Please see this article from The Wall Street Journal at http://online.wsj.com/news/articles/SB10001424052702304819004579489813056799076 for a description of the bug.
Check of ALA Onsite Services
We have checked all onsite services at ALA for this bug and found only one vulnerable service which was never exposed to the Internet. This server has been patched. This means no ALA member data or passwords have ever been at risk due to Heartbleed.
Check of Hosted Services
ALA hosted email (owa.ala.org), ALA Connect, and services on Dreamhost are not vulnerable.
Personal services that you use on the Internet:
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ has a pretty good list of affected sites and recommendations on when to change passwords.
Director, Information Technology & Telecommunication Services
After some discussion about ALA Connect on the ALA Council mailing list last month (here and here), I put together a report about Connect usage because just glancing at the site can leave the impression that it isn’t being used very much when in fact the numbers show the opposite. This PDF report is current as of January 16, 2014 (there’s also an accessible PDF version).
One thing in particular I want to note is that when someone posts something to a Connect group, the default setting is for it to be private so that only the group’s members can see it. This was done deliberately because many award juries, nominating committees, boards, and other groups that discuss confidential subjects needed to be sure their content was secure by default.
However, there’s a box on every piece of content that the author can check to make that post public so that anyone in the world can see it without even logging in to Connect. When someone views the Connect home page and isn’t logged in, they only see public content.
When someone is logged in and looks at the home page, they only see content from their groups. This person can’t see the content being posted privately to other groups, so looking at Connect groups you’re not a member of might not show anything new if nothing was explicitly made “public.” In fact, there might be quite a bit of activity going on but you just can’t see it. It’s the same as not being a member of an email list – as a non-member, you can’t see the posts to a private mailing list, but that doesn’t mean the subscribers aren’t using it.
That’s why I put this report together, to present a more general snapshot beyond just what an individual user can see by scanning the site. Look at the data and decide for yourself if people are using Connect or not and then please share your thoughts about how we can improve it to make it even better. We’ll be doing a survey later this spring to collect broad input, but jump in now if you have ideas.
Note that in the next few months, we’ll be implementing a Doodle-like module for scheduling meetings, adding 5,000 financial assistance grants/scholarships to the Opportunities Exchange, and implementing the new search engine that ala.org is using (Apache Solr). We’re also working on a way to email content in to a group so that you don’t have to visit the website to start a discussion.
In FY15, we’ll revamp MentorConnect, match users to groups they might want to join, and create a mobile app (for starters).
What else can we add or change to make Connect work well for you?
- Jenny Levine, ITTS (jlevine [at] ala.org)
We’ve updated our ALA Technology Roadmap project list.
This list represents:
This Roadmap currently projects out four years of work, but the timeframes are subject to change based on our decreased resources.
Director, Information Technology & Telecommunication Services
American Library Association
We are experiencing a fault on a redundant component of our internal switching fabric. All systems continue to function normally at this time, but we will need to restart the entire switch fabric to resolve the fault and restore full functionality. The outage window will be one hour, at 6pm on Tuesday, January 7. ALL internal systems will be affected, and MOST Internet-facing systems will be affected.
ALL INTERNAL SYSTEMS including file shares, Internet connectivity, GP, Prophix, etc.
Blogs and Wikis
All other systems that authenticate against IMIS
1. Financial System Problems (Sherri)
ITTS had to allocate more space for the financial system, at which point it started working again. We have reports of Prophix being slow and have an open ticket with them about it. [Ed.: This issue was resolved on December 19th and reports should be running much faster now.]
2. Solr (Louise)
Solr will launch this week [Ed.: It did go live on ala.org on December 19th). Louise did a demo to show what it looks like, including how the search results also display press releases and facets (ways to further narrow searches). “Suggestions” are still available as part of the results.
Due to the limited resources available in ITTS at this time, we can’t predict for sure when Solr will be rolled out to ALA Connect, making federated searches possible, but that’s part of the long range plan.
It’s very important to use style headings in your text for the facets and for weighting results. The setup process for each microsite is a manual one, so the rollout will occur in phases as we make the changes to each microsite so not everyone will see it at once. If users have any questions or comments, please send them to Louise so that we can tweak the settings for the best results.
3. iMIS Self-service Reports (Irene)
In order to empower staff, Irene has created several reports staff can run themselves on iMIS data (especially since ITTS is now down two people). You can find the reports in the Customers module under Generate Reports. These are the requests Irene gets the most often from staff (eg, all ALA membership statistics, membership statistics for my division, publication subscribers, members with a specific job title, etc.). When you export the data, you can put it directly into Excel. Irene and Pam are working on a training class for how to navigate the data.
4. Windows 7 Implementation (Sherri)
We need to finish this project by April because that’s when Microsoft stops supporting XP. We’re currently doing an inventory of all our applications to find out which ones work in Windows 7 and which ones will need upgrades. Note that ome old scanners, printers, and other hardware may not work with Windows 7. We’ll likely do the installation unit by unit in the evenings and on weekends, starting after Midwinter, but we need to finish all of the testing first.
5. iMIS 20 Upgrade (Sherri)
While reviewing ecommerce system proposals, it became clear that we need to upgrade to iMIS 20 first. The current plan is to do this upgrade by the end of February. Pam will offer training on the new version when it’s ready. The biggest difference is a structural change to the database, but many of the interface screens are similar or the same. We’ll be doing an automated rollout of the new software (using Zen).
6. Ecommerce Proposals (Sherri)
ITTS has been reviewing proposals and has narrowed them down to the top three. We plan to hold demos with the top vendors and internal stakeholder groups sometime around April. Noted that moving forward with implementing a new ecommerce system is dependent on the iMIS 20 upgrade being completed first.
7. Profile Editor Mockups (Louise)
Louise provided a progress update on the implementation of the CSI Profile Editor, a product that integrates with iMIS. The profile is the first step in account creation for new memberships and event registrants, and thus it is a crucial piece in the upcoming ecommerce implementation. The profile project objectives are to merge the data from the two existing profiles from ALA Connect and ala.org to make it possible for both members and non-members to view and update a single version of their profile from either location. The new profile is intended to make it easier for members to communicate their engagement with ALA as part of an online CV that shows ALA memberships, committee service, conference registrations, and ultimately continuing education and elearning. It also includes fields for members to tell us more about their education, work history, social media accounts and interests. The member profile is intentionally more elaborate than the non-member profile so it can be considered a member benefit, and the ability to showcase involvement in the profession will assist with member retention. Suggestions about how to incorporate profile update reminders into other messaging to members were provided by staff in attendance. (Thank you, Dan Kaplan and Ron Jankowski!)
8. ITTS Project Request Form (Sherri and Louise)
We have launched the ITTS Project Request Form as a place for staff to request the future allocation of ITTS resources. The form is at http://www.ala.org/support/res/projectrequest. (Day to day help requests should go into Track-It; this form is for grant funded or other types of projects that will require a significant investment of ITTS resources.) We review project requests at a weekly meeting and will return a response to you and to any others you specify on the form. You will need to log in with a staff ID at http://www.ala.org/support before you will be able to access the form. If you don’t have, or aren’t sure if you have a staff record in iMIS, put in a Track-It request and Pam Akins will get back to you.
9. New staff change form (Sherri and Louise)
Supervisory staff who are on-boarding or off-boarding personnel are reminded to use the Staff Change form at http://www.ala.org/support/staff-change to communicate with ITTS and other units that have relevant responsibilities. You will need to log in with a staff ID at http://www.ala.org/support before you will be able to access the form. Try to give us two weeks or as much notice as you possibly can. If you don’t have, or aren’t sure if you have, a staff record in iMIS, put in a Track-It request and Pam Akins will get back to you.
10. The next ITTS News meeting will be on March 11, 2014, at 2:00 pm.
The maintenance is complete on the website and all microsites. Everything is back up.
Today at 5pm CST, the website and microsites will be put into maintenance mode for a module update. The module update will fix a few bugs and is necessary to proceed with the SOLR search implementation. Blogs, wikis, Connect, and moodle will not be effected in any way. The outage is planned to last until 6:15PM CST.
WordPress blogs have been upgraded to 3.8. There were no outages and everything seems to be in place. Please log into your blogs and update any modules that may be out of date.
All sites and microsites have now been updated. They are out of maintenance mode and are once again live and working.
Today, December 12th, The site will be put into maintenance mode to roll out a mandatory security update to drupal. All sites will be put into maintenance mode at 5PM CST. I expect the outage to last until 5:45PM CST. All microsites will be affected. Blogs, wikis, moodle, and connect will not be affected by this outage.