The afternoon sessions of the symposium were conducted by real people (not that vendor representatives aren’t real, but you know what I mean) and were far more helpful than the morning sessions (the keynote being the exception). First, I went to MORENet’s presentation on securing IIS 6 and Windows 2003. Steve Massman (a former co-worker of mine) ran through the basic steps to secure and maintain a Web server on Windows 2003. The logging information – tools and techniques to get logs out of the “standard” paths and into your email so that you actually look at them occasionally – was particularly helpful.
I missed the next session because I was deep into conversation with a gentleman getting ready to switch to Exchange. He was watching me check my work email via the web browser on my phone and had LOTS of questions about what all was included in the Exchange Server package.
The last session of the day was amazing. The session was titled Security Awareness, a subject that has been coming up repeatedly for me in the last few weeks and one I definitely wanted to attend. The session began with a discussion of why we should be stressing security awareness (and the recent publicity around Megan Meier’s death was brought up and used as an example here and throughout the session) at the earliest age possible. Our job, as Internet Citizens, is to make sure that young people are aware of everything from traditional malware (viruses, spam, etc.) to digital stranger danger to porn to cyber-bullies and how to combat/stay-away-from each of them. To help us do our jobs, the session included LOTS of resources for security awareness (look for them in an upcoming Security Awareness post) and a CD of even more resources.
After that session, my brain hurt, so I said goodbye to a few people and left for home, ready to curl up in my recliner, play WoW and not think for a good few hours…
Author: Robin
The morning sessions of the security symposium were pretty vendor heavy. I did get to see a pretty cool demo of Cisco’s video surveillance product, but other than that, it was all vendors, all morning. The keynote, which came during lunch, however, was absolutely wonderful. Lawrence Baldwin talked about his work with myNetWatchman and the products he’s making available to the security world, namely secCheck (there were others, but this one particularly caught my eye). I’ve used secCheck before, but not really in a formal way, so hearing about how he developed it, uses the information garnered from it and helps catch criminals with it was pretty darn cool. He also discussed his home set up, using a custom designed, multi-drive system he calls the TeraTivo. That was wild! He then segued into some of the work he’s done, giving examples of a church’s computer that got infected with a keylogger so that everyone who called in a donation (and skipped the scary, insecure internet donation button) got their information stolen anyway and how criminals use a sort-of proxy (2 layers deep) to keep law enforcement from finding them easily. That got him talking about the issues with cybercrime laws and how they are weak enough to discourage prosecution, strong enough to falsely convict the innocent and can easily become another tool for criminals.
Finally, he said that the weakest link in any security system is the millions of poorly secured systems in homes and small offices around the world. The infrastructure can be secured and core computing resources hardened, but as long as there are people out there who still don’t realize that clicking on links you don’t trust (and even some that you do) can be dangerous, the Internet will never be secure. 
Last night, I attended MORENet’s Security Symposium opening reception in Columbia, MO. Besides the good food and preview of the vendor’s information, I also got to chat with some of my peers from around the state. I found (and latched onto) the only other library representative from MO – the Hannibal library district – and formally met some of the MORENet folks who sign those very important security emails. I also managed to be sitting at the table that the keynote speaker, Lawrence Baldwin from MyNetWatchman, sat down at. MyNetWatchman is Internet security software that does more things than I can possibly mention in this post. The idea behind the software and service is interesting, though:
The primary issue in internet security is not that hackers troll the Internet, but rather that the Internet is chock full of insecure systems which are easily compromised, providing means for hackers to perform untraceable, indirect attacks. The only profound way to improve Internet security is to reduce the number compromised systems and minimize the amount of time that a system remains in a compromised state.
While doing the social chatting thing (I was telling him about my son’s love for WoW – without mentioning my own…) we began talking about MySpace security. Apparently, many MySpace users (make that many, many, many MySpace users) use a predictable pattern to their passwords that make them pretty easy to guess. I would guess that this extends to pretty much any password-driven site, not just MySpace. We also talked about computer users and their security awareness. While most (even hard-core geeks) don’t really understand safe Internet usage, more training in this area can’t hurt. Even casual computer users should understand the basic guidelines to surfing the ‘net and – more importantly – know when to ask someone if the email/site/IM message they are reading/surfing is legit.
Today is more of the security symposium – I’ll write about all the fun things I’m learning during the sessions later!
After receiving an email from the bookmobile department, stating that one of the routes the bookmobile was scheduled to go on has been canceled, I dutifully added the information to MRRL’s twitter feed. This got the info out to our twitter followers, on the front page of MRRL’s website and probably in a few other places that I’ve forgotten I’ve stuck the feed (oh, the joys of reuse!!). This got me thinking. There has to be a way to send an email out and have it automatically grabbed and posted by twitter, right? Yes, there is! The code, for you hackers out there, is the MailTwitterPHP script which, though written in PHP, is intended to be used as a shell script that runs occasionally via cron (or Windows scheduler) and picks up all mail to a specified mailbox and posts it to the indicated twitter account. All very cool, and something I may set up if I ever get around to getting multiple twitter accounts for MRRL, but for now, I wanted something easy.
Enter TwitterMail – the service that does the heavy lifting of setting up the script/scheduling and lets you just enter in your twitter account details, gives you a secret email address and you are done. A quick, easy solution!! I’ve already emailed the address off to the bookmobile supervisor and relieved myself of one more thing I have to remember (or be here) to do!
Microsoft has a new beta product out that seems pretty nifty. The MS SharedView Beta offers a way to share your desktop (and provide handouts) to up to 15 other computers at a time. It requires a Windows Live ID (oh, if only I could have used OpenID for this one, too…) which is actually pretty painless to get. It’s just another user/pass combo that I’ll have to remember. I downloaded and installed it pretty quickly and painlessly – it doesn’t require a lot of time or effort to get it going.
I don’t know of anyone else who is using the software right now – but if you are, I’m ready and willing to play with it. Email me at robin.hastings at gmail.com to set something up!
I just learned about a really nifty service on the web called ClaimID. It operates as both an OpenID provider and as a way for your to “claim” your online identity. Enter your URLs (or use the handy bookmarklet) for your various social website pages (MySpace, Facebook, Flickr, del.icio.us, etc.), articles you’ve written, blogs you read/write and any other information about you that you would like others to know about. You can even claim information about yourself that you don’t necessarily want people to misinterpret – each claimed URL can be annotated with any information you want to give about it. I’m currently adding all of my social sites, articles and “stuff” from around the web into it now.
One of the coolest parts of the claiming process, in my opinion, is the fact that you can designate things as being “about you – by you”, “about you – not by you”, “not about you – by you” or you can “describe it your way” instead. It gives you very granular control of what the various pieces and parts of your identity that are on the web mean. You can also group items that you add. Currently I have “My Links” (the default group) and “My Articles”, but I may start adding in stuff like “My Mailing List Answers” or “My Presentation Information”.
The OpenID part of it is also pretty interesting. You can use your ClaimID url as an OpenID username anywhere that accepts OpenID, or you can use your blog’s/website’s URL by adding in a bit of code to that site. Services like this could make OpenID take off – which would be incredibly cool!
If you join up with ClaimID and want to be my contact, my ClaimID url is http://claimid.com/robinhastings – see you there!
Web Worker Daily has run a couple of pieces on marketing your “personal brand” in the past, but just before I left for California, they ran another post that gives “3 Rules of Self-Marketing” (with links to their previous posts on marketing yourself in that post). This one offers 3 fairly simple rules (not particularly easy, but fairly simple) for promoting yourself in your field. The basics are:
- “Knowing how to market yourself will do more for your earnings and reputation than becoming better at what [you] do.â€
- “Start now.â€
- “If you have an exceptional talent, market yourself through exceptional means.â€
There is more on each of those at the actual post, I’ll let you click through to read them if you want, but I also want to add on to those bits of advice.
Blogging is a great way to “get your name out” on the web, but it’s just the tip of the iceburg. It’s kind of like having a Web 1.0 website – you expect everyone to come to you, and – for the most part – they won’t. People are busy doing other things on the web and unless they just happen to stumble upon your site, they aren’t going to be visiting it on any kind of regular basis. You have to go where your users (or potential blog readers) are, just like we do in our Web 2.0 sites. Contributing answers in mailing lists, posting in forums, joining social networks and participating in them are all ways to both help others and get your message out to people who otherwise wouldn’t run across your site at all.
If the idea of following and contributing to a bunch of mailing lists and forums isn’t your cup of tea, publishing – even in local or small circulation formats – is good, too. Everything from local newsletter articles about something you do or are good at doing, at least, to peer-reviewed scholarly journal articles are ways to get the message about how freakin’ great you are out to the masses. The chances of your blog being the topic of conversation at dinner (excepting the Annoyed Librarian, of course) are pretty slim – you have to let people know what you have done if you want them to get interested in what you are doing and reading your thoughts about it besides.
Note: Before we get into this whole process, I’d like to state that I was doing this on a Windows/IIS 6 machine with a less-than-ideal version of PHP. This is the source of my problems that I ran into while installing this – but if you are thinking of using Scriblio on a Windows machine with an older version of PHP, this might just help you out!
I went to the IL conference and attended Casey Bisson’s talk on Scriblio, the open-source, social overlay to the OPAC. During that conference session, he installed, configured, imported and themed a working implementation of Scriblio in 11 and 1/2 minutes. This was incredibly cool – and it got me to thinking. I’m pretty comfortable with WordPress and, from what I could tell, Scriblio does a LOT of what III’s (very expensive) Encore product is promising to do. With those two things in mind, I decided to try my hand at getting Scriblio to work for my library.
I started Monday morning – got the base WordPress install and the Scriblio plugins up and running (check the scriblio site at http://about.scriblio.org for step-by-step instructions on a lot of this – I’m only detailing fixes for my particular situation). I started to try to import the records from the III catalog at the library, but ran out of time before I had to take off for my split shift. Once I got back to the library at 5pm, I started in on the importing again. After some trial and error, I finally figured out the bib numbers that we use (basically doing searches on the catalog and grabbing some numbers at random from that…) and got some records into the database. When I tried to view them, however, I got a lovely fatal error saying that “array_intersect_key” was not a supported function for my version (5.0.4) of PHP. A bit of digging around showed me that this particular function is only supported on versions of PHP 5.1 and higher. More digging around, however, gave me a workaround function (very first comment on the array_intersect_key function page) that I put at the top of my scriblio.php page in the scriblio plugin folder. Once this was in place, the OPAC began to show up properly.
Sort of. I had an OPAC, but no records, none of my widgets were showing up – it was pretty blank looking. I went to Manage –> Posts and found my posts – unpublished. Even after going to the importer and publishing them, however, they still showed as unpublished. This is when I tried searching for one of them. It came right up! Apparently the unpublished status was a lie!! But – my widgets still didn’t work. I checked my permalink settings and adjusted them and tried it again. Now my widgets mostly worked. I’m still not showing a Tag Cloud on any page, my subject facet goes from list format to cloud format somewhat randomly and availability data doesn’t seem to be showing up, but this is all possibly because I’m using an old version of PHP when a new version is required.
The base of the matter is, however, that even with a non-standard set up (oh, what I would give for a single LAMP server…) I was able to take the instructions, install the files, do some bug-hunting, fix those pesky bugs (mostly) and have a working (and workable) version of Scriblio on my server in about 2 hours. I even have a comment!! Ok. That’s me. But still…
The last part (1 and 1/2 hours) was on the PCC desk with constant interruptions – it would probably have gone faster but for that. I’ll continue working with the new catalog interface and will post here when it’s ready for prime time!
While spending my Saturday morning working the PCC desk, I also managed to churn through the vast majority of the tech blogs that I’d been neglecting for the past couple of months. I found 2 articles on the Vitamin site that I wanted to comment on, so I’m including them both (despite them being about vastly different topics) in one post for my own convenience.
The first one I came across was an article that explains OpenID pretty clearly. It gives a nice introduction to it, but also gives some responses to criticisms of it – such as the ‘single-point-of-failure’ issue. If you log into all of your web services with your OpenID, you can lose all of your data when/if your OpenID gets hacked. Peter (the author) pointed out that most of us already have that sort of vulnerability – in our email. If you forget your password, where do most services send it? All someone has to do is hack your email account and they’ve got the ability to get most, if not all, of your other accounts’ information. OpenID is something I’ve certainly blogged about before (though those posts may be lost forever… I’m not doing a good job of grabbing them!) but I wanted to point to this article simply because it does the best job of taking potential vulnerabilities of the OpenID system and addressing them.
The comments also bring up other issues with the system (requirement to still enter information such as email into each service you use, regardless of your use of the OpenID login and lack of mainstream sites accepting OpenID yet were two biggies) and the author does respond to those as well. I’d love to use the OpenID system at the library – but right now I don’t have control of about the only thing that users sign into – the catalog. Once we get more personalization/user profiles/whatnot into our main site, the OpenID system will definitely be one I implement to help our more tech-savvy users log in easily and quickly.
The other article in the recent issues of Vitamin that I wanted to comment on was a description of a Design Description Document (DDD) that uses PowerPoint (or Keynote or some other presentation software) as it’s base format. The idea is to put a wireframe or storyboard for each interaction/task that the user might undertake on your site into a single slide in the DDD deck. Notes and use cases would be sprinkled throughout the document as well – giving everyone (boss, designers/coders and anyone else who is associated with the site) pretty much everything they need to evaluate the design of the site. Robert, the author, explains the process pretty clearly, so I won’t, but I did want to point out that he also provides templates of his system in both PowerPoint and Keynote formats – and encourages anyone using a different presentation system to submit templates in that format.
It’s always interesting to see how other people work and create their deliverables for clients and/or bosses, even if I don’t end up adopting techniques wholesale, there are always good ideas that can be drawn from them to use in my own processes. This technique seems to have a few good ideas I might steal!
Michelle Boule has collected all 17 (so far) bloggers who have confessed to being the Annoyed Librarian. If I weren’t the Annoyed Librarian myself, I’d be rather impressed with John Blyberg’s attempt to steal my glory…