the anatomy of a crash, part 1

In accordance with Finagle's corollary to Murphy's Law, the website broke the day our sysadmin went on a 2 week vacation on another continent. What's most surprising about this is how little it surprised me. First, what happened:

Our library website is using a very old installation of the Joomla content management system (1.5.7 I believe.) Our implementation, for whatever reason, is insecure. I know very little about Joomla or server security, other than to nod sagely and say, "could be an SQL injection attack" (much in the same way dudes will surround an open car hood, though they know nothing about fixing cars, and say, "it's probably the transmission.")

So last Friday, sometime around 11am, our website stopped being an actual website, and started being just a page that displayed the site title. Not so useful for users, I'd imagine. My first instinct is to look at the main index.php page to see if it's been replaced with a different one. I've dealt with this hack in the past, just the result of some asshole saying "LOOK WHAT I CAN DO!" You just delete the new index file they put in, and put yours back in.

When I checked our index file, it was present, not renamed, and all the content was accounted for. At the end of the file there was a php command that was trying to redirect the site to some .biz.tr website, so I took out that code and figured the problem was fixed. Nope, site was still b0rked. I went into all the sub-folders' index files, and found some malicious code in them too, so I decided to just replace all of them with clean backup versions. Still. B0rked. On to the config file. Everything looks fine there, but I replace it with a back up version anyway.

Also it was about this time I sent out an email to the staff that basically said YES I KNOW THE SITE IS DOWN YOU CAN ALL STOP CALLING ME ABOUT IT.

At this point I'm stumped, so I call the head of Media Services, who maintains the servers. He goes in to check which files were accessed at 11am that day. None. Uh, ok. He has me go into the database, to see if the content looks ok, and it does. It occurs to me that I'm able to get into the site from the admin panel, which is a subfolder in the site root, so it's not that the whole site directory is corrupt. Subpages of the actual site, however, are not loading.

We finally realize that this is not going to be an easy fix, so I put up a temporary webpage linking to common services, most of which are on different servers, so they're fine (catalog, database list, LibGuides, and Google forms.)

The head of Media Services then spent his weekend picking through all the myriad of folders on the server to find workable backups of pretty much all the pieces of the site (which, in a content management system, are many.) He then pieced the site back together, file by file. I honestly don't know the details of how he made this happen, because whenever I asked him about it, he sounded like he was going to cry or murder a baby panda, so I'm just gonna let that go. He obviously has some sort of PTSD, and I don't want to poke the painful memories of "the incident." He did mention something about finding out that the site was actually hacked in June, and was only taken down just now by a remotely-issued command that activated the previously-inserted code. Insidious bastards.

I did a Google search for the spam url I found in the main index page, and it's been injected into tons of insecure Joomla installs. I only mention this because people keep asking what kind of douchebag hacker makes it his life work to take down crappy college library websites. It was just a bot that looked for vulnerable targets. Nothing personal, my friends.

The good news is that I learned many lessons from this whole debacle, and have much to share with you along the lines of "how to make sure this doesn't happen to you because it's not fun." I'm going to put that in another post though, because I need to go pour myself a giant tumbler of whiskey right now. Stay tuned...

Crappy image maps messing with my mind

Please, for the life of Brian, give adequate thought to creating image maps (images that contain multiple links, mapped to different areas of the image.) While they can be useful, and even creative, they can also be confusing. (The one in the linked Wikipedia entry is a good example of a creatively-designed image map, that has some functional issues.)

In web design, you rely on certain conventions to indicate to the user what can be clicked on (ie-a link.) If you use an image as a link, users can see the image is click-able by mousing over it, and seeing if the pointer changes from an arrow to a hand. However, if you make an image into an image map, but divide the entire image into click-able sections, it can be hard to tell the different areas of the image link to different places. You can help alleviate this problem by restricting the click-able areas to distinct areas, separated by some non-click-able space, and also by using tool-tips or title tags to describe the link hidden in that part of the image.

My motivation for this post? My own damn library's website. Check out the header on this page: http://www.library.csi.cuny.edu. It took me a moment to realize that the entire header didn't link back to our website, but also contained a link to the school's website. After much clicking and confusion, I realized that the bottom part of that image not only contains a link to the *school's* website, but also the school *system.* Now, maybe you got that at first glance, but I honestly didn't, and I highly doubt I'm the only one to make that mistake. Part of the problem is that the site was created years ago, and as I mentioned in the Harvard Library website post, alt tags are no longer rendered as tool tips by all browsers (I'm using Chrome, and they don't show up when you hover over the links in it.)

I opened the page in Dreamweaver to be able to visualize where the links were mapped to (see below,) and I can honestly say that they tried to keep the links tight to the text, but I think that the bottom two links are just too close together for it to be quickly apparent to the user that they link to two separate places.

How would I have done it? I would have probably made the "CSI" part link to the school, and the rest would link to the library. I'd probably add the "City University of New York" as a regular text link, underneath the header image, or possibly just in the footer.

Just remember when creating image maps: unless the user hovers over various areas of the image to find the links/tool tips, there is no external indicator as to what part of the image links to what (ie-you can't tell just by looking at it.) You have to rely on visual cues and web design standards to cue the user in to the fact that the image contains a.) a link and/or b.) multiple links. They may not take the time to wave their cursor across the whole image to discover just how many links there are, and what they link to.*

*Some cues that there are multiple links are:

• Scrolling over the image and noticing that the entire image is not click-able. Many developers will not bother creating an image map to insert a single link in an image, unless they have a good reason to; they'll just make the entire image the link.
• Patterns... If it's a picture of the solar system, and the first two planets are links, the user will guess that the rest of the planets are too. Same thing with maps where more than one location is linked, or groups of people where more than one person is linked. (etc, etc...)
• Added visual cues such as numbers, letters, or symbols that indicate where the user might find a link. (Example: http://www.frankmanno.com/ideas/css-imagemap/#ex)

Social Media Snobbery (or, Twitter is a tool, but you don't have to be.)

(This article was cross-posted over at LISNews.)

If someone corrects me one more time when I say that I “twittered” something (“um, you mean you tweeted?”) I am going to scream. Really. Right at them. And is the term “social media” passé already? I un-followed the person who tweeted that about thirty seconds after I read that tweet. See, the thing is, I really love Twitter. I follow smart people, who have interesting discussions all day. It’s wonderful. And for the people in my life who say that it’s sad that I have to find those kinds of relationships online, I say: “well why can’t you be more interesting then? Why do you make me go outside our friendship to find satisfying, intellectual conversation? YOU forced me into this!” Ahem. Sorry. Anyway, my point… Ah, yes: Twitter is just a medium. It’s just another method of communication, and in the same way it drives me bonkers when people say it breeds stupidity and hysteria (more so than any other medium? Really? Cable news anyone?...) it also drives me crazy when people act like it’s an exclusive club. So if I don’t get the terminology right, or I don't use the right hashtag, or if I say I just use the Twitter website instead of the Twitter app du jour (Tweetdeck, Tweetie, Seesmic, take your choice...) I’m persona non grata?

Now, don’t get me wrong, there’s got to be rules, right? Seriously, if you only send updates telling me about your new blog posts, or trying to sell your services, or to post pictures of your cat (ok that last one I would probably forgive, and actually secretly enjoy) I will most likely not follow you. As with any community, online or not, it is wise to spend some time getting to know the culture and attempting to fit in to a certain degree. But if no one ever goes out on a limb, there will be no innovation, no growth in the community. We wouldn’t have retweets, or #followfriday, or any other cool uses for the services that weren’t imagined within the first weeks of its debut.

Do you remember when “web 2.0” was all the rage? And do you also remember how anyone who actually worked in any way with web 2.0 was no longer allowed to call it that lest they incur the derision of all their web-savvy colleagues? If you tell me that I can’t use “social media” anymore either, I’m running out of names to call what I do. Seriously, I’m about 5 minutes away from calling myself the “kewl stuff on teh intarwebz” librarian, and nobody wants that. Ok I’m lying, I want that, I totally do. But I can tell you right now that my boss isn’t going to go for it, so can we all chill out with the social media snobbery already? Maybe all the Twitter/Facebook/FriendFeed/whatever-haters will stop picking on us so much if we stop being so darn obnoxious to them… although probably not.

(For anyone not in the super-cool Twitter club already, here’s a cheat sheet to all the Twitter-related stuff mentioned here: http://www.webdesignerdepot.com/2009/03/the-ultimate-guide-for-everything-twitter/. Oh, and I’m val_forrestal on Twitter, and I promise not to make you feel stupid, even if you still call it “web 2.0”.)

I'd like to take a moment to whine about all your whining. Thank you.

I feel like much ado has been made lately about Twitter. I shouldn't even tell you that Twitter is a micro-blogging service, and instead imply that if you don't know what it is, you live under a rock and should be ashamed of yourself. But the truth is, if you don't know or care what micro-blogging is, I would much rather you didn't know about it, because then you couldn't possibly complain about its existence.

I've been using Twitter for awhile now (not sure about how long, but long enough to have posted 328 updates...) When I first learned about it, I didn't get it either. It seemed silly to me that I would want to post/read status updates all day. So, for awhile, because I thought it was stupid, I just didn't use it. Imagine that. And then at some point I gave it a try, and believe it or not, I managed to find some value in it. I subscribed to the updates of other librarians, and they posted links to interesting things: articles, videos, websites, etc... and that was cool. Plus it created a network of people in my field who could be tapped for impromptu surveys (who's using what technology and how successful has it been?) Sure, there's some lots of "getting my morning coffee"/banal chatter too, but you learn to filter out the noise after awhile.

Recently I also started up a Twitter account for my library (http://twitter.com/scwLibrary), and on there I (we) can subscribe to all sorts of science, technology and engineering people and organizations, so I get fed all kinds of great sources in that area. I can also use that account to broadcast (retweet) those links as well as interesting ones I've found myself. I can also use it as a quick way to post brief communications about the library (see: stapler crisis '09) that don't warrant a blog post or website announcement.

Right. So all I'm saying is that I have found some value in the service. I'm not an evangelist for it though (as I matter of fact I don't even recommend it to people unless I think it would serve a specific purpose for them) because I realize that to a lot of people it just doesn't make any sense. And that's fine. But I feel like the haters reeeeeeally enjoy hating on this one (check out this video, which, I have to admit is kind of funny, but also pretty insulting.)

Still, web 2.0, or whatever you crazy kids are calling it these days, is all about trying new things, and if you don't like them, or see a purpose for them, you don't have to use them. I just don't quite understand the culture of tearing down things we don't understand, or don't think we need. It's so damn hipster if you ask me... Anything mainstream is evil and stupid.

Still, I find Twitter to pretty much be what you make of it. If you and your friends use it as a way to just keep track of what you're all up to, then those "mundane" updates can actually be a way to get more insight into each other's lives, and to effortlessly "keep up" with each other (and also make the whole thing look kind of stupid if you're basing your opinion on the updates of people you don't know or care about.) If you use it in a more professional context, it's actually a wonderful way of communicating amongst colleagues and peers, and a great way to tap into a potentially extremely useful collective mind. (I also thought this was another interesting take on what's so cool about Twitter, found, fittingly, via a tweet from Connie Crosby.)

(UPDATE: I just wanted to add this link to a recent ReadWriteWeb post on Twitter, that elaborates on the potential of Twitter way better than I did here...)

(UPDATE 2: Ok, and here's another good link: The Ultimate Guide for Everything Twitter)

as a form of protest, i refuse to come up with a witty title for this post

ok, i feel like i should maybe weigh in on this whole Rutgers dropping 'library' from SCILS situation. i posted a comment on my friend mike's blog, and i guess if i'm gonna speak my mind there, i might as well post it here as well. since i am lazy and don't really feel like spending much time or effort stressing over the whole thing, i'm just going to copy and paste my comment. (and what an easy way to drop a post in, since i haven't written in awhile. heh.)

this whole debacle annoys me for two reasons:

1) isn't this whole name change thing taking up time and money (meetings, new letterhead, signage, etc) that could be better spent on just improving the school in general, including the library curriculum? i mean, really, all this effort just to remove the word "library" from your name? …and

2) how did they think that going to all that trouble to remove library from the name was not going to insult all of us libeerians? it's like they're distancing themselves from one of their largest constituencies (largest if you're talking about the grad school.) no matter what their reasoning is, that's going to be hurtful, and going to alienate us.

what i really wish is that instead of trying to distance ourselves from the word "librarian", we would redefine it as the tech-savvy, tech-centered, information-aggregating career it should and could be. we don't need to turn ourselves into "information professionals", we need to bring the field of librarianship into the future (and the now…) i know that's a bit off-topic, but i feel like we don't need to scrap the title, it's not completely a lost cause, we can still redeem ourselves! (maybe all we need is a good PR campaign?)

Ennui, setting in...

I know I don't post much here anymore (and I know that the "why I haven't been posting lately" post is one of the blogosphere's most popular refrains), but I'm truly uncertain as to why this poor blog is experiencing such a dry spell. It certainly isn't from a lack of ideas. I think of topics to blog on all the time. In fact, I often compose eloquent (read:verbose) posts in my head while on the way home from work, or while trying to fall asleep at night. There's certainly a lot to talk about in the world of information, and I do a ton of professional reading, but for some reason once I'm in front of a computer, all my inspiration just peters out.

It's true that I've been extremely busy at work, but that's really no excuse either, seeing as I seem to find the time to check Facebook, IM with my peeps and read about a hundred rss feeds a day...

Maybe it is the echo chamber that is the library and tech blogging worlds, making me feel like I just don't have anything unique to say, or maybe it's the frustration of constantly defending the continued existence of my profession making me feel like i don't have anything interesting to say, or maybe, just maybe (and this is probably the most likely excuse) I am simply just too lazy to try and make sense of the sad mish-mash of triage efforts that my job has become.

At some point you become very disillusioned with all the wonderful, helpful things you could be doing for your patrons, because you are too busy trying to be all things to all people. That is the sad life of an 'Information Services' librarian. I mean, what *are* information services anyway? Pretty much only everything that goes on in a library. Sometimes doing a little bit of everything is a great way to keep from getting bored with your career, and sometimes it is just a recipe for feeling like you are constantly trying to move forward in all directions at once, a feat not easily accomplished, and sure to leave you exhausted on a fairly consistent basis.

OK, now I'm just griping, I know. So I guess you should just be thankful for my lack of posting, shouldn't you? I'm sure you have better things to do than listen to me complain... like checking your Facebook.