{"id":259,"date":"2017-11-13T07:01:31","date_gmt":"2017-11-13T12:01:31","guid":{"rendered":"http:\/\/kwnpsa.ca\/?p=259"},"modified":"2017-11-15T05:20:06","modified_gmt":"2017-11-15T10:20:06","slug":"2017-11-document-storage","status":"publish","type":"post","link":"https:\/\/kwnpsa.ca\/index.php\/2017\/11\/13\/2017-11-document-storage\/","title":{"rendered":"2017-11 Document Storage"},"content":{"rendered":"<h3><strong>Location:<\/strong> <em>Queen Street Commons Cafe, 43 Queen Street South, Kitchener, Ontario <a class=\"external text\" href=\"https:\/\/osm.org\/go\/ZXnwTzPc--?m=\" rel=\"nofollow\">Map<\/a><\/em><br \/>\n<strong>Date:<\/strong> Monday, November 13, 2017<br \/>\n<strong>Time:<\/strong> 7:00-9:00PM<\/h3>\n<p>How do you store your documents? Where do you store them? What software creates your documents? What software stores it? What software retrieves it? What about document indexing and searching? How do you deal with non-textual documents? What document file format do you use? Is parchment and goose-quill still best?<\/p>\n<p>This month there&#8217;ll be a shooting match between the Well-Known Format SysAdmins and the OpenStandards SysAdmins. But it&#8217;ll be a polite shooting match at our round table discussion, with SysAdmins relating their own practices, learning new ones, and telling tall tales.<\/p>\n<p>&#8211;Bob Jonkman &amp; Marc Par\u00e9<\/p>\n<h4><span id=\"Future_Venues\" class=\"mw-headline\">Future Venues<\/span><\/h4>\n<ul>\n<li>Communitech has indicated we can no longer use the Jellybean Room on Mondays\n<ul>\n<li>but the room is available on Wednesdays\n<ul>\n<li>but it&#8217;s only available until 8:00pm<\/li>\n<li>do we want to switch meeting days?<\/li>\n<\/ul>\n<\/li>\n<li>Marc will check if there&#8217;s any availability on Mondays\n<ul>\n<li>but the cost will probably be higher ($15\/hr now)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Other possible venues:\n<ul>\n<li>Old school board building (Marc has contacts, will investigate)<\/li>\n<li><a class=\"external text\" href=\"https:\/\/regionofwaterloo.cioc.ca\/record\/CND1557\" rel=\"nofollow\">Downtown Community Centre<\/a> <a class=\"external text\" href=\"https:\/\/osm.org\/go\/ZXnwWjXA--?m=\" rel=\"nofollow\">Map<\/a>\n<ul>\n<li>but they require all KWNPSA attendees to purchase memberships at $15\/year<\/li>\n<li>Paul Nijjar investigated for KWLUG; it was deemed unsuitable for a non-profit group<\/li>\n<li>Bob&#8217;s notes indicate there are also meeting room fees, insurance costs, and participants under 18 years old are not allowed.<\/li>\n<\/ul>\n<\/li>\n<li><a class=\"external text\" href=\"https:\/\/www.descendantsbeer.com\/\" rel=\"nofollow\">Descendants Beer &amp; Beverage Co.<\/a> apparently has meeting facilities. Kirk will investigate. <a class=\"external text\" href=\"https:\/\/osm.org\/go\/ZXnwdGkY--?m=\" rel=\"nofollow\">Map<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h4><span id=\"Meeting_Notes\" class=\"mw-headline\">Meeting Notes<\/span><\/h4>\n<h5><span id=\"Cloud_Storage\" class=\"mw-headline\">Cloud Storage<\/span><\/h5>\n<ul>\n<li><a class=\"external text\" href=\"https:\/\/www.office.com\/\" rel=\"nofollow\">Microsoft Office 365<\/a>\n<ul>\n<li>Lots of KWNPSA members use Office 365<\/li>\n<li>Default installation moves documents to US servers<\/li>\n<li>Microsoft will move documents to Canadian servers on request\n<ul>\n<li>but this may take up to seven years<\/li>\n<\/ul>\n<\/li>\n<li>Microsoft OneDrive was automatically installed at one organization<\/li>\n<li>Business version of Skype can&#8217;t be turned off, once it&#8217;s installed!\n<ul>\n<li>It is difficult to use Business Skype with non-business instances of Skype<\/li>\n<li>But there is finally a good GNU\/Linux client for Skype, works with multiple video streams<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><a class=\"external text\" href=\"https:\/\/gsuite.google.com\/features\/\" rel=\"nofollow\">Google G Suite<\/a> (Google Docs)\n<ul>\n<li>Used by political organizations\n<ul>\n<li>This seems like a bad idea; want to keep political affiliations and activity away from prying eyes<\/li>\n<\/ul>\n<\/li>\n<li>Google Drive storage\n<ul>\n<li>Some SysAdmins have seen identical filenames in folders\n<ul>\n<li>Perhaps the User Interface hides extensions or filename suffixes<\/li>\n<\/ul>\n<\/li>\n<li>Maybe Google Drive uses links or pointers?\n<ul>\n<li>People move files, but they still exist in orginal locations<\/li>\n<li>Google Mail uses flat storage of all messages, tags on each message are displayed in UI as though it is a folder structure<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Cloud horror stories:\n<ul>\n<li>Company advertising genetic testing services stored data in the cloud\n<ul>\n<li>then sold people&#8217;s personal genetic data to a pharmaceutical or insurance company<\/li>\n<\/ul>\n<\/li>\n<li>Genealogy company acquired data stored &#8220;freely available&#8221; from individuals&#8217; web sites\n<ul>\n<li>Now sells this data, and it is not available to the original authors<\/li>\n<li>Suggestion: &#8220;Poison the well&#8221; by creating a &#8220;Fake Uncle Ralph&#8221; to prove authorship (see <a class=\"extiw\" title=\"wikipedia:Trap street\" href=\"http:\/\/en.wikipedia.org\/wiki\/Trap_street\">Wikipedia:Trap street<\/a>)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Security risks\n<ul>\n<li>Commercial cloud providers will hand over customer data to authorities\n<ul>\n<li>National Security Letters &#8212; Cloud providers may be compelled to keep this data access from their customers<\/li>\n<\/ul>\n<\/li>\n<li>Ensure you have a contract with a Service Level Agreement (SLA) that specifies where servers are stored (Canada? US?), how data is routed\n<ul>\n<li>Even if source and destination are both in Canada, traffic may still be routed through US and subject to snooping; Canadian data has no protection when routed through US<\/li>\n<\/ul>\n<\/li>\n<li>Technical means: <a class=\"extiw\" title=\"wikipedia:Source Routing\" href=\"http:\/\/en.wikipedia.org\/wiki\/Source_Routing\">Source Routing<\/a> can specify how a packet is sent through the network (Internet)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h5><span id=\"Encrypted_File_Storage\" class=\"mw-headline\">Encrypted File Storage<\/span><\/h5>\n<ul>\n<li>Use VPNs to keep remote sites within your own network<\/li>\n<li>Encrypted tunnels, eg. Secure Shell (<a class=\"extiw\" title=\"wikipedia:SSHFS\" href=\"http:\/\/en.wikipedia.org\/wiki\/SSHFS\">sshfs<\/a>)<\/li>\n<li>Encrypted file systems\n<ul>\n<li>eg. <a class=\"external text\" href=\"https:\/\/nextcloud.com\/\" rel=\"nofollow\">Nextcloud<\/a>, <a class=\"external text\" href=\"https:\/\/owncloud.org\/\" rel=\"nofollow\">ownCloud<\/a><\/li>\n<li>Must ensure that encrypted file system is not mounted on remote, unsecured server<\/li>\n<\/ul>\n<\/li>\n<li>Encrypted containers\n<ul>\n<li>eg. TrueCrypt (now obsolete, use <a class=\"external text\" href=\"https:\/\/www.veracrypt.fr\/en\/Home.html\" rel=\"nofollow\">VeraCrypt<\/a> instead)<\/li>\n<li>eg. <a class=\"external text\" href=\"https:\/\/www.ciphershed.org\/\" rel=\"nofollow\">CipherShed<\/a>\n<ul>\n<li>TrueCrypt, VeraCrypt, CipherShed are all cross-platform (Windows, MacOS, GNU\/Linux)<\/li>\n<\/ul>\n<\/li>\n<li>eg. <a class=\"extiw\" title=\"wikipedia:LUKS\" href=\"http:\/\/en.wikipedia.org\/wiki\/LUKS\">LUKS<\/a>\n<ul>\n<li>See <a class=\"external text\" href=\"http:\/\/bob.jonkman.ca\/blogs\/2017\/10\/09\/how-to-create-an-encrypted-drive-in-a-file-container\/\" rel=\"nofollow\">How To Create an Encrypted Drive in a File Container<\/a> by Bob Jonkman<\/li>\n<\/ul>\n<\/li>\n<li>eg. FreeOTFE (obsolete) or <a class=\"external text\" href=\"https:\/\/github.com\/t-d-k\/LibreCrypt\" rel=\"nofollow\">LibreCrypt<\/a> provides OTFE (On-The-Fly-Encryption) for Windows that&#8217;s LUKS compatible<\/li>\n<\/ul>\n<\/li>\n<li>For any corporate encryption, Additional Decryption Keys are needed\n<ul>\n<li>Any user-encrypted files or containers can be decrypted by the organization&#8217;s ADK; ensures data is not lost when user forgets password or leaves the organization<\/li>\n<\/ul>\n<\/li>\n<li>Office 365 encryption\n<ul>\n<li>The culture for Microsoft products is less concerned with encryption (poor adoption of encrypted technologies?)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Encrypted Backups?\n<ul>\n<li>For backups in the cloud, or on local storage<\/li>\n<li>Encrypted backups can become un-restorable with minor errors\n<ul>\n<li>Bob recommends making unencrypted backups, then saving them in an encrypted container; even better to keep unencrypted backups physically secure<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h5><span id=\"Sharing_Files\" class=\"mw-headline\">Sharing Files<\/span><\/h5>\n<ul>\n<li>File permissions\n<ul>\n<li>Staff doesn&#8217;t know how to use filesystem permissions, makes all files globally read\/writeable<\/li>\n<\/ul>\n<\/li>\n<li>Use a Document Management System to assign authorization to documents\n<ul>\n<li>Access control with a DMS can be more finely tuned<\/li>\n<li>DMS also provides benefits such as metadata and search\/indexing<\/li>\n<li>but it needs the skills of a librarian to properly catalogue documents<\/li>\n<li>and a DMS adds another layer of abstraction; more work for the SysAdmin, more to go wrong<\/li>\n<\/ul>\n<\/li>\n<li>Physical file systems (file cabinets, folders) were treated better by staff than digital file systems<\/li>\n<li>Using Roaming Profiles for shared file access\n<ul>\n<li>SysAdmin can force desktop computers to put &#8220;My Documents&#8221;, &#8220;My Pictures&#8221; &amp;c. on the server for shared and secure storage\n<ul>\n<li>Doesn&#8217;t work for Windows&#8217; &#8220;My Desktop&#8221;; that folder appears to have special privileges, but we don&#8217;t know how<\/li>\n<li>Can &#8220;My Desktop&#8221; or &#8220;My Documents&#8221; be made read-only to force staff to use server storage? Doubtful<\/li>\n<\/ul>\n<\/li>\n<li>Thin clients don&#8217;t store data locally<\/li>\n<li>Use the Browser Local Storage? (please, no)<\/li>\n<li>&#8220;Libraries&#8221; feature in Windows can combine several folders (from different sources) into one<\/li>\n<\/ul>\n<\/li>\n<li>Commercial applications for managing roaming profiles: Micro Focus ZENworks (formerly NAL, Novell Application Launcer); Intel LANdesk Manager, Computer Associates<\/li>\n<li>Staff gets easily confused with shared filesystems\n<ul>\n<li>Folder tree changes, filename and foldername changes<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h5><span id=\"Storing_Binary_Files\" class=\"mw-headline\">Storing Binary Files<\/span><\/h5>\n<ul>\n<li>Music Files, photos, video, CAD drawings, &amp;c.<\/li>\n<li>Using Google Drive is not efficient for binary files, better to keep on local (non-cloud) storage\n<ul>\n<li>Post-production for music can&#8217;t be done online<\/li>\n<\/ul>\n<\/li>\n<li>Cloud services need cloud-based client software to manage binary files\n<ul>\n<li>Google Docs does not have a good music client to manage music file for an orchestra<\/li>\n<li>But Google Docs has good photo apps<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h5><span id=\"USB_Sticks_or_Thumbdrives\" class=\"mw-headline\">USB Sticks or Thumbdrives<\/span><\/h5>\n<ul>\n<li>How to prevent the use of USB drives?\n<ul>\n<li>Physically hotglue the USB ports on organizations&#8217; computers<\/li>\n<li>Pop up a warning to the user when USB device is inserted<\/li>\n<li>Lock the computer when a USB device is inserted<\/li>\n<\/ul>\n<\/li>\n<li>Worried about &#8220;Parking Lot USBs&#8221; (USB drives found in the parking lot, may contain malicious payload)\n<ul>\n<li>Physical attacks through high-voltage discharges (see <a class=\"external free\" href=\"https:\/\/usbkill.com\/\" rel=\"nofollow\">https:\/\/usbkill.com\/<\/a> )<\/li>\n<li>The only protection against physical attacks is physical protection<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h4><span id=\"Future_Topics\" class=\"mw-headline\">Future Topics<\/span><\/h4>\n<ul>\n<li><a class=\"new\" title=\"Document Management (page does not exist)\" href=\"https:\/\/sobac.com\/mediawiki\/index.php?title=Document_Management&amp;action=edit&amp;redlink=1\">Document Management<\/a>: There are specialized software tools to manage your documents, provide version control, allow staff to checkout documents for exclusive access, and to provide indexing and search tools. What do you use?<\/li>\n<li><a class=\"new\" title=\"Encryption (page does not exist)\" href=\"https:\/\/sobac.com\/mediawiki\/index.php?title=Encryption&amp;action=edit&amp;redlink=1\">Encryption<\/a> How do encrypted file systems work? Demonstration\/Workshop on creating encrypted file containers.<\/li>\n<li>Microsoft Evening (do they still provide sponsorship? Marc will check with Eli)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Location: Queen Street Commons Cafe, 43 Queen Street South, Kitchener, Ontario Map Date: Monday, November 13, 2017 Time: 7:00-9:00PM How do you store your documents? Where do you store them? What software creates your documents? What software stores it? What &hellip; <a href=\"https:\/\/kwnpsa.ca\/index.php\/2017\/11\/13\/2017-11-document-storage\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50,14],"tags":[],"class_list":["post-259","post","type-post","status-publish","format-standard","hentry","category-document-storage","category-pastmeetings"],"_links":{"self":[{"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/posts\/259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/comments?post=259"}],"version-history":[{"count":4,"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/posts\/259\/revisions"}],"predecessor-version":[{"id":290,"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/posts\/259\/revisions\/290"}],"wp:attachment":[{"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/media?parent=259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/categories?post=259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/tags?post=259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}