National Library Week – thoughts on cybersecurity

Posted on by jessamyn

cyber

[this is a transcript of an email I sent to someone doing cybersecurity+libraries research]

There are two ways in which libraries could be doing a lot better in the realm of cybersecurity. And I should note, I work for rural libraries and digitally divided patrons for the most part so a lot of my ideas are on human scale but there are a lot of good ideas in the larger scale about just encrypting and anonymizing data but they’re sort of the same as they would be for any big business.

1. Being better at patron privacy re: cybersecurity. So if we offer patron privacy in terms of what they’re reading (and we do, in the US this is a big deal) why don’t we go to more trouble to help their patrons’ browsing experiences be more secure (https, Tor, encrypted wifi, who knows….)? The answer is boring: money. But it’s a useful concern and one that library leadership (professional organizations etc.) could be doing a HELL of a lot better at. Also pushing vendors (since we buy a lot of b2b software) to offer safer tools. We still have vendors who will email you a password in plaintext. Those vendors should not be getting money by anyone and it’s just a highlight of how little we understand. Like, you’d never buy a car without seatbelts (and, well, can’t) so why are these people still in business?

2. Being better at raising awareness of cybersecurity issues and communicating that to our patrons. So “talking the walk” if you will. This line is trickier because at some level if a patron says “I don’t really care about privacy…” it becomes a challenge to figure out what to do. Do you try to “incent” them to get more serious about it, or do you just realize there are a lot of different ways to be human? I think there are a lot of smart people in the Open Source world who sort of shot themselves in the foot being OS purists and people couldn’t get on board if the only way you could support free software was go ALL IN with OS tools. The same with cybersecurity and privacy, we have to find ways to allow people to twiddle the knobs for themselves. They want to use facebook, but do it safely. Do we have something to offer them?

THAT said I think we need, as a profession, to become a lot more aware of what threats really look like and who we’re really in danger from (imo, it’s more government and advertisers and not what we’ve traditionally thought of as “bad guys”) and having our own way to frame the narrative so that the library is part of that conversation and can help people understand the issues. You read “old media” and you get the feeling that a lot of them don’t really understand the problem (and TV news, my god) so it’s no wonder people who are of average computer intelligence can’t figure it out better. We need to provide options and sensible information to those people not just more FUD.

learning git to share more free stuff

Posted on by jessamyn

screen shot of the page with the search box I made

I made a thing. It started out with me just reading Twitter. A friend built a thing and tweeted about it.

The thing was a super-simple search box which returned content on Flickr that was public domain or Creative Commons licensed. Very cool. However, when I use stuff on my talks, tools or otherwise, I like to make sure it’s free content. Creative Commons is great, I just was looking for something a little different. I noticed the code was on Github and thought “Hmmm, I might be able to do this…”

I’ve used Github a bit for smaller things, making little typo fixes to other people’s stuff. If you don’t know about it, it’s basically a free online front end to software called Git. At this site, people can share a single code base and do “version control” with it. This is a super short and handwavey explanation but basically if someone says “I made a thing, the code is on Github” you can go get that code and either suggest modifications to the original owner OR get a copy for yourself and turn it into something else.

In the past we’ve always said that Open Source was great because if you didn’t like something you could change it. However it’s only been recently that the tools to do this sort of thing have become graspable by the average non-coder. I am not a coder. I can write HTML and CSS and maybe peek inside some code and see what it’s doing, maybe, but I can’t build a thing from scratch. Not complaining, just setting the scene.

So, I “forked” this code (i.e. got my own copy) and opened it up to see if I could see where it was doing its thing and if I could change it to make it do something slightly different. Turns out that Flickr’s API (Advanced Programming Interface) basically sends a lot of variables back and forth using pretty simple number codes and it was mostly a case of figuring out the numbers and changing them. In this image, green is current code, red is older code.

a copy of the code showing what was changed.

The fact that the code was well-commented really helped. So then I changed the name, moved it over to space that I was hosting (and applied for my own API code) and I mess around with it every few days. And here’s the cool thing. You can also have this code, either Dan’s which searches free and CC images, or mine which only searches for free images. And you don’t have to mess with it if you don’t want. But if maybe you want to use the thing but make a few of your own modifications, it’s easier than ever to do it with something like Github. Please feel free to share.

If you’re always looking for more ways to get public domain and free images, you may like this older post I wrote.

coming late to the webinar game

Posted on by jessamyn

me at a webinar looking like The Swedish Chef

So in the past month I’ve done something I swear I would never do. And I did it twice. I’m taking about webinars. I swore them off in 2008-ish when I did one that was an end-to-end hassle of software, hardware and personal communication. I felt underutilized and underpaid and definitely didn’t feel like I got my message across effectively. A lot has changed since then. Software has gotten better and I’ve gotten a bit better at working with whatever I’m given. Here’s a little rundown on the two events.

First talk was for NJLA, a little virtual keynote talk about Open Library. We used Adobe Connect software which was pretty straightforward to use even though it meant transferring my Keynote slides into PowerPoint. I got to give a talk, keep up with a chat window and answered questions afterwards. I thought it went well and I got to talk about Open Library to a lot of people without leaving my house. The talk is archived for NJLA members but otherwise not available online. Since I’ve been talking about Open Library a lot lately I’ve made a landing page for the various talks I gave.

The second talk was more complex as it was part of a multi-hour event called Library 2.016 with a subtopic called Privacy in the Digital Age. This one used Blackboard’s collaborate software which was a bit more of a hassle (could not use my presenter notes at all, had to read my talk from my laptop at home) but did allow for recording of the entire event so it could be played back, chatroom at all. My talk was short, twenty minutes, and then we had a brief Q&A session. The sponsor of the event, San Jose State University’s library school, made the odd choice of not making links to the recordings or the schedule of the event available to people who didn’t register. However, the link to the recording is a public link, so if you want to hear my talk, you can do that here. I’ve also put my notes and slides online in the usual place.

In both cases, the webinar format worked decently even if the software was a little clunky to get to know. Unsurprisingly, the trickiest issues were the human decisions that went into how to run the webinars, not the actual software or hardware. IU had a decent enough time and am going to consider maybe doing another webinar before another eight years pass. Big thanks to Allen McGinley and Steve Hargadon who made both events happen.

Leaving the library, going to #beyondcomments

Posted on by jessamyn

OK many of us know that online comments suck, but why do they suck and how can we make them not suck? I went to a conference to explore that topic.

index

One of the better pieces of advice I’ve heard from people within a single industry is that there’s a lot to be learned from cross-pollination… going where people are who don’t necessarily share your preconceptions and learning about what is important to you. I’ve been out of the community management game from a job perspective for a few years now but I remain interested in how to achieve great user experiences and community engagement from a library perspective, and interacting with the tech world with that same mentality. The Coral Project is a group trying to do just that. Their seed funding comes from journalism originally, but their lessons apply all over the place. If you’re curious I suggest signing up for their low-volume newsletter or reading along on their blog.

This weekend they had a conference. I usually look forward to all day weekend conferences the same way you’d look forward to a complicated dental appointment but this was a GREAT event: well managed; well-attended, well documented. I don’t want to go over anything you could read elsewhere but I’ll point you to the important bits.

And then, doing my librarian thing, I extracted URLs and Twitter handles from the notes and organized them. You can follow links to things you might be interested in here. Corrections welcome.

Coral & Conference Ppl

Coral: https://twitter.com/coralproject
Andrew Losowsy https://twitter.com/losowsky
Matt Carroll  https://twitter.com/mattatmit (local organizer)
Sydette Harry: https://twitter.com/blackamazon
Greg Barber https://twitter.com/gjbarb
Anika Gupta: https://twitter.com/DigitalAnika (local organizer)
(more staff at this URL)

Lightning talks

Panel

Post-Lunch Panel

Second Lightning Talks

Collected URLS

my world of work and money 2016 edition

Posted on by jessamyn

I did a similar post about this on my personal blog in 2010. For someone who says “I am a librarian” I think it’s useful sometimes to discuss how and when I get paid and by whom. I know people are curious, they often ask. The work news in my life is that I’m upping my hours at the Internet Archive so that I’m now officially half-time. I am pleased about this and I hope it lasts. Since my father died I’ve had a buffer of cash available to me (and my sister) as a back-up which means I’ve been able to do a few “riskier” things that weren’t necessarily lucrative but were otherwise fulfilling. Working at the Archive and Open Library was one of these. Doing some consulting was another. My income covers my bills which, through sheer luck, doesn’t include student loans and, through some attention on my end, doesn’t include any consumer debt. Here’s a chart.

pie chart of the amount of $ I've made writing, consulting, librarianing

The interesting thing to me is how many governments I got paid by. The W-2 money is basically three governments (two different checks from my town, for working at the school and the library, one from my state for teaching at the tech college) plus the Internet Archive. The 1099 money is mostly consulting and talks. I got paid by two state library associations, one state library (twice) and one city library system. The consulting was for two town libraries, a high school and one private company. My writing gigs included royalties for both of my books ($128 total), one lucrative article for the Mozilla Foundation, my column for Computers in Libraries and a lot of crazy start-up money from Medium who laid off nearly their entire slate of writers for The Message and replaced us with younger cheaper writers. It was good while it lasted. I made some random money AirBnBing out my house and doing one Justice of the Peace gig.

All in all it was a mid five-figures year that did slightly better than paying for itself which is my nominal goal.