[Koha-devel] Social Engineering, was: How to gather better popularity data?

Sat May 28 00:40:13 CEST 2011

Breeding, Marshall wrote:
> If you believe that being listed in a directory or wiki of any sort
> is dangerous, then you are relying on security through obscurity,
> with is no real security at all.

I'm not sure I can convey this any more clearly: I am not arguing
against all listing (although I believe it should be a matter of
choice), but I am arguing against listing details which can be used
for fraudulent authentication.  I even put that bit in bold in the
last email, so I'm surprised anyone's missing it still.  It feels
a bit like wilful misunderstanding for the sake of an argument.

Would someone like to try calling up libraries from lib-web-cats,
pretending to be from their provider and see if they can get a staff
login?  I'm hoping public-sector libraries will have some protocol
defence, as they should expect to work under freedom of information,
but there's plenty more in there.  I think library staff might be
better at choosing the right words to convince other library staff...

> I believe that libraries have vital interests in having users find
> them on the Web. [...]

I'm pretty sceptical that many users find libraries through
lib-web-cats.

> also in the interest of persons who work in libraries to know the
> automation systems used by their peers so that they can make
> well-informed decisions regarding technology strategies.

I'm not so sure about that (I've met peer-use requirements in
procurement and that's a barrier to innovation) but basically the more
information the more easily the better.  I really don't think
lib-web-cats is a viable alternative to a popcon, especially as it
currently stands.  It includes too much of some data and not enough of
others and the terms are non-FOSS.

> I've put in thousands of hours of work on lib-web-cats since it was
> initially created in 1995 and launched on the Web in 1977.  The
> views of one individual should not undermine this project.

(I'm assuming that's a typing error, rather than time travel. ;-) )
Not undermine, but maybe convince you to fix it.  So you've put in
thousands of hours: what's going to happen when you're no longer able
to?  Will it stagnate and die, like so many other web projects I've
seen since I started in 1994?  That'll be tragic.

> It's not helpful to try to convince libraries that they should
> isolate themselves on the Web.

Which isn't what I'm trying to do.  I'm saying don't expect
everyone to stand naked in the wrong neighbourhood.

> That, to me, contradicts the spirit of engagement that is vital to
> the mission of libraries today.  And that is my key interest.

I'm suggesting connecting more libraries to the project and yet I'm
against "the spirit of engagement" because I don't want it done
through lib-web-cats?  Wow.  Really.  Wow.

> [...]  I get a sense from the discussions on IRC that at least some
> think I'm against the project in some way, which is not the case.

So hopefully non-Koha libraries won't be listed as Koha, and Product
and Provider will be split in the near future. ;-)

After all, Koha's only had multiple providers for about a decade, so
it'd be nice to see FOSS ILSes fit in lib-web-cats properly, instead
of being shoehorned through proprietary ILS concepts.

Hope that explains,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha