Monthly Archives: December 2008

Quick update to Security 2.0 post

Reading through Bill’s comment on my previous post, I was reminded that I meant to tell you all about a very cool, and very related, compendium of information that the folks at the MuniGov 2.0 organization have compiled. The Web 2.0 Security page is basically an annotated collection of reports and “thought pieces” from all over the web, put together and given to us for free! There are positive and negative pieces included – you can read through them and make up your own mind, but as Bill so nicely stated in his comment – our job as IT people is to *support* business use, not stand in the way of our internal customers as they try to do their jobs. If we can do that and maintain security, we’re golden!
Update to the update – I just found a link (via the privacyala Twitter account to an article on Facebook & privacy. The sentence that makes it relevant to this post is:

Policymakers cannot make Facebook completely safe, but they can help people use it safely.

I’m headed off to read the article now, but thought I’d post a quick update here first, to let others know about it!

The first of my reviews is up!

For those who haven’t heard about it, Rachel Singer Gordon has started a new review service for libraries that focuses on Computer books & topics. The Tech Static is a resource for anyone who buys computer or technology books for libraries. I am one of the reviewers, and my first review, for The Productive Programmer is now up! Enjoy!!

Your Web 2.0 App is a Security Threat

Read/Write/Web today has a story on the dangers of Web 2.0 behind the firewall. They are profiling a company called FaceTime that gives IT departments a way to add web application scanning to their network. Most IT departments do some scanning, at least at the firewall, for malicious applications and sites, but few do any kind of searching for web applications (think Facebook apps, Google’s Team Sites, unsupported IM capabilities, etc.). This company is offering a way to do that. RWW’s take on the matter, in the post Your Web 2.0 App is a Security Threat – ReadWriteWeb is:

Of course, when users become their own I.T. department, they’re unknowingly introducing inherent risks into the previously hardened network infrastructure. Just because a web app is easy to operate, that doesn’t make it safe and secure for enterprise use. As users upload and share sensitive files through these unapproved backchannels or have business-related conversations through web-based IM chatrooms, they might not only be putting their company’s data at risk, they could also be breaking various compliance laws as well.

And this is completely true. The problem isn’t really with the apps, though, it’s with IT departments that refuse to allow *safe* networking practices in their networks. User education, coupled with some monitoring of public sites for confidential information, along with sanctions for misuse of Web 2.0 tools (after the users are educated on proper use, of course) can make Web 2.0 apps part of the IT infrastructure and, consequently, much safer than if the users are off in the “wild west” of web applications, doing things themselves.
I’ve been working on a Tech Report for ALA discussing just how to use these Web 2.0 tools to collaborate with others – and one of the issues that I discuss is the fact that these are publicly facing tools with risks for unintentional leaks of data or confidential information. If your IT department is on the ball and willing to work with you, however, those leaks can be stopped and all of your data can be kept safe – even while you are using these tools to their best effect.
Want more about this? You’ll have to buy the Tech Report next year… until then, however, educating your IT department about the benefits of Web 2.0 applications in the organization will really help to make these things available – in a sanctioned way – for you!

Native Tasks in Gmail!

Gmail now has a native task manager, if you go to the “labs” area of Gmail and turn it on. Once you click on that little green bottle at the top of your regular Gmail account (this is not something that is available to us as “enterprise Gmail customers” yet – BOO!!), you can see the tasks option on top. Enable it, refresh Gmail and find the Tasks link under the Contacts link on the left side of your screen. Click it and a handy little box pops up that allows for entry of tasks – with indenting – and basic task management capabilities. You can also automatically add an email as a task, with a link to that email included under the task’s title as “related email”. That is pretty cool!!

What if…

Check out this slide deck from Razorfish on “What if Amazon & iTunes were to use Facebook Connect” (explanation of FB Connect on slides 1-10, imagination starts on slide 11).

Ok – that’s interesting enough – but what if libraries hooked into FB Connect? What sort of things could we do with the information in people’s profiles to “personalize” their experience on our websites? I imagine a lot of the suggestions for Amazon would be applicable to libraries, but surely we could think of other ways to use that Facebook data, too!