The 7 Things I Know About Cyber Security After 25 Years | April 2024
Implementing Open Source
1. Implementing Open Source
Nicole C. Engard
Vice President of Education, ByWater Solutions
Author, The Accidental Systems Librarian 2d &
Practical Open Source Software for Libraries
tasl.web2learning.net & opensource.web2learning.net
nengard@bywatersolutions.com
Sunday, June 9, 13
2. Disclaimers
• I work for a company that supports Koha
• I am the documenta6on manager for Koha
• My bias is simple: I personally want all libraries to
use and support any and all open source and want
you to choose what’s right for you and your library!
Sunday, June 9, 13
4. What isn’t Open Source?
• “Isn’t that insecure?”
• “I don’t want to share my data!”
• “How can it be any good if it’s free?”
• “We don’t have the staff to handle
open source.”
Common Open Source FUD (Fear, Uncertainty & Doubt)
Comic: Author: Unknown | Year: Unknown | Source: Unknown
Sunday, June 9, 13
5. What is Open Source?
Open source soHware is soHware that users have the ability to
run, distribute, study and modify for any purpose.
Open source is a collabora6ve soHware-‐development
method that harnesses the power of peer review and
transparency of process to develop code that is freely
accessible.1
Open source draws on an ecosystem of thousands of
developers and customers all over the world to drive
innova6on.2
1,2 h<p://connect.educause.edu/display/47941
Sunday, June 9, 13
6. The Cathedral
(proprietary so1ware)
• Development occurs
behind walls
• Source code is
usually not provided
-‐ kept locked up
• Corporate hierarchy
The Bazaar
(open source so1ware)
•Code developed over
the Internet with
several others in
public view
•Source code open to
all users
•“Given enough
eyeballs, all bugs are
shallow”
h<p://www.catb.org/~esr/wriIngs
/cathedral-‐bazaar/cathedral-‐bazaar/
The Cathedral & The Bazaar
Sunday, June 9, 13
7. Open Source Governance
What kind of quality control is there?
•Most open source projects have a release manager or a manager of some sort
who reviews the code and approves it before adding it to the final release
What is the role of the community?
•The community looks out for the best interests of the soSware. They work as
the governing body behind all decisions related to the soSware. The
community decides what features to develop next and who the managers are.
Sunday, June 9, 13
8. Open Source Community
•Open source is about more than free soHware
•Community is crucial to the growth of open source
•Without shared knowledge and collabora6on the project will not
grow
•“Cri6quing the community is a right reserved for those who have
proved themselves by making valuable contribu6ons”1
•People who use open source can collaborate and contribute in many
ways with the community
1. Tapscott, Don, and Anthony D. Williams. “Embracing open source culture and
strategy.” In Wikinomics: How mass collaboration changes everything, 82-83.
Expanded Edition. New York, NY: Penguin USA, 2008. www.wikinomics.com/book/.
•Write code
•Write documenta6on
•Debug
•Educate others
Sunday, June 9, 13
9. “Crowdsourcing has it genesis in the open source movement in
soHware. The development of the Linux opera6ng system proved that
a community of like-‐minded peers was capable of crea6ng a beVer
product than a corporate behemoth like MicrosoH. Open source
revealed a fundamental truth about humans that had gone largely
unno6ced un6l the connec6vely of the Internet brought it into high
relief: labor can oHen be organized more efficiently in the context of
a community than it can in the context of the corpora6on. The best
person to do a job is the one who most wants to do that job; and the
best people to evaluate their performance are their friends and peers
who, by the way, will enthusias6cally pitch in to improve the final
product, simply for the sheer pleasure of helping one another and
crea6ng something beau6ful from which they all will benefit.”
Howe, J. (2008). Crowdsourcing:Why the power of the crowd is driving
the future of business. NewYork: Crown Business. p.8
Open Source Crowdsourcing
Sunday, June 9, 13
10. Believing in Openness
If you don't know why you do what you do then how will you ever
get people to be loyal and want to be a part of what you do?
The goal is not just to sell to people what you have, it's to sell
people on what you believe -‐ the goal is not to hire people who
want a job it's to hire people who believe what you believe. If you
hire people just because they can do a job they will work for your
money -‐ if you hire people who believe what you believe they
work for you with blood and sweat and tears.
Simon Sinek: How great leaders inspire ac6on
hVp://www.ted.com/talks/simon_sinek_
how_great_leaders_inspire_ac6on.html
Sunday, June 9, 13
11. Open Source is Easy!
“The hard drive on one of our reference desk PCs died today. I threw in a new one, but I
didn't feel like spending the day si^ng through Windows updates, so I loaded Ubuntu 11.04
on it instead. The install, as I'm sure you know, only took about 15 minutes. Now, before I
add my next point, keep in mind that I manage a staff whose average age is about 63. No
joke. Most of them have been working at my facility longer than I've been alive. S6ll, once I
had Ubuntu up and running, they were literally figh6ng over who got to use the new
opera6ng system. They loved it that much.
Now I agree, Linux kicks buV. I use it about 80% of the 6me. Typing to you on Mint right
now! However, I never expected novice users to take to it so quickly. Please, next 6me you
do an open source webinar, impress on your aVendees that libraries aren't sacrificing a thing
by switching over to open source soHware. If anything, open source opera6ng systems and
applica6ons can be far more user friendly for the novice user than Windows will ever be...”
-‐-‐ Mark at the The Rahway Public Library
Sunday, June 9, 13
12. Who’s Using Open Source?
•Government Agencies
•All Kinds of Businesses
•Schools (K-‐colleges)
•Librarians
Sunday, June 9, 13
14. • In 2010 a survey of 300 large organiza6ons in both the private and public
sector found:
• 50% are fully commiVed to open source in their business
• 28% say they are experimen6ng with open source and keeping an open
mind to using it
• 38% expec6ng to migrate mission-‐cri6cal soHware to open source in next
12 months
• The cost was no longer viewed as the key benefit, instead:
• 76% cited quality as a key benefit of open source
• 70% cited improved reliability
• 69% said beVer security/bug fixing
h<p://newsroom.accenture.com/
arIcle_display.cfm?arIcle_id=5045
Open Source in Business
Sunday, June 9, 13
15. Total Ac6ve Sites: 6/2000 to 7/2012
h<p://news.netcraS.com/archives/2012/07/03/july-‐2012-‐web-‐server-‐survey.html
Open Source On the Web
Sunday, June 9, 13
16. •Reliability through Peer Review
•Freedom to Innovate
•No Vendor Lock-‐in
•User-‐centric Development
•Collabora6ve Environment
•Zero License Fees
Why so Popular?
Sunday, June 9, 13
18. Libraries and Open Source Both...
• Believe that informaIon should be freely accessible to everyone
• Give away stuff
• Benefit from the generosity of others
• Are about communiIes
• Make the world a be<er place
-‐-‐ Horton, G. h<p://Inyurl.com/3jvumn
Open Source & Libraries
Sunday, June 9, 13
19. Libraries and Open Source make
the perfect pair
[Librarians] "are almost ethically
required to use and develop open
source soHware."
Crawford, R. S. h<p://www.lugod.org/
presentaIons/oss4lib.pdf
hVp://www.flickr.com/photos/cavort/
151687944/
Open Source & Libraries
Sunday, June 9, 13
20. • Is there support? Do I have to know
how to program?
• Do I have to skimp on features?
• Isn’t Open Source risky?
• Can I do it myself?
Common ques6ons libraries have:
Open Source & Libraries
Sunday, June 9, 13
21. •ByWater Solu6ons
•Equinox
•Catalyst
•YourLibrarySite
•And more!
Is there support? Do I have to know how to program?
•If you want to contribute
to the code -‐ Yes
•If not you can use:
•Support Providers
•Local Students
•Freelance Developers
Support for Open Source
Sunday, June 9, 13
22. • Open Source developers follow the
rule of “Release early and release
oHen”
• Users vote with their dollars and 6me
• Freedom to develop on your own
• Developers love their products
hVp://www.flickr.com/photos/programwitch/
2505184887/
Do I have to skimp
on features?
Sunday, June 9, 13
23. • Casey Coleman, chief informa6on officer for the
GSA (U.S. General Services Administra6on), said
in a speech ... that the GSA heavily relies on
open source to drive down costs, increase
flexibility of IT dollars, and reduce risk. ‘You get
much more transparency and interoperability,
and that reduces your risk,’ she said.
• h<p://news.cnet.com/
8301-‐13505_3-‐9921115-‐16.html
Isn’t Open Source Risky?
• US Department of Defense memo
encourages the use of open source with
many reasons “including cost advantages,
reduced risk of vendor lock-‐in, beVer
security, and increased flexibility. It says
that the posi6ve aspects of open source
soHware should be given considera6on
during procurement research.
• h<p://arstechnica.com/open-‐source/news/
2009/10/dod-‐military-‐needs-‐to-‐think-‐harder-‐
about-‐using-‐open-‐source.ars
Sunday, June 9, 13
24. For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known,
unpatched cri6cal flaws in pre-‐IE7 versions of the browser was publicly available on the Internet.
Likewise, there were at least 98 days last year in which no soHware fixes from MicrosoH were
available to fix IE flaws that criminals were ac6vely using to steal personal and financial data from
users.
In a total of ten cases last year, instruc6ons detailing how to leverage "cri6cal" vulnerabili6es in IE
were published online before MicrosoH had a patch to fix them.
In contrast, Internet Explorer's closest compe6tor in terms of market share -‐-‐ Mozilla's Firefox
browser -‐-‐ experienced a single period las6ng just nine days
last year in which exploit code for a serious security hole was posted
online before Mozilla shipped a patch to remedy the problem.
h<p://blog.washingtonpost.com/securityfix/2007/01/
internet_explorer_unsafe_for_2.html
Isn’t Open Source Risky?
Sunday, June 9, 13
25. Risk of Proprietary Software
• “Closed-‐source efforts oHen suffer from flaws
and problems which the original development
team never an6cipated. Lack of inspec6on of
the code by other programmers can mean that
inappropriate design constraints and other
errors might not be discovered un6l the code is
already in use.”
Pavlicek, Russell. Embracing
insanity : open source soSware
development. Indianapolis IN:
SAMS, 2000. p. 33.
Sunday, June 9, 13
26. Risk of Proprietary Software
• “In its 2011 Coverity Scan Open Source Integrity
Report, which was released on Thursday,
Coverity actually found that open source code
has fewer defects per thousand lines of code
than proprietary soHware code does.”
Noyes, Katherine. “Actually, Open Source Code Is Be<er:
Report.” PCWorld Business Center, February 23, 2012.
h<p://www.pcworld.com/businesscenter/arIcle/250543/
actually_open_source_code_is_be<er_report.html.
Sunday, June 9, 13
27. All soSware has risks, you need to evaluate open source the same way you do
proprietary systems.
Several Levels of Risk to consider:
• SoSware security issues
• Open source is just as secure if not more secure than proprietary systems
because of its transparency
• Evaluate open source soSware no differently than you do other soSware!
• Company mergers and acquisiIons
• Because you own the code to your system you are not Ied to one support
source and will never be leS without support
Software is Risky!
Sunday, June 9, 13
28. •Absolutely, with the right in-‐house skills
•Systems knowledge
•Linux server management
•Web programming
•Perl / PHP / MySQL
Can I do it Myself?
Sunday, June 9, 13
30. Finding Open
Source Software
• FOSS4Lib lists open source applica6ons for libraries
(including integrated library systems) along with
links to documenta6on and where to download the
soHware
• hVp://foss4lib.org
Sunday, June 9, 13
31. Open Source ILS
• Evergreen (h<p://open-‐ils.org)
• Desktop client + Web based OPAC
• Started by the Georgia Public Library System in 2006 to serve
as the shared system for the state
• Koha (h<p://koha-‐community.org)
• Web based staff client and OPAC
• Developed in 1999 by the Horowhenua Library Trust in New
Zealand to replace a system that was about to suffer from Y2K
Sunday, June 9, 13
32. Both have:
• Cataloging
• CirculaIon
• Patron Management
• AcquisiIons
• Serials
• ReporIng
Sunday, June 9, 13
33. Both are:
• Open source and freely available for
download and use
• Supported by mulIple companies
• Run by libraries who pay for support and/or
go it alone
Sunday, June 9, 13
35. Research!
• Librarians need to take their LIS skills and apply them to soHware
evalua6on
• Research the soHware:
• Search on Lib-‐Web-‐Cats to see who in your field/geographical
loca6on is using what and talk to them
• www.librarytechnology.org/libwebcats/
• Demo the soHware! Don’t just let a vendor show it to you -‐ actually
use it yourself
• Evergreen: bit.ly/evergreendemo
• Koha: koha-‐community.org/demo/
Sunday, June 9, 13
36. Compare
• Compare the soHware side by side
• Create your own features/pros & cons list -‐ do not
depend on those created by others (but don’t
discount documenta6on from both projects)
• Take in to considera6on your own preferences -‐ it’s
not all about features -‐ you have to live with this
soHware every day
Sunday, June 9, 13
37. Talk
• Talk to your trusted network
• Talk to others using the soHware
• Talk to strangers and friends alike on social networks
to see what they like/don’t like
• Talk to the community behind the soHware
Sunday, June 9, 13
39. Research!
• Bears repea6ng ... you need to do your research
• Talk to you network
• Talk to support companies
• Talk to your local systems staff
• Talk to those who have done it before (mailing
lists and IRC are great tools)
Sunday, June 9, 13
40. Paid Support
• No Vendor Lock In!
• Call in mul6ple support companies for each system
you’re considering -‐ just like if you were considering
a proprietary ILS
• Talk to your peers and use online research like the
annual percep6ons survey
• librarytechnology.org/percep6ons2012.pl
Sunday, June 9, 13
41. Paid Support
• Do they offer:
• Migra6on support / Full migra6on services
• Training (onsite or webinar)
• Phone, Email and/or chat support
• Development of new features if necessary/desired
Sunday, June 9, 13
42. Local Support
• Do you have an available server?
• Does your IT staff know how to handle the
necessary opera6ng system (Linux)?
• Do you have the infrastructure to maintain backups?
• Does your staff have the 6me to maintain the
system?
Sunday, June 9, 13
43. Local Support
• Can your librarians and systems folks handle the
migraIon?
• Will you need outside training?
• Does your IT staff (or insItuIon) have access to a
systems librarian?
• Are you going to want new features? Do you have
a developer on staff?
Sunday, June 9, 13
44. Local System
Requirements
• Both will need:
• A Linux server with Perl installed
• Evergreen uses PostgreSQL as the database
• Koha uses MySQL as the database
• Both will need several Perl Modules installed
Sunday, June 9, 13
47. Digital Library/Exhibits
• Omeka
• Professional-‐looking exhibit sites that showcase collecIons
• Dublin Core metadata structure
• MulIple themes
• Plug-‐ins for geolocaIon and bi-‐lingual sites
• Tagging / Blogging / RSS feeds
http://omeka.org
http://nycdigital.org
Sunday, June 9, 13
48. Research Assistant
• Zotero
• Firefox plugin or standalone
• Helps you collect, manage, & cite research resources
• Includes saved searches and tags
• Integra6on with MS Office & LibreOffice
• Can store of files and bibliography online as well
• Allows for shared collec6ons
http://zotero.org
Sunday, June 9, 13
49. Institutional Repository
• DSpace
• Store research papers and presentaIons for your
organizaIon
• Captures your data in text, video, audio and data
• Searchable
• Widely used in the academic world
http://dspace.org
Sunday, June 9, 13
50. Web Analytics
• PiWik
• Keep staIsIcs for your websites (an open source
alternaIve to Google AnalyIcs)
• Download and install on your own web server behind your
firewall
• Customizable interface
http://piwik.org
Sunday, June 9, 13
51. Surveys
• LimeSurvey
• Install on your own servers
• Free with no limits on number of surveys or responses
• MulI-‐Lingual Surveys in more than 50 languages
• CreaIon of a printable survey version
http://limesurvey.org
Sunday, June 9, 13
53. Additional Links
•Open Source Living
http://osliving.com
•OSS Watch, open source software advisory service:
http://www.oss-watch.ac.uk
•Open Source as Alternative
http://www.osalt.com
•Nicole’s Delicious bookmarks:
http://delicious.com/nengard/opensource
Sunday, June 9, 13
54. OSS & Libraries Links
• Open Source SoHware in Libraries
hVp://infomo6ons.com/musings/ossnlibraries/
• Open Source SoHware and Libraries Bibliography
zotero.org/groups/
freelibre_and_open_source_soHware_and_libraries_bibliography
•Prac6cal Open Source SoHware for Libraries
hVp://opensource.web2learning.net/blog
• Open Network Libraries
hVp://onl.org.nz
• FOSS4Lib
hVp://foss4lib.org
Sunday, June 9, 13
55. Open Source Blogs
• The Open Road
hVp://www.cnet.com/openroad/
• Open Ended from Ars Technica
hVp://arstechnica.com/open-‐source
• The H Open Source
hVp://www.h-‐online.com/open/
• ZDNet Open Source
hVp://blogs.zdnet.com/open-‐source
• New York Times -‐ Open
hVp://open.ny6mes.com
• OpenSource.com
hVp://opensource.com
• Open Source at Datama6on
itmanagement.earthweb.com/osrc/
Sunday, June 9, 13
56. Online Reading List
• Open Source: Narrowing the Divides between Educa6on, Business, and Community
hVp://connect.educause.edu/display/47941
• The concepts of Free SoHware & Open Standards: Introduc6on to Free SoHware
hVp://Hacademy.org/materials/fsm/1#1
• We Love Open Source SoHware. No, You Can’t Have Our Code
hVp://journal.code4lib.org/ar6cles/527
• Open Source SoHware Tools And Directories: Where To Find Them, How To Evaluate Them
hVp://www.masternewmedia.org/open-‐source-‐soHware-‐tools-‐and-‐directories-‐where-‐to-‐find-‐them-‐
how-‐to-‐evaluate-‐them/
• Open Source Security Bibliography
hVp://www.zotero.org/nengard/items/collec6on/QKWPIXK9
• Nicole’s Zotero Library
hVp://www.zotero.org/nengard/items/collec6on/1796131
Sunday, June 9, 13
57. Print Reading List
• Prac?cal Open Source SoAware in Libraries by Nicole C. Engard
• The Cathedral and the Bazaar: Musings on Linux and Open Source by an Accidental
Revolu?onary by Eric S. Raymond
• Embracing Insanity: Open Source SoAware Development by Russell Pavlicek
• The success of open source by Steve Weber
• The open source alterna?ve: Understanding risks and leveraging opportuni?es by
Heather J. Meeker
• Open Sources 2.0: The Con?nuing Evolu?on by Chris DiBona, Mark Stone, and Danese
Cooper
Sunday, June 9, 13
58. Thank You!
Nicole C. Engard
Vice President of Education, ByWater Solutions
Author, Practical Open Source Software for
Libraries
opensource.web2learning.net
nengard@bywatersolutions.com
Sunday, June 9, 13