I’m aware that accessing someone’s conference planner is not the same level of hackery as stealing their credit cards or breaking into their email account. However, I would just like to say that having an event planner where the password is not only the same for every user (until it’s changed) but also printed right there on the web page, turns the whole idea of having a password or any sort of security into a big joke. How do we teach librarians what good technology looks like if this is how we make them interact with us? For the record, using just the ALA Staff list, I was able to log in to someone else’s event planner in under a minute. The vendors get their password in an email, not much better.
I went to this page from Nicole’s post (I’m not going to the conference) just to see if it was really true that the page claims it is “best viewed in IE” which is yet another “tech don’t” in the world of 2008 browsers so much so that it calls into question all the rest of the site.
I don’t belong to ALA anymore. I did my time, paid my dues, donated a lot of service time to the organization and tried to be gentle and patient as they steered a big organization through the minefield of technological change. The Event Planner has been an outsourced, broken and insecure tool since they started using it. I’d like to see ALA do better, but my optimism that this will happen is flagging.
