Sensible talk about HTTPS

https showing in a browser bar

(this is a slightly amended reprint of an article I wrote for Computers in Libraries magazine in 2016 and I’m putting it here because it’s timely. Original title: Practical Technology – Digital Privacy is Important Too. If something seems inaccurate, let me know.)

This month’s column is amplifying the signal on a movement that has been brewing in the library world: getting libraries to make patron’s digital activities as secure as their lending records. There are a few ways to do this but I’m going to focus on using HTTPS. Continue reading “Sensible talk about HTTPS”

National Library Week – thoughts on cybersecurity

cyber

[this is a transcript of an email I sent to someone doing cybersecurity+libraries research]

There are two ways in which libraries could be doing a lot better in the realm of cybersecurity. And I should note, I work for rural libraries and digitally divided patrons for the most part so a lot of my ideas are on human scale but there are a lot of good ideas in the larger scale about just encrypting and anonymizing data but they’re sort of the same as they would be for any big business.

1. Being better at patron privacy re: cybersecurity. So if we offer patron privacy in terms of what they’re reading (and we do, in the US this is a big deal) why don’t we go to more trouble to help their patrons’ browsing experiences be more secure (https, Tor, encrypted wifi, who knows….)? The answer is boring: money. But it’s a useful concern and one that library leadership (professional organizations etc.) could be doing a HELL of a lot better at. Also pushing vendors (since we buy a lot of b2b software) to offer safer tools. We still have vendors who will email you a password in plaintext. Those vendors should not be getting money by anyone and it’s just a highlight of how little we understand. Like, you’d never buy a car without seatbelts (and, well, can’t) so why are these people still in business?

2. Being better at raising awareness of cybersecurity issues and communicating that to our patrons. So “talking the walk” if you will. This line is trickier because at some level if a patron says “I don’t really care about privacy…” it becomes a challenge to figure out what to do. Do you try to “incent” them to get more serious about it, or do you just realize there are a lot of different ways to be human? I think there are a lot of smart people in the Open Source world who sort of shot themselves in the foot being OS purists and people couldn’t get on board if the only way you could support free software was go ALL IN with OS tools. The same with cybersecurity and privacy, we have to find ways to allow people to twiddle the knobs for themselves. They want to use facebook, but do it safely. Do we have something to offer them?

THAT said I think we need, as a profession, to become a lot more aware of what threats really look like and who we’re really in danger from (imo, it’s more government and advertisers and not what we’ve traditionally thought of as “bad guys”) and having our own way to frame the narrative so that the library is part of that conversation and can help people understand the issues. You read “old media” and you get the feeling that a lot of them don’t really understand the problem (and TV news, my god) so it’s no wonder people who are of average computer intelligence can’t figure it out better. We need to provide options and sensible information to those people not just more FUD.

learning git to share more free stuff

screen shot of the page with the search box I made

I made a thing. It started out with me just reading Twitter. A friend built a thing and tweeted about it.

The thing was a super-simple search box which returned content on Flickr that was public domain or Creative Commons licensed. Very cool. However, when I use stuff on my talks, tools or otherwise, I like to make sure it’s free content. Creative Commons is great, I just was looking for something a little different. I noticed the code was on Github and thought “Hmmm, I might be able to do this…”

I’ve used Github a bit for smaller things, making little typo fixes to other people’s stuff. If you don’t know about it, it’s basically a free online front end to software called Git. At this site, people can share a single code base and do “version control” with it. This is a super short and handwavey explanation but basically if someone says “I made a thing, the code is on Github” you can go get that code and either suggest modifications to the original owner OR get a copy for yourself and turn it into something else.

In the past we’ve always said that Open Source was great because if you didn’t like something you could change it. However it’s only been recently that the tools to do this sort of thing have become graspable by the average non-coder. I am not a coder. I can write HTML and CSS and maybe peek inside some code and see what it’s doing, maybe, but I can’t build a thing from scratch. Not complaining, just setting the scene.

So, I “forked” this code (i.e. got my own copy) and opened it up to see if I could see where it was doing its thing and if I could change it to make it do something slightly different. Turns out that Flickr’s API (Advanced Programming Interface) basically sends a lot of variables back and forth using pretty simple number codes and it was mostly a case of figuring out the numbers and changing them. In this image, green is current code, red is older code.

a copy of the code showing what was changed.

The fact that the code was well-commented really helped. So then I changed the name, moved it over to space that I was hosting (and applied for my own API code) and I mess around with it every few days. And here’s the cool thing. You can also have this code, either Dan’s which searches free and CC images, or mine which only searches for free images. And you don’t have to mess with it if you don’t want. But if maybe you want to use the thing but make a few of your own modifications, it’s easier than ever to do it with something like Github. Please feel free to share.

If you’re always looking for more ways to get public domain and free images, you may like this older post I wrote.

Free tech learning resources – short list

screen shot from Chinese advanced email handout

I mentioned back in January that NYPL has said they were putting all of their handouts for their tech classes online. It took a while for them to get that sorted, but they’re online now and worth checking out. There is rarely any good reason to reinvent the wheel in tech instruction. While computers and the internet have changed a great deal, many old favorites like Mousercise still deliver. There are a lot of things people point to for good tutorials and lessons, but very few that have good information in a clear and easy to understand way. For anyone who is looking to actually spend money on tutorials, Lynda.com is the definite go-to. Otherwise the short list of worth-a-damn sites continues to be short.

If you’re on facebook there is a good group there that is low traffic where people regularly swap ideas for this sort of thing (or answer questions) called Technology Training and Libraries

Why sourcing photos matters – how misattribution is amplified on the web

I wrote an article for Computers in Libraries last week about the PicPedant account on twitter and the odd preponderance/problem of unsourced images flying around the internet. This is just a true thing about how the internet works and people have been misattributing things since forever. However, there’s a new wrinkle in this process where the combination of popular blogs/twitter accounts along with some of the “secret sauce” aspects to how Google works creates this odd phenomenon which can actually amplify misinformation more than you might expect. Here’s my example.

Hans Lansgeth

This man is Hans Langseth. I know this because I was a kid who read the Guinness Book of World’s Records a lot and I recognized him from other pictures. He has the longest beard in the world. The image on the right is a clever photoshop. However, if you Google Image search Hans Steininger, you will also find many versions of this photo. This is curious because Hans Steininger (another hirsute gentleman) died in 1567, pre-photography. His beard was also about four feet long whereas Langseth’s beard was more like 18+ feet long.

What happened? Many websites have written little lulzy clickbait articles about Steininger (sourcing other articles that themselves source actual articles at reputable-ish places like Time magazine which are inaccessible because of paywalls) and how he supposedly ironically died tripping over his own beard. They all link to the image of Langseth and don’t really mention the guy in the photograph is a different guy. The image and the name get hand-wavily semantically linked and search engines can’t really do a reality check and say “Hey, we use this image for a different guy” or “Hey, we can’t have a photograph of this guy because he lived in the 1500s”

google results for hans Steininger

Not a huge deal, the world isn’t ending, I don’t think the heirs of Langseth are up in arms about this. However as more and more people just presume the search engine and the “hive mind” approach to this sort of thing results in the correct answer, it’s good to have handy counterexamples to explain why we still need human eyeballs even as “everything” is on the web.