William Denton wtd@pobox.com wrote:
On 4 October 2017, Scott Bennett wrote:
Let me give an example. I have for at least ten years asked my localpublic library to provide a) a secure shell client, b) a secure web browser for ordinary use where anonymity is not a concern, c) a secure FTP client, and d) the TBB for use by those who desire anonymity. They have always refused to budge. They run an unsecurable OS on their public computers. They provide only Internet Explorer for web access. I'm unsure whether they still allow any FTP access at all. As you can imagine, they have severely limited the usefulness of their computers to the library patrons they claim to serve. I could not, for example, submit my on-line application to renew my flight instructor certificate via the library's computers.
* I missed a beat here. The procedure for renewing a flight instructor certificate on-line includes an FAA requirement to "digitally sign" the web- based application for renewal. The procedure is a farce that bears no resemblance to what the security community understands to be a digital signature. That also means that the FAA may *not* be in compliance with the federal government's own standard
http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf)
The fact that the FAA's system is not in compliance with the above referenced federal standard means that the FAA may possibly be in violation of the Computer Security Act of 1987 and/or the Information Technology Reform Act of 1996. But it was recommended to me by [identity withheld] that I *not* contact the FAA to point out this problem to them in hopes of getting them to correct it because they *allegedly* might revoke my instructor certificate for not "properly" representing the FAA's view of things. IOW, representing the NIST's [correct] view of things could get me punished by the FAA. I stress here that I do not know whether that recommendation was accurate in its claim, but I think it clearly illuminates the climate of fear and distrust that exists toward all levels of government in the USA these days. If simply posting this here gets my CFI revoked, I will (attempt to) let you know. (Actually, I'm not terribly worried, but I have to admit to the possibility.)
They have refused to let me speak with those making the decisions aboutwhat is provided on their public computers, much less to make an organized presentation to them. I was told that the decisions about software on the computers are made by the library board, not even by the IT staff. What is a good approach to get better results?
I fear there is nothing you can do. If they're like that, it's not going to change until there's a new chief librarian or head of library IT. Public libraries can be terrible for problems like this. When the right person is in the right job, they can move fast and experiment, but that's rare. When a library thinks offering only IE is the right thing to do, Tor must terrify them.
I was afraid that would be the response a presumably honest, IT-aware librarian might give, but I didn't know until now. Sigh. Thanks for the clear answer. :-( FWIW, my guess is that the board is way too clueless to be terrified, but rather that they simply are so hostile to any change, especially when proposed by someone not a library employee, that they simply cannot permit it, regardless of any other considerations. That's, again, only my guess, but I'm somewhat attached to it by experience. :->
But if you can't speak to the public library board there's a problem much bigger than what they run on their computers! That is just not right. Public
My thoughts exactly.
libraries have to be responsible to their public. Could your city councillor
This is Illinois. "Governmental bodies" and "responsible to their public" are incompatible sentencemates here. Please try your luck again. (Hint: land (,re}development deals are often viewed favorably.) This is the state that requires budgets to be balanced, but where lack of *any* budget for nearly three fiscal years was not considered a breach of the state constitution.
help? The local newspaper?
My city councilcritter has generally been unreceptive to my suggestions on all issues I have ever discussed with him. The local newspaper was bought up long ago by one of the media oligarchs. It is marginally useful for local news only, but not at all worth its price. Most people don't bother with it, so even if the handful of local reporting staff and editor were agreeable, it would likely matter not a whit. Much there has changed unrecognizably since the days before it was bought out.
Good luck! It's a shame your local library is ignoring someone with your expertise.
Thanks, Bill. Perhaps talking these things up with local social activists with more energy than I have these days might be worthwhile. This *is* a university town, after all. :-} I'll have to look into that angle a bit more, I guess. My apologies to the list for straying so radically far off topic. To those offended by my cynicism, I recommend you wise up on your own initiative lest you learn the hard way. Okay. I'll shut up.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************