2012 talks proposals
Deadline for talk submission is Sunday, November 20.
Prepared talks are 20 minutes (including setup and questions), and focus on one or more of the following areas:
* tools (some cool new software, software library or integration platform) * specs (how to get the most out of some protocols, or proposals for new ones) * challenges (one or more big problems we should collectively address)
The community will vote on proposals using the criteria of:
* usefulness * newness * geekiness * diversity of topics
Please follow the formatting guidelines:
== Talk Title: == * Speaker's name, affiliation, and email address * Second speaker's name, affiliation, email address, if second speaker Abstract of no more than 500 words.
Contents
VuFind 2.0: Why and How?
- Demian Katz, Villanova University, demian.katz@villanova.edu
A major new version of the VuFind discovery software is currently in development. While VuFind 1.x remains extremely popular, some of its components are beginning to show their age. VuFind 2.0 aims to retain all the strengths of the previous version of the software while making the architecture cleaner, more modern and more standards-based. This presentation will examine the motivation behind the update, preview some of the new features to look forward to, and discuss the challenges of creating a developer-friendly open source package in PHP.
Open Source Software Registry
- Peter Murray, LYRASIS, Peter.Murray@lyrasis.org
LYRASIS is creating and shepherding a registry of library open source software as part of its grant from the Mellon Foundation to support the adoption of open source software by libraries. The goal of the grant is to help libraries of all types determine if open source software is right for them, and what combination of software, hosting, training, and consulting works for their situation. The registry is intended to become a community exchange point and stimulant for growth of the library open source ecosystem by connecting libraries with projects, service providers, and events.
The first half of this session will demonstrate the registry functions and describe how projects and providers can get involved. The second half of the session will be a brainstorming suggestion of how to expand the functionality and usefulness of the registry.
Property Graphs And TinkerPop Applications in Digital Libraries
- Brian Tingle, California Digital Library, brian.tingle.cdlib.org@gmail.com
TinkerPop is an open source software development group focusing on technologies in the graph database space. This talk will provide a general introduction to the TinkerPop Graph Stack and the property graph model is uses. The introduction will include code examples and explanations of the property graph models used by the Social Networks in Archival Context project and show how the historical social graph is exposed as a JSON/REST API implemented by a TinkerPop rexster Kibble that contains the application's graph theory logic. Other graph database applications possible with TinkerPop such as RDF support, and citation analysis will also be discussed.
Security in Mind
- Erin Germ, United States Naval Academy, Nimitz Library, germ@usna.edu
I would like to talk about security of library software.
Over the Summer, I discovered a critical vulnerability in a vendor’s software that (verified) allowed me to assume any user’s identity for that site, (verified) switch to any user, and to (unverified, meaning I didn’t not perform this as I didn’t want to “hack” another library’s site) assume the role of any user for any other library who used this particular vendor's software.
Within a 3 hour period, I discovered a 2 vulnerabilities: 1) minor one allowing me to access any backups from any library site, and 2) a critical vulnerability. From start to finish, the examination, discovery in the vulnerability, and execution of a working exploit was done in less than 2 hours. The vulnerability was a result of poor cookie implementation. The exploit itself revolved around modifying the cookie, and then altering the browser’s permissions by assuming the role of another user.
I do not intend on stating which vendor it was, but I will show how I was able to perform this. If needed, I can do further research and “investigation” into other vendor's software to see what I can “find”.
If selected, I will contact the vendor to inform them that I will present about this at C4L2012. I do not intend on releasing the name of the vendor.
Search Engines and Libraries
- Greg Lindahl, blekko CTO, greg@blekko.com
blekko is a new web-scale search engine which enables end-users to create vertical search engines, through a feature called slashtags. Slashtags can contain as few as 1 or as many as tens of thousands of websites relevant to a narrow topic. This talk will cover examples of slashtag creation relevant to libraries, and show how to embed this search into a library website, either using javascript or via our API.
We have exhibited at a couple of library conferences, and have received a lot of interest. blekko is a free service.