[Koha-devel] Social Engineering, was: How to gather better popularity data?

G. Laws glawson at rhcl.org
Fri May 27 01:12:00 CEST 2011 

Rather against my better judgment, I offer the following observations:

1. Under the State of Missouri (USA) sunshine laws, the public has a
right of access to just about every non-personnel record we have. That
would include all expenditures of public funds for things like our ILS
and contracts we have with our support vendors, and thus there is a
public right to know this information. While you might argue that not
publicizing this information on the Internet would offer some minor
obstacles to a bot herder in Moscow, any member of the public here could
get the information and post it publicly, and they probably have.

2. We are required by our board of directors to do monthly written
reports of all significant activity, which would obviously include
mentioning Koha by name and issues relating to our support team,
whenever that was a news-worthy item (at time of purchase, etc). Those
board reports are also publicly available.

3. Viewing the page source of our OPAC and several belonging to NEKLS
shows the ILS name right in the page source. Certainly the word Koha
could be removed from the HTML source, but I'll bet there are a number
of general Koha OPAC characteristics that would typify Koha, and surely
many experienced people could look at an OPAC web page, or a search
results page, and immediately identify the ILS. I can some of the time
for Koha and Sirsi. It would require a lot of bleach to sanitize the
code sufficiently to hide the underlying ILS. The same applies to an
.odt file or an image that hasn't had the metadata scrubbed from it.

I don't believe that there is any meaningful way to obscure the ILS from
an experienced person looking for that information.  Our library is
quite happy to let everyone know we are running a world-class ILS, and
pleased to have a hash mark recorded for us on the ILS list.

Greg

-- 

Greg Lawson
Rolling Hills Consolidated Library
1912 N. Belt Highway
St. Joseph, MO 64506

-----------------------------------




On 05/26/2011 03:42 PM, Breeding, Marshall wrote:
> I'm not sure I want to keep this thread alive, but here goes.
>
> If you believe that being listed in a directory or wiki of any sort is dangerous, then you are relying on security through obscurity, with is no real security at all.  
>
> I believe that libraries have vital interests in having users find them on the Web.  I can think of nothing more damaging to libraries than insisting that they obscure their Web presence by restricting the pathways that lead users to their Web sites and catalogs.  It is also in the interest of persons who work in libraries to know the automation systems used by their peers so that they can make well-informed decisions regarding technology strategies.
>
> An anonymous Popularity Contest daemon such as used in Debian would not necessarily provide data that would help libraries considering or running Koha to find peer sites for comparison.  It would also not be a reliable indicator of number of libraries that actually use Koha.  If it's optional, then the numbers would be under-reported.  It would also include the large number of Koha instances that are used for development and evaluation in addition to those that actually run in production in libraries.  It would also not include the libraries that use Koha within a restricted intranet, or in local networks that have not access to the Internet, which is common in the developing world.  Such a technical approach is helpful with an OS where you want to measure overall deployment; it's different for automation software where you care more about what libraries use it in production.  (This is in response to the IRC comment that I should have compared lib-web-cats to popcon and not t
>  he wiki.)
>
> I've put in thousands of hours of work on lib-web-cats since it was initially created in 1995 and launched on the Web in 1977.  The views of one individual should not undermine this project.  It's not helpful to try to convince libraries that they should isolate themselves on the Web.  That, to me, contradicts the spirit of engagement that is vital to the mission of libraries today.  And that is my key interest.  
>
> So I'm pretty agnostic when it comes to open source vs. proprietary or any given library automation product.  I think that libraries have an interest in the success of all the competing models, products, and projects.  Open source ILS products such as Koha provide important alternatives for libraries, and have influenced proprietary systems to be more open.  I know that the philosophy of open source prevails on this list, and I know that my views and projects don't meet all the litmus tests.  But that does not mean that I don't have the same respect for this approach as any other.  I have been involved in open source projects, such as OLE.  I get a sense from the discussions on IRC that at least some think I'm against the project in some way, which is not the case.  
>
> It's interesting that I'm criticized by those involved with proprietary systems as being slanted toward the open source products, and that the open source advocates see me as favoring proprietary products and companies.  
>
> In the end, I think it's all about finding ways to help libraries, which I think is the value we all share.
>
> -marshall
>
> -----Original Message-----
> From: koha-devel-bounces at lists.koha-community.org [mailto:koha-devel-bounces at lists.koha-community.org] On Behalf Of MJ Ray
> Sent: Thursday, May 26, 2011 1:45 PM
> To: koha-devel at lists.koha-community.org
> Subject: Re: [Koha-devel] Social Engineering, was: How to gather better popularity data?
>
> Breeding, Marshall wrote:
>> A most interesting response.  So being listed in the lib-web-cats 
>> directory is damaging to a library?  And being listed in Koha 
>> community's own wiki would not be? [...]
> Being listed *with provider details* in lib-web-cats increases the security risk to a library.  The same is true of the wiki, so I suggested an optionally-anonymous popcon-style system which would not necessarily carry that risk.
>
> It would also provide better information about our effects than the subset who accept the increased risk of lib-web-cats.
>
> Going by discussions on IRC, it seems that many public libraries feel that freedom of information is more important than this security measure.  Also, the US in general has a much weaker approach to privacy than Europe (which I suspected and was part of why I destroyed my dollar credit card when I returned home!)
>
> [...]
>> It feels odd to be criticized for efforts that I believe provide 
>> benefits to the broader library community.  Including a disclaimer 
>> does not imply that the data are being used unethically.
> So what's the disclaimer there for?  I wondered if it was because a risk of damage from unethical use wasn't news to you.
>
> There are also the other problems of lib-web-cats we've discussed before like not being free software or open data, the product/supplier confusion and not showing which PTFS-supported libraries (if any) use Koha and which use the Liblime ILS which reportedly forked from Koha before 3.2.
>
> Anyway, I find it odd whenever library community resources have restrictions on commerce, freedom or openness.  Even odder when their promoters appear all hurt when social enterprises, libertarians or horizontalists suggest developing nicer alternatives.
>
> Hope that clarifies,
> --
> MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
> Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer.
> In My Opinion Only: see http://mjr.towers.org.uk/email.html
> Available for hire for various work through http://www.software.coop/ _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
>

More information about the Koha-devel mailing list