Re: [CODE4LIB] Encrypting EZProxy + SIP2 authentication

2015-02-02 Thread MJ Ray
Jane Sandberg wrote:
 Am I missing some simpler option?  Our EZProxy is running on a Windows
 machine, by the way, and we use Evergreen as our ILS.  I'd love any
 advice or suggestions that you seasoned EZProxy experts can share.

Set up a VPN between the two?  OpenVPN should run on both.

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Serious vulnerability in OpenSSL

2014-04-14 Thread MJ Ray
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Francis Kayiwa wrote:
 If you patched already that's cool, if not you should be asking 
 yourself why you aren't using SSL? -oh wait. As you were. ;-)

GnuTLS is another suite for doing https and so on, but AFAIK didn't
suffer from this bug because it was an implementation bug rather than
a general design flaw.

Hope that informs,
- -- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBCAAGBQJTS9QYAAoJELJrzKUj/txjqdoP/1mfclQN7uZgs4aQWS5FZ197
6W93lFuwi15nNkPPopx/5l9m4Cpo+scPDhf0N0L0rKHeiggoHKy4mXUs+TIFoW1S
SoX8sPsCPRwTpozbJhk98iCXCGZZGd7vJnkZcNce0DeodfP7p/mYTwt79HmwD9co
pFvHhcn/PN/ecIcdEXBRC8SVPMJNpF3srD2AZvX74jKEo+LuekSWV4wUaAZhHmo6
l6/Ll7htRZoQ9wT/ZeAlzBLGd9wQm+tLbweubLR5DPDZ9xFCbmlZ4JOjRddY2WbC
ppfosIP8BCuTg1ff/K6llez2S4PZ7aO5RMsg/Cb8WEp749VTY2eUmI1vzWAjCK7t
7dVu25oL/uUZxX/uuWqfho7XYfisPgnKW3lvV8SkyzRRsaQkSUGs8IFUqmsE55wA
zJNOYewXzlbLkDY7uhvnIbSVtqqOhtpMmOUk8V7PWhkPWQ09lupVBJxEBqYL687t
OpJ8x+4ga/uyQFKmSVlpp4GtmfcylfNr3aomxjG1iksotkeczHr3M0x9v9UxaXsj
YrrWikkeUWWKHwhs42ZF2a0FbdvM1d1fDmqvDsPuMGsSgeNw9iz+BAJsPqNMpfcF
RUIf4Vu/Hcj7c80j1+HRJ/zZkztGV6uXNpApQ4DoEiujjLArg1kAFtoKzKeX5BDi
rJ6bcLBMxqirYOKH9ETE
=Edt0
-END PGP SIGNATURE-


Re: [CODE4LIB] phone app for barcode-to-textfile?

2013-06-07 Thread MJ Ray
Ian Walls
 Android has Barcode Scanner, which can do both scan to text, as well as send
 to custom URL (if you've got a RESTful kinda setup you want to GET to).

I'd second that (it's the ZXing one) but note that 1D barcodes need a
phone with a decent autofocus camera, else only QR and Data Matrix
codes can be scanned.  Personally, I also find it needs good light and
good contrast - barcodes on off-white newspapers are very difficult to
scan.

There's a different scanner system in pic2shop which copes better with
slow/fixed focus and low-res cameras, but I've not seen it available
without the auto-search-for-products bit and I don't think it's FOSS.

Hope that helps,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] GitHub Myths (was thanks and poetry)

2013-02-22 Thread MJ Ray
Shaun Ellis sha...@princeton.edu
 If you read my email, I don't tell anyone what to use, but simply 
 attempt to clear up some fallacies.  Distributed version control is new 
 to many, and I want to make sure that folks are getting accurate 
 information from this list.

As would I.  I don't think spreading misinformation about the products
of GitHub, Inc, is helping people to get accurate information.

 Unfortunately, this statement is not accurate either:
 
 // There's a sneaky lock-in effect of having one open tool (git hosting) 
 which is fairly easy to move in and out and interoperate with, linked to 
 other closed tools (such as their issues tracker and their non-git pull 
 requests system) which are harder to move out or interoperate. //

Nothing written below points out any inaccuracy.

 GitHub's API allows you to easily export issues if you want to move them 
 somewhere else: http://developer.github.com/v3/issues/

So what's the equivalent command to git clone  to do that, then?
I put harder, not impossible.  You try putting the sausagemeat you get
from that API into any other issue tracker.  Also, that API is only
available to registered users and it's unique as far as I've seen.

 Pull-requests are used by repository hosting platforms to make it easier 
 to suggest patches.  GitHub and BitBucket both use the pattern, 

Well, the pattern comes from the git request-pull tool.  GitHub just
disconnects it from that.

 and I don't understand what you mean by it being a closed tool.
 If you're concerned about barriers to entry, suggesting a patch
 using only git or mercurial can be done, but I wouldn't say it's
 easy.

git send-email and git request-pull are both pretty easy, aren't they?

and what Erik said about open/closed.

 ... and what Devon said.

Which was If you're not willing to provide even your name to make use
of a free service, then I dare say you are erecting your own
barriers.

I'm willing to provide my name.  I'm not willing to provide my full
legal name to them.  They have no need for my full legal name.  Even
if they want to come after me legally, the legal system will either
accept my common alias or convert it for them (I have to tell it both,
for that reason).

Hope that explains,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] GitHub Myths (was thanks and poetry)

2013-02-21 Thread MJ Ray
Shaun Ellis sha...@princeton.edu
 * Myth #1 : GitHub creates a barrier to entry.

That's a fact, not a myth.  Myself, I won't give GitHub my full legal
name and I suspect there are others who won't.  So, we're not welcome
there and if we lie to register, all our work would be subject to
deletion at an arbitrary future point.

There's a couple of other things in the terms which aren't simple, too.

[...]
 * Myth #4 : GitHub is monopolizing open source software development.
   ... to its unfortunate centralizing of so much free/open
   source software on one platform.)
 
 Convergence is not always a bad thing. GitHub provides a great, free 
 service with lots of helpful collaboration tools beyond version control. 
   It's natural that people would flock there, despite having lots of 
 other options.

Whether or not it's a deliberate monopolising attempt, I don't think
that's the full reason.  It's not only natural effect.  There's a
sneaky lock-in effect of having one open tool (git hosting) which is
fairly easy to move in and out and interoperate with, linked to other
closed tools (such as their issues tracker and their non-git pull
requests system) which are harder to move out or interoperate.

Use github if you like.  Just don't expect everyone to do so.

Hope that explains,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Full Legal Names on the Web, was GitHub Myths (was thanks and poetry)

2013-02-21 Thread MJ Ray
Michael Schofield mschofi...@nova.edu
 [...] This split topic I'd like to see maybe in another thread is
 about giving full legal names to web services. If anyone watched the
 PS4 reveal last night, you might have noticed that PS4 is giving up
 gamertags (read: aliases) for full names to easily integrate with
 other social platforms. [...]

Anyone know how they're going to handle namespace collisions, and the
various sexual and racial harrassment that will happen in some games
once you can make assumptions about people from their full names?

Hopefully, they only need be names and not legal full names.

This might amuse some of you: I'm not even the first (or in the first
ten) calling themselves MJ Ray on one popular web service - the ones
before me are a diverse bunch, too; and I namespace-collided with
myself at least twice while I was both staff for different departments
and a student at an expanding university - the user database required
full names and required them to be unique... oops!  I don't think
that's the case any longer... ;-)

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Editing Code4lib Wiki

2013-02-11 Thread MJ Ray
Alisak Sanavongsay asanavong...@ucmerced.edu
 Also, I think it would be better to turn email confirmation back on
 before the spam bots discover this.

It would also be very nice to replace the reCaptcha with something
that allowed people who can't pass audio-visual tests to take part!

Another library mediawiki site manages OK with email confirmation and
humans reviewing account signups (looking for sensible biographies,
mostly) - could code4lib?

Thanks,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Editing Code4lib Wiki

2013-02-11 Thread MJ Ray
Kyle Banerjee kyle.baner...@gmail.com
 On Mon, Feb 11, 2013 at 1:02 PM, MJ Ray m...@phonecoop.coop wrote:
  It would also be very nice to replace the reCaptcha with something
  that allowed people who can't pass audio-visual tests to take part!
 
 I've always wondered what percentage of the population has trouble with
 reCaptcha challenges. I know I do.

The last test I saw that I thought was good enough was back in 2008 or
so by c|net and found that 10% failed the eyetests and 40% failed the
hearing tests.  Of course, both of those have become more complicated
since then, in order to keep ahead of automated recognition software.

I'd love to know if anyone has seen more recent findings, but I'd really
love it if the code4lib wiki could drop it.

Hope that informs,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] On-the-fly Closed Captioning

2013-02-07 Thread MJ Ray
Joe Hourcle
 If you watch most news programs these days, they seem to use some
 sort of automatic closed captioning, as it's just awful.  [...]

They're done by having someone speaking into a voice-recognition
system tuned to their voice while they're watching and listening to
the broadcast.  A sort of simultaneous interpreting but to/from almost
the same language.  Read more about it at
http://m.guardian.co.uk/theguardian/2011/jan/16/pigs-love-to-eat-willies
by World's sexiest deaf guy http://charlieswinbourne.com/

Hope that informs,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Group Decision Making (was Zoia)

2013-01-25 Thread MJ Ray
Shaun Ellis sha...@princeton.edu
 I suggest there is a set time period to submit objections as GitHub 
 issues and resolve them before we vote.  Whatever issues can't get 
 resolved end up in a branch/fork.  In the end, we vote on each of the 
 forks, or no policy at all.
 
 Does that sound reasonable?

No - for a whole shedload of reasons, but I'll just mention one:
GitHub demands everyone's full legal name, which some minority members
just won't be comfortable with giving.  For example, if they are
opposing some aspect of the policy or may risk their livelihood (does
the US military still do Don't-Ask-Don't-Tell?).

I'd also like to suggest Crowd-Wise
http://www.neweconomics.org/projects/crowd-wise as a possible way to
vote on such things without a majority dismissing a minority
almost every single time.

A quick summary: gather all ideas (including option 0 (do nothing) if
possible), carry out a de Borda (preference) voting round 1,
merge/amend/consolidate ideas to try to get consensus or at least an
overwhelming majority, then voting round 2 if needed.

Hope that helps,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Anybody using the Open Library APIs?

2013-01-22 Thread MJ Ray
David Fiander da...@fiander.info
 looking at the Open Library APIs.
 
 The documentation for the APIs is weak, and it looks like it hasn't been
 updated for a while. Has anybody used them much, or know what the state of
 ongoing development of them is?

I think they're used by Koha but I don't remember much more than that
- maybe it's enough of a pointer for someone to find the related code
and use it as an example.  Manual entry:
http://manual.koha-community.org/3.10/en/administration.html#OpenLibraryPrefs

Koha is at http://koha-community.org

Hope that helps,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] T-Shirt voting is now open!

2013-01-08 Thread MJ Ray
Ross Singer rossfsin...@gmail.com
 On Jan 7, 2013, at 7:25 AM, MJ Ray m...@phonecoop.coop wrote:
  It should at least mention that (fortunately, my organisation lets me
  enable javascript for specific sites) and ideally it should be allowed
  to vote without it, because some libraries are really locked down.
 
 I am skeptical of this claim.
 
 In 2013, if organizations are disabling javascript, tremendous parts
 of the web are broken for them.

Why?  In 2013, there are still libraries without internet access for
security reasons.  Of course, when it gets that drastic, it's beyond
help for vote.code4lib, but there are also many libraries using
heavily filtered connections.

That includes shared-whitelist-based permission systems, so they may
allow (say) LinkedIn to work, but I doubt they will have heard of
code4lib, let alone added it to their institutional whitelist.

I suspect I might have seen/heard of a disproportionate number of
locked-down sites, as FOSS LMS like Koha can run stand-alone, without
phoning home or license management authorisations, and its internals
can be reviewed.

I used to try ranting against them, but really, the number of browser
exploits that didn't work if javascript was disabled makes it a tough
call.  And on phones, it often becomes a whole-system exploit, like in
http://www.phonedog.com/2010/11/29/android-browser-falls-victim-to-javascript-based-exploit/
http://crackberry.com/rim-advises-disablng-javascript-your-blackberry-browser-after-exploit-discovered
and others.

https://www.symantec.com/security_response/writeup.jsp?docid=2008-011517-3725-99tabid=2
says, Users may also consider using tools that block JavaScript from
sites not on a whitelist and I feel that's the best approach now,
if you can.  NoScript.net for Firefox-based browsers, perhaps.

Finally, a lot of bigger websites do actually have versions which
don't require javascript, such as Twitter and Facebook - and they
provide them despite the drawbacks of not being able to invade their
users' privacy like they can with script.  Actually, one small problem
in asking people to switch to FOSS alternatives like StatusNet and
Diaspora is that they don't have non-js versions yet.

 That said, the diebold-o-tron is FLOSS
 (http://code.google.com/p/conferencekeeper/source/checkout -
 currently running from the 'diebold' branch), so patches welcome if
 you have the inclination to submit a non-js dependent version.

I've made a note of it and added it to our community TODO, but I've
not used Ruby on Rails for years so I may be some time.  How often are
votes / when's the next likely vote?

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] T-Shirt voting is now open!

2013-01-07 Thread MJ Ray
dre wrote:
 There's a sign-in button at the upper right of the voting page. This uses
 your code4lib.org username and password (not your wiki user/pass).
 
 Once you're logged in you should see the voting options.

Thanks for the email.  Now I've got a code4lib.org username, I tried
to log in.  I had to enable javascript to get the vote site to work at all.
It should at least mention that (fortunately, my organisation lets me
enable javascript for specific sites) and ideally it should be allowed
to vote without it, because some libraries are really locked down.

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Question abt the code4libwomen idea

2012-12-19 Thread MJ Ray
Jonathan Rochkind rochk...@jhu.edu
 On 12/18/2012 12:27 PM, MJ Ray wrote:
  Is there clarity that deliberately-discriminatory groups should have
  no platform in code4lib?
 
 If what you mean is if everyone agrees with you that a group created for 
 women in tech is bad, then, no, pretty much nobody else here agrees with 
 you.

Of course that's not what I mean!  I mean that if a group were
women-only, men-only, white-only, senior-only or
whatever-axis-you-like-only, then we feel it should be given no
platform in anything code4lib.

 I am not sure if I'd call such a group deliberately discriminatory, 

Me neither, as previously mentioned... I'm glad to see more
reassurance and hope that something will appear on libwomentech.tumblr.

 nor am I sure what qualifies as platform in code4lib, but for what 

A platform is any office, speaking slot, endorsement or so on.  It's
quite easy to find with a web search, but I'll assume Jonathan isn't
trolling and try to summarise: no platform policies are a tool used by
some organisations to exclude those acting against equality of
opportunity.  Here's one, which applied to a past employer of mine:

In pursuance of these aims any individuals or members of
organisation or groups known to hold racist or fascist views will
not be allowed to stand for election to any NUS office, or attend,
speak or otherwise participate in NUS conferences, meetings or any
other NUS events, and NEC members will not share a public platform
with an individual or member of a organisation or group known to
hold racist or fascist views.
-- http://www.nus.org.uk/PageFiles/306/NUS%20Constitution.pdf

[NUS = National Union of Students, NEC = National Executive Committee]

 you're really getting at, no, there is no clarity there, pretty much 
 nobody else agrees with you there.

I really hope that's not the case, that such groups aren't welcomed.

Hope that clarifies,
-- 
MJ Ray m...@phonecoop.coop
Setchey, Norfolk, England


Re: [CODE4LIB] Question abt the code4libwomen idea

2012-12-18 Thread MJ Ray
Steve Marks steve.ma...@utoronto.ca
 This false equivalency gets bandied around quite a lot in academic 
 circles (maybe elsewhere, but I lead a sheltered life). Let me assure 
 you that there is a significant difference between what goes on in a 
 standard pat leave and what goes on in a standard mat leave.

Yes, I agree with drawing a line between standard leave and extended
career-break child-rearing leave.  I didn't mean to suggest a false
equivalency so thanks for the help clarifying: the first bit of leave
is necessarily different for the mother, for the biological reasons
Steve outlines, and this is encoded in English law, 26 weeks of
Ordinary Maternity Leave vs 2 weeks of Ordinary Paternity Leave.
Extended leave is treated the same in law here, starting with 26 weeks
of Additional *aternity Leave and I feel that's probably correct.
https://www.gov.uk/maternity-leave https://www.gov.uk/paternityleave

So I still suggest that the issues around child-related extended leave
are not solely for women.

 I'm not arguing that there aren't many dads who do a great job of child 
 rearing, but in your average, everyday, heteronormative context, this by 
 default falls to the woman. [...]

Probably, and we should not support that default by suggesting such
extended-leave issues are only for libtechwomen, should we?

 Anyway, I hope you don't feel like people are piling on, MJ. I think
 it's a token of respect that every member of the code4lib community
 has for each other that folks *are* making the effort to understand
 and be understood.

I sort of both do and don't.  I do appreciate that people are making
the effort, but I do worry that other minorities are collatoral damage
of some vociferous support for this larger-minority single-issue
group, that few seem to be supporting a strong anti-discrimination
line and that it's not really clear what libtechwomen is yet.

Which brings me to an aside on a sidebar: thanks to everyone who has
sent private messages of support - mostly for good reasons, as well as
a few for reasons I don't agree with :-/ - and sorry for not replying
to each of them individually, but please consider posting in public.
I understand why some people won't out themselves, especially when
it would have far more life-changing consequences than the
audio-visual damage I've admitted, but I hope everyone's allowed to
express views publicly without prejudice or being challenged as to
whether and which minority.

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Question abt the code4libwomen idea

2012-12-18 Thread MJ Ray
Tim Donohue tdono...@duraspace.org
 However, I think some/many are taking offense to the implication that 
 'libtechwomen' is discriminatory or prejudice against men or minority 
 groups just because its name includes women. [...]
 To call a group discriminatory just because they initially planned to 
 concentrate on specific gender issues is just wrong (in my opinion). 

Whoa! Hang on a minute!  I don't think the name is great and I feel
that we could do better for a first support group, but I'm not
objecting to either of those.

It's not just because either of those and it's rather frustrating if
anyone still thinks it is.  (Similarly in the other email from Steve,
I never meant to suggest the completely spurious thing.)  My
objection arose because the opening post in this thread suggested it
would be discriminatory:
https://listserv.nd.edu/cgi-bin/wa?A2=ind1212L=CODE4LIBF=S=P=166649
described it as a group for just women.

There are later emails which claim otherwise. twitter.com/libtechwomen
and http://libtechwomen.tumblr.com/ don't say either way, as far as
I can see (if you'll excuse the pun).  I don't really want to hop on
IRC and ask because of past bad experiences with a previous group.

Is there clarity that deliberately-discriminatory groups should have
no platform in code4lib?  And is it sure that libtechwomen is not the
aforementioned women-only group?

Thanks
-- 
MJ Ray m...@phonecoop.coop
Setchey, Norfolk, England


Re: [CODE4LIB] Question abt the code4libwomen idea

2012-12-17 Thread MJ Ray
 in the UK population but I don't
know if it's better or worse in code4lib).  Was I wrong?

And one more time, I'm not dismissing the need for a support group.
I'm opposing the idea that any support group should be allowed to
discriminate.  If it doesn't, then go on with it, even if I'd prefer
that we worked together to broaden access to all minorities.

Hope that explains,
-- 
MJ Ray m...@phonecoop.coop
Setchey, Norfolk, England


Re: [CODE4LIB] Question abt the code4libwomen idea

2012-12-12 Thread MJ Ray
 On Mon, Dec 10, 2012 at 6:38 PM, Bess Sadler bess.sad...@gmail.com wrote:
  There have been some contradictory statements made about
  #libtechwomen because it was an emerging idea, and like code4lib,
  there is no formal power structure or authority. There is no
  requirement that one be female to participate, [...]

That is good to know and a big improvement.

  The suggestion has been made that the name libtechwomen might
  not be welcoming to someone who wants to participate but does not
  identify as a woman. We have already discussed changing it and
  welcome suggestions.

I suggest libtechEquality - any progress with other suggestions?

Cary Gordon listu...@chillco.com
 Are there folks out there who think that you can only be in one IRC
 room at a time? If I want to be in the #190cmtall room, nobody in
 #code4lib would know, nor would it be any of their business. Are there
 people here who really feel threatened by this?

That's not really a similar thing, but might indicate other problems.
Would we not be troubled by code4libanything, just because it could
be kept hidden and you could use code4lib anyway?

Regards,
-- 
MJ Ray
Setchey, Norfolk, England


Re: [CODE4LIB] Question abt the code4libwomen idea

2012-12-12 Thread MJ Ray
Wilhelmina Randtke rand...@gmail.com
 MJ Ray,
 
 OK, ctrl+F did not work, because the email said for just but you said
 just for.  Actually, no two words in your quote were in sequence in the
 email you tried to quote.  So much for ctrl+F.

I don't much like this attempt to Fisk me over putting a inside the
quote.  It's also largely beside the point: that a group for just
women would be discriminatory and should be Not In Our Name.

ctrl+F is forward-character... not sure what you mean there.
I misquoted a group for just women and quoted gender-specific
issues won't be addressed which you can see at
https://listserv.nd.edu/cgi-bin/wa?A2=ind1212L=CODE4LIBF=S=P=172323
and the thread opener said a small support and discussion group for
just women and gender-specific issues won't be addressed
https://listserv.nd.edu/cgi-bin/wa?A2=ind1212L=CODE4LIBF=S=P=166649
- most of the words in the quotes are in sequence, and the source text
is readily available too.  Those ideas should be rejected.

 Casual discrimination against women and disabled doesn't mean you get a
 pass to say none of this matters.  Interacting specifically with other
 people who have to live your issues and don't just look at them
 intellectually (this interaction is what the women here are trying to do)
 is not quite the same as denying that other people face issues (what both
 of us have experienced at some point).

I'm not denying there are issues.  I'm saying code4libwomen would be
another issue itself, rather than reducing them - it's a polluted
snake oil cure, making the sickness worse.

Personally, I also think that we shouldn't divide the equality
campaigns up, as we've more similarity than difference, but that's a
different point and it's not awful if we have to continue in silos.

 If it helps, I use Webbie and Thunder to audio browse websites I work on,
 because then I am more likely to notice glaringly obvious things like the
 recaptcha.  But, yeah, going into pretty much any subscription database
 with only audio from a screen reader is a lost cause.

Thanks for your consideration.  I wish you could help open up
wiki.code4lib.org - I can sign up for many things unaided, but maybe
the Equality Act here means access is slightly better.

Regards,
-- 
MJ Ray
Setchey, Norfolk, England


Re: [CODE4LIB] Question abt the code4libwomen idea

2012-12-10 Thread MJ Ray
Wilhelmina Randtke asked:
 When you say someone referred to a group just for women, did you mean
 when Bohyun Kim said interests in a space for women?
 
 Because if you did, then you should not have used quotes, since you were
 not quoting.  If that language you don't like came from somewhere else,
 then please be more specific, because I didn't see it at the start of this
 thread that I'm emailing on.

That language is in the second paragraph of the email dated Fri, 7 Dec
2012 16:13:47 + from Bohyun Kim, but I apologise for having put
the a in the quote marks.  It should have been outside them, as I cut
part of a small support and discussion group for just women.  I
guess I hit the editing keys badly on Friday.

It's very disappointing that no-one else seems willing to challenge
that behaviour and so many are actively supporting it.  I feel like
we're still in the dark ages.  Two wrongs do not make a right and two
discriminations - one unconscious and one conscious - does not make
equality.

Joshua Gomez suggested:
 [...] And I don't think that reverse discrimination is the true
 concern of most of those that have voiced opinions against a
 sub-community for women (at least I hope not).

I don't think that suggesting everyone who disagrees with one's view
is insincere or dishonest or something is a good idea.

Personally, my concern isn't that it is reverse discrimination - it's
that it is still discrimination.  I don't feel that past sins excuse
further ones.

 [...] And since I am not a member of the group that has been
 discriminated against I don't think I or anyone else not in that group
 should try to dissuade them from doing what is in their best interest.

I am not a member of *that* group that has been discriminated against,
but I am a member of one minority that is routinely discriminated
against in a pretty direct way - code4lib's wiki suggests we are not
human, as I mentioned in another mail on Friday:
https://listserv.nd.edu/cgi-bin/wa?A2=ind1212L=CODE4LIBD=0P=167926
- and I am not dissuading women from doing what is in their best
interest, but I believe setting up another discriminatory group is not
in anyone's best interests.  The best thing would be to do similar as
we do for accessibility and have mixed groups like fixtheweb.net
working together to dismantle the barriers.

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Mentorship Program

2012-12-07 Thread MJ Ray
Shaun Ellis sha...@princeton.edu
 Hi Rosalyn,
 I agree that we should encourage women to step up and mentor other women 
 at Code4Lib.  I also see the pairing of women mentors with women mentees 
 as fitting into an overall mentorship program, and I would be interested 
 in collaborating with you and others to help frame it out.

I think pairing would need to be done pretty carefully and I'm not
sure that only pairing women with women, for example, would be a good
thing.

Even ignoring my belief that it would be sexist, it could cause
practical problems by creating a feedback loop: fewer women in the
community probably means fewer women mentors available for women
learners, leading to slower promotion of women into the community.

Hope that explains,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Question abt the code4libwomen idea

2012-12-07 Thread MJ Ray
Karen Coyle li...@kcoyle.net
 [...] If it's successful, it's successful. If not, it'll fade away 
 like so many start-up groups.
 
 I'm astonished at the resistance to the formation of a group on the part 
 of people who also insist that there are no rules about forming groups. 
 I don't recall that any other proposal to set up a group has met this 
 kind of resistance. [...]

Well, will code4lib tolerate that discrimination?

Is the discriminatory language used in the start of this thread
appropriate for code4lib?

The thread opener does not describe an equality campaign.  It
described a group for just women and seemed to claim
gender-specific issues won't be addressed by any group other than
women-only.

It feels like code4lib may be giving up and that the anti-harrassment
policy is junk before it's given a reasonable go.

Of course, setting up discriminatory spaces isn't harassment directly,
so is on the fringe of the anti-harrassment policy.  Is there a
code4lib equality policy?  Could we agree that everyone should able to
use all of code4lib without distinction[...] such as race, colour,
sex, language, religion, political or other opinion, national or
social origin, property, birth or other status?  (Quote from UDHR)


Re: [CODE4LIB] Gender Survey Summary and Results

2012-12-05 Thread MJ Ray
Sara Amato sam...@willamette.edu
 On Dec 5, 2012, at 11:23 AM, Jonathan Rochkind wrote:
  Hmm, it's quite possible you know more about statistics than me, but...
  
  Usually equations for calculating confidence level are based on
  the assumption of a random sample, not a volunteering
  self-selected sample.
 
 I'd been staying out of this discussion, but the thought occurs to
 me that someone with access to the list of subscribers might run
 that against a list of traditional boy/girl names, and be able to
 make some guesses….

With my (rather dusty through lack of formal use) stats grad hat on,
I'd say Jonathan Rochkind is correct: the assumptions behind those
calculations are violated. http://www.jerrydallal.com/LHSP/ci.htm
explains more about confidence intervals, but the usual calculations
require independent random sampling.

(LHSP was a good web book and may be worth a read if you want help
with stats, but it seems that there won't be any more web editions for
now, thanks to the evil Kindle system.  If only it were FOSS.)

What happened here is sometimes called a Self-selected Listener Online
Poll, like the radio stations or newspapers do, and it's not random.
It may still be informative, but I'd not suggest the calculated
confidence intervals are valid.

Guessing from the names may be informative - especially about how many
people use forms that aren't easily identifiable in that way - but I
think the usual approach would be to use random numbers to draw a
sample from the subscribers and just ask those the detailed questions.
Then you could work out a CI and so on in the usual way.

Some years ago, I wrote more about surveying at
http://people.debian.org/~mjr/surveys.html#advice
if you want overkill.  Some links are stale at the moment.

Hope that helps,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Choosing fora. was: Proliferation of Code4Lib Channels

2012-12-04 Thread MJ Ray
Shaun Ellis sha...@princeton.edu
 On 12/3/12 2:14 PM, MJ Ray wrote:
  This listserv looks threaded to me.  Maybe you need to upgrade
  Thunderbird, although I could have sworn it's done threaded for
  a while now.
[...]
 Whether or not people would use such a tool in addition to the listserv, 
 I don't know.  Vote to Promote requires a critical mass to make it 
 worthwhile, but it's hard to gauge actual support without testing it.

Need it be in addition to the listserv?  What prevents making a
view of the list archives that adds a vote to promote features?

I'm a bit suspicious of such a thing, as it sounds dangerously
like it could easily become mob rule, Whuffie or another /. but
give it a go if you like, if you can do it without detracting
from the existing fora.  (Not that my blessing matters.)

  Unless you do something pretty silly - like insisting everyone
  register with github
 
 Unfortunately, in order to collaborate on the anti-harrassment policy, 
 you do need to have a github account, or lobby someone who does to make 
 a change for you. 

Really? I hoped if I wanted to do serious hacking, I could clone it on
git.software.coop and send a pull request.  If you use github *and
insist everyone else does* then you lose all the decentralised networked
collaboration benefits of git and it becomes a worse-and-better CVS.

 But I think most would agree that's better than 
 hashing out such details on this list.

Maybe, but most haven't read the github terms of service :-( I don't
want to get into a full list of its problems right now, but things
like legal full name shouldn't be required.  In the context of this
discussion, won't that mean that most genders and some other minority
attributes are going to be obvious and it'll discourage some people
who mostly use abbreviated names, nicknames or pseudonyms to hide
that?

So use github if you want to, but can we keep the door open to
collaboration from other git servers too, please?

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Choosing fora. was: Proliferation of Code4Lib Channels

2012-12-04 Thread MJ Ray
Jonathan Rochkind rochk...@jhu.edu
 On 12/4/2012 12:10 PM, MJ Ray wrote:
  Really? I hoped if I wanted to do serious hacking, I could clone it on
  git.software.coop and send a pull request.  If you use github *and
  insist everyone else does* then you lose all the decentralised networked
  collaboration benefits of git and it becomes a worse-and-better CVS.
 
 A pull request is a feature of github.com.  There is no feature of 
 git-the-software called a pull request.

I don't think that's correct.  GitHub was only launched in April 2008,
but here's a pull request from 2005:
http://lkml.indiana.edu/hypermail/linux/kernel/0507.3/0869.html

Here's the start of the relevant page in the git software manual:

[quote]
NAME
   git-request-pull - Generates a summary of pending changes

SYNOPSIS
   git request-pull [-p] start url [end]

DESCRIPTION
   Summarizes the changes between two commits to the standard output, and
   includes the given URL in the generated summary.
[/quote]

 Which of course doens't stop you from sending an email requesting a 
 pull. A pull, including from decentralized third party repos, is a 
 feature of git.

It sucks that github doesn't accept emails of such git pull requests
and do anything useful with them.  Ignoring the huge potential of
email coordination seems like missing a big feature of git.

 But yes, if you get used to the features of a particular free service, 
 you get locked into that particular free service. [...]

If one is locked in, that means it has an exit cost, so it's no longer
a free service.  The piper might just not need payment yet.

Hope that explains,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] anti-harassment policy for code4lib?

2012-12-02 Thread MJ Ray
Wilhelmina Randtke rand...@gmail.com
 I think maybe in librarianship in general, there is some trying to turn
 this around and use the same sexist advertising, but marginalize men
 instead.

I think this is a problem in society in general, not just
librarianship or technologists: aiming for some improbable perfect
balance of discrimination in all directions and misunderstanding that
as equality.  Such false friends are often uncovered when they suggest
that if anyone doesn't like their Gay/Black/whatever Scholarship or
Mentorship or whatever restorative scheme, those people should start
or make another scheme for Non-gays/Non-blacks/Non-whatevers.

So I'm disappointed but unsurprised to hear of male strippers at
events.  Like Karen Coyle, I'd love to know if anyone objected and
what happened next.

 On Fri, Nov 30, 2012 at 8:54 AM, James Stuart james.stu...@gmail.comwrote:
  This list is imperfect (I know several public incidents that aren't on here
  (recent DEFCON years aren't listed, The Amazing Meeting/ElevatorGate and
  various other skeptic convention incidents aren't on (possibly by
  design))), but it's at least a start, and hopefully a picture that sexism
  is an endemic, systematic problem right now in the geek convention world.
  http://geekfeminism.wikia.com/wiki/Timeline_of_incidents

Quite right it's imperfect!  It's correlated with time, money and
maybe an increasing number of smaller conferences with new,
inexperienced organisers...  I don't think the number of incidents
is particularly informative, either: we'd be unhappy with one, no?
So it may help to pick a random sample of the incidents and consider
whether the anti-harassment policy for code4lib would deal with it.

Moreover, I reject that we should place too much weight on that
resource for and about women.  It has some interesting links, but a
site with a Resources for men ghetto is not promoting equality well.

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] anti-harassment policy for code4lib?

2012-12-02 Thread MJ Ray
Erik Hetzner erik.hetz...@ucop.edu
 MJ Ray wrote:
  However, I'm saddened that I seem to be the first to object to the
  hand-waving (number of reports) and prejudice in the above
  paragraph.  The above problems seem more likely to arise from being
  drunk or being idiots than from being men. […]
 
 Starting from this incorrect position will lead to the wrong
 harassment guidelines being drawn up. Obviously the goal is equal
 respect, but you don’t get there by pretending that the root problem
 is drunkenness, or that men and women treat one another with
 disrespect in equal amounts. It’s not hand-waving to say that sexual
 harassment happens, and that (with negligible exceptions) it is is men
 who are the perpetrators. To pretend otherwise will not produce an
 effective anti-harassment policy.

Equally, we won't get an effective anti-harassment policy by making
incorrect assumptions (like it's negligible if the perpetrators are
not men) and ignoring the exceptional cases that don't fit those
assumptions.  I feel that no serious harassment should be neglected by
a true anti-harassment policy as suggested above.

It's difficult to say what the root problem is when talking in
abstract like the above, but if we believe equality is ever possible,
merely being men cannot be the root cause.  I feel that those who
suggest it is are just a different type of sexist who we must guard
against.

There are, of course, reasons why men perpetrate more in most
communities I interact with, many of which are to do with history and
where we're starting from, but things can and do change, both in
general and in small subcommunities, and we should be ready.

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] anti-harassment policy for code4lib?

2012-11-30 Thread MJ Ray
Esmé Cowles escow...@ucsd.edu
 Also, I've seen a number of reports over the last few years of women
 who were harassed at predominately-male tech conferences.  Taken
 together, they paint a picture of men (particularly drunken men)
 creating an atmosphere that makes a lot of people feel excluded and
 worry about being harassed or worse.  So I think a positive
 statement of values, and the general raising of consciousness of
 these issues, is a good thing.

I'm a member of software.coop, which helps write library software,
including Koha - we co-hosted KohaCon12 this summer.  Like all co-ops,
our core values include equality.  I would like to see an
anti-harassment policy for code4lib.

However, I'm saddened that I seem to be the first to object to the
hand-waving (number of reports) and prejudice in the above
paragraph.  The above problems seem more likely to arise from being
drunk or being idiots than from being men.  Please, let's treat all
groups with equal respect and reserve our ire for particular members
when they give us reason to do otherwise.

The anti-harassment policy should not be developed from a we need to
kick men into line standpoint.  As such, I suggest
https://github.com/code4lib/antiharassment-policy/blob/master/code_of_conduct.md
should say Discriminatory language and imagery (including sexual)
rather than leading with a special case of Sexual.

I also suggest generalising religion to religious beliefs to avoid
predictable attempts to insult some minorities and claim it's allowed
because they're not formal, organised or state-approved religions.

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Wikis

2012-07-25 Thread MJ Ray
Dhanushka Samarakoon dhan...@gmail.com
 Confluence is free for non-profits, but for academics they charge a reduced
 fee. http://www.atlassian.com/licensing/confluence
 
 If you just want a basic wiki mediawiki would work, but for more elaborated
 access control (and other features) Confluence would be better.

Atlassian are particularly insiduous, using dodgy tactics like free
first hits for FOSS projects and non-profits to try to get people
hooked and keep them away from the community using and improving free
software.  I've lost count of the number of times that I've heard
librarians criticising similar divide-and-conquer marketing efforts
like free-to-university-libraries from library service providers,
so I'm surprised to see people recommending it here!

I'm no big fan of mediawiki (mainly because its markup is incompatible
with earlier wikis, which confuses me every time), but it has a vast
range of extensions, so it's definitely not basic.  Much better to be
part of an information-sharing community, isn't it?

(I use trac's wiki and mediawiki on various projects.  I've contributed
to a few projects that use Confluence, but really don't like it.)

Hope that helps,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] First draft of patron account API

2012-06-22 Thread MJ Ray
 Jakob Voss jakob.v...@gbv.de 5/28/2012 04:04 AM  
 http://gbv.github.com/paia/paia-868166f.html
 http://gbv.github.com/paia/
[...]
 The API should be made available to end-users and to third parties. A
 mapping to RDF should be possible, similar to DAIA, but the first goal
 is to provide an easy and defined access for automatically accessing
 patron accounts. How would you make use of such an API?

We've a lot of other patron data in Koha and it would be good to
access that - and update it as well, auth permitting.  Should we
extend PAIA or is there another standard that we should consider?

(Of course, Koha can use things like LDAP for its patron data,
but for various reasons, some libraries want Koha as primary store
and SIP is a bit hard-core and doesn't cover all updates.)

Thanks for any feedback,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Issue Tracker Recommendations

2012-02-22 Thread MJ Ray
Cynthia Ng cynthia.s...@gmail.com
 What does your institution use?
 What do you like and dislike most about it?
 Would you recommend it to others?

RT and Trac.  RT has tons of features, is easy to extend and build
lots of dependencies on, which is why it's still in use, but it can be
a bit annoying/clunky to use, especially its web interface; whereas
trac is easier to set up and use almost as easy to extend, although in
a rather different way.  I'd recommend Trac to others.

I'd also like to nominate Jira, FogBugz and Pivotal Tracker as ones
to run away from, mainly due to past bad experiences of email-mangling
and/or upload-mangling.

Hope that helps,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Koha in the Running

2012-01-14 Thread MJ Ray
Jon Gorman jonathan.gor...@gmail.com
 There's vendors/companies that develop for and support Koha.  Open
 source and vendor/commercial activity are not  mutually exclusive.

Yes, exactly!  I work for a commercial vendor (software.coop) which
has done all of the following combinations:
 Open Source ILS / local servers / no support contracts
 Open source ILS / hosted / no support contract
 Open source ILS / hosted / support contract
 Open source ILS / hosted / no support contract

We've even done Open Source ILS / local servers / multiple support contracts.

Someone else mentioned Marshall Breeding's ILS survey.  It has some
numbers, but I don't think they cover all of the above situations (so
we encourage most co-op libraries to report as Independent if at all),
as I comment almost every year (along with suggesting that having the
survey open-sourced could offer big improvements).

 And you could distinguish between support and development contracts,
 with the nice advantage of open source you can always change vendors
 or fund someone who's not your usual developer group depending on how
 the community around the project has been established.  Harder to do
 that with proprietary software, but I've still heard of it happening.

Even with open source, you have to make sure that you can export and
import your data.  Most vendors that support Koha-community.org do
offer that, in support of the Open Network Libraries idea.

Hope that informs,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Any ideas for free pdf to excel conversion?

2011-12-14 Thread MJ Ray
On Wed, Dec 14, 2011 at 6:08 PM, Matt Amory matt.am...@gmail.com wrote:
 Just looking to preserve column structure.

I'd probably try something like ps2ascii and then sed it into a csv
which I understand that excel can load like libreoffice/openoffice can.

More webbily, maybe scraperwiki.com can help.

In general, it is rather like trying to rebuild a pig from sausages. :(

Good luck,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Linux Laptop

2011-12-14 Thread MJ Ray
Bill Dueber b...@dueber.com
 Because, really, you'll spend time futzing with linux, trying to get stuff
 to work, cursing the many clipboards and config files and losing
 productivity up the ying-yang because you're using a different (and, few
 would argue, degraded) user environment.

I don't see how anyone would argue with a straight face that a good GNU
or lovely Linux is an upgrade from the Windows 7 Starter bad joke...
but I know that's not the starting point here.

I humbly suggest that long futz times are only necessary these days
when most of the following combine:

 1. unsupported/hard-to-support hardware (maybe bought for compatibility
with another even-fussier operating system?);

 2. control-freakery (it must work/look exactly THIS way RIGHT NOW
without me doing much);

 3. not good at asking for technical help online or being patient with
LUGs;

 4. not willing to find and/or pay local experts;

 5. not willing to search/read the copious fine manuals or debug logs.

But maybe my view is coloured by using the MacOS-like gnustep on
debian for aaages (so good package management more than makes up for a
bit of configuration... it's basically the same package management
system as ubuntu or mint use), so I can set up the basics fairly
quickly and I'm quite tolerant of X11/GTK apps like firefox being
common on my desktop.  I guess newcomers still have to get used to
basics like having 5 or more useful mouse buttons instead of 1...

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/


Re: [CODE4LIB] Patents and open source projects

2011-12-06 Thread MJ Ray
Erik Hetzner erik.hetz...@ucop.edu
 MJ Ray wrote:
  Will people please stop suggesting that PTFS's attempts to register
  Koha trademarks in various jurisdictions are somehow because of
  inattention on the part of the Koha users and developers?
 
 It was my intention only to suggest that trademark issues were
 something that one needs to pay attention to, not that the Koha
 community had not paid attention to trademark issues. Thanks for
 clarifying the issue: I was unclear.

OK, sorry, I'm probably a bit sensitive because of some of the crazier
press coverage that we've had, suggesting that users or developers
should have done various things - often contradictory - but like the
old saying goes: the price of freedom is eternal vigilence.

My personal opinion is that it wouldn't matter if friendly people had
already registered it as a NZ trademark for whatever class covers
software (and I understand someone has a similar trademark for it).
Aome ratbags could still come along, register it for another class
(books, perhaps), slip past the regulator by mistake and screw with
the community for a while.

Trademarks aren't quite as awful as patents, but they're not far off.
Neither are as narrow and straightforward as copyright can be and are
much more expensive to defend.  They're a bottomless pit for resources
and ideally private trademarks and patents should not be allowed for
FOSS.

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] Patents and open source projects

2011-12-06 Thread MJ Ray
Nate Vack njv...@wisc.edu [...]
 Not allowing trademarks and patents for FOSS is complex if they're
 allowed for software at all -- should someone reading a patent and
 providing a free implementation invalidate that patent? That's the
 exact opposite intent of patents. (Note: I think software patents
 should not exist at all.)

Mathematics is not patentable, at least here and at least so far, so
yes, if the full implementation in software alone is obvious, it
clearly isn't a valid patent.

 If FOSS projects are immune to trademark suits, should I be able to
 start a competing open-source catalog and call it Koha or Evergreen?
 That seems like an undesirable outcome.

As I understand it, if you did, even without a trademark, you would
still probably be committing a range of civil offences, including
passing off and various advertising or trade descriptions offences,
in English law at least.

The main thing a registered trademark brings to that party is
criminalisation (and so the ability of government agents to prosecute
autonomously, at the taxpayers' expense and regardless of the wishes
of project contributors) and I feel that's neither necessary nor
desirable.

Hasn't this happened already, though, with Liblime starting some
competing Kohas and using trademark registrations to back up their
failure to rename their forks?  (Although most of us call them LAK,
LEK and LK, to try to reduce the confusion.)

Which brings me to a question which probably people here can help to
answer: are there similar civil offences of passing-off, misleading
advertising and trade misdescriptions in the US?

Thanks,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] Patents and open source projects

2011-12-05 Thread MJ Ray
Emily Lynema emily_lyn...@ncsu.edu
 A colleague approached me this morning with an interesting question that I
 realized I didn't know how to answer. How are open source projects in the
 library community dancing around technologies that may have been patented
 by vendors? We were particularly wondering about this in light of open
 source ILS projects, like Kuali OLE, Koha, and Evergreen. I know OLE is
 still in the early stages, but did the folks who created Koha and Evergreen
 ever run into any problems in this area? Have library vendors historically
 pursued patents for their systems and solutions?

In short: bad patent laws are a problem, but not unique to FOSS.

I think we're dancing around technologies that may have patents in the
same ways that all developers do: basically, we avoid famously
patented tech and try to use well-known libraries as much as possible
(safety in numbers, at the cost of chilling some innovation), but
hoping that we don't pass too close to any submarine patents.

The worrying one I've seen recently has been 3M and SIP.  It took
quite a few rounds on the SIP 3 message boards before (as I understand
it) we were assured that no patents held by 3M would necessarily be
infringed by implementing SIP 3.

3M accused Envisionware but I don't remember the detail or know the
current situation.

I probably ask more questions about this than many, even though I work
for a software developer and am fortunate to work in a country where
mathematics - which includes software - is explicitly excluded from
patents.

Hope that informs,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] Patents and open source projects

2011-12-05 Thread MJ Ray
Erik Hetzner erik.hetz...@ucop.edu
 1. 
 http://www.softwarefreedom.org/podcast/2011/aug/16/Episode-0x16-Legal-Basics-for-Developers/
 Basically, the standard advice for patents is what Mike Taylor gave:
 ignore them. Pay attention to copyright and trademark issues (as the
 Koha problem shows), but patents really don’t need to be on your
 radar.

Will people please stop suggesting that PTFS's attempts to register
Koha trademarks in various jurisdictions are somehow because of
inattention on the part of the Koha users and developers?

Any project can always suffer from some ratbag try to register its
name as a trademark, regardless of it being a historic treasure (in
NZ, so I'm told) or in use in commerce by others before them.  That
doesn't make the ill-gotten registration valid: it should just make it
a nuisance for a short while until the rightful users gain or overturn
the ratbags' registrations.

Hell, someone tried to register Linux as a trademark once, didn't
they?

The alternative is to pay the protection rackets (also known as
trademark registrars) before it's a problem, rather than spend that
money creating projects that are worth defending.  Spend today, or
gamble and maybe spend tomorrow?  It's a choice.

Hope that informs,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] SV: [CODE4LIB] Plea for help from Horowhenua Library Trust to Koha Community

2011-11-28 Thread MJ Ray
Jonathan Rochkind rochk...@jhu.edu
 But I think it's worth drawing the community's attention to this issue. 
 Whether it's important that the Trust have the right to legally stop 
 someone from calling something Koha that isn't Koha (the trademark 
 owner is ultimately going to be the one that has the legal power to 
 decide what is really Koha or not. Which is what, i'm confident, has 
 LibLime worried, since some parts of the  Koha community have already 
 accused LibLime of calling something Koha that is not.)

I don't think many care about the Trust having that power, but LibLime
having that power is a very scary thought.  If they get this
trademark, could they try to assert that Koha is only LLEKoha or
LLAKoha or whatever their fork is now called and try to obstruct the
user community release process?

Except, of course, that LibLime is only the inheritor of the first
developer, while the Trust is the first user, so the Trust should win
out of those two: the buyer of that bespoke software came first.

It's a pretty sorry state of affairs that the music+movies control
freakery has led to processes that allow this sort of attempted
software control freakery.  Surely the buyer should have more say over
what they call their purchase than the seller?

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] Plea for help from Horowhenua Library Trust to Koha Community

2011-11-22 Thread MJ Ray
Mike Taylor m...@indexdata.com
 So your best bet may be to shrug and let them have the old name for
 their proprietary fork.  Just come up with a new name for the open
 codebase, let the world know, and move on with doing more useful
 things -- spending what money you have on coders and cataloguers
 rather than lawyers.

Two things which may not be widely known here:

1. HLT was the original commissioner and I believe they have been
using Koha continuously in delivering their library service since
then.  If they of all people are not allowed to share control of the
name, then basically no FOSS project name is safe for its users.
Ever.

2. Koha means akin to gift.  The irony of trying to trademark that
word in particular is mindboggling and should shame PTFS in the eyes
of everyone who likes sharing information - basically all of us who
are involved with libraries at some level, isn't it?

So, please give generously to HLT's ratbag-repelling fund.  There
are wider issues at stake for users and coders for libraries.

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] web spam block less awful than Captcha?

2011-10-25 Thread MJ Ray
Jonathan Rochkind rochk...@jhu.edu
 On 10/24/2011 1:15 PM, MJ Ray wrote:
  trying to design things so that the return on investment
  for spammers is fairly low,
 
 In my experience, this is irrelevant. I have spammers spamming my ask a 
 librarian a question link, which _only_ results in email to a 
 librarian's inbox (several of them actually). [...]

In that example, they get unfettered priority access to an inbox.  If
it's an easy form to submit, that's a high enough RoI for spambots.
How is that irrelevant?

As others have noted, a honeytrap field seems the most obvious
addition to such a form.  I'd also be fairly liberal with the
blacklisting, as long as alternative contact routes are given (like
how to reach a librarian in person or by phone).

A two-step form would also cut the spammers drastically, in my
experience, but then you're adding a little cost for regular users.
A preview step might result in clearer questions, though!

Hope that informs,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] code4lib g+ hangouts

2011-10-18 Thread MJ Ray
Jonathan Rochkind rochk...@jhu.edu
 Many of us have been using the IRC channel for just this purpose for 
 years, and anyone is welcome to. Personally, I still haven't used g+, 
 and don't know when/if I will, I'm overwhelmed with internet already!

Also, IRC is pretty accessible and open and not under the control
of one private-sector corporation.  I'm somewhat disappointed
that g+ is being adopted so uncritically.  Has faceblocking not
taught the library world anything yet?

Anyone got handy tips for diaspora or friendika, by the way?

Thanks,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] in step with disclosing our ideas to OCLC Inc.

2011-10-18 Thread MJ Ray
Frumkin, Jeremy frumk...@u.library.arizona.edu
 So, I would like to chime in here that this list is primarily
 focused on coding and technical issues. While everyone is entitled
 to their opinion on OCLC or any subject for that matter, in my
 opinion this thread really isn't pertinent to the focus of this
 discussion list.

Sorry.  I forgot CODE4LIB overrides the reply commands (both reply and
reply-to-list go to the list).  However, maybe some OCLC members
could get opening the tech discussed at that meeting too.

If anyone would like an explanation of the co-op difference,
please mail me off-list!

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] does your OPAC pass HTML validation?

2011-06-20 Thread MJ Ray
Ken Irwin kir...@wittenberg.edu
 Do catalogs even validate out-of-the-box? (I've never set up an OPAC
 before, I have no idea what out-of-the-box might actually look
 like.)

Testing the demos suggests that koha 3.2 only fails because of a
stupid mistake (missing a / on a hr when we declare as xhtml)
and koha 3.4 has a few extra errors that may arise from the recent
switch to template toolkit.

So validation is definitely achievable with Koha.

Hope that helps,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] New xforms4lib Google Group

2011-05-27 Thread MJ Ray
Ethan Gruber wrote:
 While I imagine that most people on the old xforms4lib list are also on
 code4lib and will thus get duplicative emails, I wanted to briefly announce
 that xforms4lib is migrating to a Google Group.  This will provide greater
 flexibility than the old system, which required list admins to be U.Va.
 members, I think, and will also allow the archives to be indexed by search
 engines.

Could you make it so that people can subscribe by email, without
signing up for a Google account, please?

code4lib readers - anyone know what setting(s) to make that happen?

Thanks,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] Webinar information for today's Virtual Lightning Talks

2011-05-03 Thread MJ Ray
Peter Murray peter.mur...@lyrasis.org wrote:
 Second, some comments I got were about cranky Java applets and
 applications.  LYRASIS has two conference tools at its disposal --
 Java-based Centra and Flash-based Acrobat Connect -- and I chose
 Centra because running Flash on LINUX is an issue.  Maybe this will
 need to be revisited (or maybe there is another Java-based
 conference system that can do better).

I think Centra only runs in Sun Java while Acrobat Connect only runs
in Adobe's Flash - neither work in any of the FOSS ones - so that
choice is between the devil and the deep blue sea to me.  It's the
same argument as Open Access but for online conferencing instead of
journals.

It's quite frustrating that Moodle, LernID and Muji are all close but
not quite there, as far as I can tell.  I'd love to help fix this, but
I don't have a funding stream available for it.  Does anyone on this
list know who does?  (I don't care who does it but I'd love to see
this problem solved!)

Thanks,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] Excel file to Dublin Core?

2011-03-02 Thread MJ Ray
Matt Butler wrote:
 Depending on how your Excel file is set up, the least painful way
 might just be to do it all in Excel. Add columns in between each
 field, throw XML strings into those, then concatenate each row into
 a single cell at the end of the row and copy-paste that final column
 out. If you want cleaner XML (i.e. one attribute per line rather
 than the all the item's attributes strung together) you can add
 regular expressions in with your XML and parse them out later.

I've done something similar to the above recently and it seems to be
the most efficient way.  The process was actually: Excel file (with no
tabs in it) to tab-separated-values to TSV-with--replaced to XML.

The most time-consuming part of getting bibliographic data out of
spreadsheets into an XML format is finding special-but-invalid cases
in the spreadsheet - because a spreadsheet probably didn't check for
it and your XML-using tool probably throws them out.  So I think it's
more efficient to keep the toolchain as short as possible because you
may want to repeat it a few times to get as good as it gets.

Good luck!
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] SV: [CODE4LIB] AGPL for libraries (was: A to Z lists)

2011-02-18 Thread MJ Ray
Tony Mattsson asked:
 What I would want is a license that keeps the software free, and
 that people has to make improvements availible. Any suggestions?

I feel that those two aims are incompatible: you cannot give people
freedom *and* require them to do a particular act.

Even the AGPL only requires that service users get the code. They do
not have to be generally available.  So AGPL doesn't achieve your
second aim either.

Personally, I don't feel it's worth the extra burdens of AGPL, but if
you do, then please give people permission to distribute only their
improvements (instead of the whole damn codebase) and say that their
app can stay online without checking whether source is available right
then.

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
Past Koha Release Manager (2.0), LMS programmer, statistician, webmaster.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] Looking for OAuth experts

2010-10-14 Thread MJ Ray
Ross Singer wrote:
 Unlike Twitter, however, we're starting from nothing.  There's nothing
 currently invested in ILS-DI clients that would break by committing
 solely to OAuth (or anything, for that matter).

Are you sure there's nothing currently invested?  I thought the Koha
community was already implementing ILS-DI so I assume there's some
client using it, as people don't tend to fund useless developments.  I
don't remember if any of the co-op's client libraries are using it
yet, though.

[ILS-DI]
 It's no longer under the auspices of the DLF and the priority of
 functionality has changed. [...]

OK, if it's no longer under the auspices of the DLF are you still
in contact with BibLibre?

 Indeed, and I hope the reply was likewise helpful.

It was.  More answers than questions, which is always good!

That said, I'm still not seeing the benefits of OAuth for ILS-DI
compared to existing HTTP authentication and authorization methods,
really.

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
Past Koha Release Manager (2.0), LMS programmer, statistician, webmaster.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] Looking for OAuth experts

2010-09-20 Thread MJ Ray
j.g. pawletko wrote:
 I haven't implemented OAuth, and you may have already read this,
 but if not: ArsTechnica wrote a critique of the Twitter OAuth
 implementation that may be of interest.  You can find that article
 here: http://bit.ly/c88aa7

The co-op has been working on OAuth recently, including for Twitter.
I feel the above is an accurate summary.  In short, OAuth isn't ready
yet and it would be very disappointing if ILS-DI adopts it.

What other options is ILS-DI API group considering?

Hope that helps,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] Looking for OAuth experts

2010-09-20 Thread MJ Ray
Jonathan Rochkind wrote:
 Can you give some details (or references) to justify the belief that 
 OAuth isn't ready yet?  (The fact that Twitter implemented it poorly 
 does not seem apropos to me, that's just a critique of Twitter, right?).
 
 I don't agree or disagree, just trying to take this from fud-ish rumor 
 to facts to help me and others understand and make decisions.

The problems with Twitter's poor implementation have been compounded
by bad management decisions like switching off HTTP authentication and
an amazing policy on key invalidation, but I agree that's not the
fault of OAuth.

The key point is in the http://bit.ly/c88aa7 that Joe posted: how can
one publish an OAuth-using client that's not easy to impersonate?

Requiring every user to fill out registration forms and cut-and-paste
key strings into a client is not going to fly, so it seems like it
can't be done except on a very locked-down platform, because the
consumer secret is distributed to users' systems in the app.  So you
either ignore the key parts of the 1.0a version (which means that the
standard needs revision IMO, so is not ready yet), or you jump ahead
to the 2.0 draft, which is not ready yet because it's still a draft.

Personally, I think the right answer would have been to keep HTTP
authentication over HTTPS and have some slick way of creating
subsidiary usernames with limited privileges for apps, but there's
probably some better solution that I'm missing.

Aside 1: will 2.0 ever work and be ready?  Its editor Eran
Hammer-Lahav criticises its current state at
http://hueniverse.com/2010/09/oauth-2-0-without-signatures-is-bad-for-the-web/

Aside 2: to be fair, I'll point out that Eran Hammer-Lahav criticises
the ars.technica article at
http://hueniverse.com/2010/09/all-this-twitter-oauth-security-nonsense/
but does mention that there is no solution [...] for a distributed
application - does that mean OAuth isn't fit for FOSS?

Hope that helps,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] Looking for OAuth experts

2010-09-20 Thread MJ Ray
Ross Singer wrote:
 Agreed on this assessment, Jonathan.  MJ, can you extrapolate on your
 concerns, because that Ars Technica article is not going to cut it for
 anything more than to avoid the choices that Twitter made.

I've just sent another message trying to do that.  Hope it helps.

 And even by the standards of that article, I'm not sure that OAuth is
 inappropriate for the ILS-DI's use cases which are:
 
 1) server-to-server communication as the first priority
 2) something relatively standardized and abstracted enough to allow
 for institutions' local authentication mechanisms.

I think FOSS servers would be affected by the published-key spoofing
flaw too, wouldn't they?

Some of the projects that want to support ILS-DI are FOSS - one of the
Koha support companies signed some ILS-DI announcement IIRC, while
another wrote some of the code to implement it.

 Which basically spells out the problem the ILS-DI group is facing:  an
 incomplete, but evolving standard with heavy industry support, or...
 nothing.

Glad to see it's recognised that OAuth is incomplete. 

I've heard as much opposition as support among developers.  On the one
hand, it's more work to sell.  On the other, they're now even more at
the mercy of big service providers who can break their applications
(and so eat their support budgets) at will.

 We are still very much in the fact-gathering stage, so any suggestions
 are welcome.  [...]

If the problem that the group is trying to solve was explained on this
list, readers might be able to offer suggestions.

Hope that helps,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] Looking for OAuth experts

2010-09-20 Thread MJ Ray
Jonathan Rochkind wrote: [...]
 But if you just want to publish an OAuth-using client that's not easy 
 to impersonate -- well, it depends on what you mean. Do you mean you 
 want the server to know that the client application, that is distributed 
 to end-users,  is The Twitterific Client, in a crypto-secure way?  You 
 indeed can not do that. This is not OAuth's fault, it's the universe's 
 fault.  There is no way to do this absolutely reliably, although the DRM 
 people sure try, and Facebook tried, causing the problems that blogger 
 was complaining about. There's no other solution that will do that 
 either, it's not a unique failing of OAuth, and it's not the problem 
 domain OAuth was trying to solve, mainly.

Mainly?  Why does it include something that even looks like a solution
to a problem that is actually insoluble?

What problem was it trying to solve?  If it was a process for
end-users to authorize third-party access to their server resources
without sharing their credentials then I feel a simpler method is
possible, as described below. (Quote from RFC 5849)

 Do you not care about authenticating that the client software is The 
 Twitterific Client, but you just care about knowing that Joe Smith has 
 authorized it (whatever it is) to access Joe Smith's twitter account?  
 Ah, now THAT is indeed the use case of OAuth. The first one was not the 
 use case of OAuth, and Facebook trying to use OAuth anyway to accomplish 
 it is what causes the problems.

What is the use case?  http://oauth.net/core/1.0a/ claimed OAuth
creates a freely-implementable and generic methodology for API
authentication.  Shouldn't we expect generic authentication to
include authenticating both peers?

I feel that OAuth has tried to be jack of all trades.

 How do you do this?  By, as mentioned in the blog post you cited, 
 following the OAuth specs recommendations, unlike Twitter:
 
 In many applications, the Consumer application will be under the 
 control of potentially untrusted parties. For example, if the Consumer 
 is a freely available desktop application, an attacker may be able to 
 download a copy for analysis. In such cases, attackers will be able to 
 recover the Consumer Secret used to authenticate the Consumer to the 
 Service Provider. Accordingly, Service Providers should not use the 
 Consumer Secret alone to verify the identity of the Consumer. [right 
 from the OAuth spec; that Twitter may have ignored this is not OAuth's 
 fault].

I think we're rehashing what's written in links already posted, but
that section continues Where possible, other factors such as IP
address should be used as well which seems somewhat inadequate
as an authentication component.

The specs don't really give any positive direction on how to handle
published Consumer applications, so I feel it's not surprising that
Twitter and others filled the vacuum with silliness.

 Yes, to do this, OAuth requires one of two workflows, neither ideal:
 1) Redirect to Twitter where the user logs in, and is then redirected 
 back [...]
 2) Have the user enter their twitter login/password directly in client 
 application, which then sends it on to twitter. [...]
 Not ideal, true. But no other solution is going to do better, because 
 that's just how the universe works, unless some genius can come up with 
 something nobody's thought of yet. 

The authentication workflow isn't the problem.  It's this consumer
secret nonsense.  I've been pointed at Yahoo's CCK which looks like
an API to work around this problem with OAuth:
http://developer.yahoo.com/oauth/guide/create-consumer-key-guide.html

But what's wrong with the idea of a CCK-like way of creating a
subsidiary username with limited privileges and communicating that
back to the app for use?  The authentication workflow can even be the
same.

In other words, apart from this consumer secret confusion, what does
OAuth add to this field which wasn't already there with HTTPS
authentication and cookies?

Confused,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha


Re: [CODE4LIB] open source proxy packages?

2010-08-15 Thread MJ Ray
Brian Tingle wrote:
 apache httpd has a mod_proxy module can let apache act as a proxy server.
 
 http://httpd.apache.org/docs/current/mod/mod_proxy.html
 
 You should be able to use this with htpasswd files you would use to
 secure a web directory with apache.

You can also combine it with Nick Kew's mod_proxy_html
http://apache.webthing.com/mod_proxy_html/ to fix any websites that
are sending absolute URLs (which many publishers do).

But I've been implementing this for a few sites for a few years and
it's still basically an unsustainable game of trying to keep updating
the proxy configurations to match changes made by website publishers.
Publishers generally don't announce or document changes and even
sometimes refuse to discuss them with their paying customers!

So, if you can, I'd go for distributed authentication like Shibboleth.

Does OCLC automatically update EZProxy configuration to match
website publisher updates?

I'd be happy to develop and supply free and open source proxy
configurations with a wiki of sample configurations based on our past
experiences.  We'd troubleshoot and contact publishers when needed.
Would anyone be interested in subscribing to such a service from the
co-op?

Thanks,
-- 
MJ Ray (slef) Webmaster and developer for hire at | software
www.software.coop http://mjr.towers.org.uk|   co
IMO only: see http://mjr.towers.org.uk/email.html |   op


Re: [CODE4LIB] change management system

2010-02-22 Thread MJ Ray
Boheemen, Peter van peter.vanbohee...@wur.nl
 Never experienced any problem with FogBugz sending email.

But do those emails follow the RFCs?  In particular, do they have
a full set of both MUST and SHOULD headers?

 Mail integration is fabulous. Ofcourse you can send email notifications,
 but it also accepts mails and automatically creates cases from them. It
 can even learn to categorize these cases as belonging to certain
 projects and also uses bayesian filtering to detect spam.
 You can send an email from a case and replies will automatically be
 linked to this case.
 If you send an email to fogBugz it will be added to the case when it
 finds the case number preceded by the word 'case' in the subject. It is
 certainly useful to try it out. [...]

As mentioned, I've tried fogBugz and changed supplier to avoid having
to use it.  I'm not sure if it was fogBugz or the supplier that was
broken.  It doesn't much matter when it's costing money.

RT will do almost all of the above (email notifications and receipt,
automatic task creation, email from a case, subject-line linking and
you can specify the prefix - watch the hilarity when two fogBugz
systems email each other), but I think the project categoriser thing
is an add-on and we use our regular spam filters (building it into
each email-connected application seems wasteful).

Hope that helps,
-- 
MJ Ray (slef)  Webmaster and LMS developer at | software
www.software.coop http://mjr.towers.org.uk|   co
IMO only: see http://mjr.towers.org.uk/email.html |   op


Re: [CODE4LIB] change management system

2010-02-15 Thread MJ Ray
marijane white marijane.wh...@gmail.com
 FogBugz seems really fabulous.  In my previous career as a QA engineer, my
 team was planning to try it out, but our employer went out of business
 before we had a chance to pilot it.

Is FogBugz able to send RFC-conformant emails?  The only supplier
I've met that used it hadn't got it to sent good emails, so they
got spam-filtered far too often, so we changed supplier.

Our co-op uses RT, but not in a very visible-to-clients way.

Hope that helps,
-- 
MJ Ray (slef)  Webmaster and LMS developer at | software
www.software.coop http://mjr.towers.org.uk|   co
IMO only: see http://mjr.towers.org.uk/email.html |   op


Re: [CODE4LIB] Online PHP course?

2010-01-10 Thread MJ Ray
graham wrote:
 MJ Ray wrote:
  I'll send a note to suggest that any Koha ones are mentioned here.
  I hope it will be using something like Lernid or Muji rather than
  selling us out to the private sector Skype, though ;-)
 
 muji? can't find any references to it - is it a typo?

Muji can be found at http://telepathy.freedesktop.org/wiki/Muji
for now.  Multi-way video conferencing using Jingle protocol.
Not ready for prime-time yet, but looks like it might offer a
way to break out of the multiple incompatible proprietary
servers and clients.

Hope that explains,
-- 
MJ Ray (slef)  Webmaster and LMS developer at | software
www.software.coop http://mjr.towers.org.uk|   co
IMO only: see http://mjr.towers.org.uk/email.html |   op


Re: [CODE4LIB] Online PHP course?

2010-01-07 Thread MJ Ray
Tim Spalding t...@librarything.com wrote:
 I wonder if Code4Lib would ever be a good outlet for online
 programming tutorials or hack sessions. I mean, get 10 people on
 Etherpad or CodeArmy together, and Skype, and you could learn a lot,
 and do a lot.

I'll send a note to suggest that any Koha ones are mentioned here.
I hope it will be using something like Lernid or Muji rather than
selling us out to the private sector Skype, though ;-)

Regards,
-- 
MJ Ray (slef)  Webmaster and LMS developer at | software
www.software.coop http://mjr.towers.org.uk|   co
IMO only: see http://mjr.towers.org.uk/email.html |   op


Re: [CODE4LIB] Online PHP course?

2010-01-06 Thread MJ Ray
Thomas Krichel kric...@openlib.org wrote:
   Joe Hourcle writes
  ps.  yes, I could've used this response as an opportunity to bash
  PHP ...  and I didn't, because they might be learning PHP to
  migrate it to something else.
 
   controversial ;-)
 
   what's the problem(s) with PHP?

Oh please don't nuke the list from orbit like that!  I hope that
this is a balanced enough reply to keep everyone happy:

Our experience is that PHP hosting environments vary much more, most
PHP code is a mess (PHP-based software was part of 35% of the
U.S. government's National Vulnerability Database in 2008 -
http://www.coelho.net/php_cve.html) and few things (code and hosting)
move between the different major versions smoothly.  It's a personal
home page tool which has grown massively, for better or worse.

BUT! Even after all that, software.coop still supports some PHP
applications because they can work well and be very useful, though
we're under no illusions about PHP's warts.

Hope that helps,
-- 
MJ Ray (slef)  Webmaster and LMS developer at | software
www.software.coop http://mjr.towers.org.uk|   co
IMO only: see http://mjr.towers.org.uk/email.html |   op


Re: [CODE4LIB] T-shirt Design Contest

2010-01-04 Thread MJ Ray
Michael J. Giarlo wrote:
 We've talked before about setting up a code4lib CafePress store.
 Maybe we've already done it?   It's an idea, at least.

Does CafePress sell ethical and organic cotton t-shirts?  I feel we
should try to avoid taking Uzbekistan's children out of school to
make library-related clothing if we can.

More information and links at
http://www.news.software.coop/are-your-free-software-t-shirts-ethical/112/

Thanks,
-- 
MJ Ray, member of www.software.coop Experts in web and GNU/Linux
(TTLLP # in subject emails = copy to all workers unless asked.)
Turo Technology LLP, reg'd in England+Wales, number OC303457
Reg. Office: 36 Orchard Cl., Kewstoke, Somerset, GB-BS22 9XY


Re: [CODE4LIB] Bookmarking web links - authoritativeness or focused searching

2009-10-01 Thread MJ Ray
Andrew P wrote:
 Also worth mentioning is a new site SiteCite.com that
 allows you to organize web links with custom URLs.  It was created by a 
 library programmer and has
 discovery tools so that bookmarks are easily retrievable. [...]

I'm surprised that a library programmer has put the We need to make
sure you are a human Google-reCaptcha insult on their sign up page.
It's even on their contact form, so we can't even tell them about it.
(If you don't see the messages which suggest disabled users are not
humans, try disabling javascript - javascript is usually disabled by
default with noscript.net because it's confusing when things you don't
see perfectly start moving themselves around the page.)

I strongly suggest people don't promote siteCite.com until they drop
reCaptcha.  The re should stand for remove.

Thanks,
-- 
MJ Ray (slef)  LMS developer and webmaster at | software
www.software.coop http://mjr.towers.org.uk|   co
IMO only: see http://mjr.towers.org.uk/email.html |   op


Re: [CODE4LIB] Accessible reCaptcha Was: Bookmarking web links - authoritativeness or focused searching

2009-10-01 Thread MJ Ray
Eric Hellman wrote:
 Are you arguing that reCaptcha cannot be accessible or that it is  
 incorrectly implemented on this site?

Primarily that it is incorrectly implemented.  However, I've yet to
see an implementation of recaptcha that is accessible and does not
needlessly insult users with impaired vision.  Even the one on
recaptcha.net includes the fully-abled=human insults.

 Usually recaptcha is a good example of a robot blocker that is  
 accessible to print-disabled users.

My impairments are quite mild (short-sighted with some contrast/light
problems - the photo on my website is a few years old, before I had to
wear my glasses all the time - oh vanity and laziness; and hearing
problems in one ear) but still recaptcha is a pain in the eye.  Maybe
it's worse for impaired users, than print-disabled ones like you?

 The notion that javascript cannot  
 be used in an accessible website is obsolete (it's not 2000 any more).  
 There are javascript techniques that make sites inaccessible, just as  
 there are html techniques that make the site accessible. There are  
 javascript techniques that INCREASE accessibility.

Of course there are, but surely even the most enthusiastic javascript
advocate accepts that the sites using javascript in ways that harm
accessibility far outweigh the numbers using it well today?  So, it's
reasonable if script execution permission defaults to denied and is
enabled site-by-site for now.

However, I wasn't complaining about the javascript use, just noting
that you might find it easier to start seeing the check you're a
human nastiness by switching javascript off.  View Source might
work just as well, depending on how it has been implemented.

 I've recently been learning about accessibility issues [...]

Thank you.  I wish everyone did.  I've been learning about
accessibility issues since my eyesight started to deteriorate and my
hearing was damaged.  This isn't an add-on issue for me.  It's vital
for web use.

Regards,
-- 
MJ Ray (slef)  LMS developer and webmaster at | software
www.software.coop http://mjr.towers.org.uk|   co
IMO only: see http://mjr.towers.org.uk/email.html |   op


Re: [CODE4LIB] Bookmarking web links - authoritativeness or focused searching

2009-09-29 Thread MJ Ray
Cindy Harper wrote:
 I've been thinking about the role of libraries as promoter of authoritative
 works - helping to select and sort the plethora of information out there.
 And I heard another presentation about social media this morning.  So I
 though I'd bring up for discussion here some of the ideas I've been mulling
 over. [...]
 Is anyone else thinking about these ideas?  or do you know of projects that
 approach this goal of leveraging librarian's vetting of authoritative
 sources?

The big problem with social media sites is that they tend towards
privatising our data.  Any solution needs to be both FOSS and
Open Data to overcome that.

Some of the veterans here will probably remember the ODP (dmoz.org)
and VLib.org catalogues.  Can we build on them instead of inventing
another wheel?

Thanks,
-- 
MJ Ray (slef)  LMS developer and webmaster at | software
www.software.coop http://mjr.towers.org.uk|   co
IMO only: see http://mjr.towers.org.uk/email.html |   op


Re: [CODE4LIB] Library Website Redesign Info and Project Plans

2009-09-21 Thread MJ Ray
Walker, David wrote:
 My wife really likes Web Redesign: Workflow that Works, by Kelly Goto  
 Emily Cotler.  
 
 The second edition is called Web Redesign 2.0.
 
   http://www.web-redesign.com/
   http://www.worldcat.org/oclc/57641137

I'm sure it's a fine book, but does it worry anyone else that
the book's website doesn't meet the Web Content Accessibility
Guidelines 1.0?  In particular, the chapter selector only works
with javascript execution permission.

Then again, it looks like WorldCat also fails, so they're in
good company.

Regards,
-- 
MJ Ray, member of www.software.coop Experts in web and GNU/Linux
(TTLLP # in subject emails = copy to all workers unless asked.)
Turo Technology LLP, reg'd in England+Wales, number OC303457
Reg. Office: 36 Orchard Cl., Kewstoke, Somerset, GB-BS22 9XY


Re: [CODE4LIB] best OCR package?

2009-02-03 Thread MJ Ray
Alberto Accomazzi aaccoma...@cfa.harvard.edu wrote:
 [...] I know about OCRopus but I have a feeling that 
 commercial products still have a significant edge over public domain 
 packages. [...]

OCRopus is released under the Apache License 2.0, which allows
commercial development.  It is not a public domain package.
Feel free to use it as a commercial product without fear.

Hope that helps,
-- 
MJ Ray (slef)
Webmaster for hire, statistician and online shop builder for a small
worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/
(Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237


Re: [CODE4LIB] perl recaptcha?

2008-07-01 Thread MJ Ray
Jonathan Rochkind [EMAIL PROTECTED] wrote: [...]
 And then fails. Anyone managed to do this, or have any other advice for 
 using Recaptcha from perl?

Please don't use it as a barrier on the only access route to a
service, else you will be locking out humans with vision or hearing
problems, or even simply high browser security settings.

More info: http://www.w3.org/TR/turingtest/

If you want to combat spam, there are better ways, including some
premoderation and heuristic checks of user submissions.  After all,
Recaptcha doesn't stop all human-powered spam (whether directly by a
spammer or by porn-trojans).

Hope that helps,
-- 
MJ Ray (slef)
Webmaster for hire, statistician and online shop builder for a small
worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/
(Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237


Re: [CODE4LIB] perl recaptcha?

2008-07-01 Thread MJ Ray
- Jonathan Rochkind, Johns Hopkins Univ. [EMAIL PROTECTED] wrote:
 But it doesn't look to me like a university and/or library can use 
 Akismet for free; it looks like it might be $25/month ($300 a year), 
 which is a bit steep.  But I'm not certain; anyone know if a university 
 library can maybe in fact use it for free?

I'm not sure.  I couldn't use it for free on my commercial sites.
This is part of the reason why I'm glad antispam.typepad.com launched,
which is free for commercial use.  It claims to be 100% API compatible
with Akismet, so just switch the URL in the new() call and it should
start working.

Hope that helps,
-- 
MJ Ray (slef)
Webmaster for hire, statistician and online shop builder for a small
worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/
(Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237