Categories
conference Libraries

Library Issues Round Table

Whoops – this should have been posted a long time ago…

We started with discussion of Overdrive and how we all use it. Next up was ILS (Integrated Library System – circulation, cataloging and web OPAC, among other things) versions and many discussions of what ILS we use with lots of complaints about the vendors in the space. Travis Reddick, of MORENet, got lots of props for being a very helpful dude to work with in the networking area of MORENet. There were a lot of comments about hosted ILSs and web-based ILSs.
Next up was a discussion about tech support at the library and how far we go to help patrons as we try to do the rest of our work.

Categories
conference

Connections conf day 1 wrapup

At the start of a very long day, I awoke to the sight of some cute ducks on my patio. I blogged pretty heavily about my sessions yesterday, so I won’t go into detail about that. Around the sessions, though, I did a lot of chatting with other library types about a lot of different things that they are doing. I did sort of crap out in the afternoon and ended up skipping a session to hang in my room and do some requested web updates for work. I was getting burned out on all the socializing, if you can imagine…
The library round table in the evening was great (big kudos to Lee Cushing for suggesting it). There were a lot of folks, including some relevant Morenet folks, who had a lot to say. Again, I blogged about that (though now I’m wondering if I posted it – if not, it will show up soon).

Categories
conference E-Books

Overdrive and MOLib2go

It started with Kyle presenting an overview of Overdrive. One question was about the customization options for a library’s OD site. Kyle said it’s pretty customizable. Another question was about using the OD software on public computers. There was discussion of how various libraries manage that. Kara followed with a discussion of the MOLib2go service. The first question was about the benefits of joining the consortium -getting access to all the books purchased by all the 22 libraries in the consortium. She followed up with stats about MOLib2go’s books. She also mentioned the #hcod issue – MOLib 2 go is boycotting Harper Collins books for now. That started some discussion, to put it mildly.
She mentioned the links to Project Gutenburg from our homepage.we then had much more discussion of #hcod. Strong opinions abound.
Mike talked about training and demo’d My Help and talked about flyers and other resources that he’ll make use of Webjunction to post those for staff.

Categories
conference socialmedia

Exploring policy, privacy and compliance issues when using social media: an IT perspective

Mark Monroe, from UMSL, started with a discussion of what social media is. He started with Tufts University using YouTube videos as a replacement for application essays – the dean of undergrad admissions didn’t realize how public and followed these applications would be. He talked about other social media missteps, then went into TOS’s of Facebook and Twitter. He then talked about FB’s ownership grab of user photos over 2009’s Valentines day.
He discussed the idea of cyber-bullying and policies – his school has no specific policies, but the activities are covered by code of conduct policies.
Much of the discussion was very educational institution oriented, so I’m skipping a lot…
The upshot of the discussion was that teachers are asking students to post homework assignments on Facebook and this is probably a bad idea. I’m in agreement, but not for the same reasons – Mark said that students uploading writing or photos to FB as part of an assignment are giving up their copyrights to that work. This is not exactly true – but they are putting that stuff up in a much more public place than their teacher’s desk, so there may be issues with privacy that are more pressing than IP issues, really. There were several questions from the crowd about impersonation accounts, but not a lot of advice – FB is notoriously bad about getting back to folks about issues, though they are getting better at getting rid of accounts that impersonate someone.

Categories
conference Training

Connections — Keynote – securing the human

The Connections conference started with a keynote from SANS about securing the human part of your network. Lance started talking about his background in Info Security, honeypots and work with Sun Microsystems (starting originally with work in tanks in the military). “the simplest way to steal your password is to ask for it – the simplest way to infect your computer is to ask you to do it”. Technology has been very well secured – its MUCH easier to get the human users to do the work for the bad guys. The change began in August 2004 – when Service Pack 2 was release for XP with the firewall being turned on by default. This started the drop of technology based hacking and began the era of human hacking. The human OS – you have Windows, Linux and human OS’s in your network. We’ve done nothing to secure that human OS (my note: why training is so very important – it’s updating and patching the human OS in your network).
90% of malware requires human interaction (Symantec)
100% of successful APT attacks compromised the human (Mandiant)
Humans have to click a link, install a program, insert a USB stick or interact in some way to make the malware work.
Humans are bad at judging risk – we overestimate visual risks (lions and tigers, as opposed to something we can’t see) and overestimate risks when we aren’t in control (flying as opposed to driving).
“If it’s on the news, it’s probably really safe, because it almost never happens – or else it wouldn’t be news”
Social engineering – we surf and feel like we are in control (and the hack is silent and not visual at all), we underestimate the risks of getting hacked because of those two factors. You check into your hotel room, get a call from front desk to clarify a problem with your card, you give them your card number, they’ve hacked you. (real problem at Disney World resorts)
Some worms now check keyboard settings before they send out their phishy emails so that they can send out a virus email to your friends in the language that you usually use (if your keyboard is set to Spanish, they send the spanish version of the bad email to your contacts, in order to increase the likelihood that your friends will click on the link in the email).
Many trojans disguise themselves as anti-virus programs so that you not only infect yourself, but you pay $100 or so for the privilege of doing so.
Twitter and Facebook make malicious social engineering attacks easy – Twitter bots search for keywords and respond to any tweet using that keyword with a “discount” link for that particular item.
Goals of Awareness training – compliance and changing behavior. Lance concentrates on changing behavior (more powerful than mindless compliance).
The Plan: who, what and how? Who do you target for training? (employees, admin staff especially, management, IT staff (privileged access to lots of resources – make sure they don’t post router configs (for example) on public listservs, use the same password for servers that they use for their Facebook account) What do you train about? (You are the target, social engineering, email and IM, browsers, etc.). Teach people that it’s not all just about protecting the organization, it’s about protecting the employee. How to train? Use imagery, videos, newsletters – make it as fun as marketing is these days. He showed an example video that promotes security awareness (social engineering, specifically).
SANS has a video awareness library – info in handouts. Newsletters are like patches – they have to be done regularly or people forget.
Inoculation – used to measure end user awareness, used to get their attention and reinforce training. Launch a phishing email of your own (benign, of course) and see who clicked and how many were fooled. Keep doing it as your awareness campaign continues and see how the numbers go down. Start with basic email and work up to targeted emails to test users.
Presentation and newsletters that can be redistributed are available on Lance’s blog.

Categories
conference

Security symposium wrap-up; day 1

I started off the morning with YET ANOTHER fall, this time on my outside steps which were icy, but much shorter than the basement steps I fell down last month. Besides a honkin’ big bruise on my hip, I’m all right.
The conference began with a keynote which I’ve already summarized and posted about, so I won’t do that to you again – other than to note that keeping a machine that is used *only* for online banking duties is a great idea, but I’m wondering about the software we use and if a Linux machine (which we could keep safe) will work with the software. Something I need to check into when I get back home.
I also blogged about the morning’s session – centralized logging with Windows – so I won’t go into that either.
Lunch was excellent – just sandwiches and cole slaw, but I was ready for it when it came – and the conversation at my table was better. We began with discussions of the state of cartoons and the fact that cartoons today are so much worse than those of years ago (and I think someone actually said “get off my lawn” at one point, too… Even though it may be considered violent, who can forget Elmer Fudd singing about killing a rabbit to the tune of Wagner’s operatic compositions? This segued (somehow) into the #hcod (the issue of Harper Collins capping ebook checkouts at 26 – do a quick search on the #hcod tag if you aren’t familiar) problem and then into the fact that librarians often act as the copyright police, even when we often disagree with the rules (this last bit may just be my opinion…). It was an excellent discussion that ran into the next session, so I ended up missing that one.
The geek out at the conference session has also been blogged about here, so I won’t say much other than it was an interesting idea – get everyone into a single room to discuss any issues they are having while a very knowledgable MORENet employee (Randy Raw) introduced us to people who could help us with that issue or were going through the same thing and would commiserate with us. It was assisted networking and it was a really good idea!
The exhibit/reception was nice – I got to talking to Lee Cushing during the geek out session and we continued the conversation in the exhibit hall. We decided to sign up for a “librarian issues” roundtable tomorrow night as a way to get the few library types who come to this conference together to talk about the stuff that effects us. I’m looking forward to it. Mike showed up during the reception and we walked around the exhibits together before heading outside to talk and wait for Jason Long – the IT person for the local library system – to join us.
Jason is just starting to offer Overdrive (as in, it goes live on Monday) and he had questions. He’s been using Centurion for a while and I had questions. It was a great conversation and a nice way to catch up on what we’ve been doing since last chatting at MLA (though he reads this blog – Hi, Jason! – so he has some idea of what I’ve been doing).
Now it’s time to start to hunt down dinner, as soon as Mike finishes his meeting with his co-presenters and wind down for the day – ready to start all over again at the 7am breakfast tomorrow!

Categories
conference

Geek out at the conf

Geek out – short talks, comments on what’s going on at our orgs, questions to geeks who are doing the same sort of stuff.
First – thin apps on VMWare View for virtualized desktops
New MS licensing for edu, not sure about libraries
Moodle – provisioning second pipe to Morenet to keep from using all the bandwidth of main pipe for hosted stuff like Moodle
Discussion of burstable bandwidth from Morenet
Talked about what’s coming from Morenet -lots of cool stuff…
Replacements to illuminate – Morenet is looking at big blue button, an open source adobe connect type of content presentation software
Moving from Novell to Windows
Question about filtering mergers and how it’s going to work
Discussion of packet shaping vendors
IPv6 issues – remember logging software (and other software) needs to be able to parse it, too, so check both hardware & software purchases.

Categories
conference

Centralized logging with alerts for windows

With Steve Massman and Travis Reddick

KiwiSyslog and SNARE client as well as Logcheck & other open source utilities.
Could get emails every 30 mins that you have to read. Download and read OS security guides!
Log everything – everything. Success and failures both.
Use 2003 or 2008 and use an existing machine if it’s not heavily used, use a software firewall allow only your machine to RDP, lock down ports to only logging servers. No virus software necessary.
Kiwisyslog -$300ish – separate log files by machine
SNARE – free, log sys and security, domain controllers add directory service, DNS and file replication logs, look for new events in Kiwi
Log check – for 2003, logcheck.ignore is what you use to filter your logs to keep from being overwhelmed, examples of what goes into logcheck.ignore file, Case matters, be specific
Configuring scheduled task – in 2008, disable “network access: do not allow storage of passwords and credentials for network authentication” or the task won’t run.
Splunk? Can manage ASA files – useful for us!
Downloads – FTP://FTP.more.net/pub/s_P/massmans

Demo time!

Categories
collaboration 2.0 conference MRRL presentations Web 2.0 Writing

Updates and some cache clearing

Updates
I’ve finally gotten around to posting links to the last couple of presentations I’ve done on my Presentations page, as well as the latest information about the Publications I’ve put out (a link to purchase the Library Mashups book and a tentative publishing date for the Twitter/Friendfeed book). Also, I’ve updated the Raves and Reviews page with a new section called Awards. I found out on Friday that I’d won an Honorable Mention in the 78th Annual Writer’s Digest Awards in the Magazine Feature Article category. I’m not sure how prestigious that really is – I’m not among the top 100 listed winners in the category on the Writer’s Digest site, but the letter that accompanied the award certificate said that, “your success in the face of such formidable competition speaks highly of your writing talent”, so I suppose it is worth something…
Cache Clearing
— Google Wave – I’ve got an account and have been using it to conduct extended group IM-like chats with people and to follow the Real-Time Web Summit that happened in Mountain View, CA (Google’s backyard…) last week. The use of the conference wave was one of my favorite uses of Wave so far. Lots of great information at my fingertips!!!
–Drupal – I’m still in the process of working out the kinks in the new MRRL site, but it should be available for “sneak peeks” by the middle of November – it’s going live on the 17th of November. I’ll be posting more about my adventures with Drupal, but lets just say that I still have most of my hair… not quite all, but most. And, if anyone has a lead on a kick-ass editor that won’t eat my PHP code or re-write my content folk’s stuff at random, but will still give some help to those who are HTML-challenged, I’d appreciate it. That’s where most of my hair is going right now – crazy editors that either do too much or to little.

Categories
cluetrain manifesto conference

Saturday’s keynote – Knowledge in the Age of Abundance

David Weinberger, of the Berkman Center for Internet and Society at Harvard, provided our Saturday morning keynote address. He’s the author, by the way, of the Cluetrain Manifesto, which I posted about on the 10th anniversary of that publication on this very blog.
He’s going to discuss what happens with knowledge in this age of abundance. The abundance (1 trillion pages on the web) would have required a mobilization on the order of several world wars – but we did it in our spare time. The age of information (which we are leaving) was about reducing info so that we could control it. Now, the age of the web (?) is about LOTS of information and abundance.
What knowledge was: grew up in a time of scarcity 1) only one knowldege 2) same for everyone 3) binary – at most one can be right 4) it’s simple 5) doesn’t matter who says it – if it’s true, it’s true 6) it’s scarce (most things are opinions) 7) knowledge is settled 8) ordered and orderly.
“our view of what knowledge is is influenced by the media we use to contain it”
Everything going digital changes our tools and changes the way we think.
The authority of knowledge
We create experts who are “expert” in their small chunk of the world – we can ask the expert and then *stop* looking for info – you’ve got the knowledge. Paper (books) is also a stopping point (even footnotes are difficult to follow) and non-transparent.
From disconnected media – to hyperlinks which are transparent and definitely not stopping places.
The new knowledge – a network of differences. The smartest person in the room is not the “sage on the stage”, but rather the room in total. The network of people is smarter than any one.
How networked knowledge can make us stupider

  • can’t find info – no formal distinction between metadata (what you know) and data (what you are looking for); makes things hard to find – the amount of data/metadata is always going to outrun our ability to manage it; good enough, however, is good enough. Most questions are more like “which hotel is best in Silicon Valley”, fewer are like “what is the atomic weight of Silicon” – a factual, one answer question.
  • needed skills make digital divide worse – even as you scale access, if you don’t scale the skills, you are doing nothing – maybe making it worse.
  • only find what we agree with – we stay within our comfort zones (We “flock it all up”). Most conversation is not about changing minds – and very few do. “It’s not a flaw in the system that we have an echo chamber in politics – it is the system. It’s how the system works”.
  • makes us lazy – we can see the argument (Wikipedia’s talk page), but we don’t bother to look at it

The architecture of morality and the architecture of a hyperlinked world are exactly the same. Hyperlinks allow us to link to others and discover their views of the world.
Compassion and curiosity are our bulwarks
Questions
A general theory of love was recommended as a book that would complement this keynote well.
another questioner asked if we should be pushing students to go farther than the “good enough” Google search; as librarians, we are instructing them in what is “good enough” for their discipline & needs as well as expanding their view to consider what they otherwise wouldn’t have.

Relation Browser
Timeline
0 Recommended Articles:
0 Recommended Articles: