Re: [CODE4LIB] what do you do: API accounts used by library software, that assume an individual is registered
An option is to use a password management program (KeepassX is good because it is cross platform) to store the passwords on the shared drive, although of course you need to distribute the passphrase for it around. cheers, AC On Mar 4, 2013 6:09 PM, Jonathan Rochkind rochk...@jhu.edu wrote: Makes sense, thanks! Although leaving account/password list unencrypted on a shared drive seems potentially dangerous On 3/4/2013 1:20 PM, Laura Robbins wrote: We have a shared email account that we use for these situations. As well, we have a master account/password list for all of the different accounts that get created that is in a shared network folder. That way if someone is out sick or on sabbatical, the information is available to all of our full-time librarians. Laura Pope Robbins Associate Professor/Reference Librarian Dowling College Library Phone: 631.244.5023 Fax: 631.244.3374 A mind needs books as a sword needs a whetstone, if it is to keep its edge. --Tyrion Lannister in A Game of Thrones by George R.R. Martin On Mar 4, 2013, at 11:11 AM, Jonathan Rochkind rochk...@jhu.edu wrote: Whether it's Amazon AWS, or Yahoo BOSS, or JournalTOCs, or almost anything else -- there are a variety of API's that library software wants to use, which require registering an account to use. They may or may not be free, sometimes they require a credit card attached too. Most of them assume that an individual person is creating an account, the account will be in that individual's name, with an email address, etc. This isn't quite right for a business or organization, like the library, right? What if that person leaves the organization? But all this existing software is using API keys attached to 'their' account? Or what if the person doesn't leave, but responsibilities for monitoring emails from the vendor (sent to that account) change? And even worse if there's an institutional credit card attached to that account. I am interested in hearing solutions or approaches that people have ACTUALLY tried to deal with this problem, and how well they have worked. I am NOT particularly interested in Well, you could try X or Y; I can think of a bunch of things I _could_ try myself, each with their potential strengths and weaknesses. I am interested in hearing about what people actually HAVE tried or done, and how well it has worked. Has anyone found a way to deal with this issue, other than having each API registered to an account belonging to whatever individual staff happened to be dealing with it that day? Thanks for any advice.
[CODE4LIB] NASIG 2013 Pre-Conferences
NASIG 2013 Pre-Conferences Early Bird Registration (NASIG Members only) through May 3, 2013 1/2 day pre-conference: $90 Full day pre-conference: $180 Regular Registration May 4-29, 2013 1/2 day pre-conference: $115 Full day pre-conference: $230 Wednesday, June 5, 2013, 1:00-5:00 RDA Serials: Transitioning to RDA within a MARC 21 Framework (Session 1) Les Hawkins, Coordinator of the CONSER program at the Library of Congress Hien Nguyen, CONSER Specialist at the Library of Congress Valerie Bross, ERM/Continuing Resources Cataloging, Section team leader at UCLA Over the past two years, CONSER has been develop documentation, discussing best practices, and creating RDA bridge training. This workshop provides a basic overview of RDA instructions for serials and is aimed at experienced AACR2 catalogers making the transition to RDA. The session incorporates hands on exercises with examples from actual MARC 21 records and updates on PCC RDA implementation as appropriate Library as Publisher Timothy S. Deliyannides, Director, Office of Scholarly Communication and Publishing and Head, Information Technology, University of Pittsburgh Academic libraries are increasingly investing in new efforts to support their research and teaching faculty in the activities they care about most. Learn why becoming a publisher can help meet the most fundamental needs of your research community and at the same time can help transform todays inflationary cost model for serials. We will explore not only why to become a publisher but exactly how to achieve it, step by step, including careful selection of publishing partners, choosing the right platform for manuscript submission and editorial workflow management, one-time processes to launch a new journal, conducting peer reviews, maintaining academic quality, and measuring impact. Well also cover the broader range of publishing activities where libraries can have an impact, including open access monographs, general institutional repositories and subject-based author self-archiving repositories. We will close with a review of tools, services, and communities of support to nurture the new library publishing venture. Thursday, June 6, 2013, 8:00-12:00 Copyright in Practice: A Participatory Workshop Kevin Smith, Scholarly Communications Officer, Duke University Copyright presentations often focus on the rules without sufficient attention to practical decision-making. Yet because application of the law so often depends on specific facts and circumstances, this approach can leave a big gap for actual library practice. This workshop will focus on situations and how to make specific decisions; discussion of the rules and principles of copyright law will, it is hoped, emerge from those applications. Although common situations will be discussed in order to provide a comprehensive look at copyright decision making, participants are encourage to bring real-life problems for the group to consider and discuss. RDA Serials: Transitioning to RDA within a MARC 21 Framework (Session 2) Les Hawkins, Coordinator of the CONSER program at the Library of Congress Hien Nguyen, CONSER Specialist at the Library of Congress Valerie Bross, ERM/Continuing Resources Cataloging, Section team leader at UCLA Over the past two years, CONSER has been develop documentation, discussing best practices, and creating RDA bridge training. This workshop provides a basic overview of RDA instructions for serials and is aimed at experienced AACR2 catalogers making the transition to RDA. The session incorporates hands on exercises with examples from actual MARC 21 records and updates on PCC RDA implementation as appropriate. Complete conference schedule available online: http://nasig2013.sched.org/
Re: [CODE4LIB] what do you do: API accounts used by library software, that assume an individual is registered
On Mon, Mar 4, 2013 at 3:05 PM, Jonathan Rochkind rochk...@jhu.edu wrote: Makes sense, thanks! Although leaving account/password list unencrypted on a shared drive seems potentially dangerous... Just make sure the file they're stored in is named something like Meeting minutes for [insert name of most boring and dreaded committee at your local institution]. If it makes you feel safer, put the data in the middle of some _real_ meeting minutes... ;) Realistically speaking, unless you really have things locked down tight (in which case it's hard as heck to collaborate which makes everyone take their real work to dropbox and google as well as short circuit whatever security is in place), anyone who has access to your drives has so much access to sensitive data as well as the capability for whatever mischief that there are few institutional accounts that would really give them the ability to do much more than they already can. kyle
Re: [CODE4LIB] what do you do: API accounts used by library software, that assume an individual is registered
Actually, it's better to label confidential information with as big a CONFIDENTIAL notice as possible. This helps to prevent people inadvertently passing the file on. If you consistently label and sort aside your confidential information to keep it out of most systems, even out of your own hard drive, then you don't need to worry about security for the system generally, and it will be much easier to identify later when confidential information has been exposed. I have access to some student information through my job, and I don't post those files anywhere. As I go along, I notice what's confidential, and decide to either store it apart from other files or to delete it after using it for the task at hand. If I keep it, I put it in a separate area of my computer, instead of with the project file that I got the information in connection with. That way, if I have to copy project documentation for someone, I don't share anything that I couldn't share with the world. And just to be clear, passwords aren't necessarily confidential. I only care about those, if the password would give someone access to something they could mess up (ie. the database name and password for a public facing website run by the library) or to confidential information (for me, in a university, any information about students, but not much else). I have many passwords posted on a Drupal intranet, because they are passwords for tools that don't give access to other systems, so there isn't much someone could do with them. For example, a password to get to a generic library Google account that has viewing permissions to Google Analytics, but not administrator permissions, isn't confidential. I don't post it everywhere, but I don't worry about keeping it secret. -Wilhelmina Randtke On Tue, Mar 5, 2013 at 10:53 AM, Kyle Banerjee kyle.baner...@gmail.comwrote: On Mon, Mar 4, 2013 at 3:05 PM, Jonathan Rochkind rochk...@jhu.edu wrote: Makes sense, thanks! Although leaving account/password list unencrypted on a shared drive seems potentially dangerous... Just make sure the file they're stored in is named something like Meeting minutes for [insert name of most boring and dreaded committee at your local institution]. If it makes you feel safer, put the data in the middle of some _real_ meeting minutes... ;) Realistically speaking, unless you really have things locked down tight (in which case it's hard as heck to collaborate which makes everyone take their real work to dropbox and google as well as short circuit whatever security is in place), anyone who has access to your drives has so much access to sensitive data as well as the capability for whatever mischief that there are few institutional accounts that would really give them the ability to do much more than they already can. kyle
Re: [CODE4LIB] XML Parsing and Python
Mike, I haven't used minidom extensively but my guess is that doc.toprettyxml(indent= ,encoding=utf-8) isn't actually changing the encoding because it can't parse the string in your content variable. I'm surprised that you're not getting tossed a UnicodeError, but The docs for Node.toxml() [1] might shed some light: To avoid UnicodeError exceptions in case of unrepresentable text data, the encoding argument should be specified as “utf-8”. So what happens if you're not explicit about the encoding, i.e. just doc.toprettyxml()? This would hopefully at least move your exception to a more appropriate place. In any case, one solution would be to scrub the string in your content variable to get rid of the invalid characters (hopefully they're insignificant). Maybe something like this: def unicode_filter(char): try: unicode(char, encoding='utf-8', errors='strict') return char except UnicodeDecodeError: return '' content = 'abc\xFF' content = ''.join(map(unicode_filter, content)) print content Not really my area of expertise, but maybe worth a shot -Jon 1. http://docs.python.org/2/library/xml.dom.minidom.html#xml.dom.minidom.Node.toxml -- Jon Stroop Digital Initiatives Programmer/Analyst Princeton University Library jstr...@princeton.edu On 03/04/2013 03:00 PM, Michael Beccaria wrote: I'm working on a project that takes the ocr data found in a pdf and places it in a custom xml file. I use Python scripts to create the xml file. Something like this (trimmed down a bit): from xml.dom.minidom import Document doc = Document() Page = doc.createElement(Page) doc.appendChild(Page) f = StringIO(txt) lines = f.readlines() for line in lines: word = doc.createElement(String) ... word.setAttribute(CONTENT,content) Page.appendChild(word) return doc.toprettyxml(indent= ,encoding=utf-8) This creates a file, simply, that looks like this: ?xml version=1.0 encoding=utf-8? Page HEIGHT=3296 WIDTH=2609 String CONTENT=BuffaloLaunch / String CONTENT=Club / String CONTENT=Offices / String CONTENT=Installed / ... /Page I am able to get this document to be created ok and saved to an xml file. The problem occurs when I try and have it read using the lxml library: from lxml import etree doc = etree.parse(filename) I am running across errors like XMLSyntaxError: Char 0x out of allowed range, line 94, column 19. Which when I look at the file, is true. There is a 0X character in the content field. How is a file able to be created using minidom (which I assume would create a valid xml file) and then failing when parsing with lxml? What should I do to fix this on the encoding side so that errors don't show up on the parsing side? Thanks, Mike How is the Mike Beccaria Systems Librarian Head of Digital Initiative Paul Smith's College 518.327.6376 mbecca...@paulsmiths.edu Become a friend of Paul Smith's Library on Facebook today!
[CODE4LIB] password lockboxes (was: what do you do: API accounts used by library software, that assume an individual is registered)
On Mar 5, 2013, at 8:29 AM, Adam Constabaris wrote: An option is to use a password management program (KeepassX is good because it is cross platform) to store the passwords on the shared drive, although of course you need to distribute the passphrase for it around. So years ago, when I worked for a university, they wanted us to put all of the root passwords into an envelope, and give them to management to hold. (we were a Solaris shop, so there actually were root passwords on the boxes, but you had to connect from the console or su to be able to use 'em). We managed to drag our heels on it, and management forgot about it*, but I had an idea ... What if there were a way to store the passwords similar to the secret formula in Knight Rider? Yes, I know, it's an obscure geeky reference, and probably dates me. The story went that the secret bullet-proof spray on coating wasn't held by any one person; there were three people who each knew part of the formula, and that any two of them had enough knowledge to make it. For needing 2 of 3 people, the process is simple -- divide it up into 3 parts, and each person has a different missing bit. This doesn't work for 4 people, though (either needing 2 people, or 3 people to complete it). You could probably do it for two or three classes of people (eg, you need 1 sysadmin + 1 manager to unlock it), but I'm not sure if there's some method to get an arbitrary X of Y people required to unlock. If anyone has ideas, send 'em to be off-list. (If other people want the answer, I can aggregate / summarize the results, so I don't end up starting yet another inappropriate out-of-control thread) ... Oh, and I was assuming that you'd be using PGP, using the public key to encrypt the passwords, so that anyone could insert / update a password into whatever drop box you had; it'd only be taking stuff out that would require multiple people to combine efforts. -Joe * or at least, they didn't bring it up again while I was still employed there.
[CODE4LIB] Job posting: Digital Library Services Coordinator, Gainesville FL
Florida Virtual Campus - Gainesville branch, is looking for a new Digital Library Services Coordinator. ** To apply please fill out an online application here: https://jobs.ufl.edu/postings/37765 ** The Gainesville office of FLVC provides state-of-the-art, cost-effective information technology to assist the libraries of the public universities of Florida in their support of teaching, learning, research and public service. Specifically, we implement and centrally support high quality computer systems that help the libraries acquire, manage and provide access to information resources. We provide software to enhance access to information for students and faculty, increase the productivity of library staff, improve inter-library sharing, and preserve digital materials for future use. Through planning with the university libraries, we ensure that these services are integral to the University libraries' ability to carry out their own missions in support of teaching, research and service. This position will be part of the Digital Services workgroup, which helps the libraries of the public colleges and universities of Florida create, manage, maintain and preserve digital information resources. The incumbent will provide support for one or more of the following: digital special collections and archives, electronic theses and dissertations (ETDs), archival finding aids (EADs), electronic journals, and/or other born-digital and retrospectively digitized materials. S/he will work with commercial, open source, and locally-developed content management applications such as DigiTool, Archon, the Open Journal System (OJS), OAI data and service providers, Fedora, Islandora and Drupal. The incumbent will develop and provide expertise to FLVC and library staff in one or more specialty areas as required; examples of these areas include resource description (cataloging and metadata), audio and video formats, archives and records management, and scholarly communications. Duties are as follows: 1. Take primary responsibility for supporting one or more production applications, and provide back up to the primary support person for one or more additional applications. Support includes but is not limited to: running and/or monitoring production operations; performing quality control; producing statistics and reports; responding to tickets; communicating with the vendor or open source community to resolve problems; and providing web-based and on-site training and training materials for library staff. 2. Contribute to the general design and operation of applications and services to enhance the digital capabilities of the libraries. Perform requirements analysis for new modules, processes and workflows. Draft specifications for data, data conversions, user interfaces and/or application programs, and work with programmers to develop, test and implement them. 3. Participate on state-wide committees, working groups and task forces of staff concerned with the creation, description and/or management of digital resources. 4. Keep abreast of regional and national trends and initiatives related to with technology for digital library services to students and faculty. To the extent possible, given limitations of time and funding, contribute to the profession and to your own professional development by participating in regional and national initiatives through meeting attendance, committee appointments, and other means of involvement. 5. Performs work in support of business processes and projects. Performs time-sensitive tasks and meets established deadlines; maintains effective communications with appropriate FLVC staff; maintains effective working relationships to ensure the success of the business processes and projects. 6. Other duties as assigned. Minimum Requirements: • Master’s degree in an appropriate area of specialization; or a bachelor’s degree an appropriate area of specialization and two years of appropriate experience. Preferred Qualifications: • Master’s degree in library and/or information science from an ALA-accredited program strongly preferred • Working knowledge of MARCXML, Dublin Core, MODS, EAD and/or METS standards • Working knowledge of XML technologies, Unix/Linux, and relational database management systems; • Excellent oral and written communications skills in English • Demonstrated analytic ability, creativity, energy and enthusiasm. • Two or more years of experience in an academic library environment. • Direct experience with digital initiatives (digitization projects, digital content management systems and/or Web-based delivery of digital objects). • Background in special collections, archives and/or cataloging; programming or Web development experience. • Teaching or training experience. Note: Successful candidates for this classification will routinely possess qualifications higher than the minimum qualifications Minimum starting salary between $35,000 to $45,000 (Commensurate with qualifications and
Re: [CODE4LIB] XML Parsing and Python
I'll note that 0x is a UTF-8 non-character, and these noncharacters should never be included in text interchange between implementations. [1] I assume the OCR engine maybe using 0x when it can't recognize a character? So, it's not wrong for a parser to complain (or, not complain) about 0x, and you can just scrub the string like Jon suggests. Chris [1] http://en.wikipedia.org/wiki/Mapping_of_Unicode_characters#Noncharacters On 5 Mar, 2013, at 9:16 , Jon Stroop jstr...@princeton.edu wrote: Mike, I haven't used minidom extensively but my guess is that doc.toprettyxml(indent= ,encoding=utf-8) isn't actually changing the encoding because it can't parse the string in your content variable. I'm surprised that you're not getting tossed a UnicodeError, but The docs for Node.toxml() [1] might shed some light: To avoid UnicodeError exceptions in case of unrepresentable text data, the encoding argument should be specified as “utf-8”. So what happens if you're not explicit about the encoding, i.e. just doc.toprettyxml()? This would hopefully at least move your exception to a more appropriate place. In any case, one solution would be to scrub the string in your content variable to get rid of the invalid characters (hopefully they're insignificant). Maybe something like this: def unicode_filter(char): try: unicode(char, encoding='utf-8', errors='strict') return char except UnicodeDecodeError: return '' content = 'abc\xFF' content = ''.join(map(unicode_filter, content)) print content Not really my area of expertise, but maybe worth a shot -Jon 1. http://docs.python.org/2/library/xml.dom.minidom.html#xml.dom.minidom.Node.toxml -- Jon Stroop Digital Initiatives Programmer/Analyst Princeton University Library jstr...@princeton.edu On 03/04/2013 03:00 PM, Michael Beccaria wrote: I'm working on a project that takes the ocr data found in a pdf and places it in a custom xml file. I use Python scripts to create the xml file. Something like this (trimmed down a bit): from xml.dom.minidom import Document doc = Document() Page = doc.createElement(Page) doc.appendChild(Page) f = StringIO(txt) lines = f.readlines() for line in lines: word = doc.createElement(String) ... word.setAttribute(CONTENT,content) Page.appendChild(word) return doc.toprettyxml(indent= ,encoding=utf-8) This creates a file, simply, that looks like this: ?xml version=1.0 encoding=utf-8? Page HEIGHT=3296 WIDTH=2609 String CONTENT=BuffaloLaunch / String CONTENT=Club / String CONTENT=Offices / String CONTENT=Installed / ... /Page I am able to get this document to be created ok and saved to an xml file. The problem occurs when I try and have it read using the lxml library: from lxml import etree doc = etree.parse(filename) I am running across errors like XMLSyntaxError: Char 0x out of allowed range, line 94, column 19. Which when I look at the file, is true. There is a 0X character in the content field. How is a file able to be created using minidom (which I assume would create a valid xml file) and then failing when parsing with lxml? What should I do to fix this on the encoding side so that errors don't show up on the parsing side? Thanks, Mike How is the Mike Beccaria Systems Librarian Head of Digital Initiative Paul Smith's College 518.327.6376 mbecca...@paulsmiths.edu Become a friend of Paul Smith's Library on Facebook today!
[CODE4LIB] Job: IS Programmer Analyst at San Francisco Public Library
POSITION DESCRIPTION: Under general direction, designs and develops new functionality to meet the needs of virtual library users. Maintains and updates PHP code for the library's content Management system (CMS) by analyzing problems and fixing issues as they emerge; designs and develops JavaScript code and oversee its use by other staff; designs and develops HTML templates and style sheets according to the Library's accessibility policies, W3C guidelines, oversees their use by other staff; works with usability studies of SFPL websites and implements recommendations under the direction of the Digital Initiatives Manager of the Web Services Unit; works closely with IT to help implement web integration of integrated Library System (ILS) upgrades and web based Online Public Access Catalog (OPAC), version changes, trouble-shooting and other system implementations; designs and implements inclusion of audio and video components into our internal and external web presences; seeks out and evaluates appropriate web technologies and makes recommendations for adoption and/or purchase of specialized and web-related tools; contributes to web traffic analysis development for decision-making and statistical reporting; develops and implements Security and Permissions aspects of Content Management System and related databases; contributes to documentation to inform staff users of virtual library technologies and performs related duties and responsibilities, as assigned. MINIMUM QUALIFICATIONS 1. Possession of a Baccalaureate degree from an accredited college or university, preferably with major coursework in computer science, information systems or closely related field; AND 2. Two (2) years of verifiable work experience in programming languages and platforms including HTML and Cascading Style Sheets (CSS); designing databases; and developing data based web applications using MySQL and Microsoft technologies.; AND 3. One (1) year of recent journey level experience working in an Integrated Library System (ILS). SUBSTITUTION: Additional qualifying work experience as described in #2 may be substituted for the required education on a year-for-year basis. Note: One year (2000 hours) of additional qualifying work experience will be considered equivalent to 30 semester units/45 quarter units. (2000 hours of qualifying work experience is based on a 40 hours work week.) DESIRABLE QUALIFICATIONS: The stated desirable qualifications may be used to identify job finalists at the end of the selection process when candidates are referred for hiring. Knowledge of Programming languages and platforms including PHP, JavaScript, SQL (stored procedures, Triggers, VBS scripting), ASP.Net, C#, VisualBasic, ColdFusion, HTML, CSS Ability to work independently and collaboratively in a team environment Brought to you by code4lib jobs: http://jobs.code4lib.org/job/6631/
[CODE4LIB] RDA software for managing authorities
I'm looking for recommendations for software for managing authorities. Currently we're using a somewhat antiquated version of EATS https://code.google.com/p/eats/ but we're looking for something different. Our needs / wants are: (*) Sane import/export to RDA (leaning towards RDA native) (*) Sane import from legacy formats (*) Sane export to sundry RDF formats + legacy formats (*) Web based (*) Out of the box rather than highly customised software (*) Good support for bi-lingual / multi-lingual entries (*) Ability to host multiple entirely separate authorities groups with separate policies and practises. (*) Explicit support for VIAF / wikidata / LoC It occurs to me that conceivably the best software for the job is actually an LMS with all the item-level stuff suppressed in favour work-level and authority records, in which case the question becomes is there a RDA-based LMS that can be customised to remove all the item-level stuff? cheers stuart -- Stuart Yeates Library Technology Services http://www.victoria.ac.nz/library/
Re: [CODE4LIB] password lockboxes
There are cryptographic algorithms that can do that. It seems like overkill for departmental root passwords though. On 3/5/2013 1:35 PM, Joe Hourcle wrote: On Mar 5, 2013, at 8:29 AM, Adam Constabaris wrote: An option is to use a password management program (KeepassX is good because it is cross platform) to store the passwords on the shared drive, although of course you need to distribute the passphrase for it around. So years ago, when I worked for a university, they wanted us to put all of the root passwords into an envelope, and give them to management to hold. (we were a Solaris shop, so there actually were root passwords on the boxes, but you had to connect from the console or su to be able to use 'em). We managed to drag our heels on it, and management forgot about it*, but I had an idea ... What if there were a way to store the passwords similar to the secret formula in Knight Rider? Yes, I know, it's an obscure geeky reference, and probably dates me. The story went that the secret bullet-proof spray on coating wasn't held by any one person; there were three people who each knew part of the formula, and that any two of them had enough knowledge to make it. For needing 2 of 3 people, the process is simple -- divide it up into 3 parts, and each person has a different missing bit. This doesn't work for 4 people, though (either needing 2 people, or 3 people to complete it). You could probably do it for two or three classes of people (eg, you need 1 sysadmin + 1 manager to unlock it), but I'm not sure if there's some method to get an arbitrary X of Y people required to unlock. If anyone has ideas, send 'em to be off-list. (If other people want the answer, I can aggregate / summarize the results, so I don't end up starting yet another inappropriate out-of-control thread) ... Oh, and I was assuming that you'd be using PGP, using the public key to encrypt the passwords, so that anyone could insert / update a password into whatever drop box you had; it'd only be taking stuff out that would require multiple people to combine efforts. -Joe * or at least, they didn't bring it up again while I was still employed there.
Re: [CODE4LIB] password lockboxes (was: what do you do: API accounts used by library software, that assume an individual is registered)
There are several known algorithms for Secret Sharing - see http://en.wikipedia.org/wiki/Secret_sharing Simon On Tue, Mar 5, 2013 at 1:35 PM, Joe Hourcle onei...@grace.nascom.nasa.govwrote: On Mar 5, 2013, at 8:29 AM, Adam Constabaris wrote: An option is to use a password management program (KeepassX is good because it is cross platform) to store the passwords on the shared drive, although of course you need to distribute the passphrase for it around. So years ago, when I worked for a university, they wanted us to put all of the root passwords into an envelope, and give them to management to hold. (we were a Solaris shop, so there actually were root passwords on the boxes, but you had to connect from the console or su to be able to use 'em). We managed to drag our heels on it, and management forgot about it*, but I had an idea ... What if there were a way to store the passwords similar to the secret formula in Knight Rider? Yes, I know, it's an obscure geeky reference, and probably dates me. The story went that the secret bullet-proof spray on coating wasn't held by any one person; there were three people who each knew part of the formula, and that any two of them had enough knowledge to make it. For needing 2 of 3 people, the process is simple -- divide it up into 3 parts, and each person has a different missing bit. This doesn't work for 4 people, though (either needing 2 people, or 3 people to complete it). You could probably do it for two or three classes of people (eg, you need 1 sysadmin + 1 manager to unlock it), but I'm not sure if there's some method to get an arbitrary X of Y people required to unlock. If anyone has ideas, send 'em to be off-list. (If other people want the answer, I can aggregate / summarize the results, so I don't end up starting yet another inappropriate out-of-control thread) ... Oh, and I was assuming that you'd be using PGP, using the public key to encrypt the passwords, so that anyone could insert / update a password into whatever drop box you had; it'd only be taking stuff out that would require multiple people to combine efforts. -Joe * or at least, they didn't bring it up again while I was still employed there.
Re: [CODE4LIB] password lockboxes (was: what do you do: API accounts used by library software, that assume an individual is registered)
Last year, I ran across this password manager at http://codecanyon.net/item/password-manager/2145518 but I haven't gotten around to try to install it yet. Regards, Alisak. Alisak Sanavongsay Digital Assets Programmer http://library.ucmerced.edu 209.201.9073 asanavong...@ucmerced.edu On Mar 5, 2013, at 10:35 AM, Joe Hourcle onei...@grace.nascom.nasa.gov wrote: On Mar 5, 2013, at 8:29 AM, Adam Constabaris wrote: An option is to use a password management program (KeepassX is good because it is cross platform) to store the passwords on the shared drive, although of course you need to distribute the passphrase for it around. So years ago, when I worked for a university, they wanted us to put all of the root passwords into an envelope, and give them to management to hold. (we were a Solaris shop, so there actually were root passwords on the boxes, but you had to connect from the console or su to be able to use 'em). We managed to drag our heels on it, and management forgot about it*, but I had an idea ... What if there were a way to store the passwords similar to the secret formula in Knight Rider? Yes, I know, it's an obscure geeky reference, and probably dates me. The story went that the secret bullet-proof spray on coating wasn't held by any one person; there were three people who each knew part of the formula, and that any two of them had enough knowledge to make it. For needing 2 of 3 people, the process is simple -- divide it up into 3 parts, and each person has a different missing bit. This doesn't work for 4 people, though (either needing 2 people, or 3 people to complete it). You could probably do it for two or three classes of people (eg, you need 1 sysadmin + 1 manager to unlock it), but I'm not sure if there's some method to get an arbitrary X of Y people required to unlock. If anyone has ideas, send 'em to be off-list. (If other people want the answer, I can aggregate / summarize the results, so I don't end up starting yet another inappropriate out-of-control thread) ... Oh, and I was assuming that you'd be using PGP, using the public key to encrypt the passwords, so that anyone could insert / update a password into whatever drop box you had; it'd only be taking stuff out that would require multiple people to combine efforts. -Joe * or at least, they didn't bring it up again while I was still employed there.