MarcEdit for MacOSX

[Cary Gordon]

You might want to consider picking up a MacBook on Craigslist, or something 
like that. You can get a lot of only slightly vintage computer for $5-700.

Cary

Random ad:

13 MacBook ProTurbo 2.9GHz i5 Dual-core ϟ Thunderbolt! + 500GB Storage - $499 
(Los Angeles)
make / manufacturer: Apple MacBook Pro
size / dimensions: 13
Up for sale my 13-inch Macbook Pro with free $40 case 
2.3GHz Turbo 2.9Ghz
500GB Storage 
4GB Ram DDR3
Thunderbolt 
USB 
FireWire 

 On Apr 6, 2015, at 12:31 PM, Francis Kayiwa kay...@pobox.com wrote:
 
 Terry Reese (thanks Terry if you are reading this) has offered to write a 
 Object-C version of MarcEdit. In order to this he needed access to a Apple 
 Hardware. While my initial proposal on Go Fund me below was for a Macbook 
 Pro, we've since realized it need not be a portable device. My current 
 arithmetic puts the price of this at ~US$1300 as opposed to the listed 
 ~US$2400
 
 
 Thanks for boosting this signal if you cannot otherwise help fund porting 
 MarcEdit for the Mac OSX platform.
 
 http://www.gofundme.com/qtbzq4
 
 
 Cheers,
 ./fxk
 -- 
 Your analyst has you mixed up with another patient.  Don't believe a
 thing he tells you.

Re: [CODE4LIB] Native MarcEdit for MacOSX

[Cary Gordon]

I have one and use it to power various house functions including storage and 
backups. I also use it for rendering video.

I prefer a MacBook for coding, as I can take it with me around the (tiny) 
house, to the office, coffee shop, Mumbai, Paris, anywhere. I do most of my 
work on a 13 Air.

Cary


 On Apr 6, 2015, at 3:36 PM, Karen Coyle li...@kcoyle.net wrote:
 
 Have you had one? I started out with one a while back because it was indeed 
 the cheapest Mac. It seemed underpowered at the time. Plus you have to add a 
 screen to it, and a keyboard, and a mouse so the price goes up. On the 
 plus size, it doesn't take up much room... without the screen, the keyboard...
 
 kc
 
 On 4/6/15 2:36 PM, Roy Tennant wrote:
 Better yet, get a brand-new Mac mini for what you've already raised:
 
 http://store.apple.com/us/buy-mac/mac-mini
 
 Roy
 
 On Mon, Apr 6, 2015 at 1:18 PM, Cary Gordon listu...@chillco.com wrote:
 
 You might want to consider picking up a MacBook on Craigslist, or
 something like that. You can get a lot of only slightly vintage computer
 for $5-700.
 
 Cary
 
 Random ad:
 
 13 MacBook ProTurbo 2.9GHz i5 Dual-core ϟ Thunderbolt! + 500GB Storage -
 $499 (Los Angeles)
 make / manufacturer: Apple MacBook Pro
 size / dimensions: 13
 Up for sale my 13-inch Macbook Pro with free $40 case
 2.3GHz Turbo 2.9Ghz
 500GB Storage
 4GB Ram DDR3
 Thunderbolt
 USB
 FireWire
 
 On Apr 6, 2015, at 12:31 PM, Francis Kayiwa kay...@pobox.com wrote:
 
 Terry Reese (thanks Terry if you are reading this) has offered to write
 a Object-C version of MarcEdit. In order to this he needed access to a
 Apple Hardware. While my initial proposal on Go Fund me below was for a
 Macbook Pro, we've since realized it need not be a portable device. My
 current arithmetic puts the price of this at ~US$1300 as opposed to the
 listed ~US$2400
 
 Thanks for boosting this signal if you cannot otherwise help fund
 porting MarcEdit for the Mac OSX platform.
 http://www.gofundme.com/qtbzq4
 
 
 Cheers,
 ./fxk
 --
 Your analyst has you mixed up with another patient.  Don't believe a
 thing he tells you.
 
 -- 
 Karen Coyle
 kco...@kcoyle.net http://kcoyle.net
 m: +1-510-435-8234
 skype: kcoylenet/+1-510-984-3600

Re: [CODE4LIB] [lita-l] CMS selection

[Cary Gordon]

I would love to hear more about these on the list. The only one that I had 
heard of is OmniUpdate.

Thanks,

Cary

 On Apr 2, 2015, at 8:03 AM, Sanchez, Edward L. edward.sanc...@marquette.edu 
 wrote:
 
 Colleagues,
 I am on a campus-wide team charged with evaluating and selecting a new CMS 
 system to replace our centralized Apache/PHP/Includes-based web server 
 infrastructure. 
  
 Our Libraries and University Archives have relied on the existing centralized 
 system and would like to contribute to the selection of a new CMS-based 
 platform that will position our library well into the future.
  
 Currently the list is down to four vendors:
  
 Hippo
 OmniUpdate
 Terminal 4 
 Jahia
  
 If any of you have experience with any of these systems you wouldn’t mind 
 sharing please contact me off list.
  
 Your feedback would be appreciated.
  
 Best regards,
 
 Ed
  
 Edward Sanchez
 Head, Library Information Technology
 Marquette University
 1355 West Wisconsin Avenue
 Milwaukee, WI 53201
 edward.sanc...@mu.edu mailto:edward.sanc...@mu.edu
 W: 414-288-6043
 M: 414-839-9569

Re: [CODE4LIB] Textbook searching script?

[Cary Gordon]

It mostly depends on your ILS and whether you can query it by API or directly 
through the database, or whether you need to go through the web interface, or 
use a search engine. There is no lightweight, on-size-fits-all solution that 
will work on any system. 

Of course if you are all WorldCat libraries — as PCC and LBCC appear to be — 
then that might be your best bet. WorldCat has a broad set of APIs.

Thanks,

Cary

 On Mar 24, 2015, at 3:07 PM, Amy Hofer hof...@linnbenton.edu wrote:
 
 Hello Code4Lib,
 
 A Linn-Benton Community College librarian took a bookstore data dump and
 searched each title in the ILS and in their vendor database to find out
 whether ebook access was already available or could be purchased. I'm
 interested in whether it's possible to write a script to automate this
 process that could be used at any school, regardless of ILS or vendor. You
 can read more about her project here:
 http://openoregon.org/linn-benton-campus-report/
 
 Has anyone created something like this?
 
 Any advice if I were to contract with a programmer to create it?
 
 Thanks in advance!
 Amy
 
 -- 
 Amy Hofer
 Coordinator, Statewide Open Education Library Services
 openoregon.org
 
 971-722-6482
 PCC Southeast Library Room 206
 2305 SE 82nd Ave
 Portland, OR 97216

Re: [CODE4LIB] Anyone analyzed SirsiDynix Symphony transaction logs?

[Cary Gordon]

Has anyone considered using a NoSQL database to store their logs? With enough 
memory, Redis might be interesting, and it would be fast.

The concept of too experimental to post to Github boggles the mind.

Cary


 On Mar 19, 2015, at 9:38 AM, Andrew Nisbet anis...@epl.ca wrote:
 
 Hi Bill,
 
 I have been doing some work with Symphony logs using Elasticsearch. It is 
 simple to install and use, though I recommend Elasticsearch: The Definitive 
 Guide (http://shop.oreilly.com/product/0636920028505.do). The main problem is 
 the size of the history logs, ours being on the order of 5,000,000 lines per 
 month. 
 
 Originally I used a simple python script to load each record. The script 
 broke down each line into the command code, then all the data codes, then 
 loaded them using curl. This failed initially because Symphony writes 
 extended characters to title fields. I then ported the script to python 3.3 
 which was not difficult, and everything loaded fine -- but took more than a 
 to finish a month's worth of data. I am now experimenting with Bulk 
 (http://www.elastic.co/guide/en/elasticsearch/reference/current/docs-bulk.html)
  to improve performance.
 
 I would certainly be willing to share what I have written if you would like. 
 The code is too experimental to post to Github however.
 
 Edmonton Public Library
 Andrew Nisbet
 ILS Administrator
 
 T: 780.496.4058   F: 780.496.8317
 
 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of 
 William Denton
 Sent: March-18-15 3:55 PM
 To: CODE4LIB@LISTSERV.ND.EDU
 Subject: [CODE4LIB] Anyone analyzed SirsiDynix Symphony transaction logs?
 
 I'm going to analyze a whack of transaction logs from our Symphony ILS so 
 that we can dig into collection usage.  Any of you out there done this?  
 Because the system is so closed and proprietary I understand it's not easy 
 (perhaps
 impossible?) to share code (publicly?), but if you've dug into it I'd be 
 curious to know, not just about how you parsed the logs but then what you did 
 with it, whether you loaded bits of data into a database, etc.
 
 Looking around, I see a few examples of people using the system's API, but 
 that's it.
 
 Bill
 --
 William Denton ↔  Toronto, Canada ↔  https://www.miskatonic.org/

Re: [CODE4LIB] Drupal code club

[Cary Gordon]

You can join the Drupal4Lib Code Club at 
https://groups.google.com/forum/#!forum/d4lcc

Thanks,

Cary

 On Mar 9, 2015, at 11:15 AM, Matt Bernhardt matt.j.bernha...@gmail.com 
 wrote:
 
 I'm not sure if there's a better place to reply than to the list, but I'm
 also interested in a Drupal code club.
 
 Matt
 
 On Fri, Mar 6, 2015 at 10:03 AM, Nathan Rogers nrog...@clevelandart.org
 wrote:
 
 I would be interested in doing this.
 
 Nathan Rogers
 T  216-707-2545
 
 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of
 Bridger Dyson-Smith
 Sent: Thursday, March 05, 2015 1:03 PM
 To: CODE4LIB@LISTSERV.ND.EDU
 Subject: Re: [CODE4LIB] Drupal code club
 
 On Wed, Mar 4, 2015 at 6:31 AM, Brown, Bryan bjbr...@fsu.edu wrote:
 
 With the overwhelming response to the recent post about a
 Python/PyMARC code club on the Code4Lib list, I was wondering if
 anyone would be interested in something similar for Drupal. As a
 Drupal user and a wannabe module developer, I'm finding that reading
 other people's modules (especially core) is one of the best ways to
 really understand what's going on under the hood. Much like Python,
 Drupal has its own unique idioms and ways of looking at problems, and
 reading modules helps one get into this mindset.
 
 If anyone else is interested in this, please let me know either
 through a reply to this thread or a direct email (bjbr...@fsu.edu). If
 there is sufficient interest, I'll try to set up something similar to
 what the Python/PyMARC crowd is doing.
 
 - Bryan Brown
 
 
 +1
 
 Thanks,
 Bridger
 

[CODE4LIB] SoCal Code4lib meeting tomorrow at the Getty!

[Cary Gordon]

The usual lame excuses for cross-posting…

http://www.meetup.com/Code4lib-SoCal/events/219653631/ 
http://www.meetup.com/Code4lib-SoCal/events/219653631/

For our first meeting of 2015 we shift back to the westside at the Getty Center 

Morning Topics: 

• Integrating Aeon paging with catalog UI

• Data / Ontology mapping with Karma

• Librarians as/vs/and Programmers 

Afternoon Topics:

• Peer Review / Design Critique Session: Rebuilding the Getty Research Portal

• Intro to Docker

• Code challenge 

• c4l16 hosting committee mtg 

Parking is $15, so carpooling is recommended. Speakers will get free parking.

Lunch will be provided! 

Re: [CODE4LIB] security and privacy in RFPs

[Cary Gordon]

I think that “revealing” puts the best spin on it, and perhaps a bit of a pun, 
as well.

Caru
 
 On Mar 4, 2015, at 4:49 PM, Eric Hellman e...@hellman.net wrote:
 
 I recently wrote a blog post about password security in library subscribed 
 databases based on an RFP by a state agencecy subject to public disclosure 
 laws. The results were very revealing, but it covered only a small set of 
 vendors.
 http://go-to-hellman.blogspot.com/2015/02/passwords-are-stored-in-plain-text.html
  
 http://go-to-hellman.blogspot.com/2015/02/passwords-are-stored-in-plain-text.html
 
 I would be very interested to learn of RFPs for library automation software, 
 ebook delivery platforms, etc. subject to similar public disclosure rules 
 that asked questions relevant to privacy and security in libraries.
 
 Contact me on or off list.
 
 Eric
 
 
 Eric Hellman
 President, Gluejar.Inc.
 Founder, Unglue.it https://unglue.it/
 http://go-to-hellman.blogspot.com/
 twitter: @gluejar

[CODE4LIB] MXF Standard (was: [CODE4LIB] CODE4LIB Digest - 12 Feb 2015 to 13 Feb 2015 (#2015-38))

[Cary Gordon]

Hi Rebecca,

This does not pass the sniff test. Materials exchange format is a standard 
ratified by the SMPTE. If Sony uses a proprietary variant of MXF, then it is 
not MXF. If product documentation trumps the SMPTE, the EBU and LC, then we are 
going to need a bigger handbasket.

http://www.digitalpreservation.gov/formats/intro/intro.shtml
http://www.digitalpreservation.gov/formats/fdd/fdd13.shtml
http://www.digitalpreservation.gov/formats/fdd/fdd000266.shtml

Please consider changing the subject line when responding to digests. I am not 
sure what you are responding to.

FWIW, SoCal Code4Lib is having a meeting this Thursday. You might want to join 
us. http://www.meetup.com/Code4lib-SoCal/events/219653631/

Thanks,

Cary

 On Mar 3, 2015, at 5:21 PM, Rebecca HG rebeccahger...@gmail.com wrote:
 
 Hello folks, I'm wondering if anyone else has run into this issue. My
 production company has a rather odd workflow but it involves passing MXF
 files from Sony cameras through Quantel systems. We're having a lagging
 issue recalling footage. Quantel responded with the following:
 
 What is the difference between Quantel MXF and XD Cam MXF in File Flow
 Engines used for archiving out?
 
 Quantel: The Quantel MXF option conforms to the OP-1a MXF standard. XDCAM
 MXF is a Sony
 
 proprietary version of MXF which works with the XDCAM folder structure and
 use slightly
 
 different codecs etc. Quantel will consider clarification of this in the
 product documentation.
 
 I've never heard of a Sony-proprietary MXF format. Does anyone have
 additional data on this? Thanks!
 
 Rebecca Hernandez-Gerber
 Broadcast Archivist
 Riot Games
 

[CODE4LIB] Code4LibCon - cost

[Cary Gordon]

We need to separate this from the location topic, as well.

I strongly feel that we need to dedicate more resources to scholarships and 
stipends. I honestly believe that we should be offering a mix of 25-50 
scholarships and stipends, and I would happily pay an extra $40-50 if it would 
help that to happen.

It would also help to have more folks working on raising money. Francis and the 
scholarship committee did yeoman work this year, but it needs to be a larger 
effort.

Cary

Re: [CODE4LIB] Drupal 7, Views/Fields, Panels and Calendars

[Cary Gordon]

Hi Rob,

I took the liberty of copying this to the Drupal4lib list, which is probably 
the best place for it.

A lot depends on how the fields are stored. In Drupal 7, field reuse is very 
important. If all of your *Description* have the same machine name, say 
field_description, then there will be a discrete table for that field and 
creating a view is pretty straightforward. It there is a 
field_screening_description and a field_class_description, then your view (a 
query) will be more complex. This is not to say that building it is that much 
harder, just that the tricky part is combining the fields.

Again, with the caveat is that I know almost nothing about your site, for a 
calendar-centric site as this appears to be, my inclination is to have a date 
(or event, etc.) content type along with content types for the types of events, 
like screenings or classes. I would likely take it a step further and create a 
type for course, as well, assuming that there is more than one class per 
course. I would pull these together using node relationships. The structure is 
a bit more intricate, but pulling reports like calendars becomes easier and 
more reliable.

For a major site, I forgo node content types in favor of entities.

Cary


 On Feb 23, 2015, at 11:08 AM, Rob Dumas robdu...@gmail.com wrote:
 
 Right now, my partner and I are building a site for a local arts education
 group using a design started (but left unfinished) by someone else. The
 site is built using Drupal 7 with Views/Fields/Panels.
 
 There are a few content types used in the site:
 
 ## Screenings
 
 A Screening has a number of Fields such as *Director*, *Description*,
 *Featured Image*, etc. It also contains a Field Collection called Screening
 Dates, which allows the editor to attach multiple
 datetime/location/tickets-url sets.
 
 ## Classes and Class Sessions
 
 A Class is a general content type which contains general info about a
 course: *Title*, *Description*, *Tuition*, *Instructor*, etc. A Class
 Session asks the editor to select a Class (or fill in a field for one-off
 sessions) and includes fields for *Registration URL* and *Class Dates*
 (multiple entries allowed).
 
 ## Where We're Stuck
 
 The client wants a Calendar which lists all of the Screenings and Class
 Sessions. I can pull in the Class Sessions, but they only show on their
 first date, they show all of the dates on that one entry... and I can't
 seem to pull in the Screenings at all.
 
 Screenshots can be found in [this imgur album](http://imgur.com/a/fwUv8).

[CODE4LIB] Code4lib 2016 - tracks

[Cary Gordon]

We need to separate this from the location topic.

I don’t think that anything is set in stone. That said, I appreciate the single 
track nature of Code4LibCon, and it is what has driven me to attend over the 
last 8 years. I can and do go to several conferences that have tracks specific 
to my work. I go to Code4LibCon to learn things I don’t know about, often 
things I have never heard of.

Over that past couple years, there has also been a growing mix of tech and 
social tech issues, and the latter have taught me a lot about me as well, and 
are driving me — too slowly perhaps — to action (or is that proaction).

I never fail to learn something new, and that is what makes it worthwhile.

If Code4LibCon changes, I will be disappointed, but I will still go.

Cary

Re: [CODE4LIB] Communications — conference and otherwise

[Cary Gordon]

 to sign up for the dinner. The link to the
  Google
   Doc was posted in the wiki, under the Newcomer dinner entry.
  Communications
   to the list and users have linked to the wiki page (though I do count
 one
   communication to the group that I directly linked to the Google Doc).
  
   If folks did not like the Google Docs setup for the dinners this year,
   please let me know and I can always bring the signups back to the wiki
  for
   future dinners. Again, it was an experiment for this year :c)
  
   I cannot speak for the Eventbrite pages, but my understanding that
   Eventbrite came with DLF handling registration finances this year.
  
   Thanks,
   Becky
  
   On Tue, Feb 17, 2015 at 1:05 PM, Cary Gordon listu...@chillco.com
 javascript:;
  wrote:
  
   This really speaks to the c4l who’s-in-charge-here / nobody is in
  charge /
   take the ball and run with it zeitgeist.
  
   We have one person — Ryan Wick — who carries most of the load for the
   website and the wiki. I don’t think that he, or anyone else, takes
   responsibility for organizing the content. From here,it looks like
   everything is a mix of tradition and fire prevention. Accordingly,
 this
   year we had:
  
   — The conference web pages on code4lib.org
   — The usual assortment of pages on wiki.code4lib.org
   — The newcomer dinner page on Google Docs
   — Stuff on Eventbrite
  
   Resulting in a mix of the usual symptoms:
  
   — No single place to find stuff
   — Conflicting information
   — Not clear editorial policy
  
   So, what do we do, and who is this “we, anyhow?
  
   The conference organizers have control, in theory, but I think that
 they
   are understandably loath to mess with the traditional mix. There is no
   place for them to ask a question and get a single, cogent,
 authoritative
   answer.
  
   Code4lib itself isn’t really a thing, just an us, and we have been
 loath
   to form standing committees, although we have done that after a
 fashion
  for
   scholarships and the Journal. I think that the time has come for a
  Code4lib
   communications task force —I love that name — to address the structure
  of
   our public-facing resources. Any takers.
  
   In lieu of blessings from an executive structure, the task force can
 do
   something with pasta to confirm its authority.
  
   Any takers?
  
   Thanks,
  
   Cary
  
   On Feb 13, 2015, at 12:53 PM, Heller, Margaret mhell...@luc.edu
 javascript:;
  wrote:
  
   I think Sarah is absolutely right that we should have updated the
   conference information page with information about streaming, as I
 don't
   think most people not attending the conference would think to look at
  the
   wiki. Even if everyone forgot to do it during the conference that's a
  note
   to the future to remember to do it during the conference, and I've
  edited
   the page at http://code4lib.org/conference/2015 to give the link to
 the
   YouTube channel.
  
   And thanks so much video team!
  
   Margaret Heller
   Digital Services Librarian
   Loyola University Chicago
   773-508-2686
  
   -Original Message-
   From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU
 javascript:;] On Behalf
  Of
   Sarah Weissman
   Sent: Friday, February 13, 2015 2:18 PM
   To: CODE4LIB@LISTSERV.ND.EDU javascript:;
   Subject: Re: [CODE4LIB] Code4LibCon video crew thanks
  
   On Fri, Feb 13, 2015 at 2:38 PM, Francis Kayiwa kay...@pobox.com
 javascript:;
   wrote:
  
  
   Planning these things is tough work with numerous moving parts.
 Could
   it have been posted once we were underway? Perhaps. That said there
   was 450 odd people who were there none of whom (the author included)
   thought to send a message on availability of video to this listserv.
   (I know for certain it was tweeted and re-tweeted)
  
  
  
   I see what you are saying. I realize that logistics are tricky. I
 would
   have probably missed a mailing list message if it had come last
 minute.
  And
   I wasn't checking Twitter in a timely manner for updates on a
  conference I
   wasn't attending and therefore wasn't all that aware of the exact
 timing
   of. (Perhaps this is a great time to bump that librarians list to a
 more
   visible position in my Twitter feed...)
  
   And I should say that I'm glad that there is video to watch at all
 and
   grateful to the volunteer videographers that made it happen.
  
 



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] Communications — conference and otherwise (was: [CODE4LIB] Code4LibCon video crew thanks)

[Cary Gordon]

Please release me, let me go
For I can’t benefit from this anymore
To waste our lifes would be a sin
Release me and let me get to work again

With apologies to Jim Reeves

 On Feb 17, 2015, at 4:55 PM, [Becky Yoose] b.yo...@gmail.com wrote:
 
 /me wonders if this particular branch of the conversation would benefit from 
 reading the other branch where there is a action plan starting to formulate 
 to create better documentation + doc/comm practices; however, she does not 
 want to deny anyone the chance to continue this branch of the conversation.
 
 ...
 
 /me grabs popcorn as is customary in reading these type of branched 
 conversations, while starting to plot out areas/categories for this weekend's 
 doc dive.
 
 Thanks,
 Becky
 
 Sent from the ball and chain
 
 On Feb 17, 2015, at 6:27 PM, Cary Gordon listu...@chillco.com wrote:
 
 Sure. Until I can turn my Raspberry Pi into a Robo-brarian 5000, technology 
 alone is not going to be the answer. Choosing right tool for the job, 
 however, can provide some relief to the day-job-holding masses.
 
 Does/should becoming involved in Code4LibCon be the modern equivalent of 
 Myst?
 
 Cary
 
 On Feb 17, 2015, at 4:05 PM, Jonathan Rochkind rochk...@jhu.edu wrote:
 
 The conference organizers have control, in theory, but I think that they 
 are understandably loath to mess with the traditional mix. There is no 
 place for them to ask a question and get a single, cogent, authoritative 
 answer.
 
 Who is better to _provide_ a single authoritative answer about a conference 
 then the conference organizers? Why would they be looking to get a single 
 authoritative answer from someone else -- I'd assume everyone else would be 
 looking to them!
 
 I do see how the decentralized nobody-in-charge but 
 everybody-willing-to-complain nature of Code4Lib as a community (rather 
 than an organization) poses some challenges. (It also provides some 
 advantages, everything is a trade-off, although not all trade-offs are 
 equal, and the best trade-off may change when the context changes). 
 
 But, I'm not sure this is a technology/tooling problem. As we all have to 
 remember at our day jobs too, don't look for technological product 
 solutions to social/organizational problems. They aren't going to be 
 successful, but you can spend a lot of resources learning that. 
 
 Jonathan

Re: [CODE4LIB] Communications — conference and otherwise (was: [CODE4LIB] Code4LibCon video crew thanks)

[Cary Gordon]

The issue isn’t so much pointing to the places and figuring out what goes 
where. There does not seem to be one canonical location for each morsel of 
information, and I don’t know if more guidelines or rules are going to solve 
the problem. Becky is on point about the wiki being problematic, particularly 
when folks who are not experienced with it, or registered to use it want to 
sign up for a newcomer dinner the day before.

Cary


 On Feb 17, 2015, at 1:37 PM, Roy Tennant roytenn...@gmail.com wrote:
 
 So wouldn't this be solved by having one authoritative place to point to
 all of the various pieces related to a particular conference? Perhaps all
 we need to do is to be better about making sure that the Conference page on
 code4lib.org http://code4lib.org/ points to *everything* relating to that 
 conference. That seems
 achievable to me.
 Roy
 
 On Tue, Feb 17, 2015 at 1:28 PM, Cary Gordon listu...@chillco.com 
 mailto:listu...@chillco.com wrote:
 
 I have no issue with Google Docs or Eventbrite. My point is that it is hard
 for me to find stuff when it is in so many systems, and I am used to it. I
 think that it is time to do something about it.
 
 On Tuesday, February 17, 2015, Becky Yoose b.yo...@gmail.com wrote:
 
 Cary,
 
 I can speak to the signup for the Newcomer Dinner signup - previous years
 had the signup on the wiki, but this year we decided to try something
 different for the signup that didn't require an additional account to
 sign
 up. This should have given Ryan a bit of a break with people requesting
 wiki accounts last minute to sign up for the dinner. The link to the
 Google
 Doc was posted in the wiki, under the Newcomer dinner entry.
 Communications
 to the list and users have linked to the wiki page (though I do count one
 communication to the group that I directly linked to the Google Doc).
 
 If folks did not like the Google Docs setup for the dinners this year,
 please let me know and I can always bring the signups back to the wiki
 for
 future dinners. Again, it was an experiment for this year :c)
 
 I cannot speak for the Eventbrite pages, but my understanding that
 Eventbrite came with DLF handling registration finances this year.
 
 Thanks,
 Becky
 
 On Tue, Feb 17, 2015 at 1:05 PM, Cary Gordon listu...@chillco.com
 javascript:; wrote:
 
 This really speaks to the c4l who’s-in-charge-here / nobody is in
 charge
 /
 take the ball and run with it zeitgeist.
 
 We have one person — Ryan Wick — who carries most of the load for the
 website and the wiki. I don’t think that he, or anyone else, takes
 responsibility for organizing the content. From here,it looks like
 everything is a mix of tradition and fire prevention. Accordingly, this
 year we had:
 
 — The conference web pages on code4lib.org http://code4lib.org/
 — The usual assortment of pages on wiki.code4lib.org 
 http://wiki.code4lib.org/
 — The newcomer dinner page on Google Docs
 — Stuff on Eventbrite
 
 Resulting in a mix of the usual symptoms:
 
 — No single place to find stuff
 — Conflicting information
 — Not clear editorial policy
 
 So, what do we do, and who is this “we, anyhow?
 
 The conference organizers have control, in theory, but I think that
 they
 are understandably loath to mess with the traditional mix. There is no
 place for them to ask a question and get a single, cogent,
 authoritative
 answer.
 
 Code4lib itself isn’t really a thing, just an us, and we have been
 loath
 to form standing committees, although we have done that after a fashion
 for
 scholarships and the Journal. I think that the time has come for a
 Code4lib
 communications task force —I love that name — to address the structure
 of
 our public-facing resources. Any takers.
 
 In lieu of blessings from an executive structure, the task force can do
 something with pasta to confirm its authority.
 
 Any takers?
 
 Thanks,
 
 Cary
 
 On Feb 13, 2015, at 12:53 PM, Heller, Margaret mhell...@luc.edu 
 mailto:mhell...@luc.edu
 javascript:; wrote:
 
 I think Sarah is absolutely right that we should have updated the
 conference information page with information about streaming, as I
 don't
 think most people not attending the conference would think to look at
 the
 wiki. Even if everyone forgot to do it during the conference that's a
 note
 to the future to remember to do it during the conference, and I've
 edited
 the page at http://code4lib.org/conference/2015 
 http://code4lib.org/conference/2015 to give the link to
 the
 YouTube channel.
 
 And thanks so much video team!
 
 Margaret Heller
 Digital Services Librarian
 Loyola University Chicago
 773-508-2686
 
 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU 
 mailto:CODE4LIB@LISTSERV.ND.EDU
 javascript:;] On Behalf Of
 Sarah Weissman
 Sent: Friday, February 13, 2015 2:18 PM
 To: CODE4LIB@LISTSERV.ND.EDU mailto:CODE4LIB@LISTSERV.ND.EDU 
 javascript:;
 Subject: Re: [CODE4LIB] Code4LibCon video crew thanks
 
 On Fri, Feb 13, 2015 at 2:38 PM, Francis

Re: [CODE4LIB] Communications — conference and otherwise (was: [CODE4LIB] Code4LibCon video crew thanks)

[Cary Gordon]

Sure. Until I can turn my Raspberry Pi into a Robo-brarian 5000, technology 
alone is not going to be the answer. Choosing right tool for the job, however, 
can provide some relief to the day-job-holding masses.

Does/should becoming involved in Code4LibCon be the modern equivalent of Myst?

Cary
 
 On Feb 17, 2015, at 4:05 PM, Jonathan Rochkind rochk...@jhu.edu wrote:
 
 The conference organizers have control, in theory, but I think that they are 
 understandably loath to mess with the traditional mix. There is no place for 
 them to ask a question and get a single, cogent, authoritative answer.
 
 Who is better to _provide_ a single authoritative answer about a conference 
 then the conference organizers? Why would they be looking to get a single 
 authoritative answer from someone else -- I'd assume everyone else would be 
 looking to them!
 
 I do see how the decentralized nobody-in-charge but 
 everybody-willing-to-complain nature of Code4Lib as a community (rather than 
 an organization) poses some challenges. (It also provides some advantages, 
 everything is a trade-off, although not all trade-offs are equal, and the 
 best trade-off may change when the context changes). 
 
 But, I'm not sure this is a technology/tooling problem. As we all have to 
 remember at our day jobs too, don't look for technological product solutions 
 to social/organizational problems. They aren't going to be successful, but 
 you can spend a lot of resources learning that. 
 
 Jonathan

[CODE4LIB] Communications — conference and otherwise (was: [CODE4LIB] Code4LibCon video crew thanks)

[Cary Gordon]

This really speaks to the c4l who’s-in-charge-here / nobody is in charge / take 
the ball and run with it zeitgeist.

We have one person — Ryan Wick — who carries most of the load for the website 
and the wiki. I don’t think that he, or anyone else, takes responsibility for 
organizing the content. From here,it looks like everything is a mix of 
tradition and fire prevention. Accordingly, this year we had:

— The conference web pages on code4lib.org
— The usual assortment of pages on wiki.code4lib.org
— The newcomer dinner page on Google Docs
— Stuff on Eventbrite

Resulting in a mix of the usual symptoms:

— No single place to find stuff
— Conflicting information
— Not clear editorial policy

So, what do we do, and who is this “we, anyhow?

The conference organizers have control, in theory, but I think that they are 
understandably loath to mess with the traditional mix. There is no place for 
them to ask a question and get a single, cogent, authoritative answer.

Code4lib itself isn’t really a thing, just an us, and we have been loath to 
form standing committees, although we have done that after a fashion for 
scholarships and the Journal. I think that the time has come for a Code4lib 
communications task force —I love that name — to address the structure of our 
public-facing resources. Any takers.

In lieu of blessings from an executive structure, the task force can do 
something with pasta to confirm its authority.

Any takers?

Thanks,

Cary

 On Feb 13, 2015, at 12:53 PM, Heller, Margaret mhell...@luc.edu wrote:
 
 I think Sarah is absolutely right that we should have updated the conference 
 information page with information about streaming, as I don't think most 
 people not attending the conference would think to look at the wiki. Even if 
 everyone forgot to do it during the conference that's a note to the future to 
 remember to do it during the conference, and I've edited the page at 
 http://code4lib.org/conference/2015 to give the link to the YouTube channel.
 
 And thanks so much video team!
 
 Margaret Heller
 Digital Services Librarian
 Loyola University Chicago
 773-508-2686
 
 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Sarah 
 Weissman
 Sent: Friday, February 13, 2015 2:18 PM
 To: CODE4LIB@LISTSERV.ND.EDU
 Subject: Re: [CODE4LIB] Code4LibCon video crew thanks
 
 On Fri, Feb 13, 2015 at 2:38 PM, Francis Kayiwa kay...@pobox.com wrote:
 
 
 Planning these things is tough work with numerous moving parts. Could 
 it have been posted once we were underway? Perhaps. That said there 
 was 450 odd people who were there none of whom (the author included) 
 thought to send a message on availability of video to this listserv. 
 (I know for certain it was tweeted and re-tweeted)
 
 
 
 I see what you are saying. I realize that logistics are tricky. I would have 
 probably missed a mailing list message if it had come last minute. And I 
 wasn't checking Twitter in a timely manner for updates on a conference I 
 wasn't attending and therefore wasn't all that aware of the exact timing of. 
 (Perhaps this is a great time to bump that librarians list to a more visible 
 position in my Twitter feed...)
 
 And I should say that I'm glad that there is video to watch at all and 
 grateful to the volunteer videographers that made it happen.

Re: [CODE4LIB] Communications — conference and otherwise (was: [CODE4LIB] Code4LibCon video crew thanks)

[Cary Gordon]

I have no issue with Google Docs or Eventbrite. My point is that it is hard
for me to find stuff when it is in so many systems, and I am used to it. I
think that it is time to do something about it.

On Tuesday, February 17, 2015, Becky Yoose b.yo...@gmail.com wrote:

 Cary,

 I can speak to the signup for the Newcomer Dinner signup - previous years
 had the signup on the wiki, but this year we decided to try something
 different for the signup that didn't require an additional account to sign
 up. This should have given Ryan a bit of a break with people requesting
 wiki accounts last minute to sign up for the dinner. The link to the Google
 Doc was posted in the wiki, under the Newcomer dinner entry. Communications
 to the list and users have linked to the wiki page (though I do count one
 communication to the group that I directly linked to the Google Doc).

 If folks did not like the Google Docs setup for the dinners this year,
 please let me know and I can always bring the signups back to the wiki for
 future dinners. Again, it was an experiment for this year :c)

 I cannot speak for the Eventbrite pages, but my understanding that
 Eventbrite came with DLF handling registration finances this year.

 Thanks,
 Becky

 On Tue, Feb 17, 2015 at 1:05 PM, Cary Gordon listu...@chillco.com
 javascript:; wrote:

  This really speaks to the c4l who’s-in-charge-here / nobody is in charge
 /
  take the ball and run with it zeitgeist.
 
  We have one person — Ryan Wick — who carries most of the load for the
  website and the wiki. I don’t think that he, or anyone else, takes
  responsibility for organizing the content. From here,it looks like
  everything is a mix of tradition and fire prevention. Accordingly, this
  year we had:
 
  — The conference web pages on code4lib.org
  — The usual assortment of pages on wiki.code4lib.org
  — The newcomer dinner page on Google Docs
  — Stuff on Eventbrite
 
  Resulting in a mix of the usual symptoms:
 
  — No single place to find stuff
  — Conflicting information
  — Not clear editorial policy
 
  So, what do we do, and who is this “we, anyhow?
 
  The conference organizers have control, in theory, but I think that they
  are understandably loath to mess with the traditional mix. There is no
  place for them to ask a question and get a single, cogent, authoritative
  answer.
 
  Code4lib itself isn’t really a thing, just an us, and we have been loath
  to form standing committees, although we have done that after a fashion
 for
  scholarships and the Journal. I think that the time has come for a
 Code4lib
  communications task force —I love that name — to address the structure of
  our public-facing resources. Any takers.
 
  In lieu of blessings from an executive structure, the task force can do
  something with pasta to confirm its authority.
 
  Any takers?
 
  Thanks,
 
  Cary
 
   On Feb 13, 2015, at 12:53 PM, Heller, Margaret mhell...@luc.edu
 javascript:; wrote:
  
   I think Sarah is absolutely right that we should have updated the
  conference information page with information about streaming, as I don't
  think most people not attending the conference would think to look at the
  wiki. Even if everyone forgot to do it during the conference that's a
 note
  to the future to remember to do it during the conference, and I've edited
  the page at http://code4lib.org/conference/2015 to give the link to the
  YouTube channel.
  
   And thanks so much video team!
  
   Margaret Heller
   Digital Services Librarian
   Loyola University Chicago
   773-508-2686
  
   -Original Message-
   From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU
 javascript:;] On Behalf Of
  Sarah Weissman
   Sent: Friday, February 13, 2015 2:18 PM
   To: CODE4LIB@LISTSERV.ND.EDU javascript:;
   Subject: Re: [CODE4LIB] Code4LibCon video crew thanks
  
   On Fri, Feb 13, 2015 at 2:38 PM, Francis Kayiwa kay...@pobox.com
 javascript:;
  wrote:
  
  
   Planning these things is tough work with numerous moving parts. Could
   it have been posted once we were underway? Perhaps. That said there
   was 450 odd people who were there none of whom (the author included)
   thought to send a message on availability of video to this listserv.
   (I know for certain it was tweeted and re-tweeted)
  
  
  
   I see what you are saying. I realize that logistics are tricky. I would
  have probably missed a mailing list message if it had come last minute.
 And
  I wasn't checking Twitter in a timely manner for updates on a conference
 I
  wasn't attending and therefore wasn't all that aware of the exact timing
  of. (Perhaps this is a great time to bump that librarians list to a more
  visible position in my Twitter feed...)
  
   And I should say that I'm glad that there is video to watch at all and
  grateful to the volunteer videographers that made it happen.
 



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

[CODE4LIB] Code4LibCon video crew thanks

[Cary Gordon]

I want to deeply thank Ashley Blewer, Steven Anderson and Josh Wilson for 
running the video streaming and capture at Code4LibCon in Portland. Because of 
you, we had great video in real time (and I got to actually watch the 
presentations). I also want to again thank Riley Childs, who could not make it 
this year. Riley moved the bar up last year by putting together our YouTube 
presence.

For the second year running, we requested and were not allowed to setup and 
test the day before, and for the second year running lost part of the opening 
session. Fortunately, we did capture most of what did not get streamed on 
Tuesday, and I will put that online next week. There is always next year.

Thanks,

Cary

Re: [CODE4LIB] Encrypting EZProxy + SIP2 authentication

[Cary Gordon]

Alternatively, you might just connect them witn an actual private network.
If they are next to each other, this could be effected with a crossover
cable.

Cary

On Monday, February 2, 2015, MJ Ray m...@phonecoop.coop wrote:

 Jane Sandberg wrote:
  Am I missing some simpler option?  Our EZProxy is running on a Windows
  machine, by the way, and we use Evergreen as our ILS.  I'd love any
  advice or suggestions that you seasoned EZProxy experts can share.

 Set up a VPN between the two?  OpenVPN should run on both.

 Regards,
 --
 MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op
 http://koha-community.org supporter, web and library systems developer.
 In My Opinion Only: see http://mjr.towers.org.uk/email.html
 Available for hire (including development) at http://www.software.coop/



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] Code4Lib 2015 Newcomer Dinner Question

[Cary Gordon]

You will likely miss the official dinners, as pretty much all of those start 
at 6-6:30. Of course, you could just claim a restaurant on the list and have it 
start whenever you want.

Cary

 On Jan 28, 2015, at 12:15 PM, Matthew Sherman matt.r.sher...@gmail.com 
 wrote:
 
 Hi all,
 
 This question is directed at folks attending Code4Lib 2015 in almost a week
 and a half.  Are any of the groups for the dinner leaving after 7pm?  I ask
 as sadly my flight doesn't land until about 6:30 pm that day.  If anyone is
 eating a little later it would be great to join you guys.  Thanks for any
 info people can give.
 
 Matt Sherman

Re: [CODE4LIB] Conference photography policy

[Cary Gordon]

I think that requiring explicit permission from presenters is overly burdensome 
for the crew that is struggling to get the recordings up. I think that speakers 
and presenters should be informed that all presentations may be recorded and 
made available to the public unless they inform the conference committee that 
they do not want to be recorded before their presentation begins.

If they object, the video crew will refrain from capturing their presentation.

If we do screen capture again, it is possible that presenter could have the 
option of allowing us to record their voice and screen. 

Cary

 On Jan 26, 2015, at 10:58 AM, Andreas Orphanides akorp...@ncsu.edu wrote:
 
 We would definitely want to both give notice to the presenters that the
 plan is to record and to get consent (or dissent) ahead of time, so that we
 can plan AV appropriately if someone does not want to be broadcast. It
 would be awful to broadcast someone who didn't consent to it; nor would we
 want to have to disrupt things in progress to adjust for an unexpected
 dissent that should/could have been expected.
 
 On Mon, Jan 26, 2015 at 1:55 PM, Tara Robertson trobert...@langara.bc.ca
 wrote:
 
 I love this conversation.
 
 WRT presenters, I think it's good to be explicit that the plan is to
 stream and record. It would be good practice to have presenters sign a
 consent form agreeing to this.
 
 Tara
 
 
 
 On 26/01/2015 10:42 AM, Andreas Orphanides wrote:
 
 Sounds like we've got an established practice in place, then. Awesome.
 
 Wouldn't hurt for us to clarify any policy we decide on to state that
 presenters are welcome to not consent to webcast.
 
 On Mon, Jan 26, 2015 at 1:41 PM, William Denton w...@pobox.com wrote:
 
 On 26 January 2015, Andreas Orphanides wrote:
 
  Not to complicate things: shall (or *how shall*) we accommodate
 requests
 
 from presenters who might have a no photo preference vis-a-vis
 conference
 webcast?
 
 A few years ago a speaker didn't want to be filmed, and someone turned
 off
 the camera and put a paper bag over it for the duration.
 
 Bill
 --
 William Denton ↔  Toronto, Canada ↔  https://www.miskatonic.org/
 
 
 
 --
 
 Tara Robertson
 
 Accessibility Librarian, CAPER-BC http://caperbc.ca/
 T  604.323.5254
 F  604.323.5954
 trobert...@langara.bc.ca mailto:Tara%20Robertson%20%
 3ctrobert...@langara.bc.ca%3E
 
 Langara. http://www.langara.bc.ca
 
 100 West 49th Avenue, Vancouver, BC, V5Y 2Z6
 

Re: [CODE4LIB] Code4LibCon video

[Cary Gordon]

That would be great, as long as we could do a run-through with everyone on 
Monday afternoon. I think that it would take 45 min to an hour max.

Thanks,

Cary

 On Jan 26, 2015, at 5:10 PM, Tom Johnson johnson.tom+code4...@gmail.com 
 wrote:
 
 I can supply a Macbook.
 
 Thanks Cary, for your offer to bring equipment.  My hope is that someone
 will step forward to coordinate the stream; it should be something that we
 can bring volunteers on board for if we can arrange for a
 morning/handoff/afternoon cycle, rather than a multi-day commitment.
 
 - Tom
 
 On Mon, Jan 26, 2015 at 4:38 PM, Cary Gordon listu...@chillco.com 
 mailto:listu...@chillco.com wrote:
 
 Correction: We need a Mac, as my encoder is Thunderbolt.
 
 I will try to rebuild my MacBook Pro, if I gat a chance.
 
 
 On Jan 26, 2015, at 4:36 PM, Cary Gordon listu...@chillco.com wrote:
 
 Just to be clear, I am providing equipment and will set it up, but I do
 not believe that we have a streaming crew at this time.
 
 Riley and I spent almost every moment of the last Con doing this, so
 while I am willing to teach and help, I am not going to be the video guy
 again.
 
 We also need a decent computer. I am most familiar with Macs, but a PC
 will do. Linux is not an option.
 
 Thanks,
 
 Cary
 
 On Jan 26, 2015, at 4:26 PM, Ranti Junus ranti.ju...@gmail.com
 mailto:ranti.ju...@gmail.com mailto:ranti.ju...@gmail.com wrote:
 
 I agree that streaming crew should be free from doing the paperwork.
 Tara
 has volunteered to be the paperwork person and I'm volunteering to
 help
 her out.
 
 I think streaming crew, Tara, and I can discuss separately on things
 that
 are need to be done or information we should provide (e.g. list of those
 who opt-out, their talk schedule, etc.) to the streaming crew.
 
 
 thanks,
 ranti.
 
 On Mon, Jan 26, 2015 at 7:07 PM, Cary Gordon listu...@chillco.com 
 mailto:listu...@chillco.com
 mailto:listu...@chillco.com mailto:listu...@chillco.com wrote:
 
 To be clear, what I said or tried to say is that the streaming crew
 needs
 to know if he presenter does not wish to be shown, or if they do not
 want
 their presentation shown before they start presenting. At least one
 full
 minute before would be great. They can take our word that we will honor
 their wishes.
 
 I think that it is fair to say that nobody involved with the video
 wants
 anything to do with paperwork, and if anyone has the time and energy
 to do
 that, their time would be better spent actually working on the video
 crew,
 which at this point is virtually nonexistent.
 
 Every presenter should know that we will be putting up video of their
 session or talk on our YouTube channel with a CC license, unless they
 demure. We should have a small sign to that effect at the podium, as
 well.
 
 
 --
 Cary Gordon
 The Cherry Hill Company
 http://chillco.com http://chillco.com/ http://chillco.com/ 
 http://chillco.com/
 
 
 
 
 --
 Bulk mail.  Postage paid.

Re: [CODE4LIB] Conference photography policy

[Cary Gordon]

To be clear, what I said or tried to say is that the streaming crew needs
to know if he presenter does not wish to be shown, or if they do not want
their presentation shown before they start presenting. At least one full
minute before would be great. They can take our word that we will honor
their wishes.

I think that it is fair to say that nobody involved with the video wants
anything to do with paperwork, and if anyone has the time and energy to do
that, their time would be better spent actually working on the video crew,
which at this point is virtually nonexistent.

Every presenter should know that we will be putting up video of their
session or talk on our YouTube channel with a CC license, unless they
demure. We should have a small sign to that effect at the podium, as well.

On Monday, January 26, 2015, Schwartz, Raymond schwart...@wpunj.edu wrote:

 I would agree with Cary. An Opt-Out policy would be more workable for
 presenters. As you all know, I have been taking many photos over the years
 at this conference (see the 6 albums from 2008 to 2013 at
 https://www.flickr.com/photos/schwartzray/collections/72157604027074852/https://www.flickr.com/photos/schwartzray/collections/72157604027074852/).
 Though I still take candid photos, (BTW Andromeda has ask to use this one
 for her keynote
 https://www.flickr.com/photos/schwartzray/4393750460/in/set-72157623395853351https://www.flickr.com/photos/schwartzray/4393750460/in/set-72157623395853351),
 generally these days I take candids of people I am somewhat 'acquainted'
 with.  Only on two occasions I do recall that the person photographed later
 asked to delete/or not take the pic-which of course I did.

 For photographers, color coded lanyards would be easier to spot.  And if
 any were accidentally caught in a frame, it could be deleted or the portion
 blacked out.

 /Ray



 
 From: Code for Libraries [CODE4LIB@LISTSERV.ND.EDU javascript:;] on
 behalf of Cary Gordon [listu...@chillco.com javascript:;]
 Sent: Monday, January 26, 2015 3:00 PM
 To: CODE4LIB@LISTSERV.ND.EDU javascript:;
 Subject: Re: [CODE4LIB] Conference photography policy

 I think that requiring explicit permission from presenters is overly
 burdensome for the crew that is struggling to get the recordings up. I
 think that speakers and presenters should be informed that all
 presentations may be recorded and made available to the public unless they
 inform the conference committee that they do not want to be recorded before
 their presentation begins.

 If they object, the video crew will refrain from capturing their
 presentation.

 If we do screen capture again, it is possible that presenter could have
 the option of allowing us to record their voice and screen.

 Cary

  On Jan 26, 2015, at 10:58 AM, Andreas Orphanides akorp...@ncsu.edu
 javascript:; wrote:
 
  We would definitely want to both give notice to the presenters that the
  plan is to record and to get consent (or dissent) ahead of time, so that
 we
  can plan AV appropriately if someone does not want to be broadcast. It
  would be awful to broadcast someone who didn't consent to it; nor would
 we
  want to have to disrupt things in progress to adjust for an unexpected
  dissent that should/could have been expected.
 
  On Mon, Jan 26, 2015 at 1:55 PM, Tara Robertson 
 trobert...@langara.bc.ca javascript:;
  wrote:
 
  I love this conversation.
 
  WRT presenters, I think it's good to be explicit that the plan is to
  stream and record. It would be good practice to have presenters sign a
  consent form agreeing to this.
 
  Tara
 
 
 
  On 26/01/2015 10:42 AM, Andreas Orphanides wrote:
 
  Sounds like we've got an established practice in place, then. Awesome.
 
  Wouldn't hurt for us to clarify any policy we decide on to state that
  presenters are welcome to not consent to webcast.
 
  On Mon, Jan 26, 2015 at 1:41 PM, William Denton w...@pobox.com
 javascript:; wrote:
 
  On 26 January 2015, Andreas Orphanides wrote:
 
  Not to complicate things: shall (or *how shall*) we accommodate
  requests
 
  from presenters who might have a no photo preference vis-a-vis
  conference
  webcast?
 
  A few years ago a speaker didn't want to be filmed, and someone
 turned
  off
  the camera and put a paper bag over it for the duration.
 
  Bill
  --
  William Denton ↔ Toronto, Canada ↔ https://www.miskatonic.org/
 
 
 
  --
 
  Tara Robertson
 
  Accessibility Librarian, CAPER-BC http://caperbc.ca/
  T 604.323.5254
  F 604.323.5954
  trobert...@langara.bc.ca javascript:; mailto:Tara%20Robertson%20%
 javascript:;
  3ctrobert...@langara.bc.ca javascript:;%3E
 
  Langara. http://www.langara.bc.ca
 
  100 West 49th Avenue, Vancouver, BC, V5Y 2Z6
 



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

[CODE4LIB] Code4LibCon video (Was: Re: [CODE4LIB] Conference photography policy)

[Cary Gordon]

Just to be clear, I am providing equipment and will set it up, but I do not 
believe that we have a streaming crew at this time.

Riley and I spent almost every moment of the last Con doing this, so while I am 
willing to teach and help, I am not going to be the video guy again.

We also need a decent computer. I am most familiar with Macs, but a PC will do. 
Linux is not an option.

Thanks,

Cary

 On Jan 26, 2015, at 4:26 PM, Ranti Junus ranti.ju...@gmail.com wrote:
 
 I agree that streaming crew should be free from doing the paperwork. Tara
 has volunteered to be the paperwork person and I'm volunteering to help
 her out.
 
 I think streaming crew, Tara, and I can discuss separately on things that
 are need to be done or information we should provide (e.g. list of those
 who opt-out, their talk schedule, etc.) to the streaming crew.
 
 
 thanks,
 ranti.
 
 On Mon, Jan 26, 2015 at 7:07 PM, Cary Gordon listu...@chillco.com 
 mailto:listu...@chillco.com wrote:
 
 To be clear, what I said or tried to say is that the streaming crew needs
 to know if he presenter does not wish to be shown, or if they do not want
 their presentation shown before they start presenting. At least one full
 minute before would be great. They can take our word that we will honor
 their wishes.
 
 I think that it is fair to say that nobody involved with the video wants
 anything to do with paperwork, and if anyone has the time and energy to do
 that, their time would be better spent actually working on the video crew,
 which at this point is virtually nonexistent.
 
 Every presenter should know that we will be putting up video of their
 session or talk on our YouTube channel with a CC license, unless they
 demure. We should have a small sign to that effect at the podium, as well.
 
 
 --
 Cary Gordon
 The Cherry Hill Company
 http://chillco.com
 
 
 
 
 -- 
 Bulk mail.  Postage paid.

Re: [CODE4LIB] Code4LibCon video (Was: Re: [CODE4LIB] Conference photography policy)

[Cary Gordon]

Correction: We need a Mac, as my encoder is Thunderbolt.

I will try to rebuild my MacBook Pro, if I gat a chance.


 On Jan 26, 2015, at 4:36 PM, Cary Gordon listu...@chillco.com wrote:
 
 Just to be clear, I am providing equipment and will set it up, but I do not 
 believe that we have a streaming crew at this time.
 
 Riley and I spent almost every moment of the last Con doing this, so while I 
 am willing to teach and help, I am not going to be the video guy again.
 
 We also need a decent computer. I am most familiar with Macs, but a PC will 
 do. Linux is not an option.
 
 Thanks,
 
 Cary
 
 On Jan 26, 2015, at 4:26 PM, Ranti Junus ranti.ju...@gmail.com 
 mailto:ranti.ju...@gmail.com wrote:
 
 I agree that streaming crew should be free from doing the paperwork. Tara
 has volunteered to be the paperwork person and I'm volunteering to help
 her out.
 
 I think streaming crew, Tara, and I can discuss separately on things that
 are need to be done or information we should provide (e.g. list of those
 who opt-out, their talk schedule, etc.) to the streaming crew.
 
 
 thanks,
 ranti.
 
 On Mon, Jan 26, 2015 at 7:07 PM, Cary Gordon listu...@chillco.com 
 mailto:listu...@chillco.com wrote:
 
 To be clear, what I said or tried to say is that the streaming crew needs
 to know if he presenter does not wish to be shown, or if they do not want
 their presentation shown before they start presenting. At least one full
 minute before would be great. They can take our word that we will honor
 their wishes.
 
 I think that it is fair to say that nobody involved with the video wants
 anything to do with paperwork, and if anyone has the time and energy to do
 that, their time would be better spent actually working on the video crew,
 which at this point is virtually nonexistent.
 
 Every presenter should know that we will be putting up video of their
 session or talk on our YouTube channel with a CC license, unless they
 demure. We should have a small sign to that effect at the podium, as well.
 
 
 --
 Cary Gordon
 The Cherry Hill Company
 http://chillco.com http://chillco.com/
 
 
 
 
 -- 
 Bulk mail.  Postage paid.
 

Re: [CODE4LIB] Wi-Fi location triangulation

[Cary Gordon]

Actually, I don’t think that it is necessary to give turn-by-turn directions in 
the library. A dot on an accurate floorpan should be sufficient.

Cary

 On Jan 19, 2015, at 5:46 AM, Jim Gilbert(WTPL) gilber...@whitehallpl.org 
 wrote:
 
 Look at retail wifi uses throughout the country.
 Large retails have the capability of tracking individual users through their 
 cell phone.
 Register that number with the retailer, and they can tailor coupons to you.
 
 From what I understand, it takes a robust infrastructure, and the APs aren't 
 exactly cheap.
 
 I suspect it is not so much triangulation, rather tracking AP range, and 
 where the user connects, and spends the most time connected to individual APs.
 
 I've see it in articles - but never paid attention, as it is out of my 
 budget; mission scope; and service parameters for offering wifi for browsing.
 
 James Gilbert, BS, MLIS
 Systems Librarian
 Whitehall Township Public Library
 3700 Mechanicsville Road
 Whitehall, PA 18052
 610-432-4339 ext: 203
 
 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Carol 
 Bean
 Sent: Monday, January 19, 2015 2:07 AM
 To: CODE4LIB@LISTSERV.ND.EDU
 Subject: Re: [CODE4LIB] Wi-Fi location triangulation
 
 Yeah,  This article (http://journal.code4lib.org/articles/5859) talks about 
 locating and tracking staff in a library, but it uses Androids with a phone 
 app built for the purpose.  
 
 Carol  
 
 --
 Carol Bean
 Sent with Sparrow (http://www.sparrowmailapp.com/?sig)
 
 
 On Monday, January 19, 2015 at 05:52, Cary Gordon wrote:
 
 It shouldn’t be impossible, but it would be tricky. Normally, users connect 
 to one access point at a time. To locate a user would require connecting to 
 two or three. I am sure that there is some utility library to do this, but 
 it would need to be incorporated in an app and loaded on the user side.
 
 Cary
 
 On Jan 18, 2015, at 7:24 AM, Fleming, Jason flemi...@uncw.edu 
 (mailto:flemi...@uncw.edu) wrote:
 
 Has anyone used Wi-Fi to determine a user's position within the library to 
 help them zero in on a book's location using their mobile browser?
 
 I've seen a number of interesting articles and posts, but haven't come 
 across any actual use cases. I'm wondering if all the metal shelving in a 
 library would make this impossible?
 
 Jason Fleming
 University of North Carolina Wilmington flemi...@uncw.edu 
 (mailto:flemi...@uncw.edu)
 
 
 
 

Re: [CODE4LIB] Wi-Fi location triangulation

[Cary Gordon]

Right. The user would need an app to do this.

Cary

 On Jan 19, 2015, at 11:44 AM, Richard, Joel M richar...@si.edu wrote:
 
 I thought that the Smithsonian was working with ... someone on this. Maybe 
 Google since they are mapping the insides of some of our museums. The process 
 they used goes something like this:
 
 They send a person to walk around the building with a laptop measuring the 
 varying strengths of signal from all of the wifi access points from many 
 physical locations in the building and record that info into a database. Then 
 as a person walks around the building, they know where they are based on the 
 relative strengths of the various devices. If a device moves or is replaced, 
 then you have to measure again to get a new database. 
 
 You don't actually need to connect to the access point to know the strength 
 of signal from it. Retail stores are also starting to use this technology to 
 track what parts of the store people spend time in. They can track the 
 location of a particular wifi device even if it's not connected to the 
 network. So the tech exists, to work both ways. :) 
 
 --Joel
 
 
 Joel Richard
 Lead Web Developer, Web Services Department
 Smithsonian Libraries | http://library.si.edu/
 (202) 633-1706 | richar...@si.edu
 
 
 From: Code for Libraries [CODE4LIB@LISTSERV.ND.EDU] on behalf of Cary Gordon 
 [listu...@chillco.com]
 Sent: Sunday, January 18, 2015 11:52 PM
 To: CODE4LIB@LISTSERV.ND.EDU
 Subject: Re: [CODE4LIB] Wi-Fi location triangulation
 
 It shouldn’t be impossible, but it would be tricky. Normally, users connect 
 to one access point at a time. To locate a user would require connecting to 
 two or three. I am sure that there is some utility library to do this, but it 
 would need to be incorporated in an app and loaded on the user side.
 
 Cary
 
 On Jan 18, 2015, at 7:24 AM, Fleming, Jason flemi...@uncw.edu wrote:
 
 Has anyone used Wi-Fi to determine a user's position within the library to 
 help them zero in on a book's location using their mobile browser?
 
 I've seen a number of interesting articles and posts, but haven't come 
 across any actual use cases. I'm wondering if all the metal shelving in a 
 library would make this impossible?
 
 Jason Fleming
 University of North Carolina Wilmington
 flemi...@uncw.edu

Re: [CODE4LIB] Web app for material order

[Cary Gordon]

This would be pretty simple to build with Drupal webforms, workflow or 
workbench and views.

Cary

 On Dec 15, 2014, at 2:39 PM, Kaile Zhu kz...@uco.edu wrote:
 
 This is mainly for acquisition dept. to use before ordering and receiving:
 
 1.   Web based
 
 2.   Allow librarians and faculty to request a material
 
 3.   One requested, notify acquisition staff for process
 
 4.   Acquisition staff can view, edit,  input the order status
 
 5.   Generate reports by various parameters, such as requester, dates, 
 departments, vendors, etc.
 
 Basically, this is before an order goes into the ILS.
 
 Has anybody already done something like this?Currently, we do the job by 
 email.  There is no way we can track the pre-order information in a 
 meaningful way.
 
 Thanks.
 
 Kelly Zhu
 405-974-5947

Re: [CODE4LIB] Web app for material order

[Cary Gordon]

This looks very interesting. Is it licensed under an open source license?

If it is, it would be totally appropriate to put it on GitHub and let the 
community build it out. All that is needed is the aforementioned license and 
some person or cult to vet pull requests and coordinate testing.

I think that trying to organize a formal project ala Sakai would require 
committed resources and be very hard to pull off.

Thanks,

Cary

 On Dec 15, 2014, at 6:23 PM, KLINGLER, THOMAS t...@kent.edu wrote:
 
 At Kent State in recent years we've built a system, Selection Manager (TM) , 
 that does all these things and much more.  In addition to the five items 
 below in Kelly's request, it allows folks to see everything under review.  If 
 you're authenticated with campus credentials, you can access trial URLs and 
 passwords, enter scores and reviews, see scores and reviews from throughout 
 campus, get alerts to item status changes,.   Staff can track basic 
 license parameters, track multiple vendor quotes, assign workflow components 
 to other staff,.export the license and bib info into the local ILS,...  
 Search by subject, vendor , title,... sort for all active trials,...etc, etc, 
 etc
 
 We have used Selection Manager in production at Kent State for several years 
 in Technical Services and don't know how we lived without it.  The thousands 
 of emails are gone and every 
 request/quote/trial/decision/evaluation/score/fund suggestion/ etc is tracked 
 in Selection  Manager.
 
 Funny that Kelly says  this is before an order goes into the ILS. When the 
 system was under development, my project name for it was:  Pre-ILS.  I chose 
 the name to indicate that the system was designed to track all the selection 
 work that happened BEFORE an item found its way into the ILS.  For years now 
 I've said that Pre-ILS, now Selection Manager, is the ILS module that the ILS 
 vendor community forgot to build for the past forty years !!
 
 
 The super simple public view is available here:
 
 Splash page:
 http://www2.kent.edu/library/about/depts/technicalservices/selection-manager.cfm
 
 Selection Manager:
 http://apps.library.kent.edu/selectionmanager/
 
 
 
 Recent presentation with tons of screen shots:
 http://works.bepress.com/tom_klingler/6/
 
 
 At the public, non-authenticated page, you can only see the simple level.  
 Campus authentication is required to see trial info and submit scores.  
 Library intranet access is necessary for the staff side and the workflow 
 operations.
 
 Over the years, I've shown Selection Manager at lots of conferences, and, all 
 modesty aside, folks uniformly love it.  As I approach retirement, I've been 
 showing it to lots of vendors and telling them to just take the ideas and 
 build it out.  Have shown it to III, ProQuest, EBSCO, etc.  ...nobody has 
 agreed to proceed, even though I say all I'd want in return is a steak and a 
 martini.
 
 *I propose that we make Selection Manager into an Open Source project of 
 the Code4Lib community.  (We wrote it too fast and hard-wired it in to too 
 much of our existing automation; hence,  it's not on GitHub.) We could 
 organize a team, write the specs, abstract things out to a level where the 
 system would have modules that allowed everything to be configurable for a 
 local install.  The current system is about 10,000 lines of PHP and was about 
 a man-year of work.  I'd guess that we'd want a team of about 5 
 selection/acquisitions folks to review/write/refresh the specifications and 
 about 5 developers to work as a team to build out the thing.  Then we would 
 ALL end up with a rich system that was hugely helpful.  And, we'd end up with 
 a community of devoted developers and users who could support each other and 
 the system going forward.
 
 Of course this sounds like a wacky idea, and, yes, I'm an old software hippie 
 by nature,but, let me know if you're interested in the project.
 
 If you've read this far, thanks for your time and attention.
 
 Tom Klingler
 Assistant Dean for Systems, Collections,and Technical Services
 Kent State University
 
 
 
 
 
 
 On Dec 15, 2014, at 6:39 PM, Cary Gordon listu...@chillco.com wrote:
 
 This would be pretty simple to build with Drupal webforms, workflow or 
 workbench and views.
 
 Cary
 
 On Dec 15, 2014, at 2:39 PM, Kaile Zhu kz...@uco.edu wrote:
 
 This is mainly for acquisition dept. to use before ordering and receiving:
 
 1.   Web based
 
 2.   Allow librarians and faculty to request a material
 
 3.   One requested, notify acquisition staff for process
 
 4.   Acquisition staff can view, edit,  input the order status
 
 5.   Generate reports by various parameters, such as requester, dates, 
 departments, vendors, etc.
 
 Basically, this is before an order goes into the ILS.
 
 Has anybody already done something like this?Currently, we do the job 
 by email.  There is no way we can track the pre-order information in a 
 meaningful way

Re: [CODE4LIB] looking for a good PHP table-manipulating class

[Cary Gordon]

Where do the data come from? An array?

Cary

 On Dec 11, 2014, at 1:32 PM, Ken Irwin kir...@wittenberg.edu wrote:
 
 Hi folks,
 
 I'm hoping to find a PHP class that designed to display data in tables, 
 preferably able to do two things:
 1. Swap the x- and y-axis, so you could arbitrarily show the table with 
 y=Puppies, x=Kittens or y=Kittens,x=Puppies
 2. Display the table either using plain text columns or formatted html
 
 I feel confident that in a world of 7 billion people, someone must have 
 wanted this before.
 
 Any ideas?
 
 Thanks
 Ken

Re: [CODE4LIB] looking for a good PHP table-manipulating class

[Cary Gordon]

Of course, the easiest thing to do is search for “php pivot tables”. There are 
many libraries for this, although I don’t recall any that output “plain text”. 
There are some ultra-slick ones that you can buy if you want the output to look 
like something from Excel in 1998.

Cary


 On Dec 11, 2014, at 4:15 PM, Cary Gordon listu...@chillco.com wrote:
 
 Where do the data come from? An array?
 
 Cary
 
 On Dec 11, 2014, at 1:32 PM, Ken Irwin kir...@wittenberg.edu wrote:
 
 Hi folks,
 
 I'm hoping to find a PHP class that designed to display data in tables, 
 preferably able to do two things:
 1. Swap the x- and y-axis, so you could arbitrarily show the table with 
 y=Puppies, x=Kittens or y=Kittens,x=Puppies
 2. Display the table either using plain text columns or formatted html
 
 I feel confident that in a world of 7 billion people, someone must have 
 wanted this before.
 
 Any ideas?
 
 Thanks
 Ken
 

Re: [CODE4LIB] Update on Code4Lib 2015 registration info

[Cary Gordon]

Crazy low, but who am I to complain?

 On Dec 5, 2014, at 1:08 PM, Tom Johnson johnson.tom+code4...@gmail.com 
 wrote:
 
 We're pinning it to $175 for main conference registration, $30 for
 preconference (full day), and $15 for preconference (half day).
 
 On Fri, Dec 5, 2014 at 7:49 AM, Matthew Sherman matt.r.sher...@gmail.com
 wrote:
 
 Has the registration price been settled on yet?  My department wants exact
 numbers before they will process the travel request so it would be helpful
 to know.
 
 On Mon, Dec 1, 2014 at 6:54 PM, Tom Johnson 
 johnson.tom+code4...@gmail.com
 wrote:
 
 I'll update the conference page to include all of the below:
 
 1. The block rate for the conference hotel is $129/night for a single or
 double.  That rate is available Sunday through Thursday nights, and the
 link/info for the hotel rate will be included in the registration form.
 
 2. The registration will be under $200; hopefully substantially under.
 We're busy finalizing this.
 
 3. TriMet's MAX Red Line runs between the airport and a few blocks from
 the
 hotel every 15 minutes from 5 am to 11:30 pm. There is also a downtown
 shuttle that can be booked for extended hours right to the Hilton for $14
 one-way or $24 round trip
 http://www.bluestarbus.com/downtown-shuttle-schedule.php.
 
 4. Registration is planned to open Dec. 8th (next Monday).  I will
 include
 a time in what I post to the conference page.
 
 5. Beyond the vote link posted previously, the program committee is
 scheduled to meet later this week to finalize the schedule and presenter
 list. The local committee will work with them to get a final presentation
 list up before the 8th.
 
 We are capping the registration numbers higher than in previous years
 (450-500), and our hope is not to sell out (or rather, to sell out
 exactly
 and turn not a soul away).
 
 Thanks for prodding us to get this information out!
 
 - Tom
 
 
 On Mon, Dec 1, 2014 at 2:26 PM, Esmé Cowles escow...@ticklefish.org
 wrote:
 
 Also not on the committee, but I can help with #3: getting to the
 conference is very easy by train: there's a train from the airport to
 downtown Portland, which stops less than 1/4 mile from the hotel, and
 costs
 $2.50 each way.
 
 -Esme
 
 On Dec 1, 2014, at 5:10 PM, Coral Sheldon-Hess 
 co...@sheldon-hess.org
 
 wrote:
 
 I'm not on the committee, but I can help with #5:
 http://vote.code4lib.org/election/results/33
 
 (Also here are the keynotes:
 http://vote.code4lib.org/election/results/31)
 
 - Coral
 
 On Mon, Dec 1, 2014 at 4:50 PM, Emily Lynema emily_lyn...@ncsu.edu
 wrote:
 
 I suspect that it is time to start planning travel requests for
 Code4Lib
 2015. Can the organizing committee provide some more info than what
 is
 currently available at http://code4lib.org/conference/2015/ such
 as:
 
 1. Hotel price
 2. Estimated registration (I know you don't know for sure yet!)
 3. Travel info (are there buses, shuttles, public transit, etc.)
 4. Date registration will open (again, just an idea of the timeline
 will
 help us plan for travel requests)
 5. An easy link to the proposals that were submitted / results of
 voting.
 
 This would be immensely helpful.
 
 Thanks!!
 
 
 
 --
 Emily Lynema
 Associate Department Head
 Information Technology, NCSU Libraries
 919-513-8031
 emily_lyn...@ncsu.edu
 
 
 
 

Re: [CODE4LIB] Red Hat Linux Satellite

[Cary Gordon]

Can’t you just install/enable the RHEL Extras repo? This works fine in CentOS.

Gobble,

Cary

 On Nov 26, 2014, at 11:44 AM, Francis Kayiwa kay...@pobox.com wrote:
 
 I'm wondering if there are any readers who are seasoned RHEL users who can 
 point me in The RHEL way of doing things.
 
 I work at a Red Hat Satellite organization and as a result the default 
 repository for our software is Red Hat Satellite. I'm attempting to install 
 docker software which according to my reading of the link is only available 
 for people who pay extra(?)
 
 https://access.redhat.com/articles/881893#get
 
 Is the Red Hat way in these type scenarios to ask our Satellite Admins to 
 add it?
 
 To build this and install as our own repo?
 
 To install Centos (my current solution)? Other?
 
 Thanks for any/all help.
 
 ./fxk
 
 -- 
 Noise proves nothing.  Often a hen who has merely laid an egg cackles
 as if she laid an asteroid.
   -- Mark Twain

[CODE4LIB] Code4Lib SoCal meeting tomorrow

[Cary Gordon]

Just a reminder that the Code4Lib SoCal group will be meeting tomorrow, 9
AM at the Los Angeles Public Library on 5th Street in downtown LA.

If you plan to attend, please sign up at
http://www.meetup.com/Code4lib-SoCal/


-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] Angel Funding for Code4lib 2015

[Cary Gordon]

I think that this is by and large a good idea, but if we want to expand it, we 
really should find a 501c3 to act as fiscal agent so that donations can be tax 
deductible. I don't think that we are ready to start our own, but feel free to 
prove me wrong.

Thanks,

Cary

 On Nov 17, 2014, at 12:13 PM, Francis Kayiwa kay...@pobox.com wrote:
 
 Hello,
 
 This has been discussed in the past and I recall Eric Morgan, Mike Giarlo and 
 Eric Hellman pull this off in 2011. So we are aiming to do this again this 
 year. What's that? you ask? Good question! ;-)
 
 Our goal is to raise enough money to add at least one more scholarship 
 recipient to the Diversity pool. What does this mean for you dear reader? It 
 is our hope that not much. It is our hope that you can donate to make this 
 happen.
 
 http://igg.me/p/code4lib-angel-fund/x/9163101
 
 Thanks for spreading this word or otherwise boosting this signal.
 
 Cheers,
 
 ./fxk and Tom Johnson
 
 -- 
 You'll never see all the places, or read all the books, but fortunately,
 they're not all recommended.

Re: [CODE4LIB] Angel Funding for Code4lib 2015

[Cary Gordon]

I wouldn't eschew making a donation were it not tax deductible, however some 
folks might be inclined to donate more if it were.

Cary

 On Nov 17, 2014, at 1:45 PM, Francis Kayiwa kay...@pobox.com wrote:
 
 On 11/17/14 4:32 PM, Edward M. Corrado wrote:
 Donations to CLIR are tax deductible (according to various websites
 that specialize in this type of thing) so it would be great if they
 can make donations to this cause tax-deductible. I'm not a tax lawyer
 so I have no idea how that would work, but it would be great if it
 did.
 
 Okay perhaps I jumped the gun there in setting this up and it wasn't until 
 Cary's note that it dawned on me that I could have done that.
 
 You are right DLF is tax indeed deductible. Now we have two problems however 
 -one which you readily admit you have no idea how to solve.
 
 As it is, I will work with CLIR/DLF to set this up but it will be in the Dec. 
 17 (after the Indiegogo one expires) You are welcome to wait until then to 
 make your donations. For the handful of people who have already donated my 
 mea culpa and will work on correcting that -assuming possible.
 
 Meantime thanks for boosting the signal if you can.
 
 Cheers,
 ./fxk
 
 
 -- 
 You'll never see all the places, or read all the books, but fortunately,
 they're not all recommended.

Re: [CODE4LIB] Terrible Drupal vulnerability

[Cary Gordon]

If the site was not patched within a few hours of the announcement, the odds 
are that you will need to rebuild it from a backup made before October 15th. It 
is very difficult to detect a successful exploit, or predict if a back-door 
will be used.

I suggest that your first move should be to contact Bluehost, as they may have 
done the patch for you. If not, please read the rest of this thread. If you 
have more questions or need help, let us know here. I will attempt to address 
any issue that is explored in this forum.

Cary


 On Nov 11, 2014, at 8:40 PM, Heidi P Frank h...@nyu.edu wrote:
 
 Hi,
 A colleague and I volunteer for an organization to maintain their website,
 which is a Drupal site hosted on Bluehost, however, neither of us are very
 experienced with Drupal.  So we've been trying to figure out what we need
 to do to prevent the site from being affected by this vulnerability issue,
 and have read a lot of the documentation and tried following the
 instructions to upgrade, etc. but are still having trouble.
 
 If there is anyone on this list who would be willing to speak with us and
 answer some questions about how we need to proceed, please contact me off
 list.  Any guidance will be much appreciated with numerous Thank You's!
 (i.e., we need some pro bono assistance :)
 
 cheers,
 Heidi
 
 Heidi Frank
 Electronic Resources  Special Formats Cataloger
 New York University Libraries
 Knowledge Access  Resources Management Services
 20 Cooper Square, 3rd Floor
 New York, NY  10003
 212-998-2499 (office)
 212-995-4366 (fax)
 h...@nyu.edu
 Skype: hfrank71
 
 On Sun, Nov 2, 2014 at 1:29 PM, Cary Gordon listu...@chillco.com wrote:
 
 If you can migrate to a maintained service, you could use feeds or migrate
 to move your content. You could also take that approach on your own
 new site. Obviously, none of your entities — nodes, menus, users, blocks,
 taxonomies, etc. — should contain executable code.
 
 I suggest that you do not migrate users or menus, unless you have the
 ability to validate your data.
 
 I love the internets, but I have learned that nobody should be
 running public facing services — open-source or other — unless they are
 prepared to maintain them, including managing a disaster recovery plan and
 vigilantly monitoring and acting on security notices. If this is not
 doable, use a service provider to manage it. The days of running services
 from a computer under a desk are gone.
 
 Cary
 
 On Sunday, November 2, 2014, Hickner, Andrew andrew.hick...@yale.edu
 wrote:
 
 I'd be curious to hear how others are proceeding.  We had already planned
 to migrate our D7 sites to a centralized Drupal instance offered here at
 Yale and this has just accelerated the timetable.  I imagine there are a
 lot of libraries running Drupal though who don't have this kind of option
 and might not have pre-October 15 backups to revert to (we don't!)
 
 
 
 Andy Hickner
 Web Services Librarian
 Yale University
 Cushing/Whitney Medical Library
 http://library.medicine.yale.edu/
 
 
 From: Code for Libraries [CODE4LIB@LISTSERV.ND.EDU javascript:;] on
 behalf of Lin, Kun [l...@cua.edu javascript:;]
 Sent: Friday, October 31, 2014 2:10 PM
 To: CODE4LIB@LISTSERV.ND.EDU javascript:;
 Subject: Re: [CODE4LIB] Terrible Drupal vulnerability
 
 I think so. However, Cloudflare in their blog post claim they have
 develop
 a way to block the attack immediately when the vulnerability was
 announced.
 Whether or not they know the exploit ahead of time or not, it would be
 good
 to know someone is watching out for you for $20 a month. And you will be
 mad if you took Oct 15th off without it. I just check, I patched my
 instance on Oct 16th. Not sure what's going to happened.
 
 Kun
 
 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU
 javascript:;]
 On Behalf Of Cary Gordon
 Sent: Friday, October 31, 2014 1:44 PM
 To: CODE4LIB@LISTSERV.ND.EDU javascript:;
 Subject: Re: [CODE4LIB] Terrible Drupal vulnerability
 
 The vulnerability was discovered in the course of an audit by
 SektionEins,
 a German security firm, and immediately reported to the Drupal Security
 Team. Because this was a pretty obscure vulnerability with no reported
 exploits, the team decided to wait until the first scheduled release date
 after DrupalCon Amsterdam to put out the notice and patch. Obviously,
 they
 knew that once word of the vulnerability was announced, there would
 immediately be a wave of exploits, so they imposed a blackout on any
 mention of it before October 15th. I think that they stuck to their word.
 
 Of course, attacks started a few hours after the announcement.
 
 Cary
 
 On Oct 31, 2014, at 9:38 AM, Joe Hourcle 
 onei...@grace.nascom.nasa.gov
 javascript:; wrote:
 
 On Oct 31, 2014, at 11:46 AM, Lin, Kun wrote:
 
 Hi Cary,
 
 I don't know from whom. But for the heartbeat vulnerability earlier
 this year, they as well as some other big providers like

Re: [CODE4LIB] Drupal question

[Cary Gordon]

It is amazing to me that a question about media management through Drupal has 
morphed into a WP WSOD question.

Once again, Drupal has strong, well-supported and proven media tools.

Cary

 On Nov 4, 2014, at 10:03 AM, Mark Pernotto mark.perno...@gmail.com wrote:
 
 Sergio,
 
 If you can't login to WP at all, there's possibly bigger issues at play
 here.  Try this:
 
 put:
 
 define('WP_DEBUG', true);
 
 in your wp-config.php file; you probably already have the definition, just
 change it to *true*. No parentheses.
 I'd normally never suggest that for a 'live' site, but that WSOD isn't
 doing you any favors at the moment, either. What this does, is essentially
 show you on that white screen what/where your error might be. Also pay
 attention to the URL that's displayed in the address bar - can you still
 navigate about your site? Is every page blank? Is it only admin?
 
 If that isn't working, try removing the theme from the wp-content/themes
 directory.
 
 Did you make backups before you did this? Just curious.
 
 .m
 
 
 
 On Tue, Nov 4, 2014 at 9:17 AM, Sergio Letuche code4libus...@gmail.com
 wrote:
 
 well i did exactly this, and then i got a blank screen
 
 the zip i downloaded from github, extracted to a working setup of wordpess,
 in web-root/wp-content/themes/
 librarylearn
 
 what am i doing wrong?
 
 2014-11-04 14:53 GMT+02:00 Riley Childs rchi...@cucawarriors.com:
 
 Well it is intended for WordPress, but in WordPress you can drop the
 files
 in web-root/wp-content/themes/librarylearn
 
 
 --
 Riley Childs
 Senior
 Charlotte United Christian Academy
 IT Services Administrator
 Library Services Administrator
 https://rileychilds.net
 cell: +1 (704) 497-2086
 office: +1 (704) 537-0331x101
 twitter: @rowdychildren
 Checkout our new Online Library Catalog:
 https://catalog.cucawarriors.com
 
 Proudly sent in plain text
 
 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of
 Sergio Letuche
 Sent: Tuesday, November 04, 2014 7:36 AM
 To: CODE4LIB@LISTSERV.ND.EDU
 Subject: Re: [CODE4LIB] Drupal question
 
 does anyone know how could i install this theme from github?
 
 https://github.com/shermanlibrary/librarylearn
 
 
 
 2014-11-03 14:14 GMT+02:00 Sergio Letuche code4libus...@gmail.com:
 
 thank you for your quick reply, how one could install it?
 
 I am familiar with drupal distributions only i am afraid. Is this
 something similar?
 
 2014-11-03 14:03 GMT+02:00 Riley Childs rchi...@cucawarriors.com:
 
 It provides plugins within the theme.
 
 Sent from my Windows Phone
 
 --
 Riley Childs
 Senior
 Charlotte United Christian Academy
 Library Services Administrator
 IT Services Administrator
 (704) 537-0331x101
 (704) 497-2086
 rileychilds.net
 @rowdychildren
 I use Lync (select External Contact on any XMPP chat client)
 
 From: Sergio Letuchemailto:code4libus...@gmail.com
 Sent: ‎11/‎3/‎2014 7:03 AM
 To: CODE4LIB@LISTSERV.ND.EDUmailto:CODE4LIB@LISTSERV.ND.EDU
 Subject: Re: [CODE4LIB] Drupal question
 
 it seems this is only a theme,
 
 am i wrong?
 
 https://github.com/shermanlibrary/librarylearn
 
 2014-11-01 16:22 GMT+02:00 Riley Childs rchi...@cucawarriors.com:
 
 Here is a WordPress theme/plugin to do this. I haven't used it
 personally
 but I have heard great things
 https://github.com/shermanlibrary/librarylearn
 
 Riley Childs
 Senior
 Charlotte United Christian Academy
 Library Services Administrator
 IT Services
 (704) 497-2086
 rileychilds.net
 @rowdychildren
 
 From: Sergio Letuchemailto:code4libus...@gmail.com
 Sent: ‎11/‎1/‎2014 6:35 AM
 To: CODE4LIB@LISTSERV.ND.EDUmailto:CODE4LIB@LISTSERV.ND.EDU
 Subject: [CODE4LIB] Drupal question
 
 Could you please provide me with an advice,
 
 if there is any drupal distribution that we could use just to host
 embedded
 videos from our youtube channel? The scope for this would be to
 have a video gallery, for any lesson, and not to host the videos on
 our server, just embed them in our page from youtube.
 
 If not a distribution, some module?
 
 Thank you
 
 
 
 
 
 

Re: [CODE4LIB] Code4Lib 2015 keynote voting is open

[Cary Gordon]

Again, an embarrassment of riches.

Cary

 On Nov 4, 2014, at 3:02 PM, Eric Phetteplace phett...@gmail.com wrote:
 
 With special thanks to Ross Singer and Chris Beer for their management of
 the diebold-o-tron, the Code4Lib 2015 Keynote Speakers Committee is happy
 to open this year's invited speaker election.
 
 All nominees have been contacted and the 19 (!) nominees included in
 this election
 are all potentially available to speak. The top two available vote recipients
 will be invited to be our keynote speakers this year. Voting will end in
 two weeks on Tuesday, November 18th, 2014 at 20:00:00 PM PDT.
 
 When rating nominees, please consider whether they are likely to be an
 excellent
 contributor in each the following areas:
 
 1) *Appropriateness*. Is this speaker likely to convey information
 that is useful
 to many members of our community?
 2) *Uniqueness*. Is this speaker likely to cover themes that may not
 commonly appear in the rest of the program?
 3) *Contribution to diversity*. Will this person bring something rare, 
 notable,
 or unique to our community, through unusual experience or background?
 
 http://vote.code4lib.org/election/31
 
 Note that the text at the top of the page can be disregarded, it applies
 only to the talk proposal voting process.
 
 If you have any issues with your account, please contact Ryan Wick at
 ryanw...@gmail.com.
 
 Thanks,
 Code4Lib 2014 Keynote Speakers Committee

Re: [CODE4LIB] Wireless barcode scanners

[Cary Gordon]

You could simply use an iPad as a barcode scanner. Disintermediate!

 On Nov 3, 2014, at 12:58 PM, Edward M. Corrado ecorr...@ecorrado.us wrote:
 
 This is slightly off-topic but I can't think of a better place to ask.
 I have been asked to investigate wireless barcode scanners, and
 preferably ones that can work with an iPad (or be connected to an
 iPad), for inventory purposes. I have found a few used in the retail
 environment but I was wondering of anyone has bought any recently that
 they like. Even if you have a wireless barcode scanner that isn't
 designed to work with an iPad that you recommend, I'd like to hear
 about it. I know this is vaugue, but that is intentional, I am trying
 to cast a wide net in hopes to hear what others have done that might
 be of interest since we are just starting to look into this.
 
 Thanks,
 Edward

Re: [CODE4LIB] Terrible Drupal vulnerability

[Cary Gordon]

If you can migrate to a maintained service, you could use feeds or migrate
to move your content. You could also take that approach on your own
new site. Obviously, none of your entities — nodes, menus, users, blocks,
taxonomies, etc. — should contain executable code.

I suggest that you do not migrate users or menus, unless you have the
ability to validate your data.

I love the internets, but I have learned that nobody should be
running public facing services — open-source or other — unless they are
prepared to maintain them, including managing a disaster recovery plan and
vigilantly monitoring and acting on security notices. If this is not
doable, use a service provider to manage it. The days of running services
from a computer under a desk are gone.

Cary

On Sunday, November 2, 2014, Hickner, Andrew andrew.hick...@yale.edu
wrote:

 I'd be curious to hear how others are proceeding.  We had already planned
 to migrate our D7 sites to a centralized Drupal instance offered here at
 Yale and this has just accelerated the timetable.  I imagine there are a
 lot of libraries running Drupal though who don't have this kind of option
 and might not have pre-October 15 backups to revert to (we don't!)



 Andy Hickner
 Web Services Librarian
 Yale University
 Cushing/Whitney Medical Library
 http://library.medicine.yale.edu/

 
 From: Code for Libraries [CODE4LIB@LISTSERV.ND.EDU javascript:;] on
 behalf of Lin, Kun [l...@cua.edu javascript:;]
 Sent: Friday, October 31, 2014 2:10 PM
 To: CODE4LIB@LISTSERV.ND.EDU javascript:;
 Subject: Re: [CODE4LIB] Terrible Drupal vulnerability

 I think so. However, Cloudflare in their blog post claim they have develop
 a way to block the attack immediately when the vulnerability was announced.
 Whether or not they know the exploit ahead of time or not, it would be good
 to know someone is watching out for you for $20 a month. And you will be
 mad if you took Oct 15th off without it. I just check, I patched my
 instance on Oct 16th. Not sure what's going to happened.

 Kun

 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU javascript:;]
 On Behalf Of Cary Gordon
 Sent: Friday, October 31, 2014 1:44 PM
 To: CODE4LIB@LISTSERV.ND.EDU javascript:;
 Subject: Re: [CODE4LIB] Terrible Drupal vulnerability

 The vulnerability was discovered in the course of an audit by SektionEins,
 a German security firm, and immediately reported to the Drupal Security
 Team. Because this was a pretty obscure vulnerability with no reported
 exploits, the team decided to wait until the first scheduled release date
 after DrupalCon Amsterdam to put out the notice and patch. Obviously, they
 knew that once word of the vulnerability was announced, there would
 immediately be a wave of exploits, so they imposed a blackout on any
 mention of it before October 15th. I think that they stuck to their word.

 Of course, attacks started a few hours after the announcement.

 Cary

  On Oct 31, 2014, at 9:38 AM, Joe Hourcle onei...@grace.nascom.nasa.gov
 javascript:; wrote:
 
  On Oct 31, 2014, at 11:46 AM, Lin, Kun wrote:
 
  Hi Cary,
 
  I don't know from whom. But for the heartbeat vulnerability earlier
 this year, they as well as some other big providers like Google and Amazon
 were notified and patched before it was announced.
 
  If they have an employee who contributes to the project, it's possible
  that this was discussed on development lists before it was sent down
  to user level mailing lists.
 
  Odds are, there's also  some network of people who are willing to give
  things a cursory review / beta test in a more controlled manner before
  they're officially released (and might break thousands of websites).
  It would make sense that companies who derive a good deal of their
  profits in supporting software would participate in those programs, as
 well.
 
  I could see categorizing either of those as 'ahead of the *general*
  public', which was Kun's assertion.
 
  -Joe
 
 
 
  -Original Message-
  From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU
 javascript:;] On Behalf
  Of Cary Gordon
  Sent: Friday, October 31, 2014 11:10 AM
  To: CODE4LIB@LISTSERV.ND.EDU javascript:;
  Subject: Re: [CODE4LIB] Terrible Drupal vulnerability
 
  How do they receive vulnerability report ahead of general public? From
 whom?
 
  Cary
 
  On Friday, October 31, 2014, Lin, Kun l...@cua.edu javascript:;
 wrote:
 
  If you are using drupal as main website, consider using Cloudflare Pro.
  It's just $20 a month and worth it. They'll help block most attacks.
  And they usually receive vulnerability report ahead of general public.
 
  Kun
 
  -Original Message-
  From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU
 javascript:;
  javascript:;] On Behalf Of Cary Gordon
  Sent: Friday, October 31, 2014 9:59 AM
  To: CODE4LIB@LISTSERV.ND.EDU javascript:; javascript:;
  Subject: Re: [CODE4LIB] Terrible Drupal vulnerability

[CODE4LIB] MARC reporting engine

[Cary Gordon]

You don't have to build your own indexer. You might use the pymarc
parser to pull the records into a flat database like Mongo, then
pull reports from there. It really depends on what the service is
delivering.

This would be much less insanity inducing than regexes in vi.

I do agree with Jonathan. If authorities were easy, everyone would be doing
them.

Cary

On Sunday, November 2, 2014, Stuart Yeates stuart.yea...@vuw.ac.nz wrote:

 Do any of these have built-in indexing? 800k records isn't going to fit in
 memory and if building my own MARC indexer is 'relatively straightforward'
 then you're a better coder than I am.

 cheers
 stuart

 --
 I have a new phone number: 04 463 5692

 
 From: Code for Libraries CODE4LIB@LISTSERV.ND.EDU on behalf of Jonathan
 Rochkind rochk...@jhu.edu
 Sent: Monday, 3 November 2014 1:24 p.m.
 To: CODE4LIB@LISTSERV.ND.EDU
 Subject: Re: [CODE4LIB] MARC reporting engine

 If you are, can become, or know, a programmer, that would be relatively
 straightforward in any programming language using the open source MARC
 processing library for that language. (ruby marc, pymarc, perl marc,
 whatever).

 Although you might find more trouble than you expect around authorities,
 with them being less standardized in your corpus than you might like.
 
 From: Code for Libraries [CODE4LIB@LISTSERV.ND.EDU] on behalf of Stuart
 Yeates [stuart.yea...@vuw.ac.nz]
 Sent: Sunday, November 02, 2014 5:48 PM
 To: CODE4LIB@LISTSERV.ND.EDU
 Subject: [CODE4LIB] MARC reporting engine

 I have ~800,000 MARC records from an indexing service (
 http://natlib.govt.nz/about-us/open-data/innz-metadata CC-BY). I am
 trying to generate:

 (a) a list of person authorities (and sundry metadata), sorted by how many
 times they're referenced, in wikimedia syntax

 (b) a view of a person authority, with all the records by which they're
 referenced, processed into a wikipedia stub biography

 I have established that this is too much data to process in XSLT or
 multi-line regexps in vi. What other MARC engines are there out there?

 The two options I'm aware of are learning multi-line processing in sed or
 learning enough koha to write reports in whatever their reporting engine is.

 Any advice?

 cheers
 stuart
 --
 I have a new phone number: 04 463 5692



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] Terrible Drupal vulnerability

[Cary Gordon]

This is what I posted to the Drupal4Lib list:



By now, you should have seen https://www.drupal.org/PSA-2014-003 and heard
about the Drupageddon exploits. and you may be wondering if you were
vulnerable or iff you were hit by this, how you can tell and what you
should do. Drupageddon affects Drupal 7, Drupal 8 and, if you use the DBTNG
module, Drupal 6.

The general recommendation is that if you do not know or are unsure of your
server's security and you did not either update to Drupal 7.32 or apply the
patch within a few hours of the notice, you should assume that your site
(and server) was hacked and you should restore everything to a backup from
before October 15th or earlier. If your manage your server and you have any
doubts about your file security, you should restore that to a pre 10/15
image, as well or do a reinstall of your server software.

I know this sounds drastic, and I know that not everyone will do that.
There are some tests you can run on your server, but they can only verify
the hacks that have been identified.

At MPOW, we enforce file security on our production servers. Our
deployments are scripted in our continuous integration system, and only
that system can write files outside of the temporal file directory (e.g.
/sites/site-name/files). We also forbid executables in the temporal file
system. This prevents many exploits related to this issue.

Of course, the attack itself is on the database, so even if the file system
is not compromised, the attacker could, for example, get admin access to
the site by creating an account, making it an admin, and sending themselves
a password. While they need a valid email address to set the password, they
would likely change that as soon as they were in.

Some resources:
https://www.drupal.org/PSA-2014-003
https://www.acquia.com/blog/learning-hackers-week-after-drupal-sql-injection-announcement
http://drupal.stackexchange.com/questions/133996/drupal-sa-core-2014-005-how-to-tell-if-my-server-sites-were-compromised

I won't attempt to outline every audit technique here, but if you have any
questions, please ask them.

The takeaway from this incident, is that while Drupal has a great security
team and community, it is incumbent upon site owners and admins to pay
attention. Most Drupal security issues are only exploitable by privileged
users, and admins need to be careful and read every security notice. If a
vulnerability is publicly exploitable, you must take action immediately.

Thanks,

Cary

On Thu, Oct 30, 2014 at 5:24 PM, Dan Scott deni...@gmail.com wrote:

 Via lwn.net, I came across https://www.drupal.org/PSA-2014-003 and my
 heart
 sank:

 
 Automated attacks began compromising Drupal 7 websites that were not
 patched or updated to Drupal 7.32 within hours of the announcement of
 SA-CORE-2014-005
 - https://www.drupal.org/SA-CORE-2014-005Drupal
 https://www.drupal.org/SA-CORE-2014-005 core - SQL injection
 https://www.drupal.org/SA-CORE-2014-005. You should proceed under the
 assumption that every Drupal 7 website was compromised unless updated or
 patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.
 

 That's about as bad as it gets, folks.




-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] Terrible Drupal vulnerability

[Cary Gordon]

How do they receive vulnerability report ahead of general public? From whom?

Cary

On Friday, October 31, 2014, Lin, Kun l...@cua.edu wrote:

 If you are using drupal as main website, consider using Cloudflare Pro.
 It's just $20 a month and worth it. They'll help block most attacks. And
 they usually receive vulnerability report ahead of general public.

 Kun

 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU javascript:;]
 On Behalf Of Cary Gordon
 Sent: Friday, October 31, 2014 9:59 AM
 To: CODE4LIB@LISTSERV.ND.EDU javascript:;
 Subject: Re: [CODE4LIB] Terrible Drupal vulnerability

 This is what I posted to the Drupal4Lib list:

 

 By now, you should have seen https://www.drupal.org/PSA-2014-003 and
 heard about the Drupageddon exploits. and you may be wondering if you
 were vulnerable or iff you were hit by this, how you can tell and what you
 should do. Drupageddon affects Drupal 7, Drupal 8 and, if you use the DBTNG
 module, Drupal 6.

 The general recommendation is that if you do not know or are unsure of
 your server's security and you did not either update to Drupal 7.32 or
 apply the patch within a few hours of the notice, you should assume that
 your site (and server) was hacked and you should restore everything to a
 backup from before October 15th or earlier. If your manage your server and
 you have any doubts about your file security, you should restore that to a
 pre 10/15 image, as well or do a reinstall of your server software.

 I know this sounds drastic, and I know that not everyone will do that.
 There are some tests you can run on your server, but they can only verify
 the hacks that have been identified.

 At MPOW, we enforce file security on our production servers. Our
 deployments are scripted in our continuous integration system, and only
 that system can write files outside of the temporal file directory (e.g.
 /sites/site-name/files). We also forbid executables in the temporal file
 system. This prevents many exploits related to this issue.

 Of course, the attack itself is on the database, so even if the file
 system is not compromised, the attacker could, for example, get admin
 access to the site by creating an account, making it an admin, and sending
 themselves a password. While they need a valid email address to set the
 password, they would likely change that as soon as they were in.

 Some resources:
 https://www.drupal.org/PSA-2014-003

 https://www.acquia.com/blog/learning-hackers-week-after-drupal-sql-injection-announcement

 http://drupal.stackexchange.com/questions/133996/drupal-sa-core-2014-005-how-to-tell-if-my-server-sites-were-compromised

 I won't attempt to outline every audit technique here, but if you have any
 questions, please ask them.

 The takeaway from this incident, is that while Drupal has a great security
 team and community, it is incumbent upon site owners and admins to pay
 attention. Most Drupal security issues are only exploitable by privileged
 users, and admins need to be careful and read every security notice. If a
 vulnerability is publicly exploitable, you must take action immediately.

 Thanks,

 Cary

 On Thu, Oct 30, 2014 at 5:24 PM, Dan Scott deni...@gmail.com
 javascript:; wrote:

  Via lwn.net, I came across https://www.drupal.org/PSA-2014-003 and my
  heart
  sank:
 
  
  Automated attacks began compromising Drupal 7 websites that were not
  patched or updated to Drupal 7.32 within hours of the announcement of
  SA-CORE-2014-005
  - https://www.drupal.org/SA-CORE-2014-005Drupal
  https://www.drupal.org/SA-CORE-2014-005 core - SQL injection
  https://www.drupal.org/SA-CORE-2014-005. You should proceed under
  the assumption that every Drupal 7 website was compromised unless
  updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the
 announcement.
  
 
  That's about as bad as it gets, folks.
 



 --
 Cary Gordon
 The Cherry Hill Company
 http://chillco.com



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] Terrible Drupal vulnerability

[Cary Gordon]

The vulnerability was discovered in the course of an audit by SektionEins, a 
German security firm, and immediately reported to the Drupal Security Team. 
Because this was a pretty obscure vulnerability with no reported exploits, the 
team decided to wait until the first scheduled release date after DrupalCon 
Amsterdam to put out the notice and patch. Obviously, they knew that once word 
of the vulnerability was announced, there would immediately be a wave of 
exploits, so they imposed a blackout on any mention of it before October 15th. 
I think that they stuck to their word.

Of course, attacks started a few hours after the announcement.

Cary

 On Oct 31, 2014, at 9:38 AM, Joe Hourcle onei...@grace.nascom.nasa.gov 
 wrote:
 
 On Oct 31, 2014, at 11:46 AM, Lin, Kun wrote:
 
 Hi Cary,
 
 I don't know from whom. But for the heartbeat vulnerability earlier this 
 year, they as well as some other big providers like Google and Amazon were 
 notified and patched before it was announced. 
 
 If they have an employee who contributes to the project, it's possible that 
 this
 was discussed on development lists before it was sent down to user level 
 mailing
 lists.  
 
 Odds are, there's also  some network of people who are willing to give things 
 a
 cursory review / beta test in a more controlled manner before they're 
 officially
 released (and might break thousands of websites).  It would make sense that
 companies who derive a good deal of their profits in supporting software would
 participate in those programs, as well.
 
 I could see categorizing either of those as 'ahead of the *general* public',
 which was Kun's assertion.
 
 -Joe
 
 
 
 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Cary 
 Gordon
 Sent: Friday, October 31, 2014 11:10 AM
 To: CODE4LIB@LISTSERV.ND.EDU
 Subject: Re: [CODE4LIB] Terrible Drupal vulnerability
 
 How do they receive vulnerability report ahead of general public? From whom?
 
 Cary
 
 On Friday, October 31, 2014, Lin, Kun l...@cua.edu wrote:
 
 If you are using drupal as main website, consider using Cloudflare Pro.
 It's just $20 a month and worth it. They'll help block most attacks. 
 And they usually receive vulnerability report ahead of general public.
 
 Kun
 
 -Original Message-
 From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU 
 javascript:;] On Behalf Of Cary Gordon
 Sent: Friday, October 31, 2014 9:59 AM
 To: CODE4LIB@LISTSERV.ND.EDU javascript:;
 Subject: Re: [CODE4LIB] Terrible Drupal vulnerability
 
 This is what I posted to the Drupal4Lib list:
 
 
 
 By now, you should have seen https://www.drupal.org/PSA-2014-003 and 
 heard about the Drupageddon exploits. and you may be wondering if 
 you were vulnerable or iff you were hit by this, how you can tell and 
 what you should do. Drupageddon affects Drupal 7, Drupal 8 and, if you 
 use the DBTNG module, Drupal 6.
 
 The general recommendation is that if you do not know or are unsure of 
 your server's security and you did not either update to Drupal 7.32 or 
 apply the patch within a few hours of the notice, you should assume 
 that your site (and server) was hacked and you should restore 
 everything to a backup from before October 15th or earlier. If your 
 manage your server and you have any doubts about your file security, 
 you should restore that to a pre 10/15 image, as well or do a reinstall of 
 your server software.
 
 I know this sounds drastic, and I know that not everyone will do that.
 There are some tests you can run on your server, but they can only 
 verify the hacks that have been identified.
 
 At MPOW, we enforce file security on our production servers. Our 
 deployments are scripted in our continuous integration system, and 
 only that system can write files outside of the temporal file directory 
 (e.g.
 /sites/site-name/files). We also forbid executables in the temporal 
 file system. This prevents many exploits related to this issue.
 
 Of course, the attack itself is on the database, so even if the file 
 system is not compromised, the attacker could, for example, get admin 
 access to the site by creating an account, making it an admin, and 
 sending themselves a password. While they need a valid email address 
 to set the password, they would likely change that as soon as they were in.
 
 Some resources:
 https://www.drupal.org/PSA-2014-003
 
 https://www.acquia.com/blog/learning-hackers-week-after-drupal-sql-inj
 ection-announcement
 
 http://drupal.stackexchange.com/questions/133996/drupal-sa-core-2014-0
 05-how-to-tell-if-my-server-sites-were-compromised
 
 I won't attempt to outline every audit technique here, but if you have 
 any questions, please ask them.
 
 The takeaway from this incident, is that while Drupal has a great 
 security team and community, it is incumbent upon site owners and 
 admins to pay attention. Most Drupal security issues are only 
 exploitable by privileged users

Re: [CODE4LIB] Why learn Unix?

[Cary Gordon]

It really depends on what you mean by learn Unix.

I agree with Eric that many tools, particularly open source tools, are more
robust on l
Linux. This is because most of their development communities are building
on Linux, so new features and bug fixes show up their first.

I live in the open source, Linux-based development world, as as a service
and management tool developer, I never use Linux GUIs. I think that folks
who are going to be installing and maintaining services on Linux servers
should become comfortable with the command line tools The will be using.

Commercial Unix systems are dying out except for specialized industries
like banking and airlines. It also hangs on in systems that use the
full-boat Oracle suite, although it may be losing ground there.

The most popular flavor families of Linux — RedHat (Fedora, CentOS, AWS)
and Debian (Ubuntu) — as well as the system that underlies OS X share a
common toolset, which makes it much easier to move from one to another than
it is to move between BSD and System V based proprietary Unix systems.

Cary

On Monday, October 27, 2014, Siobhain Rivera siori...@indiana.edu wrote:

 Hi everyone,

 I'm part of the ASIST Student Chapter and Indiana University, and we're
 putting together a series of workshops on Unix. We've noticed that a lot of
 people don't seem to have a good idea of why they should learn Unix,
 particularly the reference/non technology types. We're going to do some
 more research to make a fact sheet about the uses of Unix, but I thought
 I'd pose the question to the list - what do you think are reasons
 librarians need to know Unix, even if they aren't in particularly tech
 heavy jobs?

 I'd appreciate any input. Have a great week!

 Siobhain Rivera
 Indiana University Bloomington
 Library Science, Digital Libraries Specialization
 ASIST-SC, Webmaster



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] XBMC in the library

[Cary Gordon]

I had not heard of Kodi (née XBMC) until your post, but it looks like it is
worth investigating.

Cary

On Thursday, October 23, 2014, Cornel Darden Jr. corneldarde...@gmail.com
wrote:

 Hello,

 I've recently done a few workshops on XBMC, Informing library users of its
 existence and its features, even showing some advanced features to the
 advanced patrons.

 It made me ponder if XBMC could be useful in the library on a permanent
 basis. I was thinking maybe a setup in a media room so that programming and
 other media could be accessible for library users. Does anyone currently
 use XBMC in their library?

 Thanks,

 Cornel Darden Jr.
 MSLIS
 Library Department Chair
 South Suburban College
 7087052945

 Our Mission is to Serve our Students and the Community through lifelong
 learning.

 Sent from my iPhone



-- 
Cary Gordon
The Cherry Hill Company
http://chillco.com

Re: [CODE4LIB] UBUNTU server with ipv6 only

[Cary Gordon]

You will have issues with every user that does not have IPv6, AKA most of them.

Cary

On Oct 19, 2014, at 12:11 AM, Sergio Letuche code4libus...@gmail.com wrote:

 I have just obtained a VM, that has only an IPv6. I am trying to set it up,
 and when i want to install something, via wget for example, i get the
 following error.
 
 for example i give wget http://somelink/file.tar.gz
 
 i get resolving http://somelink/
 
 connecting to http://somelink/ failed: Network is unreachable.
 
 
 The OS is Ubuntu server 14.04.1, and i have tried to add google's DNS
 servers, still no luck.
 
 *Example: Changing DNS server settings on a Debian server*
 
   1. Edit /etc/resolv.conf:
 
   sudo vi /etc/resolv.conf
 
   2. If any nameserver lines appear, write down the IP addresses for
   future reference.
   3. Replace the nameserver lines with, or add, the following lines:
 
   For IPv4:
 
   nameserver 8.8.8.8
   nameserver 8.8.4.4
 
   For IPv6:
 
   nameserver 2001:4860:4860::
   nameserver 2001:4860:4860::8844
 
   4. Save and exit.
   5. Restart any Internet clients you are using.
   6. Test that your setup is working correctly; see Testing your new
   settings
   https://developers.google.com/speed/public-dns/docs/using#testing
below.
 
 Also i will use this machine as a web server, will i have issues if with
 ifconfig the only address i have is ipv6?
 
 Thank you in advance

Re: [CODE4LIB] Linux distro for librarians

[Cary Gordon]

Docker ++

I have proposed a docker preso for code4libCon.

Cary
 
On Oct 18, 2014, at 6:30 PM, Pottinger, Hardy J. pottinge...@missouri.edu 
wrote:

 Honestly, your Host distro doesn't much matter, everything will be in Docker 
 soon. Here's a quick way to get there
 
 https://coreos.com/blog/coreos-just-got-easier-to-try-with-panamax/
 
 But if you want a non-nonsense just get things done distro, try Crunch Bang
 
 http://crunchbang.org/
 
 --Hardy
 
 Sent from my iPad
 
 On Oct 18, 2014, at 7:47 PM, Cornel Darden Jr. 
 corneldarde...@gmail.commailto:corneldarde...@gmail.com wrote:
 
 Hello,
 
 I believe librarians are special people. It would be nice if there were an 
 operating system created by us. Haven't come across one though.
 
 Thanks,
 
 Cornel Darden Jr.
 MSLIS
 Library Department Chair
 South Suburban College
 7087052945
 
 Our Mission is to Serve our Students and the Community through lifelong 
 learning.
 
 Sent from my iPhone
 
 On Oct 18, 2014, at 7:13 PM, Henry Mensch 
 he...@henare.orgmailto:he...@henare.org wrote:
 
 because there aren't enough other distributions out there? :)
 
 ---Sent from Boxer | http://getboxer.com
 
 Hello,
 
 
 
 Every now and then I consider switching my main operating system. I've been 
 using Ubuntu for years. Does anyone know of any Linux distros made by 
 librarians or One that's most used by librarians?
 
 
 
 Thanks,
 
 
 
 Cornel Darden Jr.
 MSLIS
 
 Library Department Chair
 
 South Suburban College
 
 7087052945
 
 
 
 Our Mission is to Serve our Students and the Community through lifelong 
 learning.
 
 
 
 Sent from my iPhone

Re: [CODE4LIB] Linux distro for librarians

[Cary Gordon]

Docker is NOT chroot. I have been in a chroot jail for the last few years, and 
docker is a big improvement, like bail or parole.

With Docker, you can use as much or little of the host system as you like.

Cary

On Oct 18, 2014, at 6:30 PM, Pottinger, Hardy J. pottinge...@missouri.edu 
wrote:

 Honestly, your Host distro doesn't much matter, everything will be in Docker 
 soon. Here's a quick way to get there
 
 https://coreos.com/blog/coreos-just-got-easier-to-try-with-panamax/
 
 But if you want a non-nonsense just get things done distro, try Crunch Bang
 
 http://crunchbang.org/
 
 --Hardy
 
 Sent from my iPad
 
 On Oct 18, 2014, at 7:47 PM, Cornel Darden Jr. 
 corneldarde...@gmail.commailto:corneldarde...@gmail.com wrote:
 
 Hello,
 
 I believe librarians are special people. It would be nice if there were an 
 operating system created by us. Haven't come across one though.
 
 Thanks,
 
 Cornel Darden Jr.
 MSLIS
 Library Department Chair
 South Suburban College
 7087052945
 
 Our Mission is to Serve our Students and the Community through lifelong 
 learning.
 
 Sent from my iPhone
 
 On Oct 18, 2014, at 7:13 PM, Henry Mensch 
 he...@henare.orgmailto:he...@henare.org wrote:
 
 because there aren't enough other distributions out there? :)
 
 ---Sent from Boxer | http://getboxer.com
 
 Hello,
 
 
 
 Every now and then I consider switching my main operating system. I've been 
 using Ubuntu for years. Does anyone know of any Linux distros made by 
 librarians or One that's most used by librarians?
 
 
 
 Thanks,
 
 
 
 Cornel Darden Jr.
 MSLIS
 
 Library Department Chair
 
 South Suburban College
 
 7087052945
 
 
 
 Our Mission is to Serve our Students and the Community through lifelong 
 learning.
 
 
 
 Sent from my iPhone