A few of us are gearing up for Code4Lib 2009 in Providence, RI next week. Very fun. I am going to be at the OCLC Grid Services Boot Camp, to learn, take photos and I hope take a few videos as well. Promises to be a good time, given the list of attendees. Wish I could stay for the whole conference, but someone has to mind the store (as they say).
As a techhead warm-up and the start of a continuing series of somewhat random but helpful tidbits, I was chatting with one of the security officers at OCLC and he compiled a list of tips for surviving a network attack. I'll give these to you in bite-sized pieces.
Here's the first one:
Reduce the likelihood of an attack.
Like campers who tie their food up in trees to keep bears away, you’ll want to make sure you don’t have any enticing tidbits for Internet attackers.
Here are a few key findings to look out for:
* Unpatched systems: Attackers wanting an easy target will look for systems that are behind in updates.
* Open web proxies: Misconfigured proxies can attract a lot of traffic because they may allow remote users to get around firewall restrictions or to get unauthorized free access to resources.
* Cross-site scripting vulnerabilities: Cross-site scripting (XSS) is a type of web application vulnerability where an attacker can use your web pages to attack other users.
Stay a step ahead of the attackers and identify these and other weaknesses in your systems with a vulnerability scanner like Nessus. Nessus is a very powerful and potentially dangerous tool, so make sure that you have the proper authorization, that you have familiarized yourself with how it works, and that you choose your targets carefully.
I took part in a FLYP conference a couple of weeks ago and was amazed at how state funds had paid for artwork for the Florida Youth Program, but there were all sorts of limitations on what Florida libraries could do with that artwork even in promoting those programs.
This was commissioned artwork and would probably be considered akin to contractor or subcontractor reports, which can (unfortunately) be paid for by public money but maintain copyright.
Still: after about 45 minutes of talking about dos and don’ts in regard to this artwork I found myself wishing that all work done by or for the government, at all levels (including state, county, and city), were automatically in the public domain.
I had the great privilege to see Dale do the rudimentary talk at Access 2008 that led to this article. Very smart man.
[...] librarian.net » Blog Archive » why don’t librarians like to give their code away? "Dale Askey has written a great column on how libraries “share and fail to share open source software” and looks into some of the reasons that might be the case." (tags: libraries opensource code) [...]