Code4Lib Journal: Measuring Library Vendor Cyber Security: Seven Easy Questions Every Librarian Can Ask
This article is based on an independent cyber security risk management audit for a public library system completed by the authors in early 2015 and based on a research paper by the same group at Clark University in 2014. We stress that while cyber security must include raising public knowledge in regard to cyber security issues and resources, and libraries are indeed the perfect place to disseminate this knowledge, librarians are also in a unique position as the gatekeepers of information services provided to the public and should conduct internal audits to ensure our content partners and IT vendors take cyber security as seriously as the library and its staff.
One way to do this is through periodic reviews of existing vendor relationships. To this end, the authors created a simple grading rubric you can adopt or modify to help take this first step towards securing your library data. It is intended to be used by both technical and non-technical staff as a simple measurement of what vendor agreements currently exist and how they rank, while at the same time providing a roadmap for which security features or policy statements the library can or should require moving forward.
Code4Lib Journal: Building Bridges with Logs: Collaborative Conversations about Discovery across Library Departments
Part by of Amazon crawl..
This item belongs to: data/ol_data.
This item has files of the following types: Data, Data, Metadata, Text
Today I found the following resources and bookmarked them on Delicious.
- Sponsored: 64% off Code Black Drone with HD Camera Our #1 Best-Selling Drone–Meet the Dark Night of the Sky!
Digest powered by RSS Digest
I was quite happy to see last week’s announcement of awardees of IMLS grants for the National Leadership Grants for Libraries Program and the Laura Bush 21st Century Librarian Program. No; I didn’t receive a grant. But we are named collaborators on three of them. Such cooperative efforts are key to our policy work, as there is only so much that the Office for Information Technology Policy can achieve on its own. But by working with talented and effective partners, we expand our reach and impact considerably.
We look forward to working with Professor Mega Subramaniam of the University of Maryland on her effort to develop and deliver a post-master’s certificate in Youth Experience (YX) design. Even better, ALA’s Young Adult Library Services Association is another project partner. This project focuses on the development of a 12-credit online post-master’s certificate program focused on learning sciences including topics like adult mentorship, participatory design, and design thinking. Mega is also part of the advisory committee on our recently-announced Libaries Ready-to-code Project, a collaboration between Google and ALA.
One project examines how rural libraries address the challenges of Internet connectivity with hotspot lending programs. Research outcomes will address the role of rural libraries in local information ecosystems, the impact of hotspot lending programs on users’ quality of life and digital literacy, community outcomes of these programs, and practical requirements for offering hotspot lending programs. We look forward to supporting the efforts of Professor Sharon Strover at the University of Texas and her team.
Finally, we are pleased to be associated with principal investigator Iris Xie, Professor, University of Wisconsin—Milwaukee and her effort to develop digital library design guidelines on accessibility, usability, and utility for blind and visually impaired (BVI) users. This project will generate three products: 1) digital library design guidelines, organized by types of help-seeking situations associated with accessibility, usability, and utility; 2) a report on the current status of how digital libraries satisfy BVI users’ help needs; and 3) a methodology that can be applied to other underserved user groups to develop similar guidelines. Our involvement with this project will complement our other work on improving access to information resources for people with disabilities.
Congratulations to the grant recipients and we look forward to productive and interesting work ahead.
The post A Policy Revolution! can happen only if we work together appeared first on District Dispatch.
The Evergreen community released its 2015 Annual Report this morning during the 2016 International Evergreen Conference in Raleigh, North Carolina.
The annual report highlights a busy year for Evergreen with 60 new library locations moving to the system, bringing the total number of known Evergreen libraries to nearly 1,800. In addition to two new feature releases, 2015 also saw a lot of work completed for the new web-based staff client, which is scheduled to be ready to replace the current staff client in Spring 2017.
The annual report is available from the Evergreen web site at https://evergreen-ils.org/wp-content/uploads/2016/04/Evergreen%20Annual%20Report%202015%20Max%20Resolution.pdf
Learn about choosing blending data from different SPARQL endpoints using federated queries.
I decided to secure the www.gitenberg.org website as my test example. It's still being developed, and it's not quite ready for use, so if I screwed up it would be no disaster. Gitenberg.org is hosted using Elastic Beanstalk (EB) on Amazon Web Services (AWS), which is a popular and modern way to build scaleable web services. The servers that Elastic Beanstalk spins up have to be completely configured in advance- you can't just log in and write some files. And EB does its best to keep servers serving. It's no small matter to shut down a server and run some temporary server, because EB will spin up another server to handle rerouted traffic. These characteristics of Elastic Beanstalk exposed some of the present shortcomings and future strengths of the Let's Encrypt project.
Here's the mission statement of the project:
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit.While most of us focus on the word "free", the more significant word here is "automated":
Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.Note that the objective is not to make it painless for website administrators to obtain a certificate, but to enable software to get certificates. If the former is what you want, in the near term, then I strongly recommend that you spend some money with one of the established certificate authorities. You'll get a certificate that isn't limited to 90 days, as the LE certificates are, you can get a wildcard certificate, and you'll be following the manual procedure that your existing web server software expects you to be following.
The real payoff for Let's Encrypt will come when your web server applications start expecting you to use the LE methods of obtaining security certificates. Then, the chore of maintaining certificates for secure web servers will disappear, and things will just work. That's an outcome worth waiting for, and worth working towards today.
So here's how I got Let's Encrypt working with Elastic Beanstalk for gitenberg.org.
The key thing to understand here is that before Let's Encrypt can issue me a certificate, I have to prove to them that I really control the hostname that I'm requesting a certificate for. So the Let's Encrypt client has to be given access to a "privileged" port on the host machine designated by DNS for that hostname. Typically, that means I have to have root access to the server in question.
In the future, Amazon should integrate a Let's Encrypt client with their Beanstalk Apache server software so all this is automatic, but for now we have to use the Let's Encrypt "manual mode". In manual mode, the Let's Encrypt client generates a cryptographic "challenge/response", which then needs to be served from the root directory of the gitenberg.org web server.
Even running Let's Encrypt in manual mode required some jumping through hoops. It won't run on Mac OSX. It doesn't yet support the flavor of Linux used by Elastic Beanstalk, so it does no good configuring Elastic Beanstalk to install it there. Instead I used the Let's Encrypt Docker container, which works nicely, and I ran a Docker-Machine inside "virtualbox" on my Mac.
Having configured Docker, I ran
docker run -it --rm -p 443:443 -p 80:80 --name letsencrypt \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
quay.io/letsencrypt/letsencrypt:latest -a manual -d www.gitenberg.org \
--server https://acme-v01.api.letsencrypt.org/directory auth
(the --server option requires your domain to be whitelisted during the beta period.) After paging through some screens asking for my email address and permission to log my IP address, the client responded with
Make sure your web server displays the following content at http://www.gitenberg.org/.well-known/acme-challenge/8wBDbWQIvFi2bmbBScuxg4aZcVbH9e3uNrkC4CutqVQ before continuing:
8wBDbWQIvFi2bmbBScuxg4aZcVbH9e3uNrkC4CutqVQ.hZuATXmlitRphdYPyLoUCaKbvb8a_fe3wVj35ISDR2ATo do this, I configured a virtual directory "/.well-known/acme-challenge/" in the Elastic Beanstalk console with a mapping to a "letsencrypt/" directory in my application (configuration page, software configuration section, static files section.). I then made a file named "8wBDbWQIvFi2bmbBScuxg4aZcVbH9e3uNrkC4CutqVQ" with the specified content in my letsencrypt directory, committed the change with git, and deployed the application with the elastic beanstalk command line interface. After waiting for the deployment to succeed, I checked that http://www.gitenberg.org/.well-known/acme-challenge/8wBD... responded correctly, and then hit <enter>. (Though the LE client tells you that the MIME type "text/plain" MUST be sent, elastic beanstalk sets no MIME header, which is allowed.)
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/www.gitenberg.org/fullchain.pem. Your cert will expire on 2016-02-08. To obtain a new version of the certificate in the future, simply run Let's Encrypt again....except since I was running Docker inside virtualbox on my Mac, I had to log into the docker machine and copy three files out of that directory (cert.pem, privkey.pem, and chain.pem). I put them in my local <.elasticbeanstalk> directory. (See this note for a better way to do this.)
The final step was to turn on HTTPS in elastic beanstalk. But before doing that, I had to upload the three files to my AWS Identity and Access Management Console. To do this, I needed to use the aws command line interface, configured with admin privileges. The command was
aws iam upload-server-certificate \--server-certificate-name gitenberg-le \--certificate-body file://<.elasticbeanstalk>/cert.pem \--private-key file://<.elasticbeanstalk>/privkey.pem \--certificate-chain file://<.elasticbeanstalk>/chain.pemOne more trip to the Elastic Beanstalk configuration console (network/load balancer section), and gitenberg.org was on HTTPS.
Given that my sys-admin skills are rudimentary, the fact that I was able to get Let's Encrypt to work suggests that they've done a pretty good job of making the whole process simple. However, the documentation I needed was non-existent, apparently because the LE developers want to discourage the use of manual mode. Figuring things out required a lot of error-message googling. I hope this post makes it easier for people to get involved to improve that documentation or build support for Let's Encrypt into more server platforms.
(Also, given that my sys-admin skills are rudimentary, there are probably better ways to do what I did, so beware.)
If you use web server software developed by others, NOW is the time to register a feature request. If you are contracting for software or services that include web services, NOW is the time to add a Let's Encrypt requirement into your specifications and contracts. Let's Encrypt is ready for developers today, even if it's not quite ready for rank and file IT administrators.
I was alerted to the fact that while https://www.gitenberg.org was working, https://gitenberg.org was failing authentication. So I went back and did it again, this time specifying both hostnames. I had to guess at the correct syntax. I also tested out the suggestion from the support forum to get the certificates saved in may mac's filesystem. (It's worth noting here that the community support forum is an essential and excellent resource for implementers.)
To get the multi-host certificate generated, I used the command:
docker run -it --rm -p 443:443 -p 80:80 --name letsencrypt \
-v "/Users/<my-mac-login>/letsencrypt/etc/letsencrypt:/etc/letsencrypt" \
-v "/Users/<my-mac-login>/letsencrypt/etc/letsencrypt/var/lib/letsencrypt:/var/lib/letsencrypt" \
-v "/Users/<my-mac-login>/letsencrypt/var/log/letsencrypt:/var/log/letsencrypt" \
quay.io/letsencrypt/letsencrypt:latest -a manual \
-d www.gitenberg.org -d gitenberg.org \
--server https://acme-v01.api.letsencrypt.org/directory authThis time, I had to go through the challenge/response procedure twice, once for each hostname.
With the certs saved to my filesystem, the upload to AWS was easier:aws iam upload-server-certificate \
--server-certificate-name gitenberg-both \
--certificate-body file:///Users/<my-mac-login>/letsencrypt/etc/letsencrypt/live/www.gitenberg.org/cert.pem \
--private-key file:///Users/<my-mac-login>/letsencrypt/etc/letsencrypt/live/www.gitenberg.org/privkey.pem \
--certificate-chain file:///Users/<my-mac-login>/letsencrypt/etc/letsencrypt/live/www.gitenberg.org/chain.pemAnd now, traffic on both hostnames is secure!
Resources I used:
- Deploying a Django App to Elastic Beanstalk
- Getting a Django App to Use HTTPS on Elastic Beanstalk
- HTTPS on Elastic Beanstalk
- AWS Command Line Interface
- Docker Toolbox
- Let's Encrypt Client Documentation
- About Let's Encrypt
- Automatic Certificate Management Environment (ACME)
Update 4/21/2016: When it came time for our second renewal, Paul Moss took a look at automating the process. If you're interested in doing this, read his notes.
This is a guest post by Jessica Tieman.
As part of the National Digital Stewardship Residency program, the 2015-2016 Washington, D.C. cohort will present their year-end symposium, entitled “Digital Frenemies: Closing the Gap in Born-Digital and Made-Digital Curation,” on Thursday, May 5th, 2016 at the National Library of Medicine. Since June, our colleague Nicole Contaxis has worked with NLM to create a pilot workflow for the curation, preservation and presentation of historically valuable software products developed by NLM.
Why “Digital Frenemies”? Our group has observed trends in digital stewardship that divide field expertise into “made digital” and “born digital.” We believe the landscape of the digital preservation field shouldn’t seem so divided. Rather, the future will be largely defined by the symbiotic relationships between content creation and format migration. It will depend on those endeavors where our user communities intersect rather than lead to us to focus on challenges specific to our individual areas of the field.
The symposium will showcase speakers from cultural heritage and academic institutions, who will address the relationship between digitized and born-digital material. Guest speakers will explore topics such as preserving complex software and game technologies through emulation, creating cultural digital collections through mobile public library labs, collecting and curating data and much more. Featured sessions will be presented by Jason Scott of the Archive Team; Mercè Crosas, chief data science and technology officer of the IQSS at Harvard University; and Caroline Catchpole from Culture in Transit.
The event is free but registration is required as space is limited. We encourage those interested in attending the event or following along on social media to visit our website.
Earlier this April I traveled to the Mile-High City for the Public Library Association’s biennial conference in search of all things e-content. Held at the Colorado Convention Center, PLA 2016 empowered attendees with the tools to return to their library and “Make It Extraordinary.”
As the Digital Public Library of America, DPLA is utilizing its national network of libraries and cultural heritage institutions to explore how it can help improve the state of library ebooks. We are convening community conversations with stakeholders around ebooks to move towards a national digital strategy. In Denver I was part of conversations with these library e-content leaders as they formulated a vision for an umbrella group that would organize communications, streamline efforts, and advocate for our work amongst each other and to the larger ecosystem. DPLA is proud to have a leading role in coordinating these conversations. Click here for more on getting involved.
Three of these e-content stakeholders provided an update on their work at ‘Making Progress in Digital Content’ Friday morning to a packed audience. Carolyn Anthony, Director of the Skokie Public Library (IL) and Co-Chair of ALA’s Digital Content Working Group updated on progress in pushing publishers for better licensing models (slowly improving) and overall trends (ebook market down; self-publishing up). Veronda Pitchford of the Reaching Across Illinois Library System (RAILS) laid out the problems (budgets, platform fatigue) and called for librarians to unite in telling publishers and vendors what they want. Micah May of The New York Public Library described the IMLS-funded Library E-content Access Project (LEAP), which will create a library-owned marketplace, and demoed Open eBooks, NYPL’s first iteration of their SimplyE platform. DPLA is partner on LEAP and Open eBooks and is working with the community to address the opportunities and challenges Carolyn and Veronda identified.
Through Open eBooks DPLA hopes to further highlight the issues with diversity in children’s books and use the initiative as an opportunity to bring diverse authors and content to kids. A Book Buzz session featuring the youth divisions of Little, Brown, Macmillan, Random House and Disney previewed upcoming children’s books which strongly featured diversity in characters, authors, and genres. A rousing discussion of diversity in children’s lit ensued, with publishers crediting librarians for helping to raise awareness of the issue. Issues discussed included lobbying the Book Industry Study Group to improve BISAC subject headings to better reflect diversity in metadata, and a need to push for characters that are diverse but also don’t play into stereotypes.
Stay tuned for more updates on DPLA + Ebooks!
IAL Grant Applications due by May 9
The Department of Education today issued a notice in the Federal Register clarifying that 50 percent of all Innovative Approaches to Literacy grant funds, more than $13 million, are reserved for use by school libraries. In it, the Department stated categorically that last year’s Consolidated Appropriations Act committee report directed DOE to “ensure that no less than 50 percent of IAL funds go to applications from LEAs (on behalf of school libraries)…”
Today’s notice follows up its earlier release of April 7. As noted previously in District Dispatch, all eligible applicants seeking a grant have until May 9, 2016 to submit their proposal. DOE is expected to announce its grant awards in July.
To be eligible, a school library must be considered a “high-need” Local Education Agency (LEA), meaning that at least 25 percent of its students aged 5 – 17 are from families with incomes below the poverty line (or are similarly defined by a State educational agency). A grant application must include: a program description of proposed literacy and book distribution activities; grade levels to be served or the ages of the target audience; and a description of how the program is supported by strong theory. Additional information, like timelines and results measurement methods, is also required. DOE also will consider programs that seek to integrate the use of technology tools, such as e-readers, into addressing literacy needs.
According to DOE, priority consideration for IAL funding is given to programs that include book distribution and childhood literacy development activities, and whose success can be demonstrated. Additional “points” in assessing competing grant proposals may be awarded to an application that meets additional program objectives. As detailed in the DOE’s Notice, there are many such additional goals, including distributing books to children who may lack age-appropriate books at home to read with their families.
The post DOE confirms half of IAL funds reserved for school libraries appeared first on District Dispatch.
DuraSpace News: AVAILABLE: Recording and Slides from April 21 LYRASIS and DuraSpace CEO Town Hall Meeting
Austin, TX On April 21, 2016, Robert Miller, CEO of LYRASIS and Debra Hanken Kurtz, CEO of DuraSpace presented the second in a series of online Town Hall Meetings. They reviewed how their organizations came together to investigate a merger in order to build a more robust, inclusive, and truly global community with multiple benefits for members and users. They also unveiled a draft mission statement for the merged organization.
Austin, TX The Fedora community is currently in the initial phases of drafting a standards-based application programming interface (API) specification that will result in a stable, independently-versioned Fedora RESTful API. A Fedora API specification will be a significant milestone for the project and the community enabling a concrete and common understanding of Fedora's role in an institution's infrastructure ecosystem.
It was a standing room only crowd at today’s confirmation hearing of Dr. Carla Hayden, President Obama’s nominee to serve as Librarian of Congress, with the Senate Committee on Rules and Administration. The hearing marks the first step in the Senate review process.
Three Maryland senators (one former) presented Dr. Carla Hayden to the committee. Former Senator Paul Sarbanes (and current Enoch Pratt Free Library board member) joined Dr. Hayden and Senators Barbara Mikulski and Ben Cardin at the microphone to open the hearing.
“It would be a great, great day for the nation, but a loss for Baltimore,” if Dr. Hayden were confirmed, said Senator Mikulski in her introduction to Senate colleagues. She highlighted Dr. Hayden’s ability to work with everyone from “electeds” to people in both wealthy and “hard scrabble” neighborhoods, and referenced the fact that the library stayed open in the wake of massive protests that followed Freddie Gray’s death in police custody. Senator Cardin recognized her leadership not only of the Enoch Pratt Free Library but also the Maryland State Library Resource Center, including managing technology transitions and capital improvements. “Dr. Hayden is the best qualified and will bring the respect that is needed,” Senator Cardin said.
“(Dr. Hayden) is an extraordinarily able, committed person,” said Senator Sarbanes. “The nation will be extremely well-served (by her) and I strongly urge her confirmation.”
Dr. Hayden’s testimony shared the evolution of her career, as well as changes across the profession and the Library of Congress. “As I envision the future of this venerable institution, I see it growing its stature as a leader not only in librarianship but in how people view libraries in general,” she said. “As more of its resources are readily available for everyone to view online, users will not need to be in Washington, D.C.; everyone can have a sense of ownership and pride in this national treasure.”
Committee Chair Senator Roy Blunt (R-MO) followed the Maryland senators with a recollection of his own visit to the Ferguson (MO) Public Library and an acknowledgement of the “big job” ahead for the future Librarian of Congress. The big job was made plain in questions from committee members that largely focused on the modernization of the Library’s technology infrastructure, the future of the Copyright Office, and public access to reports from the Congressional Research Service.
Throughout, though, the questions were open and respectful—even warm and encouraging—on both sides of the political aisle. During a hotly contested presidential election year, it was a welcome respite and encouraging sign for Dr. Hayden’s ultimate confirmation. You can watch a webcast of the hearing here.
The ALA also submitted to committee members yesterday a letter of support for Dr. Hayden’s nomination signed by more than 20 leading national nonprofit organizations, two dozen educational institutions (ranging from community colleges to the Big Ten and Ivy League); two dozen academic libraries from every corner of the country; more than a score of national library groups; and virtually all of the nation’s state library associations.
Stay tuned to the District Dispatch for the most current news related to the confirmation process.
The post ALA Past President Carla Hayden receives warm Senate welcome appeared first on District Dispatch.
New vacancy listings are posted weekly on Wednesday at approximately 12 noon Central Time. They appear under New This Week and under the appropriate regional listing. Postings remain on the LITA Job Site for a minimum of four weeks.
New This Week
Visit the LITA Job Site for more available jobs and for information on submitting a job posting.
One of the minor annoyances about using Emacs on Mac OS is that the PATH environment variable isn't set properly when you launch Emacs from the GUI (that is, the way we always do it). This is because the Mac OS GUI doesn't really care about the shell as a way to launch things, but if you are using brew, or other packages that install command line tools, you do.
Apple has changed the way that the PATH is set over the years, and the old environment.plist method doesn't actually work anymore, for security reasons. For the past few releases, the official way to properly set up the PATH is to use the path_helper utility program. But again, that only really works if your shell profile or rc file is run before you launch Emacs.
So, we need to put a bit of code into Emacs' site_start.el file to get things set up for us:
(when (file-executable-p "/usr/libexec/path_helper")
(let ((path (shell-command-to-string
"eval `/usr/libexec/path_helper -s`;
echo -n \"$PATH\"")))
(setenv "PATH" path)
(setq exec-path (append (parse-colon-path path)
This code runs the path_helper utility, saves the output into a string, and then uses the string to set both the PATH environment variable and the Emacs exec-path lisp variable, which Emacs uses to run subprocesses when it doesn't need to launch a shell.
If you are using the brew version of Emacs, put this code in /usr/local/share/emacs/site-lisp/site-start.el and restart Emacs.