Re: [CODE4LIB] Encrypting EZProxy + SIP2 authentication
Jane Sandberg wrote: > Am I missing some simpler option? Our EZProxy is running on a Windows > machine, by the way, and we use Evergreen as our ILS. I'd love any > advice or suggestions that you seasoned EZProxy experts can share. Set up a VPN between the two? OpenVPN should run on both. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Serious vulnerability in OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Francis Kayiwa wrote: > If you patched already that's cool, if not you should be asking > yourself why you aren't using SSL? -oh wait. As you were. ;-) GnuTLS is another suite for doing https and so on, but AFAIK didn't suffer from this bug because it was an implementation bug rather than a general design flaw. Hope that informs, - -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBCAAGBQJTS9QYAAoJELJrzKUj/txjqdoP/1mfclQN7uZgs4aQWS5FZ197 6W93lFuwi15nNkPPopx/5l9m4Cpo+scPDhf0N0L0rKHeiggoHKy4mXUs+TIFoW1S SoX8sPsCPRwTpozbJhk98iCXCGZZGd7vJnkZcNce0DeodfP7p/mYTwt79HmwD9co pFvHhcn/PN/ecIcdEXBRC8SVPMJNpF3srD2AZvX74jKEo+LuekSWV4wUaAZhHmo6 l6/Ll7htRZoQ9wT/ZeAlzBLGd9wQm+tLbweubLR5DPDZ9xFCbmlZ4JOjRddY2WbC ppfosIP8BCuTg1ff/K6llez2S4PZ7aO5RMsg/Cb8WEp749VTY2eUmI1vzWAjCK7t 7dVu25oL/uUZxX/uuWqfho7XYfisPgnKW3lvV8SkyzRRsaQkSUGs8IFUqmsE55wA zJNOYewXzlbLkDY7uhvnIbSVtqqOhtpMmOUk8V7PWhkPWQ09lupVBJxEBqYL687t OpJ8x+4ga/uyQFKmSVlpp4GtmfcylfNr3aomxjG1iksotkeczHr3M0x9v9UxaXsj YrrWikkeUWWKHwhs42ZF2a0FbdvM1d1fDmqvDsPuMGsSgeNw9iz+BAJsPqNMpfcF RUIf4Vu/Hcj7c80j1+HRJ/zZkztGV6uXNpApQ4DoEiujjLArg1kAFtoKzKeX5BDi rJ6bcLBMxqirYOKH9ETE =Edt0 -END PGP SIGNATURE-
Re: [CODE4LIB] phone app for barcode-to-textfile?
Ian Walls > Android has Barcode Scanner, which can do both scan to text, as well as send > to custom URL (if you've got a RESTful kinda setup you want to GET to). I'd second that (it's the ZXing one) but note that 1D barcodes need a phone with a decent autofocus camera, else only QR and Data Matrix codes can be scanned. Personally, I also find it needs good light and good contrast - barcodes on off-white newspapers are very difficult to scan. There's a different scanner system in pic2shop which copes better with slow/fixed focus and low-res cameras, but I've not seen it available without the auto-search-for-products bit and I don't think it's FOSS. Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] GitHub Myths (was thanks and poetry)
Shaun Ellis > If you read my email, I don't tell anyone what to use, but simply > attempt to clear up some fallacies. Distributed version control is new > to many, and I want to make sure that folks are getting accurate > information from this list. As would I. I don't think spreading misinformation about the products of GitHub, Inc, is helping people to get accurate information. > Unfortunately, this statement is not accurate either: > > // There's a sneaky lock-in effect of having one open tool (git hosting) > which is fairly easy to move in and out and interoperate with, linked to > other closed tools (such as their issues tracker and their non-git pull > requests system) which are harder to move out or interoperate. // Nothing written below points out any inaccuracy. > GitHub's API allows you to easily export issues if you want to move them > somewhere else: http://developer.github.com/v3/issues/ So what's the equivalent command to "git clone " to do that, then? I put harder, not impossible. You try putting the sausagemeat you get from that API into any other issue tracker. Also, that API is only available to registered users and it's unique as far as I've seen. > Pull-requests are used by repository hosting platforms to make it easier > to suggest patches. GitHub and BitBucket both use the pattern, Well, the pattern comes from the git request-pull tool. GitHub just disconnects it from that. > and I don't understand what you mean by it being a "closed tool". > If you're concerned about "barriers to entry", suggesting a patch > using only git or mercurial can be done, but I wouldn't say it's > easy. git send-email and git request-pull are both pretty easy, aren't they? and what Erik said about open/closed. > ... and what Devon said. Which was "If you're not willing to provide even your name to make use of a free service, then I dare say you are erecting your own barriers." I'm willing to provide my name. I'm not willing to provide my full legal name to them. They have no need for my full legal name. Even if they want to come after me legally, the legal system will either accept my common alias or convert it for them (I have to tell it both, for that reason). Hope that explains, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Full Legal Names on the Web, was GitHub Myths (was thanks and poetry)
Michael Schofield > [...] This split topic I'd like to see maybe in another thread is > about giving full legal names to web services. If anyone watched the > PS4 reveal last night, you might have noticed that PS4 is giving up > gamertags (read: aliases) for full names to easily integrate with > other social platforms. [...] Anyone know how they're going to handle namespace collisions, and the various sexual and racial harrassment that will happen in some games once you can make assumptions about people from their full names? Hopefully, they only need be names and not legal full names. This might amuse some of you: I'm not even the first (or in the first ten) calling themselves "MJ Ray" on one popular web service - the ones before me are a diverse bunch, too; and I namespace-collided with myself at least twice while I was both staff for different departments and a student at an expanding university - the user database required full names and required them to be unique... oops! I don't think that's the case any longer... ;-) Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] GitHub Myths (was thanks and poetry)
Shaun Ellis > * Myth #1 : GitHub creates a barrier to entry. That's a fact, not a myth. Myself, I won't give GitHub my full legal name and I suspect there are others who won't. So, we're not welcome there and if we lie to register, all our work would be subject to deletion at an arbitrary future point. There's a couple of other things in the terms which aren't simple, too. [...] > * Myth #4 : GitHub is monopolizing open source software development. > > "... to its unfortunate centralizing of so much free/open > > source software on one platform.)" > > Convergence is not always a bad thing. GitHub provides a great, free > service with lots of helpful collaboration tools beyond version control. > It's natural that people would flock there, despite having lots of > other options. Whether or not it's a deliberate monopolising attempt, I don't think that's the full reason. It's not only natural effect. There's a sneaky lock-in effect of having one open tool (git hosting) which is fairly easy to move in and out and interoperate with, linked to other closed tools (such as their issues tracker and their non-git pull requests system) which are harder to move out or interoperate. Use github if you like. Just don't expect everyone to do so. Hope that explains, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Editing Code4lib Wiki
Kyle Banerjee > On Mon, Feb 11, 2013 at 1:02 PM, MJ Ray wrote: > > It would also be very nice to replace the reCaptcha with something > > that allowed people who can't pass audio-visual tests to take part! > > I've always wondered what percentage of the population has trouble with > reCaptcha challenges. I know I do. The last test I saw that I thought was good enough was back in 2008 or so by c|net and found that 10% failed the eyetests and 40% failed the hearing tests. Of course, both of those have become more complicated since then, in order to keep ahead of automated recognition software. I'd love to know if anyone has seen more recent findings, but I'd really love it if the code4lib wiki could drop it. Hope that informs, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Editing Code4lib Wiki
Alisak Sanavongsay > Also, I think it would be better to turn email confirmation back on > before the spam bots discover this. It would also be very nice to replace the reCaptcha with something that allowed people who can't pass audio-visual tests to take part! Another library mediawiki site manages OK with email confirmation and humans reviewing account signups (looking for sensible biographies, mostly) - could code4lib? Thanks, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] On-the-fly Closed Captioning
Joe Hourcle > If you watch most news programs these days, they seem to use some > sort of automatic closed captioning, as it's just awful. [...] They're done by having someone speaking into a voice-recognition system tuned to their voice while they're watching and listening to the broadcast. A sort of simultaneous interpreting but to/from almost the same language. Read more about it at http://m.guardian.co.uk/theguardian/2011/jan/16/pigs-love-to-eat-willies by "World's sexiest deaf guy" http://charlieswinbourne.com/ Hope that informs, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Group Decision Making (was Zoia)
Shaun Ellis > I suggest there is a set time period to submit objections as GitHub > issues and resolve them before we vote. Whatever issues can't get > resolved end up in a branch/fork. In the end, we vote on each of the > forks, or "no policy at all". > > Does that sound reasonable? No - for a whole shedload of reasons, but I'll just mention one: GitHub demands everyone's full legal name, which some minority members just won't be comfortable with giving. For example, if they are opposing some aspect of the policy or may risk their livelihood (does the US military still do Don't-Ask-Don't-Tell?). I'd also like to suggest Crowd-Wise http://www.neweconomics.org/projects/crowd-wise as a possible way to vote on such things without a majority dismissing a minority almost every single time. A quick summary: gather all ideas (including option 0 (do nothing) if possible), carry out a de Borda (preference) voting round 1, merge/amend/consolidate ideas to try to get consensus or at least an overwhelming majority, then voting round 2 if needed. Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Anybody using the Open Library APIs?
David Fiander > looking at the Open Library APIs. > > The documentation for the APIs is weak, and it looks like it hasn't been > updated for a while. Has anybody used them much, or know what the state of > ongoing development of them is? I think they're used by Koha but I don't remember much more than that - maybe it's enough of a pointer for someone to find the related code and use it as an example. Manual entry: http://manual.koha-community.org/3.10/en/administration.html#OpenLibraryPrefs Koha is at http://koha-community.org Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] T-Shirt voting is now open!
Ross Singer > On Jan 7, 2013, at 7:25 AM, MJ Ray wrote: > > It should at least mention that (fortunately, my organisation lets me > > enable javascript for specific sites) and ideally it should be allowed > > to vote without it, because some libraries are really locked down. > > I am skeptical of this claim. > > In 2013, if organizations are disabling javascript, tremendous parts > of the web are broken for them. Why? In 2013, there are still libraries without internet access for security reasons. Of course, when it gets that drastic, it's beyond help for vote.code4lib, but there are also many libraries using heavily filtered connections. That includes shared-whitelist-based permission systems, so they may allow (say) LinkedIn to work, but I doubt they will have heard of code4lib, let alone added it to their institutional whitelist. I suspect I might have seen/heard of a disproportionate number of locked-down sites, as FOSS LMS like Koha can run stand-alone, without phoning home or license management authorisations, and its internals can be reviewed. I used to try ranting against them, but really, the number of browser exploits that didn't work if javascript was disabled makes it a tough call. And on phones, it often becomes a whole-system exploit, like in http://www.phonedog.com/2010/11/29/android-browser-falls-victim-to-javascript-based-exploit/ http://crackberry.com/rim-advises-disablng-javascript-your-blackberry-browser-after-exploit-discovered and others. https://www.symantec.com/security_response/writeup.jsp?docid=2008-011517-3725-99&tabid=2 says, "Users may also consider using tools that block JavaScript from sites not on a whitelist" and I feel that's the best approach now, if you can. NoScript.net for Firefox-based browsers, perhaps. Finally, a lot of bigger websites do actually have versions which don't require javascript, such as Twitter and Facebook - and they provide them despite the drawbacks of not being able to invade their users' privacy like they can with script. Actually, one small problem in asking people to switch to FOSS alternatives like StatusNet and Diaspora is that they don't have non-js versions yet. > That said, the diebold-o-tron is FLOSS > (http://code.google.com/p/conferencekeeper/source/checkout - > currently running from the 'diebold' branch), so patches welcome if > you have the inclination to submit a non-js dependent version. I've made a note of it and added it to our community TODO, but I've not used Ruby on Rails for years so I may be some time. How often are votes / when's the next likely vote? Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] T-Shirt voting is now open!
dre wrote: > There's a sign-in button at the upper right of the voting page. This uses > your code4lib.org username and password (not your wiki user/pass). > > Once you're logged in you should see the voting options. Thanks for the email. Now I've got a code4lib.org username, I tried to log in. I had to enable javascript to get the vote site to work at all. It should at least mention that (fortunately, my organisation lets me enable javascript for specific sites) and ideally it should be allowed to vote without it, because some libraries are really locked down. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] T-Shirt voting is now open!
Tom Keays > Link is broken in my email program, so here it is again, further corrected. > > http://vote.code4lib.org/election/25 I don't see how to vote. There's a "Show all descriptions" button that does nothing when clicked and 7 links that do nothing when clicked. Switching CSS off (Firefox: View: Page Style: No style) lets me see the designs and also a sign-in form. So I'm guessing that maybe we need to be signed in, so I've filled out the form at http://code4lib.org/user/register but it redisplayed the same form with no confirmation message after clicking the "Create new account" button. But I just got email from it, so I guess it worked. I'm unsure if the list is the best place to send this, but there's no "help" in either site's navigation and it's somewhere to let people know how difficult/confusing I'm finding this vote. Thanks for any help you may offer, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Question abt the code4libwomen idea
Jonathan Rochkind > On 12/18/2012 12:27 PM, MJ Ray wrote: > > Is there clarity that deliberately-discriminatory groups should have > > no platform in code4lib? > > If what you mean is if everyone agrees with you that a group created for > women in tech is bad, then, no, pretty much nobody else here agrees with > you. Of course that's not what I mean! I mean that if a group were women-only, men-only, white-only, senior-only or whatever-axis-you-like-only, then we feel it should be given no platform in anything code4lib. > I am not sure if I'd call such a group "deliberately discriminatory", Me neither, as previously mentioned... I'm glad to see more reassurance and hope that something will appear on libwomentech.tumblr. > nor am I sure what qualifies as "platform in code4lib", but for what A platform is any office, speaking slot, endorsement or so on. It's quite easy to find with a web search, but I'll assume Jonathan isn't trolling and try to summarise: no platform policies are a tool used by some organisations to exclude those acting against equality of opportunity. Here's one, which applied to a past employer of mine: "In pursuance of these aims any individuals or members of organisation or groups known to hold racist or fascist views will not be allowed to stand for election to any NUS office, or attend, speak or otherwise participate in NUS conferences, meetings or any other NUS events, and NEC members will not share a public platform with an individual or member of a organisation or group known to hold racist or fascist views." -- http://www.nus.org.uk/PageFiles/306/NUS%20Constitution.pdf [NUS = National Union of Students, NEC = National Executive Committee] > you're really getting at, no, there is no clarity there, pretty much > nobody else agrees with you there. I really hope that's not the case, that such groups aren't welcomed. Hope that clarifies, -- MJ Ray Setchey, Norfolk, England
Re: [CODE4LIB] Question abt the code4libwomen idea
Tim Donohue > However, I think some/many are taking offense to the implication that > 'libtechwomen' is discriminatory or prejudice against men or minority > groups just because its name includes "women". [...] > To call a group discriminatory just because they initially planned to > concentrate on specific gender issues is just wrong (in my opinion). Whoa! Hang on a minute! I don't think the name is great and I feel that we could do better for a first support group, but I'm not objecting to either of those. It's not "just because" either of those and it's rather frustrating if anyone still thinks it is. (Similarly in the other email from Steve, I never meant to suggest the "completely spurious" thing.) My objection arose because the opening post in this thread suggested it would be discriminatory: https://listserv.nd.edu/cgi-bin/wa?A2=ind1212&L=CODE4LIB&F=&S=&P=166649 described it as a "group for just women". There are later emails which claim otherwise. twitter.com/libtechwomen and http://libtechwomen.tumblr.com/ don't say either way, as far as I can see (if you'll excuse the pun). I don't really want to hop on IRC and ask because of past bad experiences with a previous group. Is there clarity that deliberately-discriminatory groups should have no platform in code4lib? And is it sure that libtechwomen is not the aforementioned women-only group? Thanks -- MJ Ray Setchey, Norfolk, England
Re: [CODE4LIB] Question abt the code4libwomen idea
Steve Marks > This false equivalency gets bandied around quite a lot in academic > circles (maybe elsewhere, but I lead a sheltered life). Let me assure > you that there is a significant difference between what goes on in a > standard pat leave and what goes on in a standard mat leave. Yes, I agree with drawing a line between standard leave and extended career-break child-rearing leave. I didn't mean to suggest a "false equivalency" so thanks for the help clarifying: the first bit of leave is necessarily different for the mother, for the biological reasons Steve outlines, and this is encoded in English law, 26 weeks of Ordinary Maternity Leave vs 2 weeks of Ordinary Paternity Leave. Extended leave is treated the same in law here, starting with 26 weeks of Additional *aternity Leave and I feel that's probably correct. https://www.gov.uk/maternity-leave https://www.gov.uk/paternityleave So I still suggest that the issues around child-related extended leave are not solely for women. > I'm not arguing that there aren't many dads who do a great job of child > rearing, but in your average, everyday, heteronormative context, this by > default falls to the woman. [...] Probably, and we should not support that default by suggesting such extended-leave issues are only for libtechwomen, should we? > Anyway, I hope you don't feel like people are piling on, MJ. I think > it's a token of respect that every member of the code4lib community > has for each other that folks *are* making the effort to understand > and be understood. I sort of both do and don't. I do appreciate that people are making the effort, but I do worry that other minorities are collatoral damage of some vociferous support for this larger-minority single-issue group, that few seem to be supporting a strong anti-discrimination line and that it's not really clear what libtechwomen is yet. Which brings me to an aside on a sidebar: thanks to everyone who has sent private messages of support - mostly for good reasons, as well as a few for reasons I don't agree with :-/ - and sorry for not replying to each of them individually, but please consider posting in public. I understand why some people won't "out" themselves, especially when it would have far more life-changing consequences than the audio-visual damage I've admitted, but I hope everyone's allowed to express views publicly without prejudice or being challenged as to whether and which minority. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Question abt the code4libwomen idea
u need to have a supportive environment. > >> It's probably hard for anyone to imagine themselves a part of community > >> when being outnumbered 20 to 1, especially with responses that dismiss > >> something that multiple women are interested in. I felt I was part of this community, even though I'm probably very outnumbered (A+VI people are 24-to-1 in the UK population but I don't know if it's better or worse in code4lib). Was I wrong? And one more time, I'm not dismissing the need for a support group. I'm opposing the idea that any support group should be allowed to discriminate. If it doesn't, then go on with it, even if I'd prefer that we worked together to broaden access to all minorities. Hope that explains, -- MJ Ray Setchey, Norfolk, England
Re: [CODE4LIB] Question abt the code4libwomen idea
Wilhelmina Randtke > MJ Ray, > > OK, ctrl+F did not work, because the email said "for just" but you said > "just for". Actually, no two words in your quote were in sequence in the > email you tried to quote. So much for ctrl+F. I don't much like this attempt to Fisk me over putting "a" inside the quote. It's also largely beside the point: that a "group for just women" would be discriminatory and should be Not In Our Name. ctrl+F is forward-character... not sure what you mean there. I misquoted "a group for just women" and quoted "gender-specific issues won't be addressed" which you can see at https://listserv.nd.edu/cgi-bin/wa?A2=ind1212&L=CODE4LIB&F=&S=&P=172323 and the thread opener said "a small support and discussion group for just women" and "gender-specific issues won't be addressed" https://listserv.nd.edu/cgi-bin/wa?A2=ind1212&L=CODE4LIB&F=&S=&P=166649 - most of the words in the quotes are in sequence, and the source text is readily available too. Those ideas should be rejected. > Casual discrimination against women and disabled doesn't mean you get a > pass to say none of this matters. Interacting specifically with other > people who have to live your issues and don't just look at them > intellectually (this interaction is what the women here are trying to do) > is not quite the same as denying that other people face issues (what both > of us have experienced at some point). I'm not denying there are issues. I'm saying code4libwomen would be another issue itself, rather than reducing them - it's a polluted snake oil cure, making the sickness worse. Personally, I also think that we shouldn't divide the equality campaigns up, as we've more similarity than difference, but that's a different point and it's not awful if we have to continue in silos. > If it helps, I use Webbie and Thunder to audio browse websites I work on, > because then I am more likely to notice glaringly obvious things like the > recaptcha. But, yeah, going into pretty much any subscription database > with only audio from a screen reader is a lost cause. Thanks for your consideration. I wish you could help open up wiki.code4lib.org - I can sign up for many things unaided, but maybe the Equality Act here means access is slightly better. Regards, -- MJ Ray Setchey, Norfolk, England
Re: [CODE4LIB] Question abt the code4libwomen idea
> On Mon, Dec 10, 2012 at 6:38 PM, Bess Sadler wrote: > > There have been some contradictory statements made about > > #libtechwomen because it was an emerging idea, and like code4lib, > > there is no formal power structure or authority. There is no > > requirement that one be female to participate, [...] That is good to know and a big improvement. > > The suggestion has been made that the name "libtechwomen" might > > not be welcoming to someone who wants to participate but does not > > identify as a woman. We have already discussed changing it and > > welcome suggestions. I suggest libtechEquality - any progress with other suggestions? Cary Gordon > Are there folks out there who think that you can only be in one IRC > room at a time? If I want to be in the #190cmtall room, nobody in > #code4lib would know, nor would it be any of their business. Are there > people here who really feel threatened by this? That's not really a similar thing, but might indicate other problems. Would we not be troubled by code4lib, just because it could be kept hidden and you could use code4lib anyway? Regards, -- MJ Ray Setchey, Norfolk, England
Re: [CODE4LIB] Question abt the code4libwomen idea
Wilhelmina Randtke asked: > When you say someone referred to "a group just for women", did you mean > when Bohyun Kim said "interests in a space for women"? > > Because if you did, then you should not have used quotes, since you were > not quoting. If that language you don't like came from somewhere else, > then please be more specific, because I didn't see it at the start of this > thread that I'm emailing on. That language is in the second paragraph of the email dated Fri, 7 Dec 2012 16:13:47 + from Bohyun Kim, but I apologise for having put the a in the quote marks. It should have been outside them, as I cut part of "a small support and discussion group for just women". I guess I hit the editing keys badly on Friday. It's very disappointing that no-one else seems willing to challenge that behaviour and so many are actively supporting it. I feel like we're still in the dark ages. Two wrongs do not make a right and two discriminations - one unconscious and one conscious - does not make equality. Joshua Gomez suggested: > [...] And I don't think that reverse discrimination is the true > concern of most of those that have voiced opinions against a > sub-community for women (at least I hope not). I don't think that suggesting everyone who disagrees with one's view is insincere or dishonest or something is a good idea. Personally, my concern isn't that it is reverse discrimination - it's that it is still discrimination. I don't feel that past sins excuse further ones. > [...] And since I am not a member of the group that has been > discriminated against I don't think I or anyone else not in that group > should try to dissuade them from doing what is in their best interest. I am not a member of *that* group that has been discriminated against, but I am a member of one minority that is routinely discriminated against in a pretty direct way - code4lib's wiki suggests we are not human, as I mentioned in another mail on Friday: https://listserv.nd.edu/cgi-bin/wa?A2=ind1212&L=CODE4LIB&D=0&P=167926 - and I am not dissuading women from doing what is in their best interest, but I believe setting up another discriminatory group is not in anyone's best interests. The best thing would be to do similar as we do for accessibility and have mixed groups like fixtheweb.net working together to dismantle the barriers. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Question abt the code4libwomen idea
Karen Coyle > [...] If it's successful, it's successful. If not, it'll fade away > like so many start-up groups. > > I'm astonished at the resistance to the formation of a group on the part > of people who also insist that there are no rules about forming groups. > I don't recall that any other proposal to set up a group has met this > kind of resistance. [...] Well, will code4lib tolerate that discrimination? Is the discriminatory language used in the start of this thread appropriate for code4lib? The thread opener does not describe an equality campaign. It described "a group for just women" and seemed to claim "gender-specific issues won't be addressed" by any group other than women-only. It feels like code4lib may be giving up and that the anti-harrassment policy is junk before it's given a reasonable go. Of course, setting up discriminatory spaces isn't harassment directly, so is on the fringe of the anti-harrassment policy. Is there a code4lib equality policy? Could we agree that everyone should able to use all of code4lib "without distinction[...] such as race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status"? (Quote from UDHR)
Re: [CODE4LIB] Mentorship Program
Shaun Ellis > Thank you to Ranti for setting up the wiki page! Please post your name > to that page as others have started to do if you have any interest in > being involved with the mentorship program. It doesn't matter what your > gender is [...] but your audio-visual ability does matter because disabled users are currently unwelcome in code4lib's wiki and are called inhuman. In case you'd forgotten, there's a reCaptcha on the account creation page. If you access it with javascript disabled, it includes the Google-provided message "We need to make sure you are a human. Please solve the challenge below, and click the I'm a Human button..." The re should stand for replace, for that and the reasons Anonymous gives. Ideally, could it be replaced with some other protection(s), such as multi-step forms, email validation and/or human approvals? At least, could an email address be added to the account creation page and some nice instructions added to the wiki's "Help" link? > Mentee works for me, but The MIT program I referenced in an earlier > email uses the word "partner" instead. [...] Just as an aside: I didn't use mentee because it makes me think "liar". (FR/ES/PT/...: mentir = EN: to lie), but I expect that's just me. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Mentorship Program
Shaun Ellis > Hi Rosalyn, > I agree that we should encourage women to step up and mentor other women > at Code4Lib. I also see the pairing of women mentors with women mentees > as fitting into an overall mentorship program, and I would be interested > in collaborating with you and others to help frame it out. I think pairing would need to be done pretty carefully and I'm not sure that only pairing women with women, for example, would be a good thing. Even ignoring my belief that it would be sexist, it could cause practical problems by creating a feedback loop: fewer women in the community probably means fewer women mentors available for women learners, leading to slower promotion of women into the community. Hope that explains, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Gender Survey Summary and Results
Sara Amato > On Dec 5, 2012, at 11:23 AM, Jonathan Rochkind wrote: > > Hmm, it's quite possible you know more about statistics than me, but... > > > > Usually equations for calculating confidence level are based on > > the assumption of a random sample, not a volunteering > > self-selected sample. > > I'd been staying out of this discussion, but the thought occurs to > me that someone with access to the list of subscribers might run > that against a list of traditional boy/girl names, and be able to > make some guesses…. With my (rather dusty through lack of formal use) stats grad hat on, I'd say Jonathan Rochkind is correct: the assumptions behind those calculations are violated. http://www.jerrydallal.com/LHSP/ci.htm explains more about confidence intervals, but the usual calculations require independent random sampling. (LHSP was a good web book and may be worth a read if you want help with stats, but it seems that there won't be any more web editions for now, thanks to the evil Kindle system. If only it were FOSS.) What happened here is sometimes called a Self-selected Listener Online Poll, like the radio stations or newspapers do, and it's not random. It may still be informative, but I'd not suggest the calculated confidence intervals are valid. Guessing from the names may be informative - especially about how many people use forms that aren't easily identifiable in that way - but I think the usual approach would be to use random numbers to draw a sample from the subscribers and just ask those the detailed questions. Then you could work out a CI and so on in the usual way. Some years ago, I wrote more about surveying at http://people.debian.org/~mjr/surveys.html#advice if you want overkill. Some links are stale at the moment. Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Choosing fora. was: Proliferation of Code4Lib Channels
Jonathan Rochkind > On 12/4/2012 12:10 PM, MJ Ray wrote: > > Really? I hoped if I wanted to do serious hacking, I could clone it on > > git.software.coop and send a pull request. If you use github *and > > insist everyone else does* then you lose all the decentralised networked > > collaboration benefits of git and it becomes a worse-and-better CVS. > > A "pull request" is a feature of github.com. There is no feature of > git-the-software called "a pull request". I don't think that's correct. GitHub was only launched in April 2008, but here's a pull request from 2005: http://lkml.indiana.edu/hypermail/linux/kernel/0507.3/0869.html Here's the start of the relevant page in the git software manual: [quote] NAME git-request-pull - Generates a summary of pending changes SYNOPSIS git request-pull [-p] [] DESCRIPTION Summarizes the changes between two commits to the standard output, and includes the given URL in the generated summary. [/quote] > Which of course doens't stop you from sending an email requesting a > pull. A "pull", including from decentralized third party repos, is a > feature of git. It sucks that github doesn't accept emails of such git pull requests and do anything useful with them. Ignoring the huge potential of email coordination seems like missing a big feature of git. > But yes, if you get used to the features of a particular free service, > you get locked into that particular free service. [...] If one is locked in, that means it has an exit cost, so it's no longer a free service. The piper might just not need payment yet. Hope that explains, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Choosing fora. was: Proliferation of Code4Lib Channels
Shaun Ellis > On 12/3/12 2:14 PM, MJ Ray wrote: > > This listserv looks threaded to me. Maybe you need to upgrade > > Thunderbird, although I could have sworn it's done threaded for > > a while now. [...] > Whether or not people would use such a tool in addition to the listserv, > I don't know. Vote to Promote requires a critical mass to make it > worthwhile, but it's hard to gauge actual support without testing it. Need it be "in addition to the listserv"? What prevents making a view of the list archives that adds a vote to promote features? I'm a bit suspicious of such a thing, as it sounds dangerously like it could easily become mob rule, Whuffie or another /. but give it a go if you like, if you can do it without detracting from the existing fora. (Not that my blessing matters.) > > Unless you do something pretty silly - like insisting everyone > > register with github > > Unfortunately, in order to collaborate on the anti-harrassment policy, > you do need to have a github account, or lobby someone who does to make > a change for you. Really? I hoped if I wanted to do serious hacking, I could clone it on git.software.coop and send a pull request. If you use github *and insist everyone else does* then you lose all the decentralised networked collaboration benefits of git and it becomes a worse-and-better CVS. > But I think most would agree that's better than > hashing out such details on this list. Maybe, but most haven't read the github terms of service :-( I don't want to get into a full list of its problems right now, but things like "legal full name" shouldn't be required. In the context of this discussion, won't that mean that most genders and some other minority attributes are going to be obvious and it'll discourage some people who mostly use abbreviated names, nicknames or pseudonyms to hide that? So use github if you want to, but can we keep the door open to collaboration from other git servers too, please? Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Choosing fora. was: Proliferation of Code4Lib Channels
Shaun Ellis > I'm not particularly sold on Reddit. I just think that there are some > types of discussions that might be more constructive with a threaded > forum than a listserv, [...] This listserv looks threaded to me. Maybe you need to upgrade Thunderbird, although I could have sworn it's done threaded for a while now. Personally, I don't think being email-based is the problem. It's more about having good facilitators and community organisers... and code4lib is probably better than many at that. Unless you do something pretty silly - like insisting everyone register with github, google or gigabot to take part, or switching the venue/platform every few cycles - I feel it's more often a challenge about people than technology. Even so, I've posted a list of ways people screw up the tech recently: - some are too difficult to register on (confusing, reCaptcha disability-discriminator, no/confusing openID, activation emails that never come or just plain buggy); - some don't have an email help address or online support or phone number or something; - some don't email site members when things happen that they might be interested in; - some don't email site members with summaries of what's happened last week/month in case we don't know what they're interested in; - some don't email site members at all; - a very very few email site members too much, so people unsubscribe; - some don't interact well with other websites (refuse to let anyone post links ever, don't send trackbacks or pingbacks to let the remote site know we're talking about them, make it difficult for us to dent/tweet/link to the forum nicely, and so on); - some have lots of spam (let anyone post lots of links, moderators are missing/uncontactable/unaccountable and so on); - most don't let me back up my data; - some vanish abruptly and take the community down with them; - a few have trolls and a few are unfriendly. (previously posted at http://forums.cyberunions.org/discussion/111/common-mistakes-of-activist-websites ) Hope that informs, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] anti-harassment policy for code4lib?
Erik Hetzner > MJ Ray wrote: > > However, I'm saddened that I seem to be the first to object to the > > hand-waving ("number of reports") and prejudice in the above > > paragraph. The above problems seem more likely to arise from being > > drunk or being idiots than from being men. […] > > Starting from this incorrect position will lead to the wrong > harassment guidelines being drawn up. Obviously the goal is equal > respect, but you don’t get there by pretending that the root problem > is drunkenness, or that men and women treat one another with > disrespect in equal amounts. It’s not hand-waving to say that sexual > harassment happens, and that (with negligible exceptions) it is is men > who are the perpetrators. To pretend otherwise will not produce an > effective anti-harassment policy. Equally, we won't get an effective anti-harassment policy by making incorrect assumptions (like it's negligible if the perpetrators are not men) and ignoring the exceptional cases that don't fit those assumptions. I feel that no serious harassment should be neglected by a true anti-harassment policy as suggested above. It's difficult to say what the root problem is when talking in abstract like the above, but if we believe equality is ever possible, merely being men cannot be the root cause. I feel that those who suggest it is are just a different type of sexist who we must guard against. There are, of course, reasons why men perpetrate more in most communities I interact with, many of which are to do with history and where we're starting from, but things can and do change, both in general and in small subcommunities, and we should be ready. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] anti-harassment policy for code4lib?
Wilhelmina Randtke > I think maybe in librarianship in general, there is some trying to turn > this around and use the same sexist advertising, but marginalize men > instead. I think this is a problem in society in general, not just librarianship or technologists: aiming for some improbable perfect balance of discrimination in all directions and misunderstanding that as equality. Such false friends are often uncovered when they suggest that if anyone doesn't like their Gay/Black/whatever Scholarship or Mentorship or whatever restorative scheme, those people should start or make another scheme for Non-gays/Non-blacks/Non-whatevers. So I'm disappointed but unsurprised to hear of male strippers at events. Like Karen Coyle, I'd love to know if anyone objected and what happened next. > On Fri, Nov 30, 2012 at 8:54 AM, James Stuart wrote: > > This list is imperfect (I know several public incidents that aren't on here > > (recent DEFCON years aren't listed, The Amazing Meeting/ElevatorGate and > > various other skeptic convention incidents aren't on (possibly by > > design))), but it's at least a start, and hopefully a picture that sexism > > is an endemic, systematic problem right now in the geek convention world. > > http://geekfeminism.wikia.com/wiki/Timeline_of_incidents Quite right it's imperfect! It's correlated with time, money and maybe an increasing number of smaller conferences with new, inexperienced organisers... I don't think the number of incidents is particularly informative, either: we'd be unhappy with one, no? So it may help to pick a random sample of the incidents and consider whether the anti-harassment policy for code4lib would deal with it. Moreover, I reject that we should place too much weight on that "resource for and about women". It has some interesting links, but a site with a "Resources for men" ghetto is not promoting equality well. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] anti-harassment policy for code4lib?
Esmé Cowles > Also, I've seen a number of reports over the last few years of women > who were harassed at predominately-male tech conferences. Taken > together, they paint a picture of men (particularly drunken men) > creating an atmosphere that makes a lot of people feel excluded and > worry about being harassed or worse. So I think a positive > statement of values, and the general raising of consciousness of > these issues, is a good thing. I'm a member of software.coop, which helps write library software, including Koha - we co-hosted KohaCon12 this summer. Like all co-ops, our core values include equality. I would like to see an anti-harassment policy for code4lib. However, I'm saddened that I seem to be the first to object to the hand-waving ("number of reports") and prejudice in the above paragraph. The above problems seem more likely to arise from being drunk or being idiots than from being men. Please, let's treat all groups with equal respect and reserve our ire for particular members when they give us reason to do otherwise. The anti-harassment policy should not be developed from a "we need to kick men into line" standpoint. As such, I suggest https://github.com/code4lib/antiharassment-policy/blob/master/code_of_conduct.md should say "Discriminatory language and imagery (including sexual)" rather than leading with a special case of "Sexual". I also suggest generalising "religion" to "religious beliefs" to avoid predictable attempts to insult some minorities and claim it's allowed because they're not formal, organised or state-approved religions. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Wikis
Dhanushka Samarakoon > Confluence is free for non-profits, but for academics they charge a reduced > fee. http://www.atlassian.com/licensing/confluence > > If you just want a basic wiki mediawiki would work, but for more elaborated > access control (and other features) Confluence would be better. Atlassian are particularly insiduous, using dodgy tactics like free "first hits" for FOSS projects and non-profits to try to get people hooked and keep them away from the community using and improving free software. I've lost count of the number of times that I've heard librarians criticising similar divide-and-conquer marketing efforts like free-to-university-libraries from library service providers, so I'm surprised to see people recommending it here! I'm no big fan of mediawiki (mainly because its markup is incompatible with earlier wikis, which confuses me every time), but it has a vast range of extensions, so it's definitely not basic. Much better to be part of an information-sharing community, isn't it? (I use trac's wiki and mediawiki on various projects. I've contributed to a few projects that use Confluence, but really don't like it.) Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Browser Wars
Genny Engel wrote: > Interesting, Safari has just pulled into the lead over here. You can't know that. With so many browser and proxies mangling the User-Agent for various reasons (User-Agent Switcher to get a nicer mobile-style experience on a small screen, or randomUserAgent to stop the evil empire tracking you through browser fingerprinting, to give two examples), reading the User-Agent header from your logfiles is a suggestion or hint of what's reading your site, not a definitive result. What's in the logs is basically reader-submitted. You don't believe people to all tell the truth when they tell you their age or income, so please don't believe them about their browsers! I predict we will see much more volatility in these results as more people install the obvious plugins to get a nicer and safer browsing experience. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] First draft of patron account API
>>> Jakob Voss 5/28/2012 04:04 AM >>> > http://gbv.github.com/paia/paia-868166f.html > http://gbv.github.com/paia/ [...] > The API should be made available to end-users and to third parties. A > mapping to RDF should be possible, similar to DAIA, but the first goal > is to provide an easy and defined access for automatically accessing > patron accounts. How would you make use of such an API? We've a lot of other patron data in Koha and it would be good to access that - and update it as well, auth permitting. Should we extend PAIA or is there another standard that we should consider? (Of course, Koha can use things like LDAP for its patron data, but for various reasons, some libraries want Koha as primary store and SIP is a bit hard-core and doesn't cover all updates.) Thanks for any feedback, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Issue Tracker Recommendations
Cynthia Ng > What does your institution use? > What do you like and dislike most about it? > Would you recommend it to others? RT and Trac. RT has tons of features, is easy to extend and build lots of dependencies on, which is why it's still in use, but it can be a bit annoying/clunky to use, especially its web interface; whereas trac is easier to set up and use almost as easy to extend, although in a rather different way. I'd recommend Trac to others. I'd also like to nominate Jira, FogBugz and "Pivotal Tracker" as ones to run away from, mainly due to past bad experiences of email-mangling and/or upload-mangling. Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Koha in the Running
Jon Gorman > There's vendors/companies that develop for and support Koha. Open > source and vendor/commercial activity are not mutually exclusive. Yes, exactly! I work for a commercial vendor (software.coop) which has done all of the following combinations: > Open Source ILS / local servers / no support contracts > Open source ILS / hosted / no support contract > Open source ILS / hosted / support contract > Open source ILS / hosted / no support contract We've even done Open Source ILS / local servers / multiple support contracts. Someone else mentioned Marshall Breeding's ILS survey. It has some numbers, but I don't think they cover all of the above situations (so we encourage most co-op libraries to report as Independent if at all), as I comment almost every year (along with suggesting that having the survey open-sourced could offer big improvements). > And you could distinguish between support and development contracts, > with the nice advantage of open source you can always change vendors > or fund someone who's not your usual developer group depending on how > the community around the project has been established. Harder to do > that with proprietary software, but I've still heard of it happening. Even with open source, you have to make sure that you can export and import your data. Most vendors that support Koha-community.org do offer that, in support of the Open Network Libraries idea. Hope that informs, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] http://openurl.code4lib.org/ MIA
Ross Singer > That said, I'd like to make the content still available. Anybody have any > recommendations on what I can migrate to that I can basically just load the > content and ignore it? Rather difficult to say while it's MIA. Was it purely a resources site or did it include something else? Is http://web.archive.org/http://openurl.code4lib.org/ complete? That could probably be used and ignored for the forseeable ;-) Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Linux Laptop
Bill Dueber > Because, really, you'll spend time futzing with linux, trying to get stuff > to work, cursing the many clipboards and config files and losing > productivity up the ying-yang because you're using a different (and, few > would argue, degraded) user environment. I don't see how anyone would argue with a straight face that a good GNU or lovely Linux is an upgrade from the Windows 7 Starter bad joke... but I know that's not the starting point here. I humbly suggest that long futz times are only necessary these days when most of the following combine: 1. unsupported/hard-to-support hardware (maybe bought for compatibility with another even-fussier operating system?); 2. control-freakery ("it must work/look exactly THIS way RIGHT NOW without me doing much"); 3. not good at asking for technical help online or being patient with LUGs; 4. not willing to find and/or pay local experts; 5. not willing to search/read the copious fine manuals or debug logs. But maybe my view is coloured by using the MacOS-like gnustep on debian for aaages (so good package management more than makes up for a bit of configuration... it's basically the same package management system as ubuntu or mint use), so I can set up the basics fairly quickly and I'm quite tolerant of X11/GTK apps like firefox being common on my desktop. I guess newcomers still have to get used to basics like having 5 or more useful mouse buttons instead of 1... Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Any ideas for free pdf to excel conversion?
On Wed, Dec 14, 2011 at 6:08 PM, Matt Amory wrote: > Just looking to preserve column structure. I'd probably try something like ps2ascii and then sed it into a csv which I understand that "excel" can load like libreoffice/openoffice can. More webbily, maybe scraperwiki.com can help. In general, it is rather like trying to rebuild a pig from sausages. :( Good luck, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
Re: [CODE4LIB] Patents and open source projects
Nate Vack [...] > Not allowing trademarks and patents for FOSS is complex if they're > allowed for software at all -- should someone reading a patent and > providing a free implementation invalidate that patent? That's the > exact opposite intent of patents. (Note: I think software patents > should not exist at all.) Mathematics is not patentable, at least here and at least so far, so yes, if the full implementation in software alone is obvious, it clearly isn't a valid patent. > If FOSS projects are immune to trademark suits, should I be able to > start a competing open-source catalog and call it Koha or Evergreen? > That seems like an undesirable outcome. As I understand it, if you did, even without a trademark, you would still probably be committing a range of civil offences, including "passing off" and various advertising or trade descriptions offences, in English law at least. The main thing a registered trademark brings to that party is criminalisation (and so the ability of government agents to prosecute autonomously, at the taxpayers' expense and regardless of the wishes of project contributors) and I feel that's neither necessary nor desirable. Hasn't this happened already, though, with Liblime starting some competing Kohas and using trademark registrations to back up their failure to rename their forks? (Although most of us call them LAK, LEK and LK, to try to reduce the confusion.) Which brings me to a question which probably people here can help to answer: are there similar civil offences of passing-off, misleading advertising and trade misdescriptions in the US? Thanks, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] Patents and open source projects
Erik Hetzner > MJ Ray wrote: > > Will people please stop suggesting that PTFS's attempts to register > > Koha trademarks in various jurisdictions are somehow because of > > inattention on the part of the Koha users and developers? > > > It was my intention only to suggest that trademark issues were > something that one needs to pay attention to, not that the Koha > community had not paid attention to trademark issues. Thanks for > clarifying the issue: I was unclear. OK, sorry, I'm probably a bit sensitive because of some of the crazier press coverage that we've had, suggesting that users or developers should have done various things - often contradictory - but like the old saying goes: the price of freedom is eternal vigilence. My personal opinion is that it wouldn't matter if friendly people had already registered it as a NZ trademark for whatever class covers software (and I understand someone has a similar trademark for it). Aome ratbags could still come along, register it for another class (books, perhaps), slip past the regulator by mistake and screw with the community for a while. Trademarks aren't quite as awful as patents, but they're not far off. Neither are as narrow and straightforward as copyright can be and are much more expensive to defend. They're a bottomless pit for resources and ideally private trademarks and patents should not be allowed for FOSS. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] Patents and open source projects
Erik Hetzner > 1. > http://www.softwarefreedom.org/podcast/2011/aug/16/Episode-0x16-Legal-Basics-for-Developers/ > Basically, the standard advice for patents is what Mike Taylor gave: > ignore them. Pay attention to copyright and trademark issues (as the > Koha problem shows), but patents really don’t need to be on your > radar. Will people please stop suggesting that PTFS's attempts to register Koha trademarks in various jurisdictions are somehow because of inattention on the part of the Koha users and developers? Any project can always suffer from some ratbag try to register its name as a trademark, regardless of it being a historic treasure (in NZ, so I'm told) or in use in commerce by others before them. That doesn't make the ill-gotten registration valid: it should just make it a nuisance for a short while until the rightful users gain or overturn the ratbags' registrations. Hell, someone tried to register "Linux" as a trademark once, didn't they? The alternative is to pay the protection rackets (also known as trademark registrars) before it's a problem, rather than spend that money creating projects that are worth defending. Spend today, or gamble and maybe spend tomorrow? It's a choice. Hope that informs, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] Patents and open source projects
Emily Lynema > A colleague approached me this morning with an interesting question that I > realized I didn't know how to answer. How are open source projects in the > library community dancing around technologies that may have been patented > by vendors? We were particularly wondering about this in light of open > source ILS projects, like Kuali OLE, Koha, and Evergreen. I know OLE is > still in the early stages, but did the folks who created Koha and Evergreen > ever run into any problems in this area? Have library vendors historically > pursued patents for their systems and solutions? In short: bad patent laws are a problem, but not unique to FOSS. I think we're dancing around technologies that may have patents in the same ways that all developers do: basically, we avoid famously patented tech and try to use well-known libraries as much as possible (safety in numbers, at the cost of chilling some innovation), but hoping that we don't pass too close to any submarine patents. The worrying one I've seen recently has been 3M and SIP. It took quite a few rounds on the SIP 3 message boards before (as I understand it) we were assured that no patents held by 3M would necessarily be infringed by implementing SIP 3. 3M accused Envisionware but I don't remember the detail or know the current situation. I probably ask more questions about this than many, even though I work for a software developer and am fortunate to work in a country where mathematics - which includes software - is explicitly excluded from patents. Hope that informs, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] SV: [CODE4LIB] Plea for help from Horowhenua Library Trust to Koha Community
Jonathan Rochkind > But I think it's worth drawing the community's attention to this issue. > Whether it's important that the Trust have the right to legally stop > someone from calling something "Koha" that isn't Koha (the trademark > owner is ultimately going to be the one that has the legal power to > decide what is "really" Koha or not. Which is what, i'm confident, has > LibLime worried, since some parts of the Koha community have already > accused LibLime of calling something "Koha" that is not.) I don't think many care about the Trust having that power, but LibLime having that power is a very scary thought. If they get this trademark, could they try to assert that Koha is only LLEKoha or LLAKoha or whatever their fork is now called and try to obstruct the user community release process? Except, of course, that LibLime is only the inheritor of the first developer, while the Trust is the first user, so the Trust should win out of those two: the buyer of that bespoke software came first. It's a pretty sorry state of affairs that the music+movies control freakery has led to processes that allow this sort of attempted software control freakery. Surely the buyer should have more say over what they call their purchase than the seller? Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] Plea for help from Horowhenua Library Trust to Koha Community
Mike Taylor > So your best bet may be to shrug and let them have the old name for > their proprietary fork. Just come up with a new name for the open > codebase, let the world know, and move on with doing more useful > things -- spending what money you have on coders and cataloguers > rather than lawyers. Two things which may not be widely known here: 1. HLT was the original commissioner and I believe they have been using Koha continuously in delivering their library service since then. If they of all people are not allowed to share control of the name, then basically no FOSS project name is safe for its users. Ever. 2. "Koha" means akin to gift. The irony of trying to trademark that word in particular is mindboggling and should shame PTFS in the eyes of everyone who likes sharing information - basically all of us who are involved with libraries at some level, isn't it? So, please give generously to HLT's ratbag-repelling fund. There are wider issues at stake for users and coders for libraries. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] web spam block less awful than Captcha?
Jonathan Rochkind > On 10/24/2011 1:15 PM, MJ Ray wrote: > > trying to design things so that the return on investment > > for spammers is fairly low, > > In my experience, this is irrelevant. I have spammers spamming my "ask a > librarian a question" link, which _only_ results in email to a > librarian's inbox (several of them actually). [...] In that example, they get unfettered priority access to an inbox. If it's an easy form to submit, that's a high enough RoI for spambots. How is that irrelevant? As others have noted, a honeytrap field seems the most obvious addition to such a form. I'd also be fairly liberal with the blacklisting, as long as alternative contact routes are given (like how to reach a librarian in person or by phone). A two-step form would also cut the spammers drastically, in my experience, but then you're adding a little cost for regular users. A preview step might result in clearer questions, though! Hope that informs, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] web spam block less awful than Captcha?
Ken Irwin wrote: > Some of our online forms (contact, archives request, etc.) have been > getting a bunch of spam lately. I have heretofore avoided using any > of those obnoxious Captcha things and would rather not start now. (I > personally loathe them and they keep getting harder, which tells me > that the spambots are probably better at them than we are...) You are a hero and I wish there were more like you. I am getting bored with being locked out of more and more websites. > Does anyone have some good/easy/free/less-stressful spam-inhibiting ideas? blogspam.net (a FOSS Akismet-like service), manually-maintained blocklists, trying to design things so that the return on investment for spammers is fairly low, rate limiting and if you really are stuck, textcaptcha.com has more ideas and a textual captcha service. I've been using a combination of those for years and never had much of a spam problem for long. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for various work through http://www.software.coop/
Re: [CODE4LIB] in step with disclosing our ideas to OCLC Inc.
"Frumkin, Jeremy" > So, I would like to chime in here that this list is primarily > focused on coding and technical issues. While everyone is entitled > to their opinion on OCLC or any subject for that matter, in my > opinion this thread really isn't pertinent to the focus of this > discussion list. Sorry. I forgot CODE4LIB overrides the reply commands (both reply and reply-to-list go to the list). However, maybe some OCLC members could get opening the tech discussed at that meeting too. If anyone would like an explanation of the co-op difference, please mail me off-list! Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] code4lib g+ hangouts
"Ya'aqov Ziso" > *... IRC is pretty accessible and open and not under the control of one > private-sector corporation. I'm somewhat disappointed that g+ is being > adopted so uncritically * > *=* > all in step with disclosing our ideas to OCLC Inc. Tee-hee! Now that's a bit different: OCLC is at least theoretically governed by the libraries that use it. Users don't own g+. Sadly, as seems to happen in many co-ops, it seems to me like only a few OCLC members get to exercise full democratic power because the libraries, archives and museums elect regional councils that elect another council that elect the trustees. The decision-making seems a bit too far from the grassroots, a democratic deficit. BUT the input of the councils and the membership is on the agenda for the upcoming global council meeting next month http://www.oclc.org/uk/en/councils/global/meetings/default.htm so do you think something that might be about to change? As a member of another co-op in the library space, I live in hope! -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] code4lib g+ hangouts
Jonathan Rochkind > Many of us have been using the IRC channel for just this purpose for > years, and anyone is welcome to. Personally, I still haven't used g+, > and don't know when/if I will, I'm overwhelmed with internet already! Also, IRC is pretty accessible and open and not under the control of one private-sector corporation. I'm somewhat disappointed that g+ is being adopted so uncritically. Has faceblocking not taught the library world anything yet? Anyone got handy tips for diaspora or friendika, by the way? Thanks, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] New thread: Why are you doing what you're doing?
Eric Hellman wrote: > I think it's a good question, worth asking about *every* dev > position being hired for. I would be interested to hear an answer > from others on the list. In fact, I think the price of putting a > position announcement on Code4lib should be a willingness to answer > "why?". And "why not?" is a pretty pathetic answer. > > For me, I'm doing what I'm doing because I think it's important and > because no one else is doing it. I hope there are many other with a > similar answer. I answered part of this a while ago: http://www.news.software.coop/hi-why-are-you-doing/1000/ The tl;dr is "to provide computer-related services..." and I do that in a co-op so that we get hired for those services, not for our flesh and time. ;-) Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] does your OPAC pass HTML validation?
Ken Irwin > Do catalogs even validate out-of-the-box? (I've never set up an OPAC > before, I have no idea what "out-of-the-box" might actually look > like.) Testing the demos suggests that koha 3.2 only fails because of a stupid mistake (missing a / on a when we declare as xhtml) and koha 3.4 has a few extra errors that may arise from the recent switch to template toolkit. So validation is definitely achievable with Koha. Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] New xforms4lib Google Group
Ethan Gruber wrote: > While I imagine that most people on the old xforms4lib list are also on > code4lib and will thus get duplicative emails, I wanted to briefly announce > that xforms4lib is migrating to a Google Group. This will provide greater > flexibility than the old system, which required list admins to be U.Va. > members, I think, and will also allow the archives to be indexed by search > engines. Could you make it so that people can subscribe by email, without signing up for a Google account, please? code4lib readers - anyone know what setting(s) to make that happen? Thanks, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] Webinar information for today's Virtual Lightning Talks
Peter Murray wrote: > Second, some comments I got were about cranky Java applets and > applications. LYRASIS has two conference tools at its disposal -- > Java-based Centra and Flash-based Acrobat Connect -- and I chose > Centra because running Flash on LINUX is an issue. Maybe this will > need to be revisited (or maybe there is another Java-based > conference system that can do better). I think Centra only runs in Sun Java while Acrobat Connect only runs in Adobe's Flash - neither work in any of the FOSS ones - so that choice is between the devil and the deep blue sea to me. It's the same argument as Open Access but for online conferencing instead of journals. It's quite frustrating that Moodle, LernID and Muji are all close but not quite there, as far as I can tell. I'd love to help fix this, but I don't have a funding stream available for it. Does anyone on this list know who does? (I don't care who does it but I'd love to see this problem solved!) Thanks, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] Excel file to Dublin Core?
Matt Butler wrote: > Depending on how your Excel file is set up, the least painful way > might just be to do it all in Excel. Add columns in between each > field, throw XML strings into those, then concatenate each row into > a single cell at the end of the row and copy-paste that final column > out. If you want cleaner XML (i.e. one attribute per line rather > than the all the item's attributes strung together) you can add > regular expressions in with your XML and parse them out later. I've done something similar to the above recently and it seems to be the most efficient way. The process was actually: Excel file (with no tabs in it) to tab-separated-values to TSV-with-&<>-replaced to XML. The most time-consuming part of getting bibliographic data out of spreadsheets into an XML format is finding special-but-invalid cases in the spreadsheet - because a spreadsheet probably didn't check for it and your XML-using tool probably throws them out. So I think it's more efficient to keep the toolchain as short as possible because you may want to repeat it a few times to get as good as it gets. Good luck! -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] SV: [CODE4LIB] AGPL for libraries (was: A to Z lists)
Tony Mattsson asked: > What I would want is a license that keeps the software free, and > that people has to make improvements availible. Any suggestions? I feel that those two aims are incompatible: you cannot give people freedom *and* require them to do a particular act. Even the AGPL only requires that service users get the code. They do not have to be generally available. So AGPL doesn't achieve your second aim either. Personally, I don't feel it's worth the extra burdens of AGPL, but if you do, then please give people permission to distribute only their improvements (instead of the whole damn codebase) and say that their app can stay online without checking whether source is available right then. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. Past Koha Release Manager (2.0), LMS programmer, statistician, webmaster. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] Looking for OAuth experts
Ross Singer wrote: > Unlike Twitter, however, we're starting from nothing. There's nothing > currently invested in ILS-DI clients that would break by committing > solely to OAuth (or anything, for that matter). Are you sure there's nothing currently invested? I thought the Koha community was already implementing ILS-DI so I assume there's some client using it, as people don't tend to fund useless developments. I don't remember if any of the co-op's client libraries are using it yet, though. [ILS-DI] > It's no longer under the auspices of the DLF and the priority of > functionality has changed. [...] OK, if it's no longer under the auspices of the DLF are you still in contact with BibLibre? > Indeed, and I hope the reply was likewise helpful. It was. More answers than questions, which is always good! That said, I'm still not seeing the benefits of OAuth for ILS-DI compared to existing HTTP authentication and authorization methods, really. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. Past Koha Release Manager (2.0), LMS programmer, statistician, webmaster. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] simple,flexible ILS for a small library.
offonoffoffon...@gmail.com wrote: > the vufind mailing list informed me that the koha driver is broken and it > was also not well recomended by people using it, though alot of people not > using it said i should try it : ) If it's worth enough to someone, I expect the co-op or another Koha support provider would be willing to help fix it. Usually the other big problem with things like drivers is getting access to test kit, but I don't know if that's the case with VuFind. Hope that informs, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. Past Koha Release Manager, LMS programmer, statistician, former lecturer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] Looking for OAuth experts
Jonathan Rochkind wrote: [...] > But if you just want to "publish an OAuth-using client that's not easy > to impersonate" -- well, it depends on what you mean. Do you mean you > want the server to know that the client application, that is distributed > to end-users, is "The Twitterific Client", in a crypto-secure way? You > indeed can not do that. This is not OAuth's fault, it's the universe's > fault. There is no way to do this absolutely reliably, although the DRM > people sure try, and Facebook tried, causing the problems that blogger > was complaining about. There's no other solution that will do that > either, it's not a unique failing of OAuth, and it's not the problem > domain OAuth was trying to solve, mainly. Mainly? Why does it include something that even looks like a solution to a problem that is actually insoluble? What problem was it trying to solve? If it was "a process for end-users to authorize third-party access to their server resources without sharing their credentials" then I feel a simpler method is possible, as described below. (Quote from RFC 5849) > Do you not care about authenticating that the client software is "The > Twitterific Client", but you just care about knowing that Joe Smith has > authorized it (whatever it is) to access Joe Smith's twitter account? > Ah, now THAT is indeed the use case of OAuth. The first one was not the > use case of OAuth, and Facebook trying to use OAuth anyway to accomplish > it is what causes the problems. What is the use case? http://oauth.net/core/1.0a/ claimed "OAuth creates a freely-implementable and generic methodology for API authentication." Shouldn't we expect generic authentication to include authenticating both peers? I feel that OAuth has tried to be jack of all trades. > How do you do this? By, as mentioned in the blog post you cited, > following the OAuth specs recommendations, unlike Twitter: > > "In many applications, the Consumer application will be under the > control of potentially untrusted parties. For example, if the Consumer > is a freely available desktop application, an attacker may be able to > download a copy for analysis. In such cases, attackers will be able to > recover the Consumer Secret used to authenticate the Consumer to the > Service Provider. Accordingly, Service Providers should not use the > Consumer Secret alone to verify the identity of the Consumer." [right > from the OAuth spec; that Twitter may have ignored this is not OAuth's > fault]. I think we're rehashing what's written in links already posted, but that section continues "Where possible, other factors such as IP address should be used as well" which seems somewhat inadequate as an authentication component. The specs don't really give any positive direction on how to handle published Consumer applications, so I feel it's not surprising that Twitter and others filled the vacuum with silliness. > Yes, to do this, OAuth requires one of two workflows, neither ideal: > 1) Redirect to Twitter where the user logs in, and is then redirected > back [...] > 2) Have the user enter their twitter login/password directly in client > application, which then sends it on to twitter. [...] > Not ideal, true. But no other solution is going to do better, because > that's just how the universe works, unless some genius can come up with > something nobody's thought of yet. The authentication workflow isn't the problem. It's this consumer secret nonsense. I've been pointed at Yahoo's CCK which looks like an API to work around this problem with OAuth: http://developer.yahoo.com/oauth/guide/create-consumer-key-guide.html But what's wrong with the idea of a CCK-like way of creating a subsidiary username with limited privileges and communicating that back to the app for use? The authentication workflow can even be the same. In other words, apart from this consumer secret confusion, what does OAuth add to this field which wasn't already there with HTTPS authentication and cookies? Confused, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] Looking for OAuth experts
Ross Singer wrote: > Agreed on this assessment, Jonathan. MJ, can you extrapolate on your > concerns, because that Ars Technica article is not going to cut it for > anything more than to avoid the choices that Twitter made. I've just sent another message trying to do that. Hope it helps. > And even by the standards of that article, I'm not sure that OAuth is > inappropriate for the ILS-DI's use cases which are: > > 1) server-to-server communication as the first priority > 2) something relatively standardized and abstracted enough to allow > for institutions' local authentication mechanisms. I think FOSS servers would be affected by the published-key spoofing flaw too, wouldn't they? Some of the projects that want to support ILS-DI are FOSS - one of the Koha support companies signed some ILS-DI announcement IIRC, while another wrote some of the code to implement it. > Which basically spells out the problem the ILS-DI group is facing: an > incomplete, but evolving standard with heavy industry support, or... > nothing. Glad to see it's recognised that OAuth is incomplete. I've heard as much opposition as support among developers. On the one hand, it's more work to sell. On the other, they're now even more at the mercy of big service providers who can break their applications (and so eat their support budgets) at will. > We are still very much in the fact-gathering stage, so any suggestions > are welcome. [...] If the problem that the group is trying to solve was explained on this list, readers might be able to offer suggestions. Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] Looking for OAuth experts
Jonathan Rochkind wrote: > Can you give some details (or references) to justify the belief that > OAuth isn't ready yet? (The fact that Twitter implemented it poorly > does not seem apropos to me, that's just a critique of Twitter, right?). > > I don't agree or disagree, just trying to take this from fud-ish rumor > to facts to help me and others understand and make decisions. The problems with Twitter's poor implementation have been compounded by bad management decisions like switching off HTTP authentication and an amazing policy on key invalidation, but I agree that's not the fault of OAuth. The key point is in the http://bit.ly/c88aa7 that Joe posted: how can one publish an OAuth-using client that's not easy to impersonate? Requiring every user to fill out registration forms and cut-and-paste key strings into a client is not going to fly, so it seems like it can't be done except on a very locked-down platform, because the consumer secret is distributed to users' systems in the app. So you either ignore the key parts of the 1.0a version (which means that the standard needs revision IMO, so is not ready yet), or you jump ahead to the 2.0 draft, which is not ready yet because it's still a draft. Personally, I think the right answer would have been to keep HTTP authentication over HTTPS and have some slick way of creating subsidiary usernames with limited privileges for apps, but there's probably some better solution that I'm missing. Aside 1: will 2.0 ever work and be ready? Its editor Eran Hammer-Lahav criticises its current state at http://hueniverse.com/2010/09/oauth-2-0-without-signatures-is-bad-for-the-web/ Aside 2: to be fair, I'll point out that Eran Hammer-Lahav criticises the ars.technica article at http://hueniverse.com/2010/09/all-this-twitter-oauth-security-nonsense/ but does mention that "there is no solution [...] for a distributed application" - does that mean OAuth isn't fit for FOSS? Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] Looking for OAuth experts
"j.g. pawletko" wrote: > I haven't implemented OAuth, and you may have already read this, > but if not: ArsTechnica wrote a critique of the Twitter OAuth > implementation that may be of interest. You can find that article > here: http://bit.ly/c88aa7 The co-op has been working on OAuth recently, including for Twitter. I feel the above is an accurate summary. In short, OAuth isn't ready yet and it would be very disappointing if ILS-DI adopts it. What other options is ILS-DI API group considering? Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha
Re: [CODE4LIB] open source proxy packages?
Brian Tingle wrote: > apache httpd has a mod_proxy module can let apache act as a proxy server. > > http://httpd.apache.org/docs/current/mod/mod_proxy.html > > You should be able to use this with htpasswd files you would use to > secure a web directory with apache. You can also combine it with Nick Kew's mod_proxy_html http://apache.webthing.com/mod_proxy_html/ to fix any websites that are sending absolute URLs (which many publishers do). But I've been implementing this for a few sites for a few years and it's still basically an unsustainable game of trying to keep updating the proxy configurations to match changes made by website publishers. Publishers generally don't announce or document changes and even sometimes refuse to discuss them with their paying customers! So, if you can, I'd go for distributed authentication like Shibboleth. Does OCLC automatically update EZProxy configuration to match website publisher updates? I'd be happy to develop and supply free and open source proxy configurations with a wiki of sample configurations based on our past experiences. We'd troubleshoot and contact publishers when needed. Would anyone be interested in subscribing to such a service from the co-op? Thanks, -- MJ Ray (slef) Webmaster and developer for hire at | software www.software.coop http://mjr.towers.org.uk| co IMO only: see http://mjr.towers.org.uk/email.html | op
Re: [CODE4LIB] change management system
"Boheemen, Peter van" > Never experienced any problem with FogBugz sending email. But do those emails follow the RFCs? In particular, do they have a full set of both MUST and SHOULD headers? > Mail integration is fabulous. Ofcourse you can send email notifications, > but it also accepts mails and automatically creates cases from them. It > can even learn to categorize these cases as belonging to certain > projects and also uses bayesian filtering to detect spam. > You can send an email from a case and replies will automatically be > linked to this case. > If you send an email to fogBugz it will be added to the case when it > finds the case number preceded by the word 'case' in the subject. It is > certainly useful to try it out. [...] As mentioned, I've tried fogBugz and changed supplier to avoid having to use it. I'm not sure if it was fogBugz or the supplier that was broken. It doesn't much matter when it's costing money. RT will do almost all of the above (email notifications and receipt, automatic task creation, email from a case, subject-line linking and you can specify the prefix - watch the hilarity when two fogBugz systems email each other), but I think the project categoriser thing is an add-on and we use our regular spam filters (building it into each email-connected application seems wasteful). Hope that helps, -- MJ Ray (slef) Webmaster and LMS developer at | software www.software.coop http://mjr.towers.org.uk| co IMO only: see http://mjr.towers.org.uk/email.html | op
Re: [CODE4LIB] change management system
marijane white > FogBugz seems really fabulous. In my previous career as a QA engineer, my > team was planning to try it out, but our employer went out of business > before we had a chance to pilot it. Is FogBugz able to send RFC-conformant emails? The only supplier I've met that used it hadn't got it to sent good emails, so they got spam-filtered far too often, so we changed supplier. Our co-op uses RT, but not in a very visible-to-clients way. Hope that helps, -- MJ Ray (slef) Webmaster and LMS developer at | software www.software.coop http://mjr.towers.org.uk| co IMO only: see http://mjr.towers.org.uk/email.html | op
Re: [CODE4LIB] Online PHP course?
graham wrote: > MJ Ray wrote: > > I'll send a note to suggest that any Koha ones are mentioned here. > > I hope it will be using something like Lernid or Muji rather than > > selling us out to the private sector Skype, though ;-) > > muji? can't find any references to it - is it a typo? Muji can be found at http://telepathy.freedesktop.org/wiki/Muji for now. Multi-way video conferencing using Jingle protocol. Not ready for prime-time yet, but looks like it might offer a way to break out of the multiple incompatible proprietary servers and clients. Hope that explains, -- MJ Ray (slef) Webmaster and LMS developer at | software www.software.coop http://mjr.towers.org.uk| co IMO only: see http://mjr.towers.org.uk/email.html | op
Re: [CODE4LIB] Online PHP course?
Tim Spalding wrote: > I wonder if Code4Lib would ever be a good outlet for online > programming tutorials or hack sessions. I mean, get 10 people on > Etherpad or CodeArmy together, and Skype, and you could learn a lot, > and do a lot. I'll send a note to suggest that any Koha ones are mentioned here. I hope it will be using something like Lernid or Muji rather than selling us out to the private sector Skype, though ;-) Regards, -- MJ Ray (slef) Webmaster and LMS developer at | software www.software.coop http://mjr.towers.org.uk| co IMO only: see http://mjr.towers.org.uk/email.html | op
Re: [CODE4LIB] Online PHP course?
Thomas Krichel wrote: > Joe Hourcle writes > > ps. yes, I could've used this response as an opportunity to bash > > PHP ... and I didn't, because they might be learning PHP to > > migrate it to something else. > > controversial ;-) > > what's the problem(s) with PHP? Oh please don't nuke the list from orbit like that! I hope that this is a balanced enough reply to keep everyone happy: Our experience is that PHP hosting environments vary much more, most PHP code is a mess (PHP-based software was part of 35% of the U.S. government's National Vulnerability Database in 2008 - http://www.coelho.net/php_cve.html) and few things (code and hosting) move between the different major versions smoothly. It's a "personal home page" tool which has grown massively, for better or worse. BUT! Even after all that, software.coop still supports some PHP applications because they can work well and be very useful, though we're under no illusions about PHP's warts. Hope that helps, -- MJ Ray (slef) Webmaster and LMS developer at | software www.software.coop http://mjr.towers.org.uk| co IMO only: see http://mjr.towers.org.uk/email.html | op
Re: [CODE4LIB] T-shirt Design Contest
Michael J. Giarlo wrote: > We've talked before about setting up a code4lib CafePress store. > Maybe we've already done it? It's an idea, at least. Does CafePress sell ethical and organic cotton t-shirts? I feel we should try to avoid taking Uzbekistan's children out of school to make library-related clothing if we can. More information and links at http://www.news.software.coop/are-your-free-software-t-shirts-ethical/112/ Thanks, -- MJ Ray, member of www.software.coop Experts in web and GNU/Linux (TTLLP # in subject emails = copy to all workers unless asked.) Turo Technology LLP, reg'd in England+Wales, number OC303457 Reg. Office: 36 Orchard Cl., Kewstoke, Somerset, GB-BS22 9XY
Re: [CODE4LIB] Accessible reCaptcha Was: Bookmarking web links - authoritativeness or focused searching
Eric Hellman wrote: > Are you arguing that reCaptcha cannot be accessible or that it is > incorrectly implemented on this site? Primarily that it is incorrectly implemented. However, I've yet to see an implementation of recaptcha that is accessible and does not needlessly insult users with impaired vision. Even the one on recaptcha.net includes the fully-abled=human insults. > Usually recaptcha is a good example of a robot blocker that is > accessible to print-disabled users. My impairments are quite mild (short-sighted with some contrast/light problems - the photo on my website is a few years old, before I had to wear my glasses all the time - oh vanity and laziness; and hearing problems in one ear) but still recaptcha is a pain in the eye. Maybe it's worse for impaired users, than print-disabled ones like you? > The notion that javascript cannot > be used in an accessible website is obsolete (it's not 2000 any more). > There are javascript techniques that make sites inaccessible, just as > there are html techniques that make the site accessible. There are > javascript techniques that INCREASE accessibility. Of course there are, but surely even the most enthusiastic javascript advocate accepts that the sites using javascript in ways that harm accessibility far outweigh the numbers using it well today? So, it's reasonable if script execution permission defaults to denied and is enabled site-by-site for now. However, I wasn't complaining about the javascript use, just noting that you might find it easier to start seeing the "check you're a human" nastiness by switching javascript off. "View Source" might work just as well, depending on how it has been implemented. > I've recently been learning about accessibility issues [...] Thank you. I wish everyone did. I've been learning about accessibility issues since my eyesight started to deteriorate and my hearing was damaged. This isn't an add-on issue for me. It's vital for web use. Regards, -- MJ Ray (slef) LMS developer and webmaster at | software www.software.coop http://mjr.towers.org.uk| co IMO only: see http://mjr.towers.org.uk/email.html | op
Re: [CODE4LIB] Bookmarking web links - authoritativeness or focused searching
Andrew P wrote: > Also worth mentioning is a new site SiteCite.com that > allows you to organize web links with custom URLs. It was created by a > library programmer and has > discovery tools so that bookmarks are easily retrievable. [...] I'm surprised that a library programmer has put the "We need to make sure you are a human" Google-reCaptcha insult on their sign up page. It's even on their contact form, so we can't even tell them about it. (If you don't see the messages which suggest disabled users are not humans, try disabling javascript - javascript is usually disabled by default with noscript.net because it's confusing when things you don't see perfectly start moving themselves around the page.) I strongly suggest people don't promote siteCite.com until they drop reCaptcha. The "re" should stand for "remove". Thanks, -- MJ Ray (slef) LMS developer and webmaster at | software www.software.coop http://mjr.towers.org.uk| co IMO only: see http://mjr.towers.org.uk/email.html | op
Re: [CODE4LIB] Bookmarking web links - authoritativeness or focused searching
Cindy Harper wrote: > I've been thinking about the role of libraries as promoter of authoritative > works - helping to select and sort the plethora of information out there. > And I heard another presentation about social media this morning. So I > though I'd bring up for discussion here some of the ideas I've been mulling > over. [...] > Is anyone else thinking about these ideas? or do you know of projects that > approach this goal of leveraging librarian's vetting of authoritative > sources? The big problem with social media sites is that they tend towards privatising our data. Any solution needs to be both FOSS and Open Data to overcome that. Some of the veterans here will probably remember the ODP (dmoz.org) and VLib.org catalogues. Can we build on them instead of inventing another wheel? Thanks, -- MJ Ray (slef) LMS developer and webmaster at | software www.software.coop http://mjr.towers.org.uk| co IMO only: see http://mjr.towers.org.uk/email.html | op
Re: [CODE4LIB] Library Website Redesign Info and Project Plans
"Walker, David" wrote: > My wife really likes "Web Redesign: Workflow that Works", by Kelly Goto & > Emily Cotler. > > The second edition is called Web Redesign 2.0. > > http://www.web-redesign.com/ > http://www.worldcat.org/oclc/57641137 I'm sure it's a fine book, but does it worry anyone else that the book's website doesn't meet the Web Content Accessibility Guidelines 1.0? In particular, the chapter selector only works with javascript execution permission. Then again, it looks like WorldCat also fails, so they're in good company. Regards, -- MJ Ray, member of www.software.coop Experts in web and GNU/Linux (TTLLP # in subject emails = copy to all workers unless asked.) Turo Technology LLP, reg'd in England+Wales, number OC303457 Reg. Office: 36 Orchard Cl., Kewstoke, Somerset, GB-BS22 9XY
Re: [CODE4LIB] drupal4lib live broadcast
Phil Cryer wrote: > hey all - great time at the con, was bummed I didn't know about the > drupal4lib until i t was too late - but they're broadcasting live > here: http://www.ustream.tv/channel/darien-library-live Is there actually a video stream URL (instead of a web SWF+JS one) so we can watch it on a TV instead of an insecure PC? Thanks, -- MJ Ray (slef) Webmaster for hire, statistician and online shop builder for a small worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
Re: [CODE4LIB] "best" OCR package?
Alberto Accomazzi wrote: > [...] I know about OCRopus but I have a feeling that > commercial products still have a significant edge over public domain > packages. [...] OCRopus is released under the Apache License 2.0, which allows commercial development. It is not a public domain package. Feel free to use it as a commercial product without fear. Hope that helps, -- MJ Ray (slef) Webmaster for hire, statistician and online shop builder for a small worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
Re: [CODE4LIB] perl recaptcha?
"- Jonathan Rochkind, Johns Hopkins Univ." <[EMAIL PROTECTED]> wrote: > But it doesn't look to me like a university and/or library can use > Akismet for free; it looks like it might be $25/month ($300 a year), > which is a bit steep. But I'm not certain; anyone know if a university > library can maybe in fact use it for free? I'm not sure. I couldn't use it for free on my commercial sites. This is part of the reason why I'm glad antispam.typepad.com launched, which is free for commercial use. It claims to be 100% API compatible with Akismet, so just switch the URL in the new() call and it should start working. Hope that helps, -- MJ Ray (slef) Webmaster for hire, statistician and online shop builder for a small worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
Re: [CODE4LIB] perl recaptcha?
Thomas Dowling <[EMAIL PROTECTED]> wrote: > Does anyone know anything concrete about "cognitive" captchas? I've run > into anecdotal support for things like: >Enter the word "orange" [...] > Are these known to work? Or are they just clever guesses about what > bots might not be able to figure out? There are mostly anecdotes because this stuff is hard to test properly. I found they worked a little, but are just clever guesses. "3.1 Logic puzzles The goal of visual verification is to separate human from machine. One reasonable way to do this is to test for logic. Simple mathematical word puzzles, trivia, and the like may raise the bar for robots, at least to the point where using them is more attractive elsewhere. Problems: Users with cognitive disabilities may still have trouble. Answers may need to be handled flexibly, if they require free-form text. A system would have to maintain a vast number of questions, or shift them around programmatically, in order to keep spiders from capturing them all. This approach is also subject to defeat by human operators." Source: http://www.w3.org/TR/turingtest/#logic As that last phrase hints, bots are not the only problem. See http://www.schneier.com/blog/archives/2007/11/spammers_using.html for example. Hope that helps, -- MJ Ray (slef) Webmaster for hire, statistician and online shop builder for a small worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
Re: [CODE4LIB] perl recaptcha?
Jonathan Rochkind <[EMAIL PROTECTED]> wrote: > The Recaptcha device specifically also provides an audio test. But point > taken, even so it could prevent accessibility challenges. See the w3c for how poorly audio tests perform: even people who can hear properly (which I can't) fail them frequently! > Nevertheless, when my system is currently receiving around one software > powered spam per minute, I need a quick pre-built drop-in solution to > this; I don't have time to write my own AI! If you have any other free > or affordable pre-built drop-in solutions to spam protection to suggest, > this would be a great forum to do so! I don't think you've given enough background until now, but if you want quick drop-in solutions for web comment forms, I'd probably look into:- 1. posting a notice next to the comment form stating it will *not* be published automatically and linking to your policy. Seriously - this will stop some bad people putting you on their "spam this form" lists, else they think you're virgin snow ready for weeing on; But that won't help with the spam bots already attacking, so:- 2. the Akismet and TypePadAntiSpam comment form systems (similar APIs IIRC, so both should work with Net::Akismet) which aren't great (contacting an unauditable spam classification server) but should be fairly fast to get working; and/or 3. including a hidden field with a limited-lifetime verifiable token in it, which will at least limit how long they can spam you with one form; and/or 4. simply trapping certain expressions and telling commenters not to send them (I often ban http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
Re: [CODE4LIB] perl recaptcha?
Jonathan Rochkind <[EMAIL PROTECTED]> wrote: [...] > And then fails. Anyone managed to do this, or have any other advice for > using Recaptcha from perl? Please don't use it as a barrier on the only access route to a service, else you will be locking out humans with vision or hearing problems, or even simply high browser security settings. More info: http://www.w3.org/TR/turingtest/ If you want to combat spam, there are better ways, including some premoderation and heuristic checks of user submissions. After all, Recaptcha doesn't stop all human-powered spam (whether directly by a spammer or by porn-trojans). Hope that helps, -- MJ Ray (slef) Webmaster for hire, statistician and online shop builder for a small worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
Re: [CODE4LIB] planet.code4lib.org -- 3 suggestions
Jonathan Rochkind <[EMAIL PROTECTED]> wrote: > Some of MJ's ideas sound really good as interface ideas. I probably > wont' personally be hacking the planetplanet software to do it though. Neither 1 or 2 involve hacking the planetplanet software and 3 might be do-able anyway. They're template changes. Here's how to do them:- > > 1. constrain posts to a maximum size with CSS like on planet sysadmin > > http://www.sysadminblogs.com/planet/ Add the following to the planet.css file:- .entry { max-height: 15em; overflow: auto; } > > 2. add a Javascript "Hide Author" to the template like on planet debian > > http://planet.debian.net/ Copy http://planet.debian.net/hide.js /minus-8.png and /plus-8.png to your host, then add window.onload=hideHosts; to the head section of index.html.tmpl, then document.write( "<a href=\"#\" id=\"<TMPL_VAR NAME="link" ESCAPE="URI">_hide\" onClick=\"exclude( '<TMPL_VAR NAME="link" ESCAPE="HTML">' ); hideHosts(); return false;\"><img src=\"/minus-8.png\" style=\"border: none;\" title=\"Hide Author\" alt=\"Hide Author\" height=\"8\" width=\"8\"></a> <a href=\"#\" id=\"<TMPL_VAR NAME="link" ESCAPE="URI">_show\" style=\"display:none;\" onClick=\"show( ''<TMPL_VAR NAME="link" ESCAPE="HTML">' ); return false;\"><img src=\"/plus-8.png\" style=\"border: none;\" title=\"Show Author\" alt=\"Show Author\" height=\"8\" width=\"8\"></a>" ); to the main loop's (or something pretty close to that - I might be wrong on the ESCAPEs and they could all be HTML...) > > 3. add "Skip to next" links to the top of each post (not seen this > > done on planetplanet sites yet) Not sure how to do this one in tmpl (I've done it in XSLT before). It might require hacking the planetplanet software. Hope that helps, -- MJ Ray (slef) Webmaster for hire, statistician and online shop builder for a small worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
Re: [CODE4LIB] planet.code4lib.org -- 3 suggestions
Jonathan Rochkind <[EMAIL PROTECTED]> wrote: [...] > Other blogs people have suggested I remove from the code4lib aggregator, > as consisting of mainly nontopical content for code4lib, are Mark > Lindner and Meredith Farkas. I guess say so if you'd like to LEAVE > those on the aggregator, and if nobody says so, I'll leave them. If > someone does say so... then I have no idea. :) Contact the authors and ask them if it's OK to remove them? If not, bring it to the list and let people scratch their heads. By the way, I'd be disappointed to see truncated posts, but there are other options:- 1. constrain posts to a maximum size with CSS like on planet sysadmin http://www.sysadminblogs.com/planet/ 2. add a Javascript "Hide Author" to the template like on planet debian http://planet.debian.net/ 3. add "Skip to next" links to the top of each post (not seen this done on planetplanet sites yet) Any of those float the truncation-advocates' boat? Regards, -- MJ Ray (slef) Webmaster for hire, statistician and online shop builder for a small worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
Re: [CODE4LIB] Open Source Repositories
Carol Bean <[EMAIL PROTECTED]> wrote: > Done anyone know of open source repositories that have precompiled > software? (Especially low resource software) As well as their own, most of the free software operating systems have third-party repositories, such as those listed at http://www.apt-get.org/ for debian. Make sure you trust the third party provider, though! Regards, -- MJ Ray (slef) Webmaster for hire, statistician and online shop builder for a small worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237