[CODE4LIB] Fwd: [arclight-community] ArcLight MVP work cycle completed (links to final demo video)

2017-06-19 Thread Mark A. Matienzo
Dear colleagues, Please join me in extending congratulations to the ArcLight MVP project team. We have completed our eight-week work cycle to develop a minimum viable product to support discovery and delivery of archival materials using Blacklight, and have released ArcLight 0.1.1. Our final,

Re: [CODE4LIB] [lita-l] Public institutions using Let's Encrypt for security certificates?

2017-06-19 Thread Kyle Banerjee
> > I am not sure what Kyle means by "encryption hides attacks". Interfaces designed for humans are frequent targets for attack. Network monitoring tools are incredibly helpful for identifying compromised machines, bots, and humans trying to bust in. So yes, encryption does hide attack activity j

Re: [CODE4LIB] [lita-l] Public institutions using Let's Encrypt for security certificates?

2017-06-19 Thread Jonathan Rochkind
PS: If one single server (or group of identical servers, horizontally scaled) needs to respond to multiple hostnames, I would use a single SAN cert with multiple hostnames. If multiple entirely different servers just happen to be different *. university.edu -- I would not use a SAN cert or a wildc

Re: [CODE4LIB] [lita-l] Public institutions using Let's Encrypt for security certificates?

2017-06-19 Thread Jonathan Rochkind
There's no reason you _need_ to use a wildcard cert for many hosts. You can use a separate cert for each. The reason people prefer a wildcard cert is because it was a pain to _get_ and keep track of all those certs. letsencrypt archicture encourages you to just do that. The certs are automatically

[CODE4LIB] OLE Senior UX, UI and Interaction Designer position available

2017-06-19 Thread Holly L. Mistlebauer
OLE (the Open Library Environment, of which Cornell University Library is a member) has partnered with EBSCO and Index Data to build and implement FOLIO - a new open source library services platform. OLE is seeking a talented, ex

Re: [CODE4LIB] [lita-l] Public institutions using Let's Encrypt for security certificates?

2017-06-19 Thread Junior Tidal
We use it for our library. Best, Junior Junior Tidal Associate Professor Web Services and Multimedia Librarian New York City College of Technology, CUNY  300 Jay Street, Rm A434 Brooklyn, NY 11201 718.260.5481   http://library.citytech.cuny.edu -Original Message- From: Code for Librar

[CODE4LIB] Job Posting: Digital Repository Developer at Boston Public Library

2017-06-19 Thread Eben English
The Boston Public Library is seeking a talented programmer to help develop and maintain the core technical infrastructure for Digital Commonwealth ( https://digitalcommonwealth.org/) an open-source digital object repository system used by Massachusetts libraries, archives, historical societies, and

Re: [CODE4LIB] [lita-l] Public institutions using Let's Encrypt for security certificates?

2017-06-19 Thread Kyle Banerjee
I almost wrote it wouldn't work, but what works always depends on the particulars of your situation. For example, depending on how many domains you need and what mechanisms you're using, you might be able to use Subject Alternative Name (SAN) certificates to mitigate the lack of a wildcard certific

Re: [CODE4LIB] [lita-l] Public institutions using Let's Encrypt for security certificates?

2017-06-19 Thread William Denton
On 18 June 2017, Jonathan Rochkind wrote: I'm actually having trouble finding an academic institution, or even a standard ecommerce site, that DOES use an EV cert. Where I work the library moved over to HTTPS a few months ago, and I'm happy to say we have one, thanks to university IT: https

Re: [CODE4LIB] [lita-l] Public institutions using Let's Encrypt for security certificates?

2017-06-19 Thread Cary Gordon
In my experience, it has become very easy to setup renewal. It has gotten easier with every release. Cary On Mon, Jun 19, 2017 at 7:55 AM Kyle Breneman wrote: > Thanks for chiming in, Kyle. I think, in your second-to-last sentence, you > were about to say "impossible." Is that right? Also is

Re: [CODE4LIB] [lita-l] Public institutions using Let's Encrypt for security certificates?

2017-06-19 Thread Kyle Breneman
Thanks for chiming in, Kyle. I think, in your second-to-last sentence, you were about to say "impossible." Is that right? Also is it difficult to setup automatic certificate renewal? For the record, I'm not trying to bypass any organizational processes here, just doing some legwork in hopes of

Re: [CODE4LIB] Functional requirements for open-source repositories

2017-06-19 Thread Thomas Guignard
Hi Paige We recently went through a process to replace our repository software (III/VTLS Vital) and although we did not explicitly state that the replacement had to be open source, it was one of the criteria in the RFI that we distributed. And as others said above, the existence of a large and act

Re: [CODE4LIB] [lita-l] Public institutions using Let's Encrypt for security certificates?

2017-06-19 Thread Kyle Banerjee
There are a few other catches. For example, you need to be able to run an appropriate ACME client and set up automatic certificate renewal since the maximum length you can get is 90 days. You also can't get wildcard certificates which makes doing things like proxying by host name (e.g. ezproxy). Yo

Re: [CODE4LIB] [lita-l] Public institutions using Let's Encrypt for security certificates?

2017-06-19 Thread Jonathan Rochkind
Here's a thread about per-TLD rate limits being a problem for universities; it seems per a post at the end of that thread that letsencrypt might exempt your institution from ratelimits, but an official agent of the university needs to submit the request: https://community.letsencrypt.org/t/rate-li

Re: [CODE4LIB] [lita-l] Public institutions using Let's Encrypt for security certificates?

2017-06-19 Thread Kyle Breneman
Thanks for that detailed and interesting reply, Jonathan. On Sun, Jun 18, 2017 at 12:35 PM, Jonathan Rochkind wrote: > Just to clarify, by "Commercial certificates offer stronger proof of > identity", you mean an "Extended Validation" (EV) certificate. > https://en.wikipedia.org/wiki/Extended_Va