iNODE

Secret conclave of the CAA/Kryptonite Society

You might not spot it right away (around the blue sign to the right of center) but somebody set up an outreach Reference Desk in the middle of all that.

This is probably well known to Perl programmers who work with the language on a daily basis.  I seem to find myself doing PERL coding now about once every two months, but happened on this and thought I’d share it. 

When you pull down some Perl source from the web, invariably you’ll see that it depends on several different modules.  Here’s a quick way to find out if you have a particular module installed on your development system.  For example, suppose you have source that includes the Net::SMTP module, just enter this on a command line and you’ll see whether it’s already been installed:

$ perl -e “use Net::SMTP”;

If nothing prints, it is installed. 

If a module isn’t installed, the story’s different:

$ perl -e “use Net::StupidModule”;

Can’t locate Net/StupidModule.pm in @INC (@INC contains: /System/Library/Perl/5.8.6/darwin-thread-multi-2level /System/Library/Perl/5.8.6 /Library/Perl/5.8.6/darwin-thread-multi-2level /Library/Perl/5.8.6 /Library/Perl /Network/Library/Perl/5.8.6/darwin-thread-multi-2level /Network/Library/Perl/5.8.6 /Network/Library/Perl /System/Library/Perl/Extras/5.8.6/darwin-thread-multi-2level /System/Library/Perl/Extras/5.8.6 /Library/Perl/5.8.1 .) at -e line 1.
BEGIN failed–compilation aborted at -e line 1.

Last night I had the pleasure of speaking to the CUA (Catholic University of America) chapter of ASIST (American Society of Information Science and Technology) about the LOCKSS project. It was a different sort of audience for me (primarily CUA Library School students) and one I found I really enjoyed. Bright, earnest and really interested in learning something—which isn’t to say that I typically speak to disinterested dullards—but it was group that could move right to the theoretical, unburdened with the sort of day-to-day operational realities that bedevil those of us responsible for this sort of thing in the workplace.

Whether I managed to convey an understanding of LOCKSS is hard to judge. I did sense from the arc of the post-presentation Q&A that I made some progress in getting across the idea that LOCKSS is something today’s libraries do for tomorrow’s users, not something we derive much tangible benefit from today. I also tried to excite their inner-geek by spending some time on the subtleties and challenges of the LOCKSS protocol but quickly realized I wasn’t doing the topic justice and to really delve in would have meant a much different presentation. If you’re interested, here’s the paper (from 1996) that launched the idea that took shape as LOCKSS about 5 years later (thanks Microsoft):

http://research.microsoft.com/~lampson/58-consensus/WebPage.html

Anyway, I promised the group an online link to the presentation slides. Despite the fact that Keynote mangles some graphics during SWF export, I sent a link to the presentation as a Shockwave file (slow network warning—it is about a 30Mb download):

http://lso.gmu.edu/asist_lockss.swf

A faster-to-load version (static jpg’s) is also available.

I heard back from the engineers at Apple, and no, there’s no support for LDAP authentication within QuickTime Streaming Server (and they knew of no workaround). They did point out that NYU has had success implementing Shibboleth authentication using Darwin Streaming Server (the open source codebase of QTSS) but that’s not a lot of help today. There’s no Shibboleth infrastructure at Mason.

Our holy grail in all this is a single source video delivery operation, authenticating users across Virginia institutions based on their status at the “home” institution. Shibboleth would certainly solve the problematic second half of that requirement but implementing Shibboleth across higher education in Virginia (like glacial erosion) will take some time.
NYU’s experience is documented at this site:

http://dlib.nyu.edu/~ro15/shib

So if we’re to provide authenticated video streaming and take advantage of campus-based LDAP authentication, it’s looking more and more like Flash Streaming Server will somehow figure in our plans. I downloaded their free “developer” edition (Linux) but haven’t yet installed it. It limits you to 10 simultaneous streams and forbids production use but neither of those restrictions will interfere with testing the authentication piece.

A shoutout to the LazyWeb just in case there’s a QTSS/LDAP solution I’ve missed.

A few months ago we experienced a flurry of illegal use on a few of our library’s restricted resources. Tracing the IP numbers through the logs, I tracked the culprit(s) down to a network in mainland China. While I’m not in favor of Google and Yahoo censoring the internet for those users, I now find myself doing a bit of that in reverse.

Why? Do a google search for our proxy server’s name and among the many legitimate hits you’ll receive you’ll also find a few pages giving out information for illegally logging into our server. The pages are in Chinese—which reduces the number of people who might understand and make use of the information to merely one fourth of the people on this planet—but there it is. Here’s the text of one entry I found in a Chinese forum, from a reader who appears to be trying to grasp a few concepts from higher mathematics (you can blame Babelfish for this ridiculous translation):

“…I only the undergraduate course higher mathematics foundation, now wants further to study, wants to grasp some like artificial intelligence the and so on nerve network, svm method, but these to me said too abstrusely, these two days in looked a book, supports the vector machine introductory remarks and the statistical study theory essence, really is very difficult, inside involves some mathematics theories are very very many did not know, felt is unable to continue watching also without knowing where to begin starts. Who can give directs? You thought which mathematics foundation studies these aspects also to need? Can recommend the book which is connected?”

Another reader in the forum was quite helpful and offered a gift:

Gift: https://mutex.gmu.edu:2048/login *deleted*

The deleted portion contained specific details on credentials that could be used to log into our validation server. I spent some time trying to figure out a way to stop this theft. I first set a few parameters within EZproxy which can help to identify and then block inappropriate use (e.g., triggered by downloading hundreds of articles in a short amount of time). That worked, but as soon as I blocked one offending address, another appeared. I finally abandoned sophistication and picked up a blunt instrument. I added a line in ezproxy.cfg file which instructed the server to simply redirect any request that originated from a broad range of IP addresses—basically any address in the 221.xxx.xxx.xxx range (which covers nearly 15 million possible addresses):

E 221.0.0.0-221.225.255.255

The illegal usage stopped abruptly. I can still open our server to this Chinese network if the need arises but I will do so only after I have a specific (and verifiable) request. EZproxy quite reasonably expresses concern every time it launches (a sort of “did you really mean to do that?” message) but my Great Wall is holding.

WARNING: address range applies to 14811136 hosts: 221.0.0.0-221.225.255.255

Actually, I’m not blocking every address in China by any means. Here is a list of every network registered with apnic.net for country=cn:

http://www.apnic.net/apnic-bin/ipv4-by-country.pl?country=cn

Attended a very interesting meeting at James Madison University today as part of a special task force looking into the many technical issues surrounding the streaming of multimedia content. The Virtual Library of Virginia (VIVA) project is the organizational unit sponsoring the group and given their early adoption of these technologies, JMU was the logical site. I left with a shorter list of “next steps” than some of my more volunteer-prone colleagues but have already sent a note to several contacts at Apple asking about the feasibility of LDAP authentication for QuickTime Streaming Server (QTSS). Limiting access to these multimedia streams in some easily-maintainable way struck me as the greatest challenge we face. Of course, assuming we figure out a way to seamlessly link to the campus LDAP server for authentication doesn’t solve all the issues. Our local implementation of LDAP doesn’t appear to store a great deal of information about the status of an individual and other sites reported a similar lack of granularity. Might be a student or perhaps just a contractor. Clearly, a good bit of infrastructure work remains to be done in this area.

As an aside, one of our participants pointed out that it’s ironic that universities seem to be locking down network access at about the same pace that organizations like airports and hotels are busily opening it up.

Since within the Library Systems Office we already have three XServe servers and a couple of XServe RAID arrays, I’m hoping we can fashion a QuickTime-based solution and jumpstart our efforts at Mason. I’ll be focusing my energies on that piece of the overall effort. Over the next few months the group will identify (and I hope sort out) issues like encoding options, workflows, authentication, pooling of efforts and coordination of activities. Today’s meeting was a very promising start and I have high expectations for the group’s productivity.

Spent the past few days in Savannah attending the Spring 2006 ASERL meeting (standing in for our University Librarian who was unable to attend). This was a ‘back to the future’ sort of trip for me–I lived in Savannah for a couple of years in the early 1980’s. My apartment was on Monterey Square and I still remember the night when my neighbor (Jim Williams) made modern Savannah famous. Little seems to have changed but one new thing I saw should be mentioned–the Telfair Museum has opened a new building. Designed by architect Moshe Safdie it brings a really impressive new exhibition space to Savannah.

Another item I want to point out is a new article by Dan Cohen which appears in this month’s D-Lib magazine. Dan is (once again) doing some very interesting work applying new technologies to the task of historical research. His article on data mining and digital collections is really interesting reading. I want to add a personal note of congratulations to Dan for creating an article in D-Lib that doesn’t contain a single incomprehensible chart!

http://www.dlib.org/dlib/march06/cohen/03cohen.html