W3C’s CSS Framework Review

Screen Shot 2016-05-10 at 3.19.41 PMI’m a longtime Bootstrap fan, but recently I cheated on my old framework. Now I’m all excited by the W3C’s new framework.

Like Bootstrap, the W3C’s framework comes with lots of nifty utilities and plug and play classes and UI features. Even if you have a good CMS, you’ll find many of their code libraries quite handy.

And if you’re CMS-deficient, this framework will save you time and headaches!

Why a Framework?

Frameworks are great for saving time. You don’t have to reinvent the wheel for standard UI chunks like navigation, image positioning, responsive design, etc.

All you need to do is reference the framework in your code and you can start calling the classes to make your site pop.

And this is really great since not all well-meaning web teams have an eye for good design. Most quality frameworks look really nice, and they get updated periodically to keep up with design trends.

And coming from this well-known standards body, you can also be assured that the W3C’s framework complies with all the nitty-gritty standards all websites should aspire to.

Things to Love

Some of the things I fell in love with include:

  • CSS-driven navigation menus. There’s really no good reason to rely on JavaScript for a responsive, interactive navigation menu. The W3C agrees.
  • Icon support. This framework allows you to choose from three popular icon sets to bring icons right into your interface.
  • Image support: Lots of great image styling including circular cropping, shadowing, etc.
  • Cards. Gotta love cards in your websites and this framework has some very nice looking card designs for you to use.
  • Built-in colors. Nuff sed.
  • Animations. There are plenty of other nice touches like buttons that lift off the screen, elements that drop into place and much more.

I give it a big thumbs up!

Check it out at the W3C.org.

 

 

Private Email to Foil the Snoops – ProtonMail Review

As we’ve been learning over the past few years, privacy has been getting the thousand cuts treatment. Everyone’s been in the act. Et tu Google? You betcha.

Fortunately, you can stop inadvertently BCC’ing Google, the NSA, the Chinese government, hackers, marketers and other creepers of your personal content. That’s thanks to some good people who actually live by the mantra to “Do No Evil” who have created ways for email users everywhere to keep their messages between them and their recipients.

Over the past week, I’ve been exploring one of these, ProtonMail.

The True Cost of Free Email

Most email services are profitable because they sell everything that you type and attach in your emails to marketing companies. Vast profiles about you are generated from this content. Think about it: what diseases you talk to your relatives about, your political and religious beliefs, who you spend your time with, even documents you attach from tax info to intimate photos. It’s all in there, and it’s all for sale.

You might immediately wonder why your email provider is collecting all this. It’s none of their business, right? Well, it is because you made it their business when you agreed to the terms of service. Even down to the attachments, by using services like Gmail and Yahoo! Mail, you are granting that company to access and sell the content to ad companies and beyond.

Now imagine that this database on you was to be hacked. Can’t happen? It has. The Chinese government hacked Gmail and has likely gleaned a ton of information on the world’s Gmail users. Most likely, they were interested in what their own citizens were writing, but if you ever wrote anything critical of China or work for a company with exposure to China, they might find that interesting too. Who knows!

The US Government has also hacked into Google (and just about every other Western tech firm) as well.

And if these entities can do it, so can criminals and the mischievous. So, again, why are we letting these firms put our information at risk in the first place?

Good news: you don’t have to anymore…

Private and Secure Email

Alternatives to Gmail and other market intelligence-based email services include:

HushMail and StartMail were early services that took your privacy seriously. Both promised not to ever sell your data, but their business model made up the difference by charging you for the pleasure of living privately and secure.

Tutanota and ProtonMail, on the other hand, are free. Both use similar end-to-end encryption techniques and are quite similar in most respects. When I weighed which one to go with, I ended up choosing ProtonMail, only because their servers are based in Switzerland, a country that has outlawed the seizure of private computer content.

My ProtonMail Experience

ProtonMail was created by developers working at the CERN lab in Switzerland who were inspired by Edward Snowden and who were shocked at how weak online security was becoming, thanks to very aggressive and dangerous actions by global intelligence services.

ProtonMail uses encryption that is unlocked locally, on your machine, so even if anyone broke into ProtonMail’s servers, they would need a few more years than the age of the Universe to decrypt your content. Translation: it’s pretty damn secure, despite claims that the NSA can decrypt encrypted data. They would still need a lot of time and effort to do so, so it’s unlikely they’ll go to such an effort unless you’re an active terrorist (or the leader of Germany).

Best of all, you can send securely encrypted emails even to people using Gmail or Hotmail. You do this by checking a box, creating a password and an optional password hint for the recipient. They then receive an email with a link to ProtonMail. By following that link, they are taken to a secure web page inside ProtonMail where they can read and reply to your message by using the password. Or, if it’s nothing you’re worried about sending, you can just send it as regular, unsecured email to your Gmail friends, in which case it works as normal…but can be gleaned for any info you might have carelessly included.

Here’s how ProtonMail pans out.

UI and Functionality

This is more than just a bare bones email service. ProtonMail comes with a secure Contacts manager, email search and many other features you would expect in a modern email service.

The UI is clean and very straightforward.

Probably the hardest thing about using ProtonMail is the encryption, but not because it’s complicated…it’s drop dead simple…but only because it adds a step to your email creation if you plan on sending encrypted emails to people on Gmail, for example. In this case, you just have to come up with a good password and hint that your friends can figure out. It can actually be a little hard to come up with something that isn’t as easily hacked as “The city we met in.”

The other complication is that you have two passwords. One is used to access your mailbox and the other is used to decrypt the messages. So you have to enter two of these. In my case, I use KeePass password manager, so I just create super crazy, long, gibberish-based passwords for both of these and store them in the manager. Then it’s just a copy and paste action that I need to do twice when I log in…slightly easier, in fact, than using the two-factor authentication I use with Google, compounded by my non-use of cookies.

The Mom Test

I tested the recipient experience with my Mom (very non-technical) and some friends (generally non-technical) to see if any of this would keep people from reading and replying to me. So far, ProtonMail only snagged my mom, because she didn’t think of using caps on a name I was using for the password.

My mom also didn’t understand that she had to reply from within the browser window. Some caveats here: I believe she still thinks of email as something that she has to do in AOL.

My friends fared much better with no reports of trouble. So overall, I’d say there is a small learning curve for some recipients.

The Private Future

The hope here is that most people will gravitate over to ProtonMail or services like them, so that everyone’s on the same, private page. As I mentioned above, there are some extra steps with using ProtonMail with non-ProtonMail recipients. But if you’re communicating with friends that also use ProtonMail, the encryption is already there and you can relax…so obviously, I hope you all join ProtonMail.

Three Emerging Digital Platforms for 2015

‘Twas a world of limited options for digital libraries just a few short years back. Nowadays, however, the options are many more and the features and functionalities are truly groundbreaking.

Before I dive into some of the latest whizzbang technologies that have caught my eye, let me lay out the platforms we currently use and why we use them.

  • Digital Commons for our institutional repository. This is a simple yet powerful hosted repository service. It has customizable workflows built into it for managing and publishing online journals, conferences, e-books, media galleries and much more. And, I’d emphasize the “service” aspect. Included in the subscription comes notable SEO power, robust publishing tools, reporting, stellar customer service and, of course, you don’t have to worry about the technical upkeep of the platform.
  • CONTENTdm for our digital collections. There was a time that OCLC’s digital collections platform appeared to be on a development trajectory that would take out of the clunky mire it was in say in 2010. They’ve made strides, but this has not kept up.
  • LUNA for restricted image reserve services. You and your faculty can build collections in this system popular with museums and libraries alike. Your collection also sits within the LUNA Commons, which means users of LUNA can take advantage of collections outside their institutions.
  • Omeka.net for online exhibits and digital humanities projects. The limited cousin to the self-hosted Omeka, this version is an easy way to launch multiple sites for your campus without having to administer multiple installs. But it has a limited number of plugins and options, so your users will quickly grow out of it.

The Movers and Shakers of 2015

There are some very interesting developments out there and so here is a brief overview of a few of the three most ground-breaking, in my opinion.

PressForward

If you took Blog DNA and spliced it with Journal Publishing, you’d get a critter called PresForward: a WordPress plug-in that allows users to launch publications that approach publishing from a contemporary web publishing perspective.

There are a number of ways you can use PressForward but the most basic publishing model its intended for starts with treating other online publications (RSS feeds from individuals, organizations, other journals) as sources of submissions. Editors can add external content feeds to their submission feed, which bring that content into their PressForward queue for consideration. Editors can then go through all the content that is brought in automatically from outside and then decide to include it in their publication. And of course, locally produced content is also included if you’re so inclined.

Examples of PressForward include:

Islandora

Built on Fedora Commons with a Drupal front-end layer, Islandora is a truly remarkable platform that is growing in popularity at a good clip. A few years back, I worked with a local consortia examining various platforms and we looked at Islandora. At the time, there were no examples of the platform being put into use and it felt more like an interesting concept more than a tool we should recommend for our needs. Had we been looking at this today, I think it would have been our number one choice.

Part of the magic with Islandora is that it uses RDF triples to flatten your collections and items into a simple array of objects that can have unlimited relationships to each other. In other words, a single image can be associated with other objects that all relate as a single object (say a book of images) and that book object can be part of a collection of books object, or, in fact, be connected to multiple other collections. This is a technical way of saying that it’s hyper flexible and yet very simple.

And because Islandora is built on two widely used open source platforms, finding tech staff to help manage it is easy.

But if you don’t have the staff to run a Fedora-Drupal server, Lyrasis now offers hosted options that are just as powerful. In fact, one subscription model they offer allows you to have complete access to the Drupal back end if customization and development are important to you, but you dont’ want to waste staff time on updates and monitoring/testing server performance.

Either way, this looks like a major player in this space and I expect it to continue to grow exponentially. That’s a good thing too, because some aspects of the platform are feeling a little “not ready for prime time.” The Newspaper solution pack, for example, while okay, is no where near as cool as what Veridian currently can do.

ArtStor’s SharedShelf

Rapid development has taken this digital image collection platform to a new level with promises of more to come. SharedShelf integrates the open web, including DPLA and Google Images, with their proprietary image database in novel ways that I think put LUNA on notice.

Like LUNA, SharedShelf allows institutions to build local collections that can contain copyrighted works to be used in classroom and research environments. But what sets it apart is that it allows users to also build beyond their institutions and push that content to the open web (or not depending on the rights to the images they are publishing).

SharedShelf also integrates with other ArtStor services such as their Curriculum Guides that allow faculty to create instructional narratives using all the resources available from ArtStor.

The management layer is pretty nice and works well with a host of schema.

And, oh, apparently audio and video support is on the way.

Private Google Search Alternatives

Google NSA skin using Stylish Browser PluginA few weeks back, I dropped Google search in favor of DuckDuckGo, an alternative search engine that does not log your searches. Today, I’m here to report on that experience and suggest two even better secure search tools: StartPage and Ixquick.

The probelm with DuckDuckGo

As I outlined in my initial blog post, DuckDuckGo falls down probably as a consequence of its emphasis on privacy. Whereas Google results are based on an array of personal variables that tie specific result sets to your social graph…a complex web of data points collected on you through your Chrome Browser, Android apps, browser cookies, location data, possibly even the contents of your documents and emails stored on Google’s servers (that’s a guess, but totally within the scope of reason). This is a considerable handicap for DuckDuckGo.

But moreover, Google’s algorithm remains superior to everything else out there.

The benefits of using DuckDuckGo, of course, are that you are far more anonymous, especially if you are searching in private browser mode, accessing the Internet through a VPN or Tor, etc.

Again, given the explosive revelations about aggressive NSA data collection and even of government programs that hack such social graphs, and the potential leaking of that data to even worse parties, many people may decide that, on balance, they are better off dealing with poor search precision rather than setting themselves up for a cataclysmic breach of their data.

I’m one such person, but to be quite honest, I was constantly turning back to Google because DuckDuckGo just wouldn’t get me what I knew was out there.

Fortunately, I found something better: StartPage and Ixquick.

Google but without all the evil

StartPage is a US version of the Dutch-based search engine Ixquick.

There are two important things to understand about StartPage and Ixquick:

  1. Like DuckDuckGo, StartPage and Ixquick are totally private. They don’t collect any data on you, don’t share any data with third parties and don’t use cookies. They also use HTTPS (and no Heartbleed vulnerabilities) for all transactions.
  2. Both StartPage and Ixquick use proxy services to query other search engines. In the case of Ixquick, they query multiple search engines and then return the results with the highest average rank. StartPage only queries Google, but via the proxy service, making your search private and free of the data mining intrigue that plagues the major search engines.

Still some shortcomings remain

But, like DuckDuckGo, neither Ixquick or StartPage are able to source your social graph, so they will never get results as closely tailored to you as Google. By design, they are not looking at your cookies or building their own database of you, so they won’t be able to guess your location or political views, and therefore, will never skew results around those variables. Then again, your results will be more broadly relevant and serendipitous, saving you from the personal echo-chamber that you may have found in Google.

Happily private

It’s been over a month since I switched from DuckDuckGo to StartPage and so far it’s been quite good. StartPage even has a passable image and video search. I almost never go to Google anymore. In fact, I’ve used a browser plugin called Stylish to re-skin Google’s search interface with the NSA logo just as a humorous reminder that every search is being collected by multiple parties.

For that matter, I’ve used the same plugin to re-skin StartPage since where they get high marks for privacy and search results, they’re interface design needs major work…but I’m just picky that way.

So, with my current setup, I’ve got StartPage as my default browser, set in my omnibar in Firefox. Works like a charm!

Back to Firefox – Update on Sync

This goes out to all you paraoid netizens out there, and if you’re not one, you should be…

As a follow-up to my last post on moving off Chrome and back to Firefox for privacy and security reasons, I wanted to document that I gave Firefox Sync a closer look.

Mozilla, the folks that develop Firefox, has a very detailed information page on Firefox Sync, but to sum up, this feature allows one to share add-ons, bookmarks, passwords, preferences, history and tabs across all your computers and other devices.

Firefox Sync PreferencesDouble-plus-good: you can decide what to sync and what not to. Because I’m trying to be extra careful with my data, I opted for syncing only my add-ons, bookmarks and preferences. One important note on syncing add-ons, this will install your add-ons across your devices, but not necessarily configure them, so you might have to do that part manually.

If you opt to sync your history, it will do so up to 60 days.

Reading over the security details of Firefox Sync, it seems like you’re in pretty good hands since sync uses an encryption key. I consider passwords and history going beyond my tolerance threshold, but these are likely pretty secure for most folks. My rule is to assume that hackers access my sync data: What can I live with leaking out to the public?

Add-ons? okay
Bookmarks? I guess so.
History? Not really
Passwords? Are you kidding?

When I set up sync, I also added Firefox as my default phone browser which I find no problems with yet and it’s nice to know that I’m surfing as privately on Android as on OSX.

A Technophiles Journey Off the Grid

Cookie Monster freaks out over cookies on his computer

Image by Surian Soosay

Okay, so it is likely impossible to actually “use” the Internet without it “using” you back. I get that. Terms of service get changed without clear explanation, cookies get saved, NSA snoops do what NSA snoops do. The whole business model of the Interwebs is set up to trade your info for access.

I’m under no illusions.

But, after the Great Target Hack and Edward Snowden’s revelations regarding the NSA (I think we were all waiting for these things to happen), I’m finding myself rethinking the trade offs I made concerning privacy and online anonymity for online convenience (and laziness).

There was a time, when I used to block cookies and obsess over terms of service agreements. Hell, I even used Tor from time to time.

But, after awhile, it just became easier to stop worrying and learn to accept a level of personally sanctioned data breach. But now with all the stories of identity theft, commercialization of your personal info and multi-governmental and corporate sweeps of such data…it’s time for a little reflection…and retreat.

So, I’ve decided to experiment with reducing my digital footprint and I’ll post updates from time to time on how’s it going, in addition to my occasional posts on library projects.

Among my experiments, I’m planning on moving out of Googlelandia as much as possible, starting with changing the default search in my browser and moving back to Firefox. I’ll cover the Firefox post next time, but for now, let’s look at life without Google Search.

Most people online probably don’t remember a world before Google and those that do, don’t want to remember. Needless to say, Google’s initial search algorithm was so good, that it rapidly conquered the search market to the point that Yahoo! handed over its search to Microsoft and the dozens of smaller search engines were quickly forgotten. Anyone remember Web Crawler? Exactly!

Screen Shot 2014-02-13 at 12.52.53 PMAside from Bing (hack!) and the Bing-lite Yahoo! search, there really aren’t many alternatives worth turning to when one needs anonymity. That is, except for DuckDuckGo, a search engine that uses secure HTTPS, does not use cookies by default and generally does not collect any data linked to you (see their privacy statement for more info).

And the search results are not that bad.

But they aren’t great.

Life on DuckDuckGo will be very reminiscent of the best old-school search tools from the pre-Google 90s. Gone will be the kinds of results that require an analysis of your personal search history, online social habits and analysis of your cookies. Often you’ll get exactly what you’re after, but just as often, you’ll get it a few results lower on the page, just below some commercial sites that are using keyword tricks to rise to the top.

For example, I’m thinking about what color scheme I want to go with for my new flat and used DuckDuckGo to find sites that could help me with that. So I did a search for something like: “paint interior design color tools.” The first result led to a 404 page. The second result was not too bad, a Benjamin Moore paint selecting tool for professional painters. Other results were somewhere between these two extremes, with many of them going to pages that were slightly relevant but failed in the “authoritative” category.

Google expends a lot of effort at weeding out, or drowning out, pages with low street cred, and you’ll probably hardly ever get to a 404 page thanks to their very busy and persistent robots. Something else that will be hard to find in Google is nothing. In Google, the dreaded “Sorry. No results were found” message would be an amazing and rare feat of your talents for obscurity. Not so in DuckDuckGo…these come up from time to time.

DuckDuckGo also lacks an image and video search functionality. For this, they provide a dropdown that lets you search via Google or Bing.

I’d also add, that I’m using DuckDuckGo in a Firefox omnibar plugin, so as I type, I get suggested hits. These are also not as accurate or relevant as the Google version, but I’ve also limited it by not preserving any search history in Firefox.

After a few days of trying this out, I do like DuckDuckGo enough to keep using it, but I have had several lapses of risky searches on Google. This is especially true for professional work, where Google knows my work interests quite well and serves up exactly what I need. But for general searches, DuckDuckGo is a good tradeoff for privacy wonks.

Stay tuned for more journeys off the grid including my return to Firefox and experiments with thumb drive applications…

Mouseflow Review

Mouseflow heat mapOMG, have you seen Mouseflow yet? It’s my new favorite analytics tool.

I have bragging rights to click analytics at my institution. After seeing Tabatha Farney’s presentation on click analytics at LITA a few years ago, the first thing I did was purchase a subscription to Crazy Egg and began using click analytics as a central part of my user analysis. After giving a presentation to the data managers group on my campus, many others, including our marketing department also got interested and now they’ve come back to me with a new tool: Mouseflow.

Mouseflow is basically a better mouse trap to Crazy Egg. It does all of the heat maps, scroll-maps and in-page analysis you get with Crazy Egg, but it adds on top of this recordings of actual mouse movement on your website(s). That’s right, as creepy as it sounds, you can place the code onto your web pages and then watch actual videos of users’ mouse pointers as they move across the screen, stumble over trouble areas and click through from page to page.

I ran this on our research guides for a day to test the tool. The result were dozens of recordings of actual user sessions on our research guides. It’s as if you’re sitting behind someone and watching their movement around your site. You get to see where they pause, where they click, how long it takes for them to decide where to go and even watch them try, fail and fail and then either succeed or give up. You can even tell by the movement of the user mouse (often) where they have stopped to read or where they are lost.

It’s fascinating. It’s powerful. It’s possibly a violation of privacy (more on that in a second).

On the back-end, Mouseflow lets you filter by IP range (good for filtering out your staff) and control several parameters to improve your data quality. And you have varying account levels so you can find one that fits your needs and budget. With a paid account, you can download your most telling videos.

It’s truly remarkable for analyzing your site architecture, designs, content. And you don’t need to recruit users for a formal study. But your IRB might still have some concerns as might any regulators or other privacy advocates who might be minding your store. So you’ll (and we’ll) have to do a little due diligence before we roll this out.

Still, Mouseflow does allow you to NOT capture IP information, adding another layer of anonymity to your data. So on the surface, it does seem to be something you could probably use without violating FERPA…except for one thing: I’ve heard it records what is typed into forms (visually), which was the primary reason our marketing was interested in Mouseflow. I didn’t see this as our research guides have displayed:none the internal search boxes in LibGuides. But this could definitely complicate the approval process.

So, check it out. The first 100 recordings are free!