We’ve seen big announcements recently about unlimited cloud storage offerings for a flat monthly or fee. Dropbox offers it for subscribers to its Business plan. Similarly, Google has unlimited storage for Google Apps for Business customers. In both cases, though, you have to be part of a business group of some sort. Then Microsoft unlimited storage for any subscriber of all Office 365 customers (Home, School, and soon Business) as bundled offering of OneDrive with the Office suite of products. Now comes word today from Amazon of unlimited storage to consumers…no need to be part of a business grouping or have bundled software come with it.
Someone out there on the internet is repeatedly hitting this blog’s /xmlrpc.php service, probably looking to enumerate the user accounts on the blog as a precursor to a password scan (as described in Huge increase in WordPress xmlrpc.php POST requests at Sysadmins of the North). My access logs look like this:
22.214.171.124 - - [04/Sep/2014:02:18:19 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 126.96.36.199 - - [04/Sep/2014:02:18:19 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 188.8.131.52 - - [04/Sep/2014:02:18:19 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 184.108.40.206 - - [04/Sep/2014:02:18:21 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 220.127.116.11 - - [04/Sep/2014:02:18:22 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 18.104.22.168 - - [04/Sep/2014:02:18:24 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 22.214.171.124 - - [04/Sep/2014:02:18:24 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" 126.96.36.199 - - [04/Sep/2014:02:18:26 +0000] "POST /xmlrpc.php HTTP/1.0" 200 291 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
By itself, this is just annoying — but the real problem is that the PHP stack is getting invoked each time to deal with the request, and at several requests per second from different hosts this was putting quite a load on the server. I decided to fix the problem with a slight variation from what is suggested in the Sysadmins of the North blog post. This addition to the .htaccess file at the root level of my WordPress instance rejects the connection attempt at the Apache level rather than the PHP level:
This International Standard specifies the transactions between libraries or libraries and other agencies to handle requests for library items and following exchange of messages. This standard is intended to at first supplement and eventually succeed the existing international ILL standards ISO 10160, ISO 10161-1 and ISO 10161-2, which are based on the outdated open systems interconnection model. The introduction of the draft standard provides some background on the relationship of the new standard to the previous one.
As you are planning your trip to the 2013 LITA Forum in Louisville in mid-November, plan to stay a few hours longer to attend the ResourceSync Tutorial happening after the close of the main conference on Sunday. Herbert van de Sompel will lead this 3-hour session where attendees can learn about how the emerging ResourceSync standard can be used to synchronize web resources between servers. There is no cost to attend the post-conference tutorial, but we would appreciate knowing how many people are coming. Please select the post conference checkbox on the registration form to let us know.
My employer (LYRASIS) is a member of NISO (the accredited standards organization for information and documentation in the U.S.), and as the primary contact I see and consider ballots for standards issues that impact LYRASIS member libraries. The Interlibrary Loan (ILL) Application Protocol Specification (a.k.a. ISO 10160/10161) is up for its periodic review, and there is a bit of interesting movement on this standard. ISO 10160/10161 became a standard in 1993 so it predates the modern era of the web. The group shepherding the standard realized that progress had overtaken the specification and they started work on a reformulation of inter-machine ILL standards. This ballot and its supplemental documentation gives a view of the plans.
This is a review of the Airbender Bluetooth keyboard by New Trent (model IMP38W). I have been testing this unit since January 28, 2013, and traveled with it to Code4Lib in Chicago where I relied on the combination of the Airbender keyboard and iPad for a day of presentations with writing notes and searching the web for information. I received the unit from New Trent for testing and evaluation.
ResourceSync — a joint effort of NISO and the Open Archives Initiative (OAI) team with work funded by the Sloan Foundation — has published a draft specification that I urge members of the library technology community to look at. Building on the OAI-PMH strategies for synchronizing metadata, this project is modern web architecture technologies to enable the synchronization of the objects themselves, not just their metadata. From the abstract of the draft specification:
This ResourceSync specification describes a synchronization framework for the web consisting of various capabilities that allow third-party systems to remain synchronized with a server’s evolving resources. The capabilities can be combined in a modular manner to meet local or community requirements. The specification also describes how a server can advertise the synchronization capabilities it supports and how third party systems can discover this information. The specification repurposes the document formats defined by the Sitemap protocol and introduces extensions for them.
Last month’s HathiTrust newsletter had an interesting technical tidbit at the top about access to out-of-print and brittle or missing items:
One of the lawful uses of in-copyright works HathiTrust has been pursuing is to provide access on an institutional basis to works that fall under United States Copyright Law Section 108 conditions: works in HathiTrust that are not available on the market at a fair price, and for which print copies owned by HathiTrust member institutions are damaged, deteriorating, lost or stolen. As a part of becoming a member, institutions are required to submit information about their print holdings for fee calculation purposes. We have also been requesting information about the holdings status and condition of works, to facilitate uses of works where permissible by law (specifications for HathiTrust holdings data are available at http://www.hathitrust.org/print_holdings).
Two phishing1 attempts made it through the work spam filter earlier this month, and they show the creativity of bad guys as they try to get access to your machine. The attempts at social engineering were interesting enough I thought I’d describe them here. We’re getting pretty close the line where we can’t tell a legitimate e-mail from ones with nasty side effects.
The Fake Bounced Message
This message has the appearance of being a bounced e-mail from a server called ‘cyber.net.pk’.