Author Archives: Rick Neal

Prepared For Disaster

Each year, the Library’s Discovery, Technology and Publishing department participates in the Information Services disaster recovery exercise. We do this in order to prove that we can provide continuity in case some unfortunate incident occurs.

Right now you are probably thinking “Unfortunate incident? Continuity? Disaster recovery? What does all that mean, and why should I care?”

The disasters, I discuss here, focus on those disasters that could threaten our network infrastructure and so, for simplicity’s sake, I call them “technology disasters.” Such a disaster could affect all systems that communicate on the UR network. Everything from email and Banner to even being able to browse UR’s website. A technology disaster can be very serious and could occur as part of a larger disaster, affecting the whole school physically (a tornado or hurricane as examples), or could be totally unnoticed by the UR community at all until, of course, they try to do something on the network.

What does technology disaster mean?

We live, and work, in a connected world and those connections occur through servers, routers, cables, cell towers, and people being available to monitor and react to issues that occur. A technology disaster threatens those connections. Anything that can unexpectedly cause any of these resources to become unavailable can potentially be disastrous, depending on the amount of time involved to recover the connections. Student records, staff and faculty compensation, and online learning are examples of systems that could be affected by a technology disaster.

These disasters can occur in many different ways but they generally have similar end results in common regardless of the type of disaster. For whatever reasons they occur (natural, accidental or man-made), time is of the essence. The examples below assume long term issues:

Loss of power – Long term power outages.
Loss or failure of equipment – Due, for example, to a water pipe bursting and flooding a server room, a UPS failure or a fire destroying cables that are necessary for data to flow across campus.
Loss of location – Due to having to abandon a server area due to smoke, water or fire.
Loss of internet connectivity – Due to losing UR’s long term connection to the internet.
Loss of personnel availability – Due to UR staff not being physically available to be on campus.

What does continuity mean?

Continuity involves determining which systems provide essential University services and making sure those systems are back online as soon as possible. This essential service determination was made by Information Services managers in close discussions with other departments on campus. The library system is included among these essential services: students must interact with Library resources for class assignments, and faculty members rely on our services for their research and teaching.

What does the Library disaster recovery exercise involve?

The Library’s part in this exercise includes building our database and web server, and developing documentation in a disaster recovery environment. Later, when the disaster is declared, we repeat this process and fine tune our documentation. This time however, since the information services disaster recovery exercise focuses on a long term disaster as a worst case scenario, we recreate the Library’s server at a secure site in a different geographic region, outside the Richmond area thus mitigating the losses in the examples above in a matter of hours instead of days.  After the exercise we store the software and documentation off campus at a secure site.  In the event of an actual disaster, that software and documentation will then be transferred to the remote location and we will have our servers up again quickly.

October Is Scary… In More Ways Than One.

Each year I look forward to October because Halloween is my favorite holiday. I love to see the decorations, people in costumes and, of course, the scary Hayrides. October, however, has taken on a new significance since President Obama designated October as National Cyber Security Awareness Month.

It’s great to focus attention on cybercrime because the list of recent cyberattacks against big business goes on and on:

Anthem – Hackers were able to breach a database that contained as many as 80 million records of current and former customers, as well as employees.

Target – hackers stole credit and debit card records from more than 40 million Target customers, as well as personal information like email and mailing addresses from some 70 million people.

Staples – Hackers compromised the information of about 1.16 million credit cards.

Home Depot – About 56 million payment cards were probably compromised.

JPMorgan Chase – Account information of 83 million households and small businesses were compromised.

Community Health Systems – Information including names, birth dates, Social Security numbers and addresses — for 4.5 million patients had been compromised.

Doing the math, on just these few hacking instances, I count over 334 million records that have been stolen. Google says the population of the United States is 318.9 million. Do you shop at Target? If so, there is a 34% chance the hackers got you if you used plastic to pay for your purchase. If you used a Chase card to pay, that percentage increases still more.

It’s both disturbing and frustrating at the same time. How can I possibly protect myself against these unseen criminals who seem intent on stealing my personal information? It’s a good question and, thankfully, I found a lot of information online concerning becoming more security conscious.

The Department of Homeland Security maintains a website that leads the way in helping us become better educated about this issue, and it offers tips and resources targeted at specific groups. I chose to link the ones below that are most relevant to our University community. They address computer and mobile device security that we should all review from time to time:

Students K-8, 9-12, and Undergraduate
Parents and Educators
Young Professionals
Older Americans

I will include other helpful links at the end of this article that will also give you some ideas on how to better protect yourself. While companies need to become better able to manage their server security, there are a few things that we can do to keep from compromising our own security.

Here’s my top 10 list of things to do to keep from compromising yourself:

  1. Use strong passwords. Carefully choose a password in excess of 8 characters.  It helps to pick a phrase and then change a vowel or two to numbers.  For instance, I once used JustL3tM3In.  It was easy to remember because I could easily remember “Just Let Me In”.  It was secure because I included upper case, lower case, and numbers with 11 characters. Be creative and maybe even switch an ‘@’ for ‘a’ if your pass phrase has an ‘a’ in it.  Two more things about passwords, never allow your computer or mobile device to remember a password and never share your password.
  2. Keep your software up to date. This includes patches, antivirus, and security software for your mobile device as well as your computers.
  3. Time your posts. If you are into social networking, wait until you are back home to post pictures or information about your trip so that no one knows your home is unattended.
  4. Keep a close eye on your devices.  Never leave your mobile device or laptop unattended in a public place.
  5. Turn off remote connectivity. If you are not using Bluetooth, or wireless networking, turn them off on your mobile device.
  6. Always be cautious about what you receive or read online — if it sounds too good to be true, it probably is. Sometimes the very act of opening an email or visiting a website will allow your device to become compromised. If you get an email from someone you don’t know offering you a million dollars to help them do something or an email that looks like it is replying to an email that you sent, although you cannot remember sending an email to that person, it’s a good idea to delete it without opening it to read.
  7. Ignore pop-ups because they often contain malicious software. These pop-ups trick users into doing something the hacker needs them to do in order to attack them. For instance, if you click on something the pop-up offers, like an interesting survey or some “AMAZING” product information link, you could unintentionally help the hacker. If you see something that you are really interested in, open another browser window and do a Google search to see what people say about it before you simply click the link.
  8. Only use secure websites for online shopping and banking. Always make sure there is an https in the address bar. Most of the time there will only be an http (no S). HTTPS means it is a secure website. Never enter anything that you are concerned about (social security number, birthdates, credit card numbers, etc.) without seeing the https.
  9. Don’t store your card details on websites. Err on the side of caution when asked if you want to store your credit card details for future use.
  10. Different site, different passwords. Most online users own accounts in over a dozen sites. For instance, if a hacker guesses your Facebook password and you used that same password at a site like Amazon, then the hacker has your Amazon password and perhaps even your email password.

So Happy National Cyber Security Awareness Month! Follow these tips, and the others listed at links below, and you may very well ‘trick’ the hacker instead of ‘treating’ them… ( I couldn’t help myself, I love Halloween! )

Links:

Homeland Security: http://www.dhs.gov/national-cyber-security-awareness-month

University of California Santa Cruz: http://its.ucsc.edu/security/top10.html

U.S News & World Report: http://money.usnews.com/money/personal-finance/articles/2015/01/13/10-ways-to-keep-your-phone-safe

Open Source, Free Like A Puppy…

Scott McNealy, co-founder of Sun Microsystems, is famous for once having said that “Open source is free like a puppy is free” (Donoghue).  He is, of course, talking about the expenses necessary for taking care of the free puppy.Corgi

Open source is kind of like that.  It is free by definition.  Dictionary.com defines open source as “pertaining to, or denoting, software whose source code is available free of charge to the public to use, copy, modify, sublicense, or distribute”.  That said, open source is actually much more than just free.  Open source is, for the large part, community-supported by people who have technology issues a lot like yours.  A person may need an application for something so, in some cases, they create it, maintain it, add functionality, put it out there for you to freely use and answer questions to help you bring the application on line.  Using McNealy’s puppy example, it would be like the puppy buying itself, coming home to your house by itself, house breaking itself and learning to fetch your slippers, again… all by itself.  It’s really hard for me to see the bad thing in this but, believe it or not, there are some valid concerns.

Open source software development is flourishing and very much in use all over the world.  While proprietary software companies complain about open source, Forrester Research reports that 76% of developers have used open source technology at some level (Baldwin).  That means even companies that create or purchase ‘off the shelf’ software use free, open source software tools to build with – companies like Apple, the first major computer company to make open source development a key part of its ongoing software strategy, and Microsoft who initially went to war against open source development.

”Open source is an intellectual-property destroyer,” former Windows chief Jim Allchin famously quipped in 2001. “I can’t imagine something that could be worse than this for the software business and the intellectual-property business” (Cooper).

And who can forget that old timeless classic…

“Linux is a cancer that attaches itself in an intellectual property sense to everything it touches,” former Microsoft CEO Steve Ballmer told the Chicago Sun Times a few months later. “That’s the way that the license works” (Cooper).

Now, however, in May 2014, Microsoft finally made official its unofficial decision to incorporate some open-source code into its developer and programming languages. More recently, Microsoft put 22-year company veteran Mark Hill in charge of a global group to cultivate open-source developers to write applications that work with Azure, the Microsoft cloud service that competes against the likes of Rackspace, Google, and Amazon (Cooper).

As Microsoft eventually came to understand, there are a lot of benefits to using open source.  To name just a few:

1. Keeps costs down.
2. Improves quality because code problems are resolved quickly.
3. Delivers agility by speeding up the pace of software development and innovation which allows businesses to react quickly and thereby not be dependent on vendors schedules.
4. Mitigates business risk by reducing dependence on a single or multiple vendors.

We use a mix of proprietary and open source software in Discovery, Technology, and Publishing to administer the library servers and applications such as the library catalog, digital collections and various departmental work flows.  There are times when we would like to have functionality that we don’t currently have but that’s been true of the vendor supplied software as well as the open source software.  For that reason, I don’t really distinguish between the two types because I just kind of see them as each being a toolbox that I need to use to get the job done.  Open source plays a huge role in our success as a department.

But let’s not forget that the ‘free puppy’ criticism does also have some merit.  The first thing is training.  People are resistant to change and so they are not likely to explore using an open source alternative application instead of Windows or Apple for things like their desktop or MS Office needs.  Another issue is support.  Proprietary software vendors provide support for their products and, if you use open source, you may have to provide your own developer to get the functionality you desire. Lastly, some great open source software development simply ceases for whatever reason and you may be left with no one to provide patches or software updates, again possibly requiring the hiring of a developer to maintain your software.

While these are valid concerns, open source application usage is growing quickly all over the world, in all industries.  Technology costs a lot of money and the financial advantage to using open source software must outweigh the ‘free puppy’ concerns or companies would not be moving in that direction.

On a personal note, I use open source software daily and I will always look for a free open source application before I buy something because I generally just need something for a single use or for a short time.  I use applications like Notepad++ which is better than the notepad built into Windows, 7-Zip which allows me to zip and unzip files better than the one in Windows, VLC Media Player which is much better than Windows media player for manipulating various video formats and WinSCP for transferring files.  I also use various open source tools like MultiMon Taskbar which allows me to have a task bar on my second monitor.

If you’ve never installed open source software, here’s some sage advice.  Make sure you research what you want to install by looking for reviews of the application before you download and install it.  Read the installation instructions and make sure you understand what they want you to do.  Try to download it from the site that actually produced it and not a third party site.  This just makes certain you are getting a ‘clean’ copy and not a possibly modified copy of the application you want.  Finally, there are probably a lot of applications just like the one you’re looking for so if you install it and you don’t like it, don’t give up.  Just uninstall and go find another one.

So… How ’bout that free puppy now?

corgibottom

 

Donoghue, Andrew “Open Source ‘is free like a puppy is free’ says Sun boss.” ZDNet. CBS Interactive, June 8, 2005. Web July 22, 2014.  http://www.zdnet.com/open-source-is-free-like-a-puppy-is-free-says-sun-boss-3039202713/

Cooper, Charles “Dead and buried: Microsoft’s holy war on open-source software.” C|Net. CBS Interactive, June 1, 2014. Web July 22, 2014.  http://www.cnet.com/news/dead-and-buried-microsofts-holy-war-on-open-source-software/

Baldwin, Howard “4 reasons companies say yes to open source.” Computerworld. Computerworld, Inc., January 6, 2014. Web July 22, 2014 http://www.computerworld.com/s/article/9244898/4_reasons_companies_say_yes_to_open_source

Corgi puppy images from:  http://www.pinterest.com/lizzygrace96/oh-my-corgis/

Notepad++ : http://notepad-plus-plus.org/download/v6.6.7.html
7-Zip : http://www.7-zip.org/
VLC Media Player – http://www.videolan.org/vlc/index.html
WinSCP – http://winscp.net/eng/docs/introduction
MultiMon – http://www.mediachance.com/free/multimon.htm

The Inevitability of Cloud Services

When most of us hear the word ‘Cloud’ (at least in relation to technology) we tend to think of it as a storage place.  I had that impression because the devices that I have purchased over the past couple of years tout cloud storage. I even set up a free Drop Box area to use to move things between my iPad and my laptop.  While storage is certainly a useful Cloud service, there are other Cloud services that are changing the way organizations operate, as I learned when I recently attended an Amazon Web Services conference.

To understand Cloud services you need to know a little about Cloud computing.  I’ll ‘borrow’ Wikipedia’s description of Cloud computing  –  “The phrase commonly refers to network-based services, which appear to be provided by real server hardware, and are in fact served up by virtual hardware, simulated by software running on one or more real machines.  Such virtual servers do not physically exist and can therefore be moved around and scaled up (or down) on the fly without affecting the end user – arguably, rather like a cloud.” Continue reading