LYRASIS has published three open source software case studies on FOSS4LIB.org as part of its continuation of support and services for libraries and other cultural heritage organizations interested in learning about, evaluating, adopting, and using open source software systems.
Just a brief pair of threads this week. First is a look at what is happening with mobile device encryption as consumer electronics companies deal with data privacy in the post-Snowden era. There is also the predictable backlash from law enforcement organizations, and perhaps I just telegraphed how I feel on the matter. The second thread looks at how Getty Images is trying to get into distributing its content for free to get it in front of eyeballs that will end up paying for some of it.
In the DLTJ Thursday Threads this week: an analysis of how external services included on library web pages can impact patron privacy, pointers to a series of helpful posts from OCLC on communication between software users and software developers, and lastly an update on the continuing discussion of the Kuali Foundation Board’s announcement forming a commercial entity.
Before we get started on this week’s threads, I want to point out a free online symposium that LYRASIS is performing next week on sustainable cultural heritage open source software. Details are on the FOSS4Lib site, you can register on the LYRASIS events site, and then join the open discussion on the discuss.foss4lib.org site before, during and after the symposium.
Welcome to the latest edition of Thursday Threads. This week’s post has a continuation of the commentary about the Kuali Board’s decisions from last month. Next, news of a fundraising campaign by the Ada Initiative in support of women in technology fields. Lastly, an article that looks at the relative bulk bandwidth costs around the world.
This weeks threads are a mixture of the future, the present and the past. Starting things off is A History of the Future in 100 Objects, a revealing look at what technology and society has in store for us. Parts of this resource are available freely on the website with the rest available as a $5 e-book. Next, in the present, is the decision by the Kuali Foundation to shift to a for-profit model and what it means for open source in the academic domain. And finally, a look at the past with the mindset list for the class of 2018 from Beloit College.
Someone out there on the internet is repeatedly hitting this blog’s /xmlrpc.php service, probably looking to enumerate the user accounts on the blog as a precursor to a password scan (as described in Huge increase in WordPress xmlrpc.php POST requests at Sysadmins of the North). My access logs look like this:
18.104.22.168 - - [04/Sep/2014:02:18:19 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 22.214.171.124 - - [04/Sep/2014:02:18:19 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 126.96.36.199 - - [04/Sep/2014:02:18:19 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 188.8.131.52 - - [04/Sep/2014:02:18:21 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 184.108.40.206 - - [04/Sep/2014:02:18:22 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 220.127.116.11 - - [04/Sep/2014:02:18:24 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 18.104.22.168 - - [04/Sep/2014:02:18:24 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 22.214.171.124 - - [04/Sep/2014:02:18:26 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
By itself, this is just annoying — but the real problem is that the PHP stack is getting invoked each time to deal with the request, and at several requests per second from different hosts this was putting quite a load on the server. I decided to fix the problem with a slight variation from what is suggested in the Sysadmins of the North blog post. This addition to the .htaccess file at the root level of my WordPress instance rejects the connection attempt at the Apache level rather than the PHP level:
The conference organizers for WSSSPE2 have posted the list of accepted papers and the application for travel support. I was on the program committee for this year’s conference, and I can point to some papers that I think are particularly useful to libraries and the cultural heritage community in general:
- Michael R. Crusoe and C.Titus Brown. Channeling community contributions to scientific software: a hackathon experience
- James Howison. Retract bit-rotten publications: Aligning incentives for sustaining scientific software
- Marian Petre and Greg Wilson. Code Review For and By Scientists
- Jory Schossau and Greg Wilson. Which Sustainable Software Practices Do Scientists Find Most Useful?
Did you feel a great disturbance in the open source force last week? At noon on Friday in a conference call with members of the Kuali community, the Kuali Foundation Board of Directors announced a change of direction:
We are pleased to share with you that the Kuali Foundation is creating a Professional Open Source commercial entity to help achieve these goals. We expect that this company will engage with the community to prioritize investments in Kuali products, will hire full-time personnel, will mesh a “software startup” with our current culture, and will, over time, become self-sustaining. It enables an additional path for investment to accelerate existing and create new Kuali products.
Two weeks in a row! This week’s DLTJ Thursday Threads looks at how Twitter changed its timeline functionality to include things that it thinks you’ll find interesting. Next, for the academic libraries in the audience, is a report from the New Media Consortium on trends and technologies that will libraries will likely encounter in the next five years. Lastly, news about research into how USB devices can spread malware in ways we can’t detect.
Welcome to the revival of DLTJ Thursday Threads. With the summer over and the feeling of renewal towards this blog and its topics, I’m happy to be back sharing tidbits of technology that I hope you will find interesting. Today’s set of threads covers the gnarly security issues behind the bright-and-shiny chip-on-payment card systems being rolled out by banks and retailers in the U.S., a list of resources for checking things that you read about online, and a heads-up on changes to how your phone will work in the near future.