You are here

Feed aggregator

Jonathan Rochkind: “Harvesting Government History, One Web Page at a Time”

planet code4lib - Fri, 2016-12-02 22:50

http://www.nytimes.com/2016/12/01/nyregion/harvesting-government-history-one-web-page-at-a-time.html

With the arrival of any new president, vast troves of information on government websites are at risk of vanishing within days. The fragility of digital federal records, reports and research is astounding.

No law protects much of it, no automated machine records it for history, and the National Archives and Records Administrationannounced in 2008 that it would not take on the job.

“Large portions of dot-gov have no mandate to be taken care of,” said Mark Phillips, a library dean at the University of North Texas, referring to government websites. “Nobody is really responsible for doing this.”

Enter the End of Term Presidential Harvest 2016 — a volunteer, collaborative effort by a small group of university, government and nonprofit libraries to find and save valuable pages now on federal websites. The project began before the 2008 elections, when George W. Bush was serving his second term, and returned in 2012.

It recorded, for example, the home page of the United States Central Command on Sept. 16, 2008, and the State Department’s official blog on February 13, 2013. The pages are archived on servers operated by the project, and are available to anyone.

The ritual has taken on greater urgency this year, Mr. Phillips said, out of concern that certain pages may be more vulnerable than usual because they contain scientific data for which Mr. Trump and some of his allies have expressed hostility or contempt.


Filed under: General

District Dispatch: Libraries work toward #CSForAll during CS Education Week

planet code4lib - Fri, 2016-12-02 20:30

When this year’s Computer Science (CS) Education Week launches on Monday, December 5, we will celebrate the progress of CS and coding organizations, tech companies, youth-serving organizations and school and public libraries over the last year to help youth gain access to CS Education and develop computational thinking skills. Libraries are also active in developing coding programs for youth and through our Libraries Ready to Code project, we will be highlighting some of what we’ve learned throughout the week.

Computer Science Education Week is December 5-9, 2016

Why are we excited to take part in CS Education Week? While much of the national conversation about CS and coding centers around the K12 classroom, research shows that there are gaps in what’s available across the country and barriers preventing some kids from participating when there are options in school. We also know kids learn throughout the day, in and out of the classroom, on their own, with peers and in informal spaces like the library. Libraries can increase exposure to coding, inspire kids to explore their personal interests enhanced through coding, and help break down barriers to entry among certain groups – youth of color, low economic background and girls – who remain underrepresented in tech fields.

Why should we all be talking about libraries and coding? Libraries provide technology access, have trained information professionals and offer rich informal learning programs for youth. Libraries partner with community organizations and individuals who can bring their expertise into the library; in turn, librarians can go out into their communities to bring their programs to where the kids are. With more jobs coming from the tech sector than any other field, specifically those that include coding and require computational thinking skills, libraries are poised to help prepare youth for college and these emerging careers. Libraries Ready to Code can give a head start to kids in their communities.
Ready to Code? Here’s a taste of what you can expect next week:

  • Follow along all week using the #CSForAll hashtag.
  • Share what you do in your library using #ReadyToCode and @youthandtech.
  • Read a blog post or two and comment on the District Dispatch
  • Participate in the Libraries Ready to Code tweet chat Thursday, December 8 from 3:00-4:00 eastern time
  • Check ALA social media channels for an exciting announcement

Read about #CSForAll and check out this year’s call to action!

The post Libraries work toward #CSForAll during CS Education Week appeared first on District Dispatch.

DPLA: Mapping the Future of DPLA and Library of Congress Collaboration

planet code4lib - Fri, 2016-12-02 19:52

As we announced earlier this week, we are excited and honored to welcome the Library of Congress as the newest member of the DPLA network. As a Content Hub, the Library of Congress will make a significant portion of its rich digital collections discoverable in DPLA, beginning with a series of 5,000 historical maps and eventually including a broad array of materials including images, music, and more.

DPLA Executive Director Dan Cohen, Board President Amy Ryan, board member Mary Minow, and former board member Laura DeBonis traveled to Washington, D.C. to meet with Librarian of Congress Dr. Carla Hayden as she signed the agreement Tuesday. While there, Cohen, Ryan, and Minow were treated to a behind-the-scenes look at a selection of the maps that will soon be available to all in DPLA alongside treasured historical resources from libraries, museums and historical societies across the country.

Hayden showed Cohen A plan of my farm on Little Huntg. Creek & Potomk. R., dating to 1766, which is part of the Library’s Revolutionary War map collection. That “farm” was Mount Vernon and the surveyor who created this map was George Washington.

 

A Library of Congress staff member introduces a 1776 reconnaissance map showing entrenchments at Princeton, NJ map to Ryan, Hayden, and Minow during their visit.

 

The DPLA team and Dr. Hayden took a look at a bird’s eye view of the Gettysburg Battlefield, part of the Civil War maps collection, soon to be accessible in DPLA.

 

This week’s partnership agreement represents a first step in what we plan to be a long term and multifaceted collaboration with the nation’s library. DPLA will offer the public – from students, to family researchers, to scholars – even more avenues through which to discover, explore, and use not only maps, but a diverse array of the Library of Congress’s unique collections.

Photos courtesy of Library of Congress.

Mashcat: Registration open for the 24 January 2017 Mashcat event in Atlanta

planet code4lib - Fri, 2016-12-02 19:48

We are excited to announce that registration is now open for the second face-to-face Mashcat event in North America, which be held on January 24th, 2017, at Georgia State University in Atlanta, Georgia. We invite you to view the schedule for the day as well as register at http://www.mashcat.info/2017-event/. We have a strict limit on the number of participants who can attend in person, so register early!

The event will also be streamed as a free webinar, so if you cannot attend in person, registration for the webinar will open in January.

If you run into any issues with registering, you can email gmcharlt AT gmail.com.

Cynthia Ng: Code4libBC Day 2: Lightning Talks

planet code4lib - Fri, 2016-12-02 19:35
Day 2 of Code4libBC lightning talks! A Coal Miner’s History: Mapping Digitized Audio Interviews (Daniel Sifton) digitized audio interviews of coal miners need to build support and resources for class use built tool to visualize distribution of subjects in d3 maps of base locations using mapping tool and a lot of CSS with student summaries … Continue reading Code4libBC Day 2: Lightning Talks

District Dispatch: Be “more library” than ever

planet code4lib - Thu, 2016-12-01 22:52

In trying to make sense of the election results, a lot of people – including librarians – have wanted to “do” something to preserve democratic values. Increased civic engagement and advocacy is perhaps the obvious way to “do” something, but it is not effective unless many people are engaged, have a shared message and get off the couch. The March on Washington, Take Back the Night and peaceful Vietnam era “end the war” demonstrations are prime examples of what mobilization can achieve, but does today’s public really have the willpower and enthusiasm to take collective action? Or can we take baby steps as librarians to incrementally make a difference? 

One thought is to be “more library” than ever. You are at work anyway so it’s not really a big lift, right? Being more library means ensuring and increasing access to information for all people; building the digital and physical infrastructure to use technology to enhance learning and creativity; defending freedom of speech, intellectual freedom, and fair use; and protecting the very notion of sharing.

Here’s a great example of being “more library.”

The Wayback Machine of the Internet Archive, founded by Brewster Kahle, was mentioned on The Rachel Maddow Show last Tuesday. The Wayback Machine with its stored web page history was used by Rachel to uncover statements that Alabama Governor Bentley — embroiled in a sex scandal — now swears he never said. When Bentley’s longtime security chief Wendell Ray Lewis revealed details of the scandal for the investigation, he was terminated and filed an unlawful termination suit. The Governor said that “all of the outrageous claims” made by Lewis were “based on worn-out internet rumors, fake news and street gossip.” The Wayback Machine proved otherwise. (One could say that the Wayback Machine revealed “pre-truth.”) By archiving the nation’s web history, Kahle continues to advance the mission of libraries (aka “more library”), and it makes a difference every day.

Now Kahle is seeking funds to make an archived copy of the Wayback Machine and store it in Canada to protect its existence.

Kahle said “On November 9th in America, we woke up to a new administration promising radical change,” writes founder Brewster Kahle. “It was a firm reminder that institutions like ours, built for the long-term, need to design for change. For us, it means keeping our cultural materials safe, private and perpetually accessible. It means preparing for a web that may face greater restrictions. It means serving patrons in a world in which government surveillance is not going away; indeed, it looks like it will increase.”

No matter what political party a librarian may be affiliated with, librarians believe in the fundamental tenets of librarianship (which look a lot like the fundamental tenets of our democracy). We all want fairness, public access to information and preservation of the cultural record. We know that libraries matter more now than ever before. My hope is that we will take this opportunity to shine, to protect the public interest and to really be “more library.”

The post Be “more library” than ever appeared first on District Dispatch.

Cynthia Ng: Code4libBC Day 1: Lightning Talks

planet code4lib - Thu, 2016-12-01 21:33
Lightning talks from the first day of Code4libBC. Provincial Digital Library Update (Daniel Sifton/Caroline Daniels) Looking at what others have done * DPLA: gave presentation at code4lib portland about old system. New system based on PostgreSQL, Solr, Ruby-driven… * testing with VM using vagrant, ansible, elasticsearch, solr, ruby, rail console * Supplejack: 2nd generation platform, … Continue reading Code4libBC Day 1: Lightning Talks

District Dispatch: CopyTalk webinar rescheduled

planet code4lib - Thu, 2016-12-01 19:24

 

The Thursday, December 1 CopyTalk webinar has been rescheduled for Thursday, January 5.

Due to technical difficulties, today’s CopyTalk webinar on the Section 108 video project has been rescheduled for January 5th at 2pm Eastern/11am Pacific. The URL for the rescheduled webinar is the same:

http://ala.adobeconnect.com/copytalk/

For additional details about the planned webinar, please check out our previous post.

The post CopyTalk webinar rescheduled appeared first on District Dispatch.

Cynthia Ng: Code4libBC Presentation: Getting Things Done: Discovering Efficiencies in Workflow

planet code4lib - Thu, 2016-12-01 19:19
This lightning talk was presented at Code4lib BC 2016. For a copy of the slides, please see the presentation on SpeakerDeck (also below) or the version on GitHub. Context When I first started working in libraries, I did a lot of my work by myself. Certainly, I consulted other people that had an impact on … Continue reading Code4libBC Presentation: Getting Things Done: Discovering Efficiencies in Workflow

Library of Congress: The Signal: Wisdom is Learned: An Interview with Applications Developer Ashley Blewer

planet code4lib - Thu, 2016-12-01 19:04

 

Blewer at the Association of Moving Image Archivists Conference, 2016

Ashley Blewer is an archivist, moving image specialist and developer who works at the New York Public Library. In her spare time she helps develop open source AV file conformance and QC software as well as standards such as Matroska and FFV1. Shes a three time Association of American Moving Image Archivists’ AV Hack Day hackathon winner and a prolific blogger and presenter who is committed to demystifying tech and empowering her peers in the library profession.

Describe what you do as an applications developer at the New York Public Library.

We have a lot of different applications here but I work specifically on the repository team and our priority right now is digital preservation and automated media ingest. So my day to day involves working on several different applications. We run different applications that run into each other — sets of microservice suites. I’m the monitor of these pipelines, getting images that have been digitized or video that has been digitized through to long-term digital preservation as well as enabling access on our various endpoints such as digitalcollections.nypl.org and archives.nypl.org. This involves communicating with other stakeholders, communicating with developers on my team and writing code for each of those applications, doing code review and pushing that live to the different applications… It’s very much a full stack position.

The job is more unique on my team because we work on such a broad array of applications. What I find exciting about this job is that I get to touch a lot of different types of code in my day job and I’m not just working on one application. Right now I’m working on dealing with a couple bugs related to associating URIs to subject headings in our metadata management system. Sometimes the application doesn’t work as it should so I do bug fixes in that regard. Some things that I will be working on this week are integrating a connection between our archives portal displaying video live within it rather than linking out to a different website, automating audio transcoding from preservation assets, and contributing some core functionality upgrades to our Digital Collections site. Recently something that I did that was more access-based was we migrated our display of video assets from a proprietary closed-source system to an open-source rendering system.

We follow loosely an agile planning system. Right now we meet weekly because our priorities are very vast and they’re changing pretty quickly, so every Monday we meet with stakeholders and we talk about all the things we need to tackle over the week and what needs to be done and then we get to work. There’s around 16 total developers at NYPL but my team has three.

I was playing with some of the apps youve made, and Im fascinated with the Barthes Tarot and the Portable Auroratone. Could you walk me through your creative process for these?

A card from the Barthes Tarot app.

These are good examples because they’re different in the sense that with the Barthes Tarot I was reading Barthes’ A Lover’s Discourse and thinking about how I could potentially use that in a randomized way to do fortune telling for myself. This is almost embarrassing, right, but maybe someone [would want to use it] to try to solve a romance-based problem, like getting their fortune told. I originally wanted to map it to I Ching, which was something that Barthes and other philosophers were interested in, but it ended up being too technically difficult, so I got lazy and downgraded it to tarot. And then I knew I could put this together by doing a random draw of the data and just pull that out. Technically it ended up not being too difficult of a problem to solve because I made it easier.

The Portable Auroratone is the opposite in that I found a [software] library that automatically generated really interesting colors and I wondered how I could use it in some sort of way. I thought about the Auroratone I had seen at some symposium [ Orphan Film Symposium 8, 2013 ] six years ago and I thought “Oh, ok, it kind of looked like that,” and I turned it into that. So one of these apps was me having a philosophical dilemma and the other one was me having a technical library that I wanted to integrate into something and I had to mesh an idea with that.

I get a lot of compliments on Twitter bots like @nypl_cats and @nypl_dogs which I also just made very quickly as a one off. I did that while I was finalizing my paperwork to work here, actually. I thought if I’m going to get this job I might as well learn how to use their API. The API is something else that I work on now so I was familiarizing myself with this tool that I will eventually push code to support.

You constantly share what youre learning and advocate for continued learning in our profession through your blog, presentations, etc.  How do you find the time to share so prolifically and why do you think its important to do so?

Yeah, I just came back from AMIA and I do really remember when at conferences why I do these things. As far as the first part of where I find the time, I don’t know, but I have been reflecting on how I’m maybe naturally introverted and this is something that I do to ramp up my own energy again, by working on something productive. Where other people might need to be out drinking with friends in order to chill, I need to be alone to chill, so it gives me more time to spend building different applications.

How do I summarize why I think this is important? I think about the positions I’ve been at and how I’ve thought about how I get to where I want to be and if those resources don’t exist then someone needs to build them. It’s so crucial to have a mentor figure in place to help you get to where you want to be and allowing people to discover that, especially related to technical issues. People just assume that the work I do in my day job now is much harder than it actually is, so if I can lower that barrier we can have more people learning to do it and more people can be more efficient in their jobs. Overall I think educating and empowering people helps the field much more substantially than if people are doing it alone in silos.

Can you talk about your career path to becoming a web applications developer?

I went to undergrad not really knowing what I wanted to do. I went to a state school because it was almost free and graphic design was the most practical of the art degrees you could get, and in a lot of ways librarianship is a practical advanced degree that people get as well. Coming to the point that I am now which is in a very technical role at a library I sort of see what I was doing as a response to the gendered feedback that I’d grown up with. I wrote an article about this before – where I didn’t necessarily feel comfortable studying something like computer science but then graphic design was still very computer- focused, technically-focused that was maybe more “appropriate” for me to do. I was encouraged to do that as opposed to being discouraged from doing something that I was already good at, which would have been something like computer science.

What skills do digital librarians and archivists need? Is learning to code necessary?

A lot of people are getting on board with learning to code and how everybody has to do that and I don’t necessarily feel that’s true, that’s not everyone’s interest and skill set, but I do think having an understanding of how systems work and what is possible is one hundred percent required. Light skills in that regard help people go a long way. I think that – and this is echoed by people similar to me – once you realize how powerful writing a script can be and automating dull aspects of your job, the more that you’re inclined to want to do it. And like what I said earlier – the more efficient we can be the better we are as archivists.

You do so much to contribute to the profession outside of your work at NYPL as well- contributing to open source formats and workflows, sharing resources, building apps. How do you find time for it all and what else do you want to do?

I feel like I waste a lot of time in my down time. I feel that I’m not doing enough and people are like “How do you do so much?” But there’s so much work to be done! As far as what I want to do,  I don’t know, everything I’m doing right now. Maybe I’m like a child that’s still feasting on an endless amount of candy. Now I have these opportunities that I’ve wanted to have and I’m taking them all and saying yes to everything.

A lot of what I do may be considered homework. As a developer, the way to get better at developing is purely just to solve more development problems. Making small applications is the only way to boost your own skills. It’s not necessarily like reading OAIS and understanding it in the same way you might if you were an archivist doing archivist homework. [Referencing graphic design background] The first design you do is not going to be good so you just do it again and you do it again and it’s the same thing with programming. One of the things I try to articulate to archivists is that programming kind of hurts all the time. It takes a really long time to overcome, because yeah, in school, you read a book or you write a paper and you’re expected to produce this result that has to be an A. With programming you try something and that doesn’t work and you try it again and you try it again and you think “Oh I’m so stupid I don’t know what I’m doing,” and that’s normal. I know this about myself and I think that’s the hardest thing to overcome when you are trying to learn these skills. It’s refreshing that even the smartest senior developers that I work with who are just incredible at their jobs all the time, still will pound the desk and be like “I’m so stupid, I don’t get this!” Knowing that’s a normal part of how things get done is the hardest thing to learn.

I’m happy to constantly be failing because I feel like I’m always fumbling towards something. I do think librarians and archivists tend to be people that had very good grades without too much effort, moving forward in life and so as soon as they hit a wall in which they aren’t necessarily inherently good at something that’s when the learning cuts off and that’s when I try to scoop people up and say “Here’s a resource where it’s ok to be dumb.” Because you’re not dumb, you just don’t have as much knowledge as someone else.

What do you want to do next?

Closed captioning is one of the big problems I’m excited about solving next within NYPL or outside of NYPL, whichever. If you don’t have it and you have 200,000 video items and they all need closed captioning to be accessible how do you deal with that problem?

What are five sources of inspiration for you right now? 

Recompiler: Especially the podcast since I listen to it on my commute, it’s such a warm introduction to technical topics.

Halt & Catch Fire: Trying to find another thing to watch when I am sleepy but I really just only want to watch this show. The emphasis on women’s complex narratives and struggles/growth within this show is unlike any other show I’ve ever watched.

Shishito Peppers: Dude, one in every ten are hot! I thought this was a menu trying to trick me but turns out its true! I like the surprise element of snacking on these.

Godel, Escher, Bach: I feel like this is the programmer’s equivalent of Infinite Jest. Everyone says they’ll read it one day but never get around to it. It’s such a sprawling, complex book that ties together patterns in the humanities and technology. Anyway, I am trudging through it.

AA NDSR Blog: So inspiring to read about the work of emerging professionals in the field of a/v digital preservation!

 

District Dispatch: New Lifeline broadband subsidy to be available 12/2—but options limited for now

planet code4lib - Thu, 2016-12-01 19:00

Starting December 2, new rules adopted by the Federal Communications Commission (FCC) governing the Lifeline program for low-income consumers will go into effect. Most significantly, the program subsidy may be applied for the first time to standalone broadband offered by eligible telecommunications carriers (ETCs) or Lifeline Broadband Providers (LBPs). It is important to note, however, that no new LBPs have been approved yet, and ETCs may seek forbearance from these rules. For this reason, there may be few available Lifeline-eligible broadband options to low-income consumers in the immediate term.

Starting December 2, the Lifeline subsidy may be applied to standalone broadband.

Lifeline advocates (including ALA) continue to work with the FCC, the Universal Service Administrative Company (USAC) that administers the Lifeline (and other universal service programs like E-rate) program, and internet service providers to increase the available options and public awareness of these options. The most current information available for consumers about the program, eligibility and how to apply is available at www.LifelineSupport.org or by calling 888-641-8722 Ext. 1 or emailing LifelineSupport@usac.org for help.

For additional background, librarians and other digital inclusion advocates can review a recent archived USAC webinar, as well as read more about the program and recent rule changes here and here.

While not specific to the Lifeline program, non-profit EveryoneOn provides an online portal to explore low-cost broadband, low-cost devices and digital literacy training options by zip code, which is another resource librarians may share with patrons: www.EveryoneOn.org.

Stay tuned! Lifeline advocates are looking to spring 2017 to boost Lifeline awareness after more options have been added and new resources and information are available to help low-income people find the best service for them. We’ll keep you posted as we learn more.

The post New Lifeline broadband subsidy to be available 12/2—but options limited for now appeared first on District Dispatch.

LITA: Submit Your Nomination for a LITA Award

planet code4lib - Thu, 2016-12-01 17:00

Did you know that LITA co-sponsors three different awards, all of which recognize achievements in the field of library technology? We’re currently accepting nominations for all of them, so nominate yourself or a colleague today!

LITA/Ex Libris Student Writing Award

The LITA/Ex Libris Student Writing Award is given for the best unpublished manuscript on a topic in the area of libraries and information technology written by a student or students enrolled in an ALA-accredited library and information studies graduate program. The winning article is published in LITA’s refereed journal, Information Technology and Libraries (ITAL). $1,000  award and a certificate.
Nomination form (PDF); February 28, 2017 deadline

LITA/Library Hi Tech Award For Outstanding Communication for Continuing Education

This Award recognizes outstanding achievement in educating the profession about cutting edge technology through communication in continuing education within the field of library and information technology. It is given to an individual or institution for a single seminal work, or a body of work, taking place within (or continuing into) the preceding five years. $1,000 award and a plaque.
Nomination form; January 5, 2017 deadline

LITA/OCLC Frederick G. Kilgour Award for Research in Library and Information Technology

This award recognizes research relevant to the development of information technologies, in particular research showing promise of having a positive and substantive impact on any aspect of the publication, storage, retrieval and dissemination of information or how information and data are manipulated and managed. $2,000 award, an expense paid trip to the ALA Annual Conference (airfare and two nights lodging), and a plaque.
Nomination instructions; December 31, 2016 deadline

David Rosenthal: BITAG on the IoT

planet code4lib - Thu, 2016-12-01 16:00
The Broadband Internet Technical Advisory Group, an ISP industry group, has published a technical working group report entitled Internet of Things (IoT) Security and Privacy Recommendations. It's a 43-page PDF including a 6-page executive summary. The report makes a set of recommendations for IoT device manufacturers:
In many cases, straightforward changes to device development, distribution, and maintenance processes can prevent the distribution of IoT devices that suffer from significant security and privacy issues. BITAG believes the recommendations outlined in this report may help to dramatically improve the security and privacy of IoT devices and minimize the costs associated with collateral damage. In addition, unless the IoT device sector—the sector of the industry that manufactures and distributes these devices—improves device security and privacy, consumer backlash may impede the growth of the IoT marketplace and ultimately limit the promise that IoT holds.Although the report is right that following its recommendations would "prevent the distribution of IoT devices that suffer from significant security and privacy issues" there are good reasons why this will not happen, and why even if it did the problem would persist. The Department of Homeland Security has a similar set of suggestions, and so does the Internet Society, both with the same issues. Below the fold I explain, and point out something rather odd about the BITAG report. I start from an excellent recent talk.

I've linked before to the work of Quinn Norton. A Network of Sorrows: Small Adversaries and Small Allies is a must-read talk she gave at last month's hack.lu examining the reasons why the Internet is so insecure. She writes:
The pre­dic­tions for this year from some analy­sis is that we’ll hit seventy-five bil­lion in ran­somware alone by the end of the year. Some esti­mates say that the loss glob­al­ly could be well over a tril­lion this year, but it’s hard to say what a real num­ber is. Because in many ways the­se fig­ures can’t touch the real cost of inse­cu­ri­ty on the Internet. The cost of humil­i­a­tion and iden­ti­ty theft and pri­va­cy trad­ed away. The lost time, the wor­ry. The myr­i­ads of tiny per­son­al tragedies that we’ll nev­er hear about.These large numbers conflict with estimates from companies as to the cost of insecurity. As I mentioned in You Were Warned, Iain Thomson at The Register reported that:
A study by the RAND Corporation, published in the Journal of Cybersecurity, looked at the frequency and cost of IT security failures in US businesses and found that the cost of a break-in is much lower than thought – typically around $200,000 per case. With top-shelf security systems costing a lot more than that, not beefing up security looks in some ways like a smart business decision.

Romanosky analyzed 12,000 incident reports and found that typically they only account for 0.4 per cent of a company's annual revenues. That compares to billing fraud, which averages at 5 per cent, or retail shrinkage (ie, shoplifting and insider theft), which accounts for 1.3 per cent of revenues.Note, however, that 0.4% of global corporate revenue is still a whole lot of money flowing to the bad guys. The reason for the apparent conflict is that, because companies are able to use Terms of Service to disclaim liability, the costs fall largely on the (powerless) end user. Norton uses an example:
One media report in the US esti­mat­ed 8,500 schools in America have been hit with ran­somware this year. Now, the rea­son why I think it’s real­ly inter­est­ing to point out the American fig­ures here is this is also a nation­al sys­tem where as of last year, half of all stu­dents in US pub­lic schools qual­i­fy for pover­ty assis­tance. Those are the peo­ple pay­ing the­se ran­somwares. And it’s hard to get a real fig­ure because most schools are hid­ing this when it hap­pens.Her audience was people who can fix the security problems:
most peo­ple who are pulling a pay­check in this field are not inter­act­ing with the pain that most peo­ple are expe­ri­enc­ing from net­work inse­cu­ri­ty. Because you end up work­ing for peo­ple who pay. ... That high school can’t afford any­one in this room. And that means that so much of this pain and inse­cu­ri­ty in the world isn’t read­i­ly vis­i­ble to the peo­ple who work in the field, who are sup­posed to be fix­ing it.The potential fixers are not putting themselves in the shoes of those suffering the problem:
Because in the end, one of the con­flicts that comes up over this, one of the rea­sons why users are seen as a point of inse­cu­ri­ty, is because get­ting the job done is more impor­tant than get­ting it done secure­ly. And that will always be in con­flict.This is where Norton's talk connects to the BITAG report. The report's recommendations show no evidence of understanding how things look to either the end users, who are the ISP's customers, or to the manufacturers of IoT devices.

First, the view from the ISP's customers. They see advertising for, webcam baby monitors or internet-enabled door-locks. They think it would be useful to keep an eye on baby or open their front door from wherever they are using their smartphone. They are not seeing:
WARNING: everyone on the Internet can see your baby!or:
WARNING: this allows the bad guys to open your front door!They may even know that devices like this have security problems, but they have no way to know whether one device is more secure than another and, lets face it, none of these devices is actually "secure" compared to things people think of as secure, such as conventional door locks. They all have vulnerabilities that, with the passage of time, will be exploited. Even if the vendor followed the BITAG recommendations, there would be windows of time between the bad guys finding the vulnerability and the vendor distributing a patch when the bad guys would be exploiting it.

They are definitely not seeing a warning on the router they got from their ISP saying:
WARNING: this router gives the bad guys the password to your bank account!After all, they pretty much have to trust their ISP. Nor are they seeing:
WARNING: This device can be used to attack major websites!Even if the customer did see this warning, the fate of major websites is not the customer's problem.

Customers aren't seeing these warnings because no-one in the IoT device supply chain knows that these risks exist, nor is anyone motivated to find out. Even if they did know they wouldn't be motivated to tell the end user either prior to purchase, because it would discourage the purchase, or after the purchase, because thanks to Terms of Service it is no longer the vendor's problem.

Expecting end users to expend time and effort fixing the security issues of their IoT devices before disaster strikes is unrealistic. As Norton writes:
If you are sit­ting in this room, to some degree peo­ple are pay­ing you to use a long pass­word. People are pay­ing you to wor­ry about key man­age­ment. If you are a trash col­lec­tor or radi­ol­o­gist or a lawyer, this takes away from your work day.Second, the view from the IoT device manufacturer. In June 2014 my friend Jim Gettys, who gained experience in high-volume low-cost manufacturing through the One Laptop Per Child project and the OpenWrt router software effort, gave a talk at Harvard's Berkman Center entitled (In)Security in Home Embedded Devices. It set out the problems IoT device manufacturers have in maintaining system security. It, or Bruce Schneier's January 2014 article The Internet of Things Is Wildly Insecure — And Often Unpatchable that Jim inspired are must-reads.

The IoT device supply chain starts with high-volume, low-margin chip vendors, who add proprietary "binary blobs" to a version of Linux. Original device manufacturers (ODMs), again a low-margin business, buy the chips and the software and build a board. The brand-name company buys the board, adds a user interface, does some quality assurance, puts it in a box and ships it. Schneier explains:
The problem with this process is that no one entity has any incentive, expertise, or even ability to patch the software once it’s shipped. The chip manufacturer is busy shipping the next version of the chip, and the ODM is busy upgrading its product to work with this next chip. Maintaining the older chips and products just isn’t a priority.The result is:
the software is old, even when the device is new. For example, one survey of common home routers found that the software components were four to five years older than the device. The minimum age of the Linux operating system was four years. The minimum age of the Samba file system software: six years. They may have had all the security patches applied, but most likely not. No one has that job. Some of the components are so old that they’re no longer being patched.Because the software is old, many of its vulnerabilities will have been discovered and exploited. No-one in the supply chain has the margins to support life-long software support, quality assurance and distribution. Even it were possible to provide these functions, a competitor providing them would price them selves out of the market. The BITAG recommendations would work in a different world, but in this one the supply chain has no ability nor resources to implement them.

Bruce Schneier recently testified to the House Energy & Commerce Committee, pointing out the reason why, even if the BITAG recommendations were in effect, the problem wouldn't be solved:
These devices are a lower price margin, they’re offshore, there’s no teams. And a lot of them cannot be patched. Those DVRs are going to be vulnerable until someone throws them away. And that takes a while. We get security [for phones] because I get a new one every 18 months. Your DVR lasts for five years, your car for 10, your refrigerator for 25. I’m going to replace my thermostat approximately never. So the market really can’t fix this.There are already enough insecure IoT devices on the network to bring down the Internet. Millions more are being added every week. And they aren't going away any time soon.

So, to conclude, what is odd about the report? As far as I can see, there is nothing in the report from the Broadband Internet Technical Advisory Group about what the Broadband Internet industry can do to fix the security issues the report raises. It lays the blame for the problem squarely on the IoT device industry. Very convenient, no?

There clearly are things the broadband industry could do to help. Intel's Schrecker has made one proposal, but it is equally impractical:
As for coping with the threat we face now, courtesy of millions of pathetically insecure consumer IoT devices, Schrecker’s proposed solution sounds elegantly simple, in theory at least: “Distribute, for example, gateways. Edge gateways that can contain a DDoS and are smart enough to talk to each other and help contain them that way.”ISPs haven't deployed even the basic BCP38 filtering, which would ensure that packets had valid source addresses, and thus make DDoS attacks traceable. But they're going to buy and deploy a whole lot of new hardware? Note that the Mirai DDoS botnet technology has recently been upgraded to spoof source addresses:
Propoet also advertised another new feature, which is the ability to bypass some DDoS mitigation systems by spoofing (faking) the bot's IP address. Previous versions of the Mirai malware didn't include this feature.

2sec4u confirmed in a private conversation that some of the newly-spawned Mirai botnets can carry out DDoS attacks by spoofing IP addresses.The upgraded technology is used in a botnet four times bigger than the one that took out Dyn last month. It rents for $50-60K/month, nothing compared to the damage it can do. Mirai has been updated with some zero-day exploits to which somewhere between 5M and 40M home routers appear to be vulnerable. Estimating 30% utilization of the 5M resource at $50K/month suggests Mirai-based botnets are a $2.2M/year business.

Schrecker is right about the seriousness of the DDoS threat:
If the operators behind these IoT-enabled botnets were to “point them at industry” instead of smaller targets such as individual journalists’ websites, as happened with infosec researcher Brian Krebs, the impact on the world economy could be “devastating”, he added.ISPs could do more to secure IoT devices, for example by detecting devices with known vulnerabilities and blocking access to and from them. But this would require a much higher level of user support than current ISP business models could support. Again, an ISP that "did the right thing" would price themselves out of the market.

There is plenty of scope for finger-pointing about IoT security. Having industry groups focus on what their own industry could do would be more constructive than dumping responsibility on others whose problems they don't understand. But it appears in all cases that there is are collective action and short-termism problems. Despite the potential long-term benefits, individual companies would have to take actions against their short-term interests, and would be out-competed by free-riders.

District Dispatch: Charlie Wapner to serve as Senior Research Associate

planet code4lib - Thu, 2016-12-01 15:06

I am pleased to announce the appointment of Charlie Wapner as a Senior Research Associate in ALA’s Office for Information Technology Policy (OITP). In this role, Charlie will provide research and advice on the broad array of issues addressed by OITP, and especially as needed to advocate with the three branches of the federal government and communicate with the library community.

Charlie Wapner, newly appointed Senior Research Associate at OITP

Charlie will be familiar to District Dispatch readers as he was a Senior Information Policy Analyst here in OITP in 2014-16. Among his contributions for ALA included the completion of two major reports. He completed a major report, “Progress in the Making: 3D Printing Policy Considerations Through the Library Lens,” which attracted library and general press coverage (e.g., Charlie contributed to a piece by the Christian Science Monitor), and he was invited to write an article for School Library Journal.

OITP’s work on entrepreneurship was launched by Charlie through the development and publication of “The People’s Incubator: Libraries Propel Entrepreneurship” (.pdf), a 21-page white paper that describes libraries as critical actors in the innovation economy and urges decision makers to work more closely with the library community to boost American enterprise. The paper is rife with examples of library programming, activities and collaborations from across the country. Charlie’s work is the basis for our current policy advocacy and the creation of a brief on libraries and entrepreneurship and small business.

Charlie came to ALA in March 2014 from the Office of Representative Ron Barber (Ariz.), where he was a legislative fellow. Earlier, he also served as a legislative correspondent for Representative Mark Critz (Penn.). Charlie also interned in the offices of Senator Kirsten Gillibrand (N.Y.) and Governor Edward Rendell (Penn.). After completing his B.A. in diplomatic history at the University of Pennsylvania, Charlie received his M.S. in public policy and management from Carnegie Mellon University.

The post Charlie Wapner to serve as Senior Research Associate appeared first on District Dispatch.

LibUX: The Non-Reader Persona

planet code4lib - Thu, 2016-12-01 14:52

The saga of the user experience of ebooks continues. An in-time-for-Thanksgiving breakdown by Pew Research Center’s Andrew Perrin looks at the demographics of Americans who don’t read any books whatsoever – and as bleak as that sounds, I think in the spirit of the weekend we should be thankful.

Why’s that? Well, we in libraries could do better about knowing who not to cater to.

This data helps us better understand our non-adopters.

Given the share that hasn’t read a book in the past year, it’s not surprising that 19% of U.S. adults also say they have not visited a library or a bookmobile in the past year. The same demographic traits that characterize non-book readers also often apply to those who have never been to a library. Andrew Perrin

@benwhitephotography

Who are “non-adopters”?

I am on record generally thinking that personas aren’t particularly useful in design, but there are three I like:

  • First adopters perceive an immediate need for a service or product. Once offered, they’re on board.
  • Late adopters probably see your service favorably – but there’s no rush. Maybe the price isn’t right, or it doesn’t quite solve a job they need done just yet. They’ll come around.
  • Non adopters are disinterested and aren’t likely to use your service, period.

You organize your design and development strategy around these: first adopters will adopt, generate feedback, some income — or whatever numbers matter to your organization, whether that’s foot traffic, registration, and so on — and create word-of-mouth that in time will loop-in late adopters. Each type of user values the features of your service differently, but because first adopters are core to reaching others, you prioritize your early efforts for them.

Identifying non-adopters is useful in the short-term so you don’t waste your time catering to them. It sounds crass, but features non-adopters like that first- and late-adopters don’t aren’t to be mistaken for features that will engage non-adopters.

They’re red-herrings.

Are non-adopters driving our decision making?

Earlier this year in an episode about library usage and trends for Metric: A UX Podcast, we observed how the support for libraries in a separate Pew survey outweighed their actual usage, and feedback about which services to provide differed noticeably between those who use libraries and those who don’t. As the trends in public libraries move toward makerspaces, 3d-printing and the like, libraries need to be very clear about who precisely is asking for these.

When asked why they visit public libraries in person, large numbers of library users cite fairly traditional reasons. These include borrowing printed books (64% of library visitors do this, down slightly from the 73% who did in 2012, but similar to the 66% who did so in 2015) or just sitting and reading, studying, or engaging with media (49%, identical to the share who did so in 2012). John B. Horrigan

It’s hard to tell whether this chart demonstrates actual interest in the use of 3d printers or other high-tech devices, or whether these services weren’t yet available in the respondents’ community. I’d guess for many it was the latter. We can probably chalk some of this up to lack of awareness.

Even so, the trend is clear.

Libraries are putting real steam behind this service category. At this time there are 730 libraries plotted in Amanda’s map of 3d printers in libraries – and growing.

The question is whether meaningful investment in these features engage users as much or more than others. Do we know? Libraries don’t need to make profit, but there’s some concern about the impact failure might have on experimentation in the future – let alone on the overall impact on community support during election season.

Appealing to the wrong users might have gross consequences on the user experience of everyone else – especially if it knocks libraries off the user-centric bandwagon all together.

What better way to scare library administration from iterative design thinking than going full-bore without the prerequisite user research, burning time and budget into projects that patrons don’t care about?

Non-adopters in the long-term

In the long term, non-adopters deserve a second look. They define the boundaries of our practical decision-making but they also represent potential users of new services.

For most organizations and companies, non-adopters are a lost cause. The target-audience of adopters is narrowly defined by use cases. Reaching non-adopters demands a tangential service that meets and entirely unrelated need, but the overhead for designing, developing, and supporting these can be too much.

Libraries are unique in that “disparate community services” — academic or public — are sort of what they’re about. Collecting and distributing, teaching, entertaining, and advocating exemplify this, which now defines the makeup of what people think libraries do and why there is high public support. It doesn’t seem that much of a stretch to branch into software development, W3C standards-making, the block chain, makerspaces, 3d printing, media labs, coworking, and more.

Organizationally libraries are pre-positioned to extend into new service categories more naturally than others.

The challenge is to iterate sustainably.

Non-readers are likely to not be library users

Or, more optimistically, non-readers are likely to not be library users yet. There are opportunities to engage them, but the point of this whole thread is to not make light of the risk when you are budget- or time- or talent-constrained.

Andrew determined non-readers tend to be

  • adults with a high-school degree or less
  • less likely to own smartphones or tablets
  • at or below a household income of $30,000 per year
  • potentially older: 29% of adults ages 50 and up have not a read a book in the past year
How the non-reader persona impacts library design

The lack of a smartphone doesn’t rule-out that non-readers use the web. In fact, we know from the kind of work we do both that the digital divide is real and, more importantly, that libraries play an important role bridging that gap by providing free internet and access — even lending devices, in some cases – having done so since the ’90s. Increasingly even reluctant internet users must become internet users when applying for work or participating in government, assistance for which also fall within the boundaries of what libraries do.

None of this really matters however if the library web presence, which is increasingly the cornerstone for even tangible library services (like circulation), isn’t designed to reach the greatest common denominator of device support. There are people who don’t own a smartphone intentionally, but for many it, the data plan, and internet access is cost prohibitive. These users might have old phones, old browsers, low data threshold, slow internet, or just lack familiarity with or comfort using the internet.

To even hope of reaching these folks imply that our websites must

  • be reasonably backward compatible with older browsers
  • fit as many device shapes and screen sizes as possible
  • go easy on the page weight (see “what does my site cost“?)
  • be accessible

let alone emphasizing easy onboarding of new patrons in our physical spaces, ensuring here also accessibility, findability, and affordance.

This means that library websites that aren’t progressively enhanced, mobile-first, responsive, lightweight and fast (use this system of measurements) are almost guaranteed to fail to engage this group.

District Dispatch: Registration opens for National Library Legislative Day 2017

planet code4lib - Thu, 2016-12-01 14:00

Photo Credit: Adam Mason

We are happy to announce that registration for the 43rd annual National Library Legislative Day is open. This year, the event will be held in Washington, D.C. on May 1-2, 2017, bringing hundreds of librarians, trustees, library supporters, and patrons to Washington, D.C. to meet with their Members of Congress and rally support for libraries issues and policies. As with previous years, participants will receive advocacy tips and training, along with important issue briefings prior to their meetings. Featured issues include:

  • Library funding
  • Privacy and surveillance reform
  • Copyright modernization
  • Access to government information
  • Affordable broadband access
  • Net neutrality protection

Participants at National Library Legislative Day have the option of taking advantage of a discounted room rate by booking at the Liaison. To register for the event and find hotel registration information, please visit the website.

Want to see a little more? Check out the photos from last year!

We also offer a scholarship opportunity to one first-time participant at National Library Legislative Day. Recipients of the White House Conference on Library and Information Services Taskforce (WHCLIST) Award receive a stipend of $300 and two free nights at a D.C. hotel. For more information about the WHCLIST Award, visit our webpage.

I hope you will consider joining us!

For more information or assistance of any kind, please contact Lisa Lindle, ALA Washington’s Grassroots Communications Specialist, at llindle@alawash.org or 202-628-8140.

The post Registration opens for National Library Legislative Day 2017 appeared first on District Dispatch.

Open Knowledge Foundation: OpenTrialsFDA presents prototype as finalist for the Open Science Prize

planet code4lib - Thu, 2016-12-01 11:54

For immediate release

Open Knowledge International is thrilled to announce that the OpenTrialsFDA team is presenting its prototype today at the BD2K Open Data Science Symposium in Washington, DC as finalist for the Open Science Prize. The Open Science Prize is a global science competition to make both the outputs from science and the research process broadly accessible. From now until 6 January 2017, the public is asked to help select the most promising, innovative and impactful prototype from among the six finalists – of which one will receive the grand prize of $230,000.

OpenTrialsFDA is a collaboration between Dr. Erick Turner (a psychiatrist-researcher and transparency advocate), Dr. Ben Goldacre (Senior Clinical Research Fellow in the Centre for Evidence Based Medicine at the University of Oxford) and the team behind OpenTrials at Open Knowledge International.  

OpenTrialsFDA works on making clinical trial data from the FDA (the US Food and Drug Administration) more easily accessible and searchable. Until now, this information has been hidden in the user-unfriendly Drug Approval Packages that the FDA publishes via its dataportal Drugs@FDA. These are often just images of pages, so you cannot even search for a text phrase in them. OpenTrialsFDA scrapes all the relevant data and documents from the FDA documents, runs Optical Character Recognition across all documents, links this information to other clinical trial data, and now presents it through a new user-friendly web interface at fda.opentrials.net.

Explore the OpenTrialsFDA search interface

Any user can type in a drug name, and see all the places where this drug is mentioned in an FDA document. Users can also access, search and present this information through the application programming interfaces (APIs) the team will produce. In addition, the information has been integrated into the OpenTrials database, so that the FDA reports are linked to reports from other sources, such as ClinicalTrials.gov, EU CTR, HRA, WHO ICTRP, and PubMed.

The prototype will provide the academic research world with important information on clinical trials in general, improving the quality of research, and helping evidence-based treatment decisions to be properly informed. Interestingly, the FDA data is unbiased, compared to reports of clinical trials in academic journals. Dr. Erick Turner explains: “With journal articles everything takes place after a study has finished, but with FDA reviews, there is a protocol that is submitted to the FDA before the study has even started. So the FDA learns first of all that the study is to be done, which means it can’t be hidden later. Secondly it learns all the little details, methodological details about how the study is going to be done and how it is going to be analyzed, and that guards against outcome switching.”

Dr Ben Goldacre: “These FDA documents are hugely valuable, but at the moment they’re hardly ever used. That’s because – although they’re publicly accessible in the most literal sense of that phrase – they are almost impossible to search, and navigate. We are working to make this data accessible, so that it has the impact it deserves.”

Voting for the Open Science Prize finalists is possible through  http://event.capconcorp.com/wp/osp: more information on OpenTrialsFDA is available from fda.opentrials.net/about and from the team’s video below.

 

Editor’s notes

Dr. Ben Goldacre
Ben is a doctor, academic, writer, and broadcaster, and currently a Senior Clinical Research Fellow in the Centre for Evidence Based Medicine at the University of Oxford. His blog is at www.badscience.net and he is @bengoldacre on twitter. Read more here. His academic and policy work is in epidemiology and evidence based medicine, where he works on various problems including variation in care, better uses of routinely collected electronic health data, access to clinical trial data, efficient trial design, and retracted papers. In policy work, he co-authored this influential Cabinet Office paper, advocating for randomised trials in government, and setting out mechanisms to drive this forwards. He is the co-founder of the AllTrials campaign. He engages with policy makers. Alongside this he also works in public engagement, writing and broadcasting for a general audience on problems in evidence based medicine. His books have sold over 600,000 copies.

Dr. Erick Turner
Dr. Erick Turner is a psychiatrist-researcher and transparency advocate. Following a clinical research fellowship at the NIH, he worked for the US Food and Drug Administration (FDA), acting as gatekeeper for new psychotropic drugs seeking to enter the US market. In 2004 he published a paper drawing researchers’ attention to the Drugs@FDA website as a valuable but underutilized source of unbiased clinical trial data. Dissatisfied with the continuing underutilization of Drugs@FDA, he published a paper in the BMJ in order to encourage wider use of this trove of clinical trial data.

Open Knowledge International
https://okfn.org   
Open Knowledge International is a global non-profit organisation focussing on realising open data’s value to society by helping civil society groups access and use data to take action on social problems. Open Knowledge International addresses this in three steps: 1) we show the value of open data for the work of civil society organizations; 2) we provide organisations with the tools and skills to effectively use open data; and 3) we make government information systems responsive to civil society.

Open Science Prize
https://www.openscienceprize.org/res/p/finalists/
The Open Science Prize  is a collaboration between the National Institutes of Health and the Wellcome Trust, with additional funding provided by the Howard Hughes Medical Institute of Chevy Chase, Maryland.  The Open Data Science Symposium will feature discussions with the leaders in big data, open science, and biomedical research while also showcasing the finalists of the Open Data Science Prize, a worldwide competition to harness the innovative power of open data.

Harvard Library Innovation Lab: pockets of people

planet code4lib - Wed, 2016-11-30 21:23

we hosted a bunch of amazing visitors earlier this week (knight prototype workshop!) and we were fortunate enough to gather everyone for dinner. after drinks were served, i used my phone’s camera and swooped into each booth aka pocket of people.

swooping into these pockets of people is surprisingly meaningful and rich — i very much get a distinct sense for the vibe/mood/energy at each table. this swoop in and pan pattern is deep.

what should i do with these clips? feels like there’s some coolness here but i can’t seem to grab it. ideas?

LITA: Jobs in Information Technology: November 30, 2016

planet code4lib - Wed, 2016-11-30 19:26

New vacancy listings are posted weekly on Wednesday at approximately 12 noon Central Time. They appear under New This Week and under the appropriate regional listing. Postings remain on the LITA Job Site for a minimum of four weeks.

New This Week

Yale University, Software Engineer, Yale Center for British Art, New Haven, CT

Visit the LITA Job Site for more available jobs and for information on submitting a job posting.

District Dispatch: ALA seeks nominations for 2017 James Madison awards

planet code4lib - Wed, 2016-11-30 17:20

The American Library Association’s (ALA) Washington Office is calling for nominations for two awards to honor individuals or groups who have championed, protected and promoted public access to government information and the public’s right to know.

The James Madison Award, named in honor of President James Madison, was established in 1986 to celebrate an individual or group who has brought awareness to these issues at the national level. Madison is widely regarded as the Father of the Constitution and as the foremost advocate for openness in government.

James Madison Award logo

The Eileen Cooke Award honors an extraordinary leader who has built local grassroots awareness of the importance of access to information. Cooke, former director of the ALA Washington Office, was a tireless advocate for the public’s right to know and a mentor to many librarians and trustees.

Both awards are presented during Freedom of Information (FOI) Day, an annual event on or near March 16, Madison’s birthday.

Nominations should be submitted to the ALA Washington Office no later than January 20, 2017. Submissions should include a statement (maximum one page) about the nominee’s contribution to public access to government information, why it merits the award and one seconding letter. Please include a brief biography and contact information for the nominee.

Send e-mail nominations to Jessica McGilvray, Deputy Director for the ALA Office of Government Relations, at jmcgilvray@alawash.org. Submissions can also be mailed to:

James Madison Award / Eileen Cooke Award
American Library Association
Washington Office
1615 New Hampshire Avenue, NW
Washington, D.C. 20009-2520

The post ALA seeks nominations for 2017 James Madison awards appeared first on District Dispatch.

Pages

Subscribe to code4lib aggregator